# plugins/preauth/wpse
# plugins/preauth/cksum_body
# plugins/authdata/greet
-SUBDIRS=util include lib @krb524@ kdc kadmin @ldap_plugin_dir@ slave clients \
+SUBDIRS=util include lib kdc kadmin @ldap_plugin_dir@ slave clients \
plugins/kdb/db2 \
plugins/preauth/pkinit \
appl tests \
clients\kpasswd\Makefile clients\kvno\Makefile \
clients\kcpytkt\Makefile clients\kdeltkt\Makefile \
include\Makefile \
- krb524\Makefile \
lib\Makefile lib\crypto\Makefile \
lib\crypto\crc32\Makefile lib\crypto\des\Makefile \
lib\crypto\dk\Makefile lib\crypto\enc_provider\Makefile \
lib\crypto\sha1\Makefile lib\crypto\arcfour\Makefile \
lib\crypto\md4\Makefile lib\crypto\md5\Makefile \
lib\crypto\yarrow\Makefile lib\crypto\aes\Makefile \
- lib\des425\Makefile \
lib\gssapi\Makefile lib\gssapi\generic\Makefile \
lib\gssapi\krb5\Makefile lib\gssapi\mechglue\Makefile \
lib\gssapi\spnego\Makefile \
- lib\krb4\Makefile lib\krb5\Makefile \
+ lib\krb5\Makefile \
lib\krb5\asn.1\Makefile lib\krb5\ccache\Makefile \
lib\krb5\ccache\ccapi\Makefile \
lib\krb5\error_tables\Makefile \
##DOS## $(WCONFIG) config < $@.in > $@
##DOS##include\Makefile: include\Makefile.in $(MKFDEP)
##DOS## $(WCONFIG) config < $@.in > $@
-##DOS##krb524\Makefile: krb524\Makefile.in $(MKFDEP)
-##DOS## $(WCONFIG) config < $@.in > $@
##DOS##lib\Makefile: lib\Makefile.in $(MKFDEP)
##DOS## $(WCONFIG) config < $@.in > $@
##DOS##lib\crypto\Makefile: lib\crypto\Makefile.in $(MKFDEP)
##DOS## $(WCONFIG) config < $@.in > $@
##DOS##lib\crypto\raw\Makefile: lib\crypto\raw\Makefile.in $(MKFDEP)
##DOS## $(WCONFIG) config < $@.in > $@
-##DOS##lib\des425\Makefile: lib\des425\Makefile.in $(MKFDEP)
-##DOS## $(WCONFIG) config < $@.in > $@
##DOS##lib\gssapi\Makefile: lib\gssapi\Makefile.in $(MKFDEP)
##DOS## $(WCONFIG) config < $@.in > $@
##DOS##lib\gssapi\generic\Makefile: lib\gssapi\generic\Makefile.in $(MKFDEP)
##DOS## $(WCONFIG) config < $@.in > $@
##DOS##lib\gssapi\krb5\Makefile: lib\gssapi\krb5\Makefile.in $(MKFDEP)
##DOS## $(WCONFIG) config < $@.in > $@
-##DOS##lib\krb4\Makefile: lib\krb4\Makefile.in $(MKFDEP)
-##DOS## $(WCONFIG) config < $@.in > $@
##DOS##lib\krb5\Makefile: lib\krb5\Makefile.in $(MKFDEP)
##DOS## $(WCONFIG) config < $@.in > $@
##DOS##lib\krb5\asn.1\Makefile: lib\krb5\asn.1\Makefile.in $(MKFDEP)
clients/* clients/kdestroy/* clients/kinit/* clients/klist/* \
clients/kpasswd/* clients/kcpytkt/* clients/kdeltkt/* \
config/* include/* include/kerberosIV/* \
- include/krb5/* include/krb5/stock/* include/sys/* krb524/* lib/* \
+ include/krb5/* include/krb5/stock/* include/sys/* lib/* \
lib/crypto/* lib/crypto/crc32/* lib/crypto/des/* lib/crypto/dk/* \
lib/crypto/enc_provider/* lib/crypto/hash_provider/* \
lib/crypto/keyhash_provider/* lib/crypto/old/* lib/crypto/raw/* \
lib/crypto/sha1/* lib/crypto/arcfour/* lib/crypto/md4/* \
lib/crypto/md5/* lib/crypto/yarrow/* \
- lib/des425/* lib/gssapi/* lib/gssapi/generic/* lib/gssapi/krb5/* \
- lib/gssapi/mechglue/* lib/gssapi/spnego/* lib/krb4/* \
+ lib/gssapi/* lib/gssapi/generic/* lib/gssapi/krb5/* \
+ lib/gssapi/mechglue/* lib/gssapi/spnego/* \
lib/krb5/* lib/krb5/asn.1/* lib/krb5/krb/* \
lib/krb5/ccache/* lib/krb5/ccache/ccapi/* \
lib/krb5/error_tables/* \
$(INC)krb5_err.h $(ET)krb5_err.c \
$(INC)kv5m_err.h $(ET)kv5m_err.c \
$(INC)krb524_err.h $(ET)krb524_err.c \
- $(INC)/kerberosIV/kadm_err.h lib/krb4/kadm_err.c \
- $(INC)/kerberosIV/krb_err.h lib/krb4/krb_err.c \
$(PR)prof_err.h $(PR)prof_err.c \
$(GG)gssapi_err_generic.h $(GG)gssapi_err_generic.c \
- $(GK)gssapi_err_krb5.h $(GK)gssapi_err_krb5.c \
- lib/krb4/krb_err_txt.c
+ $(GK)gssapi_err_krb5.h $(GK)gssapi_err_krb5.c
HOUT = $(INC)krb5\krb5.h $(GG)gssapi.h $(PR)profile.h
$(AWK) -f $(AH) outfile=$@ $(ET)kv5m_err.et
$(INC)krb524_err.h: $(AH) $(ET)krb524_err.et
$(AWK) -f $(AH) outfile=$@ $(ET)krb524_err.et
-$(INC)/kerberosIV/kadm_err.h: $(AH) lib/krb4/kadm_err.et
- $(AWK) -f $(AH) outfile=$@ lib/krb4/kadm_err.et
-$(INC)/kerberosIV/krb_err.h: $(AH) lib/krb4/krb_err.et
- $(AWK) -f $(AH) outfile=$@ lib/krb4/krb_err.et
$(PR)prof_err.h: $(AH) $(PR)prof_err.et
$(AWK) -f $(AH) outfile=$@ $(PR)prof_err.et
$(GG)gssapi_err_generic.h: $(AH) $(GG)gssapi_err_generic.et
$(AWK) -f $(AC) outfile=$@ $(ET)kv5m_err.et
$(ET)krb524_err.c: $(AC) $(ET)krb524_err.et
$(AWK) -f $(AC) outfile=$@ $(ET)krb524_err.et
-lib/krb4/kadm_err.c: $(AC) lib/krb4/kadm_err.et
- $(AWK) -f $(AC) outfile=$@ lib/krb4/kadm_err.et
-lib/krb4/krb_err.c: $(AC) lib/krb4/krb_err.et
- $(AWK) -f $(AC) outfile=$@ lib/krb4/krb_err.et
$(PR)prof_err.c: $(AC) $(PR)prof_err.et
$(AWK) -f $(AC) outfile=$@ $(PR)prof_err.et
$(GG)gssapi_err_generic.c: $(AC) $(GG)gssapi_err_generic.et
$(CE)test2.c: $(AC) $(CE)test2.et
$(AWK) -f $(AC) outfile=$@ $(CE)test2.et
-lib/krb4/krb_err_txt.c: lib/krb4/krb_err.et
- $(AWK) -f lib/krb4/et_errtxt.awk outfile=$@ \
- lib/krb4/krb_err.et
-
KRBHDEP = $(INC)krb5\krb5.hin $(INC)krb5_err.h $(INC)kdb5_err.h \
$(INC)kv5m_err.h $(INC)krb524_err.h $(INC)asn1_err.h
$(CP) clients\kcpytkt\$(OUTPRE)kcpytkt.exe "$(KRB_INSTALL_DIR)\bin\."
$(CP) clients\kdeltkt\$(OUTPRE)kdeltkt.exe "$(KRB_INSTALL_DIR)\bin\."
$(CP) clients\kpasswd\$(OUTPRE)kpasswd.exe "$(KRB_INSTALL_DIR)\bin\."
- @if exist "$(KRB_INSTALL_DIR)\bin\krb4_32.dll" del "$(KRB_INSTALL_DIR)\bin\krb4_32.dll"
- @if exist "$(KRB_INSTALL_DIR)\lib\krb4_32.lib" del "$(KRB_INSTALL_DIR)\lib\krb4_32.lib"
install-unix::
$(INSTALL_SCRIPT) krb5-config \
if test -z "$LD" ; then LD=$CC; fi
AC_ARG_VAR(LD,[linker command [CC]])
AC_SUBST(LDFLAGS) dnl
-WITH_KRB4 dnl
KRB5_AC_CHOOSE_ET dnl
KRB5_AC_CHOOSE_SS dnl
KRB5_AC_CHOOSE_DB dnl
AC_DEFINE_UNQUOTED($ac_tr_file) $2], $3)dnl
done
])
-dnl
-dnl set $(KRB4) from --with-krb4=value -- WITH_KRB4
-dnl
-AC_DEFUN(WITH_KRB4,[
-AC_ARG_WITH([krb4],
-[ --without-krb4 omit Kerberos V4 backwards compatibility (default)
- --with-krb4 use V4 libraries included with V5
- --with-krb4=KRB4DIR use preinstalled V4 libraries],
-,
-withval=no
-)dnl
-if test $withval = no; then
- AC_MSG_NOTICE(no krb4 support)
- KRB4_LIB=
- KRB4_DEPLIB=
- KRB4_INCLUDES=
- KRB4_LIBPATH=
- KRB_ERR_H_DEP=
- krb5_cv_build_krb4_libs=no
- krb5_cv_krb4_libdir=
-else
- AC_DEFINE([KRB5_KRB4_COMPAT], 1, [Define this if building with krb4 compat])
- if test $withval = yes; then
- AC_MSG_NOTICE(enabling built in krb4 support)
- KRB4_DEPLIB='$(TOPLIBD)/libkrb4$(DEPLIBEXT)'
- KRB4_LIB=-lkrb4
- KRB4_INCLUDES='-I$(SRCTOP)/include/kerberosIV -I$(BUILDTOP)/include/kerberosIV'
- KRB4_LIBPATH=
- KRB_ERR_H_DEP='$(BUILDTOP)/include/kerberosIV/krb_err.h'
- krb5_cv_build_krb4_libs=yes
- krb5_cv_krb4_libdir=
- else
- AC_MSG_NOTICE(using preinstalled krb4 in $withval)
- KRB4_LIB="-lkrb"
-dnl DEPKRB4_LIB="$withval/lib/libkrb.a"
- KRB4_INCLUDES="-I$withval/include"
- KRB4_LIBPATH="-L$withval/lib"
- KRB_ERR_H_DEP=
- krb5_cv_build_krb4_libs=no
- krb5_cv_krb4_libdir="$withval/lib"
- fi
-fi
-AC_SUBST(KRB4_INCLUDES)
-AC_SUBST(KRB4_LIBPATH)
-AC_SUBST(KRB4_LIB)
-AC_SUBST(KRB4_DEPLIB)
-AC_SUBST(KRB_ERR_H_DEP)
-dnl We always compile the des425 library
-DES425_DEPLIB='$(TOPLIBD)/libdes425$(DEPLIBEXT)'
-DES425_LIB=-ldes425
-AC_SUBST(DES425_DEPLIB)
-AC_SUBST(DES425_LIB)
-])dnl
-dnl
-dnl
AC_DEFUN(KRB5_AC_CHECK_FOR_CFLAGS,[
AC_BEFORE([$0],[AC_PROG_CC])
AC_BEFORE([$0],[AC_PROG_CXX])
KDB5_DEPLIB = $(TOPLIBD)/libkdb5$(DEPLIBEXT)
GSSRPC_DEPLIB = $(TOPLIBD)/libgssrpc$(DEPLIBEXT)
GSS_DEPLIB = $(TOPLIBD)/libgssapi_krb5$(DEPLIBEXT)
-KRB4_DEPLIB = @KRB4_DEPLIB@ # $(TOPLIBD)/libkrb4$(DEPLIBEXT)
-DES425_DEPLIB = @DES425_DEPLIB@ # $(TOPLIBD)/libdes425$(DEPLIBEXT)
KRB5_DEPLIB = $(TOPLIBD)/libkrb5$(DEPLIBEXT)
CRYPTO_DEPLIB = $(TOPLIBD)/libk5crypto$(DEPLIBEXT)
COM_ERR_DEPLIB = $(COM_ERR_DEPLIB-@COM_ERR_VERSION@)
APPUTILS_DEPLIB = $(TOPLIBD)/libapputils.a
KRB5_BASE_DEPLIBS = $(KRB5_DEPLIB) $(CRYPTO_DEPLIB) $(COM_ERR_DEPLIB) $(SUPPORT_DEPLIB)
-KRB4COMPAT_DEPLIBS = $(KRB4_DEPLIB) $(DES425_DEPLIB) $(KRB5_BASE_DEPLIBS)
KDB5_DEPLIBS = $(KDB5_DEPLIB)
GSS_DEPLIBS = $(GSS_DEPLIB)
GSSRPC_DEPLIBS = $(GSSRPC_DEPLIB) $(GSS_DEPLIBS)
SS_DEPS-sys =
SS_DEPS-k5 = $(BUILDTOP)/include/ss/ss.h $(BUILDTOP)/include/ss/ss_err.h
-# Header file dependencies that might depend on whether krb4 support
-# is compiled.
-
-KRB_ERR_H_DEP = @KRB_ERR_H_DEP@
-
# LIBS gets substituted in... e.g. -lnsl -lsocket
# GEN_LIB is -lgen if needed for regexp
GSS_KRB5_LIB = -lgssapi_krb5
SUPPORT_LIB = -l$(SUPPORT_LIBNAME)
-# KRB4_LIB is -lkrb4 if building --with-krb4
-# needs fixing if ever used on Mac OS X!
-KRB4_LIB = @KRB4_LIB@
-
-# DES425_LIB is -ldes425 if building --with-krb4
-# needs fixing if ever used on Mac OS X!
-DES425_LIB = @DES425_LIB@
-
# HESIOD_LIBS is -lhesiod...
HESIOD_LIBS = @HESIOD_LIBS@
KRB5_BASE_LIBS = $(KRB5_LIB) $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(GEN_LIB) $(LIBS) $(DL_LIB)
-KRB4COMPAT_LIBS = $(KRB4_LIB) $(DES425_LIB) $(KRB5_BASE_LIBS)
KDB5_LIBS = $(KDB5_LIB) $(GSSRPC_LIBS)
GSS_LIBS = $(GSS_KRB5_LIB)
# needs fixing if ever used on Mac OS X!
# eventually) but which we don't want to install.
APPUTILS_LIB = -lapputils
-#
-# some more stuff for --with-krb4
-KRB4_LIBPATH = @KRB4_LIBPATH@
-KRB4_INCLUDES = @KRB4_INCLUDES@
-
#
# variables for --with-tcl=
TCL_LIBS = @TCL_LIBS@
AC_ARG_ENABLE([athena],
[ --enable-athena build with MIT Project Athena configuration],,)
dnl
-if test -z "$KRB4_LIB"; then
-kadminv4=""
-krb524=""
-libkrb4=""
-KRB4=""
-else
-kadminv4=kadmin.v4
-krb524=krb524
-libkrb4=lib/krb4
-KRB4=krb4
-fi
-AC_SUBST(KRB4)
-AC_SUBST(krb524)
-dnl
dnl Begin autoconf tests for the Makefiles generated out of the top-level
dnl configure.in...
dnl
AC_SUBST(FAKEKA)
KRB5_RUN_FLAGS
dnl
-dnl for krb524
AC_TYPE_SIGNAL
dnl
dnl from old include/configure.in
[ --enable-athena build with MIT Project Athena configuration],
AC_DEFINE(KRB5_ATHENA_COMPAT,1,[Define if MIT Project Athena default configuration should be used]),)
-if test "$KRB4_LIB" = ''; then
- AC_MSG_NOTICE(No Kerberos 4 compatibility)
- maybe_kerberosIV=
-else
- AC_MSG_NOTICE(Kerberos 4 compatibility enabled)
- maybe_kerberosIV=kerberosIV
- AC_DEFINE(KRB5_KRB4_COMPAT,1,[Define if Kerberos V4 backwards compatibility should be supported])
-fi
-AC_SUBST(maybe_kerberosIV)
dnl
AC_C_INLINE
AH_TOP([
fi
AC_SUBST(DO_TEST)
dnl
-DO_V4_TEST=
-if test "$have_PERL" = perl -a "$have_RUNTEST" = runtest -a "$TCL_LIBS" != "" -a "$ath_compat" != ""; then
- DO_V4_TEST=ok
-fi
-AC_SUBST(DO_V4_TEST)
dnl The following are substituted into kadmin/testing/scripts/env-setup.sh
RBUILD=`pwd`
AC_SUBST(RBUILD)
AC_CHECK_PROG(RUNTEST,runtest,runtest)
AC_CHECK_PROG(PERL,perl,perl)
dnl
-dnl
-dnl for lib/krb4
-case $krb5_cv_host in
- *-apple-darwin*)
- KRB_ERR_TXT=
- KRB_ERR=
- KRB_ERR_C=krb_err.c
- ;;
- *)
- KRB_ERR='$(OUTPRE)krb_err.$(OBJEXT)'
- KRB_ERR_TXT=krb_err_txt.c
- KRB_ERR_C=
- ;;
-esac
-AC_SUBST([KRB_ERR_TXT])
-AC_SUBST([KRB_ERR])
-AC_SUBST([KRB_ERR_C])
-dnl
-dnl
dnl lib/gssapi
AC_CHECK_HEADER(stdint.h,[
include_stdint='awk '\''END{printf("%cinclude <stdint.h>\n", 35);}'\'' < /dev/null'],
HAVE_RUNTEST=no
fi
AC_SUBST(HAVE_RUNTEST)
-if test "$KRB4_LIB" = ''; then
- KRB4_DEJAGNU_TEST="KRBIV=0"
-else
- AC_MSG_RESULT(Kerberos 4 testing enabled)
- KRB4_DEJAGNU_TEST="KRBIV=1"
-fi
-AC_SUBST(KRB4_DEJAGNU_TEST)
dnl for plugins/kdb/db2
dnl
if test "$SS_VERSION" = k5 ; then
K5_GEN_MAKEFILE(util/ss)
fi
-if test -n "$KRB4_LIB"; then
- K5_GEN_MAKEFILE(lib/krb4)
-fi
dnl
dnl
ldap_plugin_dir=""
util util/support util/profile util/send-pr
- lib lib/des425 lib/kdb
+ lib lib/kdb
lib/crypto lib/crypto/crc32 lib/crypto/des lib/crypto/dk
lib/crypto/enc_provider lib/crypto/hash_provider
lib/apputils
- kdc slave krb524 config-files gen-manpages include
- include/kerberosIV
+ kdc slave config-files gen-manpages include
plugins/locate/python
plugins/kdb/db2
thisconfigdir=..
myfulldir=include
mydir=include
-SUBDIRS=@maybe_kerberosIV@
BUILDTOP=$(REL)..
KRB5RCTMPDIR= @KRB5_RCTMPDIR@
##DOSBUILDTOP = ..
+++ /dev/null
-thisconfigdir=./../..
-myfulldir=include/kerberosIV
-mydir=include/kerberosIV
-BUILDTOP=$(REL)..$(S)..
-KRB4_HEADERS=krb.h des.h mit-copyright.h
-
-all-unix:: krb_err.h kadm_err.h
-
-krb_err.h: $(SRCTOP)/lib/krb4/krb_err.et
-kadm_err.h: $(SRCTOP)/lib/krb4/kadm_err.et
-krb_err.h kadm_err.h: rebuild-k4-error-tables; : $@
-rebuild-k4-error-tables:
- (cd $(BUILDTOP)/lib/krb4 && $(MAKE) includes)
-
-clean-unix::
- $(RM) krb_err.h kadm_err.h
-
-install-headers-unix install:: krb_err.h kadm_err.h
- @set -x; for f in $(KRB4_HEADERS) ; \
- do $(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(KRB5_INCDIR)/kerberosIV/$$f ; \
- done
- $(INSTALL_DATA) krb_err.h $(DESTDIR)$(KRB5_INCDIR)$(S)kerberosIV$(S)krb_err.h
- $(INSTALL_DATA) kadm_err.h $(DESTDIR)$(KRB5_INCDIR)$(S)kerberosIV$(S)kadm_err.h
+++ /dev/null
-/*
- * include/kerberosIV/addr_comp.h
- *
- * Copyright 1987-1994 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * Include file for address comparison macros.
- */
-
-#ifndef ADDR_COMP_DEFS
-#define ADDR_COMP_DEFS
-
-/*
-** Look boys and girls, a big kludge
-** We need to compare the two internet addresses in network byte order, not
-** local byte order. This is a *really really slow way of doing that*
-** But.....
-** .....it works
-** so we run with it
-**
-** long_less_than gets fed two (u_char *)'s....
-*/
-
-#define u_char_comp(x,y) \
- (((x)>(y))?(1):(((x)==(y))?(0):(-1)))
-
-#define long_less_than(x,y) \
- (u_char_comp((x)[0],(y)[0])?u_char_comp((x)[0],(y)[0]): \
- (u_char_comp((x)[1],(y)[1])?u_char_comp((x)[1],(y)[1]): \
- (u_char_comp((x)[2],(y)[2])?u_char_comp((x)[2],(y)[2]): \
- (u_char_comp((x)[3],(y)[3])))))
-
-#endif /* ADDR_COMP_DEFS */
+++ /dev/null
-/*
- * include/kerberosIV/admin_server.h
- *
- * Copyright 1987-1994 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#ifndef ADMIN_SERVER_DEFS
-#define ADMIN_SERVER_DEFS
-
-#define PW_SRV_VERSION 2 /* version number */
-
-#define INSTALL_NEW_PW (1<<0) /*
- * ver, cmd, name, password,
- * old_pass, crypt_pass, uid
- */
-
-#define ADMIN_NEW_PW (2<<1) /*
- * ver, cmd, name, passwd,
- * old_pass
- * (grot), crypt_pass (grot)
- */
-
-#define ADMIN_SET_KDC_PASSWORD (3<<1) /* ditto */
-#define ADMIN_ADD_NEW_KEY (4<<1) /* ditto */
-#define ADMIN_ADD_NEW_KEY_ATTR (5<<1) /*
- * ver, cmd, name, passwd,
- * inst, attr (grot)
- */
-#define INSTALL_REPLY (1<<1) /* ver, cmd, name, password */
-#define RETRY_LIMIT 1
-#define TIME_OUT 30
-#define USER_TIMEOUT 90
-#define MAX_KPW_LEN 40
-
-#define KADM "changepw" /* service name */
-
-#endif /* ADMIN_SERVER_DEFS */
+++ /dev/null
-/*
- * include/kerberosIV/des.h
- *
- * Copyright 1987, 1988, 1994, 2002 by the Massachusetts Institute of
- * Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * Include file for the Data Encryption Standard library.
- */
-
-#if defined(__MACH__) && defined(__APPLE__)
-#include <TargetConditionals.h>
-#include <AvailabilityMacros.h>
-#if TARGET_RT_MAC_CFM
-#error "Use KfM 4.0 SDK headers for CFM compilation."
-#endif
-#if defined(DEPRECATED_IN_MAC_OS_X_VERSION_10_5) && !defined(KRB5_SUPRESS_DEPRECATED_WARNINGS)
-#define KRB5INT_DES_DEPRECATED DEPRECATED_IN_MAC_OS_X_VERSION_10_5
-#endif
-#endif /* defined(__MACH__) && defined(__APPLE__) */
-
-/* Macro to add deprecated attribute to DES types and functions */
-/* Currently only defined on Mac OS X 10.5 and later. */
-#ifndef KRB5INT_DES_DEPRECATED
-#define KRB5INT_DES_DEPRECATED
-#endif
-
-#ifdef __cplusplus
-#ifndef KRBINT_BEGIN_DECLS
-#define KRBINT_BEGIN_DECLS extern "C" {
-#define KRBINT_END_DECLS }
-#endif
-#else
-#define KRBINT_BEGIN_DECLS
-#define KRBINT_END_DECLS
-#endif
-
-#ifndef KRB5INT_DES_TYPES_DEFINED
-#define KRB5INT_DES_TYPES_DEFINED
-
-#include <limits.h>
-
-KRBINT_BEGIN_DECLS
-
-#if TARGET_OS_MAC
-# pragma pack(push,2)
-#endif
-
-#if UINT_MAX >= 0xFFFFFFFFUL
-#define DES_INT32 int
-#define DES_UINT32 unsigned int
-#else
-#define DES_INT32 long
-#define DES_UINT32 unsigned long
-#endif
-
-typedef unsigned char des_cblock[8] /* crypto-block size */
-KRB5INT_DES_DEPRECATED;
-
-/*
- * Key schedule.
- *
- * This used to be
- *
- * typedef struct des_ks_struct {
- * union { DES_INT32 pad; des_cblock _;} __;
- * } des_key_schedule[16];
- *
- * but it would cause trouble if DES_INT32 were ever more than 4
- * bytes. The reason is that all the encryption functions cast it to
- * (DES_INT32 *), and treat it as if it were DES_INT32[32]. If
- * 2*sizeof(DES_INT32) is ever more than sizeof(des_cblock), the
- * caller-allocated des_key_schedule will be overflowed by the key
- * scheduling functions. We can't assume that every platform will
- * have an exact 32-bit int, and nothing should be looking inside a
- * des_key_schedule anyway.
- */
-typedef struct des_ks_struct { DES_INT32 _[2]; } des_key_schedule[16]
-KRB5INT_DES_DEPRECATED;
-
-#if TARGET_OS_MAC
-# pragma pack(pop)
-#endif
-
-KRBINT_END_DECLS
-
-#endif /* KRB5INT_DES_TYPES_DEFINED */
-
-/* only do the whole thing once */
-#ifndef DES_DEFS
-/*
- * lib/crypto/des/des_int.h defines KRB5INT_CRYPTO_DES_INT temporarily
- * to avoid including the defintions and declarations below. The
- * reason that the crypto library needs to include this file is that
- * it needs to have its types aligned with krb4's types.
- */
-#ifndef KRB5INT_CRYPTO_DES_INT
-#define DES_DEFS
-
-#if defined(_WIN32)
-#ifndef KRB4
-#define KRB4 1
-#endif
-#include <win-mac.h>
-#endif
-#include <stdio.h> /* need FILE for des_cblock_print_file */
-
-KRBINT_BEGIN_DECLS
-
-#if TARGET_OS_MAC
-# pragma pack(push,2)
-#endif
-
-/* Windows declarations */
-#ifndef KRB5_CALLCONV
-#define KRB5_CALLCONV
-#define KRB5_CALLCONV_C
-#endif
-
-#define DES_KEY_SZ (sizeof(des_cblock))
-#define DES_ENCRYPT 1
-#define DES_DECRYPT 0
-
-#ifndef NCOMPAT
-#define C_Block des_cblock
-#define Key_schedule des_key_schedule
-#define ENCRYPT DES_ENCRYPT
-#define DECRYPT DES_DECRYPT
-#define KEY_SZ DES_KEY_SZ
-#define string_to_key des_string_to_key
-#define read_pw_string des_read_pw_string
-#define random_key des_random_key
-#define pcbc_encrypt des_pcbc_encrypt
-#define key_sched des_key_sched
-#define cbc_encrypt des_cbc_encrypt
-#define cbc_cksum des_cbc_cksum
-#define C_Block_print des_cblock_print
-#define quad_cksum des_quad_cksum
-typedef struct des_ks_struct bit_64;
-#endif
-
-#define des_cblock_print(x) des_cblock_print_file(x, stdout)
-
-/*
- * Function Prototypes
- */
-
-int KRB5_CALLCONV des_key_sched (C_Block, Key_schedule)
-KRB5INT_DES_DEPRECATED;
-
-int KRB5_CALLCONV
-des_pcbc_encrypt (C_Block *in, C_Block *out, long length,
- const des_key_schedule schedule, C_Block *ivec,
- int enc)
-KRB5INT_DES_DEPRECATED;
-
-unsigned long KRB5_CALLCONV
-des_quad_cksum (const unsigned char *in, unsigned DES_INT32 *out,
- long length, int out_count, C_Block *seed)
-KRB5INT_DES_DEPRECATED;
-
-/*
- * XXX ABI change: used to return void; also, cns/kfm have signed long
- * instead of unsigned long length.
- */
-unsigned long KRB5_CALLCONV
-des_cbc_cksum(const des_cblock *, des_cblock *, unsigned long,
- const des_key_schedule, const des_cblock *)
-KRB5INT_DES_DEPRECATED;
-
-int KRB5_CALLCONV des_string_to_key (const char *, C_Block)
-KRB5INT_DES_DEPRECATED;
-
-void afs_string_to_key(char *, char *, des_cblock)
-KRB5INT_DES_DEPRECATED;
-
-/* XXX ABI change: used to return krb5_error_code */
-int KRB5_CALLCONV des_read_password(des_cblock *, char *, int)
-KRB5INT_DES_DEPRECATED;
-
-int KRB5_CALLCONV des_ecb_encrypt(des_cblock *, des_cblock *,
- const des_key_schedule, int)
-KRB5INT_DES_DEPRECATED;
-
-/* XXX kfm/cns have signed long length */
-int des_cbc_encrypt(des_cblock *, des_cblock *, unsigned long,
- const des_key_schedule, const des_cblock *, int)
-KRB5INT_DES_DEPRECATED;
-
-void des_fixup_key_parity(des_cblock)
-KRB5INT_DES_DEPRECATED;
-
-int des_check_key_parity(des_cblock)
-KRB5INT_DES_DEPRECATED;
-
-int KRB5_CALLCONV des_new_random_key(des_cblock)
-KRB5INT_DES_DEPRECATED;
-
-void des_init_random_number_generator(des_cblock)
-KRB5INT_DES_DEPRECATED;
-
-int des_random_key(des_cblock *)
-KRB5INT_DES_DEPRECATED;
-
-int des_is_weak_key(des_cblock)
-KRB5INT_DES_DEPRECATED;
-
-void des_cblock_print_file(des_cblock *, FILE *fp)
-KRB5INT_DES_DEPRECATED;
-
-
-#if TARGET_OS_MAC
-# pragma pack(pop)
-#endif
-
-KRBINT_END_DECLS
-
-#endif /* KRB5INT_CRYPTO_DES_INT */
-#endif /* DES_DEFS */
+++ /dev/null
-/*
- * include/kerberosIV/kadm.h
- *
- * Copyright 1988, 1994, 2002 by the Massachusetts Institute of
- * Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * Definitions for Kerberos administration server & client. These
- * should be considered private; among other reasons, it leaks all
- * over the namespace.
- */
-
-#ifndef KADM_DEFS
-#define KADM_DEFS
-
-/*
- * kadm.h
- * Header file for the fourth attempt at an admin server
- * Doug Church, December 28, 1989, MIT Project Athena
- */
-
-#include <sys/types.h>
-#include "port-sockets.h"
-#include <kerberosIV/krb.h>
-#include <kerberosIV/des.h>
-
-/* for those broken Unixes without this defined... should be in sys/param.h */
-#ifndef MAXHOSTNAMELEN
-#define MAXHOSTNAMELEN 64
-#endif
-
-/* The global structures for the client and server */
-typedef struct {
- struct sockaddr_in admin_addr;
- struct sockaddr_in my_addr;
- int my_addr_len;
- int admin_fd; /* file descriptor for link to admin server */
- char sname[ANAME_SZ]; /* the service name */
- char sinst[INST_SZ]; /* the services instance */
- char krbrlm[REALM_SZ];
- /* KfM additions... */
- int default_port;
- CREDENTIALS creds; /* The client's credentials (from krb_get_pw_in_tkt_creds)*/
-} Kadm_Client;
-
-typedef struct { /* status of the server, i.e the parameters */
- int inter; /* Space for command line flags */
- char *sysfile; /* filename of server */
-} admin_params; /* Well... it's the admin's parameters */
-
-/* Largest password length to be supported */
-#define MAX_KPW_LEN 128
-
-/* Largest packet the admin server will ever allow itself to return */
-#define KADM_RET_MAX 2048
-
-/* That's right, versions are 8 byte strings */
-#define KADM_VERSTR "KADM0.0A"
-#define KADM_ULOSE "KYOULOSE" /* sent back when server can't
- decrypt client's msg */
-#define KADM_VERSIZE strlen(KADM_VERSTR)
-
-/* the lookups for the server instances */
-#define PWSERV_NAME "changepw"
-#define KADM_SNAME "kerberos_master"
-#define KADM_SINST "kerberos"
-
-/* Attributes fields constants and macros */
-#define ALLOC 2
-#define RESERVED 3
-#define DEALLOC 4
-#define DEACTIVATED 5
-#define ACTIVE 6
-
-/* Kadm_vals structure for passing db fields into the server routines */
-#define FLDSZ 4
-
-typedef struct {
- u_char fields[FLDSZ]; /* The active fields in this struct */
- char name[ANAME_SZ];
- char instance[INST_SZ];
- KRB_UINT32 key_low;
- KRB_UINT32 key_high;
- KRB_UINT32 exp_date;
- unsigned short attributes;
- unsigned char max_life;
-} Kadm_vals; /* The basic values structure in Kadm */
-
-/* Kadm_vals structure for passing db fields into the server routines */
-#define FLDSZ 4
-
-/* Need to define fields types here */
-#define KADM_NAME 31
-#define KADM_INST 30
-#define KADM_EXPDATE 29
-#define KADM_ATTR 28
-#define KADM_MAXLIFE 27
-#define KADM_DESKEY 26
-
-/* To set a field entry f in a fields structure d */
-#define SET_FIELD(f,d) (d[3-(f/8)]|=(1<<(f%8)))
-
-/* To set a field entry f in a fields structure d */
-#define CLEAR_FIELD(f,d) (d[3-(f/8)]&=(~(1<<(f%8))))
-
-/* Is field f in fields structure d */
-#define IS_FIELD(f,d) (d[3-(f/8)]&(1<<(f%8)))
-
-/* Various return codes */
-#define KADM_SUCCESS 0
-
-#define WILDCARD_STR "*"
-
-enum acl_types {
-ADDACL,
-GETACL,
-MODACL,
-STABACL,
-DELACL
-};
-
-/* Various opcodes for the admin server's functions */
-#define CHANGE_PW 2
-#define ADD_ENT 3
-#define MOD_ENT 4
-#define GET_ENT 5
-#define CHECK_PW 6
-#define CHG_STAB 7
-/* Cygnus principal-deletion support */
-#define KADM_CYGNUS_EXT_BASE 64
-#define DEL_ENT (KADM_CYGNUS_EXT_BASE+1)
-
-#ifdef POSIX
-typedef void sigtype;
-#else
-typedef int sigtype;
-#endif
-
-/* Avoid stomping on namespace... */
-
-#define vals_to_stream kadm_vals_to_stream
-#define build_field_header kadm_build_field_header
-#define vts_string kadm_vts_string
-#define vts_short kadm_vts_short
-#define vts_long kadm_vts_long
-#define vts_char kadm_vts_char
-
-#define stream_to_vals kadm_stream_to_vals
-#define check_field_header kadm_check_field_header
-#define stv_string kadm_stv_string
-#define stv_short kadm_stv_short
-#define stv_long kadm_stv_long
-#define stv_char kadm_stv_char
-
-int vals_to_stream(Kadm_vals *, u_char **);
-int build_field_header(u_char *, u_char **);
-int vts_string(char *, u_char **, int);
-int vts_short(KRB_UINT32, u_char **, int);
-int vts_long(KRB_UINT32, u_char **, int);
-int vts_char(KRB_UINT32, u_char **, int);
-
-int stream_to_vals(u_char *, Kadm_vals *, int);
-int check_field_header(u_char *, u_char *, int);
-int stv_string(u_char *, char *, int, int, int);
-int stv_short(u_char *, u_short *, int, int);
-int stv_long(u_char *, KRB_UINT32 *, int, int);
-int stv_char(u_char *, u_char *, int, int);
-
-int kadm_init_link(char *, char *, char *, Kadm_Client *, int);
-int kadm_cli_send(Kadm_Client *, u_char *, size_t, u_char **, size_t *);
-int kadm_cli_conn(Kadm_Client *);
-void kadm_cli_disconn(Kadm_Client *);
-int kadm_cli_out(Kadm_Client *, u_char *, int, u_char **, size_t *);
-int kadm_cli_keyd(Kadm_Client *, des_cblock, des_key_schedule);
-
-#endif /* KADM_DEFS */
+++ /dev/null
-/*
- * include/kerberosIV/kdc.h
- *
- * Copyright 1987, 1988, 1994 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * Include file for the Kerberos Key Distribution Center.
- */
-
-#ifndef KDC_DEFS
-#define KDC_DEFS
-
-#define S_AD_SZ sizeof(struct sockaddr_in)
-
-#ifdef notdef
-#define max(a,b) (a>b ? a : b)
-#define min(a,b) (a<b ? a : b)
-#endif
-
-#define TRUE 1
-#define FALSE 0
-
-#define MKEYFILE "/.k"
-#define K_LOGFIL "/kerberos/kpropd.log"
-#define KS_LOGFIL "/kerberos/kerberos_slave.log"
-#define KRB_ACL "/kerberos/kerberos.acl"
-#define KRB_PROG "./kerberos"
-
-#define ONE_MINUTE 60
-#define FIVE_MINUTES (5 * ONE_MINUTE)
-#define ONE_HOUR (60 * ONE_MINUTE)
-#define ONE_DAY (24 * ONE_HOUR)
-#define THREE_DAYS (3 * ONE_DAY)
-
-#endif /* KDC_DEFS */
-
+++ /dev/null
-/*
- * include/kerberosIV/klog.h
- *
- * Copyright 1988, 1994 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * This file defines the types of log messages logged by klog. Each
- * type of message may be selectively turned on or off.
- */
-
-#ifndef KLOG_DEFS
-#define KLOG_DEFS
-
-#define KRBLOG "/kerberos/kerberos.log" /* master server */
-#define KRBSLAVELOG "/kerberos/kerberos_slave.log" /* master server */
-#define NLOGTYPE 100 /* Maximum number of log msg types */
-
-#define L_NET_ERR 1 /* Error in network code */
-#define L_NET_INFO 2 /* Info on network activity */
-#define L_KRB_PERR 3 /* Kerberos protocol errors */
-#define L_KRB_PINFO 4 /* Kerberos protocol info */
-#define L_INI_REQ 5 /* Request for initial ticket */
-#define L_NTGT_INTK 6 /* Initial request not for TGT */
-#define L_DEATH_REQ 7 /* Request for server death */
-#define L_TKT_REQ 8 /* All ticket requests using a tgt */
-#define L_ERR_SEXP 9 /* Service expired */
-#define L_ERR_MKV 10 /* Master key version incorrect */
-#define L_ERR_NKY 11 /* User's key is null */
-#define L_ERR_NUN 12 /* Principal not unique */
-#define L_ERR_UNK 13 /* Principal Unknown */
-#define L_ALL_REQ 14 /* All requests */
-#define L_APPL_REQ 15 /* Application requests (using tgt) */
-#define L_KRB_PWARN 16 /* Protocol warning messages */
-
-char *klog(int, char *, char *, char *, char *, char *, char *, char *,
- char *, char *, char *, char *);
-
-#endif /* KLOG_DEFS */
+++ /dev/null
-/*
- * include/kerberosIV/kparse.h
- *
- * Copyright 1988, 1994 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * Include file for kparse routines.
- */
-
-#ifndef KPARSE_DEFS
-#define KPARSE_DEFS
-
-/*
- * values returned by fGetParameterSet()
- */
-
-#define PS_BAD_KEYWORD -2 /* unknown or duplicate keyword */
-#define PS_SYNTAX -1 /* syntax error */
-#define PS_OKAY 0 /* got a complete parameter set */
-#define PS_EOF 1 /* nothing more in the file */
-
-/*
- * values returned by fGetKeywordValue()
- */
-
-#define KV_SYNTAX -2 /* syntax error */
-#define KV_EOF -1 /* nothing more in the file */
-#define KV_OKAY 0 /* got a keyword/value pair */
-#define KV_EOL 1 /* nothing more on this line */
-
-/*
- * values returned by fGetToken()
- */
-
-#define GTOK_BAD_QSTRING -1 /* newline found in quoted string */
-#define GTOK_EOF 0 /* end of file encountered */
-#define GTOK_QSTRING 1 /* quoted string */
-#define GTOK_STRING 2 /* unquoted string */
-#define GTOK_NUMBER 3 /* one or more digits */
-#define GTOK_PUNK 4 /* punks are punctuation, newline,
- * etc. */
-#define GTOK_WHITE 5 /* one or more whitespace chars */
-
-/*
- * extended character classification macros
- */
-
-#define ISOCTAL(CH) ( (CH>='0') && (CH<='7') )
-#define ISQUOTE(CH) ( (CH=='\"') || (CH=='\'') || (CH=='`') )
-#define ISWHITESPACE(C) ( (C==' ') || (C=='\t') )
-#define ISLINEFEED(C) ( (C=='\n') || (C=='\r') || (C=='\f') )
-
-/*
- * tokens consist of any printable charcacter except comma, equal, or
- * whitespace
- */
-
-#define ISTOKENCHAR(C) ((C>040) && (C<0177) && (C != ',') && (C != '='))
-
-/*
- * the parameter table defines the keywords that will be recognized by
- * fGetParameterSet, and their default values if not specified.
- */
-
-typedef struct {
- char *keyword;
- char *defvalue;
- char *value;
-} parmtable;
-
-#define PARMCOUNT(P) (sizeof(P)/sizeof(P[0]))
-
-int fGetChar (FILE *fp);
-int fGetParameterSet (FILE *fp, parmtable parm[], int parmcount);
-int ParmCompare (parmtable parm[], int parmcount, char *keyword, char *value);
-
-void FreeParameterSet (parmtable parm[], int parmcount);
-
-int fGetKeywordValue (FILE *fp, char *keyword, int klen, char *value, int vlen);
-
-int fGetToken (FILE *fp, char *dest, int maxlen);
-
-int fGetLiteral (FILE *fp);
-
-int fUngetChar (int ch, FILE *fp);
-
-#endif /* KPARSE_DEFS */
+++ /dev/null
-/*
- * include/kerberosIV/krb.h
- *
- * Copyright 1987, 1988, 1994, 2001, 2002 by the Massachusetts
- * Institute of Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * Include file for the Kerberos V4 library.
- */
-
-/* Only one time, please */
-#ifndef KRB_DEFS
-#define KRB_DEFS
-
-/*
- * For MacOS, don't expose prototypes of various private functions.
- * Unfortuantely, they've leaked out everywhere else.
- */
-#if defined(__MACH__) && defined(__APPLE__)
-#include <TargetConditionals.h>
-#include <AvailabilityMacros.h>
-#if TARGET_RT_MAC_CFM
-#error "Use KfM 4.0 SDK headers for CFM compilation."
-#endif
-#ifndef KRB_PRIVATE
-#define KRB_PRIVATE 0
-#endif
-#if defined(DEPRECATED_IN_MAC_OS_X_VERSION_10_5) && !defined(KRB5_SUPRESS_DEPRECATED_WARNINGS)
-#define KRB5INT_KRB4_DEPRECATED DEPRECATED_IN_MAC_OS_X_VERSION_10_5
-#endif
-#else
-#ifndef KRB_PRIVATE
-#define KRB_PRIVATE 1
-#endif
-#endif /* defined(__MACH__) && defined(__APPLE__) */
-
-/* Macro to add deprecated attribute to KRB4 types and functions */
-/* Currently only defined on Mac OS X 10.5 and later. */
-#ifndef KRB5INT_KRB4_DEPRECATED
-#define KRB5INT_KRB4_DEPRECATED
-#endif
-
-/* Define u_char, u_short, u_int, and u_long. */
-/* XXX these typdef names are not standardized! */
-#include <sys/types.h>
-
-/* Need some defs from des.h */
-#include <kerberosIV/des.h>
-#include <kerberosIV/krb_err.h>
-#include <profile.h>
-
-#ifdef _WIN32
-#include <time.h>
-#endif /* _WIN32 */
-
-#ifdef __cplusplus
-#ifndef KRBINT_BEGIN_DECLS
-#define KRBINT_BEGIN_DECLS extern "C" {
-#define KRBINT_END_DECLS }
-#endif
-#else
-#define KRBINT_BEGIN_DECLS
-#define KRBINT_END_DECLS
-#endif
-KRBINT_BEGIN_DECLS
-
-#if TARGET_OS_MAC
-# pragma pack(push,2)
-#endif
-
-#define KRB4_32 DES_INT32
-#define KRB_INT32 DES_INT32
-#define KRB_UINT32 DES_UINT32
-
-#define MAX_KRB_ERRORS 256
-
-#if TARGET_OS_MAC
-/* ABI divergence on Mac for backwards compatibility. */
-extern const char * const * const krb_err_txt
-KRB5INT_KRB4_DEPRECATED;
-#else
-extern const char * const krb_err_txt[MAX_KRB_ERRORS]
-KRB5INT_KRB4_DEPRECATED;
-#endif
-
-/* General definitions */
-#define KSUCCESS 0
-#define KFAILURE 255
-
-/*
- * Kerberos specific definitions
- *
- * KRBLOG is the log file for the kerberos master server. KRB_CONF is
- * the configuration file where different host machines running master
- * and slave servers can be found. KRB_MASTER is the name of the
- * machine with the master database. The admin_server runs on this
- * machine, and all changes to the db (as opposed to read-only
- * requests, which can go to slaves) must go to it. KRB_HOST is the
- * default machine * when looking for a kerberos slave server. Other
- * possibilities are * in the KRB_CONF file. KRB_REALM is the name of
- * the realm.
- */
-
-#define KRB_CONF "/etc/krb.conf"
-#define KRB_RLM_TRANS "/etc/krb.realms"
-#define KRB_MASTER "kerberos"
-#define KRB_HOST KRB_MASTER
-#define KRB_REALM "ATHENA.MIT.EDU"
-
-/* The maximum sizes for aname, realm, sname, and instance +1 */
-#define ANAME_SZ 40
-#define REALM_SZ 40
-#define SNAME_SZ 40
-#define INST_SZ 40
-#define ADDR_SZ 40
-/*
- * NB: This overcounts due to NULs.
- */
-/* include space for '.' and '@' */
-#define MAX_K_NAME_SZ (ANAME_SZ + INST_SZ + REALM_SZ + 2)
-#define KKEY_SZ 100
-#define VERSION_SZ 1
-#define MSG_TYPE_SZ 1
-#define DATE_SZ 26 /* RTI date output */
-
-#define MAX_HSTNM 100
-
-#ifndef DEFAULT_TKT_LIFE /* allow compile-time override */
-#define DEFAULT_TKT_LIFE 120 /* default lifetime for krb_mk_req */
-#endif
-
-#define KRB_TICKET_GRANTING_TICKET "krbtgt"
-
-/* Definition of text structure used to pass text around */
-#define MAX_KTXT_LEN 1250
-
-struct ktext {
- int length; /* Length of the text */
- unsigned char dat[MAX_KTXT_LEN]; /* The data itself */
- unsigned long mbz; /* zero to catch runaway strings */
-} KRB5INT_KRB4_DEPRECATED;
-
-typedef struct ktext *KTEXT KRB5INT_KRB4_DEPRECATED;
-typedef struct ktext KTEXT_ST KRB5INT_KRB4_DEPRECATED;
-
-
-/* Definitions for send_to_kdc */
-#define CLIENT_KRB_TIMEOUT 4 /* time between retries */
-#define CLIENT_KRB_RETRY 5 /* retry this many times */
-#define CLIENT_KRB_BUFLEN 512 /* max unfragmented packet */
-
-/* Definitions for ticket file utilities */
-#define R_TKT_FIL 0
-#define W_TKT_FIL 1
-
-/* Definitions for cl_get_tgt */
-#ifdef PC
-#define CL_GTGT_INIT_FILE "\\kerberos\\k_in_tkts"
-#else
-#define CL_GTGT_INIT_FILE "/etc/k_in_tkts"
-#endif /* PC */
-
-/* Parameters for rd_ap_req */
-/* Maximum allowable clock skew in seconds */
-#define CLOCK_SKEW 5*60
-/* Filename for readservkey */
-#define KEYFILE ((char*)krb__get_srvtabname("/etc/srvtab"))
-
-/* Structure definition for rd_ap_req */
-
-struct auth_dat {
- unsigned char k_flags; /* Flags from ticket */
- char pname[ANAME_SZ]; /* Principal's name */
- char pinst[INST_SZ]; /* His Instance */
- char prealm[REALM_SZ]; /* His Realm */
- unsigned KRB4_32 checksum; /* Data checksum (opt) */
- C_Block session; /* Session Key */
- int life; /* Life of ticket */
- unsigned KRB4_32 time_sec; /* Time ticket issued */
- unsigned KRB4_32 address; /* Address in ticket */
- KTEXT_ST reply; /* Auth reply (opt) */
-} KRB5INT_KRB4_DEPRECATED;
-
-typedef struct auth_dat AUTH_DAT KRB5INT_KRB4_DEPRECATED;
-
-/* Structure definition for credentials returned by get_cred */
-
-struct credentials {
- char service[ANAME_SZ]; /* Service name */
- char instance[INST_SZ]; /* Instance */
- char realm[REALM_SZ]; /* Auth domain */
- C_Block session; /* Session key */
- int lifetime; /* Lifetime */
- int kvno; /* Key version number */
- KTEXT_ST ticket_st; /* The ticket itself */
- KRB4_32 issue_date; /* The issue time */
- char pname[ANAME_SZ]; /* Principal's name */
- char pinst[INST_SZ]; /* Principal's instance */
-#if TARGET_OS_MAC
- KRB_UINT32 address; /* Address in ticket */
- KRB_UINT32 stk_type; /* string_to_key function needed */
-#endif
-#ifdef _WIN32
- char address[ADDR_SZ]; /* Address in ticket */
-#endif
-} KRB5INT_KRB4_DEPRECATED;
-
-typedef struct credentials CREDENTIALS KRB5INT_KRB4_DEPRECATED;
-
-/* Structure definition for rd_private_msg and rd_safe_msg */
-
-struct msg_dat {
- unsigned char *app_data; /* pointer to appl data */
- unsigned KRB4_32 app_length; /* length of appl data */
- unsigned KRB4_32 hash; /* hash to lookup replay */
- int swap; /* swap bytes? */
- KRB4_32 time_sec; /* msg timestamp seconds */
- unsigned char time_5ms; /* msg timestamp 5ms units */
-} KRB5INT_KRB4_DEPRECATED;
-
-typedef struct msg_dat MSG_DAT KRB5INT_KRB4_DEPRECATED;
-
-
-/* Location of ticket file for save_cred and get_cred */
-#ifdef _WIN32
-#define TKT_FILE "\\kerberos\\ticket.ses"
-#else
-#define TKT_FILE tkt_string()
-#define TKT_ROOT "/tmp/tkt"
-#endif /* _WIN32 */
-
-/*
- * Error codes are now defined as offsets from com_err (krb_err.et)
- * values.
- */
-#define KRB_ET(x) ((KRBET_ ## x) - ERROR_TABLE_BASE_krb)
-
-/* Error codes returned from the KDC */
-#define KDC_OK KRB_ET(KSUCCESS) /* 0 - Request OK */
-#define KDC_NAME_EXP KRB_ET(KDC_NAME_EXP) /* 1 - Principal expired */
-#define KDC_SERVICE_EXP KRB_ET(KDC_SERVICE_EXP) /* 2 - Service expired */
-#define KDC_AUTH_EXP KRB_ET(KDC_AUTH_EXP) /* 3 - Auth expired */
-#define KDC_PKT_VER KRB_ET(KDC_PKT_VER) /* 4 - Prot version unknown */
-#define KDC_P_MKEY_VER KRB_ET(KDC_P_MKEY_VER) /* 5 - Wrong mkey version */
-#define KDC_S_MKEY_VER KRB_ET(KDC_S_MKEY_VER) /* 6 - Wrong mkey version */
-#define KDC_BYTE_ORDER KRB_ET(KDC_BYTE_ORDER) /* 7 - Byte order unknown */
-#define KDC_PR_UNKNOWN KRB_ET(KDC_PR_UNKNOWN) /* 8 - Princ unknown */
-#define KDC_PR_N_UNIQUE KRB_ET(KDC_PR_N_UNIQUE) /* 9 - Princ not unique */
-#define KDC_NULL_KEY KRB_ET(KDC_NULL_KEY) /* 10 - Princ has null key */
-#define KDC_GEN_ERR KRB_ET(KDC_GEN_ERR) /* 20 - Generic err frm KDC */
-
-/* Values returned by get_credentials */
-#define GC_OK KRB_ET(KSUCCESS) /* 0 - Retrieve OK */
-#define RET_OK KRB_ET(KSUCCESS) /* 0 - Retrieve OK */
-#define GC_TKFIL KRB_ET(GC_TKFIL) /* 21 - Can't rd tkt file */
-#define RET_TKFIL KRB_ET(GC_TKFIL) /* 21 - Can't rd tkt file */
-#define GC_NOTKT KRB_ET(GC_NOTKT) /* 22 - Can't find tkt|TGT */
-#define RET_NOTKT KRB_ET(GC_NOTKT) /* 22 - Can't find tkt|TGT */
-
-/* Values returned by mk_ap_req */
-#define MK_AP_OK KRB_ET(KSUCCESS) /* 0 - Success */
-#define MK_AP_TGTEXP KRB_ET(MK_AP_TGTEXP) /* 26 - TGT Expired */
-
-/* Values returned by rd_ap_req */
-#define RD_AP_OK KRB_ET(KSUCCESS) /* 0 - Request authentic */
-#define RD_AP_UNDEC KRB_ET(RD_AP_UNDEC) /* 31 - Can't decode authent */
-#define RD_AP_EXP KRB_ET(RD_AP_EXP) /* 32 - Ticket expired */
-#define RD_AP_NYV KRB_ET(RD_AP_NYV) /* 33 - Ticket not yet valid */
-#define RD_AP_REPEAT KRB_ET(RD_AP_REPEAT) /* 34 - Repeated request */
-#define RD_AP_NOT_US KRB_ET(RD_AP_NOT_US) /* 35 - Ticket isn't for us */
-#define RD_AP_INCON KRB_ET(RD_AP_INCON) /* 36 - Request inconsistent */
-#define RD_AP_TIME KRB_ET(RD_AP_TIME) /* 37 - delta_t too big */
-#define RD_AP_BADD KRB_ET(RD_AP_BADD) /* 38 - Incorrect net addr */
-#define RD_AP_VERSION KRB_ET(RD_AP_VERSION) /* 39 - prot vers mismatch */
-#define RD_AP_MSG_TYPE KRB_ET(RD_AP_MSG_TYPE) /* 40 - invalid msg type */
-#define RD_AP_MODIFIED KRB_ET(RD_AP_MODIFIED) /* 41 - msg stream modified */
-#define RD_AP_ORDER KRB_ET(RD_AP_ORDER) /* 42 - message out of order */
-#define RD_AP_UNAUTHOR KRB_ET(RD_AP_UNAUTHOR) /* 43 - unauthorized request */
-
-/* Values returned by get_pw_tkt */
-#define GT_PW_OK KRB_ET(KSUCCESS) /* 0 - Got passwd chg tkt */
-#define GT_PW_NULL KRB_ET(GT_PW_NULL) /* 51 - Current PW is null */
-#define GT_PW_BADPW KRB_ET(GT_PW_BADPW) /* 52 - Wrong passwd */
-#define GT_PW_PROT KRB_ET(GT_PW_PROT) /* 53 - Protocol Error */
-#define GT_PW_KDCERR KRB_ET(GT_PW_KDCERR) /* 54 - Error ret by KDC */
-#define GT_PW_NULLTKT KRB_ET(GT_PW_NULLTKT) /* 55 - Null tkt ret by KDC */
-
-/* Values returned by send_to_kdc */
-#define SKDC_OK KRB_ET(KSUCCESS) /* 0 - Response received */
-#define SKDC_RETRY KRB_ET(SKDC_RETRY) /* 56 - Retry count exceeded */
-#define SKDC_CANT KRB_ET(SKDC_CANT) /* 57 - Can't send request */
-
-/*
- * Values returned by get_intkt
- * (can also return SKDC_* and KDC errors)
- */
-
-#define INTK_OK KRB_ET(KSUCCESS) /* 0 - Ticket obtained */
-#define INTK_PW_NULL KRB_ET(GT_PW_NULL) /* 51 - Current PW is null */
-#define INTK_W_NOTALL KRB_ET(INTK_W_NOTALL) /* 61 - Not ALL tkts retd */
-#define INTK_BADPW KRB_ET(INTK_BADPW) /* 62 - Incorrect password */
-#define INTK_PROT KRB_ET(INTK_PROT) /* 63 - Protocol Error */
-#define INTK_ERR KRB_ET(INTK_ERR) /* 70 - Other error */
-
-/* Values returned by get_adtkt */
-#define AD_OK KRB_ET(KSUCCESS) /* 0 - Ticket Obtained */
-#define AD_NOTGT KRB_ET(AD_NOTGT) /* 71 - Don't have tgt */
-
-/* Error codes returned by ticket file utilities */
-#define NO_TKT_FIL KRB_ET(NO_TKT_FIL) /* 76 - No ticket file found */
-#define TKT_FIL_ACC KRB_ET(TKT_FIL_ACC) /* 77 - Can't acc tktfile */
-#define TKT_FIL_LCK KRB_ET(TKT_FIL_LCK) /* 78 - Can't lck tkt file */
-#define TKT_FIL_FMT KRB_ET(TKT_FIL_FMT) /* 79 - Bad tkt file format */
-#define TKT_FIL_INI KRB_ET(TKT_FIL_INI) /* 80 - tf_init not called */
-
-/* Error code returned by kparse_name */
-#define KNAME_FMT KRB_ET(KNAME_FMT) /* 81 - Bad krb name fmt */
-
-/* Error code returned by krb_mk_safe */
-#define SAFE_PRIV_ERROR (-1) /* syscall error */
-
-/* Kerberos ticket flag field bit definitions */
-#define K_FLAG_ORDER 0 /* bit 0 --> lsb */
-#define K_FLAG_1 /* reserved */
-#define K_FLAG_2 /* reserved */
-#define K_FLAG_3 /* reserved */
-#define K_FLAG_4 /* reserved */
-#define K_FLAG_5 /* reserved */
-#define K_FLAG_6 /* reserved */
-#define K_FLAG_7 /* reserved, bit 7 --> msb */
-
-/* Are these needed anymore? */
-#ifdef OLDNAMES
-#define krb_mk_req mk_ap_req
-#define krb_rd_req rd_ap_req
-#define krb_kntoln an_to_ln
-#define krb_set_key set_serv_key
-#define krb_get_cred get_credentials
-#define krb_mk_priv mk_private_msg
-#define krb_rd_priv rd_private_msg
-#define krb_mk_safe mk_safe_msg
-#define krb_rd_safe rd_safe_msg
-#define krb_mk_err mk_appl_err_msg
-#define krb_rd_err rd_appl_err_msg
-#define krb_ck_repl check_replay
-#define krb_get_pw_in_tkt get_in_tkt
-#define krb_get_svc_in_tkt get_svc_in_tkt
-#define krb_get_pw_tkt get_pw_tkt
-#define krb_realmofhost krb_getrealm
-#define krb_get_phost get_phost
-#define krb_get_krbhst get_krbhst
-#define krb_get_lrealm get_krbrlm
-#endif /* OLDNAMES */
-
-/* Defines for krb_sendauth and krb_recvauth */
-
-#define KOPT_DONT_MK_REQ 0x00000001 /* don't call krb_mk_req */
-#define KOPT_DO_MUTUAL 0x00000002 /* do mutual auth */
-#define KOPT_DONT_CANON 0x00000004 /* don't canonicalize inst as a host */
-
-#define KRB_SENDAUTH_VLEN 8 /* length for version strings */
-
-#ifdef ATHENA_COMPAT
-#define KOPT_DO_OLDSTYLE 0x00000008 /* use the old-style protocol */
-#endif /* ATHENA_COMPAT */
-
-
-#ifdef _WIN32
-#define TIME_GMT_UNIXSEC win_time_gmt_unixsec((unsigned KRB4_32 *)0)
-#define TIME_GMT_UNIXSEC_US(us) win_time_gmt_unixsec((us))
-#define CONVERT_TIME_EPOCH win_time_get_epoch()
-#else
-/* until we do V4 compat under DOS, just turn this off */
-#define _fmemcpy memcpy
-#define _fstrncpy strncpy
-#define far_fputs fputs
-/* and likewise, just drag in the unix time interface */
-#define TIME_GMT_UNIXSEC unix_time_gmt_unixsec((unsigned KRB4_32 *)0)
-#define TIME_GMT_UNIXSEC_US(us) unix_time_gmt_unixsec((us))
-#define CONVERT_TIME_EPOCH ((long)0) /* Unix epoch is Krb epoch */
-#endif /* _WIN32 */
-
-/* Constants for KerberosProfileLib */
-#define REALMS_V4_PROF_REALMS_SECTION "v4 realms"
-#define REALMS_V4_PROF_KDC "kdc"
-#define REALMS_V4_PROF_ADMIN_KDC "admin_server"
-#define REALMS_V4_PROF_KPASSWD_KDC "kpasswd_server"
-#define REALMS_V4_PROF_DOMAIN_SECTION "v4 domain_realm"
-#define REALMS_V4_PROF_LIBDEFAULTS_SECTION "libdefaults"
-#define REALMS_V4_PROF_LOCAL_REALM "default_realm"
-#define REALMS_V4_PROF_STK "string_to_key_type"
-#define REALMS_V4_MIT_STK "mit_string_to_key"
-#define REALMS_V4_AFS_STK "afs_string_to_key"
-#define REALMS_V4_COLUMBIA_STK "columbia_string_to_key"
-#define REALMS_V4_DEFAULT_REALM "default_realm"
-#define REALMS_V4_NO_ADDRESSES "noaddresses"
-
-/* ask to disable IP address checking in the library */
-extern int krb_ignore_ip_address;
-
-/* Debugging printfs shouldn't even be compiled on many systems that don't
- support printf! Use it like DEB (("Oops - %s\n", string)); */
-
-#ifdef DEBUG
-#define DEB(x) if (krb_debug) printf x
-extern int krb_debug;
-#else
-#define DEB(x) /* nothing */
-#endif
-
-/* Define a couple of function types including parameters. These
- are needed on MS-Windows to convert arguments of the function pointers
- to the proper types during calls. */
-
-typedef int (KRB5_CALLCONV *key_proc_type)
- (char *, char *, char *,
- char *, C_Block)
-KRB5INT_KRB4_DEPRECATED;
-
-#define KEY_PROC_TYPE_DEFINED
-
-typedef int (KRB5_CALLCONV *decrypt_tkt_type)
- (char *, char *, char *,
- char *, key_proc_type, KTEXT *)
-KRB5INT_KRB4_DEPRECATED;
-
-#define DECRYPT_TKT_TYPE_DEFINED
-
-extern struct _krb5_context * krb5__krb4_context;
-
-/*
- * Function Prototypes for Kerberos V4.
- */
-
-struct sockaddr_in;
-
-/* dest_tkt.c */
-int KRB5_CALLCONV dest_tkt
- (void)
-KRB5INT_KRB4_DEPRECATED;
-
-/* err_txt.c */
-const char * KRB5_CALLCONV krb_get_err_text
- (int errnum)
-KRB5INT_KRB4_DEPRECATED;
-
-/* g_ad_tkt.c */
-/* Previously not KRB5_CALLCONV */
-int KRB5_CALLCONV get_ad_tkt
- (char *service, char *sinst, char *realm, int lifetime)
-KRB5INT_KRB4_DEPRECATED;
-
-/* g_admhst.c */
-int KRB5_CALLCONV krb_get_admhst
- (char *host, char *realm, int idx)
-KRB5INT_KRB4_DEPRECATED;
-
-/* g_cred.c */
-int KRB5_CALLCONV krb_get_cred
- (char *service, char *instance, char *realm,
- CREDENTIALS *c)
-KRB5INT_KRB4_DEPRECATED;
-
-/* g_in_tkt.c */
-/* Previously not KRB5_CALLCONV */
-int KRB5_CALLCONV krb_get_in_tkt
- (char *k_user, char *instance, char *realm,
- char *service, char *sinst, int life,
- key_proc_type, decrypt_tkt_type, char *arg)
-KRB5INT_KRB4_DEPRECATED;
-
-#if KRB_PRIVATE
-/* Previously not KRB5_CALLCONV */
-int KRB5_CALLCONV krb_get_in_tkt_preauth
- (char *k_user, char *instance, char *realm,
- char *service, char *sinst, int life,
- key_proc_type, decrypt_tkt_type, char *arg,
- char *preauth_p, int preauth_len)
-KRB5INT_KRB4_DEPRECATED;
-#endif
-
-/* From KfM */
-int KRB5_CALLCONV krb_get_in_tkt_creds(char *, char *, char *, char *, char *,
- int, key_proc_type, decrypt_tkt_type, char *, CREDENTIALS *)
-KRB5INT_KRB4_DEPRECATED;
-
-
-/* g_krbhst.c */
-int KRB5_CALLCONV krb_get_krbhst
- (char *host, const char *realm, int idx)
-KRB5INT_KRB4_DEPRECATED;
-
-/* g_krbrlm.c */
-int KRB5_CALLCONV krb_get_lrealm
- (char *realm, int idx)
-KRB5INT_KRB4_DEPRECATED;
-
-/* g_phost.c */
-char * KRB5_CALLCONV krb_get_phost
- (char * alias)
-KRB5INT_KRB4_DEPRECATED;
-
-/* get_pw_tkt */
-int KRB5_CALLCONV get_pw_tkt
- (char *, char *, char *, char *)
-KRB5INT_KRB4_DEPRECATED;
-
-/* g_pw_in_tkt.c */
-int KRB5_CALLCONV krb_get_pw_in_tkt
- (char *k_user, char *instance, char *realm,
- char *service, char *sinstance,
- int life, char *password)
-KRB5INT_KRB4_DEPRECATED;
-
-#if KRB_PRIVATE
-int KRB5_CALLCONV krb_get_pw_in_tkt_preauth
- (char *k_user, char *instance, char *realm,
- char *service, char *sinstance,
- int life, char *password)
-KRB5INT_KRB4_DEPRECATED;
-#endif
-
-int KRB5_CALLCONV
-krb_get_pw_in_tkt_creds(char *, char *, char *,
- char *, char *, int, char *, CREDENTIALS *)
-KRB5INT_KRB4_DEPRECATED;
-
-/* g_svc_in_tkt.c */
-int KRB5_CALLCONV krb_get_svc_in_tkt
- (char *k_user, char *instance, char *realm,
- char *service, char *sinstance,
- int life, char *srvtab)
-KRB5INT_KRB4_DEPRECATED;
-
-/* g_tf_fname.c */
-int KRB5_CALLCONV krb_get_tf_fullname
- (const char *ticket_file, char *name, char *inst, char *realm)
-KRB5INT_KRB4_DEPRECATED;
-
-/* g_tf_realm.c */
-int KRB5_CALLCONV krb_get_tf_realm
- (const char *ticket_file, char *realm)
-KRB5INT_KRB4_DEPRECATED;
-
-/* g_tkt_svc.c */
-int KRB5_CALLCONV krb_get_ticket_for_service
- (char *serviceName,
- char *buf, unsigned KRB4_32 *buflen,
- int checksum, des_cblock, Key_schedule,
- char *version, int includeVersion)
-KRB5INT_KRB4_DEPRECATED;
-
-#if KRB_PRIVATE
-/* in_tkt.c */
-int KRB5_CALLCONV in_tkt
- (char *name, char *inst)
-KRB5INT_KRB4_DEPRECATED;
-
-int KRB5_CALLCONV krb_in_tkt
- (char *pname, char *pinst, char *realm)
-KRB5INT_KRB4_DEPRECATED;
-#endif
-
-/* kname_parse.c */
-int KRB5_CALLCONV kname_parse
- (char *name, char *inst, char *realm,
- char *fullname)
-KRB5INT_KRB4_DEPRECATED;
-
-/* Merged from KfM */
-int KRB5_CALLCONV kname_unparse
- (char *, const char *, const char *, const char *)
-KRB5INT_KRB4_DEPRECATED;
-
-int KRB5_CALLCONV k_isname
- (char *)
-KRB5INT_KRB4_DEPRECATED;
-
-int KRB5_CALLCONV k_isinst
- (char *)
-KRB5INT_KRB4_DEPRECATED;
-
-int KRB5_CALLCONV k_isrealm
- (char *)
-KRB5INT_KRB4_DEPRECATED;
-
-
-/* kuserok.c */
-int KRB5_CALLCONV kuserok
- (AUTH_DAT *kdata, char *luser)
-KRB5INT_KRB4_DEPRECATED;
-
-/* lifetime.c */
-KRB4_32 KRB5_CALLCONV krb_life_to_time
- (KRB4_32 start, int life)
-KRB5INT_KRB4_DEPRECATED;
-
-int KRB5_CALLCONV krb_time_to_life
- (KRB4_32 start, KRB4_32 end)
-KRB5INT_KRB4_DEPRECATED;
-
-/* mk_auth.c */
-int KRB5_CALLCONV krb_check_auth
- (KTEXT, unsigned KRB4_32 cksum, MSG_DAT *,
- C_Block, Key_schedule,
- struct sockaddr_in * local_addr,
- struct sockaddr_in * foreign_addr)
-KRB5INT_KRB4_DEPRECATED;
-
-int KRB5_CALLCONV krb_mk_auth
- (long k4_options, KTEXT ticket,
- char *service, char *inst, char *realm,
- unsigned KRB4_32 checksum, char *version, KTEXT buf)
-KRB5INT_KRB4_DEPRECATED;
-
-/* mk_err.c */
-long KRB5_CALLCONV krb_mk_err
- (u_char *out, KRB4_32 k4_code, char *text)
-KRB5INT_KRB4_DEPRECATED;
-
-#if KRB_PRIVATE
-/* mk_preauth.c */
-int krb_mk_preauth
- (char **preauth_p, int *preauth_len, key_proc_type,
- char *name, char *inst, char *realm, char *password,
- C_Block)
-KRB5INT_KRB4_DEPRECATED;
-
-void krb_free_preauth
- (char * preauth_p, int len)
-KRB5INT_KRB4_DEPRECATED;
-#endif
-
-/* mk_priv.c */
-long KRB5_CALLCONV krb_mk_priv
- (u_char *in, u_char *out,
- unsigned KRB4_32 length,
- Key_schedule, C_Block *,
- struct sockaddr_in * sender,
- struct sockaddr_in * receiver)
-KRB5INT_KRB4_DEPRECATED;
-
-/* mk_req.c */
-int KRB5_CALLCONV krb_mk_req
- (KTEXT authent,
- char *service, char *instance, char *realm,
- KRB4_32 checksum)
-KRB5INT_KRB4_DEPRECATED;
-
-/* Merged from KfM */
-int KRB5_CALLCONV krb_mk_req_creds(KTEXT, CREDENTIALS *, KRB_INT32)
-KRB5INT_KRB4_DEPRECATED;
-
-/* Added CALLCONV (KfM exports w/o INTERFACE, but KfW doesn't export?) */
-int KRB5_CALLCONV krb_set_lifetime(int newval)
-KRB5INT_KRB4_DEPRECATED;
-
-/* mk_safe.c */
-long KRB5_CALLCONV krb_mk_safe
- (u_char *in, u_char *out, unsigned KRB4_32 length,
- C_Block *,
- struct sockaddr_in *sender,
- struct sockaddr_in *receiver)
-KRB5INT_KRB4_DEPRECATED;
-
-#if KRB_PRIVATE
-/* netread.c */
-int krb_net_read
- (int fd, char *buf, int len)
-KRB5INT_KRB4_DEPRECATED;
-
-/* netwrite.c */
-int krb_net_write
- (int fd, char *buf, int len)
-KRB5INT_KRB4_DEPRECATED;
-
-/* pkt_clen.c */
-int pkt_clen
- (KTEXT)
-KRB5INT_KRB4_DEPRECATED;
-#endif
-
-/* put_svc_key.c */
-int KRB5_CALLCONV put_svc_key
- (char *sfile,
- char *name, char *inst, char *realm,
- int newvno, char *key)
-KRB5INT_KRB4_DEPRECATED;
-
-/* rd_err.c */
-int KRB5_CALLCONV krb_rd_err
- (u_char *in, u_long in_length,
- long *k4_code, MSG_DAT *m_data)
-KRB5INT_KRB4_DEPRECATED;
-
-/* rd_priv.c */
-long KRB5_CALLCONV krb_rd_priv
- (u_char *in,unsigned KRB4_32 in_length,
- Key_schedule, C_Block *,
- struct sockaddr_in *sender,
- struct sockaddr_in *receiver,
- MSG_DAT *m_data)
-KRB5INT_KRB4_DEPRECATED;
-
-/* rd_req.c */
-int KRB5_CALLCONV krb_rd_req
- (KTEXT, char *service, char *inst,
- unsigned KRB4_32 from_addr, AUTH_DAT *,
- char *srvtab)
-KRB5INT_KRB4_DEPRECATED;
-
-/* Merged from KfM */
-int KRB5_CALLCONV
-krb_rd_req_int(KTEXT, char *, char *, KRB_UINT32, AUTH_DAT *, C_Block)
-KRB5INT_KRB4_DEPRECATED;
-
-/* rd_safe.c */
-long KRB5_CALLCONV krb_rd_safe
- (u_char *in, unsigned KRB4_32 in_length,
- C_Block *,
- struct sockaddr_in *sender,
- struct sockaddr_in *receiver,
- MSG_DAT *m_data)
-KRB5INT_KRB4_DEPRECATED;
-
-/* rd_svc_key.c */
-int KRB5_CALLCONV read_service_key
- (char *service, char *instance, char *realm,
- int kvno, char *file, char *key)
-KRB5INT_KRB4_DEPRECATED;
-
-int KRB5_CALLCONV get_service_key
- (char *service, char *instance, char *realm,
- int *kvno, char *file, char *key)
-KRB5INT_KRB4_DEPRECATED;
-
-/* realmofhost.c */
-char * KRB5_CALLCONV krb_realmofhost
- (char *host)
-KRB5INT_KRB4_DEPRECATED;
-
-/* recvauth.c */
-int KRB5_CALLCONV krb_recvauth
- (long k4_options, int fd, KTEXT ticket,
- char *service, char *instance,
- struct sockaddr_in *foreign_addr,
- struct sockaddr_in *local_addr,
- AUTH_DAT *kdata, char *srvtab,
- Key_schedule schedule, char *version)
-KRB5INT_KRB4_DEPRECATED;
-
-/* sendauth.c */
-int KRB5_CALLCONV krb_sendauth
- (long k4_options, int fd, KTEXT ticket,
- char *service, char *inst, char *realm,
- unsigned KRB4_32 checksum, MSG_DAT *msg_data,
- CREDENTIALS *cred, Key_schedule schedule,
- struct sockaddr_in *laddr, struct sockaddr_in *faddr,
- char *version)
-KRB5INT_KRB4_DEPRECATED;
-
-#if KRB_PRIVATE
-/* save_creds.c */
-int KRB5_CALLCONV krb_save_credentials
- (char *service, char *instance, char *realm,
- C_Block session, int lifetime, int kvno,
- KTEXT ticket, long issue_date)
-KRB5INT_KRB4_DEPRECATED;
-
-/* send_to_kdc.c */
-/* XXX PRIVATE? KfM doesn't export. */
-int send_to_kdc
- (KTEXT pkt, KTEXT rpkt, char *realm)
-KRB5INT_KRB4_DEPRECATED;
-#endif
-
-/* tkt_string.c */
-/* Used to return pointer to non-const char */
-const char * KRB5_CALLCONV tkt_string
- (void)
-KRB5INT_KRB4_DEPRECATED;
-
-/* Previously not KRB5_CALLCONV, and previously took pointer to non-const. */
-void KRB5_CALLCONV krb_set_tkt_string
- (const char *)
-KRB5INT_KRB4_DEPRECATED;
-
-#if KRB_PRIVATE
-/* tf_util.c */
-int KRB5_CALLCONV tf_init (const char *tf_name, int rw)
-KRB5INT_KRB4_DEPRECATED;
-
-int KRB5_CALLCONV tf_get_pname (char *p)
-KRB5INT_KRB4_DEPRECATED;
-
-int KRB5_CALLCONV tf_get_pinst (char *p)
-KRB5INT_KRB4_DEPRECATED;
-
-int KRB5_CALLCONV tf_get_cred (CREDENTIALS *c)
-KRB5INT_KRB4_DEPRECATED;
-
-void KRB5_CALLCONV tf_close (void)
-KRB5INT_KRB4_DEPRECATED;
-#endif
-
-#if KRB_PRIVATE
-/* unix_time.c */
-unsigned KRB4_32 KRB5_CALLCONV unix_time_gmt_unixsec
- (unsigned KRB4_32 *)
-KRB5INT_KRB4_DEPRECATED;
-
-/*
- * Internal prototypes
- */
-extern int krb_set_key
- (char *key, int cvt)
-KRB5INT_KRB4_DEPRECATED;
-
-/* This is exported by KfM. It was previously not KRB5_CALLCONV. */
-extern int KRB5_CALLCONV decomp_ticket
- (KTEXT tkt, unsigned char *flags, char *pname,
- char *pinstance, char *prealm, unsigned KRB4_32 *paddress,
- C_Block session, int *life, unsigned KRB4_32 *time_sec,
- char *sname, char *sinstance, C_Block,
- Key_schedule key_s)
-KRB5INT_KRB4_DEPRECATED;
-
-
-extern void cr_err_reply(KTEXT pkt, char *pname, char *pinst, char *prealm,
- u_long time_ws, u_long e, char *e_string)
-KRB5INT_KRB4_DEPRECATED;
-
-extern int create_ciph(KTEXT c, C_Block session, char *service,
- char *instance, char *realm, unsigned long life,
- int kvno, KTEXT tkt, unsigned long kdc_time,
- C_Block key)
-KRB5INT_KRB4_DEPRECATED;
-
-
-extern int krb_create_ticket(KTEXT tkt, unsigned int flags, char *pname,
- char *pinstance, char *prealm, long paddress,
- char *session, int life, long time_sec,
- char *sname, char *sinstance, C_Block key)
-KRB5INT_KRB4_DEPRECATED;
-
-#endif /* KRB_PRIVATE */
-
-/* This function is used by KEYFILE above. Do not call it directly */
-extern char * krb__get_srvtabname(const char *)
-KRB5INT_KRB4_DEPRECATED;
-
-#if KRB_PRIVATE
-
-extern int krb_kntoln(AUTH_DAT *, char *)
-KRB5INT_KRB4_DEPRECATED;
-
-#ifdef KRB5_GENERAL__
-extern int krb_cr_tkt_krb5(KTEXT tkt, unsigned int flags, char *pname,
- char *pinstance, char *prealm, long paddress,
- char *session, int life, long time_sec,
- char *sname, char *sinstance,
- krb5_keyblock *k5key)
-KRB5INT_KRB4_DEPRECATED;
-
-extern int krb_set_key_krb5(krb5_context ctx, krb5_keyblock *key)
-KRB5INT_KRB4_DEPRECATED;
-
-#endif
-
-#endif /* KRB_PRIVATE */
-
-/*
- * krb_change_password -- merged from KfM
- */
-/* change_password.c */
-int KRB5_CALLCONV krb_change_password(char *, char *, char *, char *, char *)
-KRB5INT_KRB4_DEPRECATED;
-
-/*
- * RealmsConfig-glue.c -- merged from KfM
- */
-int KRB5_CALLCONV krb_get_profile(profile_t *)
-KRB5INT_KRB4_DEPRECATED;
-
-#ifdef _WIN32
-HINSTANCE get_lib_instance(void)
-KRB5INT_KRB4_DEPRECATED;
-unsigned int krb_get_notification_message(void)
-KRB5INT_KRB4_DEPRECATED;
-char * KRB5_CALLCONV krb_get_default_user(void)
-KRB5INT_KRB4_DEPRECATED;
-int KRB5_CALLCONV krb_set_default_user(char *)
-KRB5INT_KRB4_DEPRECATED;
-unsigned KRB4_32 win_time_gmt_unixsec(unsigned KRB4_32 *)
-KRB5INT_KRB4_DEPRECATED;
-long win_time_get_epoch(void)
-KRB5INT_KRB4_DEPRECATED;
-#endif
-
-#if TARGET_OS_MAC
-# pragma pack(pop)
-#endif
-
-KRBINT_END_DECLS
-
-#endif /* KRB_DEFS */
+++ /dev/null
-/*
- * include/kerberosIV/krb_db.h
- *
- * Copyright 1987, 1988, 1994 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * spm Project Athena 8/85
- *
- * This file defines data structures for the kerberos
- * authentication/authorization database.
- *
- * They MUST correspond to those defined in *.rel
- */
-
-#ifndef KRB_DB_DEFS
-#define KRB_DB_DEFS
-
-#define KERB_M_NAME "K" /* Kerberos */
-#define KERB_M_INST "M" /* Master */
-#define KERB_DEFAULT_NAME "default"
-#define KERB_DEFAULT_INST ""
-#define DBM_FILE "/kerberos/principal"
-
-/* this also defines the number of queue headers */
-#define KERB_DB_HASH_MODULO 64
-
-
-/* Arguments to kerb_dbl_lock() */
-
-#define KERB_DBL_EXCLUSIVE 1
-#define KERB_DBL_SHARED 0
-
-/* arguments to kerb_db_set_lockmode() */
-
-#define KERB_DBL_BLOCKING 0
-#define KERB_DBL_NONBLOCKING 1
-
-/* Principal defines the structure of a principal's name */
-
-typedef struct {
- char name[ANAME_SZ];
- char instance[INST_SZ];
-
- unsigned long key_low;
- unsigned long key_high;
- unsigned long exp_date;
- char exp_date_txt[DATE_SZ];
- unsigned long mod_date;
- char mod_date_txt[DATE_SZ];
- unsigned short attributes;
- unsigned char max_life;
- unsigned char kdc_key_ver;
- unsigned char key_version;
-
- char mod_name[ANAME_SZ];
- char mod_instance[INST_SZ];
- char *old; /* cast to (Principal *); not in db,
- * ptr to old vals */
-}
- Principal;
-
-typedef struct {
- long cpu;
- long elapsed;
- long dio;
- long pfault;
- long t_stamp;
- long n_retrieve;
- long n_replace;
- long n_append;
- long n_get_stat;
- long n_put_stat;
-}
- DB_stat;
-
-/* Dba defines the structure of a database administrator */
-
-typedef struct {
- char name[ANAME_SZ];
- char instance[INST_SZ];
- unsigned short attributes;
- unsigned long exp_date;
- char exp_date_txt[DATE_SZ];
- char *old; /*
- * cast to (Dba *); not in db, ptr to
- * old vals
- */
-}
- Dba;
-
-#if 0
-extern int kerb_get_principal();
-extern int kerb_put_principal();
-extern int kerb_db_get_stat();
-extern int kerb_db_put_stat();
-extern int kerb_get_dba();
-extern int kerb_db_get_dba();
-#endif
-
-#endif /* KRB_DB_DEFS */
+++ /dev/null
-/* krbports.h -- fallback port numbers in case /etc/services isn't changed */
-/* used by: appl/bsd/rcp.c, rlogin.c, rsh.c, knetd.c
- kadmin/kadm_ser_wrap.c, lib/kadm/kadm_cli_wrap.c
- lib/krb/send_to_kdc.c
- movemail/movemail.c, pfrom/popmail.c
- server/kerberos.c, slave/kprop.c, kpropd.c
-*/
-
-#define KRB_SHELL_PORT 544
-#define UCB_SHELL_PORT 514
-
-#define KLOGIN_PORT 543
-#define EKLOGIN_PORT 2105
-#define UCB_LOGIN_PORT 513
-
-#define KADM_PORT 751
-#define KERBEROS_PORT 750
-#define KERBEROS_SEC_PORT 88
-#define KRB_PROP_PORT 754
-
-#define KPOP_PORT 1109
-#define POP3_PORT 110
-
-#define KNETD_PORT 2053
-
-/* already in rkinit_private.h */
-#define RKINIT_PORT 2108
+++ /dev/null
-/*
- * include/kerberosIV/lsb_addr_cmp.h
- *
- * Copyright 1988, 1995 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- * Comparison macros to emulate LSBFIRST comparison results of network
- * byte-order quantities
- */
-
-#include "mit-copyright.h"
-#ifndef LSB_ADDR_COMP_DEFS
-#define LSB_ADDR_COMP_DEFS
-
-/* #include "osconf.h" */
-
-/* note that if we don't explicitly know if we're LSBFIRST, the
- alternate code is byte order independent and will give the
- right answer. */
-#ifdef LSBFIRST
-#define lsb_net_ulong_less(x,y) ((x < y) ? -1 : ((x > y) ? 1 : 0))
-#define lsb_net_ushort_less(x,y) ((x < y) ? -1 : ((x > y) ? 1 : 0))
-#else
-/* MSBFIRST */
-#define u_char_comp(x,y) \
- (((x)>(y))?(1):(((x)==(y))?(0):(-1)))
-/* This is gross, but... */
-#define lsb_net_ulong_less(x, y) long_less_than((u_char *)&x, (u_char *)&y)
-#define lsb_net_ushort_less(x, y) short_less_than((u_char *)&x, (u_char *)&y)
-
-#define long_less_than(x,y) \
- (u_char_comp((x)[3],(y)[3])?u_char_comp((x)[3],(y)[3]): \
- (u_char_comp((x)[2],(y)[2])?u_char_comp((x)[2],(y)[2]): \
- (u_char_comp((x)[1],(y)[1])?u_char_comp((x)[1],(y)[1]): \
- (u_char_comp((x)[0],(y)[0])))))
-#define short_less_than(x,y) \
- (u_char_comp((x)[1],(y)[1])?u_char_comp((x)[1],(y)[1]): \
- (u_char_comp((x)[0],(y)[0])))
-
-#endif /* LSBFIRST */
-
-/* For krb4 library internal use only. */
-extern int krb4int_address_less (struct sockaddr_in *, struct sockaddr_in *);
-
-#endif /* LSB_ADDR_COMP_DEFS */
+++ /dev/null
-/*
- Copyright (C) 1989 by the Massachusetts Institute of Technology
-
- Export of this software from the United States of America may
- require a specific license from the United States Government.
- It is the responsibility of any person or organization contemplating
- export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, Permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. Furthermore if you modify this software you must label
-your software as modified software and not distribute it in such a
-fashion that it might be confused with the original M.I.T. software.
-M.I.T. makes no representations about the suitability of
-this software for any purpose. It is provided "as is" without express
-or implied warranty.
-
- */
+++ /dev/null
-/*
- * include/kerberosIV/prot.h
- *
- * Copyright 1985-1994, 2001 by the Massachusetts Institute of
- * Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * Prototypes for internal functions, mostly related to protocol
- * encoding and decoding.
- */
-
-#ifndef PROT_DEFS
-#define PROT_DEFS
-
-#define KRB_PORT 750 /* PC's don't have
- * /etc/services */
-#define KRB_PROT_VERSION 4
-#define MAX_PKT_LEN 1000
-#define MAX_TXT_LEN 1000
-
-/* Macro's to obtain various fields from a packet */
-
-#define pkt_version(packet) (unsigned int) *(packet->dat)
-#define pkt_msg_type(packet) (unsigned int) *(packet->dat+1)
-#define pkt_a_name(packet) (packet->dat+2)
-#define pkt_a_inst(packet) \
- (packet->dat+3+strlen((char *)pkt_a_name(packet)))
-#define pkt_a_realm(packet) \
- (pkt_a_inst(packet)+1+strlen((char *)pkt_a_inst(packet)))
-
-/* Macro to obtain realm from application request */
-#define apreq_realm(auth) (auth->dat + 3)
-
-#define pkt_time_ws(packet) (char *) \
- (packet->dat+5+strlen((char *)pkt_a_name(packet)) + \
- strlen((char *)pkt_a_inst(packet)) + \
- strlen((char *)pkt_a_realm(packet)))
-
-#define pkt_no_req(packet) (unsigned short) \
- *(packet->dat+9+strlen((char *)pkt_a_name(packet)) + \
- strlen((char *)pkt_a_inst(packet)) + \
- strlen((char *)pkt_a_realm(packet)))
-#define pkt_x_date(packet) (char *) \
- (packet->dat+10+strlen((char *)pkt_a_name(packet)) + \
- strlen((char *)pkt_a_inst(packet)) + \
- strlen((char *)pkt_a_realm(packet)))
-#define pkt_err_code(packet) ( (char *) \
- (packet->dat+9+strlen((char *)pkt_a_name(packet)) + \
- strlen((char *)pkt_a_inst(packet)) + \
- strlen((char *)pkt_a_realm(packet))))
-#define pkt_err_text(packet) \
- (packet->dat+13+strlen((char *)pkt_a_name(packet)) + \
- strlen((char *)pkt_a_inst(packet)) + \
- strlen((char *)pkt_a_realm(packet)))
-
-/*
- * This remains here for the KDC to use for now, but will go away
- * soon.
- */
-
-#define swap_u_long(x) {\
- unsigned KRB4_32 _krb_swap_tmp[4];\
- swab((char *) &x, ((char *) _krb_swap_tmp) +2 ,2); \
- swab(((char *) &x) +2,((char *) _krb_swap_tmp),2); \
- x = _krb_swap_tmp[0]; \
- }
-
-/*
- * New byte swapping routines, much cleaner.
- *
- * Should also go away soon though.
- */
-#include "k5-platform.h"
-
-#ifdef SWAP16
-#define krb4_swab16(val) SWAP16(val)
-#else
-#define krb4_swab16(val) ((((val) >> 8)&0xFF) | ((val) << 8))
-#endif
-#ifdef SWAP32
-#define krb4_swap32(val) SWAP32(val)
-#else
-#define krb4_swab32(val) ((((val)>>24)&0xFF) | (((val)>>8)&0xFF00) | \
- (((val)<<8)&0xFF0000) | ((val)<<24))
-#endif
-
-/*
- * Macros to encode integers into buffers. These take a parameter
- * that is a moving pointer of type (unsigned char *) into the buffer,
- * and assume that the caller has already bounds-checked.
- */
-#define KRB4_PUT32BE(p, val) (store_32_be(val, p), (p) += 4)
-#define KRB4_PUT32LE(p, val) (store_32_le(val, p), (p) += 4)
-#define KRB4_PUT32(p, val, le) \
-do { \
- if (le) \
- KRB4_PUT32LE((p), (val)); \
- else \
- KRB4_PUT32BE((p), (val)); \
-} while (0)
-
-#define KRB4_PUT16BE(p, val) (store_16_be(val, p), (p) += 2)
-#define KRB4_PUT16LE(p, val) (store_16_le(val, p), (p) += 2)
-#define KRB4_PUT16(p, val, le) \
-do { \
- if (le) \
- KRB4_PUT16LE((p), (val)); \
- else \
- KRB4_PUT16BE((p), (val)); \
-} while (0)
-
-/*
- * Macros to get integers from a buffer. These take a parameter that
- * is a moving pointer of type (unsigned char *) into the buffer, and
- * assume that the caller has already bounds-checked. In addition,
- * they assume that val is an unsigned type; ANSI leaves the semantics
- * of unsigned -> signed conversion as implementation-defined, so it's
- * unwise to depend on such.
- */
-#define KRB4_GET32BE(val, p) ((val) = load_32_be(p), (p) += 4)
-#define KRB4_GET32LE(val, p) ((val) = load_32_le(p), (p) += 4)
-#define KRB4_GET32(val, p, le) \
-do { \
- if (le) \
- KRB4_GET32LE((val), (p)); \
- else \
- KRB4_GET32BE((val), (p)); \
-} while (0)
-
-#define KRB4_GET16BE(val, p) ((val) = load_16_be(p), (p) += 2)
-#define KRB4_GET16LE(val, p) ((val) = load_16_le(p), (p) += 2)
-#define KRB4_GET16(val, p, le) \
-do { \
- if (le) \
- KRB4_GET16LE((val), (p)); \
- else \
- KRB4_GET16BE((val), (p)); \
-} while (0)
-
-/* Routines to create and read packets may be found in prot.c */
-
-KTEXT create_auth_reply(char *, char *, char *, long, int,
- unsigned long, int, KTEXT);
-KTEXT create_death_packet(char *);
-KTEXT pkt_cipher(KTEXT);
-
-/* getst.c */
-int krb4int_getst(int, char *, int);
-
-/* strnlen.c */
-extern int KRB5_CALLCONV krb4int_strnlen(const char *, int);
-
-/* prot_client.c */
-extern int KRB5_CALLCONV krb4prot_encode_kdc_request(
- char *, char *, char *,
- KRB4_32, int,
- char *, char *,
- char *, int, int, int,
- KTEXT);
-extern int KRB5_CALLCONV krb4prot_decode_kdc_reply(
- KTEXT,
- int *,
- char *, char *, char *,
- long *, int *, unsigned long *, int *, KTEXT);
-extern int KRB5_CALLCONV krb4prot_decode_ciph(
- KTEXT, int,
- C_Block,
- char *, char *, char *,
- int *, int *, KTEXT, unsigned long *);
-extern int KRB5_CALLCONV krb4prot_encode_apreq(
- int, char *,
- KTEXT, KTEXT,
- int, int, KTEXT);
-extern int KRB5_CALLCONV krb4prot_encode_authent(
- char *, char *, char *,
- KRB4_32,
- int, long,
- int, int le,
- KTEXT pkt);
-extern int KRB5_CALLCONV krb4prot_decode_error(
- KTEXT, int *,
- char *, char *, char *,
- unsigned long *, unsigned long *, char *);
-
-/* prot_common.c */
-extern int KRB5_CALLCONV krb4prot_encode_naminstrlm(
- char *, char *, char *,
- int, KTEXT, unsigned char **);
-extern int KRB5_CALLCONV krb4prot_decode_naminstrlm(
- KTEXT, unsigned char **,
- char *, char *, char *);
-extern int KRB5_CALLCONV krb4prot_decode_header(
- KTEXT, int *, int *, int *);
-
-/* prot_kdc.c */
-extern int KRB5_CALLCONV krb4prot_encode_kdc_reply(
- char *, char *, char *,
- long, int, unsigned long,
- int, KTEXT, int, int, KTEXT);
-extern int KRB5_CALLCONV krb4prot_encode_ciph(
- C_Block,
- char *, char *, char *,
- unsigned long, int, KTEXT, unsigned long,
- int, int, KTEXT);
-extern int KRB5_CALLCONV krb4prot_encode_tkt(
- unsigned int,
- char *, char *, char *,
- unsigned long,
- char *, int, long,
- char *, char *,
- int, int, KTEXT tkt);
-extern int KRB5_CALLCONV krb4prot_encode_err_reply(
- char *, char *, char *,
- unsigned long, unsigned long, char *,
- int, int, KTEXT);
-extern int KRB5_CALLCONV krb4prot_decode_kdc_request(
- KTEXT,
- int *, char *, char *, char *,
- long *, int *, char *sname, char *sinst);
-
-/* Message types , always leave lsb for byte order */
-
-#define AUTH_MSG_KDC_REQUEST 1<<1
-#define AUTH_MSG_KDC_REPLY 2<<1
-#define AUTH_MSG_APPL_REQUEST 3<<1
-#define AUTH_MSG_APPL_REQUEST_MUTUAL 4<<1
-#define AUTH_MSG_ERR_REPLY 5<<1
-#define AUTH_MSG_PRIVATE 6<<1
-#define AUTH_MSG_SAFE 7<<1
-#define AUTH_MSG_APPL_ERR 8<<1
-#define AUTH_MSG_DIE 63<<1
-
-/* values for kerb error codes */
-
-#define KERB_ERR_OK 0
-#define KERB_ERR_NAME_EXP 1
-#define KERB_ERR_SERVICE_EXP 2
-#define KERB_ERR_AUTH_EXP 3
-#define KERB_ERR_PKT_VER 4
-#define KERB_ERR_NAME_MAST_KEY_VER 5
-#define KERB_ERR_SERV_MAST_KEY_VER 6
-#define KERB_ERR_BYTE_ORDER 7
-#define KERB_ERR_PRINCIPAL_UNKNOWN 8
-#define KERB_ERR_PRINCIPAL_NOT_UNIQUE 9
-#define KERB_ERR_NULL_KEY 10
-/* Cygnus extensions for Preauthentication */
-#define KERB_ERR_PREAUTH_SHORT 11
-#define KERB_ERR_PREAUTH_MISMATCH 12
-
-/* Return codes from krb4prot_ encoders/decoders */
-
-#define KRB4PROT_OK 0
-#define KRB4PROT_ERR_UNDERRUN 1
-#define KRB4PROT_ERR_OVERRUN 2
-#define KRB4PROT_ERR_PROT_VERS 3
-#define KRB4PROT_ERR_MSG_TYPE 4
-#define KRB4PROT_ERR_GENERIC 255
-
-#endif /* PROT_DEFS */
myfulldir=kadmin/dbutil
mydir=kadmin/dbutil
BUILDTOP=$(REL)..$(S)..
-DEFINES = -DKDB4_DISABLE
DEFS=
-LOCALINCLUDES = -I. @KRB4_INCLUDES@
-PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH)
+LOCALINCLUDES = -I.
+PROG_LIBPATH=-L$(TOPLIBD) $(KRB5_LIBPATH)
PROG_RPATH=$(KRB5_LIBDIR)
KDB_DEP_LIB=$(DL_LIB) $(THREAD_LINKOPTS)
all:: $(PROG)
-$(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB4COMPAT_DEPLIBS)
- $(CC_LINK) -o $(PROG) $(OBJS) $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB4COMPAT_LIBS)
+$(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o $(PROG) $(OBJS) $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS)
import_err.c import_err.h: $(srcdir)/import_err.et
.in +.5i
krb5 Kerberos 5 application
gssapi GSSAPI application with Kerberos 5 bindings
-krb4 Kerberos 4 application
kadm-client Kadmin client
kadm-server Kadmin server
kdb Application that accesses the kerberos database
includedir=@includedir@
libdir=@libdir@
CC_LINK='@CC_LINK@'
-KRB4_LIB=@KRB4_LIB@
-DES425_LIB=@DES425_LIB@
KDB5_DB_LIB=@KDB5_DB_LIB@
LDFLAGS='@LDFLAGS@'
RPATH_FLAG='@RPATH_FLAG@'
gssapi)
library=gssapi
;;
- krb4)
- library=krb4
- ;;
kadm-client)
library=kadm_client
;;
echo "Libraries:"
echo " krb5 Kerberos 5 application"
echo " gssapi GSSAPI application with Kerberos 5 bindings"
- echo " krb4 Kerberos 4 application"
echo " kadm-client Kadmin client"
echo " kadm-server Kadmin server"
echo " kdb Application that accesses the kerberos database"
library=krb5
fi
- if test $library = 'krb4'; then
- lib_flags="$lib_flags $KRB4_LIB $DES425_LIB"
- library=krb5
- fi
-
if test $library = 'krb5'; then
lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err $GEN_LIB $LIBS $DL_LIB"
fi
+++ /dev/null
-thisconfigdir=..
-myfulldir=krb524
-mydir=krb524
-BUILDTOP=$(REL)..
-KDB_DEP_LIB=$(DL_LIB) $(THREAD_LINKOPTS)
-DEFS=
-
-# Copyright 1994 by OpenVision Technologies, Inc.
-#
-# Permission to use, copy, modify, distribute, and sell this software
-# and its documentation for any purpose is hereby granted without fee,
-# provided that the above copyright notice appears in all copies and
-# that both that copyright notice and this permission notice appear in
-# supporting documentation, and that the name of OpenVision not be used
-# in advertising or publicity pertaining to distribution of the software
-# without specific, written prior permission. OpenVision makes no
-# representations about the suitability of this software for any
-# purpose. It is provided "as is" without express or implied warranty.
-#
-# OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
-# INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
-# EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
-# CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
-# USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
-# OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-# PERFORMANCE OF THIS SOFTWARE.
-#
-
-DEFINES = -DUSE_MASTER -DKRB524_PRIVATE=1
-PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH)
-PROG_RPATH=$(KRB5_LIBDIR)
-
-##WIN32##!if ("$(CPU)" == "i386") && defined(USE_ALTERNATE_KRB4_INCLUDES)
-##WIN32##KRB4_INCLUDES=-I$(USE_ALTERNATE_KRB4_INCLUDES)
-##WIN32##!endif
-
-##WIN32##!if ("$(CPU)" == "i386") && defined(USE_ALTERNATE_KRB4_LIB)
-##WIN32##K4LIB=$(USE_ALTERNATE_KRB4_LIB)
-##WIN32##!endif
-
-K524EXE = $(OUTPRE)k524init.exe
-K524LIB = $(OUTPRE)krb524.lib
-K524DEP = $(K524LIB)
-K524DEF = krb524.def
-WINLIBS = kernel32.lib ws2_32.lib user32.lib shell32.lib oldnames.lib \
- version.lib advapi32.lib gdi32.lib
-
-LOCALINCLUDES= $(KRB4_INCLUDES) -I. -I$(srcdir)
-
-# Library sources
-SRCS = \
- $(srcdir)/cnv_tkt_skey.c \
- $(srcdir)/libinit.c \
- $(srcdir)/krb524.c
-
-EXTRADEPSRCS = \
- $(srcdir)/test.c \
- $(srcdir)/k524init.c \
- $(srcdir)/krb524d.c
-
-##WIN32##!ifdef KRB524_STATIC_HACK
-##WIN32##LPREFIX=..\lib
-##WIN32##K5_GLUE=$(LPREFIX)\$(OUTPRE)k5_glue.obj
-##WIN32##KLIBS = $(LPREFIX)\krb5\$(OUTPRE)krb5.lib \
-##WIN32## $(LPREFIX)\crypto\$(OUTPRE)crypto.lib \
-##WIN32## $(BUILDTOP)\util\profile\$(OUTPRE)profile.lib \
-##WIN32## $(LPREFIX)\des425\$(OUTPRE)des425.lib
-##WIN32##KLIB=$(KLIBS) $(DNSLIBS) $(K5_GLUE) $(CLIB)
-##WIN32##STLIBOBJS=$(STLIBOBJS:libinit=globals)
-##WIN32##K524DEP=$(STLIBOBJS)
-##WIN32##!endif
-
-##WIN32##VERSIONRC = $(BUILDTOP)\windows\version.rc
-##WIN32##RCFLAGS=$(CPPFLAGS) -I$(SRCTOP) -D_WIN32 -DRES_ONLY
-
-##WIN32##EXERES=$(K524EXE:.exe=.res)
-##WIN32##LIBRES=$(K524LIB:.lib=.res)
-
-##WIN32##$(EXERES): $(VERSIONRC)
-##WIN32## $(RC) $(RCFLAGS) -DKRB524_INIT -fo $@ -r $**
-##WIN32##$(LIBRES): $(VERSIONRC)
-##WIN32## $(RC) $(RCFLAGS) -DKRB524_LIB -fo $@ -r $**
-
-all-unix:: krb524d krb524test k524init
-
-##WIN32##all-windows:: $(K524EXE) $(K524LIB)
-
-krb524test: test.o $(KRB5_DEPLIB) $(KRB4COMPAT_DEPLIBS)
- $(CC_LINK) -o krb524test test.o $(KRB5_LIB) $(KRB4COMPAT_LIBS)
-
-SERVER_OBJS= krb524d.o cnv_tkt_skey.o
-CLIENT_OBJS= $(OUTPRE)k524init.$(OBJEXT)
-
-krb524d: $(SERVER_OBJS) $(KADMSRV_DEPLIBS) $(KRB5_DEPLIB) $(KRB4COMPAT_DEPLIBS) $(APPUTILS_DEPLIB)
- $(CC_LINK) -o krb524d $(SERVER_OBJS) $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_LIB) $(KRB4COMPAT_LIBS) $(APPUTILS_LIB)
-
-k524init: $(CLIENT_OBJS) $(KRB5_DEPLIB) $(KRB4COMPAT_DEPLIBS)
- $(CC_LINK) -o k524init $(CLIENT_OBJS) $(KRB5_LIB) $(KRB4COMPAT_LIBS)
-
-##WIN32##$(K524LIB): $(OUTPRE)krb524.$(OBJEXT) $(OUTPRE)libinit.$(OBJEXT) $(KLIB) $(CLIB) $(LIBRES)
-##WIN32## link $(DLL_LINKOPTS) -def:$(K524DEF) -out:$*.dll $** $(WINLIBS)
-##WIN32## $(_VC_MANIFEST_EMBED_DLL)
-
-##WIN32##$(K524EXE): $(OUTPRE)k524init.$(OBJEXT) $(KLIB) $(K4LIB) $(CLIB) $(EXERES) $(BUILDTOP)\util\windows\$(OUTPRE)getopt.lib
-##WIN32## link $(EXE_LINKOPTS) -out:$@ $** $(WINLIBS) $(SCLIB)
-##WIN32## $(_VC_MANIFEST_EMBED_EXE)
-
-install-unix::
- $(INSTALL_PROGRAM) krb524d $(DESTDIR)$(SERVER_BINDIR)/krb524d
- $(INSTALL_PROGRAM) k524init $(DESTDIR)$(CLIENT_BINDIR)/krb524init
- $(INSTALL_DATA) $(srcdir)/krb524d.M $(DESTDIR)$(SERVER_MANDIR)/krb524d.8
- $(INSTALL_DATA) $(srcdir)/k524init.M \
- $(DESTDIR)$(CLIENT_MANDIR)/krb524init.1
-
-clean-unix::
- $(RM) $(OBJS) core *~ *.bak #*
- $(RM) krb524test krb524d k524init test.o $(CLIENT_OBJS) $(SERVER_OBJS)
-
-
-# +++ Dependency line eater +++
-#
-# Makefile dependencies follow. This must be the last section in
-# the Makefile.in file
-#
-$(OUTPRE)cnv_tkt_skey.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \
- $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
- $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
- $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h cnv_tkt_skey.c krb524d.h
-$(OUTPRE)libinit.$(OBJEXT): libinit.c
-$(OUTPRE)krb524.$(OBJEXT): krb524.c
-$(OUTPRE)test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \
- $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
- $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
- $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h test.c
-$(OUTPRE)k524init.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \
- $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
- $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
- $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h k524init.c
-$(OUTPRE)krb524d.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
- $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
- $(BUILDTOP)/include/kadm5/kadm_err.h $(KRB_ERR_H_DEP) \
- $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \
- $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
- $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
- $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
- $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
- $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
- $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
- $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h krb524d.c krb524d.h
+++ /dev/null
-Copyright 1994 by OpenVision Technologies, Inc.
-
-Permission to use, copy, modify, distribute, and sell this software
-and its documentation for any purpose is hereby granted without fee,
-provided that the above copyright notice appears in all copies and
-that both that copyright notice and this permission notice appear in
-supporting documentation, and that the name of OpenVision not be used
-in advertising or publicity pertaining to distribution of the software
-without specific, written prior permission. OpenVision makes no
-representations about the suitability of this software for any
-purpose. It is provided "as is" without express or implied warranty.
-
-OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
-INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
-EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
-CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
-USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
-OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-PERFORMANCE OF THIS SOFTWARE.
-
-
-Kerberos V5 to Kerberos V4 Credentials Converting Service, ALPHA RELEASE
-========================================================================
-
-krb524 is a service that converts Kerberos V5 credentials into
-Kerberos V4 credentials suitable for use with applications that for
-whatever reason do not use V5 directly. The service consists of a
-server that has access to the secret key of the Kerberos service for
-which credentials will be converted, and a library for use by client
-programs that wish to use the server.
-
-The protocol is simple. Suppose that a client C wishes to obtain V4
-credentials for a V5 service S by using the krb524 server. The
-notation {C,S}_n represents a Vn service ticket for S for use by C.
-
-(1) C obtains V5 credentials, including a ticket {C,S}_5, for S by the
-normal V5 means.
-
-(2) C transmits {C,S}_5 to KRB524.
-
-(3) KRB524 converts {C,S}_5 into {C,S}_4.
-
-(4) KRB524 transmits {C,S}_4 to C.
-
-(5) C creates a V4 credentials strucuture from the plaintext
-information in the V5 credential and {C,S}_4.
-
-Steps (2) through (4) are encapsulated in a single function call in
-the krb524 library.
-
-An alternate conversion is provided for AFS servers that support the
-encrypted part of a krb5 ticket as an AFS token. If the krb524d is
-converting a principal whose first component is afs and if the
-encrypted part of the ticket fits in 344 bytes, then it will default
-to simply returning the encrypted part of the ticket as a token. If
-it turns out that the AFS server does not support the ticket, then
-users will get an unknown key version error and the krb524d must be
-configured to use v4 tickets for this AFS service.
-
-
-Obviously, not all V5 credentials can be completely converted to V4
-credentials, since the former is a superset of the latter. The
-precise semantics of the conversion function are still undecided.
-UTSL.
-
-Programs contained in this release
-======================================================================
-
-krb524d [-m[aster]] [-k[eytab]]
-
-The krb524 server. It accepts UDP requests on the krb524 service
-port, specified in /etc/services, or on port 4444 by default. (A
-request for an official port assignment is underway.) The -m argument
-causes krb524d to access the KDC master database directly; the -k
-argument causes krb524d to use the default keytab (and therefore only
-be able to convert tickets for services in the keytab). Only one of
--m or -k can be specified.
-
-test -remote server client service
-
-A test program that obtains a V5 credential for {client,service},
-converts it to a V4 credential, and prints out the entire contents of
-both versions. It prompts for service's secret key, which it needs to
-decrypt both tickets in order to print them out. Enter it as an eight
-digit ASCII hex number.
-
-k524init [-n] [-p principal]
-
-Convert a V5 credential into a V4 credential and store it in a V4
-ticket file. The client is 'principal', or krbtgt at the V5 ccache's
-default principal's realm if not specified. The -n argument causes
-the new ticket to be added to the existing ticket file; otherwise, the
-ticket file is initialized.
-
-Configuring krb524d AFS Conversion
-======================================================================
-
-The krb524d looks in the appdefaults section of krb5.conf for an
-application called afs_krb5 to determine whether afs principals
-support encrypted ticket parts as tokens. The following configuration
-fragment says that afs/sipb.mit.edu@ATHENA.MIT.EDU supports the new
-token format but afs@ATHENA.MIT.EDU and
-afs/athena.mit.edu@ATHENA.MIT.EDU do not. Note that the default is to
-assume afs servers support the new format.
-
-[appdefaults]
-afs_krb5 = {
- ATHENA.MIT.EDU = {
- # This stanza describes principals in the
- #ATHENA.MIT.EDU realm
- afs = false
- afs/athena.mit.edu = false
- afs/sipb.mit.edu = true
- }
-}
-
-
-Using libkrb524.a
-======================================================================
-
-To use libkrb524.a, #include "krb524.h", link against libkrb524.a,
-call krb524_init_ets() at the beginning of your program, and call one
-of the following two functions:
-
-int krb524_convert_creds_addr(krb5_creds *v5creds, CREDENTIALS *v4creds,
- struct sockaddr *saddr)
-
-int krb524_convert_creds_kdc(krb5_creds *v5creds, CREDENTIALS *v4creds)
-
-Both convert the V5 credential in v5creds into a V4 credential in
-v4creds. One assumes krb524d is running on the KDC, the other uses an
-explicit host. You only need to specify the address for saddr; the
-port is filled in automatically.
-
-Unresolved issues / Bugs
-======================================================================
-
-o krb524d requires access to the secret key of any service to be
-converted. Should krb524d run on the KDC or on individual server
-machines? The latter is more paranoid, since it prevents bugs in
-krb524d from provided unauthorized access to the master database.
-However, it also requires the client to provide the address of the
-server to be used. The client will usually have this information
-(since presumably it will be sending the converted V4 credentials to
-the same server) but it may not be in a convenient form. It seems
-"cleaner" to have krb524d run on the KDC.
-
-o Even if krb524d uses keytabs on server machines, it needs to be more
-flexible. You only want to run one krb524d per host, so it has to be
-able to scan multiple keytabs. This might get logistically messy.
-
-o This code is of alpha quality. Bugs, omissions, memory leaks, and
-perhaps security holes still remain. Do not use it (yet) in a
-production environment.
+++ /dev/null
-/*
- * Copyright 2003 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-/*
- * Copyright 1994 by OpenVision Technologies, Inc.
- *
- * Permission to use, copy, modify, distribute, and sell this software
- * and its documentation for any purpose is hereby granted without fee,
- * provided that the above copyright notice appears in all copies and
- * that both that copyright notice and this permission notice appear in
- * supporting documentation, and that the name of OpenVision not be used
- * in advertising or publicity pertaining to distribution of the software
- * without specific, written prior permission. OpenVision makes no
- * representations about the suitability of this software for any
- * purpose. It is provided "as is" without express or implied warranty.
- *
- * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
- * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
- * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
- * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
- * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "k5-int.h" /* we need krb5_context::clockskew */
-#include <stdio.h>
-#include <sys/types.h>
-
-#ifdef _WIN32
-#include "port-sockets.h"
-#else
-#include <sys/time.h>
-#include <netinet/in.h>
-#endif
-#include <krb.h>
-#include "krb524d.h"
-
-static int krb524d_debug = 0;
-
-static int
-krb524_convert_princs(context, client, server, pname, pinst, prealm,
- sname, sinst, srealm)
- krb5_context context;
- krb5_principal client, server;
- char *pname, *pinst, *prealm, *sname, *sinst, *srealm;
-{
- int ret;
-
- if ((ret = krb5_524_conv_principal(context, client, pname, pinst,
- prealm)))
- return ret;
-
- return krb5_524_conv_principal(context, server, sname, sinst, srealm);
-}
-/*
- * Convert a v5 ticket for server to a v4 ticket, using service key
- * skey for both.
- */
-int krb524_convert_tkt_skey(context, v5tkt, v4tkt, v5_skey, v4_skey,
- saddr)
- krb5_context context;
- krb5_ticket *v5tkt;
- KTEXT_ST *v4tkt;
- krb5_keyblock *v5_skey, *v4_skey;
- struct sockaddr_in *saddr;
-{
- char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ];
- char sname[ANAME_SZ], sinst[INST_SZ], srealm[REALM_SZ];
- krb5_enc_tkt_part *v5etkt;
- int ret, lifetime, v4endtime;
- krb5_timestamp server_time;
- struct sockaddr_in *sinp = (struct sockaddr_in *)saddr;
- krb5_address kaddr;
-
- v5tkt->enc_part2 = NULL;
- if ((ret = krb5_decrypt_tkt_part(context, v5_skey, v5tkt))) {
- return ret;
- }
- v5etkt = v5tkt->enc_part2;
-
- if (v5etkt->transited.tr_contents.length != 0) {
- /* Some intermediate realms transited -- do we accept them?
-
- Simple answer: No.
-
- More complicated answer: Check our local config file to
- see if the path is correct, and base the answer on that.
- This denies the krb4 application server any ability to do
- its own validation as krb5 servers can.
-
- Fast answer: Not right now. */
- krb5_free_enc_tkt_part(context, v5etkt);
- v5tkt->enc_part2 = NULL;
- return KRB5KRB_AP_ERR_ILL_CR_TKT;
- }
- /* We could also encounter a case where luser@R1 gets a ticket
- for krbtgt/R3@R2, and then tries to convert it. But the
- converted ticket would be one the v4 KDC code should reject
- anyways. So we don't need to worry about it here. */
-
- if ((ret = krb524_convert_princs(context, v5etkt->client, v5tkt->server,
- pname, pinst, prealm, sname,
- sinst, srealm))) {
- krb5_free_enc_tkt_part(context, v5etkt);
- v5tkt->enc_part2 = NULL;
- return ret;
- }
- if ((v5etkt->session->enctype != ENCTYPE_DES_CBC_CRC &&
- v5etkt->session->enctype != ENCTYPE_DES_CBC_MD4 &&
- v5etkt->session->enctype != ENCTYPE_DES_CBC_MD5) ||
- v5etkt->session->length != sizeof(C_Block)) {
- if (krb524d_debug)
- fprintf(stderr, "v5 session keyblock type %d length %d != C_Block size %d\n",
- v5etkt->session->enctype,
- v5etkt->session->length,
- (int) sizeof(C_Block));
- krb5_free_enc_tkt_part(context, v5etkt);
- v5tkt->enc_part2 = NULL;
- return KRB524_BADKEY;
- }
-
- /* V4 has no concept of authtime or renew_till, so ignore them */
- if (v5etkt->times.starttime == 0)
- v5etkt->times.starttime = v5etkt->times.authtime;
- /* rather than apply fit an extended v5 lifetime into a v4 range,
- give out a v4 ticket with as much of the v5 lifetime is available
- "now" instead. */
- if ((ret = krb5_timeofday(context, &server_time))) {
- if (krb524d_debug)
- fprintf(stderr, "krb5_timeofday failed!\n");
- krb5_free_enc_tkt_part(context, v5etkt);
- v5tkt->enc_part2 = NULL;
- return ret;
- }
- if ((server_time + context->clockskew >= v5etkt->times.starttime)
- && (server_time - context->clockskew <= v5etkt->times.endtime)) {
- lifetime = krb_time_to_life(server_time, v5etkt->times.endtime);
- v4endtime = krb_life_to_time(server_time, lifetime);
- /*
- * Adjust start time backwards if the lifetime value
- * returned by krb_time_to_life() maps to a longer lifetime
- * than that of the original krb5 ticket.
- */
- if (v4endtime > v5etkt->times.endtime)
- server_time -= v4endtime - v5etkt->times.endtime;
- } else {
- if (krb524d_debug)
- fprintf(stderr, "v5 ticket time out of bounds\n");
- krb5_free_enc_tkt_part(context, v5etkt);
- v5tkt->enc_part2 = NULL;
- if (server_time+context->clockskew < v5etkt->times.starttime)
- return KRB5KRB_AP_ERR_TKT_NYV;
- else if (server_time-context->clockskew > v5etkt->times.endtime)
- return KRB5KRB_AP_ERR_TKT_EXPIRED;
- else /* shouldn't happen, but just in case... */
- return KRB5KRB_AP_ERR_TKT_NYV;
- }
-
- kaddr.addrtype = ADDRTYPE_INET;
- kaddr.length = sizeof(sinp->sin_addr);
- kaddr.contents = (krb5_octet *)&sinp->sin_addr;
-
- if (!krb5_address_search(context, &kaddr, v5etkt->caddrs)) {
- if (krb524d_debug)
- fprintf(stderr, "Invalid v5creds address information.\n");
- krb5_free_enc_tkt_part(context, v5etkt);
- v5tkt->enc_part2 = NULL;
- return KRB524_BADADDR;
- }
-
- if (krb524d_debug)
- printf("startime = %ld, authtime = %ld, lifetime = %ld\n",
- (long) v5etkt->times.starttime,
- (long) v5etkt->times.authtime,
- (long) lifetime);
-
- /* XXX are there V5 flags we should map to V4 equivalents? */
- if (v4_skey->enctype == ENCTYPE_DES_CBC_CRC) {
- ret = krb_create_ticket(v4tkt,
- 0, /* flags */
- pname,
- pinst,
- prealm,
- sinp->sin_addr.s_addr,
- (char *) v5etkt->session->contents,
- lifetime,
- /* issue_data */
- server_time,
- sname,
- sinst,
- v4_skey->contents);
- }
- else abort();
- krb5_free_enc_tkt_part(context, v5etkt);
- v5tkt->enc_part2 = NULL;
- if (ret == KSUCCESS)
- return 0;
- else
- return KRB524_V4ERR;
-}
+++ /dev/null
-.\" krb524/k524init.M
-.\"
-.\" Copyright 2005 by the Massachusetts Institute of Technology.
-.\"
-.\" Export of this software from the United States of America may
-.\" require a specific license from the United States Government.
-.\" It is the responsibility of any person or organization contemplating
-.\" export to obtain such a license before exporting.
-.\"
-.\" WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-.\" distribute this software and its documentation for any purpose and
-.\" without fee is hereby granted, provided that the above copyright
-.\" notice appear in all copies and that both that copyright notice and
-.\" this permission notice appear in supporting documentation, and that
-.\" the name of M.I.T. not be used in advertising or publicity pertaining
-.\" to distribution of the software without specific, written prior
-.\" permission. Furthermore if you modify this software you must label
-.\" your software as modified software and not distribute it in such a
-.\" fashion that it might be confused with the original M.I.T. software.
-.\" M.I.T. makes no representations about the suitability of
-.\" this software for any purpose. It is provided "as is" without express
-.\" or implied warranty.
-.\" "
-.TH KRB524INIT 1
-.SH NAME
-krb524init \- Obtain Kerberos V4 tickets from Kerberos V5 tickets
-.SH SYNOPSIS
-\fBkrb524init\fP [\fB\-n\fP] [\fB\-p\fP \fIprincipal\fP]
-.SH DESCRIPTION
-.I krb524init
-converts a V5 credential to a V4 credential by querying a remote krb524d
-server and stores it in a V4 ticket cache. The credential is
-.I principal
-or "krbtgt" at the V5 ticket cache's default principal's realm if not
-specified.
-.SH OPTIONS
-.TP
-.B \-n
-By default, the V4 ticket cache is initialized. If this option is given,
-the converted credential is instead added to the existing ticket cache.
-.TP
-\fB\-p\fP \fIprincipal\fP
-Convert
-.I principal
-rather than krbtgt.
-.SH SEE ALSO
-kinit(1), krb524d(8)
+++ /dev/null
-/*
- * Copyright 1994 by OpenVision Technologies, Inc.
- *
- * Permission to use, copy, modify, distribute, and sell this software
- * and its documentation for any purpose is hereby granted without fee,
- * provided that the above copyright notice appears in all copies and
- * that both that copyright notice and this permission notice appear in
- * supporting documentation, and that the name of OpenVision not be used
- * in advertising or publicity pertaining to distribution of the software
- * without specific, written prior permission. OpenVision makes no
- * representations about the suitability of this software for any
- * purpose. It is provided "as is" without express or implied warranty.
- *
- * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
- * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
- * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
- * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
- * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "autoconf.h"
-#include "k5-int.h" /* for data_eq */
-#include <krb5.h>
-#include "com_err.h"
-
-#include <stdio.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include <string.h>
-#include <signal.h>
-#include <sys/types.h>
-#ifndef _WIN32
-#include <sys/time.h>
-#include <sys/signal.h>
-#include <netinet/in.h>
-#endif
-
-#include <krb.h>
-
-extern int optind;
-extern char *optarg;
-char *prog = "k524init";
-
-int main(argc, argv)
- int argc;
- char **argv;
-{
- krb5_principal client, server;
- krb5_ccache cc;
- krb5_creds increds, *v5creds;
- CREDENTIALS v4creds;
- int code;
- int option;
- char *princ = NULL;
- int nodelete = 0;
- int lose = 0;
- krb5_context context;
- krb5_error_code retval;
-
- if (argv[0]) {
- prog = strrchr (argv[0], '/');
- if (prog)
- prog++;
- else
- prog = argv[0];
- }
-
- retval = krb5_init_context(&context);
- if (retval) {
- com_err(prog, retval, "while initializing krb5");
- exit(1);
- }
-
- while(((option = getopt(argc, argv, "p:n")) != -1)) {
- switch(option) {
- case 'p':
- princ = optarg;
- break;
- case 'n':
- nodelete++;
- break;
- default:
- lose++;
- break;
- }
- }
-
- if (lose || (argc - optind > 1)) {
- fprintf(stderr, "Usage: %s [-p principal] [-n]\n", prog);
- exit(1);
- }
-
- if ((code = krb5_cc_default(context, &cc))) {
- com_err(prog, code, "opening default credentials cache");
- exit(1);
- }
-
- if ((code = krb5_cc_get_principal(context, cc, &client))) {
- com_err(prog, code, "while retrieving user principal name");
- exit(1);
- }
-
- if (princ) {
- if ((code = krb5_parse_name(context, princ, &server))) {
- com_err(prog, code, "while parsing service principal name");
- exit(1);
- }
- } else {
- if ((code = krb5_build_principal(context, &server,
- krb5_princ_realm(context, client)->length,
- krb5_princ_realm(context, client)->data,
- "krbtgt",
- krb5_princ_realm(context, client)->data,
- NULL))) {
- com_err(prog, code, "while creating service principal name");
- exit(1);
- }
- }
-
- if (!nodelete) {
- krb5_data *crealm = krb5_princ_realm (context, client);
- krb5_data *srealm = krb5_princ_realm (context, server);
- if (!data_eq(*crealm, *srealm)) {
- /* Since krb4 ticket files don't store the realm name
- separately, and the client realm is assumed to be the
- realm of the first ticket, let's not store an initial
- ticket with the wrong realm name, since it'll confuse
- other programs. */
- fprintf (stderr,
- "%s: Client and server principals' realm names are different;\n"
- "\tbecause of limitations in the krb4 ticket file implementation,\n"
- "\tthis doesn't work for an initial ticket. Try `%s -n'\n"
- "\tif you already have other krb4 tickets, or convert the\n"
- "\tticket-granting ticket from your home realm.\n",
- prog, prog);
- exit (1);
- }
- }
-
- memset((char *) &increds, 0, sizeof(increds));
- increds.client = client;
- increds.server = server;
- increds.times.endtime = 0;
- increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC;
- if ((code = krb5_get_credentials(context, 0, cc, &increds, &v5creds))) {
- com_err(prog, code, "getting V5 credentials");
- exit(1);
- }
-
- if ((code = krb5_524_convert_creds(context, v5creds, &v4creds))) {
- com_err(prog, code, "converting to V4 credentials");
- exit(1);
- }
-
- /* this is stolen from the v4 kinit */
-
- if (!nodelete) {
- /* initialize ticket cache */
- code = krb_in_tkt(v4creds.pname,v4creds.pinst,v4creds.realm);
- if (code != KSUCCESS) {
- fprintf (stderr, "%s: %s trying to create the V4 ticket file",
- prog, krb_get_err_text (code));
- exit(1);
- }
- }
-
- /* stash ticket, session key, etc. for future use */
- /* This routine does *NOT* return one of the usual com_err codes. */
- if ((code = krb_save_credentials(v4creds.service, v4creds.instance,
- v4creds.realm, v4creds.session,
- v4creds.lifetime, v4creds.kvno,
- &(v4creds.ticket_st),
- v4creds.issue_date))) {
- fprintf (stderr, "%s: %s trying to save the V4 ticket\n",
- prog, krb_get_err_text (code));
- exit(1);
- }
-
- exit(0);
-}
+++ /dev/null
-/*
- * Copyright (C) 2003 by the Massachusetts Institute of Technology.
- * All rights reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#ifdef _WIN32
-#include "krb5.h"
-
-#ifdef krb524_convert_creds_kdc
-#undef krb524_convert_creds_kdc
-#endif
-#ifdef krb524_init_ets
-#undef krb524_init_ets
-#endif
-
-int KRB5_CALLCONV_WRONG
-krb524_convert_creds_kdc(krb5_context context, krb5_creds *v5creds, struct credentials *v4creds)
-{
- return(krb5_524_convert_creds(context,v5creds,v4creds));
-}
-
-void KRB5_CALLCONV_WRONG
-krb524_init_ets(krb5_context context)
-{
- /* no-op */
-}
-#endif /* _WIN32 */
+++ /dev/null
-;----------------------------------------------------
-; KRB524.DEF - KRB524.DLL module definition file
-;----------------------------------------------------
-
-; ****************************************************************************
-; Do not add any function to this file until you make sure the calling
-; convention for the exported function is KRB5_CALLCONV
-; ****************************************************************************
-
-
-EXPORTS
- krb524_convert_creds_kdc @1
- krb524_init_ets @2
+++ /dev/null
-Protocol:
-
- -> ASN.1 encoded V5 ticket
- <- int status_code, [int kvno, encode_v4tkt encoded KTEXT_ST]
-
-kvno and V4 ticket are only included if status_code is zero.
-
-The kvno for the converted ticket is sent explicitly because the field
-is ASN.1 encoded in the krb5_creds structure; the client would have to
-decode (but not decrypt) the entire krb5_ticket structure to get it,
-which would be inefficient.
+++ /dev/null
-.\" krb524/krb524d.M
-.\"
-.\" Copyright 1990 by the Massachusetts Institute of Technology.
-.\"
-.\" Export of this software from the United States of America may
-.\" require a specific license from the United States Government.
-.\" It is the responsibility of any person or organization contemplating
-.\" export to obtain such a license before exporting.
-.\"
-.\" WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-.\" distribute this software and its documentation for any purpose and
-.\" without fee is hereby granted, provided that the above copyright
-.\" notice appear in all copies and that both that copyright notice and
-.\" this permission notice appear in supporting documentation, and that
-.\" the name of M.I.T. not be used in advertising or publicity pertaining
-.\" to distribution of the software without specific, written prior
-.\" permission. Furthermore if you modify this software you must label
-.\" your software as modified software and not distribute it in such a
-.\" fashion that it might be confused with the original M.I.T. software.
-.\" M.I.T. makes no representations about the suitability of
-.\" this software for any purpose. It is provided "as is" without express
-.\" or implied warranty.
-.\" "
-.TH KRB524D 8
-.SH NAME
-krb524d \- Version 5 to Version 4 Credentials Conversion Daemon
-.SH SYNOPSIS
-.B krb524d
-[
-.B \-m[aster]
-|
-.B \-k[eytab]
-] [
-.B \-r
-.I realm
-] [
-.B \-nofork
-] [
-.B \-p
-.I portnum
-]
-.br
-.SH DESCRIPTION
-.I krb524d
-is the Kerberos Version 5 to Version 4 Credentials Conversion daemon.
-It works in conjuction with a krb5kdc to allow clients to acquire Kerberos
-version 4 tickets from Kerberos version 5 tickets without specifying a password.
-.SH OPTIONS
-.TP
-\fB\-m[aster]\fP
-Use the KDC database to convert credentials. This option cannot be combined with
-\fB\-k[eytab]\fP.
-.TP
-\fB\-k[eytab]\fP
-Use the default keytab to convert credentials. This option cannot be combined with
-\fB\-m[aster]\fP.
-.TP
-\fB\-r\fP \fIrealm\fP
-Convert credentials for \fIrealm\fP; by default the realm returned by
-.IR krb5_default_local_realm (3)
-is used.
-.TP
-\fB\-nofork\fP
-specifies that krb524d not fork on launch. Useful for debugging purposes.
-.TP
-\fB\-p\fP \fIportnum\fP
-specifies the default UDP port number which krb524d should listen on for
-Kerberos 524 requests. This value is used when no port is specified in
-the KDC profile and when no port is specified in the Kerberos configuration
-file.
-If no value is available, then the value in /etc/services for service
-"krb524" is used.
-.SH SEE ALSO
-kerberos(1), krb5kdc(8), kdb5_util(8), kdc.conf(5)
+++ /dev/null
-/*
- * Copyright (C) 2002, 2007, 2008 by the Massachusetts Institute of Technology.
- * All rights reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- * Copyright 1994 by OpenVision Technologies, Inc.
- *
- * Permission to use, copy, modify, distribute, and sell this software
- * and its documentation for any purpose is hereby granted without fee,
- * provided that the above copyright notice appears in all copies and
- * that both that copyright notice and this permission notice appear in
- * supporting documentation, and that the name of OpenVision not be used
- * in advertising or publicity pertaining to distribution of the software
- * without specific, written prior permission. OpenVision makes no
- * representations about the suitability of this software for any
- * purpose. It is provided "as is" without express or implied warranty.
- *
- * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
- * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
- * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
- * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
- * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <k5-int.h>
-#include <kadm5/admin.h>
-#include <adm_proto.h>
-#include <com_err.h>
-#include <stdarg.h>
-
-#include <assert.h>
-#include <stdio.h>
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-#include <string.h>
-#include <signal.h>
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/signal.h>
-#include <netinet/in.h>
-
-#include <krb.h>
-#include "krb524d.h"
-
-#if defined(NEED_DAEMON_PROTO)
-extern int daemon(int, int);
-#endif
-
-#define TIMEOUT 60
-#define TKT_BUFSIZ 2048
-#define MSGSIZE 8192
-
-char *whoami;
-int signalled = 0;
-static int debug = 0;
-void *handle = NULL;
-
-int use_keytab, use_master;
-int allow_v4_crossrealm = 0;
-char *keytab = NULL;
-krb5_keytab kt;
-
-void init_keytab(krb5_context),
- init_master(krb5_context, kadm5_config_params *),
- cleanup_and_exit(int, krb5_context);
-krb5_error_code do_connection(int, krb5_context);
-krb5_error_code lookup_service_key(krb5_context, krb5_principal,
- krb5_enctype, krb5_kvno,
- krb5_keyblock *, krb5_kvno *);
-krb5_error_code kdc_get_server_key(krb5_context, krb5_principal,
- krb5_keyblock *, krb5_kvno *,
- krb5_enctype, krb5_kvno);
-
-static krb5_error_code
-handle_classic_v4 (krb5_context context, krb5_ticket *v5tkt,
- struct sockaddr_in *saddr,
- krb5_data *tktdata, krb5_kvno *v4kvno);
-static krb5_error_code
-afs_return_v4(krb5_context, const krb5_principal , int *use_v5);
-
-static void usage(context)
- krb5_context context;
-{
- fprintf(stderr, "Usage: %s [-k[eytab]] [-m[aster] [-r realm]] [-nofork] [-p portnum]\n", whoami);
- cleanup_and_exit(1, context);
-}
-
-static RETSIGTYPE request_exit(signo)
- int signo;
-{
- signalled = 1;
-}
-
-int (*encode_v4tkt)(KTEXT, char *, unsigned int *) = 0;
-
-int main(argc, argv)
- int argc;
- char **argv;
-{
- struct servent *serv;
- struct sockaddr_in saddr;
- struct timeval timeout;
- int ret, s, nofork;
- fd_set rfds;
- krb5_context context;
- krb5_error_code retval;
- kadm5_config_params config_params;
- unsigned long port = 0;
-
- whoami = ((whoami = strrchr(argv[0], '/')) ? whoami + 1 : argv[0]);
-
- retval = krb5int_init_context_kdc(&context);
- if (retval) {
- com_err(whoami, retval, "while initializing krb5");
- exit(1);
- }
-
- {
- krb5int_access k5int;
- retval = krb5int_accessor(&k5int, KRB5INT_ACCESS_VERSION);
- if (retval != 0) {
- com_err(whoami, retval,
- "while accessing krb5 library internal support");
- exit(1);
- }
- encode_v4tkt = k5int.krb524_encode_v4tkt;
- if (encode_v4tkt == NULL) {
- com_err(whoami, 0,
- "krb4 support disabled in krb5 support library");
- exit(1);
- }
- }
-
- argv++; argc--;
- use_master = use_keytab = nofork = 0;
- config_params.mask = 0;
-
- while (argc) {
- if (strncmp(*argv, "-X", 2) == 0) {
- allow_v4_crossrealm = 1;
- }
- else if (strncmp(*argv, "-k", 2) == 0)
- use_keytab = 1;
- else if (strncmp(*argv, "-m", 2) == 0)
- use_master = 1;
- else if (strcmp(*argv, "-nofork") == 0)
- nofork = 1;
- else if (strcmp(*argv, "-r") == 0) {
- argv++; argc--;
- if (argc == 0 || !use_master)
- usage(context);
- config_params.mask |= KADM5_CONFIG_REALM;
- config_params.realm = *argv;
- }
- else if (strcmp(*argv, "-p") == 0) {
- char *endptr = 0;
- argv++; argc--;
- if (argc == 0)
- usage (context);
- if (port != 0) {
- com_err (whoami, 0,
- "port number may only be specified once");
- exit (1);
- }
- port = strtoul (*argv, &endptr, 0);
- if (*endptr != '\0' || port > 65535 || port == 0) {
- com_err (whoami, 0,
- "invalid port number %s, must be 1..65535\n",
- *argv);
- exit (1);
- }
- }
- else
- break;
- argv++; argc--;
- }
- if (argc || use_keytab + use_master > 1 ||
- use_keytab + use_master == 0) {
- use_keytab = use_master = 0;
- usage(context);
- }
-
- signal(SIGINT, request_exit);
- signal(SIGHUP, SIG_IGN);
- signal(SIGTERM, request_exit);
-
- krb5_klog_init(context, "krb524d", whoami, !nofork);
-
- if (use_keytab)
- init_keytab(context);
- if (use_master)
- init_master(context, &config_params);
-
- memset((char *) &saddr, 0, sizeof(struct sockaddr_in));
- saddr.sin_family = AF_INET;
- saddr.sin_addr.s_addr = INADDR_ANY;
- if (port == 0) {
- serv = getservbyname(KRB524_SERVICE, "udp");
- if (serv == NULL) {
- com_err(whoami, 0, "service entry `%s' not found, using %d",
- KRB524_SERVICE, KRB524_PORT);
- saddr.sin_port = htons(KRB524_PORT);
- } else
- saddr.sin_port = serv->s_port;
- } else
- saddr.sin_port = htons(port);
-
- if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
- com_err(whoami, errno, "creating main socket");
- cleanup_and_exit(1, context);
- }
- set_cloexec_fd(s);
- if ((ret = bind(s, (struct sockaddr *) &saddr,
- sizeof(struct sockaddr_in))) < 0) {
- com_err(whoami, errno, "binding main socket");
- cleanup_and_exit(1, context);
- }
- if (!nofork && daemon(0, 0)) {
- com_err(whoami, errno, "while detaching from tty");
- cleanup_and_exit(1, context);
- }
-
- while (1) {
- FD_ZERO(&rfds);
- FD_SET(s, &rfds);
- timeout.tv_sec = TIMEOUT;
- timeout.tv_usec = 0;
-
- ret = select(s+1, &rfds, NULL, NULL, &timeout);
- if (signalled)
- cleanup_and_exit(0, context);
- else if (ret == 0) {
- if (use_master) {
- ret = kadm5_flush(handle);
- if (ret && ret != KRB5_KDB_DBNOTINITED) {
- com_err(whoami, ret, "closing kerberos database");
- cleanup_and_exit(1, context);
- }
- }
- } else if (ret < 0 && errno != EINTR) {
- com_err(whoami, errno, "in select");
- cleanup_and_exit(1, context);
- } else if (FD_ISSET(s, &rfds)) {
- if (debug)
- printf("received packet\n");
- if ((ret = do_connection(s, context))) {
- com_err(whoami, ret, "handling packet");
- }
- } else
- com_err(whoami, 0, "impossible situation occurred!");
- }
-
- cleanup_and_exit(0, context);
-}
-
-void cleanup_and_exit(ret, context)
- int ret;
- krb5_context context;
-{
- if (use_master && handle) {
- (void) kadm5_destroy(handle);
- }
- if (use_keytab && kt) krb5_kt_close(context, kt);
- krb5_klog_close(context);
- krb5_free_context(context);
- exit(ret);
-}
-
-void init_keytab(context)
- krb5_context context;
-{
- int ret;
- use_keytab = 0;
- if (keytab == NULL) {
- if ((ret = krb5_kt_default(context, &kt))) {
- com_err(whoami, ret, "while opening default keytab");
- cleanup_and_exit(1, context);
- }
- } else {
- if ((ret = krb5_kt_resolve(context, keytab, &kt))) {
- com_err(whoami, ret, "while resolving keytab %s",
- keytab);
- cleanup_and_exit(1, context);
- }
- }
- use_keytab = 1; /* now safe to close keytab */
-}
-
-void init_master(context, params)
- krb5_context context;
- kadm5_config_params *params;
-{
- int ret;
-
- use_master = 0;
- if ((ret = kadm5_init(whoami, NULL, KADM5_ADMIN_SERVICE, params,
- KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL,
- &handle))) {
- com_err(whoami, ret, "initializing kadm5 library");
- cleanup_and_exit(1, context);
- }
- use_master = 1; /* now safe to close kadm5 */
-}
-
-krb5_error_code do_connection(s, context)
- int s;
- krb5_context context;
-{
- struct sockaddr saddr;
- krb5_ticket *v5tkt = 0;
- krb5_data msgdata, tktdata;
- char msgbuf[MSGSIZE], tktbuf[TKT_BUFSIZ], *p;
- int ret;
- socklen_t saddrlen;
- krb5_int32 n; /* Must be 4 bytes */
- krb5_kvno v4kvno;
-
- msgdata.data = msgbuf;
- msgdata.length = MSGSIZE;
- tktdata.data = tktbuf;
- tktdata.length = TKT_BUFSIZ;
- saddrlen = sizeof(struct sockaddr);
- ret = recvfrom(s, msgdata.data, (int) msgdata.length, 0, &saddr, &saddrlen);
- if (ret < 0) {
- /* if recvfrom fails, we probably don't have a valid saddr to
- use for the reply, so don't even try to respond. */
- return errno;
- }
- if (debug)
- printf("message received\n");
-
- if ((ret = decode_krb5_ticket(&msgdata, &v5tkt))) {
- switch (ret) {
- case KRB5KDC_ERR_BAD_PVNO:
- case ASN1_MISPLACED_FIELD:
- case ASN1_MISSING_FIELD:
- case ASN1_BAD_ID:
- case KRB5_BADMSGTYPE:
- /* don't even answer parse errors */
- return ret;
- break;
- default:
- /* try and recognize our own error packet */
- if (msgdata.length == sizeof(krb5_int32))
- return KRB5_BADMSGTYPE;
- else
- goto error;
- }
- }
- if (debug)
- printf("V5 ticket decoded\n");
-
- if (krb5_princ_size(context, v5tkt->server) >= 1
- && krb5_princ_component(context, v5tkt->server, 0)->length == 3
- && strncmp(krb5_princ_component(context, v5tkt->server, 0)->data,
- "afs", 3) == 0) {
- krb5_data *enc_part;
- int use_v5;
- if ((ret = afs_return_v4(context, v5tkt->server,
- &use_v5)) != 0)
- goto error;
- if ((ret = encode_krb5_enc_data(&v5tkt->enc_part, &enc_part)) != 0)
- goto error;
- if (!(use_v5)|| enc_part->length >= 344) {
- krb5_free_data(context, enc_part);
- if ((ret = handle_classic_v4(context, v5tkt,
- (struct sockaddr_in *) &saddr, &tktdata,
- &v4kvno)) != 0)
- goto error;
- } else {
- KTEXT_ST fake_v4tkt;
- memset(&fake_v4tkt, 0x11, sizeof(fake_v4tkt));
- fake_v4tkt.mbz = 0;
- fake_v4tkt.length = enc_part->length;
- memcpy(fake_v4tkt.dat, enc_part->data, enc_part->length);
- v4kvno = (0x100-0x2b); /*protocol constant indicating v5
- * enc part only*/
- krb5_free_data(context, enc_part);
- ret = encode_v4tkt(&fake_v4tkt, tktdata.data, &tktdata.length);
- }
- } else {
- if ((ret = handle_classic_v4(context, v5tkt,
- (struct sockaddr_in *) &saddr, &tktdata,
- &v4kvno)) != 0)
- goto error;
- }
-
-error:
- /* create the reply */
- p = msgdata.data;
- msgdata.length = 0;
-
- n = htonl(ret);
- memcpy(p, (char *) &n, sizeof(krb5_int32));
- p += sizeof(krb5_int32);
- msgdata.length += sizeof(krb5_int32);
-
- if (ret)
- goto write_msg;
-
- n = htonl(v4kvno);
- memcpy(p, (char *) &n, sizeof(krb5_int32));
- p += sizeof(krb5_int32);
- msgdata.length += sizeof(krb5_int32);
-
- memcpy(p, tktdata.data, tktdata.length);
- p += tktdata.length;
- msgdata.length += tktdata.length;
-
-write_msg:
- if (ret)
- (void) sendto(s, msgdata.data, (int) msgdata.length, 0, &saddr, saddrlen);
- else
- if (sendto(s, msgdata.data, msgdata.length, 0, &saddr, saddrlen)<0)
- ret = errno;
- if (debug)
- printf("reply written\n");
- if (v5tkt)
- krb5_free_ticket(context, v5tkt);
-
-
- return ret;
-}
-
-krb5_error_code lookup_service_key(context, p, ktype, kvno, key, kvnop)
- krb5_context context;
- krb5_principal p;
- krb5_enctype ktype;
- krb5_kvno kvno;
- krb5_keyblock *key;
- krb5_kvno *kvnop;
-{
- int ret;
- krb5_keytab_entry entry;
-
- if (use_keytab) {
- if ((ret = krb5_kt_get_entry(context, kt, p, kvno, ktype, &entry)))
- return ret;
- *key = entry.key;
- key->contents = malloc(key->length);
- if (key->contents)
- memcpy(key->contents, entry.key.contents, key->length);
- else if (key->length) {
- /* out of memory? */
- ret = ENOMEM;
- memset (key, 0, sizeof (*key));
- return ret;
- }
-
- krb5_kt_free_entry(context, &entry);
- return 0;
- } else if (use_master) {
- return kdc_get_server_key(context, p, key, kvnop, ktype, kvno);
- }
- return 0;
-}
-
-krb5_error_code kdc_get_server_key(context, service, key, kvnop, ktype, kvno)
- krb5_context context;
- krb5_principal service;
- krb5_keyblock *key;
- krb5_kvno *kvnop;
- krb5_enctype ktype;
- krb5_kvno kvno;
-{
- krb5_error_code ret;
- kadm5_principal_ent_rec server;
-
- if ((ret = kadm5_get_principal(handle, service, &server,
- KADM5_KEY_DATA|KADM5_ATTRIBUTES)))
- return ret;
-
- if (server.attributes & KRB5_KDB_DISALLOW_ALL_TIX
- || server.attributes & KRB5_KDB_DISALLOW_SVR) {
- kadm5_free_principal_ent(handle, &server);
- return KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
- }
-
- /*
- * We try kadm5_decrypt_key twice because in the case of a
- * ENCTYPE_DES_CBC_CRC key, we prefer to find a krb4 salt type
- * over a normal key. Note this may create a problem if the
- * server key is passworded and has both a normal and v4 salt.
- * There is no good solution to this.
- */
- if ((ret = kadm5_decrypt_key(handle,
- &server,
- ktype,
- (ktype == ENCTYPE_DES_CBC_CRC) ?
- KRB5_KDB_SALTTYPE_V4 : -1,
- kvno,
- key, NULL, kvnop)) &&
- (ret = kadm5_decrypt_key(handle,
- &server,
- ktype,
- -1,
- kvno,
- key, NULL, kvnop))) {
- kadm5_free_principal_ent(handle, &server);
- return (KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN);
- }
-
- kadm5_free_principal_ent(handle, &server);
- return ret;
-}
-
-/*
- * We support two kinds of v4 credentials. There are real v4
- * credentials, and a Kerberos v5 enc part masquerading as a krb4
- * credential to be used by modern AFS implementations; this function
- * handles the classic v4 case.
- */
-
-static krb5_error_code
-handle_classic_v4 (krb5_context context, krb5_ticket *v5tkt,
- struct sockaddr_in *saddr,
- krb5_data *tktdata, krb5_kvno *v4kvno)
-{
- krb5_error_code ret;
- krb5_keyblock v5_service_key, v4_service_key;
- KTEXT_ST v4tkt;
-
- v5_service_key.contents = NULL;
- v4_service_key.contents = NULL;
-
- if ((ret = lookup_service_key(context, v5tkt->server,
- v5tkt->enc_part.enctype,
- v5tkt->enc_part.kvno,
- &v5_service_key, NULL)))
- goto error;
-
- if ((ret = lookup_service_key(context, v5tkt->server,
- ENCTYPE_DES_CBC_CRC,
- 0,
- &v4_service_key, v4kvno)))
- goto error;
-
- if (debug)
- printf("service key retrieved\n");
- if ((ret = krb5_decrypt_tkt_part(context, &v5_service_key, v5tkt))) {
- goto error;
- }
-
- if (!(allow_v4_crossrealm || krb5_realm_compare(context, v5tkt->server,
- v5tkt->enc_part2->client))) {
- ret = KRB5KDC_ERR_POLICY;
- goto error;
- }
- krb5_free_enc_tkt_part(context, v5tkt->enc_part2);
- v5tkt->enc_part2= NULL;
-
- memset(&v4tkt, 0x33, sizeof(v4tkt));
- ret = krb524_convert_tkt_skey(context, v5tkt, &v4tkt, &v5_service_key,
- &v4_service_key,
- (struct sockaddr_in *)saddr);
- if (ret)
- goto error;
-
- if (debug)
- printf("credentials converted\n");
-
- ret = encode_v4tkt(&v4tkt, tktdata->data, &tktdata->length);
- if (ret)
- goto error;
- if (debug)
- printf("v4 credentials encoded\n");
-
-error:
- if (v5tkt->enc_part2) {
- krb5_free_enc_tkt_part(context, v5tkt->enc_part2);
- v5tkt->enc_part2 = NULL;
- }
-
- if (v5_service_key.contents)
- krb5_free_keyblock_contents(context, &v5_service_key);
- if (v4_service_key.contents)
- krb5_free_keyblock_contents(context, &v4_service_key);
- return ret;
-}
-
-/*
- * afs_return_v4: a predicate to determine whether we want to try
- * using the afs krb5 encrypted part encoding or whether we just
- * return krb4. Takes a principal, and checks the configuration file.
- */
-static krb5_error_code
-afs_return_v4 (krb5_context context, const krb5_principal princ,
- int *use_v5)
-{
- krb5_error_code ret;
- char *unparsed_name;
- char *cp;
- krb5_data realm;
- assert(use_v5 != NULL);
- ret = krb5_unparse_name(context, princ, &unparsed_name);
- if (ret != 0)
- return ret;
-/* Trim out trailing realm component into separate string.*/
- for (cp = unparsed_name; *cp != '\0'; cp++) {
- if (*cp == '\\') {
- cp++; /* We trust unparse_name not to leave a singleton
- * backslash*/
- continue;
- }
- if (*cp == '@') {
- *cp = '\0';
- realm.data = cp+1;
- realm.length = strlen((char *) realm.data);
- break;
- }
- }
- krb5_appdefault_boolean(context, "afs_krb5",
- &realm, unparsed_name, 1,
- use_v5);
- krb5_free_unparsed_name(context, unparsed_name);
- return ret;
-}
+++ /dev/null
-/*
- * Copyright 1994 by OpenVision Technologies, Inc.
- *
- * Permission to use, copy, modify, distribute, and sell this software
- * and its documentation for any purpose is hereby granted without fee,
- * provided that the above copyright notice appears in all copies and
- * that both that copyright notice and this permission notice appear in
- * supporting documentation, and that the name of OpenVision not be used
- * in advertising or publicity pertaining to distribution of the software
- * without specific, written prior permission. OpenVision makes no
- * representations about the suitability of this software for any
- * purpose. It is provided "as is" without express or implied warranty.
- *
- * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
- * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
- * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
- * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
- * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef KRB524INT_H
-#define KRB524INT_H
-
-#include "port-sockets.h"
-#include "kerberosIV/krb.h"
-
-#ifndef KRB524INT_BEGIN_DECLS
-#ifdef __cplusplus
-#define KRB524INT_BEGIN_DECLS extern "C" {
-#define KRB524INT_END_DECLS }
-#else
-#define KRB524INT_BEGIN_DECLS
-#define KRB524INT_END_DECLS
-#endif
-#endif
-
-KRB524INT_BEGIN_DECLS
-
-int krb524_convert_tkt_skey
- (krb5_context context, krb5_ticket *v5tkt, KTEXT_ST *v4tkt,
- krb5_keyblock *v5_skey, krb5_keyblock *v4_skey,
- struct sockaddr_in *saddr);
-
-KRB524INT_END_DECLS
-
-#endif /* KRB524INT_H */
+++ /dev/null
-#ifdef _WIN32
-#include <windows.h>
-
-BOOL
-WINAPI
-DllMain(
- HANDLE hModule,
- DWORD fdwReason,
- LPVOID lpReserved
- )
-{
- switch (fdwReason)
- {
- case DLL_PROCESS_ATTACH:
- break;
- case DLL_THREAD_ATTACH:
- break;
- case DLL_THREAD_DETACH:
- break;
- case DLL_PROCESS_DETACH:
- break;
- default:
- return FALSE;
- }
- return TRUE;
-}
-#endif
+++ /dev/null
-/*
- * Copyright 1994 by OpenVision Technologies, Inc.
- *
- * Permission to use, copy, modify, distribute, and sell this software
- * and its documentation for any purpose is hereby granted without fee,
- * provided that the above copyright notice appears in all copies and
- * that both that copyright notice and this permission notice appear in
- * supporting documentation, and that the name of OpenVision not be used
- * in advertising or publicity pertaining to distribution of the software
- * without specific, written prior permission. OpenVision makes no
- * representations about the suitability of this software for any
- * purpose. It is provided "as is" without express or implied warranty.
- *
- * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
- * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
- * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
- * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
- * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "k5-int.h"
-
-#include <stdio.h>
-#include <time.h>
-#include <sys/types.h>
-
-#ifndef _WIN32
-#include <netinet/in.h>
-#endif
-
-#include <des.h>
-#include <krb.h>
-#include "com_err.h"
-
-#define KEYSIZE 8
-#define CRED_BUFSIZ 2048
-
-#define krb5_print_addrs
-
-void do_local (krb5_creds *, krb5_keyblock *),
- do_remote (krb5_context, krb5_creds *, char *, krb5_keyblock *);
-
-static
-void print_key(msg, key)
- char *msg;
- des_cblock *key;
-{
- printf("%s: ", msg);
- C_Block_print(key);
- printf("\n");
-}
-
-static
-void print_time(msg, t)
- char *msg;
- int t;
-{
- printf("%s: %d, %s", msg, t, ctime((time_t *) &t));
-}
-
-static
-void krb5_print_times(msg, t)
- char *msg;
- krb5_ticket_times *t;
-{
- printf("%s: Start: %d, %s", msg, t->starttime,
- ctime((time_t *) &t->starttime));
- printf("%s: End: %d, %s", msg, t->endtime,
- ctime((time_t *) &t->endtime));
- printf("%s: Auth: %d, %s", msg, t->authtime,
- ctime((time_t *) &t->authtime));
- printf("%s: Renew: %d, %s", msg, t->renew_till,
- ctime((time_t *) &t->renew_till));
-}
-
-static
-void krb5_print_keyblock(msg, key)
- char *msg;
- krb5_keyblock *key;
-{
- printf("%s: Keytype: %d\n", msg, key->enctype);
- printf("%s: Length: %d\n", msg, key->length);
- printf("%s: Key: ", msg);
- C_Block_print((des_cblock *) key->contents);
- printf("\n");
-}
-
-static
-void krb5_print_ticket(context, ticket_data, key)
- krb5_context context;
- krb5_data *ticket_data;
- krb5_keyblock *key;
-{
- char *p;
- krb5_ticket *tkt;
- int ret;
-
- if ((ret = decode_krb5_ticket(ticket_data, &tkt))) {
- com_err("test", ret, "decoding ticket");
- exit(1);
- }
- if ((ret = krb5_decrypt_tkt_part(context, key, tkt))) {
- com_err("test", ret, "decrypting V5 ticket for print");
- exit(1);
- }
-
- krb5_unparse_name(context, tkt->server, &p);
- printf("Ticket: Server: %s\n", p);
- free(p);
- printf("Ticket: kvno: %d\n", tkt->enc_part.kvno);
- printf("Ticket: Flags: 0x%08x\n", tkt->enc_part2->flags);
- krb5_print_keyblock("Ticket: Session Keyblock",
- tkt->enc_part2->session);
- krb5_unparse_name(context, tkt->enc_part2->client, &p);
- printf("Ticket: Client: %s\n", p);
- free(p);
- krb5_print_times("Ticket: Times", &tkt->enc_part2->times);
- printf("Ticket: Address 0: %08lx\n",
- *((unsigned long *) tkt->enc_part2->caddrs[0]->contents));
-
- krb5_free_ticket(context, tkt);
-}
-
-static
-void krb5_print_creds(context, creds, secret_key)
- krb5_context context;
- krb5_creds *creds;
- krb5_keyblock *secret_key;
-{
- char *p;
-
- krb5_unparse_name(context, creds->client, &p);
- printf("Client: %s\n", p);
- free(p);
- krb5_unparse_name(context, creds->server, &p);
- printf("Server: %s\n", p);
- free(p);
- krb5_print_keyblock("Session key", &creds->keyblock);
- krb5_print_times("Times", &creds->times);
- printf("is_skey: %s\n", creds->is_skey ? "True" : "False");
- printf("Flags: 0x%08x\n", creds->ticket_flags);
-#if 0
- krb5_print_addrs(creds->addresses);
-#endif
- krb5_print_ticket(context, &creds->ticket, secret_key);
- /* krb5_print_ticket(context, &creds->second_ticket, secret_key); */
-}
-
-static
-void krb4_print_ticket(ticket, secret_key)
- KTEXT ticket;
- krb5_keyblock *secret_key;
-{
- char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ];
- char sname[ANAME_SZ], sinst[INST_SZ];
- unsigned char flags;
- krb5_ui_4 addr;
- krb5_ui_4 issue_time;
- C_Block session_key;
- int life;
- Key_schedule keysched;
-
- int ret;
-
- if (des_key_sched(secret_key->contents, keysched)) {
- fprintf(stderr, "Bug in DES key somewhere.\n");
- exit(1);
- }
-
- ret = decomp_ticket(ticket, &flags, pname, pinst, prealm, &addr,
- session_key, &life, &issue_time, sname,
- sinst, secret_key->contents, keysched);
- if (ret != KSUCCESS) {
- fprintf(stderr, "krb4 decomp_ticket failed\n");
- exit(1);
- }
- printf("Ticket: Client: %s.%s@%s\n", pname, pinst, prealm);
- printf("Ticket: Service: %s.%s\n", sname, sinst);
- printf("Ticket: Address: %08lx\n", (long) addr);
- print_key("Ticket: Session Key", (char *) session_key);
- printf("Ticket: Lifetime: %d\n", life);
- printf("Ticket: Issue Date: %ld, %s", (long) issue_time,
- ctime((time_t *) &issue_time));
-}
-
-static
-void krb4_print_creds(creds, secret_key)
- CREDENTIALS *creds;
- krb5_keyblock *secret_key;
-{
- printf("Client: %s.%s@%s\n", creds->pname, creds->pinst,
- creds->realm);
- printf("Service: %s.%s@%s\n", creds->service, creds->instance,
- creds->realm);
- print_key("Session key", (char *) creds->session);
- printf("Lifetime: %d\n", creds->lifetime);
- printf("Key Version: %d\n", creds->kvno);
- print_time("Issue Date", creds->issue_date);
- krb4_print_ticket(&creds->ticket_st, secret_key);
-}
-
-static
-void usage()
-{
- fprintf(stderr, "Usage: test [-remote server] client service\n");
- exit(1);
-}
-
-int main(argc, argv)
- int argc;
- char **argv;
-{
- krb5_principal client, server;
- krb5_ccache cc;
- krb5_creds increds, *v5creds;
- krb5_keyblock key;
- char keybuf[KEYSIZE], buf[BUFSIZ];
- int i, ret, local;
- char *remote;
- krb5_context context;
- krb5_error_code retval;
-
-#if 0
- krb524_debug = 1;
-#endif
-
- retval = krb5_init_context(&context);
- if (retval) {
- com_err(argv[0], retval, "while initializing krb5");
- exit(1);
- }
-
- local = 0;
- remote = NULL;
- argc--; argv++;
- while (argc) {
- if (strcmp(*argv, "-local") == 0)
- local++;
-#if 0
- else if (strcmp(*argv, "-remote") == 0) {
- argc--; argv++;
- if (!argc)
- usage();
- remote = *argv;
- }
-#endif
- else
- break;
- argc--; argv++;
- }
- if (argc != 2)
- usage();
-
- if ((ret = krb5_parse_name(context, argv[0], &client))) {
- com_err("test", ret, "parsing client name");
- exit(1);
- }
- if ((ret = krb5_parse_name(context, argv[1], &server))) {
- com_err("test", ret, "parsing server name");
- exit(1);
- }
- if ((ret = krb5_cc_default(context, &cc))) {
- com_err("test", ret, "opening default credentials cache");
- exit(1);
- }
-
- memset((char *) &increds, 0, sizeof(increds));
- increds.client = client;
- increds.server = server;
- increds.times.endtime = 0;
- increds.keyblock.enctype = ENCTYPE_DES_CBC_MD5;
- if ((ret = krb5_get_credentials(context, 0, cc, &increds, &v5creds))) {
- com_err("test", ret, "getting V5 credentials");
- exit(1);
- }
-
- /* We need the service key in order to locally decrypt both */
- /* tickets for testing */
- printf("Service's key: ");
- fflush(stdout);
- fgets(buf, BUFSIZ, stdin);
- for (i = 0; i < 8; i++) {
- unsigned char c;
- c = buf[2*i];
- if (c >= '0' && c <= '9')
- c -= '0';
- else if (c >= 'a' && c <= 'z')
- c = c - 'a' + 0xa;
- keybuf[i] = c << 4;
- c = buf[2*i+1];
- if (c >= '0' && c <= '9')
- c -= '0';
- else if (c >= 'a' && c <= 'z')
- c = c - 'a' + 0xa;
- keybuf[i] += c;
- }
-
- key.enctype = ENCTYPE_DES_CBC_MD5;
- key.length = KEYSIZE; /* presumably */
- key.contents = (krb5_octet *) keybuf;
-
- do_remote(context, v5creds, remote, &key);
- exit(0);
-}
-
-void do_remote(context, v5creds, server, key)
- krb5_context context;
- krb5_creds *v5creds;
- char *server;
- krb5_keyblock *key;
-{
-#if 0
- struct sockaddr_in saddr;
- struct hostent *hp;
-#endif
- CREDENTIALS v4creds;
- int ret;
-
- printf("\nV5 credentials:\n");
- krb5_print_creds(context, v5creds, key);
-
-#if 0
- if (strcmp(server, "kdc") != 0) {
- hp = gethostbyname(server);
- if (hp == NULL) {
- fprintf(stderr, "test: host %s does not exist.\n", server);
- exit(1);
- }
- memset((char *) &saddr, 0, sizeof(struct sockaddr_in));
- saddr.sin_family = AF_INET;
- memcpy((char *) &saddr.sin_addr.s_addr, hp->h_addr,
- sizeof(struct in_addr));
-
- if ((ret = krb524_convert_creds_addr(context, v5creds, &v4creds,
- (struct sockaddr *) &saddr))) {
- com_err("test", ret, "converting credentials on %s",
- server);
- exit(1);
- }
- } else
-#endif
- {
- if ((ret = krb524_convert_creds_kdc(context, v5creds, &v4creds))) {
- com_err("test", ret, "converting credentials via kdc");
- exit(1);
- }
- }
-
- printf("\nV4 credentials:\n");
- krb4_print_creds(&v4creds, key);
-}
thisconfigdir=./..
myfulldir=lib
mydir=lib
-SUBDIRS=crypto krb5 des425 @KRB4@ gssapi rpc kdb kadm5 apputils
+SUBDIRS=crypto krb5 gssapi rpc kdb kadm5 apputils
BUILDTOP=$(REL)..
all-unix::
-CLEANLIBS = libkrb5.a libkdb5.a libcrypto.a libgssapi_krb5.a libdes425.a \
- libkrb425.a libkadm.a libkrb4.a libcom_err.a libpty.a \
- libss.a libgssapi.a libapputils.a \
- libkrb5.so libcrypto.so libkrb4.so libdes425.so
+CLEANLIBS = libkrb5.a libkdb5.a libcrypto.a libgssapi_krb5.a libkadm.a \
+ libcom_err.a libpty.a ibss.a libgssapi.a libapputils.a libkrb5.so \
+ libcrypto.so
clean-unix::
$(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
$(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
$(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- decrypt.c etypes.h
+ aead.h decrypt.c etypes.h
decrypt_iov.so decrypt_iov.po $(OUTPRE)decrypt_iov.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
$(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
$(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
$(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- encrypt.c etypes.h
+ aead.h encrypt.c etypes.h
encrypt_iov.so encrypt_iov.po $(OUTPRE)encrypt_iov.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
$(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
$(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
$(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h encrypt_length.c etypes.h
+ $(SRCTOP)/include/socket-utils.h aead.h encrypt_length.c \
+ etypes.h
enctype_compare.so enctype_compare.po $(OUTPRE)enctype_compare.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
$(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
$(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
$(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- afsstring2key.c des_int.h
+ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
+ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h afsstring2key.c des_int.h
d3_cbc.so d3_cbc.po $(OUTPRE)d3_cbc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
$(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
$(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
$(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h d3_cbc.c des_int.h \
- f_tables.h
+ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
+ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
+ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+ d3_cbc.c des_int.h f_tables.h
d3_aead.so d3_aead.po $(OUTPRE)d3_aead.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
$(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
$(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
$(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(srcdir)/../aead.h \
- d3_aead.c des_int.h f_tables.h
+ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
+ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
+ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+ $(srcdir)/../aead.h d3_aead.c des_int.h f_tables.h
d3_kysched.so d3_kysched.po $(OUTPRE)d3_kysched.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
$(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
$(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
$(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- d3_kysched.c des_int.h
+ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
+ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h d3_kysched.c des_int.h
f_cbc.so f_cbc.po $(OUTPRE)f_cbc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
$(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
$(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
$(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h des_int.h f_cbc.c \
- f_tables.h
+ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
+ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
+ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+ des_int.h f_cbc.c f_tables.h
f_cksum.so f_cksum.po $(OUTPRE)f_cksum.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
$(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
$(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
$(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h des_int.h f_cksum.c \
- f_tables.h
+ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
+ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
+ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+ des_int.h f_cksum.c f_tables.h
f_parity.so f_parity.po $(OUTPRE)f_parity.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
$(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
$(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
$(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- des_int.h f_parity.c
+ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
+ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h des_int.h f_parity.c
f_sched.so f_sched.po $(OUTPRE)f_sched.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
$(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
$(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
$(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h des_int.h f_sched.c
+ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
+ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
+ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+ des_int.h f_sched.c
f_tables.so f_tables.po $(OUTPRE)f_tables.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
$(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
$(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
$(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- des_int.h f_tables.c f_tables.h
+ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
+ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h des_int.h f_tables.c \
+ f_tables.h
key_sched.so key_sched.po $(OUTPRE)key_sched.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
$(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
$(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
$(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- des_int.h key_sched.c
+ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
+ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h des_int.h key_sched.c
weak_key.so weak_key.po $(OUTPRE)weak_key.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
$(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
$(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
$(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- des_int.h weak_key.c
+ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
+ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h des_int.h weak_key.c
string2key.so string2key.po $(OUTPRE)string2key.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
$(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
$(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
$(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- des_int.h string2key.c
+ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
+ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h des_int.h string2key.c
#ifndef KRB5_MIT_DES__
#define KRB5_MIT_DES__
-#define KRB5INT_CRYPTO_DES_INT /* skip krb4-specific DES stuff */
-#include "kerberosIV/des.h" /* for des_key_schedule, etc. */
-#undef KRB5INT_CRYPTO_DES_INT /* don't screw other inclusions of des.h */
+#if defined(__MACH__) && defined(__APPLE__)
+#include <TargetConditionals.h>
+#include <AvailabilityMacros.h>
+#if TARGET_RT_MAC_CFM
+#error "Use KfM 4.0 SDK headers for CFM compilation."
+#endif
+#if defined(DEPRECATED_IN_MAC_OS_X_VERSION_10_5) && !defined(KRB5_SUPRESS_DEPRECATED_WARNINGS)
+#define KRB5INT_DES_DEPRECATED DEPRECATED_IN_MAC_OS_X_VERSION_10_5
+#endif
+#endif /* defined(__MACH__) && defined(__APPLE__) */
+
+/* Macro to add deprecated attribute to DES types and functions */
+/* Currently only defined on Mac OS X 10.5 and later. */
+#ifndef KRB5INT_DES_DEPRECATED
+#define KRB5INT_DES_DEPRECATED
+#endif
+
+#include <limits.h>
+
+#if UINT_MAX >= 0xFFFFFFFFUL
+#define DES_INT32 int
+#define DES_UINT32 unsigned int
+#else
+#define DES_INT32 long
+#define DES_UINT32 unsigned long
+#endif
+
+typedef unsigned char des_cblock[8] /* crypto-block size */
+KRB5INT_DES_DEPRECATED;
+
+/*
+ * Key schedule.
+ *
+ * This used to be
+ *
+ * typedef struct des_ks_struct {
+ * union { DES_INT32 pad; des_cblock _;} __;
+ * } des_key_schedule[16];
+ *
+ * but it would cause trouble if DES_INT32 were ever more than 4
+ * bytes. The reason is that all the encryption functions cast it to
+ * (DES_INT32 *), and treat it as if it were DES_INT32[32]. If
+ * 2*sizeof(DES_INT32) is ever more than sizeof(des_cblock), the
+ * caller-allocated des_key_schedule will be overflowed by the key
+ * scheduling functions. We can't assume that every platform will
+ * have an exact 32-bit int, and nothing should be looking inside a
+ * des_key_schedule anyway.
+ */
+typedef struct des_ks_struct { DES_INT32 _[2]; } des_key_schedule[16]
+KRB5INT_DES_DEPRECATED;
typedef des_cblock mit_des_cblock;
typedef des_key_schedule mit_des_key_schedule;
$(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
$(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
$(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(srcdir)/../des/des_int.h \
- des.c enc_provider.h
+ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
+ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
+ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+ $(srcdir)/../des/des_int.h des.c enc_provider.h
des3.so des3.po $(OUTPRE)des3.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
$(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
$(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
$(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(srcdir)/../aead.h \
- $(srcdir)/../des/des_int.h des3.c
+ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
+ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
+ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+ $(srcdir)/../aead.h $(srcdir)/../des/des_int.h des3.c
aes.so aes.po $(OUTPRE)aes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
$(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
$(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
$(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(srcdir)/../des/des_int.h \
- descbc.c keyhash_provider.h
+ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
+ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
+ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+ $(srcdir)/../des/des_int.h descbc.c keyhash_provider.h
k5_md4des.so k5_md4des.po $(OUTPRE)k5_md4des.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
$(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
$(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
$(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(srcdir)/../des/des_int.h $(srcdir)/../md4/rsa-md4.h \
- k5_md4des.c keyhash_provider.h
+ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
+ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(srcdir)/../des/des_int.h \
+ $(srcdir)/../md4/rsa-md4.h k5_md4des.c keyhash_provider.h
k5_md5des.so k5_md5des.po $(OUTPRE)k5_md5des.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
$(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
$(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
$(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(srcdir)/../des/des_int.h $(srcdir)/../md5/rsa-md5.h \
- k5_md5des.c keyhash_provider.h
+ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
+ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(srcdir)/../des/des_int.h \
+ $(srcdir)/../md5/rsa-md5.h k5_md5des.c keyhash_provider.h
hmac_md5.so hmac_md5.po $(OUTPRE)hmac_md5.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
$(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
$(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
$(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(srcdir)/../des/des_int.h des_stringtokey.c old.h
+ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
+ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(srcdir)/../des/des_int.h \
+ des_stringtokey.c old.h
old_decrypt.so old_decrypt.po $(OUTPRE)old_decrypt.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+++ /dev/null
--*- text -*-
-
-* unix_time.c also exists in ../krb4, and they're different; both
- should probably call into the krb5 support anyways to avoid
- duplicating code.
-
-* namespace intrusions
-
-* Check include/kerberosIV/des.h and see if all the prototyped
- functions really are necessary to retain; if not, delete some of
- these source files.
-
-* Much of this code requires that DES_INT32 be *exactly* 32 bits, and
- 4 bytes.
-
-* Array types are used in function call signatures, which is unclean.
- It makes trying to add "const" qualifications in the right places
- really, um, interesting. But we're probably stuck with them.
-
-* quad_cksum is totally broken. I have no idea whether the author
- actually believed it implemented the documented algorithm, but I'm
- certain it doesn't. The only question is, is it still reasonably
- secure, when the plaintext and checksum are visible to an attacker
- as in the mk_safe message?
-
-* des_read_password and des_read_pw_string are not thread-safe. Also,
- they should be calling into the k5crypto library instead of
- duplicating functionality.
+++ /dev/null
-thisconfigdir=../..
-myfulldir=lib/des425
-mydir=lib/des425
-BUILDTOP=$(REL)..$(S)..
-LOCALINCLUDES = -I$(srcdir)/../crypto/des -I$(srcdir)/../../include/kerberosIV
-DEFS=
-
-##DOS##BUILDTOP = ..\..
-##DOS##LIBNAME=$(OUTPRE)des425.lib
-##DOS##OBJFILE=$(OUTPRE)des425.lst
-##DOS##OBJFILEDEP=$(OUTPRE)des425.lst
-##DOS##OBJFILELIST=@$(OUTPRE)des425.lst
-
-PROG_LIBPATH=-L$(TOPLIBD)
-PROG_RPATH=$(KRB5_LIBDIR)
-
-RUN_SETUP=@KRB5_RUN_ENV@
-
-LIBBASE=des425
-LIBMAJOR=3
-LIBMINOR=0
-RELDIR=des425
-# Depends on libk5crypto and libkrb5
-SHLIB_EXPDEPS = \
- $(TOPLIBD)/libk5crypto$(SHLIBEXT) \
- $(TOPLIBD)/libkrb5$(SHLIBEXT)
-SHLIB_EXPLIBS=-lkrb5 -lcom_err -lk5crypto
-SHLIB_DIRS=-L$(TOPLIBD)
-SHLIB_RDIRS=$(KRB5_LIBDIR)
-
-STOBJLISTS=OBJS.ST
-STLIBOBJS=cksum.o \
- des.o \
- enc_dec.o \
- key_parity.o \
- key_sched.o \
- new_rnd_key.o \
- pcbc_encrypt.o \
- quad_cksum.o \
- random_key.o \
- read_passwd.o \
- str_to_key.o \
- unix_time.o \
- util.o \
- weak_key.o
-
-
-OBJS= $(OUTPRE)cksum.$(OBJEXT) \
- $(OUTPRE)des.$(OBJEXT) \
- $(OUTPRE)enc_dec.$(OBJEXT) \
- $(OUTPRE)key_parity.$(OBJEXT) \
- $(OUTPRE)key_sched.$(OBJEXT) \
- $(OUTPRE)new_rnd_key.$(OBJEXT) \
- $(OUTPRE)pcbc_encrypt.$(OBJEXT) \
- $(OUTPRE)quad_cksum.$(OBJEXT) \
- $(OUTPRE)random_key.$(OBJEXT) \
- $(OUTPRE)read_passwd.$(OBJEXT) \
- $(OUTPRE)str_to_key.$(OBJEXT) \
- $(OUTPRE)unix_time.$(OBJEXT) \
- $(OUTPRE)util.$(OBJEXT) \
- $(OUTPRE)weak_key.$(OBJEXT)
-
-SRCS= $(srcdir)/cksum.c \
- $(srcdir)/des.c \
- $(srcdir)/enc_dec.c \
- $(srcdir)/key_parity.c \
- $(srcdir)/key_sched.c \
- $(srcdir)/new_rnd_key.c \
- $(srcdir)/pcbc_encrypt.c \
- $(srcdir)/quad_cksum.c \
- $(srcdir)/random_key.c \
- $(srcdir)/read_passwd.c \
- $(srcdir)/str_to_key.c \
- $(srcdir)/unix_time.c \
- $(srcdir)/util.c \
- $(srcdir)/weak_key.c
-
-all-unix:: all-liblinks
-
-##DOS##LIBOBJS = $(OBJS)
-
-shared:
- mkdir shared
-
-verify: verify.o $(DES425_DEPLIB) $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o $@ verify.o $(DES425_LIB) $(KRB5_BASE_LIBS)
-
-t_quad: t_quad.o quad_cksum.o $(SUPPORT_DEPLIB)
- $(CC_LINK) -o $@ t_quad.o quad_cksum.o $(SUPPORT_LIB)
-
-t_pcbc: t_pcbc.o pcbc_encrypt.o key_sched.o $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o $@ t_pcbc.o pcbc_encrypt.o key_sched.o $(KRB5_BASE_LIBS)
-
-check-unix:: verify t_quad t_pcbc
- $(RUN_SETUP) $(VALGRIND) ./verify -z
- $(RUN_SETUP) $(VALGRIND) ./verify -m
- $(RUN_SETUP) $(VALGRIND) ./verify
- $(RUN_SETUP) $(VALGRIND) ./t_quad
- $(RUN_SETUP) $(VALGRIND) ./t_pcbc
-
-check-windows::
-
-clean::
- $(RM) $(OUTPRE)verify$(EXEEXT) $(OUTPRE)verify.$(OBJEXT) \
- $(OUTPRE)t_quad$(EXEEXT) $(OUTPRE)t_quad.$(OBJEXT) \
- $(OUTPRE)t_pcbc$(EXEEXT) $(OUTPRE)t_pcbc.$(OBJEXT)
-
-clean-unix:: clean-liblinks clean-libs clean-libobjs
-
-install-unix:: install-libs
-
-@lib_frag@
-@libobj_frag@
-
-# +++ Dependency line eater +++
-#
-# Makefile dependencies follow. This must be the last section in
-# the Makefile.in file
-#
-cksum.so cksum.po $(OUTPRE)cksum.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
- $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
- $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(srcdir)/../crypto/des/des_int.h \
- cksum.c
-des.so des.po $(OUTPRE)des.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
- $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
- $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(srcdir)/../crypto/des/des_int.h \
- des.c
-enc_dec.so enc_dec.po $(OUTPRE)enc_dec.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
- $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
- $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(srcdir)/../crypto/des/des_int.h \
- enc_dec.c
-key_parity.so key_parity.po $(OUTPRE)key_parity.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
- $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
- $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
- $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(srcdir)/../crypto/des/des_int.h key_parity.c
-key_sched.so key_sched.po $(OUTPRE)key_sched.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
- $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
- $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
- $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(srcdir)/../crypto/des/des_int.h key_sched.c
-new_rnd_key.so new_rnd_key.po $(OUTPRE)new_rnd_key.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
- $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
- $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
- $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(srcdir)/../crypto/des/des_int.h new_rnd_key.c
-pcbc_encrypt.so pcbc_encrypt.po $(OUTPRE)pcbc_encrypt.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
- $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
- $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
- $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(srcdir)/../crypto/des/des_int.h $(srcdir)/../crypto/des/f_tables.h \
- pcbc_encrypt.c
-quad_cksum.so quad_cksum.po $(OUTPRE)quad_cksum.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
- $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
- $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
- $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(srcdir)/../crypto/des/des_int.h quad_cksum.c
-random_key.so random_key.po $(OUTPRE)random_key.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
- $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
- $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
- $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(srcdir)/../crypto/des/des_int.h random_key.c
-read_passwd.so read_passwd.po $(OUTPRE)read_passwd.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
- $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
- $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
- $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(srcdir)/../crypto/des/des_int.h read_passwd.c
-str_to_key.so str_to_key.po $(OUTPRE)str_to_key.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
- $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
- $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
- $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(srcdir)/../crypto/des/des_int.h str_to_key.c
-unix_time.so unix_time.po $(OUTPRE)unix_time.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
- $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
- $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
- $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h unix_time.c
-util.so util.po $(OUTPRE)util.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
- $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
- $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(srcdir)/../crypto/des/des_int.h \
- util.c
-weak_key.so weak_key.po $(OUTPRE)weak_key.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
- $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
- $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
- $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(srcdir)/../crypto/des/des_int.h weak_key.c
+++ /dev/null
-/*
- * lib/des425/cksum.c
- *
- * Copyright 1985, 1986, 1987, 1988, 1990 by the Massachusetts Institute
- * of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * These routines perform encryption and decryption using the DES
- * private key algorithm, or else a subset of it-- fewer inner loops.
- * (AUTH_DES_ITER defaults to 16, may be less.)
- *
- * Under U.S. law, this software may not be exported outside the US
- * without license from the U.S. Commerce department.
- *
- * These routines form the library interface to the DES facilities.
- *
- * spm 8/85 MIT project athena
- */
-
-#include "des_int.h"
-#include "des.h"
-
-/*
- * This routine performs DES cipher-block-chaining checksum operation,
- * a.k.a. Message Authentication Code. It ALWAYS encrypts from input
- * to a single 64 bit output MAC checksum.
- *
- * The key schedule is passed as an arg, as well as the cleartext or
- * ciphertext. The cleartext and ciphertext should be in host order.
- *
- * NOTE-- the output is ALWAYS 8 bytes long. If not enough space was
- * provided, your program will get trashed.
- *
- * The input is null padded, at the end (highest addr), to an integral
- * multiple of eight bytes.
- */
-
-unsigned long KRB5_CALLCONV
-des_cbc_cksum(in,out,length,key,iv)
- const des_cblock *in; /* >= length bytes of inputtext */
- des_cblock *out; /* >= length bytes of outputtext */
- register unsigned long length; /* in bytes */
- const mit_des_key_schedule key; /* precomputed key schedule */
- const des_cblock *iv; /* 8 bytes of ivec */
-{
- return mit_des_cbc_cksum((const krb5_octet *)in, (krb5_octet *)out,
- length, key, (krb5_octet *)iv);
-}
+++ /dev/null
-/*
- * lib/des425/des.c
- *
- * Copyright 1985, 1986, 1987, 1988, 1990 by the Massachusetts Institute
- * of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include "des_int.h"
-#include "des.h"
-#undef mit_des_cbc_encrypt
-
-int KRB5_CALLCONV
-des_ecb_encrypt(clear, cipher, schedule, enc)
- des_cblock *clear;
- des_cblock *cipher;
- const mit_des_key_schedule schedule;
- int enc; /* 0 ==> decrypt, else encrypt */
-{
- static const des_cblock iv;
-
- return (mit_des_cbc_encrypt((const des_cblock *)clear, cipher,
- 8, schedule, iv, enc));
-}
+++ /dev/null
-/*
- * lib/des425/enc_dec.c
- *
- * Copyright 1985, 1986, 1987, 1988, 1990 by the Massachusetts Institute
- * of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- */
-
-#include "des_int.h"
-#include "des.h"
-#undef mit_des_cbc_encrypt
-
-int
-des_cbc_encrypt(in,out,length,key,iv,enc)
- des_cblock *in; /* >= length bytes of input text */
- des_cblock *out; /* >= length bytes of output text */
- register unsigned long length; /* in bytes */
- const mit_des_key_schedule key; /* precomputed key schedule */
- const des_cblock *iv; /* 8 bytes of ivec */
- int enc; /* 0 ==> decrypt, else encrypt */
-{
- return (mit_des_cbc_encrypt((const des_cblock *) in,
- out, length, key,
- (const unsigned char *)iv, /* YUCK! */
- enc));
-}
+++ /dev/null
-/*
- * lib/des425/key_parity.c
- *
- * Copyright 1989, 1990 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include "des_int.h"
-#include "des.h"
-
-/*
- * des_fixup_key_parity: Forces odd parity per byte; parity is bits
- * 8,16,...64 in des order, implies 0, 8, 16, ...
- * vax order.
- */
-void
-des_fixup_key_parity(key)
- register mit_des_cblock key;
-{
- mit_des_fixup_key_parity(key);
-}
-
-/*
- * des_check_key_parity: returns true iff key has the correct des parity.
- */
-int
-des_check_key_parity(key)
- register mit_des_cblock key;
-{
- return(mit_des_check_key_parity(key));
-}
-
+++ /dev/null
-/*
- * lib/des425/key_sched.c
- *
- * Copyright 1985, 1986, 1987, 1988, 1990 by the Massachusetts Institute
- * of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-
-#include <stdio.h>
-#include "des_int.h"
-#include "des.h"
-
-int KRB5_CALLCONV
-des_key_sched(k,schedule)
- des_cblock k;
- des_key_schedule schedule;
-{
- return (mit_des_key_sched(k, schedule));
-}
+++ /dev/null
-afs_string_to_key
-des_cbc_cksum
-des_cbc_encrypt
-des_cblock_print_file
-des_check_key_parity
-des_ecb_encrypt
-des_fixup_key_parity
-des_init_random_number_generator
-des_is_weak_key
-des_key_sched
-des_new_random_key
-des_pcbc_encrypt
-des_quad_cksum
-des_random_key
-des_read_password
-des_read_pw_string
-des_string_to_key
-unix_time_gmt_unixsec
+++ /dev/null
-#include "des_int.h"
-#include "des.h"
-#undef mit_des3_cbc_encrypt
-
-/* These functions are exported on KfM for ABI compatibility with
- * older versions of the library. They have been pulled from the headers
- * in the hope that someday we can remove them.
- *
- * Do not change the ABIs of any of these functions!
- */
-
-//int des_read_pw_string(char *, int, char *, int);
-char *des_crypt(const char *, const char *);
-char *des_fcrypt(const char *, const char *, char *);
-
-int make_key_sched(des_cblock *, des_key_schedule);
-int des_set_key(des_cblock *, des_key_schedule);
-
-void des_3cbc_encrypt(des_cblock *, des_cblock *, long,
- des_key_schedule, des_key_schedule, des_key_schedule,
- des_cblock *, int);
-void des_3ecb_encrypt(des_cblock *, des_cblock *,
- des_key_schedule, des_key_schedule, des_key_schedule,
- int);
-
-void des_generate_random_block(des_cblock);
-void des_set_random_generator_seed(des_cblock);
-void des_set_sequence_number(des_cblock);
-
-#pragma mark -
-
-/* Why was this exported on KfM? Who knows... */
-int des_debug = 0;
-
-char *des_crypt(const char *str, const char *salt)
-{
- char afs_buf[16];
-
- return des_fcrypt(str, salt, afs_buf);
-}
-
-
-char *des_fcrypt(const char *str, const char *salt, char *buf)
-{
- return mit_afs_crypt(str, salt, buf);
-}
-
-
-int make_key_sched(des_cblock *k, des_key_schedule schedule)
-{
- return mit_des_key_sched((unsigned char *)k, schedule); /* YUCK! */
-}
-
-
-int des_set_key(des_cblock *key, des_key_schedule schedule)
-{
- return make_key_sched(key, schedule);
-}
-
-
-void des_3cbc_encrypt(des_cblock *in, des_cblock *out, long length,
- des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3,
- des_cblock *iv, int enc)
-{
- mit_des3_cbc_encrypt((const des_cblock *)in, out, (unsigned long)length,
- ks1, ks2, ks3,
- (const unsigned char *)iv, /* YUCK! */
- enc);
-}
-
-
-void des_3ecb_encrypt(des_cblock *clear, des_cblock *cipher,
- des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3,
- int enc)
-{
- static const des_cblock iv;
-
- mit_des3_cbc_encrypt((const des_cblock *)clear, cipher, 8, ks1, ks2, ks3, iv, enc);
-}
-
-
-void des_generate_random_block(des_cblock block)
-{
- krb5_data data;
-
- data.length = sizeof(des_cblock);
- data.data = (char *)block;
-
- /* This function can return an error, however we must ignore it. */
- /* The worst that happens is that the resulting block is non-random */
- krb5_c_random_make_octets(/* XXX */ 0, &data);
-}
-
-
-void des_set_random_generator_seed(des_cblock block)
-{
- des_init_random_number_generator(block); /* XXX */
-}
-
-
-void des_set_sequence_number(des_cblock block)
-{
- des_init_random_number_generator(block); /* XXX */
-}
+++ /dev/null
-/*
- * lib/des425/new_rnd_key.c
- *
- * Copyright 1988,1990 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- */
-
-/*
- * Copyright (C) 1998 by the FundsXpress, INC.
- *
- * All rights reserved.
- *
- * Export of this software from the United States of America may require
- * a specific license from the United States Government. It is the
- * responsibility of any person or organization contemplating export to
- * obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of FundsXpress. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. FundsXpress makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#include "des_int.h"
-#include "des.h"
-#include "k5-int.h"
-
-void
-des_init_random_number_generator(key)
- mit_des_cblock key;
-{
- krb5_data seed;
-
- seed.length = sizeof(key);
- seed.data = (char *) key;
-
- if (krb5_c_random_seed(/* XXX */ 0, &seed))
- /* XXX */ abort();
-}
-
-/*
- * des_new_random_key: create a random des key
- *
- * Requires: des_set_random_number_generater_seed must be at called least
- * once before this routine is called.
- *
- * Notes: the returned key has correct parity and is guarenteed not
- * to be a weak des key. Des_generate_random_block is used to
- * provide the random bits.
- */
-int KRB5_CALLCONV
-des_new_random_key(key)
- mit_des_cblock key;
-{
- krb5_keyblock keyblock;
- krb5_error_code kret;
-
- kret = krb5_c_make_random_key(/* XXX */ 0, ENCTYPE_DES_CBC_CRC, &keyblock);
- if (kret) return kret;
-
- memcpy(key, keyblock.contents, sizeof(mit_des_cblock));
- krb5_free_keyblock_contents(/* XXX */ 0, &keyblock);
-
- return 0;
-}
+++ /dev/null
-/*
- * lib/des425/pcbc_encrypt.c
- *
- * Copyright (C) 1990 by the Massachusetts Institute of Technology.
- * All rights reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * DES implementation donated by Dennis Ferguson
- */
-
-/*
- * des_pcbc_encrypt.c - encrypt a string of characters in error propagation mode
- */
-
-#include "autoconf.h" /* in case this defines CONFIG_SMALL */
-#undef CONFIG_SMALL /* XXX needs non-exported crypto symbols */
-#include "des_int.h"
-#include "des.h"
-#include <f_tables.h>
-
-/*
- * des_pcbc_encrypt - {en,de}crypt a stream in PCBC mode
- */
-int KRB5_CALLCONV
-des_pcbc_encrypt(in, out, length, schedule, ivec, enc)
- des_cblock *in;
- des_cblock *out;
- long length;
- const des_key_schedule schedule;
- des_cblock *ivec;
- int enc;
-{
- unsigned DES_INT32 left, right;
- const unsigned DES_INT32 *kp;
- const unsigned char *ip;
- unsigned char *op;
-
- /*
- * Copy the key pointer, just once
- */
- kp = (const unsigned DES_INT32 *)schedule;
-
- /*
- * Deal with encryption and decryption separately.
- */
- if (enc) {
- /* Initialization isn't really needed here, but gcc
- complains because it doesn't understand that the
- only case where these can be used uninitialized is
- to compute values that'll in turn be ignored
- because we won't go around the loop again. */
- unsigned DES_INT32 plainl = 42;
- unsigned DES_INT32 plainr = 17;
-
- /*
- * Initialize left and right with the contents of the initial
- * vector.
- */
- ip = *ivec;
- GET_HALF_BLOCK(left, ip);
- GET_HALF_BLOCK(right, ip);
-
- /*
- * Suitably initialized, now work the length down 8 bytes
- * at a time.
- */
- ip = *in;
- op = *out;
- while (length > 0) {
- /*
- * Get block of input. If the length is
- * greater than 8 this is straight
- * forward. Otherwise we have to fart around.
- */
- if (length > 8) {
- GET_HALF_BLOCK(plainl, ip);
- GET_HALF_BLOCK(plainr, ip);
- left ^= plainl;
- right ^= plainr;
- length -= 8;
- } else {
- /*
- * Oh, shoot. We need to pad the
- * end with zeroes. Work backwards
- * to do this. We know this is the
- * last block, though, so we don't have
- * to save the plain text.
- */
- ip += (int) length;
- switch(length) {
- case 8:
- right ^= *(--ip) & 0xff;
- case 7:
- right ^= (*(--ip) & 0xff) << 8;
- case 6:
- right ^= (*(--ip) & 0xff) << 16;
- case 5:
- right ^= (*(--ip) & 0xff) << 24;
- case 4:
- left ^= *(--ip) & 0xff;
- case 3:
- left ^= (*(--ip) & 0xff) << 8;
- case 2:
- left ^= (*(--ip) & 0xff) << 16;
- case 1:
- left ^= (*(--ip) & 0xff) << 24;
- break;
- }
- length = 0;
- }
-
- /*
- * Encrypt what we have
- */
- DES_DO_ENCRYPT(left, right, kp);
-
- /*
- * Copy the results out
- */
- PUT_HALF_BLOCK(left, op);
- PUT_HALF_BLOCK(right, op);
-
- /*
- * Xor with the old plain text
- */
- left ^= plainl;
- right ^= plainr;
- }
- } else {
- /*
- * Decrypting is harder than encrypting because of
- * the necessity of remembering a lot more things.
- * Should think about this a little more...
- */
- unsigned DES_INT32 ocipherl, ocipherr;
- unsigned DES_INT32 cipherl, cipherr;
-
- if (length <= 0)
- return 0;
-
- /*
- * Prime the old cipher with ivec.
- */
- ip = *ivec;
- GET_HALF_BLOCK(ocipherl, ip);
- GET_HALF_BLOCK(ocipherr, ip);
-
- /*
- * Now do this in earnest until we run out of length.
- */
- ip = *in;
- op = *out;
- for (;;) { /* check done inside loop */
- /*
- * Read a block from the input into left and
- * right. Save this cipher block for later.
- */
- GET_HALF_BLOCK(left, ip);
- GET_HALF_BLOCK(right, ip);
- cipherl = left;
- cipherr = right;
-
- /*
- * Decrypt this.
- */
- DES_DO_DECRYPT(left, right, kp);
-
- /*
- * Xor with the old cipher to get plain
- * text. Output 8 or less bytes of this.
- */
- left ^= ocipherl;
- right ^= ocipherr;
- if (length > 8) {
- length -= 8;
- PUT_HALF_BLOCK(left, op);
- PUT_HALF_BLOCK(right, op);
- /*
- * Save current cipher block here
- */
- ocipherl = cipherl ^ left;
- ocipherr = cipherr ^ right;
- } else {
- /*
- * Trouble here. Start at end of output,
- * work backwards.
- */
- op += (int) length;
- switch(length) {
- case 8:
- *(--op) = (unsigned char) (right & 0xff);
- case 7:
- *(--op) = (unsigned char) ((right >> 8) & 0xff);
- case 6:
- *(--op) = (unsigned char) ((right >> 16) & 0xff);
- case 5:
- *(--op) = (unsigned char) ((right >> 24) & 0xff);
- case 4:
- *(--op) = (unsigned char) (left & 0xff);
- case 3:
- *(--op) = (unsigned char) ((left >> 8) & 0xff);
- case 2:
- *(--op) = (unsigned char) ((left >> 16) & 0xff);
- case 1:
- *(--op) = (unsigned char) ((left >> 24) & 0xff);
- break;
- }
- break; /* we're done */
- }
- }
- }
-
- /*
- * Done, return nothing.
- */
- return 0;
-}
+++ /dev/null
-/*
- * lib/des425/quad_cksum.c
- *
- * Copyright 1985, 1986, 1987, 1988,1990 by the Massachusetts Institute
- * of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * This routine does not implement:
- *
- *
- * Quadratic Congruential Manipulation Dectection Code
- *
- * ref: "Message Authentication"
- * R.R. Jueneman, S. M. Matyas, C.H. Meyer
- * IEEE Communications Magazine,
- * Sept 1985 Vol 23 No 9 p 29-40
- *
- * This routine, part of the Athena DES library built for the Kerberos
- * authentication system, calculates a manipulation detection code for
- * a message. It is a much faster alternative to the DES-checksum
- * method. No guarantees are offered for its security.
- *
- * Implementation for 4.2bsd
- * by S.P. Miller Project Athena/MIT
- */
-
-/*
- * Algorithm (per paper):
- * define:
- * message to be composed of n m-bit blocks X1,...,Xn
- * optional secret seed S in block X1
- * MDC in block Xn+1
- * prime modulus N
- * accumulator Z
- * initial (secret) value of accumulator C
- * N, C, and S are known at both ends
- * C and , optionally, S, are hidden from the end users
- * then
- * (read array references as subscripts over time)
- * Z[0] = c;
- * for i = 1...n
- * Z[i] = (Z[i+1] + X[i])**2 modulo N
- * X[n+1] = Z[n] = MDC
- *
- * Then pick
- * N = 2**31 -1
- * m = 16
- * iterate 4 times over plaintext, also use Zn
- * from iteration j as seed for iteration j+1,
- * total MDC is then a 128 bit array of the four
- * Zn;
- *
- * return the last Zn and optionally, all
- * four as output args.
- *
- * Modifications:
- * To inhibit brute force searches of the seed space, this
- * implementation is modified to have
- * Z = 64 bit accumulator
- * C = 64 bit C seed
- * N = 2**63 - 1
- * S = S seed is not implemented here
- * arithmetic is not quite real double integer precision, since we
- * cant get at the carry or high order results from multiply,
- * but nontheless is 64 bit arithmetic.
- */
-/*
- * This code purports to implement the above algorithm, but fails.
- *
- * First of all, there was an implicit mod 2**32 being done on the
- * machines where this was developed because of their word sizes, and
- * for compabitility this has to be done on machines with 64-bit
- * words, so we make it explicit.
- *
- * Second, in the squaring operation, I really doubt the carry-over
- * from the low 31-bit half of the accumulator is being done right,
- * and using a modulus of 0x7fffffff on the low half of the
- * accumulator seems completely wrong. And I challenge anyone to
- * explain where the number 83653421 comes from.
- *
- * --Ken Raeburn 2001-04-06
- */
-
-
-/* System include files */
-#include <stdio.h>
-#include <errno.h>
-
-#include "des_int.h"
-#include "des.h"
-
-/* Definitions for byte swapping */
-
-/* vax byte order is LSB first. This is not performance critical, and
- is far more readable this way. */
-#define four_bytes_vax_to_nets(x) ((((((x[3]<<8)|x[2])<<8)|x[1])<<8)|x[0])
-#define vaxtohl(x) four_bytes_vax_to_nets(((const unsigned char *)(x)))
-#define two_bytes_vax_to_nets(x) ((x[1]<<8)|x[0])
-#define vaxtohs(x) two_bytes_vax_to_nets(((const unsigned char *)(x)))
-
-/* Externals */
-extern int des_debug;
-
-/*** Routines ***************************************************** */
-
-unsigned long KRB5_CALLCONV
-des_quad_cksum(in,out,length,out_count,c_seed)
- const unsigned char *in; /* input block */
- unsigned DES_INT32 *out; /* optional longer output */
- long length; /* original length in bytes */
- int out_count; /* number of iterations */
- mit_des_cblock *c_seed; /* secret seed, 8 bytes */
-{
-
- /*
- * this routine both returns the low order of the final (last in
- * time) 32bits of the checksum, and if "out" is not a null
- * pointer, a longer version, up to entire 32 bytes of the
- * checksum is written unto the address pointed to.
- */
-
- register unsigned DES_INT32 z;
- register unsigned DES_INT32 z2;
- register unsigned DES_INT32 x;
- register unsigned DES_INT32 x2;
- const unsigned char *p;
- register DES_INT32 len;
- register int i;
-
- /* use all 8 bytes of seed */
-
- z = vaxtohl(c_seed);
- z2 = vaxtohl((const char *)c_seed+4);
- if (out == NULL)
- out_count = 1; /* default */
-
- /* This is repeated n times!! */
- for (i = 1; i <=4 && i<= out_count; i++) {
- len = length;
- p = in;
- while (len) {
- /*
- * X = Z + Input ... sort of. Carry out from low half
- * isn't done, so we're using all 32 bits of x now.
- */
- if (len > 1) {
- x = (z + vaxtohs(p));
- p += 2;
- len -= 2;
- }
- else {
- x = (z + *(const unsigned char *)p++);
- len = 0;
- }
- x2 = z2;
- /*
- * I think this is supposed to be a squaring operation.
- * What it really is, I haven't figured out yet.
- *
- * Explicit mod 2**32 is for backwards compatibility. Why
- * mod 0x7fffffff and not 0x80000000 on the low half of
- * the (supposed) accumulator? And where does the number
- * 83653421 come from??
- */
- z = (((x * x) + (x2 * x2)) & 0xffffffff) % 0x7fffffff;
- z2 = ((x * (x2+83653421)) & 0xffffffff) % 0x7fffffff; /* modulo */
-#ifdef DEBUG
- if (des_debug & 8)
- printf("%d %d\n",z,z2);
-#endif
- }
-
- if (out != NULL) {
- *out++ = z;
- *out++ = z2;
- }
- }
- /* return final z value as 32 bit version of checksum */
- return z;
-}
+++ /dev/null
-/*
- * lib/des425/random_key.c
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- */
-
-/*
- * Copyright (C) 1998 by the FundsXpress, INC.
- *
- * All rights reserved.
- *
- * Export of this software from the United States of America may require
- * a specific license from the United States Government. It is the
- * responsibility of any person or organization contemplating export to
- * obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of FundsXpress. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. FundsXpress makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#include "des_int.h"
-#include "des.h"
-
-/* random_key */
-int
-des_random_key(key)
- mit_des_cblock *key;
-{
- krb5_keyblock keyblock;
- krb5_error_code kret;
-
- if ((kret = krb5_c_make_random_key(/* XXX */ 0, ENCTYPE_DES_CBC_CRC,
- &keyblock)))
- return(kret);
-
- memcpy(key, keyblock.contents, sizeof(mit_des_cblock));
-
- return(0);
-}
-
+++ /dev/null
-/*
- * lib/des425/read_passwd.c
- *
- * Copyright 1985,1986,1987,1988,1991 by the Massachusetts Institute
- * of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * This routine prints the supplied string to standard
- * output as a prompt, and reads a password string without
- * echoing.
- */
-
-#if !defined(_WIN32)
-
-#include "des_int.h"
-#include "des.h"
-#include <stdio.h>
-#include <errno.h>
-#include <krb5.h>
-/* This is re-declared here because des.h might not declare it. */
-int KRB5_CALLCONV des_read_pw_string(char *, int, char *, int);
-static int des_rd_pwstr_2prompt(char *, int, char *, char *);
-
-
-/*** Routines ****************************************************** */
-static int
-des_rd_pwstr_2prompt(return_pwd, bufsize_in, prompt, prompt2)
- char *return_pwd;
- int bufsize_in;
- char *prompt;
- char *prompt2;
-{
- krb5_data reply_data;
- krb5_prompt k5prompt;
- krb5_error_code retval;
- reply_data.length = bufsize_in;
- reply_data.data = return_pwd;
- k5prompt.prompt = prompt;
- k5prompt.hidden = 1;
- k5prompt.reply = &reply_data;
- retval = krb5_prompter_posix(NULL,
- NULL, NULL, NULL, 1, &k5prompt);
-
- if ((retval==0) && prompt2) {
- krb5_data verify_data;
- verify_data.data = malloc(bufsize_in);
- verify_data.length = bufsize_in;
- k5prompt.prompt = prompt2;
- k5prompt.reply = &verify_data;
- if (!verify_data.data)
- return ENOMEM;
- retval = krb5_prompter_posix(NULL,
- NULL,NULL, NULL, 1, &k5prompt);
- if (retval) {
- free(verify_data.data);
- } else {
- /* compare */
- if (strncmp(return_pwd, (char *)verify_data.data, bufsize_in)) {
- retval = KRB5_LIBOS_BADPWDMATCH;
- free(verify_data.data);
- }
- }
- }
- return retval;
-}
-
-
-int KRB5_CALLCONV
-des_read_password(k,prompt,verify)
- mit_des_cblock *k;
- char *prompt;
- int verify;
-{
- int ok;
- char key_string[BUFSIZ];
-
- ok = des_read_pw_string(key_string, sizeof(key_string), prompt, verify);
- if (ok == 0)
- des_string_to_key(key_string, *k);
-
- memset(key_string, 0, sizeof (key_string));
- return ok;
-}
-
-/* Note: this function is exported on KfM. Do not change its ABI. */
-int KRB5_CALLCONV
-des_read_pw_string(s, max, prompt, verify)
- char *s;
- int max;
- char *prompt;
- int verify;
-{
- int ok;
- char prompt2[BUFSIZ];
-
- if (verify) {
- snprintf(prompt2, sizeof(prompt2), "Verifying, please re-enter %s",
- prompt);
- }
- ok = des_rd_pwstr_2prompt(s, max, prompt, verify ? prompt2 : 0);
- return ok;
-}
-
-#else /* !unix */
-/*
- * These are all just dummy functions to make the rest of the library happy...
- */
-#endif /* _WINDOWS */
+++ /dev/null
-/*
- * lib/des425/str_to_key.c
- *
- * Copyright 1985, 1986, 1987, 1988, 1989,1990 by the Massachusetts Institute
- * of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * These routines perform encryption and decryption using the DES
- * private key algorithm, or else a subset of it-- fewer inner loops.
- * (AUTH_DES_ITER defaults to 16, may be less.)
- *
- * Under U.S. law, this software may not be exported outside the US
- * without license from the U.S. Commerce department.
- *
- * The key schedule is passed as an arg, as well as the cleartext or
- * ciphertext. The cleartext and ciphertext should be in host order.
- *
- * These routines form the library interface to the DES facilities.
- *
- * spm 8/85 MIT project athena
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include "des_int.h"
-#include "des.h"
-
-extern int mit_des_debug;
-
-/*
- * Convert an arbitrary length string to a DES key.
- */
-
-/*
- * For krb5, a change was made to this algorithm: When each key is
- * generated, after fixing parity, a check for weak and semi-weak keys
- * is done. If the key is weak or semi-weak, we XOR the last byte
- * with 0xF0. (In the case of the intermediate key, the weakness is
- * probably irrelevant, but there it is.) The odds that this will
- * generate a different key for a random input string are pretty low,
- * but non-zero. So we need this different function for krb4 to use.
- */
-int KRB5_CALLCONV
-des_string_to_key(str,key)
- const char *str;
- register mit_des_cblock key;
-{
- const char *in_str;
- register unsigned temp;
- register int j;
- unsigned long i, length;
- unsigned char *k_p;
- int forward;
- register char *p_char;
- char k_char[64];
- mit_des_key_schedule key_sked;
-
- in_str = str;
- forward = 1;
- p_char = k_char;
- length = strlen(str);
-
- /* init key array for bits */
- memset(k_char, 0,sizeof(k_char));
-
-#ifdef DEBUG
- if (mit_des_debug)
- fprintf(stdout,
- "\n\ninput str length = %ld string = %s\nstring = 0x ",
- length,str);
-#endif
-
- /* get next 8 bytes, strip parity, xor */
- for (i = 1; i <= length; i++) {
- /* get next input key byte */
- temp = (unsigned int) *str++;
-#ifdef DEBUG
- if (mit_des_debug)
- fprintf(stdout,"%02x ",temp & 0xff);
-#endif
- /* loop through bits within byte, ignore parity */
- for (j = 0; j <= 6; j++) {
- if (forward)
- *p_char++ ^= (int) temp & 01;
- else
- *--p_char ^= (int) temp & 01;
- temp = temp >> 1;
- }
-
- /* check and flip direction */
- if ((i%8) == 0)
- forward = !forward;
- }
-
- /* now stuff into the key des_cblock, and force odd parity */
- p_char = k_char;
- k_p = (unsigned char *) key;
-
- for (i = 0; i <= 7; i++) {
- temp = 0;
- for (j = 0; j <= 6; j++)
- temp |= *p_char++ << (1+j);
- *k_p++ = (unsigned char) temp;
- }
-
- /* fix key parity */
- des_fixup_key_parity(key);
-
- /* Now one-way encrypt it with the folded key */
- (void) des_key_sched(key, key_sked);
- (void) des_cbc_cksum((const des_cblock *)in_str, (des_cblock *)key,
- length, key_sked, (const des_cblock *)key);
- /* erase key_sked */
- memset(key_sked, 0,sizeof(key_sked));
-
- /* now fix up key parity again */
- des_fixup_key_parity(key);
-
-#ifdef DEBUG
- if (mit_des_debug)
- fprintf(stdout,
- "\nResulting string_to_key = 0x%x 0x%x\n",
- *((unsigned long *) key),
- *((unsigned long *) key+1));
-#endif /* DEBUG */
- return 0; /* Really should be returning void, */
- /* but the original spec was for it to */
- /* return an int, and ANSI compilers */
- /* can do dumb things sometimes */
-}
-
-void afs_string_to_key(char *str, char *cell, des_cblock key)
-{
- krb5_data str_data;
- krb5_data cell_data;
- krb5_keyblock keyblock;
-
- str_data.data = str;
- str_data.length = strlen(str);
- cell_data.data = cell;
- cell_data.length = strlen(cell);
- keyblock.enctype = ENCTYPE_DES_CBC_CRC;
- keyblock.length = sizeof(des_cblock);
- keyblock.contents = key;
-
- mit_afs_string_to_key(&keyblock, &str_data, &cell_data);
-}
+++ /dev/null
-/* THIS FILE DOES NOT GET COMPILED. AUDIT BEFORE USE. */
-/*
- * lib/des425/string2key.c
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * Wrapper for the V4 libdes for use with kerberos V5.
- */
-
-
-#include "des.h"
-#include "des_int.h"
-
-#ifdef DEBUG
-#include <stdio.h>
-extern int des_debug;
-#endif
-
-/*
- converts the string pointed to by "data" into an encryption key
- of type "enctype". *keyblock is filled in with the key info;
- in particular, keyblock->contents is to be set to allocated storage.
- It is the responsibility of the caller to release this storage
- when the generated key no longer needed.
-
- The routine may use "princ" to seed or alter the conversion
- algorithm.
-
- If the particular function called does not know how to make a
- key of type "enctype", an error may be returned.
-
- returns: errors
- */
-
-krb5_error_code mit_des_string_to_key (enctype, keyblock, data, princ)
- const krb5_enctype enctype;
- krb5_keyblock * keyblock;
- const krb5_data * data;
- krb5_const_principal princ;
-{
- char copystr[512];
-
- register char *str = copystr;
- register krb5_octet *key;
-
- register unsigned temp,i;
- register int j;
- register long length;
- unsigned char *k_p;
- int forward;
- register char *p_char;
- char k_char[64];
- mit_des_key_schedule key_sked;
-
-#define min(A, B) ((A) < (B) ? (A): (B))
-
- if ( enctype != ENCTYPE_DES )
- return (KRB5_PROG_ENCTYPE_NOSUPP);
-
- if ( !(keyblock->contents = (krb5_octet *)malloc(sizeof(mit_des_cblock))) )
- return(ENOMEM);
-
-#define cleanup() {memset(keyblock->contents, 0, sizeof(mit_des_cblock));\
- krb5_xfree(keyblock->contents);}
-
- keyblock->enctype = ENCTYPE_DES;
- keyblock->length = sizeof(mit_des_cblock);
- key = keyblock->contents;
-
- memset(copystr, 0, sizeof(copystr));
- j = min(data->length, 511);
- (void) strncpy(copystr, data->data, j);
- if ( princ != 0 )
- for (i=0; princ[i] != 0 && j < 511; i++) {
- (void) strncpy(copystr+j, princ[i]->data,
- min(princ[i]->length, 511-j));
- j += min(princ[i]->length, 511-j);
- }
-
- /* convert copystr to des key */
- forward = 1;
- p_char = k_char;
- length = strlen(str);
-
- /* init key array for bits */
- memset(k_char,0,sizeof(k_char));
-
-#ifdef DEBUG
- if (mit_des_debug)
- fprintf(stdout,
- "\n\ninput str length = %d string = %s\nstring = 0x ",
- length,str);
-#endif
-
- /* get next 8 bytes, strip parity, xor */
- for (i = 1; i <= length; i++) {
- /* get next input key byte */
- temp = (unsigned int) *str++;
-#ifdef DEBUG
- if (mit_des_debug)
- fprintf(stdout,"%02x ",temp & 0xff);
-#endif
- /* loop through bits within byte, ignore parity */
- for (j = 0; j <= 6; j++) {
- if (forward)
- *p_char++ ^= (int) temp & 01;
- else
- *--p_char ^= (int) temp & 01;
- temp = temp >> 1;
- }
-
- /* check and flip direction */
- if ((i%8) == 0)
- forward = !forward;
- }
-
- /* now stuff into the key mit_des_cblock, and force odd parity */
- p_char = k_char;
- k_p = (unsigned char *) key;
-
- for (i = 0; i <= 7; i++) {
- temp = 0;
- for (j = 0; j <= 6; j++)
- temp |= *p_char++ << (1+j);
- *k_p++ = (unsigned char) temp;
- }
-
- /* fix key parity */
- mit_des_fixup_key_parity(key);
-
- /* Now one-way encrypt it with the folded key */
- (void) mit_des_key_sched(key, key_sked);
- (void) mit_des_cbc_cksum((krb5_octet *)copystr, key, length, key_sked, key);
- /* erase key_sked */
- memset((char *)key_sked, 0, sizeof(key_sked));
-
- /* now fix up key parity again */
- mit_des_fixup_key_parity(key);
-
-#ifdef DEBUG
- if (mit_des_debug)
- fprintf(stdout,
- "\nResulting string_to_key = 0x%x 0x%x\n",
- *((unsigned long *) key),
- *((unsigned long *) key+1));
-#endif
-
- return 0;
-}
-
-
-
-
+++ /dev/null
-/*
- * lib/des425/t_quad.c
- *
- * Copyright 2001 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-
-#include <stdio.h>
-#include <errno.h>
-#include "des_int.h"
-#include "des.h"
-
-char *progname;
-int des_debug;
-
-/* These test values were constructed by experimentation, because I
- couldn't be bothered to look up the spec for the encryption mode
- and see if any test vector is defined. But really, the thing we
- need to test is that the operation we use doesn't changed. Like
- with quad_cksum, compatibility is more important than strict
- adherence to the spec, if we have to choose. In any case, if you
- have a useful test vector, send it in.... */
-struct {
- unsigned char text[32];
- des_cblock out[4];
-} tests[] = {
- {
- "Now is the time for all ",
- {
- { 0x7f, 0x81, 0x65, 0x41, 0x21, 0xdb, 0xd4, 0xcf, },
- { 0xf8, 0xaa, 0x09, 0x90, 0xeb, 0xc7, 0x60, 0x2b, },
- { 0x45, 0x3e, 0x4e, 0x65, 0x83, 0x6c, 0xf1, 0x98, },
- { 0x4c, 0xfc, 0x69, 0x72, 0x23, 0xdb, 0x48, 0x78, }
- }
- }, {
- "7654321 Now is the time for ",
- {
- { 0xcc, 0xd1, 0x73, 0xff, 0xab, 0x20, 0x39, 0xf4, },
- { 0x6d, 0xec, 0xb4, 0x70, 0xa0, 0xe5, 0x6b, 0x15, },
- { 0xae, 0xa6, 0xbf, 0x61, 0xed, 0x7d, 0x9c, 0x9f, },
- { 0xf7, 0x17, 0x46, 0x3b, 0x8a, 0xb3, 0xcc, 0x88, }
- }
- }, {
- "hi",
- { { 0x76, 0x61, 0x0e, 0x8b, 0x23, 0xa4, 0x5f, 0x34, } }
- },
-};
-
-/* 0x0123456789abcdef */
-unsigned char default_key[8] = {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
-};
-des_cblock ivec = {
- 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10
-};
-
-int
-main(argc,argv)
- int argc;
- char *argv[];
-{
- int i;
- int fail=0;
- des_cblock out[32/8];
- des_cblock out2[32/8];
- des_key_schedule sked;
-
- progname=argv[0]; /* salt away invoking program */
-
- /* use known input and key */
-
- for (i = 0; i < 3; i++) {
- int wrong = 0, j, jmax;
- des_key_sched (default_key, sked);
- /* This could lose on alignment... */
- des_pcbc_encrypt ((des_cblock *)&tests[i].text, out,
- strlen(tests[i].text) + 1, sked, &ivec, 1);
- printf ("pcbc_encrypt(\"%s\") = {", tests[i].text);
- jmax = (strlen (tests[i].text) + 8) & ~7U;
- for (j = 0; j < jmax; j++) {
- if (j % 8 == 0)
- printf ("\n\t");
- printf (" 0x%02x,", out[j/8][j%8]);
- if (out[j/8][j%8] != tests[i].out[j/8][j%8])
- wrong = 1;
- }
- printf ("\n}\n");
-
- /* reverse it */
- des_pcbc_encrypt (out, out2, jmax, sked, &ivec, 0);
- if (strcmp ((char *)out2, tests[i].text)) {
- printf ("decrypt failed\n");
- wrong = 1;
- } else
- printf ("decrypt worked\n");
-
- if (wrong) {
- printf ("wrong result!\n");
- fail = 1;
- }
- }
- return fail;
-}
+++ /dev/null
-/*
- * lib/des425/t_quad.c
- *
- * Copyright 2001 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-
-#include <stdio.h>
-#include <errno.h>
-#include "des_int.h"
-#include "des.h"
-
-extern unsigned long quad_cksum();
-char *progname;
-int des_debug;
-unsigned DES_INT32 out[8];
-struct {
- unsigned char text[64];
- unsigned DES_INT32 out[8];
-} tests[] = {
- {
- "Now is the time for all ",
- {
- 0x6c6240c5, 0x77db9b1c, 0x7991d316, 0x4e688989,
- 0x27a0ae6a, 0x13be2da4, 0x4a2fdfc6, 0x7dfc494c,
- }
- }, {
- "7654321 Now is the time for ",
- {
- 0x36839db5, 0x4d7be717, 0x15b0f5b6, 0x2304ff9c,
- 0x75472d26, 0x6a5f833c, 0x7399a4ee, 0x1170fdfb,
- }
- }, {
- {2,0,0,0, 1,0,0,0},
- {
- 0x7c81f205, 0x63d38e38, 0x314ece44, 0x05d3a4f8,
- 0x6e10db76, 0x3eda7685, 0x2e841332, 0x1bdc7fd3,
- }
- },
-};
-
-/* 0x0123456789abcdef */
-unsigned char default_key[8] = {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
-};
-
-int
-main(argc,argv)
- int argc;
- char *argv[];
-{
- int i;
- int fail=0;
-
- progname=argv[0]; /* salt away invoking program */
-
- /* use known input and key */
-
- for (i = 0; i < 3; i++) {
- int wrong = 0, j;
- des_quad_cksum (tests[i].text, out, 64L, 4,
- (mit_des_cblock *) &default_key);
- if (tests[i].text[0] == 2)
- printf ("quad_cksum(<binary blob 1>) = {");
- else
- printf ("quad_cksum(\"%s\"...zero fill...) = {", tests[i].text);
- for (j = 0; j < 8; j++) {
- if (j == 0 || j == 4)
- printf ("\n\t");
- printf (" 0x%lx,", (unsigned long) out[j]);
- if (out[j] != tests[i].out[j])
- wrong = 1;
- }
- printf ("\n}\n");
- if (wrong) {
- printf ("wrong result!\n");
- fail = 1;
- }
- }
- return fail;
-}
+++ /dev/null
-/*
- * unix_time.c
- *
- * Glue code for pasting Kerberos into the Unix environment.
- *
- * Originally written by John Gilmore, Cygnus Support, May '94.
- * Public Domain.
- *
- * Required for use by the Cygnus krb.a.
- */
-
-
-#include "k5-int.h"
-
-#if !defined(_WIN32)
-#include <sys/time.h>
-
-krb5_ui_4
-unix_time_gmt_unixsec (usecptr)
- krb5_ui_4 *usecptr;
-{
- struct timeval now;
-
- (void) gettimeofday (&now, (struct timezone *)0);
- if (usecptr)
- *usecptr = now.tv_usec;
- return now.tv_sec;
-}
-
-#endif /* !_WIN32 */
-
-#ifdef _WIN32
-#include <time.h>
-
-krb5_ui_4
-unix_time_gmt_unixsec (usecptr)
- krb5_ui_4 *usecptr;
-{
- time_t gmt;
-
- time(&gmt);
- if (usecptr)
- *usecptr = gmt;
- return gmt;
-}
-#endif /* _WIN32 */
+++ /dev/null
-/*
- * lib/des425/util.c
- *
- * Copyright 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- * Miscellaneous debug printing utilities
- */
-
-#include <stdio.h>
-
-/* Application include files */
-#include "k5-int.h"
-#include "des_int.h"
-#include "des.h"
-
-void des_cblock_print_file(x, fp)
- des_cblock *x;
- FILE *fp;
-{
- unsigned char *y = *x;
- register int i = 0;
- fprintf(fp," 0x { ");
-
- while (i++ < 8) {
- fprintf(fp,"%x",*y++);
- if (i < 8)
- fprintf(fp,", ");
- }
- fprintf(fp," }");
-}
+++ /dev/null
-/*
- * lib/des425/verify.c
- *
- * Copyright 1988,1990 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * Program to test the correctness of the DES library
- * implementation.
- *
- * exit returns 0 ==> success
- * -1 ==> error
- */
-
-
-#include <stdio.h>
-#include <errno.h>
-#include "des_int.h"
-#include "des.h"
-
-char *progname;
-int nflag = 2;
-int vflag;
-int mflag;
-int zflag;
-int pid;
-int des_debug;
-des_key_schedule KS;
-unsigned char cipher_text[64];
-unsigned char clear_text[64] = "Now is the time for all " ;
-unsigned char clear_text2[64] = "7654321 Now is the time for ";
-unsigned char clear_text3[64] = {2,0,0,0, 1,0,0,0};
-unsigned char output[64];
-unsigned char zero_text[8] = {0x0,0,0,0,0,0,0,0};
-unsigned char msb_text[8] = {0x0,0,0,0, 0,0,0,0x40}; /* to ANSI MSB */
-unsigned char *input;
-
-/* 0x0123456789abcdef */
-unsigned char default_key[8] = {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
-};
-unsigned char key2[8] = { 0x08,0x19,0x2a,0x3b,0x4c,0x5d,0x6e,0x7f };
-unsigned char key3[8] = { 0x80,1,1,1,1,1,1,1 };
-des_cblock s_key;
-unsigned char default_ivec[8] = {
- 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef
-};
-unsigned char *ivec;
-unsigned char zero_key[8] = {1,1,1,1,1,1,1,1}; /* just parity bits */
-int i,j;
-
-unsigned char cipher1[8] = {
- 0x25,0xdd,0xac,0x3e,0x96,0x17,0x64,0x67
-};
-unsigned char cipher2[8] = {
- 0x3f,0xa4,0x0e,0x8a,0x98,0x4d,0x48,0x15
-};
-unsigned char cipher3[64] = {
- 0xe5,0xc7,0xcd,0xde,0x87,0x2b,0xf2,0x7c,
- 0x43,0xe9,0x34,0x00,0x8c,0x38,0x9c,0x0f,
- 0x68,0x37,0x88,0x49,0x9a,0x7c,0x05,0xf6
-};
-unsigned char checksum[8] = {
- 0x58,0xd2,0xe7,0x7e,0x86,0x06,0x27,0x33
-};
-
-unsigned char zresult[8] = {
- 0x8c, 0xa6, 0x4d, 0xe9, 0xc1, 0xb1, 0x23, 0xa7
-};
-
-unsigned char mresult[8] = {
- 0xa3, 0x80, 0xe0, 0x2a, 0x6b, 0xe5, 0x46, 0x96
-};
-
-
-/*
- * Can also add :
- * plaintext = 0, key = 0, cipher = 0x8ca64de9c1b123a7 (or is it a 1?)
- */
-
-void do_encrypt (unsigned char *, unsigned char *);
-void do_decrypt (unsigned char *, unsigned char *);
-
-int
-main(argc,argv)
- int argc;
- char *argv[];
-{
- /* Local Declarations */
- unsigned long in_length;
-
- progname=argv[0]; /* salt away invoking program */
-
- while (--argc > 0 && (*++argv)[0] == '-')
- for (i=1; argv[0][i] != '\0'; i++) {
- switch (argv[0][i]) {
-
- /* debug flag */
- case 'd':
- des_debug=3;
- continue;
-
- case 'z':
- zflag = 1;
- continue;
-
- case 'm':
- mflag = 1;
- continue;
-
- default:
- printf("%s: illegal flag \"%c\" ",
- progname,argv[0][i]);
- exit(1);
- }
- };
-
- if (argc) {
- fprintf(stderr, "Usage: %s [-dmz]\n", progname);
- exit(1);
- }
-
- /* use known input and key */
-
- /* ECB zero text zero key */
- if (zflag) {
- input = zero_text;
- des_key_sched(zero_key,KS);
- printf("plaintext = key = 0, cipher = 0x8ca64de9c1b123a7\n");
- do_encrypt(input,cipher_text);
- printf("\tcipher = (low to high bytes)\n\t\t");
- for (j = 0; j<=7; j++)
- printf("%02x ",cipher_text[j]);
- printf("\n");
- do_decrypt(output,cipher_text);
- if ( memcmp((char *)cipher_text, (char *)zresult, 8) ) {
- printf("verify: error in zero key test\n");
- exit(-1);
- }
- exit(0);
- }
-
- if (mflag) {
- input = msb_text;
- des_key_sched(key3,KS);
- printf("plaintext = 0x00 00 00 00 00 00 00 40, ");
- printf("key = 0, cipher = 0x??\n");
- do_encrypt(input,cipher_text);
- printf("\tcipher = (low to high bytes)\n\t\t");
- for (j = 0; j<=7; j++) {
- printf("%02x ",cipher_text[j]);
- }
- printf("\n");
- do_decrypt(output,cipher_text);
- if ( memcmp((char *)cipher_text, (char *)mresult, 8) ) {
- printf("verify: error in msb test\n");
- exit(-1);
- }
- exit(0);
- }
-
- /* ECB mode Davies and Price */
- {
- input = zero_text;
- des_key_sched(key2,KS);
- printf("Examples per FIPS publication 81, keys ivs and cipher\n");
- printf("in hex. These are the correct answers, see below for\n");
- printf("the actual answers.\n\n");
- printf("Examples per Davies and Price.\n\n");
- printf("EXAMPLE ECB\tkey = 08192a3b4c5d6e7f\n");
- printf("\tclear = 0\n");
- printf("\tcipher = 25 dd ac 3e 96 17 64 67\n");
- printf("ACTUAL ECB\n");
- printf("\tclear \"%s\"\n", input);
- do_encrypt(input,cipher_text);
- printf("\tcipher = (low to high bytes)\n\t\t");
- for (j = 0; j<=7; j++)
- printf("%02x ",cipher_text[j]);
- printf("\n\n");
- do_decrypt(output,cipher_text);
- if ( memcmp((char *)cipher_text, (char *)cipher1, 8) ) {
- printf("verify: error in ECB encryption\n");
- exit(-1);
- }
- else
- printf("verify: ECB encription is correct\n\n");
- }
-
- /* ECB mode */
- {
- des_key_sched(default_key,KS);
- input = clear_text;
- ivec = default_ivec;
- printf("EXAMPLE ECB\tkey = 0123456789abcdef\n");
- printf("\tclear = \"Now is the time for all \"\n");
- printf("\tcipher = 3f a4 0e 8a 98 4d 48 15 ...\n");
- printf("ACTUAL ECB\n\tclear \"%s\"",input);
- do_encrypt(input,cipher_text);
- printf("\n\tcipher = (low to high bytes)\n\t\t");
- for (j = 0; j<=7; j++) {
- printf("%02x ",cipher_text[j]);
- }
- printf("\n\n");
- do_decrypt(output,cipher_text);
- if ( memcmp((char *)cipher_text, (char *)cipher2, 8) ) {
- printf("verify: error in ECB encryption\n");
- exit(-1);
- }
- else
- printf("verify: ECB encription is correct\n\n");
- }
-
- /* CBC mode */
- printf("EXAMPLE CBC\tkey = 0123456789abcdef");
- printf("\tiv = 1234567890abcdef\n");
- printf("\tclear = \"Now is the time for all \"\n");
- printf("\tcipher =\te5 c7 cd de 87 2b f2 7c\n");
- printf("\t\t\t43 e9 34 00 8c 38 9c 0f\n");
- printf("\t\t\t68 37 88 49 9a 7c 05 f6\n");
-
- printf("ACTUAL CBC\n\tclear \"%s\"\n",input);
- in_length = strlen((char *) input);
- des_cbc_encrypt(input,cipher_text, in_length,KS,ivec,1);
- printf("\tciphertext = (low to high bytes)\n");
- for (i = 0; i <= 7; i++) {
- printf("\t\t");
- for (j = 0; j <= 7; j++) {
- printf("%02x ",cipher_text[i*8+j]);
- }
- printf("\n");
- }
- des_cbc_encrypt(cipher_text,clear_text,in_length,KS,ivec,0);
- printf("\tdecrypted clear_text = \"%s\"\n",clear_text);
-
- if ( memcmp(cipher_text, cipher3, (size_t) in_length) ) {
- printf("verify: error in CBC encryption\n");
- exit(-1);
- }
- else
- printf("verify: CBC encription is correct\n\n");
-
- printf("EXAMPLE CBC checksum");
- printf("\tkey = 0123456789abcdef\tiv = 1234567890abcdef\n");
- printf("\tclear =\t\t\"7654321 Now is the time for \"\n");
- printf("\tchecksum\t58 d2 e7 7e 86 06 27 33, ");
- printf("or some part thereof\n");
- input = clear_text2;
- des_cbc_cksum(input,cipher_text,(long) strlen((char *) input),KS,ivec);
- printf("ACTUAL CBC checksum\n");
- printf("\t\tencrypted cksum = (low to high bytes)\n\t\t");
- for (j = 0; j<=7; j++)
- printf("%02x ",cipher_text[j]);
- printf("\n\n");
- if ( memcmp((char *)cipher_text, (char *)checksum, 8) ) {
- printf("verify: error in CBC cheksum\n");
- exit(-1);
- }
- else
- printf("verify: CBC checksum is correct\n\n");
- exit(0);
-}
-
-void
-do_encrypt(in,out)
- unsigned char *in;
- unsigned char *out;
-{
- for (i =1; i<=nflag; i++) {
- des_ecb_encrypt((unsigned long *) in, (unsigned long *)out, KS, 1);
- if (des_debug) {
- printf("\nclear %s\n",in);
- for (j = 0; j<=7; j++)
- printf("%02X ",in[j] & 0xff);
- printf("\tcipher ");
- for (j = 0; j<=7; j++)
- printf("%02X ",out[j] & 0xff);
- }
- }
-}
-
-void
-do_decrypt(in,out)
- unsigned char *out;
- unsigned char *in;
- /* try to invert it */
-{
- for (i =1; i<=nflag; i++) {
- des_ecb_encrypt((unsigned long *) out, (unsigned long *)in,KS,0);
- if (des_debug) {
- printf("clear %s\n",in);
- for (j = 0; j<=7; j++)
- printf("%02X ",in[j] & 0xff);
- printf("\tcipher ");
- for (j = 0; j<=7; j++)
- printf("%02X ",out[j] & 0xff);
- }
- }
-}
+++ /dev/null
-/*
- * lib/des425/weak_key.c
- *
- * Copyright 1989,1990 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include "des_int.h"
-#include "des.h"
-
-/*
- * mit_des_is_weak_key: returns true iff key is a [semi-]weak des key.
- *
- * Requires: key has correct odd parity.
- */
-int
-des_is_weak_key(key)
- mit_des_cblock key;
-{
- return (mit_des_is_weak_key(key));
-}
+++ /dev/null
-/*
- * CCache-glue.c
- *
- * This file contains implementations of krb4 credentials cache operations in terms
- * of the CCache API (<http://www.umich.edu/~sgr/v4Cache/>).
- *
- * $Header$
- */
-
-
-#include "krb.h"
-#include "krb4int.h"
-
-#if !defined (USE_CCAPI) || !USE_CCAPI
-#error "Cannot use CCache glue without the CCAPI!"
-#endif
-
-#ifdef USE_LOGIN_LIBRARY
-#include <KerberosLoginPrivate.h>
-#endif /* USE_LOGIN_LIBRARY */
-#include <CredentialsCache.h>
-
-#include <string.h>
-#include <stdlib.h>
-
-/*
- * The following functions are part of the KfM ABI.
- * They are deprecated, so they only appear here, not in krb.h.
- *
- * Do not change the ABI of these functions!
- */
-int KRB5_CALLCONV krb_get_num_cred(void);
-int KRB5_CALLCONV krb_get_nth_cred(char *, char *, char *, int);
-int KRB5_CALLCONV krb_delete_cred(char *, char *,char *);
-int KRB5_CALLCONV dest_all_tkts(void);
-
-/* Internal functions */
-static void UpdateDefaultCache (void);
-
-/*
- * The way Kerberos v4 normally works is that at any given point in time there is a
- * file where all the tickets go, determined by an environment variable. If a user kinits
- * to a new principal, the existing tickets are replaced with new ones. At any point in time, there is a
- * "current" or "default" principal, which is determined by the principal associated with
- * the current ticket file.
- *
- * In the CCache API implementation, this corresponds to always having a "default"
- * or "current" named cache. The default principal then corresponds to that cache.
- *
- * Unfortunately, Kerberos v4 also has this notion that the default cache exists (in the sense
- * that its name is known) even before the actual file has been created.
- *
- * In addition to this, we cannot make the default cache system-wide global, because then
- * we get all sorts of interesting scenarios in which context switches between processes
- * can cause credentials to be stored in wrong caches.
- *
- * To solve all the problems, we have to emulate the concept of an environment variable,
- * by having a system-wide concept of what a default credentials cache is; then, we copy
- * the system-wide value into the per-process value when the application starts up.
- *
- * However, in order to allow applications to be able to sanely handle the user model we
- * want to support, in which the user has some way of selecting the system-wide default
- * user _without_ quitting and relaunching all applications (this is also necessary for
- * KClient support), calls had to be added to the Kerberos v4 library to reset the
- * per-process cached value of default cache.
- */
-
-/*
- * Name of the default cache
- */
-char* gDefaultCacheName = NULL;
-
-/*
- * Initialize credentials cache
- *
- * Creating the cache will blow away an existing one. The assumption is that
- * whoever called us made sure that the one that we blow away if it exists
- * is the right one to blow away.
- */
-
-int KRB5_CALLCONV
-krb_in_tkt (
- char* pname,
- char* pinst,
- char* realm)
-{
- char principal [MAX_K_NAME_SZ + 1];
- cc_int32 err = ccNoError;
- cc_context_t cc_context = NULL;
- cc_int32 cc_version;
- cc_ccache_t ccache = NULL;
-
- err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
-
- if (err == ccNoError) {
- snprintf (principal, sizeof(principal), "%s%s%s@%s", pname, (pinst [0] == '\0') ? "" : ".", pinst, realm);
- }
-
- if (err == ccNoError) {
- err = cc_context_create_ccache (cc_context, TKT_FILE, cc_credentials_v4, principal, &ccache);
- }
-
- if (ccache != NULL)
- cc_ccache_release (ccache);
- if (cc_context != NULL)
- cc_context_release (cc_context);
-
- if (err != ccNoError)
- return KFAILURE;
- else
- return KSUCCESS;
-}
-
-int KRB5_CALLCONV
-krb_save_credentials(
- char *service,
- char *instance,
- char *realm,
- C_Block session,
- int lifetime,
- int kvno,
- KTEXT ticket,
- long issue_date)
-{
- return krb4int_save_credentials_addr(service, instance, realm,
- session, lifetime, kvno,
- ticket, issue_date, 0);
-}
-
-/*
- * Store a ticket into the default credentials cache
- * cache must exist (if it didn't exist, it would have been created by in_tkt)
- */
-int
-krb4int_save_credentials_addr(
- char* service,
- char* instance,
- char* realm,
- C_Block session,
- int lifetime,
- int kvno,
- KTEXT ticket,
- KRB4_32 issue_date,
- KRB_UINT32 local_address)
-{
- cc_int32 cc_err = ccNoError;
- int kerr = KSUCCESS;
- cc_credentials_v4_t v4creds;
- cc_credentials_union creds;
- cc_ccache_t ccache = NULL;
- cc_string_t principal;
- cc_context_t cc_context = NULL;
- cc_int32 cc_version;
-
- cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
-
- if (cc_err == ccNoError) {
- /* First try existing cache */
- cc_err = cc_context_open_ccache (cc_context, TKT_FILE, &ccache);
- }
-
- if (cc_err == ccNoError) {
- /* Now we have a cache. Fill out the credentials and put them in the cache. */
- /* To fill out the credentials, we need the principal */
- cc_err = cc_ccache_get_principal (ccache, cc_credentials_v4, &principal);
- }
-
- if (cc_err == ccNoError) {
- kerr = kname_parse (v4creds.principal, v4creds.principal_instance, v4creds.realm, (char*) principal -> data);
- cc_string_release (principal);
- }
-
- if ((cc_err == ccNoError) && (kerr == KSUCCESS)) {
- strncpy (v4creds.service, service, SNAME_SZ);
- strncpy (v4creds.service_instance, instance, INST_SZ);
- strncpy (v4creds.realm, realm, REALM_SZ);
- memmove (v4creds.session_key, session, sizeof (C_Block));
- v4creds.kvno = kvno;
- v4creds.string_to_key_type = cc_v4_stk_unknown;
- v4creds.issue_date = issue_date;
- v4creds.address = local_address;
- v4creds.lifetime = lifetime;
- v4creds.ticket_size = ticket -> length;
- memmove (v4creds.ticket, ticket -> dat, ticket -> length);
-
- creds.version = cc_credentials_v4;
- creds.credentials.credentials_v4 = &v4creds;
-
- cc_err = cc_ccache_store_credentials (ccache, &creds);
- }
-
- if (ccache != NULL)
- cc_ccache_release (ccache);
- if (cc_context != NULL)
- cc_context_release (cc_context);
-
- if (kerr != KSUCCESS)
- return kerr;
- if (cc_err != ccNoError)
- return KFAILURE;
- else
- return KSUCCESS;
-}
-
-/*
- * Credentials file -> realm mapping
- *
- * Determine the realm by opening the named cache and parsing realm from the principal
- */
-int KRB5_CALLCONV
-krb_get_tf_realm (
- const char* ticket_file,
- char* realm)
-{
- cc_string_t principal;
- char pname [ANAME_SZ];
- char pinst [INST_SZ];
- char prealm [REALM_SZ];
- int kerr = KSUCCESS;
- cc_int32 cc_err = ccNoError;
- cc_context_t cc_context = NULL;
- cc_int32 cc_version = 0;
- cc_ccache_t ccache = NULL;
-
- cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
-
- if (cc_err == ccNoError) {
- cc_err = cc_context_open_ccache (cc_context, ticket_file, &ccache);
- }
-
- if (cc_err == ccNoError) {
- cc_err = cc_ccache_get_principal (ccache, cc_credentials_v4, &principal);
- }
-
- if (cc_err == ccNoError) {
- /* found cache. get princiapl and parse it */
- kerr = kname_parse (pname, pinst, prealm, (char*) principal -> data);
- cc_string_release (principal);
- }
-
- if ((cc_err == ccNoError) && (kerr == KSUCCESS)) {
- strcpy (realm, prealm);
- }
-
- if (ccache != NULL)
- cc_ccache_release (ccache);
- if (cc_context != NULL)
- cc_context_release (cc_context);
-
- if (kerr != KSUCCESS)
- return kerr;
- if (cc_err != ccNoError)
- return GC_NOTKT;
- else
- return KSUCCESS;
-}
-
-/*
- * Credentials file -> name, instance, realm mapping
- */
-int KRB5_CALLCONV
-krb_get_tf_fullname (
- const char* ticket_file,
- char* name,
- char* instance,
- char* realm)
-{
- cc_string_t principal;
- int kerr = KSUCCESS;
- cc_int32 cc_err = ccNoError;
- cc_context_t cc_context = NULL;
- cc_int32 cc_version;
- cc_ccache_t ccache = NULL;
-
- cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
-
- if (cc_err == ccNoError) {
- cc_err = cc_context_open_ccache (cc_context, ticket_file, &ccache);
- }
-
- if (cc_err == ccNoError) {
- /* found cache. get principal and parse it */
- cc_err = cc_ccache_get_principal (ccache, cc_credentials_v4, &principal);
- }
-
- if (cc_err == ccNoError) {
- kerr = kname_parse (name, instance, realm, (char*) principal -> data);
- cc_string_release (principal);
- }
-
- if (ccache != NULL)
- cc_ccache_release (ccache);
- if (cc_context != NULL)
- cc_context_release (cc_context);
-
- if (kerr != KSUCCESS)
- return kerr;
- if (cc_err != ccNoError)
- return GC_NOTKT;
- else
- return KSUCCESS;
-}
-
-
-/*
- * Retrieval from credentials cache
- */
-int KRB5_CALLCONV
-krb_get_cred (
- char* service,
- char* instance,
- char* realm,
- CREDENTIALS* creds)
-{
- int kerr = KSUCCESS;
- cc_int32 cc_err = ccNoError;
- cc_credentials_t theCreds = NULL;
- cc_credentials_iterator_t iterator = NULL;
- cc_context_t cc_context = NULL;
- cc_int32 cc_version;
- cc_ccache_t ccache = NULL;
-
-#ifdef USE_LOGIN_LIBRARY
- // If we are requesting a tgt, prompt for it
- if (strncmp (service, KRB_TICKET_GRANTING_TICKET, ANAME_SZ) == 0) {
- OSStatus err;
- char *cacheName;
- KLPrincipal outPrincipal;
-
- err = __KLInternalAcquireInitialTicketsForCache (TKT_FILE, kerberosVersion_V4, NULL,
- &outPrincipal, &cacheName);
-
- if (err == klNoErr) {
- krb_set_tkt_string (cacheName); // Tickets for the krb4 principal went here
- KLDisposeString (cacheName);
- KLDisposePrincipal (outPrincipal);
- } else {
- return GC_NOTKT;
- }
- }
-#endif /* USE_LOGIN_LIBRARY */
-
- cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
-
- if (cc_err == ccNoError) {
- cc_err = cc_context_open_ccache (cc_context, TKT_FILE, &ccache);
- }
-
- if (cc_err == ccNoError) {
- cc_err = cc_ccache_new_credentials_iterator (ccache, &iterator);
- }
-
- if (cc_err == ccNoError) {
- for (;;) {
- /* get next creds */
- cc_err = cc_credentials_iterator_next (iterator, &theCreds);
- if (cc_err == ccIteratorEnd) {
- kerr = GC_NOTKT;
- break;
- }
- if (cc_err != ccNoError) {
- kerr = KFAILURE;
- break;
- }
-
- /* version, service, instance, realm check */
- if ((theCreds -> data -> version == cc_credentials_v4) &&
- (strcmp (theCreds -> data -> credentials.credentials_v4 -> service, service) == 0) &&
- (strcmp (theCreds -> data -> credentials.credentials_v4 -> service_instance, instance) == 0) &&
- (strcmp (theCreds -> data -> credentials.credentials_v4 -> realm, realm) == 0)) {
-
- /* Match! */
- strcpy (creds -> service, service);
- strcpy (creds -> instance, instance);
- strcpy (creds -> realm, realm);
- memmove (creds -> session, theCreds -> data -> credentials.credentials_v4 -> session_key, sizeof (C_Block));
- creds -> lifetime = theCreds -> data -> credentials.credentials_v4 -> lifetime;
- creds -> kvno = theCreds -> data -> credentials.credentials_v4 -> kvno;
- creds -> ticket_st.length = theCreds -> data -> credentials.credentials_v4 -> ticket_size;
- memmove (creds -> ticket_st.dat, theCreds -> data -> credentials.credentials_v4 -> ticket, creds -> ticket_st.length);
- creds -> issue_date = theCreds -> data -> credentials.credentials_v4 -> issue_date;
- strcpy (creds -> pname, theCreds -> data -> credentials.credentials_v4 -> principal);
- strcpy (creds -> pinst, theCreds -> data -> credentials.credentials_v4 -> principal_instance);
- creds -> stk_type = theCreds -> data -> credentials.credentials_v4 -> string_to_key_type;
-
- cc_credentials_release (theCreds);
- kerr = KSUCCESS;
- break;
- } else {
- cc_credentials_release (theCreds);
- }
- }
- }
-
- if (iterator != NULL)
- cc_credentials_iterator_release (iterator);
- if (ccache != NULL)
- cc_ccache_release (ccache);
- if (cc_context != NULL)
- cc_context_release (cc_context);
-
- if (kerr != KSUCCESS)
- return kerr;
- if (cc_err != ccNoError)
- return GC_NOTKT;
- else
- return KSUCCESS;
-}
-
-
-/*
- * Getting name of default credentials cache
- */
-const char* KRB5_CALLCONV
-tkt_string (void)
-{
- if (gDefaultCacheName == NULL) {
- UpdateDefaultCache ();
- }
- return gDefaultCacheName;
-}
-
-/*
- * Synchronize default cache for this process with system default cache
- */
-
-static void
-UpdateDefaultCache (void)
-{
- cc_string_t name;
- cc_int32 cc_err = ccNoError;
- cc_context_t cc_context = NULL;
- cc_int32 cc_version;
-
- cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
-
- if (cc_err == ccNoError) {
- cc_err = cc_context_get_default_ccache_name (cc_context, &name);
- }
-
- if (cc_err == ccNoError) {
- krb_set_tkt_string ((char*) name -> data);
- cc_string_release (name);
- }
-
- if (cc_context != NULL)
- cc_context_release (cc_context);
-}
-
-/*
- * Setting name of default credentials cache
- */
-void
-krb_set_tkt_string (
- const char* val)
-{
- /* If we get called with the return value of tkt_string, we
- shouldn't dispose of the input string */
- if (val != gDefaultCacheName) {
- if (gDefaultCacheName != NULL)
- free (gDefaultCacheName);
-
- gDefaultCacheName = malloc (strlen (val) + 1);
- if (gDefaultCacheName != NULL)
- strcpy (gDefaultCacheName, val);
- }
-}
-
-/*
- * Destroy credentials file
- *
- * Implementation in dest_tkt.c
- */
-int KRB5_CALLCONV
-dest_tkt (void)
-{
- cc_int32 cc_err = ccNoError;
- cc_context_t cc_context = NULL;
- cc_int32 cc_version;
- cc_ccache_t ccache = NULL;
-
- cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
-
- if (cc_err == ccNoError) {
- cc_err = cc_context_open_ccache (cc_context, TKT_FILE, &ccache);
- }
-
- if (cc_err == ccNoError) {
- cc_ccache_destroy (ccache);
- }
-
- if (ccache != NULL)
- cc_ccache_release (ccache);
- if (cc_context != NULL)
- cc_context_release (cc_context);
-
- if (cc_err != ccNoError)
- return RET_TKFIL;
- else
- return KSUCCESS;
-}
-
-/*
- * The following functions are not part of the standard Kerberos v4 API.
- * They were created for Mac implementation, and used by admin tools
- * such as CNS-Config.
- */
-
-/*
- * Number of credentials in credentials cache
- */
-int KRB5_CALLCONV
-krb_get_num_cred (void)
-{
- cc_credentials_t theCreds = NULL;
- int count = 0;
- cc_credentials_iterator_t iterator = NULL;
- cc_int32 cc_err = ccNoError;
- cc_context_t cc_context = NULL;
- cc_int32 cc_version;
- cc_ccache_t ccache = NULL;
-
- cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
-
- if (cc_err == ccNoError) {
- cc_err = cc_context_open_ccache (cc_context, TKT_FILE, &ccache);
- }
-
- if (cc_err == ccNoError) {
- cc_err = cc_ccache_new_credentials_iterator (ccache, &iterator);
- }
-
- if (cc_err == ccNoError) {
- for (;;) {
- /* get next creds */
- cc_err = cc_credentials_iterator_next (iterator, &theCreds);
- if (cc_err != ccNoError)
- break;
-
- if (theCreds -> data -> version == cc_credentials_v4)
- count++;
-
- cc_credentials_release (theCreds);
- }
- }
-
- if (iterator != NULL)
- cc_credentials_iterator_release (iterator);
- if (ccache != NULL)
- cc_ccache_release (ccache);
- if (cc_context != NULL)
- cc_context_release (cc_context);
-
- if (cc_err != ccNoError)
- return 0;
- else
- return count;
-}
-
-/*
- * Retrieval from credentials file
- * This function is _not_!! well-defined under CCache API, because
- * there is no guarantee about order of credentials remaining the same.
- */
-int KRB5_CALLCONV
-krb_get_nth_cred (
- char* sname,
- char* sinstance,
- char* srealm,
- int n)
-{
- cc_credentials_t theCreds = NULL;
- int count = 0;
- cc_credentials_iterator_t iterator = NULL;
- cc_int32 cc_err = ccNoError;
- cc_context_t cc_context = NULL;
- cc_int32 cc_version;
- cc_ccache_t ccache = NULL;
-
- if (n < 1)
- return KFAILURE;
-
- cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
-
- if (cc_err == ccNoError) {
- cc_err = cc_context_open_ccache (cc_context, TKT_FILE, &ccache);
- }
-
- if (cc_err == ccNoError) {
- cc_err = cc_ccache_new_credentials_iterator (ccache, &iterator);
- }
-
- if (cc_err == ccNoError) {
- for (count = 0; count < n;) {
- /* get next creds */
- cc_err = cc_credentials_iterator_next (iterator, &theCreds);
- if (cc_err != ccNoError)
- break;
-
- if (theCreds -> data -> version == cc_credentials_v4)
- count++;
-
- if (count < n - 1)
- cc_credentials_release (theCreds);
- }
- }
-
- if (cc_err == ccNoError) {
- strcpy (sname, theCreds -> data -> credentials.credentials_v4 -> service);
- strcpy (sinstance, theCreds -> data -> credentials.credentials_v4 -> service_instance);
- strcpy (srealm, theCreds -> data -> credentials.credentials_v4 -> realm);
- }
-
- if (theCreds != NULL)
- cc_credentials_release (theCreds);
- if (iterator != NULL)
- cc_credentials_iterator_release (iterator);
- if (ccache != NULL)
- cc_ccache_release (ccache);
- if (cc_context != NULL)
- cc_context_release (cc_context);
-
- if (cc_err != ccNoError)
- return KFAILURE;
- else
- return KSUCCESS;
-}
-
-/*
- * Deletion from credentials file
- */
-int KRB5_CALLCONV
-krb_delete_cred (
- char* sname,
- char* sinstance,
- char* srealm)
-{
- cc_credentials_t theCreds = NULL;
- cc_credentials_iterator_t iterator = NULL;
- cc_int32 cc_err = ccNoError;
- cc_context_t cc_context = NULL;
- cc_int32 cc_version;
- cc_ccache_t ccache = NULL;
-
- cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
-
- if (cc_err == ccNoError) {
- cc_err = cc_context_open_ccache (cc_context, TKT_FILE, &ccache);
- }
-
- if (cc_err == ccNoError) {
- cc_err = cc_ccache_new_credentials_iterator (ccache, &iterator);
- }
-
- if (cc_err == ccNoError) {
- for (;;) {
- /* get next creds */
- cc_err = cc_credentials_iterator_next (iterator, &theCreds);
- if (cc_err != ccNoError) {
- break;
- }
-
- if ((theCreds -> data -> version == cc_credentials_v4) &&
- (strcmp (theCreds -> data -> credentials.credentials_v4 -> service, sname) == 0) &&
- (strcmp (theCreds -> data -> credentials.credentials_v4 -> service_instance, sinstance) == 0) &&
- (strcmp (theCreds -> data -> credentials.credentials_v4 -> realm, srealm) == 0)) {
-
- cc_ccache_remove_credentials (ccache, theCreds);
- cc_credentials_release (theCreds);
- break;
- }
-
- cc_credentials_release (theCreds);
- }
- }
-
- if (iterator != NULL)
- cc_credentials_iterator_release (iterator);
- if (ccache != NULL)
- cc_ccache_release (ccache);
- if (cc_context != NULL)
- cc_context_release (cc_context);
-
- if (cc_err != ccNoError)
- return KFAILURE;
- else
- return KSUCCESS;
-}
-
-/*
- * Destroy all credential caches
- *
- * Implementation in memcache.c
- */
-int KRB5_CALLCONV
-dest_all_tkts (void)
-{
- int count = 0;
- cc_ccache_iterator_t iterator = NULL;
- cc_int32 cc_err = ccNoError;
- cc_context_t cc_context = NULL;
- cc_int32 cc_version;
- cc_ccache_t ccache = NULL;
-
- cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
-
- if (cc_err == ccNoError) {
- cc_err = cc_context_new_ccache_iterator (cc_context, &iterator);
- }
-
- if (cc_err == ccNoError) {
- for (;;) {
- /* get next ccache */
- cc_err = cc_ccache_iterator_next (iterator, &ccache);
-
- if (cc_err != ccNoError)
- break;
-
- cc_ccache_destroy (ccache);
- count++;
- }
- }
-
- if (iterator != NULL)
- cc_credentials_iterator_release (iterator);
- if (cc_context != NULL)
- cc_context_release (cc_context);
-
- if ((cc_err == ccIteratorEnd) && (count == 0)) {
- /* first time, nothing to destroy */
- return KFAILURE;
- } else {
- if (cc_err == ccIteratorEnd) {
- /* done */
- return KSUCCESS;
- } else {
- /* error */
- return KFAILURE;
- }
- }
-}
+++ /dev/null
-/*
- * lib/krb4/FSp-glue.c
- *
- * Copyright 1985, 1986, 1987, 1988, 2002 by the Massachusetts
- * Institute of Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * MacOS-specific glue for using FSSpecs to deal with srvtabs.
- */
-
-#include "krb.h"
-#include "krb4int.h"
-#include <stdio.h>
-#include <string.h>
-
-#include <Kerberos/FSpUtils.h>
-/*
- * These functions are compiled in for ABI compatibility with older versions of KfM.
- * They are deprecated so they do not appear in the KfM headers anymore.
- *
- * Do not change their ABIs!
- */
-int KRB5_CALLCONV FSp_krb_get_svc_in_tkt (char *, char *, char *, char *, char *, int, const FSSpec *);
-int KRB5_CALLCONV FSp_put_svc_key (const FSSpec *, char *, char *, char *, int, char *);
-int KRB5_CALLCONV FSp_read_service_key (char *, char *, char *, int, const FSSpec*, char *);
-
-static int FSp_srvtab_to_key (char *, char *, char *, char *, C_Block);
-
-int KRB5_CALLCONV
-FSp_read_service_key(
- char *service, /* Service Name */
- char *instance, /* Instance name or "*" */
- char *realm, /* Realm */
- int kvno, /* Key version number */
- const FSSpec *filespec, /* Filespec */
- char *key) /* Pointer to key to be filled in */
-{
- int retval = KFAILURE;
- char file [MAXPATHLEN];
- if (filespec != NULL) {
- if (FSSpecToPOSIXPath (filespec, file, sizeof(file)) != noErr) {
- return retval;
- }
- }
- retval = read_service_key(service, instance, realm, kvno, file, key);
- if (file != NULL) {
- free (file);
- }
- return retval;
-}
-
-int KRB5_CALLCONV
-FSp_put_svc_key(
- const FSSpec *sfilespec,
- char *name,
- char *inst,
- char *realm,
- int newvno,
- char *key)
-{
- int retval = KFAILURE;
- char sfile[MAXPATHLEN];
-
- if (sfilespec != NULL) {
- if (FSSpecToPOSIXPath (sfilespec, sfile, sizeof(sfile)) != noErr) {
- return retval;
- }
- }
- retval = put_svc_key(sfile, name, inst, realm, newvno, key);
- if (sfile != NULL) {
- free (sfile);
- }
- return retval;
-}
-
-int KRB5_CALLCONV
-FSp_krb_get_svc_in_tkt(
- char *user, char *instance, char *realm,
- char *service, char *sinstance, int life,
- const FSSpec *srvtab)
-{
- /* Cast the FSSpec into the password field. It will be pulled out again */
- /* by FSp_srvtab_to_key and used to read the real password */
- return krb_get_in_tkt(user, instance, realm, service, sinstance,
- life, FSp_srvtab_to_key, NULL, (char *)srvtab);
-}
-
-static int FSp_srvtab_to_key(char *user, char *instance, char *realm,
- char *srvtab, C_Block key)
-{
- /* FSp_read_service_key correctly handles a NULL FSSpecPtr */
- return FSp_read_service_key(user, instance, realm, 0,
- (FSSpec *)srvtab, (char *)key);
-}
+++ /dev/null
-thisconfigdir=../..
-myfulldir=lib/krb4
-mydir=lib/krb4
-BUILDTOP=$(REL)..$(S)..
-LOCALINCLUDES = -I$(BUILDTOP)/include/kerberosIV -I$(srcdir)/../../include/kerberosIV -I.
-DEFINES= -DKRB4_USE_KEYTAB
-DEFS=
-
-##DOS##BUILDTOP = ..\..
-##DOS##LIBNAME=$(OUTPRE)krb4.lib
-##DOS##OBJFILE=$(OUTPRE)krb4.lst
-
-LIBBASE=krb4
-LIBMAJOR=2
-LIBMINOR=0
-RELDIR=krb4
-
-# Depends on libk5crypto, libkrb5, KRB4_CRYPTO_LIB and _et_list...
-# Depends on libkrb5, expect to find
-# krb5_init_context, krb5_free_context, profile_get_values
-#
-KRB4_CRYPTO_LIBS=-ldes425
-
-SHLIB_EXPDEPS = \
- $(TOPLIBD)/libdes425$(SHLIBEXT) \
- $(TOPLIBD)/libk5crypto$(SHLIBEXT) \
- $(TOPLIBD)/libkrb5$(SHLIBEXT)
-SHLIB_EXPLIBS=-lkrb5 -lcom_err -ldes425 -lk5crypto
-SHLIB_DIRS=-L$(TOPLIBD)
-SHLIB_RDIRS=$(KRB5_LIBDIR)
-
-EHDRDIR=$(BUILDTOP)$(S)include$(S)kerberosIV
-KRB_ERR=@KRB_ERR@
-##DOS##KRB_ERR=$(OUTPRE)krb_err.$(OBJEXT)
-
-# Name of generated krb_err.c, needed for err_txt.* dependency on Darwin.
-KRB_ERR_C=@KRB_ERR_C@
-##DOS##KRB_ERR_C=
-
-OBJS = \
- $(OUTPRE)change_password.$(OBJEXT) \
- $(OUTPRE)cr_auth_repl.$(OBJEXT) \
- $(OUTPRE)cr_ciph.$(OBJEXT) \
- $(OUTPRE)cr_tkt.$(OBJEXT) \
- $(OUTPRE)debug.$(OBJEXT) \
- $(OUTPRE)decomp_tkt.$(OBJEXT) \
- $(OUTPRE)err_txt.$(OBJEXT) \
- $(OUTPRE)g_ad_tkt.$(OBJEXT) \
- $(OUTPRE)g_in_tkt.$(OBJEXT) \
- $(OUTPRE)g_phost.$(OBJEXT) \
- $(OUTPRE)g_pw_in_tkt.$(OBJEXT) \
- $(OUTPRE)g_pw_tkt.$(OBJEXT) \
- $(OUTPRE)g_tkt_svc.$(OBJEXT) \
- $(OUTPRE)gethostname.$(OBJEXT) \
- $(OUTPRE)getst.$(OBJEXT) \
- $(OUTPRE)kadm_err.$(OBJEXT) \
- $(OUTPRE)kadm_net.$(OBJEXT) \
- $(OUTPRE)kadm_stream.$(OBJEXT) \
- $(OUTPRE)kname_parse.$(OBJEXT) \
- $(OUTPRE)lifetime.$(OBJEXT) \
- $(OUTPRE)mk_auth.$(OBJEXT) \
- $(OUTPRE)mk_err.$(OBJEXT) \
- $(OUTPRE)mk_priv.$(OBJEXT) \
- $(OUTPRE)mk_req.$(OBJEXT) \
- $(OUTPRE)mk_safe.$(OBJEXT) \
- $(OUTPRE)month_sname.$(OBJEXT) \
- $(OUTPRE)password_to_key.$(OBJEXT) \
- $(OUTPRE)prot_client.$(OBJEXT) \
- $(OUTPRE)prot_common.$(OBJEXT) \
- $(OUTPRE)prot_kdc.$(OBJEXT) \
- $(OUTPRE)pkt_cipher.$(OBJEXT) \
- $(OUTPRE)pkt_clen.$(OBJEXT) \
- $(OUTPRE)rd_err.$(OBJEXT) \
- $(OUTPRE)rd_priv.$(OBJEXT) \
- $(OUTPRE)rd_safe.$(OBJEXT) \
- $(OUTPRE)send_to_kdc.$(OBJEXT) \
- $(OUTPRE)stime.$(OBJEXT) \
- $(OUTPRE)strnlen.$(OBJEXT) \
- $(OUTPRE)rd_preauth.$(OBJEXT) \
- $(OUTPRE)mk_preauth.$(OBJEXT) \
- $(OSOBJS) $(CACHEOBJS) $(SETENVOBJS) $(STRCASEOBJS) $(SHMOBJS) \
- $(LIB_KRB_HOSTOBJS) $(SERVER_KRB_OBJS) $(NETIO_OBJS) $(REALMDBOBJS) $(KRB_ERR)
-
-SRCS = \
- change_password.c \
- cr_auth_repl.c \
- cr_ciph.c \
- cr_tkt.c \
- debug.c \
- decomp_tkt.c \
- g_ad_tkt.c \
- g_pw_in_tkt.c \
- g_phost.c \
- g_pw_tkt.c \
- g_tkt_svc.c \
- getst.c \
- gethostname.c \
- kadm_err.c \
- kadm_net.c \
- kadm_stream.c \
- kname_parse.c \
- err_txt.c \
- lifetime.c \
- g_in_tkt.c \
- mk_auth.c \
- mk_err.c \
- mk_priv.c \
- mk_req.c \
- mk_safe.c \
- month_sname.c \
- password_to_key.c \
- pkt_cipher.c \
- pkt_clen.c \
- prot_client.c \
- prot_common.c \
- prot_kdc.c \
- rd_err.c \
- rd_priv.c \
- rd_safe.c \
- send_to_kdc.c \
- stime.c \
- strnlen.c \
- rd_preauth.c \
- mk_preauth.c \
- unix_time.c \
- $(OSSRCS) $(CACHESRCS) $(SETENVSRCS) $(STRCASESRCS) $(SHMSRCS) \
- $(LIB_KRB_HOSTSRCS) $(SERVER_KRB_SRCS) $(NETIO_SRCS) $(REALMDBSRCS)
-
-STLIBOBJS = $(OBJS)
-STOBJLISTS=OBJS.ST
-
-#
-# These objects implement the time computation routines.
-#
-OSOBJS = $(OUTPRE)unix_time.$(OBJEXT)
-OSSRCS = unix_time.c
-
-##DOS##OSOBJS = $(OUTPRE)win_time.obj
-
-#
-# These objects implement ticket cacheing for Unix. They are
-# replaced by other files when compiling for Windows or Mac.
-#
-CACHESRCS = \
- tf_util.c dest_tkt.c in_tkt.c \
- tkt_string.c g_tf_fname.c g_tf_realm.c \
- g_cred.c save_creds.c
-CACHEOBJS = \
- $(OUTPRE)tf_util.$(OBJEXT) $(OUTPRE)dest_tkt.$(OBJEXT) $(OUTPRE)in_tkt.$(OBJEXT) \
- $(OUTPRE)tkt_string.$(OBJEXT) $(OUTPRE)g_tf_fname.$(OBJEXT) $(OUTPRE)g_tf_realm.$(OBJEXT) \
- $(OUTPRE)g_cred.$(OBJEXT) $(OUTPRE)save_creds.$(OBJEXT)
-
-##DOS##CACHEOBJS = $(OUTPRE)memcache.$(OBJEXT)
-
-#
-# These objects implement Kerberos realm<->host database lookup.
-# They read config files and/or network databases in various ways
-# on various platforms.
-#
-
-CNFFILE = g_cnffile
-##DOS##CNFFILE = win_store
-
-REALMDBSRCS=$(CNFFILE).c RealmsConfig-glue.c
-REALMDBOBJS=$(OUTPRE)$(CNFFILE).$(OBJEXT) $(OUTPRE)RealmsConfig-glue.$(OBJEXT)
-
-#
-# These objects are only used on server or debug implementations of Kerberos,
-# and they cause some major or minor sort of trouble for some
-# client-only platform (Mac or Windows).
-#
-SERVER_KRB_SRCS = \
- klog.c kuserok.c log.c \
- kntoln.c \
- fgetst.c rd_svc_key.c cr_err_repl.c \
- rd_req.c g_svc_in_tkt.c recvauth.c \
- ad_print.c cr_death_pkt.c \
- put_svc_key.c sendauth.c
-SERVER_KRB_OBJS = \
- $(OUTPRE)klog.$(OBJEXT) $(OUTPRE)kuserok.$(OBJEXT) $(OUTPRE)log.$(OBJEXT) \
- $(OUTPRE)kntoln.$(OBJEXT) \
- $(OUTPRE)fgetst.$(OBJEXT) $(OUTPRE)rd_svc_key.$(OBJEXT) $(OUTPRE)cr_err_repl.$(OBJEXT) \
- $(OUTPRE)rd_req.$(OBJEXT) $(OUTPRE)g_svc_in_tkt.$(OBJEXT) $(OUTPRE)recvauth.$(OBJEXT) \
- $(OUTPRE)ad_print.$(OBJEXT) $(OUTPRE)cr_death_pkt.$(OBJEXT) \
- $(OUTPRE)put_svc_key.$(OBJEXT) $(OUTPRE)sendauth.$(OBJEXT)
-#
-# These objects are included on Unix and Windows (for kstream and kadm)
-# but not under Mac (there are no file descriptors).
-#
-NETIO_SRCS=netread.c netwrite.c
-NETIO_OBJS=$(OUTPRE)netread.$(OBJEXT) $(OUTPRE)netwrite.$(OBJEXT)
-
-#
-# These objects glue the Kerberos library to the operating system
-# (time-of-day access, etc). They are replaced in Mac and Windows
-# by other _glue.* routines.
-#
-LIB_KRB_HOSTSRCS=unix_glue.c
-LIB_KRB_HOSTOBJS=$(OUTPRE)unix_glue.$(OBJEXT)
-
-##DOS##LIB_KRB_HOSTOBJS=$(OUTPRE)win_glue.obj
-
-ARCHIVEARGS= $@ $(OBJS)
-
-# We want *library* compiler options...
-DBG=$(DBG_LIB)
-
-all-unix:: includes all-liblinks
-
-##DOS##LIBOBJS = $(OBJS)
-
-# comp_et_depend(krb_err)
-krb_err.h: krb_err.et
-krb_err.c: krb_err.et
-
-kadm_err.h: kadm_err.et
-kadm_err.c: kadm_err.et
-
-GEN_ERRTXT=$(AWK) -f $(srcdir)$(S)et_errtxt.awk outfile=$@
-
-krb_err_txt.c: krb_err.et $(srcdir)$(S)et_errtxt.awk
- $(GEN_ERRTXT) $(srcdir)/krb_err.et
-
-# Will be empty on Darwin, krb_err_txt.c elsewhere.
-KRB_ERR_TXT=@KRB_ERR_TXT@
-##DOS##KRB_ERR_TXT=krb_err_txt.c
-err_txt.so err_txt.po $(OUTPRE)err_txt.$(OBJEXT): err_txt.c $(KRB_ERR_C) $(KRB_ERR_TXT)
-
-depend-dependencies: krb_err.h $(EHDRDIR)$(S)krb_err.h \
- kadm_err.h $(EHDRDIR)$(S)kadm_err.h \
- krb_err.c
-
-includes: $(EHDRDIR)$(S)krb_err.h $(EHDRDIR)$(S)kadm_err.h
-
-$(EHDRDIR)$(S)krb_err.h: krb_err.h
- $(CP) krb_err.h $@
-$(EHDRDIR)$(S)kadm_err.h: kadm_err.h
- $(CP) kadm_err.h $@
-
-clean-unix::
- $(RM) $(EHDRDIR)/krb_err.h
- $(RM) $(EHDRDIR)/kadm_err.h
- $(RM) krb_err_txt.c
-
-clean::
- -$(RM) $(OBJS)
-
-clean-:: clean-unix
-
-clean-unix::
- -$(RM) krb_err.c
- -$(RM) krb_err.h
- -$(RM) kadm_err.c
- -$(RM) kadm_err.h
- -$(RM) ../../include/kerberosIV/krb_err.h
- -$(RM) ../../include/kerberosIV/kadm_err.h
-
-clean-unix:: clean-liblinks clean-libs clean-libobjs
-
-
-check-unix:: $(TEST_PROGS)
-check-windows::
-
-
-install-unix:: install-libs
-
-@lib_frag@
-@libobj_frag@
-
-# +++ Dependency line eater +++
-#
-# Makefile dependencies follow. This must be the last section in
-# the Makefile.in file
-#
-change_password.so change_password.po $(OUTPRE)change_password.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/kadm.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/prot.h \
- $(SRCTOP)/include/port-sockets.h change_password.c \
- krb4int.h
-cr_auth_repl.so cr_auth_repl.po $(OUTPRE)cr_auth_repl.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/prot.h cr_auth_repl.c
-cr_ciph.so cr_ciph.po $(OUTPRE)cr_ciph.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/prot.h cr_ciph.c
-cr_tkt.so cr_tkt.po $(OUTPRE)cr_tkt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/port-sockets.h cr_tkt.c
-debug.so debug.po $(OUTPRE)debug.$(OBJEXT): $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- debug.c
-decomp_tkt.so decomp_tkt.po $(OUTPRE)decomp_tkt.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/prot.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb54proto.h \
- $(SRCTOP)/include/port-sockets.h decomp_tkt.c
-g_ad_tkt.so g_ad_tkt.po $(OUTPRE)g_ad_tkt.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \
- g_ad_tkt.c krb4int.h
-g_pw_in_tkt.so g_pw_in_tkt.po $(OUTPRE)g_pw_in_tkt.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/prot.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/port-sockets.h \
- g_pw_in_tkt.c krb4int.h
-g_phost.so g_phost.po $(OUTPRE)g_phost.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/port-sockets.h g_phost.c
-g_pw_tkt.so g_pw_tkt.po $(OUTPRE)g_pw_tkt.$(OBJEXT): \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/mit-copyright.h g_pw_tkt.c
-g_tkt_svc.so g_tkt_svc.po $(OUTPRE)g_tkt_svc.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \
- g_tkt_svc.c
-getst.so getst.po $(OUTPRE)getst.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/mit-copyright.h $(SRCTOP)/include/port-sockets.h \
- getst.c krb4int.h
-gethostname.so gethostname.po $(OUTPRE)gethostname.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- $(SRCTOP)/include/port-sockets.h gethostname.c krb4int.h
-kadm_err.so kadm_err.po $(OUTPRE)kadm_err.$(OBJEXT): \
- $(COM_ERR_DEPS) kadm_err.c
-kadm_net.so kadm_net.po $(OUTPRE)kadm_net.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/kerberosIV/kadm_err.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/kadm.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/krbports.h \
- $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \
- kadm_net.c
-kadm_stream.so kadm_stream.po $(OUTPRE)kadm_stream.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/kerberosIV/kadm_err.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/kadm.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/prot.h \
- $(SRCTOP)/include/port-sockets.h kadm_stream.c
-kname_parse.so kname_parse.po $(OUTPRE)kname_parse.$(OBJEXT): \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- kname_parse.c
-err_txt.so err_txt.po $(OUTPRE)err_txt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/port-sockets.h err_txt.c krb4int.h
-lifetime.so lifetime.po $(OUTPRE)lifetime.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
- $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- lifetime.c
-g_in_tkt.so g_in_tkt.po $(OUTPRE)g_in_tkt.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \
- g_in_tkt.c krb4int.h
-mk_auth.so mk_auth.po $(OUTPRE)mk_auth.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/prot.h mk_auth.c
-mk_err.so mk_err.po $(OUTPRE)mk_err.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/prot.h mk_err.c
-mk_priv.so mk_priv.po $(OUTPRE)mk_priv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \
- mk_priv.c
-mk_req.so mk_req.po $(OUTPRE)mk_req.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \
- krb4int.h mk_req.c
-mk_safe.so mk_safe.po $(OUTPRE)mk_safe.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \
- mk_safe.c
-month_sname.so month_sname.po $(OUTPRE)month_sname.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \
- krb4int.h month_sname.c
-password_to_key.so password_to_key.po $(OUTPRE)password_to_key.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/port-sockets.h krb4int.h password_to_key.c
-pkt_cipher.so pkt_cipher.po $(OUTPRE)pkt_cipher.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/mit-copyright.h $(SRCTOP)/include/kerberosIV/prot.h \
- pkt_cipher.c
-pkt_clen.so pkt_clen.po $(OUTPRE)pkt_clen.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/mit-copyright.h $(SRCTOP)/include/kerberosIV/prot.h \
- pkt_clen.c
-prot_client.so prot_client.po $(OUTPRE)prot_client.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/prot.h prot_client.c
-prot_common.so prot_common.po $(OUTPRE)prot_common.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/prot.h prot_common.c
-prot_kdc.so prot_kdc.po $(OUTPRE)prot_kdc.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \
- prot_kdc.c
-rd_err.so rd_err.po $(OUTPRE)rd_err.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/prot.h rd_err.c
-rd_priv.so rd_priv.po $(OUTPRE)rd_priv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \
- rd_priv.c
-rd_safe.so rd_safe.po $(OUTPRE)rd_safe.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \
- rd_safe.c
-send_to_kdc.so send_to_kdc.po $(OUTPRE)send_to_kdc.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-err.h \
- $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
- $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
- $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/krbports.h $(SRCTOP)/include/kerberosIV/prot.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h krb4int.h send_to_kdc.c
-stime.so stime.po $(OUTPRE)stime.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/port-sockets.h krb4int.h stime.c
-strnlen.so strnlen.po $(OUTPRE)strnlen.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/prot.h strnlen.c
-rd_preauth.so rd_preauth.po $(OUTPRE)rd_preauth.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/krb_db.h $(SRCTOP)/include/kerberosIV/prot.h \
- $(SRCTOP)/include/port-sockets.h krb4int.h rd_preauth.c
-mk_preauth.so mk_preauth.po $(OUTPRE)mk_preauth.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h mk_preauth.c
-unix_time.so unix_time.po $(OUTPRE)unix_time.$(OBJEXT): \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- unix_time.c
-tf_util.so tf_util.po $(OUTPRE)tf_util.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \
- $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
- $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
- $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h krb4int.h tf_util.c
-dest_tkt.so dest_tkt.po $(OUTPRE)dest_tkt.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h dest_tkt.c
-in_tkt.so in_tkt.po $(OUTPRE)in_tkt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h in_tkt.c
-tkt_string.so tkt_string.po $(OUTPRE)tkt_string.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \
- tkt_string.c
-g_tf_fname.so g_tf_fname.po $(OUTPRE)g_tf_fname.$(OBJEXT): \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/mit-copyright.h g_tf_fname.c
-g_tf_realm.so g_tf_realm.po $(OUTPRE)g_tf_realm.$(OBJEXT): \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- g_tf_realm.c
-g_cred.so g_cred.po $(OUTPRE)g_cred.$(OBJEXT): $(KRB_ERR_H_DEP) \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- g_cred.c
-save_creds.so save_creds.po $(OUTPRE)save_creds.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \
- krb4int.h save_creds.c
-unix_glue.so unix_glue.po $(OUTPRE)unix_glue.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \
- krb4int.h unix_glue.c
-klog.so klog.po $(OUTPRE)klog.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/klog.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \
- klog.c krb4int.h
-kuserok.so kuserok.po $(OUTPRE)kuserok.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- kuserok.c
-log.so log.po $(OUTPRE)log.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/klog.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \
- krb4int.h log.c
-kntoln.so kntoln.po $(OUTPRE)kntoln.$(OBJEXT): $(KRB_ERR_H_DEP) \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- kntoln.c
-fgetst.so fgetst.po $(OUTPRE)fgetst.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/mit-copyright.h $(SRCTOP)/include/port-sockets.h \
- fgetst.c krb4int.h
-rd_svc_key.so rd_svc_key.po $(OUTPRE)rd_svc_key.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
- $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/krb54proto.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h krb4int.h rd_svc_key.c
-cr_err_repl.so cr_err_repl.po $(OUTPRE)cr_err_repl.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/prot.h cr_err_repl.c
-rd_req.so rd_req.po $(OUTPRE)rd_req.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb54proto.h rd_req.c
-g_svc_in_tkt.so g_svc_in_tkt.po $(OUTPRE)g_svc_in_tkt.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \
- g_svc_in_tkt.c krb4int.h
-recvauth.so recvauth.po $(OUTPRE)recvauth.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \
- recvauth.c
-ad_print.so ad_print.po $(OUTPRE)ad_print.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \
- ad_print.c krb4int.h
-cr_death_pkt.so cr_death_pkt.po $(OUTPRE)cr_death_pkt.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/prot.h cr_death_pkt.c
-put_svc_key.so put_svc_key.po $(OUTPRE)put_svc_key.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/port-sockets.h krb4int.h put_svc_key.c
-sendauth.so sendauth.po $(OUTPRE)sendauth.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- $(SRCTOP)/include/port-sockets.h krb4int.h sendauth.c
-netread.so netread.po $(OUTPRE)netread.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/port-sockets.h netread.c
-netwrite.so netwrite.po $(OUTPRE)netwrite.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \
- netwrite.c
-g_cnffile.so g_cnffile.po $(OUTPRE)g_cnffile.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
- $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- g_cnffile.c krb4int.h
-RealmsConfig-glue.so RealmsConfig-glue.po $(OUTPRE)RealmsConfig-glue.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
- $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- RealmsConfig-glue.c krb4int.h
+++ /dev/null
-#include "kerberos.h"
-#define KRB_DEFS
-#include "krb_driver.h"
-
-#include <Types.h>
-#include <Dialogs.h>
-#include <Controls.h>
-#include <ToolUtils.h>
-#include <OSUtils.h>
-#include <Resources.h>
-
-/* added for OpenInitRF.c
- FIXME jcm - should check that they are not in c-mac
- or other included file
-*/
-
-#include <Errors.h>
-#include <Files.h>
-#include <Memory.h>
-#include <Traps.h>
-#include <GestaltEqu.h>
-#include <Folders.h>
-
-
-// #include "debug.h"
-
-#define kLoginDLOGID -4081
-#define kErrorALERTID -4082
-#define kLoginOKItem 1
-#define kLoginCnclItem 2
-#define kLoginNameItem 10
-#define kLoginVisPwItem 9
-#define kLoginFrameItem 5
-#define kLoginIvisPwItem 6
-#define kBadUserError 1
-#define kNotUniqueError 2
-#define kGenError 3
-#define kIntegrityError 4
-#define kBadPasswordError 5
-#define cr 0x0D
-#define enter 0x03
-#define bs 0x08
-#define tab 0x09
-#define larrow 0x1C
-#define rarrow 0x1D
-#define uarrow 0x1E
-#define darrow 0x1F
-#define DialogNotDone 1
-
-typedef union { // used to convert ProcPtr to Handle
- Handle H;
- ProcPtr P;
-} Proc2Hand;
-
-static char gPassword [MAX_K_NAME_SZ] = "\0";
-
-pascal void FrameOKbtn( WindowPtr myWindow, short itemNo );
-pascal Boolean TwoItemFilter( DialogPtr dlog, EventRecord *event, short *itemHit );
-
-/*
- FIXME jcm - begin OpenInitRF
- Mac_store thinks that it is managing the open resource file
- is this code in conflict?
-*/
-
-void GetExtensionsFolder(short *vRefNumP, long *dirIDP)
-{
- Boolean hasFolderMgr = false;
- long feature;
-
-/*
- FIXME Error: Ô_GestaltDispatchÕ has not been declared - not needed now? - jcm
- if (TrapAvailable(_GestaltDispatch))
-*/
- if (Gestalt(gestaltFindFolderAttr, &feature) == noErr) hasFolderMgr = true;
- if (!hasFolderMgr) {
- GetSystemFolder(vRefNumP, dirIDP);
- return;
- }
- else {
- if (FindFolder(kOnSystemDisk, kExtensionFolderType, kDontCreateFolder, vRefNumP, dirIDP) != noErr) {
- *vRefNumP = 0;
- *dirIDP = 0;
- }
- }
-}
-
-short SearchFolderForINIT(long targetType, long targetCreator, short vRefNum, long dirID)
-{
- HParamBlockRec fi;
- Str255 filename;
- short refnum;
-
- fi.fileParam.ioCompletion = nil;
- fi.fileParam.ioNamePtr = filename;
- fi.fileParam.ioVRefNum = vRefNum;
- fi.fileParam.ioDirID = dirID;
- fi.fileParam.ioFDirIndex = 1;
-
- while (PBHGetFInfo(&fi, false) == noErr) {
- /* scan system folder for driver resource files of specific type & creator */
- if (fi.fileParam.ioFlFndrInfo.fdType == targetType &&
- fi.fileParam.ioFlFndrInfo.fdCreator == targetCreator) {
- refnum = HOpenResFile(vRefNum, dirID, filename, fsRdPerm);
- return refnum;
- }
- /* check next file in folder */
- fi.fileParam.ioFDirIndex++;
- fi.fileParam.ioDirID = dirID; /* PBHGetFInfo() clobbers ioDirID */
- }
- return(-1);
-}
-
-short OpenInitRF()
-{
- short refnum;
- short vRefNum;
- long dirID;
-
- /* first search Extensions Panels */
- GetExtensionsFolder(&vRefNum, &dirID);
- refnum = SearchFolderForINIT('INIT', 'krbL', vRefNum, dirID);
- if (refnum != -1) return(refnum);
-
- /* next search System Folder */
- GetSystemFolder(&vRefNum, &dirID);
- refnum = SearchFolderForINIT('INIT', 'krbL', vRefNum, dirID);
- if (refnum != -1) return(refnum);
-
- /* finally, search Control Panels */
- GetCPanelFolder(&vRefNum, &dirID);
- refnum = SearchFolderForINIT('INIT', 'krbL', vRefNum, dirID);
- if (refnum != -1) return(refnum);
-
- return -1;
-}
-
-int DisplayError( short errorID )
-{
- OSErr err;
- Str255 errText;
-
- GetIndString(errText,kErrorALERTID,errorID);
- if (errText[0] == 0) {
- SysBeep(1); // nothing else we can do
- return cKrbCorruptedFile;
- }
-
- ParamText(errText,"\p","\p","\p");
- err = StopAlert(kErrorALERTID,nil);
-
- return DialogNotDone;
-}
-
-
-
-OSErr GetUserInfo( char *password )
-{
- DialogPtr myDLOG;
- short itemHit;
- short itemType;
- Handle itemHandle;
- Rect itemRect;
- OSErr rc = DialogNotDone;
- Str255 tempStr,tpswd,tuser;
- Proc2Hand procConv;
- short rf;
- char uname[ANAME_SZ]="\0";
- char uinst[INST_SZ]="\0";
- char realm[REALM_SZ]="\0";
- char UserName[MAX_K_NAME_SZ]="\0";
- CursHandle aCursor;
-
- krb_get_lrealm (realm, 1);
-
- //////////////////////////////////////////////////////
- // already got a password, just get the initial ticket
- //////////////////////////////////////////////////////
- if (*gPassword) {
- strncpy (UserName, krb_get_default_user( ), sizeof(UserName)-1);
- UserName[sizeof(UserName) - 1] = '\0';
- /* FIXME jcm - if we have a password then no dialog
- comes up for setting the uinstance. */
- rc = kname_parse(uname, uinst, realm, UserName);
- if (rc) return rc;
- (void) dest_all_tkts(); // start from scratch
- rc = krb_get_pw_in_tkt(uname,uinst,realm,"krbtgt",realm,DEFAULT_TKT_LIFE,gPassword);
- *gPassword = 0; // Always clear, password only good for one shot
- return rc;
- }
-
- /////////////////////////
- // Ask user for password
- /////////////////////////
- rf = OpenInitRF(); // need the resource file for the dialog resources
- if (rf<=0) return rf;
- password[0] = 0;
- myDLOG = GetNewDialog( kLoginDLOGID, (void *) NULL, (WindowPtr) -1 );
- if( myDLOG == NULL ) {
- CloseResFile(rf);
- return cKrbCorruptedFile;
- }
-
- // Insert user's name in dialog
- strncpy (UserName, krb_get_default_user( ), sizeof(UserName) - 1);
- UserName[sizeof(UserName) - 1] = '\0';
- if (*UserName) {
- tempStr[0] = strlen(UserName);
- memcpy( &(tempStr[1]), UserName, tempStr[0]);
- GetDItem( myDLOG, kLoginNameItem, &itemType, &itemHandle, &itemRect );
- SetIText( itemHandle, tempStr );
- SelIText( myDLOG, kLoginVisPwItem,0,0 );
- }
- else SelIText( myDLOG, kLoginNameItem,0,0 );
-
- // Establish a user item around the OK button to draw the default button frame in
- GetDItem( myDLOG, kLoginOKItem, &itemType, &itemHandle, &itemRect );
- InsetRect( &itemRect, -4, -4 ); // position user item around OK button
- procConv.P = (ProcPtr) FrameOKbtn; // convert ProcPtr to a Handle
- SetDItem( myDLOG, kLoginFrameItem, userItem, procConv.H, &itemRect );
-
- InitCursor();
- do {
- do { // display the dialog & handle events
- SetOKEnable(myDLOG);
- ModalDialog( (ModalFilterProcPtr) TwoItemFilter, (short *) &itemHit );
- } while( itemHit != kLoginOKItem && itemHit != kLoginCnclItem );
-
- if( itemHit == kLoginOKItem ) { // OK button pressed?
- GetDItem( myDLOG, kLoginNameItem, &itemType, &itemHandle, &itemRect );
- GetIText( itemHandle, tempStr );
-
- tempStr[0] = ( tempStr[0] < MAX_K_NAME_SZ ) ? tempStr[0] : MAX_K_NAME_SZ-1 ;
- memcpy ((void*) UserName, (void*) &(tempStr[1]), tempStr[0]);
- UserName[tempStr[0]] = 0;
-
- GetDItem( myDLOG, kLoginIvisPwItem, &itemType, &itemHandle, &itemRect );
- GetIText( itemHandle, tempStr );
-
- tempStr[0] = ( tempStr[0] < ANAME_SZ ) ? tempStr[0] : ANAME_SZ-1 ;
- memcpy( (void*) password, (void*) &(tempStr[1]), tempStr[0]);
- password[tempStr[0]] = 0;
-
- //----------------------------------------------------
- // Get the ticket
- //----------------------------------------------------
- aCursor = GetCursor(watchCursor);
- SetCursor(*aCursor);
- ShowCursor();
-
- rc = kname_parse(uname, uinst, realm, UserName);
- if (rc) return rc;
-
- (void) dest_all_tkts(); // start from scratch
- rc = krb_get_pw_in_tkt(uname,uinst,realm,"krbtgt",realm,DEFAULT_TKT_LIFE,password);
- InitCursor();
- if (!rc)
- switch (rc) {
- case KDC_PR_UNKNOWN:
- case KDC_NULL_KEY:
- rc = DisplayError(kBadUserError);
- SelIText( myDLOG, kLoginNameItem,0,256 );
- break;
- case KDC_PR_N_UNIQUE:
- rc = DisplayError(kNotUniqueError);
- SelIText( myDLOG, kLoginNameItem,0,256 );
- break;
- case KDC_GEN_ERR:
- rc = DisplayError(kGenError);
- SelIText( myDLOG, kLoginNameItem,0,256 );
- break;
- case RD_AP_MODIFIED:
- rc = DisplayError(kIntegrityError);
- SelIText( myDLOG, kLoginNameItem,0,256 );
- break;
- case INTK_BADPW:
- rc = DisplayError(kBadPasswordError);
- SelIText( myDLOG, kLoginVisPwItem,0,256 );
- break;
- default:
- break;
- }
- //----------------------------------------------------
- }
- else rc = cKrbUserCancelled; // pressed the Cancel button
- } while( rc == DialogNotDone );
-
- DisposDialog( myDLOG );
- CloseResFile(rf);
- return rc;
-}
-
-
-static pascal void FrameOKbtn( WindowPtr myWindow, short itemNo )
-{
- short tempType;
- Handle tempHandle;
- Rect itemRect;
-
- GetDItem( (DialogPtr) myWindow, itemNo, &tempType, &tempHandle, &itemRect );
- PenSize( 3, 3 );
- FrameRoundRect( &itemRect, 16, 16 ); // make it an OK button suitable for framing
-}
-
-
-static pascal Boolean TwoItemFilter( DialogPtr dlog, EventRecord *event, short *itemHit )
-{
- DialogPtr evtDlog;
- short selStart, selEnd;
- Handle okBtnHandle;
- short tempType;
- Rect tempRect;
- long tempTicks;
-
- if( event->what != keyDown && event->what != autoKey )
- return false; // don't care about this event
-
- switch( event->message & charCodeMask )
- {
- case cr: // Return (hitting return or enter is the same as hitting the OK button)
- case enter: // Enter
-
- if (!OKIsEnabled(dlog)) {
- event->what = nullEvent;
- return false;
- }
-
- GetDItem( dlog, kLoginOKItem, &tempType, &okBtnHandle, &tempRect );
- HiliteControl( (ControlHandle) okBtnHandle, 1 ); // hilite the OK button
- Delay( 10, &tempTicks ); // wait a little while
- HiliteControl( (ControlHandle) okBtnHandle, 0 );
-
- *itemHit = kLoginOKItem; // OK Button
- return true; // We handled the event
-
- case tab: // Tab
- case larrow: // Left arrow (Keys that just change the selection)
- case rarrow: // Right arrow
- case uarrow: // Up arrow
- case darrow: // Down arrow
- return false; // Let ModalDialog handle them
-
- default:
-
- // First see if we're in password field, do stuff to make ¥ displayed
-
- if( ((DialogPeek) dlog)->editField == kLoginVisPwItem - 1 ) {
-
- selStart = (**((DialogPeek) dlog)->textH).selStart; // Get the selection in the visible item
- selEnd = (**((DialogPeek) dlog)->textH).selEnd;
-
- SelIText( dlog, kLoginIvisPwItem, selStart, selEnd ); // Select text in invisible item
- DialogSelect( event,&evtDlog, itemHit ); // Input key
-
- SelIText( dlog, kLoginVisPwItem, selStart, selEnd ); // Select same area in visible item
- if( ( event->message & charCodeMask ) != bs ) // If it's not a backspace (backspace is the only key that can affect both the text and the selection- thus we need to process it in both fields, but not change it for the hidden field.
- event->message = 'Â¥'; // Replace with character to use
- }
-
- // Do the key event and set the hilite on the OK button accordingly
-
- DialogSelect( event,&evtDlog, itemHit ); // Input key
- SetOKEnable(dlog);
-
- // Pass a NULL event back to DialogMgr
-
- event->what = nullEvent;
-
- return false;
- }
-}
-
-static int SetOKEnable( DialogPtr dlog )
-{
- short itemType,state;
- Handle itemHandle;
- Rect itemRect;
- Str255 tpswd,tuser;
- ControlHandle okButton;
-
- GetDItem( dlog, kLoginNameItem, &itemType, &itemHandle, &itemRect );
- GetIText( itemHandle, tuser );
- GetDItem( dlog, kLoginVisPwItem, &itemType, &itemHandle, &itemRect );
- GetIText( itemHandle, tpswd );
- GetDItem( dlog, kLoginOKItem, &itemType, (Handle *) &okButton, &itemRect );
- state = (tuser[0] && tpswd[0]) ? 0 : 255;
- HiliteControl(okButton,state);
-}
-
-static int OKIsEnabled( DialogPtr dlog )
-{
- short itemType;
- Rect itemRect;
- ControlHandle okButton;
-
- GetDItem( dlog, kLoginOKItem, &itemType, (Handle *) &okButton, &itemRect );
- return ((**okButton).contrlHilite != 255);
-}
-
-
-extern OSErr INTERFACE
-CacheInitialTicket( serviceName )
- char *serviceName;
-{
- char service[ANAME_SZ]="\0";
- char instance[INST_SZ]="\0";
- char realm[REALM_SZ]="\0";
- OSErr err = noErr;
- char uname[ANAME_SZ]="\0";
- char uinst[INST_SZ]="\0";
- char urealm[REALM_SZ]="\0";
- char password[KKEY_SZ]="\0";
- char UserName[MAX_K_NAME_SZ]="\0";
- char oldName[120]="\0";
-
- err = GetUserInfo( password );
- if (err) return err;
-
- if (!serviceName || (serviceName[0] == '\0'))
- return err;
-
- strncpy (UserName, krb_get_default_user(), sizeof(UserName) - 1);
- UserName[sizeof(UserName) - 1] = '\0';
-
- err = kname_parse(uname, uinst, urealm, UserName);
- if (err) return err;
-
- if (urealm[0] == '\0')
- krb_get_lrealm (urealm, 1);
-
- err = kname_parse(service, instance, realm, serviceName); // check if there is a service name
- if (err) return err;
-
- err = krb_get_pw_in_tkt(uname,uinst,urealm,service,instance,DEFAULT_TKT_LIFE,password);
- return err;
-}
+++ /dev/null
-/*
- * lib/krb4/RealmsConfig-glue.c
- *
- * Copyright 1985-2002 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * These calls implement the layer of Kerberos v4 library which
- * accesses realms configuration by calling into the Kerberos Profile
- * library.
- */
-
-#include <string.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <ctype.h>
-#include <errno.h>
-
-#include "profile.h"
-#include "krb.h"
-#include "krb4int.h"
-#include "k5-int.h" /* for accessor, addrlist stuff */
-#include "port-sockets.h"
-
-/* These two *must* be kept in sync to avoid buffer overflows. */
-#define SCNSCRATCH "%1023s"
-#define SCRATCHSZ 1024
-#if SCRATCHSZ < MAXHOSTNAMELEN
-#error "SCRATCHSZ must be at least MAXHOSTNAMELEN"
-#endif
-
-/*
- * Returns to the caller an initialized profile using the same files
- * as Kerberos4Lib would.
- */
-int KRB5_CALLCONV
-krb_get_profile(profile_t* profile)
-{
- int retval = KSUCCESS;
- profile_filespec_t *files = NULL;
-
- /* Use krb5 to get the config files */
- retval = krb5_get_default_config_files(&files);
-
- if (retval == KSUCCESS) {
- retval = profile_init((const_profile_filespec_t *)files, profile);
- }
-
- if (files) {
- krb5_free_config_files(files);
- }
-
- if (retval == ENOENT) {
- /* No edu.mit.Kerberos file */
- return KFAILURE;
- }
-
- if ((retval == PROF_SECTION_NOTOP) ||
- (retval == PROF_SECTION_SYNTAX) ||
- (retval == PROF_RELATION_SYNTAX) ||
- (retval == PROF_EXTRA_CBRACE) ||
- (retval == PROF_MISSING_OBRACE)) {
- /* Bad config file format */
- return retval;
- }
-
- return retval;
-}
-
-/* Caller must ensure that n >= 1 and that pointers are non-NULL. */
-static int
-krb_prof_get_nth(
- char *ret,
- size_t retlen,
- const char *realm,
- int n,
- const char *sec,
- const char *key)
-{
- int result;
- long profErr;
- profile_t profile = NULL;
- const char *names[4];
- void *iter = NULL;
- char *name = NULL;
- char *value = NULL;
- int i;
-
- result = KFAILURE;
-
- profErr = krb_get_profile(&profile);
- if (profErr) {
- /*
- * Can krb_get_profile() return errors that change PROFILE?
- */
- goto cleanup;
- }
- names[0] = sec;
- names[1] = realm;
- names[2] = key;
- names[3] = NULL;
- profErr = profile_iterator_create(profile, names,
- PROFILE_ITER_RELATIONS_ONLY, &iter);
- if (profErr)
- goto cleanup;
-
- result = KSUCCESS;
- for (i = 1; i <= n; i++) {
- if (name != NULL)
- profile_release_string(name);
- if (value != NULL)
- profile_release_string(value);
- name = value = NULL;
-
- profErr = profile_iterator(&iter, &name, &value);
- if (profErr || (name == NULL)) {
- result = KFAILURE;
- break;
- }
- }
- if (result == KSUCCESS) {
- /* Return error rather than truncating. */
- /* Don't strncpy because retlen is a guess for some callers */
- if (strlen(value) >= retlen)
- result = KFAILURE;
- else
- strcpy(ret, value);
- }
-cleanup:
- if (name != NULL)
- profile_release_string(name);
- if (value != NULL)
- profile_release_string(value);
- if (iter != NULL)
- profile_iterator_free(&iter);
- if (profile != NULL)
- profile_abandon(profile);
- return result;
-}
-
-/*
- * Index -> realm name mapping
- *
- * Not really. The original implementation has a cryptic comment
- * indicating that the function can only work for n = 1, and always
- * returns the default realm. I don't know _why_ that's the case, but
- * I have to do it that way...
- *
- * Old description from g_krbrlm.c:
- *
- * krb_get_lrealm takes a pointer to a string, and a number, n. It fills
- * in the string, r, with the name of the nth realm specified on the
- * first line of the kerberos config file (KRB_CONF, defined in "krb.h").
- * It returns 0 (KSUCCESS) on success, and KFAILURE on failure. If the
- * config file does not exist, and if n=1, a successful return will occur
- * with r = KRB_REALM (also defined in "krb.h").
- *
- * NOTE: for archaic & compatibility reasons, this routine will only return
- * valid results when n = 1.
- *
- * For the format of the KRB_CONF file, see comments describing the routine
- * krb_get_krbhst(). This will also look in KRB_FB_CONF is
- * ATHENA_CONF_FALLBACK is defined.
- */
-int KRB5_CALLCONV
-krb_get_lrealm(
- char *realm,
- int n)
-{
- int result = KSUCCESS;
- profile_t profile = NULL;
- char *profileDefaultRealm = NULL;
- char **profileV4Realms = NULL;
- int profileHasDefaultRealm = 0;
- int profileDefaultRealmIsV4RealmInProfile = 0;
- char krbConfLocalRealm[REALM_SZ];
- int krbConfHasLocalRealm = 0;
-
- if ((realm == NULL) || (n != 1)) { result = KFAILURE; }
-
- if (result == KSUCCESS) {
- /* Some callers don't check the return value so we initialize
- * to an empty string in case it never gets filled in. */
- realm [0] = '\0';
- }
-
- if (result == KSUCCESS) {
- int profileErr = krb_get_profile (&profile);
-
- if (!profileErr) {
- /* Get the default realm from the profile */
- profileErr = profile_get_string(profile, REALMS_V4_PROF_LIBDEFAULTS_SECTION,
- REALMS_V4_DEFAULT_REALM, NULL, NULL,
- &profileDefaultRealm);
- if (profileDefaultRealm == NULL) { profileErr = KFAILURE; }
- }
-
- if (!profileErr) {
- /* If there is an equivalent v4 realm to the default realm, use that instead */
- char *profileV4EquivalentRealm = NULL;
-
- if (profile_get_string (profile, "realms", profileDefaultRealm, "v4_realm", NULL,
- &profileV4EquivalentRealm) == 0 &&
- profileV4EquivalentRealm != NULL) {
-
- profile_release_string (profileDefaultRealm);
- profileDefaultRealm = profileV4EquivalentRealm;
- }
- }
-
- if (!profileErr) {
- if (strlen (profileDefaultRealm) < REALM_SZ) {
- profileHasDefaultRealm = 1; /* a reasonable default realm */
- } else {
- profileErr = KFAILURE;
- }
- }
-
- if (!profileErr) {
- /* Walk through the v4 realms list looking for the default realm */
- const char *profileV4RealmsList[] = { REALMS_V4_PROF_REALMS_SECTION, NULL };
-
- if (profile_get_subsection_names (profile, profileV4RealmsList,
- &profileV4Realms) == 0 &&
- profileV4Realms != NULL) {
-
- char **profileRealm;
- for (profileRealm = profileV4Realms; *profileRealm != NULL; profileRealm++) {
- if (strcmp (*profileRealm, profileDefaultRealm) == 0) {
- /* default realm is a v4 realm */
- profileDefaultRealmIsV4RealmInProfile = 1;
- break;
- }
- }
- }
- }
- }
-
- if (result == KSUCCESS) {
- /* Try to get old-style config file lookup for fallback. */
- FILE *cnffile = NULL;
- char scratch[SCRATCHSZ];
-
- cnffile = krb__get_cnffile();
- if (cnffile != NULL) {
- if (fscanf(cnffile, SCNSCRATCH, scratch) == 1) {
- if (strlen(scratch) < REALM_SZ) {
- strncpy(krbConfLocalRealm, scratch, REALM_SZ);
- krbConfHasLocalRealm = 1;
- }
- }
- fclose(cnffile);
- }
- }
-
- if (result == KSUCCESS) {
- /*
- * We want to favor the profile value over the krb.conf value
- * but not stop suppporting its use with a v5-only profile.
- * So we only use the krb.conf realm when the default profile
- * realm doesn't exist in the v4 realm section of the profile.
- */
- if (krbConfHasLocalRealm && !profileDefaultRealmIsV4RealmInProfile) {
- strncpy (realm, krbConfLocalRealm, REALM_SZ);
- } else if (profileHasDefaultRealm) {
- strncpy (realm, profileDefaultRealm, REALM_SZ);
- } else {
- result = KFAILURE; /* No default realm */
- }
- }
-
- if (profileDefaultRealm != NULL) { profile_release_string (profileDefaultRealm); }
- if (profileV4Realms != NULL) { profile_free_list (profileV4Realms); }
- if (profile != NULL) { profile_abandon (profile); }
-
- return result;
-}
-
-/*
- * Realm, index -> admin KDC mapping
- *
- * Old description from g_admhst.c:
- *
- * Given a Kerberos realm, find a host on which the Kerberos database
- * administration server can be found.
- *
- * krb_get_admhst takes a pointer to be filled in, a pointer to the name
- * of the realm for which a server is desired, and an integer n, and
- * returns (in h) the nth administrative host entry from the configuration
- * file (KRB_CONF, defined in "krb.h") associated with the specified realm.
- * If ATHENA_CONF_FALLBACK is defined, also look in old location.
- *
- * On error, get_admhst returns KFAILURE. If all goes well, the routine
- * returns KSUCCESS.
- *
- * For the format of the KRB_CONF file, see comments describing the routine
- * krb_get_krbhst().
- *
- * This is a temporary hack to allow us to find the nearest system running
- * a Kerberos admin server. In the long run, this functionality will be
- * provided by a nameserver.
- */
-int KRB5_CALLCONV
-krb_get_admhst(
- char *host,
- char *realm,
- int n)
-{
- int result;
- int i;
- FILE *cnffile;
- char linebuf[BUFSIZ];
- char trealm[SCRATCHSZ];
- char thost[SCRATCHSZ];
- char scratch[SCRATCHSZ];
-
- if (n < 1 || host == NULL || realm == NULL)
- return KFAILURE;
-
- result = krb_prof_get_nth(host, MAXHOSTNAMELEN, realm, n,
- REALMS_V4_PROF_REALMS_SECTION,
- REALMS_V4_PROF_ADMIN_KDC);
- if (result == KSUCCESS)
- return result;
-
- /*
- * Do old-style config file lookup.
- */
- cnffile = krb__get_cnffile();
- if (cnffile == NULL)
- return KFAILURE;
- result = KSUCCESS;
- for (i = 0; i < n;) {
- if (fgets(linebuf, BUFSIZ, cnffile) == NULL) {
- result = KFAILURE;
- break;
- }
- if (!strchr(linebuf, '\n')) {
- result = KFAILURE;
- break;
- }
- /*
- * Need to scan for a token after 'admin' to make sure that
- * admin matched correctly.
- */
- if (sscanf(linebuf, SCNSCRATCH " " SCNSCRATCH " admin " SCNSCRATCH,
- trealm, thost, scratch) != 3)
- continue;
- if (!strcmp(trealm, realm))
- i++;
- }
- fclose(cnffile);
- if (result == KSUCCESS && strlen(thost) < MAX_HSTNM)
- strcpy(host, thost);
- else
- result = KFAILURE;
- return result;
-}
-
-/*
- * Realm, index -> kpasswd KDC mapping
- */
-int
-krb_get_kpasswdhst(
- char *host,
- char *realm,
- int n)
-{
- if (n < 1 || host == NULL || realm == NULL)
- return KFAILURE;
-
- return krb_prof_get_nth(host, MAXHOSTNAMELEN, realm, n,
- REALMS_V4_PROF_REALMS_SECTION,
- REALMS_V4_PROF_KPASSWD_KDC);
-}
-
-/*
- * Realm, index -> KDC mapping
- *
- * Old description from g_krbhst.c:
- *
- * Given a Kerberos realm, find a host on which the Kerberos authenti-
- * cation server can be found.
- *
- * krb_get_krbhst takes a pointer to be filled in, a pointer to the name
- * of the realm for which a server is desired, and an integer, n, and
- * returns (in h) the nth entry from the configuration file (KRB_CONF,
- * defined in "krb.h") associated with the specified realm.
- *
- * On end-of-file, krb_get_krbhst returns KFAILURE. If n=1 and the
- * configuration file does not exist, krb_get_krbhst will return KRB_HOST
- * (also defined in "krb.h"). If all goes well, the routine returnes
- * KSUCCESS.
- *
- * The KRB_CONF file contains the name of the local realm in the first
- * line (not used by this routine), followed by lines indicating realm/host
- * entries. The words "admin server" following the hostname indicate that
- * the host provides an administrative database server.
- * This will also look in KRB_FB_CONF if ATHENA_CONF_FALLBACK is defined.
- *
- * For example:
- *
- * ATHENA.MIT.EDU
- * ATHENA.MIT.EDU kerberos-1.mit.edu admin server
- * ATHENA.MIT.EDU kerberos-2.mit.edu
- * LCS.MIT.EDU kerberos.lcs.mit.edu admin server
- *
- * This is a temporary hack to allow us to find the nearest system running
- * kerberos. In the long run, this functionality will be provided by a
- * nameserver.
- */
-#ifdef KRB5_DNS_LOOKUP
-static struct {
- time_t when;
- char realm[REALM_SZ+1];
- struct srv_dns_entry *srv;
-} dnscache = { 0, { 0 }, 0 };
-#define DNS_CACHE_TIMEOUT 60 /* seconds */
-#endif
-
-int KRB5_CALLCONV
-krb_get_krbhst(
- char *host,
- const char *realm,
- int n)
-{
- int result;
- int i;
- FILE *cnffile;
- char linebuf[BUFSIZ];
- char tr[SCRATCHSZ];
- char scratch[SCRATCHSZ];
-#ifdef KRB5_DNS_LOOKUP
- time_t now;
-#endif
-
- if (n < 1 || host == NULL || realm == NULL)
- return KFAILURE;
-
-#ifdef KRB5_DNS_LOOKUP
- /* We'll only have this realm's info in the DNS cache if there is
- no data in the local config files.
-
- XXX The files could've been updated in the last few seconds.
- Do we care? */
- if (!strncmp(dnscache.realm, realm, REALM_SZ)
- && (time(&now), abs(dnscache.when - now) < DNS_CACHE_TIMEOUT)) {
- struct srv_dns_entry *entry;
-
- get_from_dnscache:
- /* n starts at 1, addrs indices run 0..naddrs */
- for (i = 1, entry = dnscache.srv; i < n && entry; i++)
- entry = entry->next;
- if (entry == NULL)
- return KFAILURE;
- if (strlen(entry->host) + 6 >= MAXHOSTNAMELEN)
- return KFAILURE;
- snprintf(host, MAXHOSTNAMELEN, "%s:%d", entry->host, entry->port);
- return KSUCCESS;
- }
-#endif
-
- result = krb_prof_get_nth(host, MAXHOSTNAMELEN, realm, n,
- REALMS_V4_PROF_REALMS_SECTION,
- REALMS_V4_PROF_KDC);
- if (result == KSUCCESS)
- return result;
- /*
- * Do old-style config file lookup.
- */
- do {
- cnffile = krb__get_cnffile();
- if (cnffile == NULL)
- break;
- /* Skip default realm name. */
- if (fscanf(cnffile, SCNSCRATCH, tr) == EOF) {
- fclose(cnffile);
- break;
- }
- result = KSUCCESS;
- for (i = 0; i < n;) {
- if (fgets(linebuf, BUFSIZ, cnffile) == NULL) {
- result = KFAILURE;
- break;
- }
- if (!strchr(linebuf, '\n')) {
- result = KFAILURE;
- break;
- }
- if ((sscanf(linebuf, SCNSCRATCH " " SCNSCRATCH,
- tr, scratch) != 2))
- continue;
- if (!strcmp(tr, realm))
- i++;
- }
- fclose(cnffile);
- if (result == KSUCCESS && strlen(scratch) < MAXHOSTNAMELEN) {
- strcpy(host, scratch);
- return KSUCCESS;
- }
- if (i > 0)
- /* Found some, but not as many as requested. */
- return KFAILURE;
- } while (0);
-#ifdef KRB5_DNS_LOOKUP
- do {
- krb5int_access k5;
- krb5_error_code err;
- krb5_data realmdat;
- struct srv_dns_entry *srv;
-
- err = krb5int_accessor(&k5, KRB5INT_ACCESS_VERSION);
- if (err)
- break;
-
- if (k5.use_dns_kdc(krb5__krb4_context)) {
- realmdat.data = realm;
- realmdat.length = strlen(realm);
- err = k5.make_srv_query_realm(&realmdat, "_kerberos-iv", "_udp",
- &srv);
- if (err)
- break;
-
- if (srv == 0)
- break;
-
- if (dnscache.srv)
- k5.free_srv_dns_data(dnscache.srv);
- dnscache.srv = srv;
- strncpy(dnscache.realm, realm, REALM_SZ);
- dnscache.when = now;
- goto get_from_dnscache;
- }
- } while (0);
-#endif
- return KFAILURE;
-}
-
-/*
- * Hostname -> realm name mapping
- *
- * Old description from realmofhost.c:
- *
- * Given a fully-qualified domain-style primary host name,
- * return the name of the Kerberos realm for the host.
- * If the hostname contains no discernable domain, or an error occurs,
- * return the local realm name, as supplied by get_krbrlm().
- * If the hostname contains a domain, but no translation is found,
- * the hostname's domain is converted to upper-case and returned.
- *
- * The format of each line of the translation file is:
- * domain_name kerberos_realm
- * -or-
- * host_name kerberos_realm
- *
- * domain_name should be of the form .XXX.YYY (e.g. .LCS.MIT.EDU)
- * host names should be in the usual form (e.g. FOO.BAR.BAZ)
- */
-char * KRB5_CALLCONV
-krb_realmofhost(char *host)
-{
- /* Argh! */
- static char realm[REALM_SZ];
- char *lhost;
- const char *names[] = {REALMS_V4_PROF_DOMAIN_SECTION, NULL, NULL};
- char **values = NULL;
- profile_t profile = NULL;
- long profErr;
- char hostname[MAXHOSTNAMELEN];
- char *p;
- char *domain;
- FILE *trans_file = NULL;
- int retval;
- char thost[SCRATCHSZ];
- char trealm[SCRATCHSZ];
- struct hostent *h;
-
- /* Return local realm if all else fails */
- krb_get_lrealm(realm, 1);
-
- /* Forward-resolve in case domain is missing. */
- h = gethostbyname(host);
- if (h == NULL)
- lhost = host;
- else
- lhost = h->h_name;
-
- if (strlen(lhost) >= MAXHOSTNAMELEN)
- return realm;
- strcpy(hostname, lhost);
-
- /* Remove possible trailing dot. */
- p = strrchr(hostname, '.');
- if (p != NULL && p[1] == '\0')
- *p = '\0';
- domain = strchr(hostname, '.');
- /*
- * If the hostname is just below the top, e.g., CYGNUS.COM, then
- * we special-case it; if someone really wants a realm called COM
- * they will just have to specify it properly.
- */
- if (domain != NULL) {
- domain++;
- p = strchr(domain, '.');
- if (p == NULL)
- domain = lhost;
- if (strlen(domain) < REALM_SZ) {
- strncpy(realm, domain, REALM_SZ);
- /* Upcase realm name. */
- for (p = hostname; *p != '\0'; p++) {
- if (*p > 0 && islower((unsigned char)*p))
- *p = toupper((unsigned char)*p);
- }
- }
- }
- /* Downcase hostname. */
- for (p = hostname; *p != '\0'; p++) {
- if (*p > 0 && isupper((unsigned char)*p))
- *p = tolower((unsigned char)*p);
- }
-
- profErr = krb_get_profile(&profile);
- if (profErr)
- goto cleanup;
-
- for (domain = hostname; domain != NULL && *domain != '\0';) {
- names[1] = domain;
- values = NULL;
- profErr = profile_get_values(profile, names, &values);
- if (!profErr && strlen(values[0]) < REALM_SZ) {
- /* Found, return it */
- strncpy(realm, values[0], REALM_SZ);
- profile_free_list(values);
- break;
- } else {
- /* Skip over leading dot. */
- if (*domain == '.')
- domain++;
- domain = strchr(domain, '.');
- }
- profile_free_list(values);
- }
-cleanup:
- if (profile != NULL)
- profile_abandon(profile);
-
- trans_file = krb__get_realmsfile();
- if (trans_file == NULL)
- return realm;
- domain = strchr(hostname, '.');
- for (;;) {
- retval = fscanf(trans_file, SCNSCRATCH " " SCNSCRATCH,
- thost, trealm);
- if (retval == EOF)
- break;
- if (retval != 2 || strlen(trealm) >= REALM_SZ)
- continue; /* Ignore malformed lines. */
- /* Attempt to match domain. */
- if (*thost == '.') {
- if (domain && !strcasecmp(thost, domain)) {
- strncpy(realm, trealm, REALM_SZ);
- continue; /* Try again for an exact match. */
- }
- } else {
- /* Hostname must match exactly. */
- if (!strcasecmp(thost, hostname)) {
- strncpy(realm, trealm, REALM_SZ);
- break;
- }
- }
- }
- fclose(trans_file);
- return realm;
-}
+++ /dev/null
-/*
- * lib/krb4/ad_print.c
- *
- * Copyright 1988 by the Massachusetts Institute of Technology. All
- * Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include "des.h"
-#include "krb4int.h"
-#include <stdio.h>
-#include "port-sockets.h"
-
-#ifndef _WIN32
-
-/*
- * Print some of the contents of the given authenticator structure
- * (AUTH_DAT defined in "krb.h"). Fields printed are:
- *
- * pname, pinst, prealm, netaddr, flags, cksum, timestamp, session
- */
-
-void
-ad_print(x)
- AUTH_DAT *x;
-{
- struct in_addr ina;
- ina.s_addr = x->address;
-
- printf("\n%s %s %s ", x->pname, x->pinst, x->prealm);
- far_fputs (inet_ntoa(ina), stdout);
- printf(" flags %u cksum 0x%lX\n\ttkt_tm 0x%lX sess_key",
- x->k_flags, (long) x->checksum, (long) x->time_sec);
- printf("[8] =");
-#ifdef NOENCRYPTION
- placebo_cblock_print(x->session);
-#else /* Do Encryption */
- des_cblock_print_file(&x->session,stdout);
-#endif /* NOENCRYPTION */
- /* skip reply for now */
-}
-
-#ifdef NOENCRYPTION
-/*
- * Print in hex the 8 bytes of the given session key.
- *
- * Printed format is: " 0x { x, x, x, x, x, x, x, x }"
- */
-
-placebo_cblock_print(x)
- des_cblock x;
-{
- unsigned char *y = (unsigned char *) x;
- register int i = 0;
-
- printf(" 0x { ");
-
- while (i++ <8) {
- printf("%x",*y++);
- if (i<8) printf(", ");
- }
- printf(" }");
-}
-#endif /* NOENCRYPTION */
-
-#endif
+++ /dev/null
-/*
- * change_password.c
- *
- * Copyright 1987, 1988, 2002 by the Massachusetts Institute of
- * Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include <string.h>
-#include <stdlib.h>
-
-#include "krb.h"
-#include "krb4int.h"
-#include "kadm.h"
-#include "prot.h"
-
-/*
- * krb_change_password(): This disgusting function handles changing passwords
- * in a krb4-only environment.
- * -1783126240
- * THIS IS NOT A NORMAL KRB4 API FUNCTION! DON'T USE IN PORTABLE CODE!
- */
-
-int KRB5_CALLCONV
-krb_change_password(char *principal, char *instance, char *realm,
- char *oldPassword, char *newPassword)
-{
- int err;
- des_cblock key;
- KRB_UINT32 tempKey;
- size_t sendSize;
- u_char *sendStream;
- size_t receiveSize;
- u_char *receiveStream;
- Kadm_Client client_parm;
- u_char *p;
-
- err = 0;
-
- /* Check inputs: */
- if (principal == NULL || instance == NULL || realm == NULL ||
- oldPassword == NULL || newPassword == NULL) {
- return KFAILURE;
- }
-
- /*
- * Get tickets to change the old password and shove them in the
- * client_parm
- */
- err = krb_get_pw_in_tkt_creds(principal, instance, realm,
- PWSERV_NAME, KADM_SINST, 1,
- oldPassword, &client_parm.creds);
- if (err != KSUCCESS)
- goto cleanup;
-
- /* Now create the key to send to the server */
- /* Use this and not mit_password_to_key so that we don't prompt */
- des_string_to_key(newPassword, key);
-
- /* Create the link to the server */
- err = kadm_init_link(PWSERV_NAME, KRB_MASTER, realm, &client_parm, 1);
- if (err != KADM_SUCCESS)
- goto cleanup;
-
- /* Connect to the KDC */
- err = kadm_cli_conn(&client_parm);
- if (err != KADM_SUCCESS)
- goto cleanup;
-
- /* possible problem with vts_long on a non-multiple of four boundary */
- sendSize = 0; /* start of our output packet */
- sendStream = malloc(1); /* to make it reallocable */
- if (sendStream == NULL)
- goto disconnect;
- sendStream[sendSize++] = CHANGE_PW;
-
- /* change key to stream */
- /* This looks backwards but gets inverted on the server side. */
- p = key + 4;
- KRB4_GET32BE(tempKey, p);
- sendSize += vts_long(tempKey, &sendStream, (int)sendSize);
- p = key;
- KRB4_GET32BE(tempKey, p);
- sendSize += vts_long(tempKey, &sendStream, (int)sendSize);
- tempKey = 0;
-
- if (newPassword) {
- sendSize += vts_string(newPassword, &sendStream, (int)sendSize);
- }
-
- /* send the data to the kdc */
- err = kadm_cli_send(&client_parm, sendStream, sendSize,
- &receiveStream, &receiveSize);
- free(sendStream);
- if (receiveSize > 0)
- /* If there is a string from the kdc, free it - we don't care */
- free(receiveStream);
- if (err != KADM_SUCCESS)
- goto disconnect;
-
-disconnect:
- /* Disconnect */
- kadm_cli_disconn(&client_parm);
-
-cleanup:
- memset(&client_parm.creds.session, 0, sizeof(client_parm.creds.session));
- memset(&key, 0, sizeof(key));
- return err;
-}
+++ /dev/null
-/*
- * lib/krb4/cr_auth_repl.c
- *
- * Copyright 1985, 1986, 1987, 1988, 2000 by the Massachusetts
- * Institute of Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include "prot.h"
-#include <string.h>
-
-/*
- * This routine is called by the Kerberos authentication server
- * to create a reply to an authentication request. The routine
- * takes the user's name, instance, and realm, the client's
- * timestamp, the number of tickets, the user's key version
- * number and the ciphertext containing the tickets themselves.
- * It constructs a packet and returns a pointer to it.
- *
- * Notes: The packet returned by this routine is static. Thus, if you
- * intend to keep the result beyond the next call to this routine, you
- * must copy it elsewhere.
- *
- * The packet is built in the following format:
- *
- * variable
- * type or constant data
- * ---- ----------- ----
- *
- * unsigned char KRB_PROT_VERSION protocol version number
- *
- * unsigned char AUTH_MSG_KDC_REPLY protocol message type
- *
- * [least significant HOST_BYTE_ORDER sender's (server's) byte
- * bit of above field] order
- *
- * string pname principal's name
- *
- * string pinst principal's instance
- *
- * string prealm principal's realm
- *
- * unsigned long time_ws client's timestamp
- *
- * unsigned char n number of tickets
- *
- * unsigned long x_date expiration date
- *
- * unsigned char kvno master key version
- *
- * short w_1 cipher length
- *
- * --- cipher->dat cipher data
- */
-
-KTEXT
-create_auth_reply(pname, pinst, prealm, time_ws, n, x_date, kvno, cipher)
- char *pname; /* Principal's name */
- char *pinst; /* Principal's instance */
- char *prealm; /* Principal's authentication domain */
- long time_ws; /* Workstation time */
- int n; /* Number of tickets */
- unsigned long x_date; /* Principal's expiration date */
- int kvno; /* Principal's key version number */
- KTEXT cipher; /* Cipher text with tickets and
- * session keys */
-{
- static KTEXT_ST pkt_st;
- KTEXT pkt = &pkt_st;
- unsigned char *p;
- size_t pnamelen, pinstlen, prealmlen;
-
- /* Create fixed part of packet */
- p = pkt->dat;
- /* This is really crusty. */
- if (n != 0)
- *p++ = 3;
- else
- *p++ = KRB_PROT_VERSION;
- *p++ = AUTH_MSG_KDC_REPLY; /* always big-endian */
-
- /* Make sure the response will actually fit into its buffer. */
- pnamelen = strlen(pname) + 1;
- pinstlen = strlen(pinst) + 1;
- prealmlen = strlen(prealm) + 1;
- if (sizeof(pkt->dat) < (1 + 1 + pnamelen + pinstlen + prealmlen
- + 4 + 1 + 4 + 1 + 2 + cipher->length)
- || cipher->length > 65535 || cipher->length < 0) {
- pkt->length = 0;
- return NULL;
- }
- /* Add the basic info */
- memcpy(p, pname, pnamelen);
- p += pnamelen;
- memcpy(p, pinst, pinstlen);
- p += pinstlen;
- memcpy(p, prealm, prealmlen);
- p += prealmlen;
-
- /* Workstation timestamp */
- KRB4_PUT32BE(p, time_ws);
-
- *p++ = n;
-
- /* Expiration date */
- KRB4_PUT32BE(p, x_date);
-
- /* Now send the ciphertext and info to help decode it */
- *p++ = kvno;
- KRB4_PUT16BE(p, cipher->length);
- memcpy(p, cipher->dat, (size_t)cipher->length);
- p += cipher->length;
-
- /* And return the packet */
- pkt->length = p - pkt->dat;
- return pkt;
-}
+++ /dev/null
-/*
- * lib/krb4/cr_ciph.c
- *
- * Copyright 1986, 1987, 1988, 2000 by the Massachusetts Institute of
- * Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include "prot.h"
-#include "des.h"
-#include <string.h>
-
-/*
- * This routine is used by the authentication server to create
- * a packet for its client, containing a ticket for the requested
- * service (given in "tkt"), and some information about the ticket,
-#ifndef NOENCRYPTION
- * all encrypted in the given key ("key").
-#endif
- *
- * Returns KSUCCESS no matter what.
- *
- * The length of the cipher is stored in c->length; the format of
- * c->dat is as follows:
- *
- * variable
- * type or constant data
- * ---- ----------- ----
- *
- *
- * 8 bytes session session key for client, service
- *
- * string service service name
- *
- * string instance service instance
- *
- * string realm KDC realm
- *
- * unsigned char life ticket lifetime
- *
- * unsigned char kvno service key version number
- *
- * unsigned char tkt->length length of following ticket
- *
- * data tkt->dat ticket for service
- *
- * 4 bytes kdc_time KDC's timestamp
- *
- * <=7 bytes null null pad to 8 byte multiple
- *
- */
-
-int
-create_ciph(c, session, service, instance, realm, life, kvno, tkt,
- kdc_time, key)
- KTEXT c; /* Text block to hold ciphertext */
- C_Block session; /* Session key to send to user */
- char *service; /* Service name on ticket */
- char *instance; /* Instance name on ticket */
- char *realm; /* Realm of this KDC */
- unsigned long life; /* Lifetime of the ticket */
- int kvno; /* Key version number for service */
- KTEXT tkt; /* The ticket for the service */
- unsigned long kdc_time; /* KDC time */
- C_Block key; /* Key to encrypt ciphertext with */
-{
- unsigned char *ptr;
- size_t servicelen, instancelen, realmlen;
- Key_schedule key_s;
-
- ptr = c->dat;
-
- /* Validate lengths. */
- servicelen = strlen(service) + 1;
- instancelen = strlen(instance) + 1;
- realmlen = strlen(realm) + 1;
- if (sizeof(c->dat) / 8 < ((8 + servicelen + instancelen + realmlen
- + 1 + 1 + 1 + tkt->length
- + 4 + 7) / 8)
- || tkt->length > 255 || tkt->length < 0) {
- c->length = 0;
- return KFAILURE;
- }
-
- memcpy(ptr, session, 8);
- ptr += 8;
-
- memcpy(ptr, service, servicelen);
- ptr += servicelen;
- memcpy(ptr, instance, instancelen);
- ptr += instancelen;
- memcpy(ptr, realm, realmlen);
- ptr += realmlen;
-
- *ptr++ = life;
- *ptr++ = kvno;
- *ptr++ = tkt->length;
-
- memcpy(ptr, tkt->dat, (size_t)tkt->length);
- ptr += tkt->length;
-
- KRB4_PUT32BE(ptr, kdc_time);
-
- /* guarantee null padded encrypted data to multiple of 8 bytes */
- memset(ptr, 0, 7);
-
- c->length = (((ptr - c->dat) + 7) / 8) * 8;
-
-#ifndef NOENCRYPTION
- key_sched(key, key_s);
- pcbc_encrypt((C_Block *)c->dat, (C_Block *)c->dat,
- (long)c->length, key_s, (C_Block*)key, ENCRYPT);
- memset(key_s, 0, sizeof(key_s));
-#endif /* NOENCRYPTION */
-
- return KSUCCESS;
-}
+++ /dev/null
-/*
- * lib/krb4/cr_death_pkt.c
- *
- * Copyright 1985, 1986, 1987, 1988, 2000 by the Massachusetts
- * Institute of Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include "prot.h"
-#include <string.h>
-
-/*
- * This routine creates a packet to type AUTH_MSG_DIE which is sent to
- * the Kerberos server to make it shut down. It is used only in the
- * development environment.
- *
- * It takes a string "a_name" which is sent in the packet. A pointer
- * to the packet is returned.
- *
- * The format of the killer packet is:
- *
- * type variable data
- * or constant
- * ---- ----------- ----
- *
- * unsigned char KRB_PROT_VERSION protocol version number
- *
- * unsigned char AUTH_MSG_DIE message type
- *
- * [least significant HOST_BYTE_ORDER byte order of sender
- * bit of above field]
- *
- * string a_name presumably, name of
- * principal sending killer
- * packet
- */
-
-#ifdef DEBUG
-KTEXT
-krb_create_death_packet(a_name)
- char *a_name;
-{
- static KTEXT_ST pkt_st;
- KTEXT pkt = &pkt_st;
- unsigned char *p;
- size_t namelen;
-
- p = pkt->dat;
- *p++ = KRB_PROT_VERSION;
- *p++ = AUTH_MSG_DIE;
- namelen = strlen(a_name) + 1;
- if (1 + 1 + namelen > sizeof(pkt->dat))
- return NULL;
- memcpy(p, a_name, namelen);
- p += namelen;
- pkt->length = p - pkt->dat;
- return pkt;
-}
-#endif /* DEBUG */
+++ /dev/null
-/*
- * lib/krb4/cr_err_repl.c
- *
- * Copyright 1985, 1986, 1987, 1988, 2000 by the Massachusetts
- * Institute of Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include "prot.h"
-#include <string.h>
-
-/*
- * This routine is used by the Kerberos authentication server to
- * create an error reply packet to send back to its client.
- *
- * It takes a pointer to the packet to be built, the name, instance,
- * and realm of the principal, the client's timestamp, an error code
- * and an error string as arguments. Its return value is undefined.
- *
- * The packet is built in the following format:
- *
- * type variable data
- * or constant
- * ---- ----------- ----
- *
- * unsigned char req_ack_vno protocol version number
- *
- * unsigned char AUTH_MSG_ERR_REPLY protocol message type
- *
- * [least significant HOST_BYTE_ORDER sender's (server's) byte
- * bit of above field] order
- *
- * string pname principal's name
- *
- * string pinst principal's instance
- *
- * string prealm principal's realm
- *
- * unsigned long time_ws client's timestamp
- *
- * unsigned long e error code
- *
- * string e_string error text
- */
-
-void
-cr_err_reply(pkt,pname,pinst,prealm,time_ws,e,e_string)
- KTEXT pkt;
- char *pname; /* Principal's name */
- char *pinst; /* Principal's instance */
- char *prealm; /* Principal's authentication domain */
- u_long time_ws; /* Workstation time */
- u_long e; /* Error code */
- char *e_string; /* Text of error */
-{
- unsigned char *p;
- size_t pnamelen, pinstlen, prealmlen, e_stringlen;
-
- p = pkt->dat;
- *p++ = KRB_PROT_VERSION;
- *p++ = AUTH_MSG_ERR_REPLY;
-
- /* Make sure the reply will fit into the buffer. */
- pnamelen = strlen(pname) + 1;
- pinstlen = strlen(pinst) + 1;
- prealmlen = strlen(prealm) + 1;
- e_stringlen = strlen(e_string) + 1;
- if(sizeof(pkt->dat) < (1 + 1 + pnamelen + pinstlen + prealmlen
- + 4 + 4 + e_stringlen)) {
- pkt->length = 0;
- return;
- }
- /* Add the basic info */
- memcpy(p, pname, pnamelen);
- p += pnamelen;
- memcpy(p, pinst, pinstlen);
- p += pinstlen;
- memcpy(p, prealm, prealmlen);
- p += prealmlen;
- /* ws timestamp */
- KRB4_PUT32BE(p, time_ws);
- /* err code */
- KRB4_PUT32BE(p, e);
- /* err text */
- memcpy(p, e_string, e_stringlen);
- p += e_stringlen;
-
- /* And return */
- pkt->length = p - pkt->dat;
- return;
-}
+++ /dev/null
-/*
- * lib/krb4/cr_tkt.c
- *
- * Copyright 1985, 1986, 1987, 1988, 2000 by the Massachusetts
- * Institute of Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include <krb5.h>
-#include "des.h"
-#include "krb.h"
-#include "prot.h"
-#include <string.h>
-#include "port-sockets.h"
-
-static int
-krb_cr_tkt_int (KTEXT tkt, unsigned int flags_in, char *pname,
- char *pinstance, char *prealm, long paddress,
- char *session, int life, long time_sec,
- char *sname, char *sinstance);
-
-/*
- * Create ticket takes as arguments information that should be in a
- * ticket, and the KTEXT object in which the ticket should be
- * constructed. It then constructs a ticket and returns, leaving the
- * newly created ticket in tkt.
-#ifndef NOENCRYPTION
- * The data in tkt->dat is encrypted in the server's key.
-#endif
- * The length of the ticket is a multiple of
- * eight bytes and is in tkt->length.
- *
- * If the ticket is too long, the ticket will contain nulls.
- * The return value of the routine is undefined.
- *
- * The corresponding routine to extract information from a ticket it
- * decomp_ticket. When changes are made to this routine, the
- * corresponding changes should also be made to that file.
- *
- * The packet is built in the following format:
- *
- * variable
- * type or constant data
- * ---- ----------- ----
- *
- * tkt->length length of ticket (multiple of 8 bytes)
- *
-#ifdef NOENCRYPTION
- * tkt->dat:
-#else
- * tkt->dat: (encrypted in server's key)
-#endif
- *
- * unsigned char flags namely, HOST_BYTE_ORDER
- *
- * string pname client's name
- *
- * string pinstance client's instance
- *
- * string prealm client's realm
- *
- * 4 bytes paddress client's address
- *
- * 8 bytes session session key
- *
- * 1 byte life ticket lifetime
- *
- * 4 bytes time_sec KDC timestamp
- *
- * string sname service's name
- *
- * string sinstance service's instance
- *
- * <=7 bytes null null pad to 8 byte multiple
- *
- */
-int
-krb_create_ticket(tkt, flags, pname, pinstance, prealm, paddress,
- session, life, time_sec, sname, sinstance, key)
- KTEXT tkt; /* Gets filled in by the ticket */
- unsigned int flags; /* Various Kerberos flags */
- char *pname; /* Principal's name */
- char *pinstance; /* Principal's instance */
- char *prealm; /* Principal's authentication domain */
- long paddress; /* Net address of requesting entity */
- char *session; /* Session key inserted in ticket */
- int life; /* Lifetime of the ticket */
- long time_sec; /* Issue time and date */
- char *sname; /* Service Name */
- char *sinstance; /* Instance Name */
- C_Block key; /* Service's secret key */
-{
- int kerr;
- Key_schedule key_s;
-
- kerr = krb_cr_tkt_int(tkt, flags, pname, pinstance, prealm, paddress,
- session, life, time_sec, sname, sinstance);
- if (kerr)
- return kerr;
-
- /* Encrypt the ticket in the services key */
- key_sched(key, key_s);
- pcbc_encrypt((C_Block *)tkt->dat, (C_Block *)tkt->dat,
- (long)tkt->length, key_s, (C_Block *)key, 1);
- memset(key_s, 0, sizeof(key_s));
- return 0;
-}
-
-int
-krb_cr_tkt_krb5(tkt, flags, pname, pinstance, prealm, paddress,
- session, life, time_sec, sname, sinstance, k5key)
- KTEXT tkt; /* Gets filled in by the ticket */
- unsigned int flags; /* Various Kerberos flags */
- char *pname; /* Principal's name */
- char *pinstance; /* Principal's instance */
- char *prealm; /* Principal's authentication domain */
- long paddress; /* Net address of requesting entity */
- char *session; /* Session key inserted in ticket */
- int life; /* Lifetime of the ticket */
- long time_sec; /* Issue time and date */
- char *sname; /* Service Name */
- char *sinstance; /* Instance Name */
- krb5_keyblock *k5key; /* NULL if not present */
-{
- int kerr;
- krb5_data in;
- krb5_enc_data out;
- krb5_error_code ret;
- size_t enclen;
-
- kerr = krb_cr_tkt_int(tkt, flags, pname, pinstance, prealm,
- paddress, session, life, time_sec,
- sname, sinstance);
- if (kerr)
- return kerr;
-
- /* Encrypt the ticket in the services key */
- in.length = tkt->length;
- in.data = (char *)tkt->dat;
- /* XXX assumes context arg is ignored */
- ret = krb5_c_encrypt_length(NULL, k5key->enctype,
- (size_t)in.length, &enclen);
- if (ret)
- return KFAILURE;
- out.ciphertext.length = enclen;
- out.ciphertext.data = malloc(enclen);
- if (out.ciphertext.data == NULL)
- return KFAILURE; /* XXX maybe ENOMEM? */
-
- /* XXX assumes context arg is ignored */
- ret = krb5_c_encrypt(NULL, k5key, KRB5_KEYUSAGE_KDC_REP_TICKET,
- NULL, &in, &out);
- if (ret) {
- free(out.ciphertext.data);
- return KFAILURE;
- } else {
- tkt->length = out.ciphertext.length;
- memcpy(tkt->dat, out.ciphertext.data, out.ciphertext.length);
- memset(out.ciphertext.data, 0, out.ciphertext.length);
- free(out.ciphertext.data);
- }
- return 0;
-}
-
-static int
-krb_cr_tkt_int(tkt, flags_in, pname, pinstance, prealm, paddress,
- session, life, time_sec, sname, sinstance)
- KTEXT tkt; /* Gets filled in by the ticket */
- unsigned int flags_in; /* Various Kerberos flags */
- char *pname; /* Principal's name */
- char *pinstance; /* Principal's instance */
- char *prealm; /* Principal's authentication domain */
- long paddress; /* Net address of requesting entity */
- char *session; /* Session key inserted in ticket */
- int life; /* Lifetime of the ticket */
- long time_sec; /* Issue time and date */
- char *sname; /* Service Name */
- char *sinstance; /* Instance Name */
-{
- register unsigned char *data; /* running index into ticket */
- size_t pnamelen, pinstlen, prealmlen, snamelen, sinstlen;
- struct in_addr paddr;
-
- /* Be really paranoid. */
- if (sizeof(paddr.s_addr) != 4)
- return KFAILURE;
-
- tkt->length = 0; /* Clear previous data */
-
- /* Check length of ticket */
- pnamelen = strlen(pname) + 1;
- pinstlen = strlen(pinstance) + 1;
- prealmlen = strlen(prealm) + 1;
- snamelen = strlen(sname) + 1;
- sinstlen = strlen(sinstance) + 1;
- if (sizeof(tkt->dat) / 8 < ((1 + pnamelen + pinstlen + prealmlen
- + 4 /* address */
- + 8 /* session */
- + 1 /* life */
- + 4 /* issue time */
- + snamelen + sinstlen
- + 7) / 8) /* roundoff */
- || life > 255 || life < 0) {
- memset(tkt->dat, 0, sizeof(tkt->dat));
- return KFAILURE /* XXX */;
- }
-
- data = tkt->dat;
- *data++ = flags_in;
- memcpy(data, pname, pnamelen);
- data += pnamelen;
- memcpy(data, pinstance, pinstlen);
- data += pinstlen;
- memcpy(data, prealm, prealmlen);
- data += prealmlen;
-
- paddr.s_addr = paddress;
- memcpy(data, &paddr.s_addr, sizeof(paddr.s_addr));
- data += sizeof(paddr.s_addr);
-
- memcpy(data, session, 8);
- data += 8;
- *data++ = life;
- /* issue time */
- KRB4_PUT32BE(data, time_sec);
-
- memcpy(data, sname, snamelen);
- data += snamelen;
- memcpy(data, sinstance, sinstlen);
- data += sinstlen;
-
- /* guarantee null padded ticket to multiple of 8 bytes */
- memset(data, 0, 7);
- tkt->length = ((data - tkt->dat + 7) / 8) * 8;
- return 0;
-}
+++ /dev/null
-/*
- * debug.c
- *
- * Copyright 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- */
-
-#include "mit-copyright.h"
-
-/* Declare global debugging variables. */
-
-int krb_ap_req_debug = 0;
-int krb_debug = 0;
+++ /dev/null
-/*
- * lib/krb4/decomp_tkt.c
- *
- * Copyright 1985, 1986, 1987, 1988, 2000, 2001 by the Massachusetts
- * Institute of Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "des.h"
-#include "krb.h"
-#include "prot.h"
-#include <string.h>
-#include <krb5.h>
-#include "krb54proto.h"
-#include "port-sockets.h"
-
-#ifdef KRB_CRYPT_DEBUG
-extern int krb_debug;
-#endif
-
-static int dcmp_tkt_int (KTEXT tkt, unsigned char *flags,
- char *pname, char *pinstance, char *prealm,
- unsigned KRB4_32 *paddress, C_Block session,
- int *life, unsigned KRB4_32 *time_sec,
- char *sname, char *sinstance, C_Block key,
- Key_schedule key_s, krb5_keyblock *k5key);
-/*
- * This routine takes a ticket and pointers to the variables that
- * should be filled in based on the information in the ticket. It
-#ifndef NOENCRYPTION
- * decrypts the ticket using the given key, and
-#endif
- * fills in values for its arguments.
- *
- * Note: if the client realm field in the ticket is the null string,
- * then the "prealm" variable is filled in with the local realm (as
- * defined by KRB_REALM).
- *
- * If the ticket byte order is different than the host's byte order
- * (as indicated by the byte order bit of the "flags" field), then
- * the KDC timestamp "time_sec" is byte-swapped. The other fields
- * potentially affected by byte order, "paddress" and "session" are
- * not byte-swapped.
- *
- * The routine returns KFAILURE if any of the "pname", "pinstance",
- * or "prealm" fields is too big, otherwise it returns KSUCCESS.
- *
- * The corresponding routine to generate tickets is create_ticket.
- * When changes are made to this routine, the corresponding changes
- * should also be made to that file.
- *
- * See create_ticket.c for the format of the ticket packet.
- */
-
-int KRB5_CALLCONV /* XXX should this be exported on win32? */
-decomp_ticket(tkt, flags, pname, pinstance, prealm, paddress, session,
- life, time_sec, sname, sinstance, key, key_s)
- KTEXT tkt; /* The ticket to be decoded */
- unsigned char *flags; /* Kerberos ticket flags */
- char *pname; /* Authentication name */
- char *pinstance; /* Principal's instance */
- char *prealm; /* Principal's authentication domain */
- unsigned KRB4_32 *paddress; /* Net address of entity
- * requesting ticket */
- C_Block session; /* Session key inserted in ticket */
- int *life; /* Lifetime of the ticket */
- unsigned KRB4_32 *time_sec; /* Issue time and date */
- char *sname; /* Service name */
- char *sinstance; /* Service instance */
- C_Block key; /* Service's secret key
- * (to decrypt the ticket) */
- Key_schedule key_s; /* The precomputed key schedule */
-{
- return
- dcmp_tkt_int(tkt, flags, pname, pinstance, prealm,
- paddress, session, life, time_sec, sname, sinstance,
- key, key_s, NULL);
-}
-
-int
-decomp_tkt_krb5(tkt, flags, pname, pinstance, prealm, paddress, session,
- life, time_sec, sname, sinstance, k5key)
- KTEXT tkt; /* The ticket to be decoded */
- unsigned char *flags; /* Kerberos ticket flags */
- char *pname; /* Authentication name */
- char *pinstance; /* Principal's instance */
- char *prealm; /* Principal's authentication domain */
- unsigned KRB4_32 *paddress; /* Net address of entity
- * requesting ticket */
- C_Block session; /* Session key inserted in ticket */
- int *life; /* Lifetime of the ticket */
- unsigned KRB4_32 *time_sec; /* Issue time and date */
- char *sname; /* Service name */
- char *sinstance; /* Service instance */
- krb5_keyblock *k5key; /* krb5 keyblock of service */
-{
- C_Block key; /* placeholder; doesn't get used */
- Key_schedule key_s; /* placeholder; doesn't get used */
-
- return
- dcmp_tkt_int(tkt, flags, pname, pinstance, prealm, paddress, session,
- life, time_sec, sname, sinstance, key, key_s, k5key);
-}
-
-static int
-dcmp_tkt_int(tkt, flags, pname, pinstance, prealm, paddress, session,
- life, time_sec, sname, sinstance, key, key_s, k5key)
- KTEXT tkt; /* The ticket to be decoded */
- unsigned char *flags; /* Kerberos ticket flags */
- char *pname; /* Authentication name */
- char *pinstance; /* Principal's instance */
- char *prealm; /* Principal's authentication domain */
- unsigned KRB4_32 *paddress; /* Net address of entity
- * requesting ticket */
- C_Block session; /* Session key inserted in ticket */
- int *life; /* Lifetime of the ticket */
- unsigned KRB4_32 *time_sec; /* Issue time and date */
- char *sname; /* Service name */
- char *sinstance; /* Service instance */
- C_Block key; /* Service's secret key
- * (to decrypt the ticket) */
- Key_schedule key_s; /* The precomputed key schedule */
- krb5_keyblock *k5key; /* krb5 keyblock of service */
-{
- int tkt_le; /* little-endian ticket? */
- unsigned char *ptr = tkt->dat;
- int kret, len;
- struct in_addr paddr;
-
- /* Be really paranoid. */
- if (sizeof(paddr.s_addr) != 4)
- return KFAILURE;
-
-#ifndef NOENCRYPTION
- /* Do the decryption */
-#ifdef KRB_CRYPT_DEBUG
- if (krb_debug) {
- FILE *fp;
- char *keybuf[BUFSIZ]; /* Avoid secret stuff in stdio buffers */
-
- fp = fopen("/kerberos/tkt.des", "wb");
- setbuf(fp, keybuf);
- fwrite(tkt->dat, 1, tkt->length, fp);
- fclose(fp);
- memset(keybuf, 0, sizeof(keybuf)); /* Clear the buffer */
- }
-#endif
- if (k5key != NULL) {
- /* block locals */
- krb5_enc_data in;
- krb5_data out;
- krb5_error_code ret;
-
- in.enctype = k5key->enctype;
- in.kvno = 0;
- in.ciphertext.length = tkt->length;
- in.ciphertext.data = (char *)tkt->dat;
- out.length = tkt->length;
- out.data = malloc((size_t)tkt->length);
- if (out.data == NULL)
- return KFAILURE; /* XXX maybe ENOMEM? */
-
- /* XXX note the following assumes that context arg isn't used */
- ret =
- krb5_c_decrypt(NULL, k5key,
- KRB5_KEYUSAGE_KDC_REP_TICKET, NULL, &in, &out);
- if (ret) {
- free(out.data);
- return KFAILURE;
- } else {
- memcpy(tkt->dat, out.data, out.length);
- memset(out.data, 0, out.length);
- free(out.data);
- }
- } else {
- pcbc_encrypt((C_Block *)tkt->dat, (C_Block *)tkt->dat,
- (long)tkt->length, key_s, (C_Block *)key, 0);
- }
-#endif /* ! NOENCRYPTION */
-#ifdef KRB_CRYPT_DEBUG
- if (krb_debug) {
- FILE *fp;
- char *keybuf[BUFSIZ]; /* Avoid secret stuff in stdio buffers */
-
- fp = fopen("/kerberos/tkt.clear", "wb");
- setbuf(fp, keybuf);
- fwrite(tkt->dat, 1, tkt->length, fp);
- fclose(fp);
- memset(keybuf, 0, sizeof(keybuf)); /* Clear the buffer */
- }
-#endif
-
-#define TKT_REMAIN (tkt->length - (ptr - tkt->dat))
- kret = KFAILURE;
- if (TKT_REMAIN < 1)
- goto cleanup;
- *flags = *ptr++;
- tkt_le = (*flags >> K_FLAG_ORDER) & 1;
-
- len = krb4int_strnlen((char *)ptr, TKT_REMAIN) + 1;
- if (len <= 0 || len > ANAME_SZ)
- goto cleanup;
- memcpy(pname, ptr, (size_t)len);
- ptr += len;
-
- len = krb4int_strnlen((char *)ptr, TKT_REMAIN) + 1;
- if (len <= 0 || len > INST_SZ)
- goto cleanup;
- memcpy(pinstance, ptr, (size_t)len);
- ptr += len;
-
- len = krb4int_strnlen((char *)ptr, TKT_REMAIN) + 1;
- if (len <= 0 || len > REALM_SZ)
- goto cleanup;
- memcpy(prealm, ptr, (size_t)len);
- ptr += len;
-
- /*
- * This hack may be needed for some really krb4 servers, such as
- * AFS kaserver (?), that fail to fill in the realm of a ticket
- * under some circumstances.
- */
- if (*prealm == '\0')
- krb_get_lrealm(prealm, 1);
-
- /*
- * Ensure there's enough remaining in the ticket to get the
- * fixed-size stuff.
- */
- if (TKT_REMAIN < 4 + 8 + 1 + 4)
- goto cleanup;
-
- memcpy(&paddr.s_addr, ptr, sizeof(paddr.s_addr));
- ptr += sizeof(paddr.s_addr);
- *paddress = paddr.s_addr;
-
- memcpy(session, ptr, 8); /* session key */
- memset(ptr, 0, 8);
- ptr += 8;
-#ifdef notdef /* DONT SWAP SESSION KEY spm 10/22/86 */
- if (tkt_swap_bytes)
- swap_C_Block(session);
-#endif
-
- *life = *ptr++;
-
- KRB4_GET32(*time_sec, ptr, tkt_le);
-
- len = krb4int_strnlen((char *)ptr, TKT_REMAIN) + 1;
- if (len <= 0 || len > SNAME_SZ)
- goto cleanup;
- memcpy(sname, ptr, (size_t)len);
- ptr += len;
-
- len = krb4int_strnlen((char *)ptr, TKT_REMAIN) + 1;
- if (len <= 0 || len > INST_SZ)
- goto cleanup;
- memcpy(sinstance, ptr, (size_t)len);
- ptr += len;
- kret = KSUCCESS;
-
-#ifdef KRB_CRYPT_DEBUG
- if (krb_debug) {
- krb_log("service=%s.%s len(sname)=%d, len(sinstance)=%d",
- sname, sinstance, strlen(sname), strlen(sinstance));
- krb_log("ptr - tkt->dat=%d",(char *)ptr - (char *)tkt->dat);
- }
-#endif
-
-cleanup:
- if (kret != KSUCCESS) {
- memset(session, 0, sizeof(session));
- memset(tkt->dat, 0, (size_t)tkt->length);
- return kret;
- }
- return KSUCCESS;
-}
+++ /dev/null
-/*
- * lib/krb4/dest_tkt.c
- *
- * Copyright 1985, 1986, 1987, 1988, 2000, 2001, 2007 by the Massachusetts
- * Institute of Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include <stdio.h>
-#include <string.h>
-#include <fcntl.h>
-#include <sys/stat.h>
-
-#include "k5-util.h"
-#define do_seteuid krb5_seteuid
-#include "k5-platform.h"
-
-#ifdef TKT_SHMEM
-#include <sys/param.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include <errno.h>
-
-#ifndef O_SYNC
-#define O_SYNC 0
-#endif
-
-/*
- * dest_tkt() is used to destroy the ticket store upon logout.
- * If the ticket file does not exist, dest_tkt() returns RET_TKFIL.
- * Otherwise the function returns RET_OK on success, KFAILURE on
- * failure.
- *
- * The ticket file (TKT_FILE) is defined in "krb.h".
- */
-
-int KRB5_CALLCONV
-dest_tkt()
-{
- const char *file = TKT_FILE;
- int i,fd;
- int ret;
- struct stat statpre, statpost;
- char buf[BUFSIZ];
- uid_t me, metoo;
-#ifdef TKT_SHMEM
- char shmidname[MAXPATHLEN];
- size_t shmidlen;
-#endif /* TKT_SHMEM */
-
- /* If ticket cache selector is null, use default cache. */
- if (file == 0)
- file = tkt_string();
-
- errno = 0;
- ret = KSUCCESS;
- me = getuid();
- metoo = geteuid();
-
- if (lstat(file, &statpre) < 0)
- return (errno == ENOENT) ? RET_TKFIL : KFAILURE;
- /*
- * This does not guard against certain cases that are vulnerable
- * to race conditions, such as world-writable or group-writable
- * directories that are not stickybitted, or untrusted path
- * components. In all other cases, the following checks should be
- * sufficient. It is assumed that the aforementioned certain
- * vulnerable cases are unlikely to arise on a well-administered
- * system where the user is not deliberately being stupid.
- */
- if (!(statpre.st_mode & S_IFREG) || me != statpre.st_uid
- || statpre.st_nlink != 1)
- return KFAILURE;
- /*
- * Yes, we do uid twiddling here. It's not optimal, but some
- * applications may expect that the ruid is what should really own
- * the ticket file, e.g. setuid applications.
- */
- if (me != metoo && do_seteuid(me) < 0)
- return KFAILURE;
- if ((fd = open(file, O_RDWR|O_SYNC, 0)) < 0) {
- ret = (errno == ENOENT) ? RET_TKFIL : KFAILURE;
- goto out;
- }
- set_cloexec_fd(fd);
- /*
- * Do some additional paranoid things. The worst-case situation
- * is that a user may be fooled into opening a non-regular file
- * briefly if the file is in a directory with improper
- * permissions.
- */
- if (fstat(fd, &statpost) < 0) {
- (void)close(fd);
- ret = KFAILURE;
- goto out;
- }
- if (statpre.st_dev != statpost.st_dev
- || statpre.st_ino != statpost.st_ino) {
- (void)close(fd);
- errno = 0;
- ret = KFAILURE;
- goto out;
- }
-
- memset(buf, 0, BUFSIZ);
- for (i = 0; i < statpost.st_size; i += BUFSIZ)
- if (write(fd, buf, BUFSIZ) != BUFSIZ) {
-#ifndef NO_FSYNC
- (void) fsync(fd);
-#endif
- (void) close(fd);
- goto out;
- }
-
-#ifndef NO_FSYNC
- (void) fsync(fd);
-#endif
- (void) close(fd);
-
- (void) unlink(file);
-
-out:
- if (me != metoo && do_seteuid(metoo) < 0)
- return KFAILURE;
- if (ret != KSUCCESS)
- return ret;
-
-#ifdef TKT_SHMEM
- /*
- * handle the shared memory case
- */
- shmidlen = strlen(file) + sizeof(".shm");
- if (shmidlen > sizeof(shmidname))
- return RET_TKFIL;
- (void)strcpy(shmidname, file);
- (void)strcat(shmidname, ".shm");
- return krb_shm_dest(shmidname);
-#else /* !TKT_SHMEM */
- return KSUCCESS;
-#endif /* !TKT_SHMEM */
-}
+++ /dev/null
-/*
- * lib/krb4/err_txt.c
- *
- * Copyright 1988, 2002 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include "krb4int.h"
-
-/*
- * This is gross. We want krb_err_txt to match the contents of the
- * com_err error table, but the text is static in krb_err.c. We can't
- * alias it by making a pointer to it, either, so we have to suck in
- * another copy of it that is named differently. */
-#if TARGET_OS_MAC && !defined(DEPEND)
-#undef initialize_krb_error_table
-#define initialize_krb_error_table krb4int_init_krb_err_tbl
-void krb4int_init_krb_err_tbl(void);
-#include "krb_err.c"
-#undef initialize_krb_error_table
-
-/*
- * Depends on the name of the static table generated by compile_et,
- * but since this is only on Darwin, where we will always use a
- * certain compile_et, it should be ok.
- */
-const char * const * const krb_err_txt = text;
-#else
-#ifndef DEPEND
-/* Don't put this in auto-generated dependencies. */
-#include "krb_err_txt.c"
-#endif
-#endif
-
-void initialize_krb_error_table(void);
-
-static int inited = 0;
-
-void
-krb4int_et_init(void)
-{
- if (inited)
- return;
- add_error_table(&et_krb_error_table);
- inited = 1;\
-}
-
-void
-krb4int_et_fini(void)
-{
- if (inited)
- remove_error_table(&et_krb_error_table);
-}
-
-const char * KRB5_CALLCONV
-krb_get_err_text(code)
- int code;
-{
- krb4int_et_init();
- /*
- * Shift krb error code into com_err number space.
- */
- if (code >= 0 && code < MAX_KRB_ERRORS)
- return error_message(ERROR_TABLE_BASE_krb + code);
- else
- return "Invalid Kerberos error code";
-}
+++ /dev/null
-/^[ \t]*(error_table|et)[ \t]+[a-zA-Z][a-zA-Z0-9_]+/ {
- print "/*" > outfile
- print " * " outfile ":" > outfile
- print " * This file is automatically generated; please do not edit it." > outfile
- print " */" > outfile
- print "#if TARGET_OS_MAC" > outfile
- print "const char * const * const krb_err_txt" > outfile
- print "#else" > outfile
- print "const char * const krb_err_txt[]" > outfile
- print "#endif" > outfile
- print "\t= {" > outfile
- table_item_count = 0
-}
-
-(continuation == 1) && ($0 ~ /\\[ \t]*$/) {
- text=substr($0,1,length($0)-1);
-# printf "\t\t\"%s\"\n", text > outfile
- cont_buf=cont_buf text;
-}
-
-(continuation == 1) && ($0 ~ /"[ \t]*$/) {
-# "
-# printf "\t\t\"%s,\n", $0 > outfile
- printf "\t%s,\n", cont_buf $0 > outfile
- continuation = 0;
-}
-/^[ \t]*(error_code|ec)[ \t]+[A-Z_0-9]+,[ \t]*$/ {
- table_item_count++
- skipone=1
- next
-}
-
-/^[ \t]*(error_code|ec)[ \t]+[A-Z_0-9]+,[ \t]*".*"[ \t]*$/ {
- text=""
- for (i=3; i<=NF; i++) {
- text = text FS $i
- }
- text=substr(text,2,length(text)-1);
- printf "\t%s,\n", text > outfile
- table_item_count++
-}
-/^[ \t]*(error_code|ec)[ \t]+[A-Z_0-9]+,[ \t]*".*\\[ \t]*$/ {
- text=""
- for (i=3; i<=NF; i++) {
- text = text FS $i
- }
- text=substr(text,2,length(text)-2);
-# printf "\t%s\"\n", text > outfile
- cont_buf=text
- continuation++;
-}
-
-/^[ \t]*".*\\[ \t]*$/ {
- if (skipone) {
- text=substr($0,1,length($0)-1);
-# printf "\t%s\"\n", text > outfile
- cont_buf=text
- continuation++;
- }
- skipone=0
-}
-
-{
- if (skipone) {
- printf "\t%s,\n", $0 > outfile
- }
- skipone=0
-}
-END {
- print "};" > outfile
-}
+++ /dev/null
-/*
- * fgetst.c
- *
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- */
-
-#include "mit-copyright.h"
-#include <stdio.h>
-#include "krb.h"
-#include "krb4int.h"
-
-/*
- * fgetst takes a file descriptor, a character pointer, and a count.
- * It reads from the file it has either read "count" characters, or
- * until it reads a null byte. When finished, what has been read exists
- * in "s". If "count" characters were actually read, the last is changed
- * to a null, so the returned string is always null-terminated. fgetst
- * returns the number of characters read, including the null terminator.
- */
-
-int
-fgetst(f, s, n)
- FILE *f;
- register char *s;
- int n;
-{
- register int count = n;
- int ch; /* NOT char; otherwise you don't see EOF */
-
- while ((ch = getc(f)) != EOF && ch && --count) {
- *s++ = ch;
- }
- *s = '\0';
- return (n - count);
-}
+++ /dev/null
-/*
- * lib/krb4/g_ad_tkt.c
- *
- * Copyright 1986, 1987, 1988, 2000, 2001 by the Massachusetts
- * Institute of Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include "des.h"
-#include "krb4int.h"
-#include "prot.h"
-#include <string.h>
-
-#include <stdio.h>
-
-extern int krb_debug;
-extern int swap_bytes;
-
-/*
- * get_ad_tkt obtains a new service ticket from Kerberos, using
- * the ticket-granting ticket which must be in the ticket file.
- * It is typically called by krb_mk_req() when the client side
- * of an application is creating authentication information to be
- * sent to the server side.
- *
- * get_ad_tkt takes four arguments: three pointers to strings which
- * contain the name, instance, and realm of the service for which the
- * ticket is to be obtained; and an integer indicating the desired
- * lifetime of the ticket.
- *
- * It returns an error status if the ticket couldn't be obtained,
- * or AD_OK if all went well. The ticket is stored in the ticket
- * cache.
- *
- * The request sent to the Kerberos ticket-granting service looks
- * like this:
- *
- * pkt->dat
- *
- * TEXT original contents of authenticator+ticket
- * pkt->dat built in krb_mk_req call
- *
- * 4 bytes time_ws always 0 (?) FIXME!
- * char lifetime lifetime argument passed
- * string service service name argument
- * string sinstance service instance arg.
- *
- * See "prot.h" for the reply packet layout and definitions of the
- * extraction macros like pkt_version(), pkt_msg_type(), etc.
- */
-
-/*
- * g_ad_tk_parse()
- *
- * Parse the returned packet from the KDC.
- *
- * Note that the caller is responsible for clearing the returned
- * session key if there is an error; that makes the error handling
- * code a little less hairy.
- */
-static int
-g_ad_tkt_parse(KTEXT rpkt, C_Block tgtses, C_Block ses,
- char *s_name, char *s_instance, char *rlm,
- char *service, char *sinstance, char *realm,
- int *lifetime, int *kvno, KTEXT tkt,
- unsigned KRB4_32 *kdc_time,
- KRB4_32 *t_local)
-{
- unsigned char *ptr;
- unsigned int t_switch;
- int msg_byte_order;
- unsigned long rep_err_code;
- unsigned long cip_len;
- KTEXT_ST cip_st;
- KTEXT cip = &cip_st; /* Returned Ciphertext */
- Key_schedule key_s;
- int len, i;
- KRB4_32 t_diff; /* Difference between timestamps */
-
- ptr = rpkt->dat;
-#define RPKT_REMAIN (rpkt->length - (ptr - rpkt->dat))
- if (RPKT_REMAIN < 1 + 1)
- return INTK_PROT;
- /* check packet version of the returned packet */
- if (*ptr++ != KRB_PROT_VERSION)
- return INTK_PROT;
-
- /* This used to be
- switch (pkt_msg_type(rpkt) & ~1) {
- but SCO 3.2v4 cc compiled that incorrectly. */
- t_switch = *ptr++;
- /* Check byte order (little-endian == 1) */
- msg_byte_order = t_switch & 1;
- t_switch &= ~1;
- /*
- * Skip over some stuff (3 strings and various integers -- see
- * cr_auth_repl.c for details). Maybe we should actually verify
- * these?
- */
- for (i = 0; i < 3; i++) {
- len = krb4int_strnlen((char *)ptr, RPKT_REMAIN) + 1;
- if (len <= 0)
- return INTK_PROT;
- ptr += len;
- }
- switch (t_switch) {
- case AUTH_MSG_KDC_REPLY:
- if (RPKT_REMAIN < 4 + 1 + 4 + 1)
- return INTK_PROT;
- ptr += 4 + 1 + 4 + 1;
- break;
- case AUTH_MSG_ERR_REPLY:
- if (RPKT_REMAIN < 8)
- return INTK_PROT;
- ptr += 4;
- KRB4_GET32(rep_err_code, ptr, msg_byte_order);
- return rep_err_code;
-
- default:
- return INTK_PROT;
- }
-
- /* Extract the ciphertext */
- if (RPKT_REMAIN < 2)
- return INTK_PROT;
- KRB4_GET16(cip_len, ptr, msg_byte_order);
- if (RPKT_REMAIN < cip_len)
- return INTK_PROT;
- /*
- * RPKT_REMAIN will always be non-negative and at most the maximum
- * possible value of cip->length, so this assignment is safe.
- */
- cip->length = cip_len;
- memcpy(cip->dat, ptr, (size_t)cip->length);
- ptr += cip->length;
-
-#ifndef NOENCRYPTION
- /* Attempt to decrypt it */
-
- key_sched(tgtses, key_s);
- DEB (("About to do decryption ..."));
- pcbc_encrypt((C_Block *)cip->dat, (C_Block *)cip->dat,
- (long)cip->length, key_s, (C_Block *)tgtses, 0);
-#endif /* !NOENCRYPTION */
- /*
- * Stomp on key schedule. Caller should stomp on tgtses.
- */
- memset(key_s, 0, sizeof(key_s));
-
- ptr = cip->dat;
-#define CIP_REMAIN (cip->length - (ptr - cip->dat))
- if (CIP_REMAIN < 8)
- return RD_AP_MODIFIED;
- memcpy(ses, ptr, 8);
- /*
- * Stomp on decrypted session key immediately after copying it.
- */
- memset(ptr, 0, 8);
- ptr += 8;
-
- len = krb4int_strnlen((char *)ptr, CIP_REMAIN) + 1;
- if (len <= 0 || len > SNAME_SZ)
- return RD_AP_MODIFIED;
- memcpy(s_name, ptr, (size_t)len);
- ptr += len;
-
- len = krb4int_strnlen((char *)ptr, CIP_REMAIN) + 1;
- if (len <= 0 || len > INST_SZ)
- return RD_AP_MODIFIED;
- memcpy(s_instance, ptr, (size_t)len);
- ptr += len;
-
- len = krb4int_strnlen((char *)ptr, CIP_REMAIN) + 1;
- if (len <= 0 || len > REALM_SZ)
- return RD_AP_MODIFIED;
- memcpy(rlm, ptr, (size_t)len);
- ptr += len;
-
- if (strcmp(s_name, service) || strcmp(s_instance, sinstance)
- || strcmp(rlm, realm)) /* not what we asked for */
- return INTK_ERR; /* we need a better code here XXX */
-
- if (CIP_REMAIN < 1 + 1 + 1)
- return RD_AP_MODIFIED;
- *lifetime = *ptr++;
- *kvno = *ptr++;
- tkt->length = *ptr++;
-
- if (CIP_REMAIN < tkt->length)
- return RD_AP_MODIFIED;
- memcpy(tkt->dat, ptr, (size_t)tkt->length);
- ptr += tkt->length;
-
- /* Time (coarse) */
- if (CIP_REMAIN < 4)
- return RD_AP_MODIFIED;
- KRB4_GET32(*kdc_time, ptr, msg_byte_order);
-
- /* check KDC time stamp */
- *t_local = TIME_GMT_UNIXSEC;
- t_diff = *t_local - *kdc_time;
- if (t_diff < 0)
- t_diff = -t_diff; /* Absolute value of difference */
- if (t_diff > CLOCK_SKEW)
- return RD_AP_TIME; /* XXX should probably be better code */
-
- return 0;
-}
-
-int KRB5_CALLCONV
-get_ad_tkt(service, sinstance, realm, lifetime)
- char *service;
- char *sinstance;
- char *realm;
- int lifetime;
-{
- KTEXT_ST pkt_st;
- KTEXT pkt = & pkt_st; /* Packet to KDC */
- KTEXT_ST rpkt_st;
- KTEXT rpkt = &rpkt_st; /* Returned packet */
- KTEXT_ST tkt_st;
- KTEXT tkt = &tkt_st; /* Current ticket */
- C_Block ses; /* Session key for tkt */
- CREDENTIALS cr;
- int kvno; /* Kvno for session key */
- int kerror;
- char lrealm[REALM_SZ];
- KRB4_32 time_ws = 0;
- char s_name[SNAME_SZ];
- char s_instance[INST_SZ];
- char rlm[REALM_SZ];
- unsigned char *ptr;
- KRB4_32 t_local;
- struct sockaddr_in laddr;
- socklen_t addrlen;
- unsigned KRB4_32 kdc_time; /* KDC time */
- size_t snamelen, sinstlen;
-
- kerror = krb_get_tf_realm(TKT_FILE, lrealm);
-#if USE_LOGIN_LIBRARY
- if (kerror == GC_NOTKT) {
- /* No tickets... call krb_get_cred (KLL will prompt) and try again. */
- if ((kerror = krb_get_cred ("krbtgt", realm, realm, &cr)) == KSUCCESS) {
- /* Now get the realm again. */
- kerror = krb_get_tf_realm (TKT_FILE, lrealm);
- }
- }
-#endif
- if (kerror != KSUCCESS)
- return kerror;
-
- /* Create skeleton of packet to be sent */
- pkt->length = 0;
-
- /*
- * Look for the session key (and other stuff we don't need)
- * in the ticket file for krbtgt.realm@lrealm where "realm"
- * is the service's realm (passed in "realm" argument) and
- * "lrealm" is the realm of our initial ticket (the local realm).
- * If that fails, and the server's realm and the local realm are
- * the same thing, give up - no TGT available for local realm.
- *
- * If the server realm and local realm are different, though,
- * try getting a ticket-granting ticket for the server's realm,
- * i.e. a ticket for "krbtgt.alienrealm@lrealm", by calling get_ad_tkt().
- * If that succeeds, the ticket will be in ticket cache, get it
- * into the "cr" structure by calling krb_get_cred().
- */
- kerror = krb_get_cred("krbtgt", realm, lrealm, &cr);
- if (kerror != KSUCCESS) {
- /*
- * If realm == lrealm, we have no hope, so let's not even try.
- */
- if (strncmp(realm, lrealm, sizeof(lrealm)) == 0)
- return AD_NOTGT;
- else {
- kerror = get_ad_tkt("krbtgt", realm, lrealm, lifetime);
- if (kerror != KSUCCESS) {
- if (kerror == KDC_PR_UNKNOWN) /* no cross-realm ticket */
- return AD_NOTGT; /* So call it no ticket */
- return kerror;
- }
- kerror = krb_get_cred("krbtgt",realm,lrealm,&cr);
- if (kerror != KSUCCESS)
- return kerror;
- }
- }
-
- /*
- * Make up a request packet to the "krbtgt.realm@lrealm".
- * Start by calling krb_mk_req() which puts ticket+authenticator
- * into "pkt". Then tack other stuff on the end.
- */
- kerror = krb_mk_req(pkt, "krbtgt", realm, lrealm, 0L);
- if (kerror) {
- /* stomp stomp stomp */
- memset(cr.session, 0, sizeof(cr.session));
- return AD_NOTGT;
- }
-
- ptr = pkt->dat + pkt->length;
-
- snamelen = strlen(service) + 1;
- sinstlen = strlen(sinstance) + 1;
- if (sizeof(pkt->dat) - (ptr - pkt->dat) < (4 + 1
- + snamelen
- + sinstlen)) {
- /* stomp stomp stomp */
- memset(cr.session, 0, sizeof(cr.session));
- return INTK_ERR;
- }
-
- /* timestamp */ /* FIXME -- always 0 now, should we fill it in??? */
- KRB4_PUT32BE(ptr, time_ws);
-
- *ptr++ = lifetime;
-
- memcpy(ptr, service, snamelen);
- ptr += snamelen;
- memcpy(ptr, sinstance, sinstlen);
- ptr += sinstlen;
-
- pkt->length = ptr - pkt->dat;
-
- /* Send the request to the local ticket-granting server */
- rpkt->length = 0;
- addrlen = sizeof(laddr);
- kerror = krb4int_send_to_kdc_addr(pkt, rpkt, realm,
- (struct sockaddr *)&laddr, &addrlen);
-
- if (!kerror) {
- /* No error; parse return packet from KDC. */
- kerror = g_ad_tkt_parse(rpkt, cr.session, ses,
- s_name, s_instance, rlm,
- service, sinstance, realm,
- &lifetime, &kvno, tkt,
- &kdc_time, &t_local);
- }
- /*
- * Unconditionally stomp on cr.session because we don't need it
- * anymore.
- */
- memset(cr.session, 0, sizeof(cr.session));
- if (kerror) {
- /*
- * Stomp on ses for good measure, since g_ad_tkt_parse()
- * doesn't do that for us.
- */
- memset(ses, 0, sizeof(ses));
- return kerror;
- }
-
- kerror = krb4int_save_credentials_addr(s_name, s_instance, rlm,
- ses, lifetime, kvno, tkt,
- t_local,
- laddr.sin_addr.s_addr);
- /*
- * Unconditionally stomp on ses because we don't need it anymore.
- */
- memset(ses, 0, sizeof(ses));
- if (kerror)
- return kerror;
- return AD_OK;
-}
+++ /dev/null
-/* Copyright 1994 Cygnus Support */
-/* Mark W. Eichin */
-/*
- * Permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation.
- * Cygnus Support makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-/* common code for looking at krb.conf and krb.realms file */
-/* this may be superceded by <gnu>'s work for the Mac port, but
- it solves a problem for now. */
-
-#include <stdio.h>
-#include "krb.h"
-#include "k5-int.h"
-#include "krb4int.h"
-
-krb5_context krb5__krb4_context = 0;
-
-static FILE*
-krb__v5_get_file(s)
- const char *s;
-{
- FILE *cnffile = 0;
- const char* names[3];
- char **full_name = 0, **cpp;
- krb5_error_code retval;
-
- if (!krb5__krb4_context)
- krb5_init_context(&krb5__krb4_context);
- names[0] = "libdefaults";
- names[1] = s;
- names[2] = 0;
- if (krb5__krb4_context) {
- retval = profile_get_values(krb5__krb4_context->profile, names,
- &full_name);
- if (retval == 0 && full_name && full_name[0]) {
- cnffile = fopen(full_name[0],"r");
- if (cnffile)
- set_cloexec_file(cnffile);
- for (cpp = full_name; *cpp; cpp++)
- krb5_xfree(*cpp);
- krb5_xfree(full_name);
- }
- }
- return cnffile;
-}
-
-char *
-krb__get_srvtabname(default_srvtabname)
- const char *default_srvtabname;
-{
- const char* names[3];
- char **full_name = 0, **cpp;
- krb5_error_code retval;
- static char retname[MAXPATHLEN];
-
- if (!krb5__krb4_context)
- krb5_init_context(&krb5__krb4_context);
- names[0] = "libdefaults";
- names[1] = "krb4_srvtab";
- names[2] = 0;
- if (krb5__krb4_context) {
- retval = profile_get_values(krb5__krb4_context->profile, names,
- &full_name);
- if (retval == 0 && full_name && full_name[0]) {
- retname[0] = '\0';
- strncat(retname, full_name[0], sizeof(retname));
- for (cpp = full_name; *cpp; cpp++)
- krb5_xfree(*cpp);
- krb5_xfree(full_name);
- return retname;
- }
- }
- retname[0] = '\0';
- strncat(retname, default_srvtabname, sizeof(retname));
- return retname;
-}
-
-FILE*
-krb__get_cnffile()
-{
- char *s;
- FILE *cnffile = 0;
- extern char *getenv();
-
- /* standard V4 override first */
- s = getenv("KRB_CONF");
- if (s) cnffile = fopen(s,"r");
- /* if that's wrong, use V5 config */
- if (!cnffile) cnffile = krb__v5_get_file("krb4_config");
- /* and if V5 config doesn't have it, go to hard-coded values */
- if (!cnffile) cnffile = fopen(KRB_CONF,"r");
-#ifdef ATHENA_CONF_FALLBACK
- if (!cnffile) cnffile = fopen(KRB_FB_CONF,"r");
-#endif
- if (cnffile)
- set_cloexec_file(cnffile);
- return cnffile;
-}
-
-
-FILE*
-krb__get_realmsfile()
-{
- FILE *realmsfile = 0;
- char *s;
-
- /* standard (not really) V4 override first */
- s = getenv("KRB_REALMS");
- if (s) realmsfile = fopen(s,"r");
- if (!realmsfile) realmsfile = krb__v5_get_file("krb4_realms");
- if (!realmsfile) realmsfile = fopen(KRB_RLM_TRANS, "r");
-
-#ifdef ATHENA_CONF_FALLBACK
- if (!realmsfile) realmsfile = fopen(KRB_FB_RLM_TRANS, "r");
-#endif
-
- if (realmsfile)
- set_cloexec_file(realmsfile);
-
- return realmsfile;
-}
+++ /dev/null
-/*
- * g_cred.c
- *
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- */
-
-#include "mit-copyright.h"
-#include <stdio.h>
-#include <string.h>
-#include "krb.h"
-
-/*
- * krb_get_cred takes a service name, instance, and realm, and a
- * structure of type CREDENTIALS to be filled in with ticket
- * information. It then searches the ticket file for the appropriate
- * ticket and fills in the structure with the corresponding
- * information from the file. If successful, it returns KSUCCESS.
- * On failure it returns a Kerberos error code.
- */
-
-int KRB5_CALLCONV
-krb_get_cred(service,instance,realm,c)
- char *service; /* Service name */
- char *instance; /* Instance */
- char *realm; /* Auth domain */
- CREDENTIALS *c; /* Credentials struct */
-{
- int tf_status; /* return value of tf function calls */
-
- /* Open ticket file and lock it for shared reading */
- if ((tf_status = tf_init(TKT_FILE, R_TKT_FIL)) != KSUCCESS)
- return(tf_status);
-
- /* Copy principal's name and instance into the CREDENTIALS struc c */
-
- if ( (tf_status = tf_get_pname(c->pname)) != KSUCCESS ||
- (tf_status = tf_get_pinst(c->pinst)) != KSUCCESS )
- return (tf_status);
-
- /* Search for requested service credentials and copy into c */
-
- while ((tf_status = tf_get_cred(c)) == KSUCCESS) {
- /* Is this the right ticket? */
- if ((strcmp(c->service,service) == 0) &&
- (strcmp(c->instance,instance) == 0) &&
- (strcmp(c->realm,realm) == 0))
- break;
- }
- (void) tf_close();
-
- if (tf_status == EOF)
- return (GC_NOTKT);
- return(tf_status);
-}
+++ /dev/null
-/*
- * lib/krb4/g_in_tkt.c
- *
- * Copyright 1986-2002 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include "des.h"
-#include "krb4int.h"
-#include "prot.h"
-
-#include "port-sockets.h"
-#include <string.h>
-
-/* Define a couple of function types including parameters. These
- are needed on MS-Windows to convert arguments of the function pointers
- to the proper types during calls. These declarations are found
- in <krb-sed.h>, but the code below is too opaque if you can't also
- see them here. */
-#ifndef KEY_PROC_TYPE_DEFINED
-typedef int (*key_proc_type) (char *, char *, char *,
- char *, C_Block);
-#endif
-#ifndef DECRYPT_TKT_TYPE_DEFINED
-typedef int (*decrypt_tkt_type) (char *, char *, char *, char *,
- key_proc_type, KTEXT *);
-#endif
-
-static int decrypt_tkt(char *, char *, char *, char *, key_proc_type, KTEXT *);
-static int krb_mk_in_tkt_preauth(char *, char *, char *, char *, char *,
- int, char *, int, KTEXT, int *, struct sockaddr_in *);
-static int krb_parse_in_tkt_creds(char *, char *, char *, char *, char *,
- int, KTEXT, int, CREDENTIALS *);
-
-/*
- * decrypt_tkt(): Given user, instance, realm, passwd, key_proc
- * and the cipher text sent from the KDC, decrypt the cipher text
- * using the key returned by key_proc.
- */
-
-static int
-decrypt_tkt(user, instance, realm, arg, key_proc, cipp)
- char *user;
- char *instance;
- char *realm;
- char *arg;
- key_proc_type key_proc;
- KTEXT *cipp;
-{
- KTEXT cip = *cipp;
- C_Block key; /* Key for decrypting cipher */
- Key_schedule key_s;
- register int rc;
-
-#ifndef NOENCRYPTION
- /* Attempt to decrypt it */
-#endif
- /* generate a key from the supplied arg or password. */
- rc = (*key_proc)(user, instance, realm, arg, key);
- if (rc)
- return rc;
-
-#ifndef NOENCRYPTION
- key_sched(key, key_s);
- pcbc_encrypt((C_Block *)cip->dat, (C_Block *)cip->dat,
- (long)cip->length, key_s, (C_Block *)key, 0);
-#endif /* !NOENCRYPTION */
- /* Get rid of all traces of key */
- memset(key, 0, sizeof(key));
- memset(key_s, 0, sizeof(key_s));
-
- return 0;
-}
-
-/*
- * krb_get_in_tkt() gets a ticket for a given principal to use a given
- * service and stores the returned ticket and session key for future
- * use.
- *
- * The "user", "instance", and "realm" arguments give the identity of
- * the client who will use the ticket. The "service" and "sinstance"
- * arguments give the identity of the server that the client wishes
- * to use. (The realm of the server is the same as the Kerberos server
- * to whom the request is sent.) The "life" argument indicates the
- * desired lifetime of the ticket; the "key_proc" argument is a pointer
- * to the routine used for getting the client's private key to decrypt
- * the reply from Kerberos. The "decrypt_proc" argument is a pointer
- * to the routine used to decrypt the reply from Kerberos; and "arg"
- * is an argument to be passed on to the "key_proc" routine.
- *
- * If all goes well, krb_get_in_tkt() returns INTK_OK, otherwise it
- * returns an error code: If an AUTH_MSG_ERR_REPLY packet is returned
- * by Kerberos, then the error code it contains is returned. Other
- * error codes returned by this routine include INTK_PROT to indicate
- * wrong protocol version, INTK_BADPW to indicate bad password (if
- * decrypted ticket didn't make sense), INTK_ERR if the ticket was for
- * the wrong server or the ticket store couldn't be initialized.
- *
- * The format of the message sent to Kerberos is as follows:
- *
- * Size Variable Field
- * ---- -------- -----
- *
- * 1 byte KRB_PROT_VERSION protocol version number
- * 1 byte AUTH_MSG_KDC_REQUEST | message type
- * HOST_BYTE_ORDER local byte order in lsb
- * string user client's name
- * string instance client's instance
- * string realm client's realm
- * 4 bytes tlocal.tv_sec timestamp in seconds
- * 1 byte life desired lifetime
- * string service service's name
- * string sinstance service's instance
- */
-
-static int
-krb_mk_in_tkt_preauth(user, instance, realm, service, sinstance, life,
- preauth_p, preauth_len, cip, byteorder, local_addr)
- char *user;
- char *instance;
- char *realm;
- char *service;
- char *sinstance;
- int life;
- char *preauth_p;
- int preauth_len;
- KTEXT cip;
- int *byteorder;
- struct sockaddr_in *local_addr;
-{
- KTEXT_ST pkt_st;
- KTEXT pkt = &pkt_st; /* Packet to KDC */
- KTEXT_ST rpkt_st;
- KTEXT rpkt = &rpkt_st; /* Returned packet */
- unsigned char *p;
- size_t userlen, instlen, realmlen, servicelen, sinstlen;
- unsigned KRB4_32 t_local;
-
- int msg_byte_order;
- int kerror;
- socklen_t addrlen;
-#if 0
- unsigned long exp_date;
-#endif
- unsigned long rep_err_code;
- unsigned long cip_len;
- unsigned int t_switch;
- int i, len;
-
- /* BUILD REQUEST PACKET */
-
- p = pkt->dat;
-
- userlen = strlen(user) + 1;
- instlen = strlen(instance) + 1;
- realmlen = strlen(realm) + 1;
- servicelen = strlen(service) + 1;
- sinstlen = strlen(sinstance) + 1;
- /* Make sure the ticket data will fit into the buffer. */
- if (sizeof(pkt->dat) < (1 + 1 + userlen + instlen + realmlen
- + 4 + 1 + servicelen + sinstlen
- + preauth_len)) {
- pkt->length = 0;
- return INTK_ERR;
- }
-
- /* Set up the fixed part of the packet */
- *p++ = KRB_PROT_VERSION;
- *p++ = AUTH_MSG_KDC_REQUEST;
-
- /* Now for the variable info */
- memcpy(p, user, userlen);
- p += userlen;
- memcpy(p, instance, instlen);
- p += instlen;
- memcpy(p, realm, realmlen);
- p += realmlen;
-
- /* timestamp */
- t_local = TIME_GMT_UNIXSEC;
- KRB4_PUT32BE(p, t_local);
-
- *p++ = life;
-
- memcpy(p, service, servicelen);
- p += servicelen;
- memcpy(p, sinstance, sinstlen);
- p += sinstlen;
-
- if (preauth_len)
- memcpy(p, preauth_p, (size_t)preauth_len);
- p += preauth_len;
-
- pkt->length = p - pkt->dat;
-
- /* SEND THE REQUEST AND RECEIVE THE RETURN PACKET */
- rpkt->length = 0;
- addrlen = sizeof(struct sockaddr_in);
- kerror = krb4int_send_to_kdc_addr(pkt, rpkt, realm,
- (struct sockaddr *)local_addr,
- &addrlen);
- if (kerror)
- return kerror;
-
- p = rpkt->dat;
-#define RPKT_REMAIN (rpkt->length - (p - rpkt->dat))
-
- /* check packet version of the returned packet */
- if (RPKT_REMAIN < 1 + 1)
- return INTK_PROT;
- if (*p++ != KRB_PROT_VERSION)
- return INTK_PROT;
-
- /* This used to be
- switch (pkt_msg_type(rpkt) & ~1) {
- but SCO 3.2v4 cc compiled that incorrectly. */
- t_switch = *p++;
- /* Check byte order */
- msg_byte_order = t_switch & 1;
- t_switch &= ~1;
-
- /* EXTRACT INFORMATION FROM RETURN PACKET */
-
- /*
- * Skip over some stuff (3 strings and various integers -- see
- * cr_auth_repl.c for details).
- */
- for (i = 0; i < 3; i++) {
- len = krb4int_strnlen((char *)p, RPKT_REMAIN) + 1;
- if (len <= 0)
- return INTK_PROT;
- p += len;
- }
- switch (t_switch) {
- case AUTH_MSG_KDC_REPLY:
- if (RPKT_REMAIN < 4 + 1 + 4 + 1)
- return INTK_PROT;
- p += 4 + 1 + 4 + 1;
- break;
- case AUTH_MSG_ERR_REPLY:
- if (RPKT_REMAIN < 8)
- return INTK_PROT;
- p += 4;
- KRB4_GET32(rep_err_code, p, msg_byte_order);
- return rep_err_code;
- default:
- return INTK_PROT;
- }
-
- /* Extract the ciphertext */
- if (RPKT_REMAIN < 2)
- return INTK_PROT;
- KRB4_GET16(cip_len, p, msg_byte_order);
- if (RPKT_REMAIN < cip_len)
- return INTK_ERR;
- /*
- * RPKT_REMAIN will always be non-negative and at most the maximum
- * possible value of cip->length, so this assignment is safe.
- */
- cip->length = cip_len;
- memcpy(cip->dat, p, (size_t)cip->length);
- p += cip->length;
-
- *byteorder = msg_byte_order;
- return INTK_OK;
-}
-
-static int
-krb_parse_in_tkt_creds(user, instance, realm, service, sinstance, life, cip,
- byteorder, creds)
- char *user;
- char *instance;
- char *realm;
- char *service;
- char *sinstance;
- int life;
- KTEXT cip;
- int byteorder;
- CREDENTIALS *creds;
-{
- unsigned char *ptr;
- int len;
- int kvno; /* Kvno for session key */
- char s_name[SNAME_SZ];
- char s_instance[INST_SZ];
- char rlm[REALM_SZ];
- KTEXT_ST tkt_st;
- KTEXT tkt = &tkt_st; /* Current ticket */
- unsigned long kdc_time; /* KDC time */
- unsigned KRB4_32 t_local; /* Must be 4 bytes long for memcpy below! */
- KRB4_32 t_diff; /* Difference between timestamps */
- int lifetime;
-
- ptr = cip->dat;
- /* Assume that cip->length >= 0 for now. */
-#define CIP_REMAIN (cip->length - (ptr - cip->dat))
-
- /* Skip session key for now */
- if (CIP_REMAIN < 8)
- return INTK_BADPW;
- ptr += 8;
-
- /* extract server's name */
- len = krb4int_strnlen((char *)ptr, CIP_REMAIN) + 1;
- if (len <= 0 || len > sizeof(s_name))
- return INTK_BADPW;
- memcpy(s_name, ptr, (size_t)len);
- ptr += len;
-
- /* extract server's instance */
- len = krb4int_strnlen((char *)ptr, CIP_REMAIN) + 1;
- if (len <= 0 || len > sizeof(s_instance))
- return INTK_BADPW;
- memcpy(s_instance, ptr, (size_t)len);
- ptr += len;
-
- /* extract server's realm */
- len = krb4int_strnlen((char *)ptr, CIP_REMAIN) + 1;
- if (len <= 0 || len > sizeof(rlm))
- return INTK_BADPW;
- memcpy(rlm, ptr, (size_t)len);
- ptr += len;
-
- /* extract ticket lifetime, server key version, ticket length */
- /* be sure to avoid sign extension on lifetime! */
- if (CIP_REMAIN < 3)
- return INTK_BADPW;
- lifetime = *ptr++;
- kvno = *ptr++;
- tkt->length = *ptr++;
-
- /* extract ticket itself */
- if (CIP_REMAIN < tkt->length)
- return INTK_BADPW;
- memcpy(tkt->dat, ptr, (size_t)tkt->length);
- ptr += tkt->length;
-
- if (strcmp(s_name, service) || strcmp(s_instance, sinstance)
- || strcmp(rlm, realm)) /* not what we asked for */
- return INTK_ERR; /* we need a better code here XXX */
-
- /* check KDC time stamp */
- if (CIP_REMAIN < 4)
- return INTK_BADPW;
- KRB4_GET32(kdc_time, ptr, byteorder);
-
- t_local = TIME_GMT_UNIXSEC;
- t_diff = t_local - kdc_time;
- if (t_diff < 0)
- t_diff = -t_diff; /* Absolute value of difference */
- if (t_diff > CLOCK_SKEW) {
- return RD_AP_TIME; /* XXX should probably be better code */
- }
-
- /* stash ticket, session key, etc. for future use */
- strncpy(creds->service, s_name, sizeof(creds->service));
- strncpy(creds->instance, s_instance, sizeof(creds->instance));
- strncpy(creds->realm, rlm, sizeof(creds->realm));
- memmove(creds->session, cip->dat, sizeof(C_Block));
- creds->lifetime = lifetime;
- creds->kvno = kvno;
- creds->ticket_st.length = tkt->length;
- memmove(creds->ticket_st.dat, tkt->dat, (size_t)tkt->length);
- creds->issue_date = t_local;
- strncpy(creds->pname, user, sizeof(creds->pname));
- strncpy(creds->pinst, instance, sizeof(creds->pinst));
-
- return INTK_OK;
-}
-
-int
-krb_get_in_tkt_preauth_creds(user, instance, realm, service, sinstance, life,
- key_proc, decrypt_proc,
- arg, preauth_p, preauth_len, creds, laddrp)
- char *user;
- char *instance;
- char *realm;
- char *service;
- char *sinstance;
- int life;
- key_proc_type key_proc;
- decrypt_tkt_type decrypt_proc;
- char *arg;
- char *preauth_p;
- int preauth_len;
- CREDENTIALS *creds;
- KRB_UINT32 *laddrp;
-{
- int ok;
- char key_string[BUFSIZ];
- KTEXT_ST cip_st;
- KTEXT cip = &cip_st; /* Returned Ciphertext */
- int kerror;
- int byteorder;
- key_proc_type *keyprocs = krb_get_keyprocs (key_proc);
- int i = 0;
- struct sockaddr_in local_addr;
-
- kerror = krb_mk_in_tkt_preauth(user, instance, realm,
- service, sinstance,
- life, preauth_p, preauth_len,
- cip, &byteorder, &local_addr);
- if (kerror)
- return kerror;
-
- /* If arg is null, we have to prompt for the password. decrypt_tkt, by
- way of the *_passwd_to_key functions, will prompt if the password is
- NULL, but that means that each separate encryption type will prompt
- separately. Obtain the password first so that we can try multiple
- encryption types without re-prompting.
-
- Don't, however, prompt on a Windows or Macintosh environment, since
- that's harder. Rely on our caller to do it. */
-#if !(defined(_WIN32) || defined(USE_LOGIN_LIBRARY))
- if (arg == NULL) {
- ok = des_read_pw_string(key_string, sizeof(key_string), "Password", 0);
- if (ok != 0)
- return ok;
- arg = key_string;
- }
-#endif
-
- /* Attempt to decrypt the reply. Loop trying password_to_key algorithms
- until we succeed or we get an error other than "bad password" */
- do {
- KTEXT_ST cip_copy_st;
- memcpy(&cip_copy_st, &cip_st, sizeof(cip_st));
- cip = &cip_copy_st;
- if (decrypt_proc == NULL) {
- decrypt_tkt (user, instance, realm, arg, keyprocs[i], &cip);
- } else {
- (*decrypt_proc)(user, instance, realm, arg, keyprocs[i], &cip);
- }
- kerror = krb_parse_in_tkt_creds(user, instance, realm,
- service, sinstance, life, cip, byteorder, creds);
- } while ((keyprocs [++i] != NULL) && (kerror == INTK_BADPW));
- cip = &cip_st;
-
- /* Fill in the local address if the caller wants it */
- if (laddrp != NULL) {
- *laddrp = local_addr.sin_addr.s_addr;
- }
-
- /* stomp stomp stomp */
- memset(key_string, 0, sizeof(key_string));
- memset(cip->dat, 0, (size_t)cip->length);
- return kerror;
-}
-
-int KRB5_CALLCONV
-krb_get_in_tkt_creds(user, instance, realm, service, sinstance, life,
- key_proc, decrypt_proc, arg, creds)
- char *user;
- char *instance;
- char *realm;
- char *service;
- char *sinstance;
- int life;
- key_proc_type key_proc;
- decrypt_tkt_type decrypt_proc;
- char *arg;
- CREDENTIALS *creds;
-{
-#if TARGET_OS_MAC
- KRB_UINT32 *laddrp = &creds->address;
-#else
- KRB_UINT32 *laddrp = NULL; /* Only the Mac stores the address */
-#endif
-
- return krb_get_in_tkt_preauth_creds(user, instance, realm,
- service, sinstance, life,
- key_proc, decrypt_proc, arg,
- NULL, 0, creds, laddrp);
-}
-
-int KRB5_CALLCONV
-krb_get_in_tkt_preauth(user, instance, realm, service, sinstance, life,
- key_proc, decrypt_proc,
- arg, preauth_p, preauth_len)
- char *user;
- char *instance;
- char *realm;
- char *service;
- char *sinstance;
- int life;
- key_proc_type key_proc;
- decrypt_tkt_type decrypt_proc;
- char *arg;
- char *preauth_p;
- int preauth_len;
-{
- int retval;
- KRB_UINT32 laddr;
- CREDENTIALS creds;
-
- do {
- retval = krb_get_in_tkt_preauth_creds(user, instance, realm,
- service, sinstance, life,
- key_proc, decrypt_proc,
- arg, preauth_p, preauth_len,
- &creds, &laddr);
- if (retval != KSUCCESS) break;
- if (krb_in_tkt(user, instance, realm) != KSUCCESS) {
- retval = INTK_ERR;
- break;
- }
- retval = krb4int_save_credentials_addr(creds.service, creds.instance,
- creds.realm, creds.session,
- creds.lifetime, creds.kvno,
- &creds.ticket_st,
- creds.issue_date, laddr);
- if (retval != KSUCCESS) break;
- } while (0);
- memset(&creds, 0, sizeof(creds));
- return retval;
-}
-
-int KRB5_CALLCONV
-krb_get_in_tkt(user, instance, realm, service, sinstance, life,
- key_proc, decrypt_proc, arg)
- char *user;
- char *instance;
- char *realm;
- char *service;
- char *sinstance;
- int life;
- key_proc_type key_proc;
- decrypt_tkt_type decrypt_proc;
- char *arg;
-{
- return krb_get_in_tkt_preauth(user, instance, realm,
- service, sinstance, life,
- key_proc, decrypt_proc, arg,
- NULL, 0);
-}
+++ /dev/null
-/*
- * lib/krb4/g_phost.c
- *
- * Copyright 1988, 2001 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-
-#include <stdio.h>
-#include <ctype.h>
-#include <string.h>
-#include "port-sockets.h"
-
-/*
- * This routine takes an alias for a host name and returns the first
- * field, lower case, of its domain name. For example, if "menel" is
- * an alias for host officially named "menelaus" (in /etc/hosts), for
- * the host whose official name is "MENELAUS.MIT.EDU", the name "menelaus"
- * is returned.
- *
- * This is done for historical Athena reasons: the Kerberos name of
- * rcmd servers (rlogin, rsh, rcp) is of the form "rcmd.host@realm"
- * where "host"is the lowercase for of the host name ("menelaus").
- * This should go away: the instance should be the domain name
- * (MENELAUS.MIT.EDU). But for now we need this routine...
- *
- * A pointer to the name is returned, if found, otherwise a pointer
- * to the original "alias" argument is returned.
- */
-
-char * KRB5_CALLCONV
-krb_get_phost(alias)
- char *alias;
-{
- struct hostent *h;
- char *p;
- unsigned char *ucp;
- static char hostname_mem[MAXHOSTNAMELEN];
-#ifdef DO_REVERSE_RESOLVE
- char *rev_addr; int rev_type, rev_len;
-#endif
-
- if ((h=gethostbyname(alias)) != (struct hostent *)NULL ) {
-#ifdef DO_REVERSE_RESOLVE
- if (! h->h_addr_list ||! h->h_addr_list[0]) {
- return(0);
- }
- rev_type = h->h_addrtype;
- rev_len = h->h_length;
- rev_addr = malloc(rev_len);
- _fmemcpy(rev_addr, h->h_addr_list[0], rev_len);
- h = gethostbyaddr(rev_addr, rev_len, rev_type);
- free(rev_addr);
- if (h == 0) {
- return (0);
- }
-#endif
- /* We don't want to return a *, so we copy to a safe location. */
- strncpy (hostname_mem, h->h_name, sizeof (hostname_mem));
- /* Bail out if h_name is too long. */
- if (hostname_mem[MAXHOSTNAMELEN-1] != '\0')
- return NULL;
- p = strchr( hostname_mem, '.' );
- if (p)
- *p = 0;
- ucp = (unsigned char *)hostname_mem;
- do {
- if (isupper(*ucp)) *ucp=tolower(*ucp);
- } while (*ucp++);
- }
- return(hostname_mem);
-}
+++ /dev/null
-/*
- * lib/krb4/g_pw_in_tkt.c
- *
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include <krb5.h>
-#include "krb.h"
-#include "krb4int.h"
-#include "krb_err.h"
-#include "prot.h"
-#include <string.h>
-
-#ifndef NULL
-#define NULL 0
-#endif
-
-#ifndef INTK_PW_NULL
-#define INTK_PW_NULL KRBET_GT_PW_NULL
-#endif
-
-/*
- * This file contains one routine: krb_get_pw_in_tkt() gets an initial ticket for
- * a user.
- */
-
-/*
- * krb_get_pw_in_tkt() takes the name of the server for which the initial
- * ticket is to be obtained, the name of the principal the ticket is
- * for, the desired lifetime of the ticket, and the user's password.
- * It passes its arguments on to krb_get_in_tkt(), which contacts
- * Kerberos to get the ticket, decrypts it using the password provided,
- * and stores it away for future use.
- *
- * On a Unix system, krb_get_pw_in_tkt() is able to prompt the user
- * for a password, if the supplied password is null. On a a non Unix
- * system, it now requires the caller to supply a non-null password.
- * This is because of the complexities of prompting the user in a
- * non-terminal-oriented environment like the Macintosh (running in a
- * driver) or MS-Windows (in a DLL).
- *
- * krb_get_pw_in_tkt() passes two additional arguments to
- * krb_get_in_tkt(): a routine to be used to get the password in case
- * the "password" argument is null and NULL for the decryption
- * procedure indicating that krb_get_in_tkt should use the default
- * method of decrypting the response from the KDC.
- *
- * The result of the call to krb_get_in_tkt() is returned.
- */
-
-int KRB5_CALLCONV
-krb_get_pw_in_tkt(user,instance,realm,service,sinstance,life,password)
- char *user, *instance, *realm, *service, *sinstance;
- int life;
- char *password;
-{
-#if defined(_WIN32) || (defined(USE_LOGIN_LIBRARY) && USE_LOGIN_LIBRARY)
- /* In spite of the comments above, we don't allow that path here,
- to simplify coding the non-UNIX clients. The only code that now
- depends on this behavior is the preauth support, which has a
- seperate function without this trap. Strictly speaking, this
- is an API change. */
-
- if (password == 0)
- return INTK_PW_NULL;
-#endif
-
- return(krb_get_in_tkt(user,instance,realm,service,sinstance,life,
- (key_proc_type)NULL, /* krb_get_in_tkt will try them all */
- (decrypt_tkt_type)NULL, password));
-}
-
-int KRB5_CALLCONV
-krb_get_pw_in_tkt_creds(
- char *user, char *instance, char *realm, char *service, char *sinstance,
- int life, char *password, CREDENTIALS *creds)
-{
- return krb_get_in_tkt_creds(user, instance, realm,
- service, sinstance, life,
- (key_proc_type)NULL, /* krb_get_in_tkt_creds will try them all */
- NULL, password, creds);
-}
-
-
-/*
- * krb_get_pw_in_tkt_preauth() gets handed the password or key explicitly,
- * since the whole point of "pre" authentication is to prove that we've
- * already got the key, and the only way to do that is to ask the user
- * for it. Clearly we shouldn't ask twice.
- */
-
-static C_Block old_key;
-
-static int stub_key(user,instance,realm,passwd,key)
- char *user, *instance, *realm, *passwd;
- C_Block key;
-{
- (void) memcpy((char *) key, (char *) old_key, sizeof(old_key));
- return 0;
-}
-
-int KRB5_CALLCONV
-krb_get_pw_in_tkt_preauth(user,instance,realm,service,sinstance,life,password)
- char *user, *instance, *realm, *service, *sinstance;
- int life;
- char *password;
-{
- char *preauth_p;
- int preauth_len;
- int ret_st;
- key_proc_type *keyprocs = krb_get_keyprocs (NULL);
- int i = 0;
-
-#if defined(_WIN32) || (defined(USE_LOGIN_LIBRARY) && USE_LOGIN_LIBRARY)
- /* On non-Unix systems, we can't handle a null password, because
- passwd_to_key can't handle prompting for the password. */
- if (password == 0)
- return INTK_PW_NULL;
-#endif
-
- /* Loop trying all the key_proc types */
- do {
- krb_mk_preauth(&preauth_p, &preauth_len, keyprocs[i],
- user, instance, realm, password, old_key);
- ret_st = krb_get_in_tkt_preauth(user,instance,realm,service,sinstance,life,
- (key_proc_type) stub_key,
- (decrypt_tkt_type) NULL, password,
- preauth_p, preauth_len);
-
- krb_free_preauth(preauth_p, preauth_len);
- } while ((keyprocs[++i] != NULL) && (ret_st == INTK_BADPW));
-
- return ret_st;
-}
-
-/* FIXME! This routine belongs in the krb library and should simply
- be shared between the encrypted and NOENCRYPTION versions! */
-
-#ifdef NOENCRYPTION
-/*
- * This routine prints the supplied string to standard
- * output as a prompt, and reads a password string without
- * echoing.
- */
-
-#include <stdio.h>
-#ifdef BSDUNIX
-#include <string.h>
-#include <sys/ioctl.h>
-#include <signal.h>
-#include <setjmp.h>
-#else
-int strcmp();
-#endif
-#if defined(__svr4__) || defined(__SVR4)
-#include <sgtty.h>
-#endif
-
-#ifdef BSDUNIX
-static jmp_buf env;
-#endif
-
-#ifdef BSDUNIX
-static void sig_restore();
-static push_signals(), pop_signals();
-int placebo_read_pw_string();
-#endif
-
-/*** Routines ****************************************************** */
-int
-placebo_read_password(k,prompt,verify)
- des_cblock *k;
- char *prompt;
- int verify;
-{
- int ok;
- char key_string[BUFSIZ];
-
-#ifdef BSDUNIX
- if (setjmp(env)) {
- ok = -1;
- goto lose;
- }
-#endif
-
- ok = placebo_read_pw_string(key_string, BUFSIZ, prompt, verify);
- if (ok == 0)
- memset(k, 0, sizeof(C_Block));
-
-lose:
- memset(key_string, 0, sizeof (key_string));
- return ok;
-}
-
-/*
- * This version just returns the string, doesn't map to key.
- *
- * Returns 0 on success, non-zero on failure.
- */
-
-int
-placebo_read_pw_string(s,max,prompt,verify)
- char *s;
- int max;
- char *prompt;
- int verify;
-{
- int ok = 0;
- char *ptr;
-
-#ifdef BSDUNIX
- jmp_buf old_env;
- struct sgttyb tty_state;
-#endif
- char key_string[BUFSIZ];
-
- if (max > BUFSIZ) {
- return -1;
- }
-
-#ifdef BSDUNIX
- memcpy(env, old_env, sizeof(env));
- if (setjmp(env))
- goto lose;
-
- /* save terminal state */
- if (ioctl(0,TIOCGETP,&tty_state) == -1)
- return -1;
-
- push_signals();
- /* Turn off echo */
- tty_state.sg_flags &= ~ECHO;
- if (ioctl(0,TIOCSETP,&tty_state) == -1)
- return -1;
-#endif
- while (!ok) {
- printf(prompt);
- fflush(stdout);
-#ifdef CROSSMSDOS
- h19line(s,sizeof(s),0);
- if (!strlen(s))
- continue;
-#else
- if (!fgets(s, max, stdin)) {
- clearerr(stdin);
- continue;
- }
- if ((ptr = strchr(s, '\n')))
- *ptr = '\0';
-#endif
- if (verify) {
- printf("\nVerifying, please re-enter %s",prompt);
- fflush(stdout);
-#ifdef CROSSMSDOS
- h19line(key_string,sizeof(key_string),0);
- if (!strlen(key_string))
- continue;
-#else
- if (!fgets(key_string, sizeof(key_string), stdin)) {
- clearerr(stdin);
- continue;
- }
- if ((ptr = strchr(key_string, '\n')))
- *ptr = '\0';
-#endif
- if (strcmp(s,key_string)) {
- printf("\n\07\07Mismatch - try again\n");
- fflush(stdout);
- continue;
- }
- }
- ok = 1;
- }
-
-#ifdef BSDUNIX
-lose:
- if (!ok)
- memset(s, 0, max);
- printf("\n");
- /* turn echo back on */
- tty_state.sg_flags |= ECHO;
- if (ioctl(0,TIOCSETP,&tty_state))
- ok = 0;
- pop_signals();
- memcpy(old_env, env, sizeof(env));
-#endif
- if (verify)
- memset(key_string, 0, sizeof (key_string));
- s[max-1] = 0; /* force termination */
- return !ok; /* return nonzero if not okay */
-}
-
-#ifdef BSDUNIX
-/*
- * this can be static since we should never have more than
- * one set saved....
- */
-static sigtype (*old_sigfunc[NSIG])();
-
-static push_signals()
-{
- register i;
- for (i = 0; i < NSIG; i++)
- old_sigfunc[i] = signal(i,sig_restore);
-}
-
-static pop_signals()
-{
- register i;
- for (i = 0; i < NSIG; i++)
- signal(i,old_sigfunc[i]);
-}
-
-static void sig_restore(sig,code,scp)
- int sig,code;
- struct sigcontext *scp;
-{
- longjmp(env,1);
-}
-#endif
-#endif /* NOENCRYPTION */
+++ /dev/null
-/*
- * g_pw_tkt.c
- *
- * Copyright 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- */
-
-#include "mit-copyright.h"
-#include "krb.h"
-
-/*
- * Get a ticket for the password-changing server ("changepw.KRB_MASTER").
- *
- * Given the name, instance, realm, and current password of the
- * principal for which the user wants a password-changing-ticket,
- * return either:
- *
- * GT_PW_BADPW if current password was wrong,
- * GT_PW_NULL if principal had a NULL password,
- * or the result of the krb_get_pw_in_tkt() call.
- *
- * First, try to get a ticket for "user.instance@realm" to use the
- * "changepw.KRB_MASTER" server (KRB_MASTER is defined in "krb.h").
- * The requested lifetime for the ticket is "1", and the current
- * password is the "cpw" argument given.
- *
- * If the password was bad, give up.
- *
- * If the principal had a NULL password in the Kerberos database
- * (indicating that the principal is known to Kerberos, but hasn't
- * got a password yet), try instead to get a ticket for the principal
- * "default.changepw@realm" to use the "changepw.KRB_MASTER" server.
- * Use the password "changepwkrb" instead of "cpw". Return GT_PW_NULL
- * if all goes well, otherwise the error.
- *
- * If this routine succeeds, a ticket and session key for either the
- * principal "user.instance@realm" or "default.changepw@realm" to use
- * the password-changing server will be in the user's ticket file.
- */
-
-int KRB5_CALLCONV
-get_pw_tkt(user,instance,realm,cpw)
- char *user;
- char *instance;
- char *realm;
- char *cpw;
-{
- int kerror;
-
- kerror = krb_get_pw_in_tkt(user, instance, realm, "changepw",
- KRB_MASTER, 1, cpw);
-
- if (kerror == INTK_BADPW)
- return(GT_PW_BADPW);
-
- if (kerror == KDC_NULL_KEY) {
- kerror = krb_get_pw_in_tkt("default","changepw",realm,"changepw",
- KRB_MASTER,1,"changepwkrb");
- if (kerror)
- return(kerror);
- return(GT_PW_NULL);
- }
-
- return(kerror);
-}
+++ /dev/null
-/*
- * lib/krb4/g_svc_in_tkt.c
- *
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include <string.h>
-#include <stdlib.h>
-#include "krb.h"
-#include "prot.h"
-#include "krb4int.h"
-
-/*
- * This file contains two routines: srvtab_to_key(), which gets
- * a server's key from a srvtab file, and krb_get_svc_in_tkt() which
- * gets an initial ticket for a server.
- */
-
-/*
- * srvtab_to_key(): given a "srvtab" file (where the keys for the
- * service on a host are stored), return the private key of the
- * given service (user.instance@realm).
- *
- * srvtab_to_key() passes its arguments on to read_service_key(),
- * plus one additional argument, the key version number.
- * (Currently, the key version number is always 0; this value
- * is treated as a wildcard by read_service_key().)
- *
- * If the "srvtab" argument is null, KEYFILE (defined in "krb.h")
- * is passed in its place.
- *
- * It returns the return value of the read_service_key() call.
- * The service key is placed in "key".
- */
-
-static int srvtab_to_key(user, instance, realm, srvtab, key)
- char *user, *instance, *realm, *srvtab;
- C_Block key;
-{
- if (!srvtab)
- srvtab = KEYFILE;
-
- return(read_service_key(user, instance, realm, 0, srvtab,
- (char *)key));
-}
-
-/*
- * krb_get_svc_in_tkt() passes its arguments on to krb_get_in_tkt(),
- * plus two additional arguments: a pointer to the srvtab_to_key()
- * function to be used to get the key from the key file and a NULL
- * for the decryption procedure indicating that krb_get_in_tkt should
- * use the default method of decrypting the response from the KDC.
- *
- * It returns the return value of the krb_get_in_tkt() call.
- */
-
-int KRB5_CALLCONV
-krb_get_svc_in_tkt(user, instance, realm, service, sinstance, life, srvtab)
- char *user, *instance, *realm, *service, *sinstance;
- int life;
- char *srvtab;
-{
- return(krb_get_in_tkt(user, instance, realm, service, sinstance, life,
- (key_proc_type) srvtab_to_key, NULL, srvtab));
-}
-
-/* and we need a preauth version as well. */
-static C_Block old_key;
-
-static int stub_key(user,instance,realm,passwd,key)
- char *user, *instance, *realm, *passwd;
- C_Block key;
-{
- memcpy(key, old_key, sizeof(C_Block));
- return 0;
-}
-
-int
-krb_get_svc_in_tkt_preauth(user, instance, realm, service, sinstance, life, srvtab)
- char *user, *instance, *realm, *service, *sinstance;
- int life;
- char *srvtab;
-{
- char *preauth_p;
- int preauth_len;
- int ret_st;
-
- krb_mk_preauth(&preauth_p, &preauth_len,
- (key_proc_type) srvtab_to_key, user, instance, realm,
- srvtab, old_key);
- ret_st = krb_get_in_tkt_preauth(user,instance,realm,service,sinstance,life,
- (key_proc_type) stub_key, NULL, srvtab,
- preauth_p, preauth_len);
-
- krb_free_preauth(preauth_p, preauth_len);
- return ret_st;
-}
-
-/* DEC's dss-kerberos adds krb_svc_init; simple enough */
-
-int
-krb_svc_init(user,instance,realm,lifetime,srvtab_file,tkt_file)
- char *user;
- char *instance;
- char *realm;
- int lifetime;
- char *srvtab_file;
- char *tkt_file;
-{
- if (tkt_file)
- krb_set_tkt_string(tkt_file);
-
- return krb_get_svc_in_tkt(user,instance,realm,
- KRB_TICKET_GRANTING_TICKET,realm,lifetime,srvtab_file);
-}
-
-
-int
-krb_svc_init_preauth(user,instance,realm,lifetime,srvtab_file,tkt_file)
- char *user;
- char *instance;
- char *realm;
- int lifetime;
- char *srvtab_file;
- char *tkt_file;
-{
- if (tkt_file)
- krb_set_tkt_string(tkt_file);
-
- return krb_get_svc_in_tkt_preauth(user,instance,realm,
- KRB_TICKET_GRANTING_TICKET,realm,lifetime,srvtab_file);
-}
+++ /dev/null
-/*
- * g_tf_fname.c
- *
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- */
-
-#include "mit-copyright.h"
-#include "krb.h"
-#include <string.h>
-#include <stdio.h> /* For EOF */
-
-/*
- * This file contains a routine to extract the fullname of a user
- * from the ticket file.
- */
-
-/*
- * krb_get_tf_fullname() takes four arguments: the name of the
- * ticket file, and variables for name, instance, and realm to be
- * returned in. Since the realm of a ticket file is not really fully
- * supported, the realm used will be that of the the first ticket in
- * the file as this is the one that was obtained with a password by
- * krb_get_in_tkt().
- */
-
-int KRB5_CALLCONV
-krb_get_tf_fullname(ticket_file, name, instance, realm)
- const char *ticket_file;
- char *name;
- char *instance;
- char *realm;
-{
- int tf_status;
- CREDENTIALS c;
-
- /* If ticket cache selector is null, use default cache. */
- if (ticket_file == 0)
- ticket_file = tkt_string();
-
- if ((tf_status = tf_init(ticket_file, R_TKT_FIL)) != KSUCCESS)
- return(tf_status);
-
- if (((tf_status = tf_get_pname(c.pname)) != KSUCCESS) ||
- ((tf_status = tf_get_pinst(c.pinst)) != KSUCCESS))
- return (tf_status);
-
- if (name)
- strcpy(name, c.pname);
- if (instance)
- strcpy(instance, c.pinst);
- if ((tf_status = tf_get_cred(&c)) == KSUCCESS) {
- if (realm)
- strcpy(realm, c.realm);
- }
- else {
- if (tf_status == EOF)
- return(KFAILURE);
- else
- return(tf_status);
- }
- (void) tf_close();
-
- return(tf_status);
-}
+++ /dev/null
-/*
- * lib/krb4/g_tf_realm.c
- *
- * Copyright 1987-2002 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-
-/*
- * This file contains a routine to extract the realm of a kerberos
- * ticket file.
- */
-
-/*
- * krb_get_tf_realm() takes two arguments: the name of a ticket
- * and a variable to store the name of the realm in.
- *
- */
-
-int KRB5_CALLCONV
-krb_get_tf_realm(const char *ticket_file, char *realm)
-{
- return krb_get_tf_fullname(ticket_file, NULL, NULL, realm);
-}
+++ /dev/null
-/*
- * g_tkt_svc.c
- *
- * Gets a ticket for a service. Adopted from KClient.
- */
-
-#include <string.h>
-#include "krb.h"
-#include "port-sockets.h"
-
-/* FIXME -- this should probably be calling mk_auth nowadays. */
-#define KRB_SENDAUTH_VERS "AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN chars */
-
-
-static int
-ParseFullName(name, instance, realm, fname)
- char *name;
- char *instance;
- char *realm;
- char *fname;
-{
- int err;
-
- if (!*fname) return KNAME_FMT; /* null names are not OK */
- *instance = '\0';
- err = kname_parse(name,instance,realm,fname);
- if (err) return err;
- if (!*name) return KNAME_FMT; /* null names are not OK */
- if (!*realm) {
- if ((err = krb_get_lrealm (realm, 1)))
- return err;
- if (!*realm) return KNAME_FMT; /* FIXME -- should give better error */
- }
- return KSUCCESS;
-}
-
-
-
-static void
-CopyTicket(dest, src, numBytes, version, includeVersion)
- char *dest;
- KTEXT src;
- unsigned KRB4_32 *numBytes;
- char *version;
- int includeVersion;
-{
- unsigned KRB4_32 tkt_len;
- unsigned KRB4_32 nbytes = 0;
-
- /* first put version info into the buffer */
- if (includeVersion) {
- (void) strncpy(dest, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN);
- (void) strncpy(dest+KRB_SENDAUTH_VLEN, version, KRB_SENDAUTH_VLEN);
- nbytes = 2*KRB_SENDAUTH_VLEN;
- }
-
- /* put ticket length into buffer */
- tkt_len = htonl((unsigned long) src->length);
- (void) memcpy((char *)(dest+nbytes), (char *) &tkt_len, sizeof(tkt_len));
- nbytes += sizeof(tkt_len);
-
- /* put ticket into buffer */
- (void) memcpy ((char *)(dest+nbytes), (char *) src->dat, src->length);
- nbytes += src->length;
-
- *numBytes = nbytes;
-}
-
-
-static int
-CredIsExpired( cr )
- CREDENTIALS *cr;
-{
- KRB4_32 now;
-
- /* This routine is for use with clients only in order to determine
- if a credential is still good.
- Note: twice CLOCK_SKEW was added to age of ticket so that we could
- be more sure that the ticket was good.
- FIXME: I think this is a bug -- should use the same algorithm
- everywhere to determine ticket expiration. */
-
- now = TIME_GMT_UNIXSEC;
- return now + 2 * CLOCK_SKEW > krb_life_to_time(cr->issue_date,
- cr->lifetime);
-}
-
-
-/*
- * Gets a ticket and returns it to application in buf
- -> service Formal Kerberos name of service
- -> buf Buffer to receive ticket
- -> checksum checksum for this service
- <-> buflen length of ticket buffer (must be at least
- 1258 bytes)
- <- sessionKey for internal use
- <- schedule for internal use
-
- * Result is:
- * GC_NOTKT if there is no matching TGT in the cache
- * MK_AP_TGTEXP if the matching TGT is expired
- * Other errors possible. These could cause a dialogue with the user
- * to get a new TGT.
- */
-
-int KRB5_CALLCONV
-krb_get_ticket_for_service (serviceName, buf, buflen, checksum, sessionKey,
- schedule, version, includeVersion)
- char *serviceName;
- char *buf;
- unsigned KRB4_32 *buflen;
- int checksum;
- des_cblock sessionKey;
- Key_schedule schedule;
- char *version;
- int includeVersion;
-{
- char service[SNAME_SZ];
- char instance[INST_SZ];
- char realm[REALM_SZ];
- int err;
- char lrealm[REALM_SZ];
- CREDENTIALS cr;
-
- service[0] = '\0';
- instance[0] = '\0';
- realm[0] = '\0';
-
- /* parse out service name */
-
- err = ParseFullName(service, instance, realm, serviceName);
- if (err)
- return err;
-
- if ((err = krb_get_tf_realm(TKT_FILE, lrealm)) != KSUCCESS)
- return(err);
-
- /* Make sure we have an intial ticket for the user in this realm
- Check local realm, not realm for service since krb_mk_req will
- get additional krbtgt if necessary. This is so that inter-realm
- works without asking for a password twice.
- FIXME gnu - I think this is a bug. We should allow direct
- authentication to the desired realm, regardless of what the "local"
- realm is. I fixed it. FIXME -- not quite right. */
- err = krb_get_cred (KRB_TICKET_GRANTING_TICKET, realm, lrealm, &cr);
- if (err)
- return err;
-
- err = CredIsExpired(&cr);
- if (err)
- return RD_AP_EXP; /* Expired ticket */
-
- /* Get a ticket for the service */
- err = krb_mk_req(&(cr.ticket_st),service,instance,realm,checksum);
- if (err)
- return err;
-
- CopyTicket(buf, &(cr.ticket_st), buflen, version, includeVersion);
-
- /* get the session key for later use in deciphering the server response */
- err = krb_get_cred(service,instance,realm,&cr);
- if (err)
- return err;
- memcpy((char *)sessionKey, (char *)cr.session, sizeof(C_Block));
- err = key_sched(sessionKey, schedule);
- if (err)
- return KFAILURE; /* Bad DES key for some reason (FIXME better error) */
-
- else
- return KSUCCESS;
-
-}
-
-
+++ /dev/null
-/*
- * gethostname.c
- *
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- */
-
-#include "mit-copyright.h"
-#include "krb.h"
-#include "krb4int.h"
-#include "autoconf.h"
-
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#ifndef GETHOSTNAME
-#define GETHOSTNAME gethostname /* A rather simple default */
-#endif
-
-/*
- * Return the local host's name in "name", up to "namelen" characters.
- * "name" will be null-terminated if "namelen" is big enough.
- * The return code is 0 on success, -1 on failure. (The calling
- * interface is identical to BSD gethostname(2).)
- */
-
-int
-k_gethostname(name, namelen)
- char *name;
- int namelen;
-{
- return GETHOSTNAME(name, namelen);
-}
+++ /dev/null
-/*
- * getst.c
- *
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- */
-
-#include "mit-copyright.h"
-#include "krb.h"
-#include "krb4int.h"
-#include "autoconf.h"
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-/*
- * getst() takes a file descriptor, a string and a count. It reads
- * from the file until either it has read "count" characters, or until
- * it reads a null byte. When finished, what has been read exists in
- * the given string "s". If "count" characters were actually read, the
- * last is changed to a null, so the returned string is always null-
- * terminated. getst() returns the number of characters read, including
- * the null terminator.
- */
-
-int
-getst(fd, s, n)
- int fd;
- register char *s;
- int n;
-{
- register int count = n;
- while (read(fd, s, 1) > 0 && --count)
- if (*s++ == '\0')
- return (n - count);
- *s = '\0';
- return (n - count);
-}
+++ /dev/null
-/*
- * lib/krb4/in_tkt.c
- *
- * Copyright 1985, 1986, 1987, 1988, 2000, 2001, 2007 by the Massachusetts
- * Institute of Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#include "krb.h"
-#include <fcntl.h>
-#include <sys/stat.h>
-#include "autoconf.h"
-#ifdef TKT_SHMEM
-#include <sys/param.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-extern int krb_debug;
-
-/*
- * in_tkt() is used to initialize the ticket store. It creates the
- * file to contain the tickets and writes the given user's name "pname"
- * and instance "pinst" in the file. in_tkt() returns KSUCCESS on
- * success, or KFAILURE if something goes wrong.
- */
-
-#include "k5-util.h"
-#define do_seteuid krb5_seteuid
-#include "k5-platform.h"
-
-#ifndef O_SYNC
-#define O_SYNC 0
-#endif
-
-int KRB5_CALLCONV
-in_tkt(pname,pinst)
- char *pname;
- char *pinst;
-{
- int tktfile;
- uid_t me, metoo, getuid(), geteuid();
- struct stat statpre, statpost;
- int count;
- const char *file = TKT_FILE;
- int fd;
- register int i;
- char charbuf[BUFSIZ];
- mode_t mask;
-#ifdef TKT_SHMEM
- char shmidname[MAXPATHLEN];
-#endif /* TKT_SHMEM */
-
- /* If ticket cache selector is null, use default cache. */
- if (file == 0)
- file = tkt_string();
-
- me = getuid ();
- metoo = geteuid();
- if (lstat(file, &statpre) == 0) {
- if (statpre.st_uid != me || !(statpre.st_mode & S_IFREG)
- || statpre.st_nlink != 1 || statpre.st_mode & 077) {
- if (krb_debug)
- fprintf(stderr,"Error initializing %s",file);
- return(KFAILURE);
- }
- /*
- * Yes, we do uid twiddling here. It's not optimal, but some
- * applications may expect that the ruid is what should really
- * own the ticket file, e.g. setuid applications.
- */
- if (me != metoo && do_seteuid(me) < 0)
- return KFAILURE;
- /* file already exists, and permissions appear ok, so nuke it */
- fd = open(file, O_RDWR|O_SYNC, 0);
- if (fd >= 0)
- set_cloexec_fd(fd);
- (void)unlink(file);
- if (me != metoo && do_seteuid(metoo) < 0)
- return KFAILURE;
- if (fd < 0) {
- goto out; /* can't zero it, but we can still try truncating it */
- }
-
- /*
- * Do some additional paranoid things. The worst-case
- * situation is that a user may be fooled into opening a
- * non-regular file briefly if the file is in a directory with
- * improper permissions.
- */
- if (fstat(fd, &statpost) < 0) {
- (void)close(fd);
- goto out;
- }
- if (statpre.st_dev != statpost.st_dev
- || statpre.st_ino != statpost.st_ino) {
- (void)close(fd);
- errno = 0;
- goto out;
- }
-
- memset(charbuf, 0, sizeof(charbuf));
-
- for (i = 0; i < statpost.st_size; i += sizeof(charbuf))
- if (write(fd, charbuf, sizeof(charbuf)) != sizeof(charbuf)) {
-#ifndef NO_FSYNC
- (void) fsync(fd);
-#endif
- (void) close(fd);
- goto out;
- }
-
-#ifndef NO_FSYNC
- (void) fsync(fd);
-#endif
- (void) close(fd);
- }
- out:
- /* arrange so the file is owned by the ruid
- (swap real & effective uid if necessary).
- This isn't a security problem, since the ticket file, if it already
- exists, has the right uid (== ruid) and mode. */
- if (me != metoo) {
- if (do_seteuid(me) < 0) {
- /* can't switch??? barf! */
- if (krb_debug)
- perror("in_tkt: seteuid");
- return(KFAILURE);
- } else
- if (krb_debug)
- printf("swapped UID's %d and %d\n",(int) metoo, (int) me);
- }
- /* Set umask to ensure that we have write access on the created
- ticket file. */
- mask = umask(077);
- tktfile = open(file, O_RDWR|O_SYNC|O_CREAT|O_EXCL, 0600);
- if (tktfile >= 0)
- set_cloexec_fd(tktfile);
- umask(mask);
- if (me != metoo) {
- if (do_seteuid(metoo) < 0) {
- /* can't switch??? barf! */
- if (krb_debug)
- perror("in_tkt: seteuid2");
- return(KFAILURE);
- } else
- if (krb_debug)
- printf("swapped UID's %d and %d\n", (int) me, (int) metoo);
- }
- if (tktfile < 0) {
- if (krb_debug)
- fprintf(stderr,"Error initializing %s",TKT_FILE);
- return(KFAILURE);
- }
- count = strlen(pname)+1;
- if (write(tktfile,pname,count) != count) {
- (void) close(tktfile);
- return(KFAILURE);
- }
- count = strlen(pinst)+1;
- if (write(tktfile,pinst,count) != count) {
- (void) close(tktfile);
- return(KFAILURE);
- }
- (void) close(tktfile);
-#ifdef TKT_SHMEM
- (void) strncpy(shmidname, file, sizeof(shmidname) - 1);
- shmidname[sizeof(shmidname) - 1] = '\0';
- (void) strncat(shmidname, ".shm", sizeof(shmidname) - 1 - strlen(shmidname));
- return(krb_shm_create(shmidname));
-#else /* !TKT_SHMEM */
- return(KSUCCESS);
-#endif /* TKT_SHMEM */
-}
-
-int KRB5_CALLCONV
-krb_in_tkt(pname, pinst, prealm)
- char *pname;
- char *pinst;
- char *prealm;
-{
- return in_tkt(pname, pinst);
-}
+++ /dev/null
-# kadmin.v4/server/kadm_err.et
-#
-# Copyright 1988 by the Massachusetts Institute of Technology.
-#
-# For copying and distribution information, please see the file
-# <mit-copyright.h>.
-#
-# Kerberos administration server error table
-#
- et kadm
-
-# KADM_SUCCESS, as all success codes should be, is zero
-
-ec KADM_RCSID, "$Header$"
-# /* Building and unbuilding the packet errors */
-ec KADM_NO_REALM, "Cannot fetch local realm"
-ec KADM_NO_CRED, "Unable to fetch credentials"
-ec KADM_BAD_KEY, "Bad key supplied"
-ec KADM_NO_ENCRYPT, "Can't encrypt data"
-ec KADM_NO_AUTH, "Cannot encode/decode authentication info"
-ec KADM_WRONG_REALM, "Principal attemping change is in wrong realm"
-ec KADM_NO_ROOM, "Packet is too large"
-ec KADM_BAD_VER, "Version number is incorrect"
-ec KADM_BAD_CHK, "Checksum does not match"
-ec KADM_NO_READ, "Unsealing private data failed"
-ec KADM_NO_OPCODE, "Unsupported operation"
-ec KADM_NO_HOST, "Could not find administrating host"
-ec KADM_UNK_HOST, "Administrating host name is unknown"
-ec KADM_NO_SERV, "Could not find service name in services database"
-ec KADM_NO_SOCK, "Could not create socket"
-ec KADM_NO_CONN, "Could not connect to server"
-ec KADM_NO_HERE, "Could not fetch local socket address"
-ec KADM_NO_MAST, "Could not fetch master key"
-ec KADM_NO_VERI, "Could not verify master key"
-
-# /* From the server side routines */
-ec KADM_INUSE, "Entry already exists in database"
-ec KADM_UK_SERROR, "Database store error"
-ec KADM_UK_RERROR, "Database read error"
-ec KADM_UNAUTH, "Insufficient access to perform requested operation"
-# KADM_DATA isn't really an error, but...
-ec KADM_DATA, "Data is available for return to client"
-ec KADM_NOENTRY, "No such entry in the database"
-
-ec KADM_NOMEM, "Memory exhausted"
-ec KADM_NO_HOSTNAME, "Could not fetch system hostname"
-ec KADM_NO_BIND, "Could not bind port"
-ec KADM_LENGTH_ERROR, "Length mismatch problem"
-ec KADM_ILL_WILDCARD, "Illegal use of wildcard"
-
-ec KADM_DB_INUSE, "Database locked or in use"
-
-ec KADM_INSECURE_PW, "Insecure password rejected"
-ec KADM_PW_MISMATCH, "Cleartext password and DES key did not match"
-
-ec KADM_NOT_SERV_PRINC, "Invalid principal for change srvtab request"
-ec KADM_REALM_TOO_LONG, "Realm name too long"
-end
+++ /dev/null
-/*
- * lib/krb4/kadm_net.c
- *
- * Copyright 1988, 2002, 2007 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * Kerberos administration server client-side network access routines
- * These routines do actual network traffic, in a machine dependent manner.
- */
-
-#include <errno.h>
-#include <signal.h>
-#include <string.h>
-#include <stdlib.h>
-#include "autoconf.h"
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#define DEFINE_SOCKADDR /* Ask krb.h for struct sockaddr, etc */
-#include "port-sockets.h"
-#include "krb.h"
-#include "krbports.h"
-#include "kadm.h"
-#include "kadm_err.h"
-#include "prot.h"
-
-/* XXX FIXME! */
-#if defined(_WIN32)
- #define SIGNAL(s, f) 0
-#else
- #define SIGNAL(s, f) signal(s, f)
-#endif
-
-static void clear_secrets(des_cblock sess_key, Key_schedule sess_sched);
-/* XXX FIXME! */
-#ifdef SIGPIPE
-static krb5_sigtype (*opipe)();
-#endif
-
-/*
- * kadm_init_link
- * receives : principal, instance, realm
- *
- * initializes client parm, the Kadm_Client structure which holds the
- * data about the connection between the server and client, the services
- * used, the locations and other fun things
- */
-int
-kadm_init_link(char *principal, char *instance, char *realm,
- Kadm_Client *client_parm, int changepw)
-{
- struct servent *sep; /* service we will talk to */
- u_short sep_port;
- struct hostent *hop; /* host we will talk to */
- char adm_hostname[MAXHOSTNAMELEN];
- char *scol = 0;
-
- (void) strcpy(client_parm->sname, principal);
- (void) strcpy(client_parm->sinst, instance);
- (void) strcpy(client_parm->krbrlm, realm);
- client_parm->admin_fd = -1;
- client_parm->default_port = 1;
-
- /*
- * set up the admin_addr - fetch name of admin or kpasswd host
- * (usually the admin host is the kpasswd host unless you have
- * some sort of realm on crack)
- */
- if (changepw) {
-#if 0 /* XXX */
- if (krb_get_kpasswdhst(adm_hostname, client_parm->krbrlm, 1) != KSUCCESS)
-#endif
- if (krb_get_admhst(adm_hostname, client_parm->krbrlm, 1) != KSUCCESS)
- return KADM_NO_HOST;
- } else {
- if (krb_get_admhst(adm_hostname, client_parm->krbrlm, 1) != KSUCCESS)
- return KADM_NO_HOST;
- }
- scol = strchr(adm_hostname,':');
- if (scol) *scol = 0;
- if ((hop = gethostbyname(adm_hostname)) == NULL)
- /*
- * couldn't find the admin servers address
- */
- return KADM_UNK_HOST;
- if (scol) {
- sep_port = htons(atoi(scol+1));
- client_parm->default_port = 0;
- } else if ((sep = getservbyname(KADM_SNAME, "tcp")) != NULL)
- sep_port = sep->s_port;
- else
- sep_port = htons(KADM_PORT); /* KADM_SNAME = kerberos_master/tcp */
- memset(&client_parm->admin_addr, 0, sizeof(client_parm->admin_addr));
- client_parm->admin_addr.sin_family = hop->h_addrtype;
- memcpy(&client_parm->admin_addr.sin_addr, hop->h_addr, hop->h_length);
- client_parm->admin_addr.sin_port = sep_port;
-
- return KADM_SUCCESS;
-}
-
-/*
- * kadm_cli_send
- * recieves : opcode, packet, packet length, serv_name, serv_inst
- * returns : return code from the packet build, the server, or
- * something else
- *
- * It assembles a packet as follows:
- * 8 bytes : VERSION STRING
- * 4 bytes : LENGTH OF MESSAGE DATA and OPCODE
- * : KTEXT
- * : OPCODE \
- * : DATA > Encrypted (with make priv)
- * : ...... /
- *
- * If it builds the packet and it is small enough, then it attempts to open the
- * connection to the admin server. If the connection is succesfully open
- * then it sends the data and waits for a reply.
- */
-int
-kadm_cli_send(Kadm_Client *client_parm,
- u_char *st_dat, /* the actual data */
- size_t st_siz, /* length of said data */
- u_char **ret_dat, /* to give return info */
- size_t *ret_siz) /* length of returned info */
-{
-/* Macros for use in returning data... used in kadm_cli_send */
-#define RET_N_FREE(r) {clear_secrets(sess_key, sess_sched); free((char *)act_st); free((char *)priv_pak); return r;}
-#define RET_N_FREE2(r) {free((char *)*ret_dat); *ret_dat = 0; *ret_siz = 0; clear_secrets(sess_key, sess_sched); return(r);}
-
- int act_len; /* current offset into packet, return */
- KRB_INT32 retdat; /* data */
- KTEXT_ST authent; /* the authenticator we will build */
- u_char *act_st; /* the pointer to the complete packet */
- u_char *priv_pak; /* private version of the packet */
- long priv_len; /* length of private packet */
- u_long cksum; /* checksum of the packet */
- MSG_DAT mdat;
- u_char *return_dat;
- u_char *p;
- KRB_UINT32 uretdat;
-
- /* Keys for use in the transactions */
- des_cblock sess_key; /* to be filled in by kadm_cli_keyd */
- Key_schedule sess_sched;
-
- act_st = malloc(KADM_VERSIZE); /* verstr stored first */
- strncpy((char *)act_st, KADM_VERSTR, KADM_VERSIZE);
- act_len = KADM_VERSIZE;
-
- if ((retdat = kadm_cli_keyd(client_parm, sess_key, sess_sched)) != KADM_SUCCESS) {
- free(act_st);
- return retdat; /* couldnt get key working */
- }
- priv_pak = malloc(st_siz + 200);
- /* 200 bytes for extra info case */
- /* XXX Check mk_priv return type */
- if ((priv_len = krb_mk_priv(st_dat, priv_pak, (u_long)st_siz,
- sess_sched, (C_Block *)sess_key,
- &client_parm->my_addr,
- &client_parm->admin_addr)) < 0)
- RET_N_FREE(KADM_NO_ENCRYPT); /* whoops... we got a lose here */
- /*
- * here is the length of priv data. receiver calcs size of
- * authenticator by subtracting vno size, priv size, and
- * sizeof(u_long) (for the size indication) from total size
- */
- act_len += vts_long((KRB_UINT32)priv_len, &act_st, (int)act_len);
-#ifdef NOENCRYPTION
- cksum = 0;
-#else
- cksum = quad_cksum(priv_pak, NULL, priv_len, 0, &sess_key);
-#endif
- /* XXX cast unsigned->signed */
- if ((retdat = krb_mk_req_creds(&authent, &client_parm->creds, (long)cksum)) != 0) {
- /* authenticator? */
- RET_N_FREE(retdat);
- }
-
- act_st = realloc(act_st, (unsigned) (act_len + authent.length
- + priv_len));
- if (!act_st) {
- clear_secrets(sess_key, sess_sched);
- free(priv_pak);
- return KADM_NOMEM;
- }
- memcpy(act_st + act_len, authent.dat, authent.length);
- memcpy(act_st + act_len + authent.length, priv_pak, priv_len);
- free(priv_pak);
- if ((retdat = kadm_cli_out(client_parm, act_st,
- act_len + authent.length + priv_len,
- ret_dat, ret_siz)) != KADM_SUCCESS)
- RET_N_FREE(retdat);
- free(act_st);
-
- /* first see if it's a YOULOSE */
- if ((*ret_siz >= KADM_VERSIZE) &&
- !strncmp(KADM_ULOSE, (char *)*ret_dat, KADM_VERSIZE))
- {
- /* it's a youlose packet */
- if (*ret_siz < KADM_VERSIZE + 4)
- RET_N_FREE2(KADM_BAD_VER);
- p = *ret_dat + KADM_VERSIZE;
- KRB4_GET32BE(uretdat, p);
- /* XXX unsigned->signed */
- retdat = (KRB_INT32)uretdat;
- RET_N_FREE2(retdat);
- }
- /* need to decode the ret_dat */
- if ((retdat = krb_rd_priv(*ret_dat, (u_long)*ret_siz, sess_sched,
- (C_Block *)sess_key, &client_parm->admin_addr,
- &client_parm->my_addr, &mdat)) != 0)
- RET_N_FREE2(retdat);
- if (mdat.app_length < KADM_VERSIZE + 4)
- /* too short! */
- RET_N_FREE2(KADM_BAD_VER);
- if (strncmp((char *)mdat.app_data, KADM_VERSTR, KADM_VERSIZE))
- /* bad version */
- RET_N_FREE2(KADM_BAD_VER);
- p = mdat.app_data + KADM_VERSIZE;
- KRB4_GET32BE(uretdat, p);
- /* XXX unsigned->signed */
- retdat = (KRB_INT32)uretdat;
- if ((mdat.app_length - KADM_VERSIZE - 4) != 0) {
- if (!(return_dat =
- malloc((unsigned)(mdat.app_length - KADM_VERSIZE - 4))))
- RET_N_FREE2(KADM_NOMEM);
- memcpy(return_dat, p, mdat.app_length - KADM_VERSIZE - 4);
- } else {
- /* If it's zero length, still need to malloc a 1 byte string; */
- /* malloc's of zero will return NULL on AIX & A/UX */
- if (!(return_dat = malloc((unsigned) 1)))
- RET_N_FREE2(KADM_NOMEM);
- *return_dat = '\0';
- }
- free(*ret_dat);
- clear_secrets(sess_key, sess_sched);
- *ret_dat = return_dat;
- *ret_siz = mdat.app_length - KADM_VERSIZE - 4;
- return retdat;
-}
-
-int kadm_cli_conn(Kadm_Client *client_parm)
-{ /* this connects and sets my_addr */
-#if 0
- int on = 1;
-#endif
- if ((client_parm->admin_fd =
- socket(client_parm->admin_addr.sin_family, SOCK_STREAM,0)) < 0)
- return KADM_NO_SOCK; /* couldnt create the socket */
- set_cloexec_fd(client_parm->admin_fd);
- if (SOCKET_CONNECT(client_parm->admin_fd,
- (struct sockaddr *) & client_parm->admin_addr,
- sizeof(client_parm->admin_addr))) {
- (void) SOCKET_CLOSE(client_parm->admin_fd);
- client_parm->admin_fd = -1;
-
- /* The V4 kadmind port number is 751. The RFC assigned
- number, for V5, is 749. Sometimes the entry in
- /etc/services on a client machine will say 749, but the
- server may be listening on port 751. We try to partially
- cope by automatically falling back to try port 751 if we
- don't get a reply on port we are using. */
- if (client_parm->admin_addr.sin_port != htons(KADM_PORT)
- && client_parm->default_port) {
- client_parm->admin_addr.sin_port = htons(KADM_PORT);
- return kadm_cli_conn(client_parm);
- }
-
- return KADM_NO_CONN; /* couldnt get the connect */
- }
-#ifdef SIGPIPE
- opipe = SIGNAL(SIGPIPE, SIG_IGN);
-#endif
- client_parm->my_addr_len = sizeof(client_parm->my_addr);
- if (SOCKET_GETSOCKNAME(client_parm->admin_fd,
- (struct sockaddr *) & client_parm->my_addr,
- &client_parm->my_addr_len) < 0) {
- (void) SOCKET_CLOSE(client_parm->admin_fd);
- client_parm->admin_fd = -1;
-#ifdef SIGPIPE
- (void) SIGNAL(SIGPIPE, opipe);
-#endif
- return KADM_NO_HERE; /* couldnt find out who we are */
- }
-#if 0
- if (setsockopt(client_parm.admin_fd, SOL_SOCKET, SO_KEEPALIVE, (char *)&on,
- sizeof(on)) < 0) {
- (void) closesocket(client_parm.admin_fd);
- client_parm.admin_fd = -1;
-#ifdef SIGPIPE
- (void) SIGNAL(SIGPIPE, opipe);
-#endif
- return KADM_NO_CONN; /* XXX */
- }
-#endif
- return KADM_SUCCESS;
-}
-
-void kadm_cli_disconn(Kadm_Client *client_parm)
-{
- (void) SOCKET_CLOSE(client_parm->admin_fd);
-#ifdef SIGPIPE
- (void) SIGNAL(SIGPIPE, opipe);
-#endif
- return;
-}
-
-int kadm_cli_out(Kadm_Client *client_parm, u_char *dat, int dat_len,
- u_char **ret_dat, size_t *ret_siz)
-{
- u_short dlen;
- int retval;
- unsigned char buf[2], *p;
-
- dlen = (u_short)dat_len;
- if (dlen > 0x7fff) /* XXX krb_net_write signedness */
- return KADM_NO_ROOM;
-
- p = buf;
- KRB4_PUT16BE(p, dlen);
- if (krb_net_write(client_parm->admin_fd, (char *)buf, 2) < 0)
- return SOCKET_ERRNO; /* XXX */
-
- if (krb_net_write(client_parm->admin_fd, (char *)dat, (int)dat_len) < 0)
- return SOCKET_ERRNO; /* XXX */
-
- retval = krb_net_read(client_parm->admin_fd, (char *)buf, 2);
- if (retval != 2) {
- if (retval < 0)
- return SOCKET_ERRNO; /* XXX */
- else
- return EPIPE; /* short read ! */
- }
-
- p = buf;
- KRB4_GET16BE(dlen, p);
- if (dlen > INT_MAX) /* XXX krb_net_read signedness */
- return KADM_NO_ROOM;
- *ret_dat = malloc(dlen);
- if (!*ret_dat)
- return KADM_NOMEM;
-
- retval = krb_net_read(client_parm->admin_fd, (char *)*ret_dat, (int)dlen);
- if (retval != dlen) {
- if (retval < 0)
- return SOCKET_ERRNO; /* XXX */
- else
- return EPIPE; /* short read ! */
- }
- *ret_siz = dlen;
- return KADM_SUCCESS;
-}
-
-static void
-clear_secrets(des_cblock sess_key, Key_schedule sess_sched)
-{
- memset(sess_key, 0, sizeof(sess_key));
- memset(sess_sched, 0, sizeof(sess_sched));
- return;
-}
-
-/* takes in the sess_key and key_schedule and sets them appropriately */
-int kadm_cli_keyd(Kadm_Client *client_parm,
- des_cblock s_k, des_key_schedule s_s)
-{
- int stat;
-
- memcpy(s_k, client_parm->creds.session, sizeof(des_cblock));
- stat = key_sched(s_k, s_s);
- if (stat)
- return stat;
- return KADM_SUCCESS;
-} /* This code "works" */
+++ /dev/null
-/*
- * kadm_stream.c
- *
- * Copyright 1988, 2002 by the Massachusetts Institute of Technology.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * Stream conversion functions for Kerberos administration server
- */
-
-/*
- kadm_stream.c
- this holds the stream support routines for the kerberos administration server
-
- vals_to_stream: converts a vals struct to a stream for transmission
- internals build_field_header, vts_[string, char, long, short]
- stream_to_vals: converts a stream to a vals struct
- internals check_field_header, stv_[string, char, long, short]
- error: prints out a kadm error message, returns
- fatal: prints out a kadm fatal error message, exits
-*/
-
-#include <string.h>
-#include <stdlib.h>
-
-#include "kadm.h"
-#include "kadm_err.h"
-#include "prot.h"
-
-#define min(a,b) (((a) < (b)) ? (a) : (b))
-
-/*
-vals_to_stream
- recieves : kadm_vals *, u_char *
- returns : a realloced and filled in u_char *
-
-this function creates a byte-stream representation of the kadm_vals structure
-*/
-int
-vals_to_stream(Kadm_vals *dt_in, u_char **dt_out)
-{
- int vsloop, stsize; /* loop counter, stream size */
-
- stsize = build_field_header(dt_in->fields, dt_out);
- for (vsloop = 31; vsloop >= 0; vsloop--)
- if (IS_FIELD(vsloop, dt_in->fields)) {
- switch (vsloop) {
- case KADM_NAME:
- stsize += vts_string(dt_in->name, dt_out, stsize);
- break;
- case KADM_INST:
- stsize += vts_string(dt_in->instance, dt_out, stsize);
- break;
- case KADM_EXPDATE:
- stsize += vts_long((KRB_UINT32)dt_in->exp_date,
- dt_out, stsize);
- break;
- case KADM_ATTR:
- stsize += vts_short(dt_in->attributes, dt_out, stsize);
- break;
- case KADM_MAXLIFE:
- stsize += vts_char(dt_in->max_life, dt_out, stsize);
- break;
- case KADM_DESKEY:
- stsize += vts_long(dt_in->key_high, dt_out, stsize);
- stsize += vts_long(dt_in->key_low, dt_out, stsize);
- break;
- default:
- break;
- }
- }
- return stsize;
-}
-
-int
-build_field_header(
- u_char *cont, /* container for fields data */
- u_char **st) /* stream */
-{
- *st = malloc(4);
- if (*st == NULL)
- return -1;
- memcpy(*st, cont, 4);
- return 4; /* return pointer to current stream location */
-}
-
-int
-vts_string(char *dat, u_char **st, int loc)
-{
- size_t len;
- unsigned char *p;
-
- if (loc < 0)
- return -1;
- len = strlen(dat) + 1;
- p = realloc(*st, (size_t)loc + len);
- if (p == NULL)
- return -1;
- memcpy(p + loc, dat, len);
- *st = p;
- return len;
-}
-
-int
-vts_short(KRB_UINT32 dat, u_char **st, int loc)
-{
- unsigned char *p;
-
- if (loc < 0)
- return -1;
- p = realloc(*st, (size_t)loc + 2);
- if (p == NULL)
- return -1;
-
- *st = p; /* KRB4_PUT32BE will modify p */
-
- p += loc; /* place bytes at the end */
- KRB4_PUT16BE(p, dat);
-
- return 2;
-}
-
-int
-vts_long(KRB_UINT32 dat, u_char **st, int loc)
-{
- unsigned char *p;
-
- if (loc < 0)
- return -1;
- p = realloc(*st, (size_t)loc + 4);
- if (p == NULL)
- return -1;
-
- *st = p; /* KRB4_PUT32BE will modify p */
-
- p += loc; /* place bytes at the end */
- KRB4_PUT32BE(p, dat);
-
- return 4;
-}
-
-int
-vts_char(KRB_UINT32 dat, u_char **st, int loc)
-{
- unsigned char *p;
-
- if (loc < 0)
- return -1;
- p = realloc(*st, (size_t)loc + 1);
- if (p == NULL)
- return -1;
- p[loc] = dat & 0xff;
- *st = p;
- return 1;
-}
-
-/*
-stream_to_vals
- recieves : u_char *, kadm_vals *
- returns : a kadm_vals filled in according to u_char *
-
-this decodes a byte stream represntation of a vals struct into kadm_vals
-*/
-int
-stream_to_vals(
- u_char *dt_in,
- Kadm_vals *dt_out,
- int maxlen) /* max length to use */
-{
- register int vsloop, stsize; /* loop counter, stream size */
- register int status;
-
- memset(dt_out, 0, sizeof(*dt_out));
-
- stsize = check_field_header(dt_in, dt_out->fields, maxlen);
- if (stsize < 0)
- return -1;
- for (vsloop = 31; vsloop >= 0; vsloop--)
- if (IS_FIELD(vsloop, dt_out->fields))
- switch (vsloop) {
- case KADM_NAME:
- status = stv_string(dt_in, dt_out->name, stsize,
- sizeof(dt_out->name), maxlen);
- if (status < 0)
- return -1;
- stsize += status;
- break;
- case KADM_INST:
- status = stv_string(dt_in, dt_out->instance, stsize,
- sizeof(dt_out->instance), maxlen);
- if (status < 0)
- return -1;
- stsize += status;
- break;
- case KADM_EXPDATE:
- {
- KRB_UINT32 exp_date;
-
- status = stv_long(dt_in, &exp_date, stsize, maxlen);
- if (status < 0)
- return -1;
- dt_out->exp_date = exp_date;
- stsize += status;
- }
- break;
- case KADM_ATTR:
- status = stv_short(dt_in, &dt_out->attributes, stsize,
- maxlen);
- if (status < 0)
- return -1;
- stsize += status;
- break;
- case KADM_MAXLIFE:
- status = stv_char(dt_in, &dt_out->max_life, stsize,
- maxlen);
- if (status < 0)
- return -1;
- stsize += status;
- break;
- case KADM_DESKEY:
- status = stv_long(dt_in, &dt_out->key_high, stsize,
- maxlen);
- if (status < 0)
- return -1;
- stsize += status;
- status = stv_long(dt_in, &dt_out->key_low, stsize,
- maxlen);
- if (status < 0)
- return -1;
- stsize += status;
- break;
- default:
- break;
- }
- return stsize;
-}
-
-int
-check_field_header(
- u_char *st, /* stream */
- u_char *cont, /* container for fields data */
- int maxlen)
-{
- if (4 > maxlen)
- return -1;
- memcpy(cont, st, 4);
- return 4; /* return pointer to current stream location */
-}
-
-int
-stv_string(
- register u_char *st, /* base pointer to the stream */
- char *dat, /* a string to read from the stream */
- register int loc, /* offset into the stream for current data */
- int stlen, /* max length of string to copy in */
- int maxlen) /* max length of input stream */
-{
- int maxcount; /* max count of chars to copy */
-
- if (loc < 0)
- return -1;
- maxcount = min(maxlen - loc, stlen);
- if (maxcount <= 0) /* No strings left in the input stream */
- return -1;
-
- (void) strncpy(dat, (char *)st + loc, (size_t)maxcount);
-
- if (dat[maxcount - 1]) /* not null-term --> not enuf room */
- return -1;
- return strlen(dat) + 1;
-}
-
-int
-stv_short(u_char *st, u_short *dat, int loc, int maxlen)
-{
- u_short temp;
- unsigned char *p;
-
- if (loc < 0 || loc + 2 > maxlen)
- return -1;
- p = st + loc;
- KRB4_GET16BE(temp, p);
- *dat = temp;
- return 2;
-}
-
-int
-stv_long(u_char *st, KRB_UINT32 *dat, int loc, int maxlen)
-{
- KRB_UINT32 temp;
- unsigned char *p;
-
- if (loc < 0 || loc + 4 > maxlen)
- return -1;
- p = st + loc;
- KRB4_GET32BE(temp, p);
- *dat = temp;
- return 4;
-}
-
-int
-stv_char(u_char *st, u_char *dat, int loc, int maxlen)
-{
- if (loc < 0 || loc + 1 > maxlen)
- return -1;
- *dat = *(st + loc);
- return 1;
-}
+++ /dev/null
-/*
- * lib/krb4/klog.c
- *
- * Copyright 1985, 1986, 1987, 1988, 2007 by the Massachusetts Institute of
- * Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include "autoconf.h"
-#ifdef HAVE_TIME_H
-#include <time.h>
-#endif
-#if !defined(VMS) && !defined(_WIN32)
-#include <sys/time.h>
-#endif
-#include <stdio.h>
-
-#include "krb4int.h"
-#include <klog.h>
-#include "k5-platform.h"
-
-static char *log_name = KRBLOG;
-static char logtxt[1000];
-
-/*
- * This file contains two logging routines: kset_logfile()
- * to determine the file to which log entries should be written;
- * and klog() to write log entries to the file.
- */
-
-/*
- * klog() is used to add entries to the logfile (see kset_logfile()
- * below). Note that it is probably not portable since it makes
- * assumptions about what the compiler will do when it is called
- * with less than the correct number of arguments which is the
- * way it is usually called.
- *
- * The log entry consists of a timestamp and the given arguments
- * printed according to the given "format" string.
- *
- * The log file is opened and closed for each log entry.
- *
- * If the given log type "type" is unknown, or if the log file
- * cannot be opened, no entry is made to the log file.
- *
- * The return value is always a pointer to the formatted log
- * text string "logtxt".
- */
-
-char * klog(type,format,a1,a2,a3,a4,a5,a6,a7,a8,a9,a0)
- int type;
- char *format;
- char *a1,*a2,*a3,*a4,*a5,*a6,*a7,*a8,*a9,*a0;
-{
- FILE *logfile;
- time_t now;
- struct tm *tm;
- static int logtype_array[NLOGTYPE];
- static int array_initialized;
-
- if (!(array_initialized++)) {
- logtype_array[L_NET_ERR] = 1;
- logtype_array[L_KRB_PERR] = 1;
- logtype_array[L_KRB_PWARN] = 1;
- logtype_array[L_APPL_REQ] = 1;
- logtype_array[L_INI_REQ] = 1;
- logtype_array[L_DEATH_REQ] = 1;
- logtype_array[L_NTGT_INTK] = 1;
- logtype_array[L_ERR_SEXP] = 1;
- logtype_array[L_ERR_MKV] = 1;
- logtype_array[L_ERR_NKY] = 1;
- logtype_array[L_ERR_NUN] = 1;
- logtype_array[L_ERR_UNK] = 1;
- }
-
- (void) snprintf(logtxt,sizeof(logtxt),format,a1,a2,a3,a4,a5,a6,a7,a8,a9,a0);
-
- if (!logtype_array[type])
- return(logtxt);
-
- if ((logfile = fopen(log_name,"a")) == NULL)
- return(logtxt);
- set_cloexec_file(logfile);
-
- (void) time(&now);
- tm = localtime(&now);
-
- fprintf(logfile,"%2d-%s-%d %02d:%02d:%02d ",tm->tm_mday,
- month_sname(tm->tm_mon + 1),1900+tm->tm_year,
- tm->tm_hour, tm->tm_min, tm->tm_sec);
- fprintf(logfile,"%s\n",logtxt);
- (void) fclose(logfile);
- return(logtxt);
-}
-
-/*
- * kset_logfile() changes the name of the file to which
- * messages are logged. If kset_logfile() is not called,
- * the logfile defaults to KRBLOG, defined in "krb.h".
- */
-
-void
-kset_logfile(filename)
- char *filename;
-{
- log_name = filename;
-}
+++ /dev/null
-/*
- * lib/krb4/kname_parse.c
- *
- * Copyright 1987, 1988, 2001 by the Massachusetts Institute of
- * Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include <stdio.h>
-#include "krb.h"
-#include <string.h>
-
-static int k_isname_unparsed(const char *s);
-static int k_isinst_unparsed(const char *s);
-static int k_isrealm_unparsed(const char *s);
-
-/*
- * max size of full name
- *
- * XXX This does not account for backslach quoting, and besides we
- * might want to use MAX_K_NAME_SZ.
- */
-#define FULL_SZ (ANAME_SZ + INST_SZ + REALM_SZ)
-
-#define NAME 0 /* which field are we in? */
-#define INST 1
-#define REALM 2
-
-/*
- * This file contains four routines for handling Kerberos names.
- *
- * kname_parse() breaks a Kerberos name into its name, instance,
- * and realm components.
- *
- * k_isname(), k_isinst(), and k_isrealm() check a given string to see if
- * it's a syntactically legitimate respective part of a Kerberos name,
- * returning 1 if it is, 0 if it isn't.
- *
- * Definition of "syntactically legitimate" names is according to
- * the Project Athena Technical Plan Section E.2.1, page 7 "Specifying
- * names", version dated 21 Dec 1987.
- */
-
-/*
- * kname_parse() takes a Kerberos name "fullname" of the form:
- *
- * username[.instance][@realm]
- *
- * and returns the three components ("name", "instance", and "realm"
- * in the example above) in the given arguments "np", "ip", and "rp".
- *
- * If successful, it returns KSUCCESS. If there was an error,
- * KNAME_FMT is returned.
- *
- * For proper operation, this routine requires that the ip, np, and rp
- * arguments be initialized, either to null strings, or to default values
- * of name, instance, and realm. FIXME-gnu: Does anyone use it this way?
- */
-
-int KRB5_CALLCONV
-kname_parse(np, ip, rp, fullname)
- char *np;
- char *ip;
- char *rp;
- char *fullname;
-{
- char buf[FULL_SZ];
- char *rnext, *wnext; /* next char to read, write */
- register char c;
- int backslash;
- int field;
-
- backslash = 0;
- rnext = buf;
- wnext = np;
- field = NAME;
-
- if (strlen(fullname) > FULL_SZ)
- return KNAME_FMT;
- (void) strcpy(buf, fullname);
-
- while ((c = *rnext++)) {
- if (backslash) {
- *wnext++ = c;
- backslash = 0;
- continue;
- }
- switch (c) {
- case '\\':
- backslash++;
- break;
- case '.':
- switch (field) {
- case NAME:
- if (wnext == np)
- return KNAME_FMT;
- *wnext = '\0';
- field = INST;
- wnext = ip;
- break;
- case INST: /* We now allow period in instance */
- case REALM:
- *wnext++ = c;
- break;
- default:
- DEB (("unknown field value\n"));
- return KNAME_FMT;
- }
- break;
- case '@':
- switch (field) {
- case NAME:
- if (wnext == np)
- return KNAME_FMT;
- *ip = '\0';
- /* fall through */
- case INST:
- *wnext = '\0';
- field = REALM;
- wnext = rp;
- break;
- case REALM:
- return KNAME_FMT;
- default:
- DEB (("unknown field value\n"));
- return KNAME_FMT;
- }
- break;
- default:
- *wnext++ = c;
- }
- /*
- * Paranoia: check length each time through to ensure that we
- * don't overwrite things.
- */
- switch (field) {
- case NAME:
- if (wnext - np >= ANAME_SZ)
- return KNAME_FMT;
- break;
- case INST:
- if (wnext - ip >= INST_SZ)
- return KNAME_FMT;
- break;
- case REALM:
- if (wnext - rp >= REALM_SZ)
- return KNAME_FMT;
- break;
- default:
- DEB (("unknown field value\n"));
- return KNAME_FMT;
- }
- }
- *wnext = '\0';
- return KSUCCESS;
-}
-
-/*
- * k_isname() returns 1 if the given name is a syntactically legitimate
- * Kerberos name; returns 0 if it's not.
- */
-
-int KRB5_CALLCONV
-k_isname(s)
- char *s;
-{
- register char c;
- int backslash = 0;
-
- if (!*s)
- return 0;
- if (strlen(s) > ANAME_SZ - 1)
- return 0;
- while((c = *s++)) {
- if (backslash) {
- backslash = 0;
- continue;
- }
- switch(c) {
- case '\\':
- backslash = 1;
- break;
- case '.':
- return 0;
- /* break; */
- case '@':
- return 0;
- /* break; */
- }
- }
- return 1;
-}
-
-
-/*
- * k_isinst() returns 1 if the given name is a syntactically legitimate
- * Kerberos instance; returns 0 if it's not.
- *
- * We now allow periods in instance names -- they are unambiguous.
- */
-
-int KRB5_CALLCONV
-k_isinst(s)
- char *s;
-{
- register char c;
- int backslash = 0;
-
- if (strlen(s) > INST_SZ - 1)
- return 0;
- while((c = *s++)) {
- if (backslash) {
- backslash = 0;
- continue;
- }
- switch(c) {
- case '\\':
- backslash = 1;
- break;
- case '@':
- return 0;
- /* break; */
- }
- }
- return 1;
-}
-
-/*
- * k_isrealm() returns 1 if the given name is a syntactically legitimate
- * Kerberos realm; returns 0 if it's not.
- */
-
-int KRB5_CALLCONV
-k_isrealm(s)
- char *s;
-{
- register char c;
- int backslash = 0;
-
- if (!*s)
- return 0;
- if (strlen(s) > REALM_SZ - 1)
- return 0;
- while((c = *s++)) {
- if (backslash) {
- backslash = 0;
- continue;
- }
- switch(c) {
- case '\\':
- backslash = 1;
- break;
- case '@':
- return 0;
- /* break; */
- }
- }
- return 1;
-}
-
-int KRB5_CALLCONV
-kname_unparse(
- char *outFullName,
- const char *inName,
- const char *inInstance,
- const char *inRealm)
-{
- const char *read;
- char *write = outFullName;
-
- if (inName == NULL)
- return KFAILURE;
-
- if (outFullName == NULL)
- return KFAILURE;
-
- if (!k_isname_unparsed(inName) ||
- ((inInstance != NULL) && !k_isinst_unparsed(inInstance)) ||
- ((inRealm != NULL) && !k_isrealm_unparsed(inRealm))) {
-
- return KFAILURE;
- }
-
- for (read = inName; *read != '\0'; read++, write++) {
- if ((*read == '.') || (*read == '@')) {
- *write = '\\';
- write++;
- }
- *write = *read;
- }
-
- if ((inInstance != NULL) && (inInstance[0] != '\0')) {
- *write = '.';
- write++;
- for (read = inInstance; *read != '\0'; read++, write++) {
- if (*read == '@') {
- *write = '\\';
- write++;
- }
- *write = *read;
- }
- }
-
- if ((inRealm != NULL) && (inRealm[0] != '\0')) {
- *write = '@';
- write++;
- for (read = inRealm; *read != '\0'; read++, write++) {
- if (*read == '@') {
- *write = '\\';
- write++;
- }
- *write = *read;
- }
- }
-
- *write = '\0';
- return KSUCCESS;
-}
-
-/*
- * k_isname, k_isrealm, k_isinst expect an unparsed realm -- i.e., one where all
- * components have special characters escaped with \. However,
- * for kname_unparse, we need to be able to sanity-check components without \.
- * That's what k_is*_unparsed are for.
- */
-
-static int
-k_isname_unparsed(const char *s)
-{
- int len = strlen(s);
- const char* c;
- /* Has to be non-empty and has to fit in ANAME_SZ when escaped with \ */
-
- if (!*s)
- return 0;
-
- for (c = s; *c != '\0'; c++) {
- switch (*c) {
- case '.':
- case '@':
- len++;
- break;
- }
- }
-
- if (len > ANAME_SZ - 1)
- return 0;
- return 1;
-}
-
-static int
-k_isinst_unparsed(const char *s)
-{
- int len = strlen(s);
- const char* c;
- /* Has to fit in INST_SZ when escaped with \ */
-
- for (c = s; *c != '\0'; c++) {
- switch (*c) {
- case '.':
- case '@':
- len++;
- break;
- }
- }
-
- if (len > INST_SZ - 1)
- return 0;
- return 1;
-}
-
-static int
-k_isrealm_unparsed(const char *s)
-{
- int len = strlen(s);
- const char* c;
- /* Has to be non-empty and has to fit in REALM_SZ when escaped with \ */
-
- if (!*s)
- return 0;
-
- for (c = s; *c != '\0'; c++) {
- switch (*c) {
- case '@':
- len++;
- break;
- }
- }
-
- if (len > REALM_SZ - 1)
- return 0;
- return 1;
-}
+++ /dev/null
-/*
- * kntoln.c
- *
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- */
-
-#include "mit-copyright.h"
-#include "krb.h"
-#include <string.h>
-
-/*
- * krb_kntoln converts an auth name into a local name by looking up
- * the auth name in the /etc/aname file. The format of the aname
- * file is:
- *
- * +-----+-----+-----+-----+------+----------+-------+-------+
- * | anl | inl | rll | lnl | name | instance | realm | lname |
- * +-----+-----+-----+-----+------+----------+-------+-------+
- * | 1by | 1by | 1by | 1by | name | instance | realm | lname |
- * +-----+-----+-----+-----+------+----------+-------+-------+
- *
- * If the /etc/aname file can not be opened it will set the
- * local name to the auth name. Thus, in this case it performs as
- * the identity function.
- *
- * The name instance and realm are passed to krb_kntoln through
- * the AUTH_DAT structure (ad).
- *
- * Now here's what it *really* does:
- *
- * Given a Kerberos name in an AUTH_DAT structure, check that the
- * instance is null, and that the realm is the same as the local
- * realm, and return the principal's name in "lname". Return
- * KSUCCESS if all goes well, otherwise KFAILURE.
- */
-
-/* The definition of MAX_USERNAME here MUST agree with kuserok.c, or bad
- * things will happen. */
-#define MAX_USERNAME 10
-
-int
-krb_kntoln(ad,lname)
- AUTH_DAT *ad;
- char *lname;
-{
- static char lrealm[REALM_SZ];
-
- if (!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE))
- return(KFAILURE);
-
- if (strcmp(ad->pinst,""))
- return(KFAILURE);
- if (strcmp(ad->prealm,lrealm))
- return(KFAILURE);
- (void) strncpy(lname,ad->pname,MAX_USERNAME-1);
- lname[MAX_USERNAME - 1] = '\0';
- return(KSUCCESS);
-}
+++ /dev/null
-/*
- * lib/krb4/krb4int.h
- *
- * Copyright 2001-2002, 2007 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * A series of private prototypes that we are not exporting but should
- * be available for self consistancy in the library.
- */
-
-#include "port-sockets.h"
-
-/* ad_print.c */
-void ad_print(AUTH_DAT *x);
-
-/* fgetst.c */
-int fgetst(FILE *, char *, int);
-
-/* getst.c */
-int getst(int, char *, int);
-
-/* g_cnffile.c */
-FILE *krb__get_realmsfile(void);
-
-FILE *krb__get_cnffile(void);
-
-/* g_svc_in_tkt.c */
-int krb_svc_init(char *, char *, char *, int, char *, char *);
-int krb_svc_init_preauth(char *, char *, char *, int, char *, char *);
-
-int krb_get_svc_in_tkt_preauth(char *, char *, char *, char *, char *, int, char *);
-
-/* gethostname.c */
-int k_gethostname(char *, int);
-
-/* g_in_tkt.c */
-int krb_get_in_tkt_preauth_creds(char *, char *, char *,
- char *, char *, int,
- key_proc_type, decrypt_tkt_type,
- char *, char *, int, CREDENTIALS *, KRB_UINT32 *);
-
-/* klog.c */
-void kset_logfile(char *);
-
-/* log.c */
-void krb_log(const char *, ...)
-#if !defined(__cplusplus) && (__GNUC__ > 2)
- __attribute__((__format__(__printf__, 1, 2)))
-#endif
- ;
-
-void krb_set_logfile(char *);
-
-/* month_sname.c */
-const char * month_sname(int);
-
-/* password_to_key.c */
-key_proc_type *krb_get_keyprocs (key_proc_type keyproc);
-int KRB5_CALLCONV mit_passwd_to_key(char *user, char *instance, char *realm,
- char *passwd, C_Block key);
-int KRB5_CALLCONV krb5_passwd_to_key(char *user, char *instance, char *realm,
- char *passwd, C_Block key);
-int KRB5_CALLCONV afs_passwd_to_key(char *user, char *instance, char *realm,
- char *passwd, C_Block key);
-
-/* rd_preauth.c */
-#ifdef KRB_DB_DEFS
-int krb_rd_preauth(KTEXT, char *, int, Principal *, des_cblock);
-#endif
-
-/* sendauth.c */
-int krb_net_rd_sendauth(int, KTEXT, KRB4_32 *);
-
-/* stime.c */
-char *krb_stime(long *);
-
-/* tf_util.c */
-int tf_save_cred(char *, char *, char *, C_Block, int , int, KTEXT, KRB4_32);
-
-
-/* unix_glue.c */
-int krb_start_session(char *);
-
-int krb_end_session(char *);
-
-#ifndef _WIN32
-/* For windows users, these are defined in krb.h */
-char *krb_get_default_user (void);
-
-int krb_set_default_user (char *);
-#endif
-
-/* RealmConfig-glue.c */
-int krb_get_kpasswdhst(char *, char *, int);
-
-/* err_txt.c */
-void krb4int_et_init(void);
-void krb4int_et_fini(void);
-
-int krb4int_save_credentials_addr(
- char *, char *, char *, C_Block, int, int, KTEXT, KRB4_32, KRB_UINT32);
-
-int krb4int_send_to_kdc_addr(KTEXT, KTEXT, char *,
- struct sockaddr *, socklen_t *);
-
-/*
- * Exported by libdes425 and called by krb_get_in_pw_tkt, but not part of
- * the standard DES interface and therefore not prototyped in des.h.
- */
-int KRB5_CALLCONV des_read_pw_string(char *, int, char *, int);
+++ /dev/null
-# Copyright 1987,1988 Massachusetts Institute of Technology
-#
-# For copying and distribution information, see the file
-# "mit-copyright.h".
-#
-#
- error_table krb
-
- ec KRBET_KSUCCESS,
- "Kerberos successful"
-
- ec KRBET_KDC_NAME_EXP,
- "Kerberos principal expired"
-
- ec KRBET_KDC_SERVICE_EXP,
- "Kerberos service expired"
-
- ec KRBET_KDC_AUTH_EXP,
- "Kerberos auth expired"
-
- ec KRBET_KDC_PKT_VER,
- "Unknown kerberos protocol version"
-
- ec KRBET_KDC_P_MKEY_VER,
- "Incorrect kerberos master key version for principal"
-
- ec KRBET_KDC_S_MKEY_VER,
- "Incorrect kerberos master key version for service"
-
- ec KRBET_KDC_BYTE_ORDER,
- "Bad byte order (kerberos)"
-
- ec KRBET_KDC_PR_UNKNOWN,
- "Kerberos principal unknown"
-
- ec KRBET_KDC_PR_N_UNIQUE,
- "Kerberos principal not unique"
-
- ec KRBET_KDC_NULL_KEY,
- "Kerberos principal has null key"
-
- ec KRBET_KRB_RES11,
- "Reserved error message 11 (kerberos)"
-
- ec KRBET_KRB_RES12,
- "Reserved error message 12 (kerberos)"
-
- ec KRBET_KRB_RES13,
- "Reserved error message 13 (kerberos)"
-
- ec KRBET_KRB_RES14,
- "Reserved error message 14 (kerberos)"
-
- ec KRBET_KRB_RES15,
- "Reserved error message 15 (kerberos)"
-
- ec KRBET_KRB_RES16,
- "Reserved error message 16 (kerberos)"
-
- ec KRBET_KRB_RES17,
- "Reserved error message 17 (kerberos)"
-
- ec KRBET_KRB_RES18,
- "Reserved error message 18 (kerberos)"
-
- ec KRBET_KRB_RES19,
- "Reserved error message 19 (kerberos)"
-
- ec KRBET_KDC_GEN_ERR,
- "Generic error from Kerberos KDC"
-
- ec KRBET_GC_TKFIL,
- "Can't read Kerberos ticket file"
-
- ec KRBET_GC_NOTKT,
- "Can't find Kerberos ticket or TGT"
-
- ec KRBET_KRB_RES23,
- "Reserved error message 23 (krb_get_cred)"
-
- ec KRBET_KRB_RES24,
- "Reserved error message 24 (krb_get_cred)"
-
- ec KRBET_KRB_RES25,
- "Reserved error message 25 (krb_get_cred)"
-
- ec KRBET_MK_AP_TGTEXP,
- "Kerberos TGT Expired"
-
- ec KRBET_KRB_RES27,
- "Reserved error message 27 (krb_mk_req)"
-
- ec KRBET_KRB_RES28,
- "Reserved error message 28 (krb_mk_req)"
-
- ec KRBET_KRB_RES29,
- "Reserved error message 29 (krb_mk_req)"
-
- ec KRBET_KRB_RES30,
- "Reserved error message 30 (krb_mk_req)"
-
- ec KRBET_RD_AP_UNDEC,
- "Can't decode authenticator (krb_rd_req)"
-
- ec KRBET_RD_AP_EXP,
- "Kerberos ticket expired (krb_rd_req)"
-
- ec KRBET_RD_AP_NYV,
- "Kerberos ticket not yet valid (krb_rd_req)"
-
- ec KRBET_RD_AP_REPEAT,
- "Repeated request (krb_rd_req)"
-
- ec KRBET_RD_AP_NOT_US,
- "Kerberos ticket is for wrong server (krb_rd_req)"
-
- ec KRBET_RD_AP_INCON,
- "Kerberos request inconsistent"
-
- ec KRBET_RD_AP_TIME,
- "Time is out of bounds (krb_rd_req)"
-
- ec KRBET_RD_AP_BADD,
- "Incorrect net address (krb_rd_req)"
-
- ec KRBET_RD_AP_VERSION,
- "Kerberos protocol version mismatch (krb_rd_req)"
-
- ec KRBET_RD_AP_MSG_TYPE,
- "Invalid msg type (krb_rd_req)"
-
- ec KRBET_RD_AP_MODIFIED,
- "Message integrity error (krb_rd_req)"
-
- ec KRBET_RD_AP_ORDER,
- "Message out of order (krb_rd_req)"
-
- ec KRBET_RD_AP_UNAUTHOR,
- "Unauthorized request (krb_rd_req)"
-
- ec KRBET_KRB_RES44,
- "Reserved error message 44 (krb_rd_req)"
-
- ec KRBET_KRB_RES45,
- "Reserved error message 45 (krb_rd_req)"
-
- ec KRBET_KRB_RES46,
- "Reserved error message 46 (krb_rd_req)"
-
- ec KRBET_KRB_RES47,
- "Reserved error message 47 (krb_rd_req)"
-
- ec KRBET_KRB_RES48,
- "Reserved error message 48 (krb_rd_req)"
-
- ec KRBET_KRB_RES49,
- "Reserved error message 49 (krb_rd_req)"
-
- ec KRBET_KRB_RES50,
- "Reserved error message 50 (krb_rd_req)"
-
- ec KRBET_GT_PW_NULL,
- "Current password is null (get_pw_tkt)"
-
- ec KRBET_GT_PW_BADPW,
- "Incorrect current password (get_pw_tkt)"
-
- ec KRBET_GT_PW_PROT,
- "Protocol error (get_pw_tkt)"
-
- ec KRBET_GT_PW_KDCERR,
- "Error returned by KDC (get_pw_tkt)"
-
- ec KRBET_GT_PW_NULLTKT,
- "Null Kerberos ticket returned by KDC (get_pw_tkt)"
-
- ec KRBET_SKDC_RETRY,
- "Retry count exceeded (send_to_kdc)"
-
- ec KRBET_SKDC_CANT,
- "Can't send request (send_to_kdc)"
-
- ec KRBET_KRB_RES58,
- "Reserved error message 58 (send_to_kdc)"
-
- ec KRBET_KRB_RES59,
- "Reserved error message 59 (send_to_kdc)"
-
- ec KRBET_KRB_RES60,
- "Reserved error message 60 (send_to_kdc)"
-
- ec KRBET_INTK_W_NOTALL,
- "Kerberos error: not all tickets returned"
-
- ec KRBET_INTK_BADPW,
- "Incorrect password (get_in_tkt)"
-
- ec KRBET_INTK_PROT,
- "Protocol error (get_in_tkt)"
-
- ec KRBET_KRB_RES64,
- "Reserved error message 64 (get_in_tkt)"
-
- ec KRBET_KRB_RES65,
- "Reserved error message 65 (get_in_tkt)"
-
- ec KRBET_KRB_RES66,
- "Reserved error message 66 (get_in_tkt)"
-
- ec KRBET_KRB_RES67,
- "Reserved error message 67 (get_in_tkt)"
-
- ec KRBET_KRB_RES68,
- "Reserved error message 68 (get_in_tkt)"
-
- ec KRBET_KRB_RES69,
- "Reserved error message 69 (get_in_tkt)"
-
- ec KRBET_INTK_ERR,
- "Other error (get_in_tkt)"
-
- ec KRBET_AD_NOTGT,
- "Don't have Kerberos ticket-granting ticket (get_ad_tkt)"
-
- ec KRBET_KRB_RES72,
- "Reserved error message 72 (get_ad_tkt)"
-
- ec KRBET_KRB_RES73,
- "Reserved error message 73 (get_ad_tkt)"
-
- ec KRBET_KRB_RES74,
- "Reserved error message 74 (get_ad_tkt)"
-
- ec KRBET_KRB_RES75,
- "Reserved error message 75 (get_ad_tkt)"
-
- ec KRBET_NO_TKT_FIL,
- "You have no tickets cached"
-
- ec KRBET_TKT_FIL_ACC,
- "Couldn't access ticket file (tf_util)"
-
- ec KRBET_TKT_FIL_LCK,
- "Couldn't lock ticket file (tf_util)"
-
- ec KRBET_TKT_FIL_FMT,
- "Bad ticket file format (tf_util)"
-
- ec KRBET_TKT_FIL_INI,
- "tf_init not called before reading from ticket file (tf_util)"
-
- ec KRBET_KNAME_FMT,
- "Bad Kerberos name format (kname_parse)"
-
- ec KRBET_RES82,
- "Reserved error message 82"
-
- ec KRBET_RES83,
- "Reserved error message 83"
-
- ec KRBET_RES84,
- "Reserved error message 84"
-
- ec KRBET_RES85,
- "Reserved error message 85"
-
- ec KRBET_RES86,
- "Reserved error message 86"
-
- ec KRBET_RES87,
- "Reserved error message 87"
-
- ec KRBET_RES88,
- "Reserved error message 88"
-
- ec KRBET_RES89,
- "Reserved error message 89"
-
- ec KRBET_RES90,
- "Reserved error message 90"
-
- ec KRBET_RES91,
- "Reserved error message 91"
-
- ec KRBET_RES92,
- "Reserved error message 92"
-
- ec KRBET_RES93,
- "Reserved error message 93"
-
- ec KRBET_RES94,
- "Reserved error message 94"
-
- ec KRBET_RES95,
- "Reserved error message 95"
-
- ec KRBET_RES96,
- "Reserved error message 96"
-
- ec KRBET_RES97,
- "Reserved error message 97"
-
- ec KRBET_RES98,
- "Reserved error message 98"
-
- ec KRBET_RES99,
- "Reserved error message 99"
-
- ec KRBET_RES100,
- "Reserved error message 100"
-
- ec KRBET_RES101,
- "Reserved error message 101"
-
- ec KRBET_RES102,
- "Reserved error message 102"
-
- ec KRBET_RES103,
- "Reserved error message 103"
-
- ec KRBET_RES104,
- "Reserved error message 104"
-
- ec KRBET_RES105,
- "Reserved error message 105"
-
- ec KRBET_RES106,
- "Reserved error message 106"
-
- ec KRBET_RES107,
- "Reserved error message 107"
-
- ec KRBET_RES108,
- "Reserved error message 108"
-
- ec KRBET_RES109,
- "Reserved error message 109"
-
- ec KRBET_RES110,
- "Reserved error message 110"
-
- ec KRBET_RES111,
- "Reserved error message 111"
-
- ec KRBET_RES112,
- "Reserved error message 112"
-
- ec KRBET_RES113,
- "Reserved error message 113"
-
- ec KRBET_RES114,
- "Reserved error message 114"
-
- ec KRBET_RES115,
- "Reserved error message 115"
-
- ec KRBET_RES116,
- "Reserved error message 116"
-
- ec KRBET_RES117,
- "Reserved error message 117"
-
- ec KRBET_RES118,
- "Reserved error message 118"
-
- ec KRBET_RES119,
- "Reserved error message 119"
-
- ec KRBET_RES120,
- "Reserved error message 120"
-
- ec KRBET_RES121,
- "Reserved error message 121"
-
- ec KRBET_RES122,
- "Reserved error message 122"
-
- ec KRBET_RES123,
- "Reserved error message 123"
-
- ec KRBET_RES124,
- "Reserved error message 124"
-
- ec KRBET_RES125,
- "Reserved error message 125"
-
- ec KRBET_RES126,
- "Reserved error message 126"
-
- ec KRBET_RES127,
- "Reserved error message 127"
-
- ec KRBET_RES128,
- "Reserved error message 128"
-
- ec KRBET_RES129,
- "Reserved error message 129"
-
- ec KRBET_RES130,
- "Reserved error message 130"
-
- ec KRBET_RES131,
- "Reserved error message 131"
-
- ec KRBET_RES132,
- "Reserved error message 132"
-
- ec KRBET_RES133,
- "Reserved error message 133"
-
- ec KRBET_RES134,
- "Reserved error message 134"
-
- ec KRBET_RES135,
- "Reserved error message 135"
-
- ec KRBET_RES136,
- "Reserved error message 136"
-
- ec KRBET_RES137,
- "Reserved error message 137"
-
- ec KRBET_RES138,
- "Reserved error message 138"
-
- ec KRBET_RES139,
- "Reserved error message 139"
-
- ec KRBET_RES140,
- "Reserved error message 140"
-
- ec KRBET_RES141,
- "Reserved error message 141"
-
- ec KRBET_RES142,
- "Reserved error message 142"
-
- ec KRBET_RES143,
- "Reserved error message 143"
-
- ec KRBET_RES144,
- "Reserved error message 144"
-
- ec KRBET_RES145,
- "Reserved error message 145"
-
- ec KRBET_RES146,
- "Reserved error message 146"
-
- ec KRBET_RES147,
- "Reserved error message 147"
-
- ec KRBET_RES148,
- "Reserved error message 148"
-
- ec KRBET_RES149,
- "Reserved error message 149"
-
- ec KRBET_RES150,
- "Reserved error message 150"
-
- ec KRBET_RES151,
- "Reserved error message 151"
-
- ec KRBET_RES152,
- "Reserved error message 152"
-
- ec KRBET_RES153,
- "Reserved error message 153"
-
- ec KRBET_RES154,
- "Reserved error message 154"
-
- ec KRBET_RES155,
- "Reserved error message 155"
-
- ec KRBET_RES156,
- "Reserved error message 156"
-
- ec KRBET_RES157,
- "Reserved error message 157"
-
- ec KRBET_RES158,
- "Reserved error message 158"
-
- ec KRBET_RES159,
- "Reserved error message 159"
-
- ec KRBET_RES160,
- "Reserved error message 160"
-
- ec KRBET_RES161,
- "Reserved error message 161"
-
- ec KRBET_RES162,
- "Reserved error message 162"
-
- ec KRBET_RES163,
- "Reserved error message 163"
-
- ec KRBET_RES164,
- "Reserved error message 164"
-
- ec KRBET_RES165,
- "Reserved error message 165"
-
- ec KRBET_RES166,
- "Reserved error message 166"
-
- ec KRBET_RES167,
- "Reserved error message 167"
-
- ec KRBET_RES168,
- "Reserved error message 168"
-
- ec KRBET_RES169,
- "Reserved error message 169"
-
- ec KRBET_RES170,
- "Reserved error message 170"
-
- ec KRBET_RES171,
- "Reserved error message 171"
-
- ec KRBET_RES172,
- "Reserved error message 172"
-
- ec KRBET_RES173,
- "Reserved error message 173"
-
- ec KRBET_RES174,
- "Reserved error message 174"
-
- ec KRBET_RES175,
- "Reserved error message 175"
-
- ec KRBET_RES176,
- "Reserved error message 176"
-
- ec KRBET_RES177,
- "Reserved error message 177"
-
- ec KRBET_RES178,
- "Reserved error message 178"
-
- ec KRBET_RES179,
- "Reserved error message 179"
-
- ec KRBET_RES180,
- "Reserved error message 180"
-
- ec KRBET_RES181,
- "Reserved error message 181"
-
- ec KRBET_RES182,
- "Reserved error message 182"
-
- ec KRBET_RES183,
- "Reserved error message 183"
-
- ec KRBET_RES184,
- "Reserved error message 184"
-
- ec KRBET_RES185,
- "Reserved error message 185"
-
- ec KRBET_RES186,
- "Reserved error message 186"
-
- ec KRBET_RES187,
- "Reserved error message 187"
-
- ec KRBET_RES188,
- "Reserved error message 188"
-
- ec KRBET_RES189,
- "Reserved error message 189"
-
- ec KRBET_RES190,
- "Reserved error message 190"
-
- ec KRBET_RES191,
- "Reserved error message 191"
-
- ec KRBET_RES192,
- "Reserved error message 192"
-
- ec KRBET_RES193,
- "Reserved error message 193"
-
- ec KRBET_RES194,
- "Reserved error message 194"
-
- ec KRBET_RES195,
- "Reserved error message 195"
-
- ec KRBET_RES196,
- "Reserved error message 196"
-
- ec KRBET_RES197,
- "Reserved error message 197"
-
- ec KRBET_RES198,
- "Reserved error message 198"
-
- ec KRBET_RES199,
- "Reserved error message 199"
-
- ec KRBET_RES200,
- "Reserved error message 200"
-
- ec KRBET_RES201,
- "Reserved error message 201"
-
- ec KRBET_RES202,
- "Reserved error message 202"
-
- ec KRBET_RES203,
- "Reserved error message 203"
-
- ec KRBET_RES204,
- "Reserved error message 204"
-
- ec KRBET_RES205,
- "Reserved error message 205"
-
- ec KRBET_RES206,
- "Reserved error message 206"
-
- ec KRBET_RES207,
- "Reserved error message 207"
-
- ec KRBET_RES208,
- "Reserved error message 208"
-
- ec KRBET_RES209,
- "Reserved error message 209"
-
- ec KRBET_RES210,
- "Reserved error message 210"
-
- ec KRBET_RES211,
- "Reserved error message 211"
-
- ec KRBET_RES212,
- "Reserved error message 212"
-
- ec KRBET_RES213,
- "Reserved error message 213"
-
- ec KRBET_RES214,
- "Reserved error message 214"
-
- ec KRBET_RES215,
- "Reserved error message 215"
-
- ec KRBET_RES216,
- "Reserved error message 216"
-
- ec KRBET_RES217,
- "Reserved error message 217"
-
- ec KRBET_RES218,
- "Reserved error message 218"
-
- ec KRBET_RES219,
- "Reserved error message 219"
-
- ec KRBET_RES220,
- "Reserved error message 220"
-
- ec KRBET_RES221,
- "Reserved error message 221"
-
- ec KRBET_RES222,
- "Reserved error message 222"
-
- ec KRBET_RES223,
- "Reserved error message 223"
-
- ec KRBET_RES224,
- "Reserved error message 224"
-
- ec KRBET_RES225,
- "Reserved error message 225"
-
- ec KRBET_RES226,
- "Reserved error message 226"
-
- ec KRBET_RES227,
- "Reserved error message 227"
-
- ec KRBET_RES228,
- "Reserved error message 228"
-
- ec KRBET_RES229,
- "Reserved error message 229"
-
- ec KRBET_RES230,
- "Reserved error message 230"
-
- ec KRBET_RES231,
- "Reserved error message 231"
-
- ec KRBET_RES232,
- "Reserved error message 232"
-
- ec KRBET_RES233,
- "Reserved error message 233"
-
- ec KRBET_RES234,
- "Reserved error message 234"
-
- ec KRBET_RES235,
- "Reserved error message 235"
-
- ec KRBET_RES236,
- "Reserved error message 236"
-
- ec KRBET_RES237,
- "Reserved error message 237"
-
- ec KRBET_RES238,
- "Reserved error message 238"
-
- ec KRBET_RES239,
- "Reserved error message 239"
-
- ec KRBET_RES240,
- "Reserved error message 240"
-
- ec KRBET_RES241,
- "Reserved error message 241"
-
- ec KRBET_RES242,
- "Reserved error message 242"
-
- ec KRBET_RES243,
- "Reserved error message 243"
-
- ec KRBET_RES244,
- "Reserved error message 244"
-
- ec KRBET_RES245,
- "Reserved error message 245"
-
- ec KRBET_RES246,
- "Reserved error message 246"
-
- ec KRBET_RES247,
- "Reserved error message 247"
-
- ec KRBET_RES248,
- "Reserved error message 248"
-
- ec KRBET_RES249,
- "Reserved error message 249"
-
- ec KRBET_RES250,
- "Reserved error message 250"
-
- ec KRBET_RES251,
- "Reserved error message 251"
-
- ec KRBET_RES252,
- "Reserved error message 252"
-
- ec KRBET_RES253,
- "Reserved error message 253"
-
- ec KRBET_RES254,
- "Reserved error message 254"
-
- ec KRBET_KFAILURE,
- "Generic kerberos error (kfailure)"
- end
+++ /dev/null
-/*
- * lib/krb4/kuserok.c
- *
- * Copyright 1987, 1988, 2007 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * kuserok: check if a kerberos principal has
- * access to a local account
- */
-
-#include "krb.h"
-
-#if !defined(_WIN32)
-
-#include <stdio.h>
-#include <pwd.h>
-#include <sys/param.h>
-#include <sys/stat.h>
-#include <sys/file.h>
-#include <string.h>
-#include "autoconf.h"
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef __SCO__
-/* just for F_OK for sco */
-#include <sys/unistd.h>
-#endif
-#include "k5-platform.h"
-
-#ifndef HAVE_SETEUID
-#ifdef HAVE_SETRESUID
-#define seteuid(e) setresuid(-1,e,-1)
-#define setegid(e) setresgid(-1,e,-1)
-#endif
-#endif
-
-#define OK 0
-#define NOTOK 1
-#define MAX_USERNAME 10
-
-/*
- * Given a Kerberos principal "kdata", and a local username "luser",
- * determine whether user is authorized to login according to the
- * authorization file ("~luser/.klogin" by default). Returns OK
- * if authorized, NOTOK if not authorized.
- *
- * If there is no account for "luser" on the local machine, returns
- * NOTOK. If there is no authorization file, and the given Kerberos
- * name "kdata" translates to the same name as "luser" (using
- * krb_kntoln()), returns OK. Otherwise, if the authorization file
- * can't be accessed, returns NOTOK. Otherwise, the file is read for
- * a matching principal name, instance, and realm. If one is found,
- * returns OK, if none is found, returns NOTOK.
- *
- * The file entries are in the format:
- *
- * name.instance@realm
- *
- * one entry per line.
- *
- */
-
-int KRB5_CALLCONV
-kuserok(kdata, luser)
- AUTH_DAT *kdata;
- char *luser;
-{
- struct stat sbuf;
- struct passwd *pwd;
- char pbuf[MAXPATHLEN];
- int isok = NOTOK, rc;
- FILE *fp;
- char kuser[MAX_USERNAME];
- char principal[ANAME_SZ], inst[INST_SZ], realm[REALM_SZ];
- char linebuf[BUFSIZ];
- char *newline;
- int gobble;
-
- /* no account => no access */
- if ((pwd = getpwnam(luser)) == NULL) {
- return(NOTOK);
- }
- if (strlen (pwd->pw_dir) + sizeof ("/.klogin") >= sizeof (pbuf))
- return NOTOK;
- (void) strncpy(pbuf, pwd->pw_dir, sizeof(pbuf) - 1);
- pbuf[sizeof(pbuf) - 1] = '\0';
- (void) strncat(pbuf, "/.klogin", sizeof(pbuf) - 1 - strlen(pbuf));
-
- if (access(pbuf, F_OK)) { /* not accessible */
- /*
- * if he's trying to log in as himself, and there is no .klogin file,
- * let him. To find out, call
- * krb_kntoln to convert the triple in kdata to a name which we can
- * string compare.
- */
- if (!krb_kntoln(kdata, kuser) && (strcmp(kuser, luser) == 0)) {
- return(OK);
- }
- }
- /* open ~/.klogin */
- if ((fp = fopen(pbuf, "r")) == NULL) {
- /* however, root might not have enough access, so temporarily switch
- * over to the user's uid, try the access again, and switch back
- */
- if(getuid() == 0) {
- uid_t old_euid = geteuid();
- if (seteuid(pwd->pw_uid) < 0)
- return NOTOK;
- fp = fopen(pbuf, "r");
- if (seteuid(old_euid) < 0)
- return NOTOK;
- if ((fp) == NULL) {
- return(NOTOK);
- }
- } else {
- return(NOTOK);
- }
- }
- set_cloexec_file(fp);
- /*
- * security: if the user does not own his own .klogin file,
- * do not grant access
- */
- if (fstat(fileno(fp), &sbuf)) {
- fclose(fp);
- return(NOTOK);
- }
- /*
- * however, allow root to own the .klogin file, to allow creative
- * access management schemes.
- */
- if (sbuf.st_uid && (sbuf.st_uid != pwd->pw_uid)) {
- fclose(fp);
- return(NOTOK);
- }
-
- /* check each line */
- while ((isok != OK) && (fgets(linebuf, BUFSIZ, fp) != NULL)) {
- /* null-terminate the input string */
- linebuf[BUFSIZ-1] = '\0';
- newline = NULL;
- /* nuke the newline if it exists */
- if ((newline = strchr(linebuf, '\n')))
- *newline = '\0';
-
- /* Default the fields (default realm is filled in later) */
- principal[0] = '\0';
- inst[0] = '\0';
- realm[0] = '\0';
- rc = kname_parse(principal, inst, realm, linebuf);
- if (rc == KSUCCESS) {
- if (realm[0] == '\0') {
- rc = krb_get_lrealm(realm, 1);
- if (rc != KSUCCESS)
- goto nextline;
- }
- isok = (strncmp(kdata->pname, principal, ANAME_SZ) ||
- strncmp(kdata->pinst, inst, INST_SZ) ||
- strncmp(kdata->prealm, realm, REALM_SZ));
- }
- nextline:
- /* clean up the rest of the line if necessary */
- if (!newline)
- while (((gobble = getc(fp)) != EOF) && gobble != '\n');
- }
- fclose(fp);
- return(isok);
-}
-
-#endif
+++ /dev/null
-__krb_sendauth_hidden_tkt_len
-ad_print
-afs_passwd_to_key
-cr_err_reply
-create_auth_reply
-create_ciph
-decomp_ticket
-decomp_tkt_krb5
-dest_tkt
-et_kadm_error_table
-et_krb_error_table
-fgetst
-get_ad_tkt
-get_pw_tkt
-get_service_key
-getst
-in_tkt
-initialize_kadm_error_table
-initialize_krb_error_table
-k_gethostname
-k_isinst
-k_isname
-k_isrealm
-kadm_build_field_header
-kadm_check_field_header
-kadm_cli_conn
-kadm_cli_disconn
-kadm_cli_keyd
-kadm_cli_out
-kadm_cli_send
-kadm_init_link
-kadm_stream_to_vals
-kadm_stv_char
-kadm_stv_long
-kadm_stv_short
-kadm_stv_string
-kadm_vals_to_stream
-kadm_vts_char
-kadm_vts_long
-kadm_vts_short
-kadm_vts_string
-klog
-kname_parse
-kname_unparse
-krb4int_address_less
-krb4int_et_fini
-krb4int_et_init
-krb4int_save_credentials_addr
-krb4int_send_to_kdc_addr
-krb4int_strnlen
-krb4prot_decode_ciph
-krb4prot_decode_error
-krb4prot_decode_header
-krb4prot_decode_kdc_reply
-krb4prot_decode_kdc_request
-krb4prot_decode_naminstrlm
-krb4prot_encode_apreq
-krb4prot_encode_authent
-krb4prot_encode_ciph
-krb4prot_encode_err_reply
-krb4prot_encode_kdc_reply
-krb4prot_encode_kdc_request
-krb4prot_encode_naminstrlm
-krb4prot_encode_tkt
-krb54_get_service_keyblock
-krb5__krb4_context
-krb5_passwd_to_key
-krb__get_cnffile
-krb__get_realmsfile
-krb__get_srvtabname
-krb_ap_req_debug
-krb_change_password
-krb_check_auth
-krb_clear_key_krb5
-krb_cr_tkt_krb5
-krb_create_ticket
-krb_debug
-krb_end_session
-krb_err_txt
-krb_free_preauth
-krb_get_admhst
-krb_get_cred
-krb_get_default_user
-krb_get_err_text
-krb_get_in_tkt
-krb_get_in_tkt_creds
-krb_get_in_tkt_preauth
-krb_get_in_tkt_preauth_creds
-krb_get_keyprocs
-krb_get_kpasswdhst
-krb_get_krbhst
-krb_get_lrealm
-krb_get_phost
-krb_get_profile
-krb_get_pw_in_tkt
-krb_get_pw_in_tkt_creds
-krb_get_pw_in_tkt_preauth
-krb_get_svc_in_tkt
-krb_get_svc_in_tkt_preauth
-krb_get_tf_fullname
-krb_get_tf_realm
-krb_get_ticket_for_service
-krb_ignore_ip_address
-krb_in_tkt
-krb_kntoln
-krb_life_to_time
-krb_log
-krb_mk_auth
-krb_mk_err
-krb_mk_preauth
-krb_mk_priv
-krb_mk_req
-krb_mk_req_creds
-krb_mk_safe
-krb_net_rd_sendauth
-krb_net_read
-krb_net_write
-krb_rd_err
-krb_rd_preauth
-krb_rd_priv
-krb_rd_req
-krb_rd_req_int
-krb_rd_safe
-krb_realmofhost
-krb_recvauth
-krb_save_credentials
-krb_sendauth
-krb_set_default_user
-krb_set_key
-krb_set_key_krb5
-krb_set_lifetime
-krb_set_logfile
-krb_set_tkt_string
-krb_start_session
-krb_stime
-krb_svc_init
-krb_svc_init_preauth
-krb_time_to_life
-kset_logfile
-kuserok
-mit_passwd_to_key
-month_sname
-pkt_cipher
-pkt_clen
-private_msg_ver
-put_svc_key
-read_service_key
-send_to_kdc
-swap_bytes
-tf_close
-tf_get_cred
-tf_get_pinst
-tf_get_pname
-tf_init
-tf_save_cred
-tkt_string
-unix_time_gmt_unixsec
+++ /dev/null
-/*
- * Copyright 2000, 2001, 2003 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include "krb.h"
-#include "k5-int.h"
-
-/*
- * krb_life_to_time
- *
- * Given a start date and a lifetime byte, compute the expiration
- * date.
- */
-KRB4_32 KRB5_CALLCONV
-krb_life_to_time(KRB4_32 start, int life)
-{
- krb5int_access k5internals;
-
- if (krb5int_accessor(&k5internals, KRB5INT_ACCESS_VERSION)
- || k5internals.krb_life_to_time == NULL)
- return start;
- return k5internals.krb_life_to_time(start, life);
-}
-
-/*
- * krb_time_to_life
- *
- * Given the start date and the end date, compute the lifetime byte.
- * Round up, since we can adjust the start date backwards if we are
- * issuing the ticket to cause it to expire at the correct time.
- */
-int KRB5_CALLCONV
-krb_time_to_life(KRB4_32 start, KRB4_32 end)
-{
- krb5int_access k5internals;
-
- if (krb5int_accessor(&k5internals, KRB5INT_ACCESS_VERSION)
- || k5internals.krb_time_to_life == NULL)
- return 0;
- return k5internals.krb_time_to_life(start, end);
-}
+++ /dev/null
-/*
- * lib/krb4/log.c
- *
- * Copyright 1985, 1986, 1987, 1988, 2007 by the Massachusetts Institute of
- * Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#ifdef KRB_CRYPT_DEBUG
-/* This file used to contain log() and set_logfile(). If you define
- KRB_CRYPT_DEBUG, you'll need to define those to point to krb_log and
- krb_set_logfile, or change all the invokers. */
-#endif
-
-#include "krb.h"
-#include "autoconf.h"
-#ifdef HAVE_TIME_H
-#include <time.h>
-#endif
-#if !defined(VMS) && !defined(_WIN32)
-#include <sys/time.h>
-#endif
-#include <stdio.h>
-#include <stdarg.h>
-
-#include "krb4int.h"
-#include <klog.h>
-#include "k5-platform.h"
-
-static char *log_name = KRBLOG;
-#if 0
-static is_open;
-#endif
-
-/*
- * This file contains three logging routines: set_logfile()
- * to determine the file that log entries should be written to;
- * and log() and new_log() to write log entries to the file.
- */
-
-/*
- * krb_log() is used to add entries to the logfile (see krb_set_logfile()
- * below). Note that it is probably not portable since it makes
- * assumptions about what the compiler will do when it is called
- * with less than the correct number of arguments which is the
- * way it is usually called.
- *
- * The log entry consists of a timestamp and the given arguments
- * printed according to the given "format".
- *
- * The log file is opened and closed for each log entry.
- *
- * The return value is undefined.
- */
-
-void krb_log(const char *format,...)
-{
- FILE *logfile;
- time_t now;
- struct tm *tm;
- va_list args;
-
- va_start(args, format);
-
- if ((logfile = fopen(log_name,"a")) != NULL) {
- set_cloexec_file(logfile);
- (void) time(&now);
- tm = localtime(&now);
-
- fprintf(logfile,"%2d-%s-%d %02d:%02d:%02d ",tm->tm_mday,
- month_sname(tm->tm_mon + 1),1900+tm->tm_year,
- tm->tm_hour, tm->tm_min, tm->tm_sec);
- vfprintf(logfile,format,args);
- fprintf(logfile,"\n");
- (void) fclose(logfile);
- }
- va_end(args);
- return;
-}
-
-/*
- * krb_set_logfile() changes the name of the file to which
- * messages are logged. If krb_set_logfile() is not called,
- * the logfile defaults to KRBLOG, defined in "krb.h".
- */
-
-void
-krb_set_logfile(filename)
- char *filename;
-{
- log_name = filename;
-#if 0
- is_open = 0;
-#endif
-}
-
-#if 0
-/*
- * new_log() appends a log entry containing the give time "t" and the
- * string "string" to the logfile (see set_logfile() above). The file
- * is opened once and left open. The routine returns 1 on failure, 0
- * on success.
- */
-
-krb_new_log(t,string)
- long t;
- char *string;
-{
- static FILE *logfile;
-
- struct tm *tm;
-
- if (!is_open) {
- if ((logfile = fopen(log_name,"a")) == NULL) return(1);
- set_cloexec_file(logfile);
- is_open = 1;
- }
-
- if (t) {
- tm = localtime(&t);
-
- fprintf(logfile,"\n%2d-%s-%d %02d:%02d:%02d %s",tm->tm_mday,
- month_sname(tm->tm_mon + 1),1900+tm->tm_year,
- tm->tm_hour, tm->tm_min, tm->tm_sec, string);
- }
- else {
- fprintf(logfile,"\n%20s%s","",string);
- }
-
- (void) fflush(logfile);
- return(0);
-}
-#endif
+++ /dev/null
-/*
- * mac_glue.c
- *
- * Copyright 1989 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- * Macintosh ooperating system interface for Kerberos.
- */
-
-#include "mit-copyright.h"
-#include "krb.h"
-
-/* Mac Cincludes */
-#include <string.h>
-#include <stddef.h>
-
-/* FIXME! swab should be swapping, but for initial test, don't bother. */
-
-void swab(char *from, char *to, int nbytes) {}
-
-mymemset( void *s, register int c, register size_t n )
-{
- // written because memset doesn't work in think C (ARGGGG!!!!!!)
- register char *j = s;
- while( n-- )
- *j++ = c;
-}
-
-int INTERFACE
-krb_start_session (x)
- char *x;
-{
- return KSUCCESS;
-}
-
-int INTERFACE
-krb_end_session (x)
- char *x;
-{
- return KSUCCESS;
-}
-
-/* FIXME: These stubs should go away. */
-int read() {return 0;}
-int write () {return 0;}
-int krb_ignore_ip_address = 0;
+++ /dev/null
-/*
- * mac_store.c
- *
- * Kerberos configuration store
- * Originally coded by Tim Miller / Brown University as KRB_Store.c
- * Mods 1/92 By Peter Bosanko
- *
- * Modified May-June 1994 by Julia Menapace and John Gilmore
- * of Cygnus Support.
- *
- * This file incorporates replacements for the Unix files
- * g_admhst.c, g_krbhst.c, realmofhost.c, and g_krbrlm.c.
- */
-
-/* Headers from in_tkt.c, merged in by gnu FIXME */
-#include <types.h>
-
-/* Headers from store.c from KClient */
-#include <string.h>
-#include <traps.h>
-#include <gestaltEqu.h>
-#include <Folders.h>
-#include <Resources.h>
-#include <Memory.h>
-#include <Files.h>
-
-#include "krb.h"
-#include "mac_store.h" /* includes memcache.h */
-#include "krb_driver.h"
-
-#define prefname "\pKerberos Client Preferences"
-const OSType preftype = 'PREF';
-const OSType prefcrea = 'krbL';
-const OSType unametype = 'UNam';
-const OSType lrealmtype = 'LRlm';
-const OSType templatetype = 'TMPL';
-const OSType realmmaptype = 'RMap';
-const OSType servermaptype = 'SMap';
-#define kNumTemplates 4
-#define kFirstTemplate 128
-#define kMapResNum 1024
-
-
-/* Lower level routines and data structures */
-
-
-/* Need to check this in each high-level routine, and call init_store
- if not set. */
-static int initialized_store = 0;
-
-static char fLRealm[REALM_SZ] = "";
-static Handle fRealmMap = 0;
-static Handle fServerMap = 0;
-static short fPrefVRefNum;
-static long fPrefDirID;
-OSErr fConstructErr = -1;
-
-/* Current default user name (for prompts, etc). */
-
-static char gUserName[MAX_K_NAME_SZ];
-
-
-/* Routines for dealing with the realm versus host database */
-
-/*
- * krb_get_admhst
- *
- * Given a Kerberos realm, find a host on which the Kerberos database
- * administration server can be found.
- *
- * krb_get_admhst takes a pointer to be filled in, a pointer to the name
- * of the realm for which a server is desired, and an integer n, and
- * returns (in h) the nth administrative host entry from the configuration
- * file (KRB_CONF, defined in "krb.h") associated with the specified realm.
- * If ATHENA_CONF_FALLBACK is defined, also look in old location.
- *
- * On error, get_admhst returns KFAILURE. If all goes well, the routine
- * returns KSUCCESS.
- *
- * For the format of the KRB_CONF file, see comments describing the routine
- * krb_get_krbhst().
- *
- * This is a temporary hack to allow us to find the nearest system running
- * a Kerberos admin server. In the long run, this functionality will be
- * provided by a nameserver. (HAH!)
- */
-int
-krb_get_admhst (h, r, n)
- char *h;
- char *r;
- int n;
-{
- if (!initialized_store)
- if (init_store())
- return KFAILURE;
- if(GetNthServer(n, r, 1, h)) return KFAILURE;
- else return KSUCCESS;
-}
-
-/*
- * Given a Kerberos realm, find a host on which the Kerberos authenti-
- * cation server can be found.
- *
- * krb_get_krbhst takes a pointer to be filled in, a pointer to the name
- * of the realm for which a server is desired, and an integer, n, and
- * returns (in h) the nth entry from the configuration information
- * associated with the specified realm.
- *
- * If no info is found, krb_get_krbhst returns KFAILURE. If n=1 and the
- * configuration file does not exist, krb_get_krbhst will return KRB_HOST
- * (defined in "krb.h"). If all goes well, the routine returnes
- * KSUCCESS.
- *
- * This is a temporary hack to allow us to find the nearest system running
- * kerberos. In the long run, this functionality will be provided by a
- * nameserver. (AH SO!)
- */
-int krb_get_krbhst(h, r, n)
- char *h;
- char *r;
- int n;
-{
- if (!initialized_store)
- if (init_store())
- return KFAILURE;
- if (GetNthServer(n, r, 0, h)) return KFAILURE;
- else return KSUCCESS;
-}
-
-
-/*
- * krb_get_lrealm takes a pointer to a string, and a number, n. It fills
- * in the string, r, with the name of the local realm specified in
- * the local Kerberos configuration.
- * It returns 0 (KSUCCESS) on success, and KFAILURE on failure. If the
- * config info does not exist, and if n=1, a successful return will occur
- * with r = KRB_REALM (also defined in "krb.h"). [FIXME -- not implem.]
- *
- * NOTE: for archaic & compatibility reasons, this routine will only return
- * valid results when n = 1.
- */
-
-int krb_get_lrealm(char *r, int n)
-{
- if (!initialized_store)
- if (init_store())
- return KFAILURE;
- if (n != 1)
- return KFAILURE;
- if (GetLocalRealm(r))
- return KFAILURE;
- return KSUCCESS;
-}
-
-
-/*
- * krb_realmofhost.
- * Given a fully-qualified domain-style primary host name,
- * return the name of the Kerberos realm for the host.
- * If the hostname contains no discernable domain, or an error occurs,
- * return the local realm name, as supplied by get_krbrlm().
- * If the hostname contains a domain, but no translation is found,
- * the hostname's domain is converted to upper-case and returned.
- *
- * In the database,
- * domain_name should be of the form .XXX.YYY (e.g. .LCS.MIT.EDU)
- * host names should be in the usual form (e.g. FOO.BAR.BAZ)
- */
-
-char *krb_realmofhost(char *host)
-{
- static char realm[REALM_SZ];
-
- if (!initialized_store)
- if (init_store())
- return 0;
-
- /* Store realm string through REALM pointer arg */
- GetRealm(host, realm);
- return realm;
-}
-
-
-char * INTERFACE
-krb_get_default_user (void)
-{
- if (!initialized_store)
- if (init_store())
- return 0;
-
- return gUserName;
-}
-
-
-int INTERFACE
-krb_set_default_user (uName)
- char* uName;
-{
- if (!initialized_store)
- if (init_store())
- return KFAILURE;
-
- if( strcmp( gUserName, uName ) != 0 ) {
- strcpy( gUserName, uName );
- if (WriteUser() != 0)
- return KFAILURE;
- }
- return KSUCCESS;
-}
-
-
-
-void GetPrefsFolder(short *vRefNumP, long *dirIDP)
-{
- Boolean hasFolderMgr = false;
- long feature;
-/*
- FIXME Error: Ô_GestaltDispatchÕ has not been declared - not needed now? - jcm
- if (TrapAvailable(_GestaltDispatch))
-*/
- if (Gestalt(gestaltFindFolderAttr, &feature) == noErr) hasFolderMgr = true;
- if (!hasFolderMgr) {
- GetSystemFolder(vRefNumP, dirIDP);
- return;
- }
- else {
- if (FindFolder(kOnSystemDisk, kPreferencesFolderType, kDontCreateFolder, vRefNumP, dirIDP) != noErr) {
- *vRefNumP = 0;
- *dirIDP = 0;
- }
- }
- }
-
-
-/*
- init_store() is used to initialize the config store. It opens the
- driver preferences file and reads the local realm, user name, and
- realm and server maps from resources in the prefs file into driver
- storage. If the preferences file doesn't exist, init_store creates it.
- Returns 0 on success, or 1 if something goes wrong.
- */
-int
-init_store()
-{
- short refnum;
- Handle temp;
- int hasPrefFile;
-
- /* If a prefs file exists, load from it, otherwise load defaults from self */
- GetPrefsFolder(&fPrefVRefNum, &fPrefDirID);
- refnum = HOpenResFile(fPrefVRefNum, fPrefDirID, (unsigned char *)prefname, fsRdPerm);
- hasPrefFile = (refnum != -1); // did we open it?
-
- temp = GetResource(lrealmtype, kMapResNum);
- if(ResError() || !temp) {
- if(refnum != -1) CloseResFile(refnum);
- fConstructErr = cKrbCorruptedFile;
- return 1;
- }
- strcpy(fLRealm, *temp);
- ReleaseResource(temp);
-
- temp = GetResource(unametype, kMapResNum);
- if(ResError() || !temp) {
- if(refnum != -1) CloseResFile(refnum);
- fConstructErr = cKrbCorruptedFile;
- return 1;
- }
- strcpy(gUserName, *temp);
- ReleaseResource(temp);
-
- fRealmMap = GetResource(realmmaptype, kMapResNum);
- if(ResError() || !fRealmMap) {
- if(refnum != -1) CloseResFile(refnum);
- *fLRealm = 0;
- fConstructErr = cKrbCorruptedFile;
- return 1;
- }
- DetachResource(fRealmMap);
-
- fServerMap = GetResource(servermaptype, kMapResNum);
- if(ResError() || !fServerMap) {
- if(refnum != -1) CloseResFile(refnum);
- *fLRealm = 0;
- DisposeHandle(fRealmMap);
- fRealmMap = 0;
- fConstructErr = cKrbCorruptedFile;
- return 1;
- }
- DetachResource(fServerMap);
-
- if(refnum != -1) CloseResFile(refnum);
- fConstructErr = noErr;
-
- if (!hasPrefFile) {
- fConstructErr = CreatePrefFile(); // make prefs file if we need to
- }
-
- initialized_store = 1;
- return 0;
-}
-
-
-/****************Private routines******************/
-
-OSErr OpenPrefsFile(short *refnum)
-{
- *refnum = HOpenResFile(fPrefVRefNum, fPrefDirID, (unsigned char *)prefname, fsRdWrPerm);
-
- if(ResError()) { /* doesn't exist, create it */
- FInfo fndrinfo;
-
- HCreateResFile(fPrefVRefNum, fPrefDirID, (unsigned char *)prefname);
- if(ResError()) {
- return ResError();
- }
- *refnum = HOpenResFile(fPrefVRefNum, fPrefDirID, (unsigned char *)prefname, fsRdWrPerm);
- if(ResError()) {
- return ResError();
- }
- HGetFInfo(fPrefVRefNum, fPrefDirID, (unsigned char *)prefname, &fndrinfo);
- fndrinfo.fdCreator = prefcrea;
- fndrinfo.fdType = preftype;
- HSetFInfo(fPrefVRefNum, fPrefDirID, (unsigned char *)prefname, &fndrinfo);
- }
-
- return noErr;
- }
-
-
-
-OSErr CreatePrefFile()
-{
- short refnum, i;
- OSErr err;
- Handle tmpls[ kNumTemplates ];
-
- // Get all the templates for ResEdit
- for( i = 0; i < kNumTemplates; i++ ) {
- tmpls[i] = GetResource( templatetype, kFirstTemplate + i );
- if( ResError() || !tmpls[i] ) return cKrbCorruptedFile;
- }
-
- err = OpenPrefsFile( &refnum );
- if( err ) return err;
-
- // write out the templates
- for( i = 0; i < kNumTemplates && !err; i++ ) {
- short tmplid;
- ResType theType;
- Str255 resName;
-
- GetResInfo( tmpls[i], &tmplid, &theType, resName );
- err = WritePref( refnum, tmpls[i], templatetype, tmplid, resName );
- ReleaseResource( tmpls[i] );
- }
-
- if( !err )
- err = WritePref( refnum, fRealmMap, realmmaptype, kMapResNum, "\p" );
- if( !err )
- err = WritePref( refnum, fServerMap, servermaptype, kMapResNum, "\p" );
- if( !err )
- err = WritePrefStr( refnum, fLRealm, lrealmtype, kMapResNum, "\p" );
- if( !err )
- err = WritePrefStr( refnum, gUserName, unametype, kMapResNum, "\p" );
-
- CloseResFile( refnum );
- if( !err ) err = ResError();
- return err;
-}
-
-OSErr WriteUser()
-{
- short refnum;
- OSErr err;
-
- err = OpenPrefsFile( &refnum );
- if( err ) return err;
-
- err = WritePrefStr( refnum, gUserName, unametype, kMapResNum, "\p" );
-
- CloseResFile( refnum );
- if( !err ) err = ResError();
- return err;
-}
-
-OSErr WritePref( short refnum, Handle dataHandle, OSType mapType, short resID, Str255 resName )
-{
- OSErr err;
- Handle resHandle;
-
- resHandle = Get1Resource( mapType, resID );
- if( !resHandle ) { // create a new resource:
- resHandle = dataHandle;
- err = HandToHand( &resHandle ); // copy the data handle
- if( err != noErr ) return err;
-
- AddResource( resHandle, mapType, resID, resName );
- if( ( err = ResError() ) != noErr ) {
- DisposHandle( resHandle );
- return err;
- }
- SetResAttrs( resHandle, resSysHeap | GetResAttrs( resHandle ) );
- }
- else { /* modify an existing resource: */
- Size handleSize = GetHandleSize( dataHandle );
- SetHandleSize( resHandle, handleSize );
- if( ( err = MemError() ) != noErr ) {
- ReleaseResource( resHandle );
- return err;
- }
- BlockMove( *dataHandle, *resHandle, handleSize );
- ChangedResource( resHandle );
- if( ( err = ResError() ) != noErr ) {
- ReleaseResource( resHandle );
- return err;
- }
- }
-
- UpdateResFile( refnum );
- err = ResError();
- ReleaseResource( resHandle );
- return err;
-}
-
-OSErr WritePrefStr( short refnum, char *dataString, OSType mapType, short resID, Str255 resName )
-{
- OSErr err;
- Handle dataHandle;
-
- err = PtrToHand( dataString, &dataHandle, strlen( dataString ) + 1 );
- if( err == noErr ) {
- err = WritePref( refnum, dataHandle, mapType, resID, resName );
- DisposHandle( dataHandle );
- }
- return err;
-}
-
-OSErr WriteRealmMap()
-{
- short refnum;
- OSErr err;
-
- err = OpenPrefsFile( &refnum );
- if( err ) return err;
-
- err = WritePref( refnum, fRealmMap, realmmaptype, kMapResNum, "\p" );
-
- CloseResFile( refnum );
- if( !err ) err = ResError();
- return err;
-}
-
-OSErr WriteServerMap()
-{
- short refnum;
- OSErr err;
-
- err = OpenPrefsFile(&refnum);
- if( err ) return err;
-
- err = WritePref( refnum, fServerMap, servermaptype, kMapResNum,"\p" );
-
- CloseResFile( refnum );
- if( !err ) err = ResError();
- return err;
-}
-
-OSErr GetLocalRealm(char *lrealm)
-{
- if (!initialized_store)
- init_store();
-
- strcpy(lrealm, fLRealm);
- return noErr;
- }
-
-OSErr SetLocalRealm( const char *lrealm )
-{
- short refnum;
- OSErr err;
-
- if (!initialized_store)
- init_store();
-
- strcpy( fLRealm, (char *) lrealm );
-
- err = OpenPrefsFile( &refnum );
- if( err ) return err;
-
- err = WritePrefStr( refnum, fLRealm, lrealmtype, kMapResNum, "\p" );
-
- CloseResFile( refnum );
- if( !err ) err = ResError();
- return err;
-}
-
-OSErr GetRealm(const char *host, char *realm)
-{
- int numrealms;
- char *curnetorhost, *currealm;
- char *domain;
-
- if (!initialized_store)
- init_store();
-
- numrealms = *((short *)*fRealmMap);
- GetLocalRealm(realm);
-
- domain = strchr( host, '.');
- if(!domain) return noErr;
-
- curnetorhost = (*fRealmMap) + 2;
- currealm = strchr(curnetorhost, '\0') + 1;
- for( ; numrealms > 0; numrealms--) {
- if(!strcasecmp(curnetorhost, host)) {
- strcpy(realm, currealm);
- return noErr;
- }
- if(!strcasecmp(curnetorhost, domain)) {
- strcpy(realm, currealm);
- }
-
- if(numrealms > 1) {
- curnetorhost = strchr(currealm, '\0') + 1;
- currealm = strchr(curnetorhost, '\0') + 1;
- }
- }
-
- return noErr;
- }
-
-OSErr AddRealmMap(const char *netorhost, const char *realm)
-{
- int numrealms;
- char *curptr;
-
- SetHandleSize(fRealmMap, strlen(netorhost)+1 + strlen(realm)+1 +
- GetHandleSize(fRealmMap));
- if(MemError()) return MemError();
-
- numrealms = ++(*((short *)*fRealmMap));
-
- for(curptr = (*fRealmMap)+2; numrealms > 1; numrealms--) {
- curptr = strchr(curptr, '\0') + 1;
- curptr = strchr(curptr, '\0') + 1;
- }
-
- strcpy(curptr, netorhost);
- curptr = strchr(curptr, '\0') + 1;
- strcpy(curptr, realm);
-
- return WriteRealmMap();
- }
-
-OSErr DeleteRealmMap(const char *netorhost)
-{
- int numrealms = *((short *)*fRealmMap);
- char *curptr, *fromptr, *nextptr;
-
- for(curptr = (*fRealmMap)+2; numrealms > 0; numrealms--) {
- if(!strcasecmp(curptr, netorhost)) break; /* got it! */
-
- curptr = strchr(curptr, '\0') + 1;
- curptr = strchr(curptr, '\0') + 1;
- }
-
- if(numrealms == 0) return cKrbMapDoesntExist;
-
- *(short*)*fRealmMap -= 1;
-
- if(numrealms > 1) {
- fromptr = strchr(curptr, '\0') + 1;
- fromptr = strchr(fromptr, '\0') + 1;
- }
-
- for( ; numrealms > 1; numrealms--) {
- nextptr = strchr(fromptr, '\0') + 1;
- strcpy(curptr, fromptr);
- curptr = strchr(curptr, '\0') + 1;
- fromptr = nextptr;
-
- nextptr = strchr(fromptr, '\0') + 1;
- strcpy(curptr, fromptr);
- curptr = strchr(curptr, '\0') + 1;
- fromptr = nextptr;
- }
-
- SetHandleSize(fRealmMap, curptr-(*fRealmMap));
- if(MemError()) return MemError();
- return WriteRealmMap();
- }
-
-OSErr GetNthRealmMap(const int n, char *netorhost, char *realm)
-{
- int i;
- char *curptr;
-
- if(n > *(short*)*fRealmMap) return cKrbMapDoesntExist;
-
- for(curptr = (*fRealmMap) + 2, i = 1; i < n; i++) {
- curptr = strchr(curptr, '\0') + 1;
- curptr = strchr(curptr, '\0') + 1;
- }
-
- strcpy(netorhost, curptr);
- curptr = strchr(curptr, '\0') + 1;
- strcpy(realm, curptr);
-
- return noErr;
- }
-
-OSErr GetNthServer(const int n, const char *realm, const int mustadmin,
- char *server)
-{
- int numservers = *(short*)*fServerMap, i = 0;
- char *currealm, *curserver;
-
- currealm = (*fServerMap) + 2;
- curserver = strchr(currealm, '\0') + 1 + 1;
- for( ; numservers > 0; numservers--) {
- if(!strcmp(currealm, realm)) {
- if(!mustadmin || *(curserver-1)) i++;
- if(i >= n) {
- strcpy(server, curserver);
- return noErr;
- }
- }
-
- if(numservers > 1) {
- currealm = strchr(curserver, '\0') + 1;
- curserver = strchr(currealm, '\0') + 1 + 1;
- }
- }
-
- return cKrbMapDoesntExist;
- }
-
-OSErr AddServerMap(const char *realm, const char *server,
- const int isadmin)
-{
- int numservers;
- char *curptr;
-
- SetHandleSize(fServerMap, strlen(realm)+1 + 1 + strlen(server)+1 +
- GetHandleSize(fServerMap));
- if(MemError()) return MemError();
-
- numservers = ++(*((short *)*fServerMap));
-
- for(curptr = (*fServerMap)+2; numservers > 1; numservers--) {
- curptr = strchr(curptr, '\0') + 1 + 1;
- curptr = strchr(curptr, '\0') + 1;
- }
-
- strcpy(curptr, realm);
- curptr = strchr(curptr, '\0') + 1;
- *curptr = (char) isadmin;
- curptr++;
- strcpy(curptr, server);
-
- return WriteServerMap();
- }
-
-OSErr DeleteServerMap(const char *realm, const char *server)
-{
- int numservers = *((short *)*fServerMap);
- char *curptr, *fromptr, *nextptr;
-
- for(curptr = (*fServerMap)+2; numservers > 0; numservers--) {
- if(!strcmp(curptr, realm)) {
- nextptr = strchr(curptr, '\0') + 1 + 1;
- if(!strcasecmp(nextptr, server)) {
- break; /* got it! */
- }
- }
-
- curptr = strchr(curptr, '\0') + 1 + 1;
- curptr = strchr(curptr, '\0') + 1;
- }
-
- if(numservers == 0) return cKrbMapDoesntExist;
-
- *(short*)*fServerMap -= 1;
-
- if(numservers > 1) {
- fromptr = strchr(curptr, '\0') + 1 + 1;
- fromptr = strchr(fromptr, '\0') + 1;
- }
-
- for( ; numservers > 1; numservers--) {
- nextptr = strchr(fromptr, '\0') + 1;
- strcpy(curptr, fromptr);
- curptr = strchr(curptr, '\0') + 1;
- fromptr = nextptr;
-
- *curptr = *fromptr;
- curptr++;
- fromptr++;
-
- nextptr = strchr(fromptr, '\0') + 1;
- strcpy(curptr, fromptr);
- curptr = strchr(curptr, '\0') + 1;
- fromptr = nextptr;
- }
-
- SetHandleSize(fServerMap, curptr-(*fServerMap));
- if(MemError()) return MemError();
- return WriteServerMap();
- }
-
-OSErr GetNthServerMap(const int n, char *realm, char *server, int *admin)
-{
- int i;
- char *curptr;
-
- if(n > *(short*)*fServerMap) return cKrbMapDoesntExist;
-
- for(curptr = (*fServerMap) + 2, i = 1; i < n; i++) {
- curptr = strchr(curptr, '\0') + 1 + 1;
- curptr = strchr(curptr, '\0') + 1;
- }
-
- strcpy(realm, curptr);
- curptr = strchr(curptr, '\0') + 1;
- *admin = *curptr;
- curptr++;
- strcpy(server, curptr);
-
- return noErr;
-}
+++ /dev/null
-/*
- store.h
- Kerberos credential store
- Originally coded by Tim Miller / Brown University
- Mods 1/92 By Peter Bosanko
-
- Modified May 1994 by Julia Menapace and John Gilmore, Cygnus
- Support.
-*/
-
-#include "memcache.h"
-
-extern OSErr fConstructErr;
-
- OSErr CreatePrefFile();
- OSErr WriteUser(); /* saves gUserName to prefs file */
-
- /* Used internally... */
- OSErr WritePref(short refnum, Handle dataHandle, OSType mapType, short resID,
- Str255 resName);
- OSErr WritePrefStr(short refnum, char *dataString, OSType mapType, short resID,
- Str255 resName);
-
- /*** Realm info routines: ***/
- OSErr GetLocalRealm(char *lrealm); /* stuffs local realm in lrealm */
- OSErr SetLocalRealm(const char *lrealm); /* sets local realm */
-
- OSErr GetRealm(const char *host, char *realm); /* yields realm for given
- host's net name */
- OSErr AddRealmMap(const char *netorhost, const char *realm); /* says hosts
- with this name or in this domain (if
- begins with period) map to this realm
- (provided no more specific map is
- found) */
- OSErr DeleteRealmMap(const char *netorhost); /* deletes realm map for the
- net or net hostname */
- OSErr GetNthRealmMap(const int n, char *netorhost, char *realm); /* yields
- the Nth mapping of a net or host to
- a kerberos realm */
-
- OSErr GetNthServer(const int n, const char *realm, const int mustadmin,
- char *server); /* yields Nth (administrating if
- mustadmin is true) server for
- the given realm */
- OSErr AddServerMap(const char *realm, const char *server,
- const int isadmin); /* says this server services this
- realm (administratively if isadmin) */
- OSErr DeleteServerMap(const char *realm, const char *server); /* deletes
- the map of this realm to this server */
- OSErr GetNthServerMap(const int n, char *realm, char *server, int *admin);
- /* yields Nth realm-server mapping */
-
- OSErr OpenPrefsFile(short *refnum); /* open (create if necessary) prefs file
- for writing */
- OSErr WriteRealmMap();
- OSErr WriteServerMap();
+++ /dev/null
-/*
- * mac_stubs.c
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- * Macintosh oopserating system stub interface for Kerberos.
- * Applications call these routines, which then call the driver to do the work.
- */
-
-#include "krb.h"
-#include "krb_driver.h" /* Mac driver interface */
-
-#include <string.h>
-#include <stddef.h>
-#include <Files.h>
-#include <Devices.h>
-
-/* We export the driver reference under the name mac_stubs_kdriver,
- but for convenience throughout this code, we call it "kdriver",
- which was its name when it was static. */
-short mac_stubs_kdriver = 0; /* .Kerberos driver ref */
-#define kdriver mac_stubs_kdriver
-
-ParamBlockRec pb[1];
-struct krbHiParmBlock khipb[1];
-struct krbParmBlock klopb[1];
-
-short lowcall (long cscode, krbParmBlock *klopb, short kdriver)
-{
- short s;
- ParamBlockRec pb;
-
- memset (&pb, 0, sizeof(ParamBlockRec));
- *(long *)pb.cntrlParam.csParam = (long)klopb;
- pb.cntrlParam.ioCompletion = nil;
- pb.cntrlParam.ioCRefNum = kdriver;
- pb.cntrlParam.csCode = cscode;
-
- if (s = PBControl(&pb, false))
- return KFAILURE;
- if (s = pb.cntrlParam.ioResult)
- return -(s - cKrbKerberosErrBlock); /* Restore krb err code from driver err */
-
- return KSUCCESS;
-}
-
-
-short hicall (long cscode, krbHiParmBlock *khipb, short kdriver)
-{
- short s;
- ParamBlockRec pb;
- memset(&pb, 0, sizeof(ParamBlockRec));
- *(long *)pb.cntrlParam.csParam = (long)khipb;
- pb.cntrlParam.ioCompletion = nil;
- pb.cntrlParam.ioCRefNum = kdriver;
-
- pb.cntrlParam.csCode = cscode;
- if (s = PBControl(&pb, false))
- return KFAILURE;
- if (s = pb.cntrlParam.ioResult)
- return -(s - cKrbKerberosErrBlock); /* Restore krb err code from driver err */
-
- return KSUCCESS;
-}
-
-
-int INTERFACE
-krb_start_session (x)
- char *x;
-{
- short s;
-
- /*
- * Open the .Kerberos driver if not already open
- */
- if (!kdriver) {
- s = OpenDriver("\p.Kerberos", &kdriver);
- if (s) {
- return KFAILURE; /* Improve this error code */
- }
- }
-
- return KSUCCESS;
-}
-
-
-int INTERFACE
-krb_end_session (x)
- char *x;
-{
- short s;
-
-#if 0 /* This driver doesn't want to be closed. FIXME, is this OK? */
- if (kdriver) {
- s = CloseDriver(kdriver);
- if (s)
- return KFAILURE;
- kdriver = 0;
- }
-#endif
- return KSUCCESS;
-}
-
-
-char * INTERFACE
-krb_realmofhost (host)
- char *host;
-{
- short s;
- ParamBlockRec pb;
- static char realm[REALM_SZ];
-
- memset(klopb, 0, sizeof(*klopb));
- klopb->host = host;
- klopb->uRealm = realm;
-
- /* FIXME jcm - no error handling for return value of lowcall in krb_realmofhost */
- s = lowcall (cKrbGetRealm , klopb, kdriver);
-
- return realm;
-}
-
-int INTERFACE
-krb_get_lrealm (realm, n)
- char *realm;
- int n;
-{
- short s;
- ParamBlockRec pb;
-
- if (n != 1)
- return KFAILURE;
-
- memset(klopb, 0, sizeof(*klopb));
- klopb->uRealm = realm;
-
- s = lowcall (cKrbGetLocalRealm, klopb, kdriver);
- return s;
-
-}
-
-
-int INTERFACE
-kname_parse (name, instance, realm, fullname)
- char *name, *instance, *realm, *fullname;
-{
- short s;
- ParamBlockRec pb;
-
- memset(klopb, 0, sizeof(*klopb));
- klopb->uName = name;
- klopb->uInstance = instance;
- klopb->uRealm = realm;
- klopb->fullname = fullname;
-
- s = lowcall (cKrbKnameParse, klopb, kdriver);
- return s;
-}
-
-const char* INTERFACE
-krb_get_err_text (error_code)
- int error_code;
-{
- short s;
-
- memset(klopb, 0, sizeof(*klopb));
- klopb->admin = error_code;
- s = lowcall (cKrbGetErrText, klopb, kdriver);
- if (s != KSUCCESS)
- return "Error in get_err_text";
- return klopb->uName;
-}
-
-
-int INTERFACE
-krb_get_pw_in_tkt(user,instance,realm,service,sinstance,life,password)
- char *user, *instance, *realm, *service, *sinstance;
- int life;
- char *password;
-{
- short s;
-
- memset(klopb, 0, sizeof(*klopb));
- klopb->uName = user;
- klopb->uInstance = instance;
- klopb->uRealm = realm;
- klopb->sName = service;
- klopb->sInstance = sinstance;
- klopb->admin = life;
- klopb->fullname = password;
-
- s = lowcall (cKrbGetPwInTkt, klopb, kdriver);
- return s;
-}
-
-
-/* FIXME: For now, we handle the preauth version exactly the same
- as the non-preauth. */
-krb_get_pw_in_tkt_preauth(user,instance,realm,service,sinstance,life,password)
- char *user, *instance, *realm, *service, *sinstance;
- int life;
- char *password;
-{
- short s;
-
- memset(klopb, 0, sizeof(*klopb));
- klopb->uName = user;
- klopb->uInstance = instance;
- klopb->uRealm = realm;
- klopb->sName = service;
- klopb->sInstance = sinstance;
- klopb->admin = life;
- klopb->fullname = password;
-
- s = lowcall (cKrbGetPwInTkt, klopb, kdriver);
- return s;
-}
-
-
-
-char* INTERFACE
-krb_get_default_user (void)
-{
- short s;
- static char return_name[MAX_K_NAME_SZ];
-
- memset(khipb, 0, sizeof(*khipb));
- khipb->user = return_name;
- s = hicall (cKrbGetUserName, khipb, kdriver);
- if (s != KSUCCESS)
- return 0;
- return return_name;
-}
-
-
-int INTERFACE
-krb_set_default_user (uName)
- char* uName;
-{
- short s;
-
- memset(khipb, 0, sizeof(*khipb));
- khipb->user = uName;
- s = hicall (cKrbSetUserName, khipb, kdriver);
- return s;
-}
-
-int INTERFACE
-krb_get_cred (name, instance, realm, cr)
- char *name;
- char *instance;
- char *realm;
- CREDENTIALS *cr;
-{
- short s;
-
- memset(klopb, 0, sizeof(*klopb));
-
- strcpy(cr->service, name);
- strcpy(cr->instance, instance);
- strcpy(cr->realm, realm);
-
- klopb->cred = cr;
-
- s = lowcall (cKrbGetCredentials, klopb, kdriver);
- return s;
-}
-
-int INTERFACE
-krb_save_credentials (sname, sinstance, srealm, session,
- lifetime, kvno,ticket, issue_date)
- char *sname; /* service name */
- char *sinstance; /* service instance */
- char *srealm; /* service realm */
- C_Block session; /* Session key */
- int lifetime; /* Lifetime */
- int kvno; /* Key version number */
- KTEXT ticket; /* The ticket itself */
- long issue_date; /* The issue time */
-
-{
- short s;
- CREDENTIALS cr;
-
- strcpy(cr.service, sname);
- strcpy(cr.instance, sinstance);
- strcpy(cr.realm, srealm);
- memcpy(cr.session, session, sizeof(C_Block));
- cr.lifetime = lifetime;
- cr.kvno = kvno;
- cr.ticket_st = *ticket;
- cr.issue_date = issue_date;
-
- memset(klopb, 0, sizeof(*klopb));
- klopb->cred = &cr;
-
- s = lowcall (cKrbAddCredentials, klopb, kdriver);
- return s;
-}
-
-
-int INTERFACE
-krb_delete_cred (sname, sinstance, srealm)
- char *sname;
- char *sinstance;
- char *srealm;
-{
- short s;
-
- memset(klopb, 0, sizeof(*klopb));
-
- klopb->sName = sname;
- klopb->sInstance = sinstance;
- klopb->sRealm = srealm;
-
- s = lowcall (cKrbDeleteCredentials, klopb, kdriver);
- return s;
-}
-
-int INTERFACE
-dest_tkt (cachename)
- char *cachename; /* This parameter is ignored. */
-{
- short s;
-
- memset(klopb, 0, sizeof(*klopb));
- s = lowcall (cKrbDeleteAllSessions, klopb, kdriver);
- return s;
-}
-
-/*
- * returns service name, service instance and realm of the nth credential.
- * credential numbering is 1 based.
- */
-
-int INTERFACE
-krb_get_nth_cred (sname, sinstance, srealm, n)
- char *sname;
- char *sinstance;
- char *srealm;
- int n;
-{
- short s;
-
- memset(klopb, 0, sizeof(*klopb));
-
- klopb->sName = sname;
- klopb->sInstance = sinstance;
- klopb->sRealm = srealm;
- klopb->itemNumber = &n;
-
- s = lowcall (cKrbGetNthCredentials, klopb, kdriver);
- return s;
-}
-
-/*
- * Return the number of credentials in the current credential cache (ticket cache).
- * On error, returns -1.
- */
-int INTERFACE
-krb_get_num_cred ()
-{
- int s;
- int n;
-
- memset(klopb, 0, sizeof(*klopb));
- klopb->itemNumber = &n;
-
- s = lowcall (cKrbGetNumCredentials, klopb, kdriver);
- if (s)
- return -1;
- return *(klopb->itemNumber);
-}
-
-
-
-/* GetNthRealmMap
- yields the Nth mapping of a net or host to a Kerberos realm
- -> itemNumber which mapping, traditionally the first
- -> host host or net
- -> uRealm pointer to buffer that will receive realm name
-*/
-
-OSErr INTERFACE
-GetNthRealmMap(n, netorhost, realm)
- int n;
- char *netorhost;
- char *realm;
-{
- int s;
- memset(klopb, 0, sizeof(*klopb));
- klopb->itemNumber = &n;
- klopb->host = netorhost;
- klopb->uRealm = realm;
-
- s = lowcall (cKrbGetNthRealmMap, klopb, kdriver);
- return s;
-}
-
-/* GetNthServerMap
- yields Nth realm-server mapping
- -> itemNumber which mapping should be returned
- -> uRealm pointer to buffer that will receive realm name
- -> host pointer to buffer that will receive server name
- -> admin pointer to admin flag
- */
-
-OSErr INTERFACE
-GetNthServerMap(n, realm, server, admin)
- int n;
- char *realm;
- char *server;
- int *admin;
-{
- int s;
- memset(klopb, 0, sizeof(*klopb));
- klopb->itemNumber = &n;
- klopb->uRealm = realm;
- klopb->host = server;
- klopb->adminReturn = admin;
-
- s = lowcall (cKrbGetNthServerMap, klopb, kdriver);
- return s;
-}
-
-
-
-/* krb_get_ticket_for_service
- * Gets a ticket and returns it to application in buf
- -> service Formal Kerberos name of service
- -> buf Buffer to receive ticket
- -> checksum checksum for this service
- <-> buflen length of ticket buffer (must be at least
- 1258 bytes)
- <- sessionKey for internal use
- <- schedule for internal use
-
- * Result is:
- * GC_NOTKT if there is no matching TGT in the cache
- * MK_AP_TGTEXP if the matching TGT is expired
- * Other errors possible. These could cause a dialogue with the user
- * to get a new TGT.
- */
-
-int INTERFACE
-krb_get_ticket_for_service (serviceName, buf, buflen, checksum, sessionKey,
- schedule, version, includeVersion)
- char *serviceName;
- char *buf;
- unsigned KRB4_32 *buflen;
- int checksum;
- des_cblock sessionKey;
- Key_schedule schedule;
- char *version;
- int includeVersion;
-{
- short s;
-
- if (includeVersion)
- return KFAILURE; /* Not implmented in the kclient driver iface */
-
- memset(khipb, 0, sizeof(*khipb));
- khipb->service = serviceName;
- khipb->buf = buf;
- khipb->buflen = *buflen;
- khipb->checksum = checksum;
-
- s = hicall (cKrbGetTicketForService, khipb, kdriver);
- /* These are ARRAYS in the hiparmblock, for some reason! */
- memcpy (sessionKey, khipb->sessionKey, sizeof (khipb[0].sessionKey));
- memcpy (schedule, khipb->schedule, sizeof (khipb[0].schedule));
- *buflen = khipb->buflen;
- return s;
-}
-
-
-/* krb_get_tf_fullname -- return name, instance and realm of the
- principal in the current ticket file. The ticket file name is not
- currently used for anything since there is only one credentials
- cache/ticket file
-*/
-
-int INTERFACE
-krb_get_tf_fullname (tktfile, name, instance, realm)
- char *tktfile;
- char *name;
- char *instance;
- char *realm;
-
-{
- short s;
- memset (klopb, 0, sizeof(*klopb));
- klopb->fullname = tktfile;
- klopb->uName = name;
- klopb->uInstance = instance;
- klopb->uRealm = realm;
-
- s = lowcall (cKrbGetTfFullname, klopb, kdriver);
- return s;
-}
-
-
-
-#if 0
- xbzero(khipb, sizeof(krbHiParmBlock));
- khipb->service = (char *)cannon;
- khipb->buf = (char *)buf; /* where to build it */
- khipb->checksum = 0;
- khipb->buflen = sizeof(buf);
- if (s = hicall(cKrbGetTicketForService, khipb, kdriver))
- return s;
- xbcopy(khipb->sessionKey, sessionKey, sizeof(sessionKey)); /* save the session key */
- /*
- * cKrbGetTicketForService put a longword buffer length into the buffer
- * which we don't want, so we ignore it.
- * Make room for first 3 bytes which preceed the auth data.
- */
- cp = &buf[4-3]; /* skip long, make room for 3 bytes */
- cp[0] = tp[0]; /* copy type and modifier */
- cp[1] = tp[1];
- cp[2] = KRB_AUTH; /* suboption command */
- len = khipb->buflen - sizeof(long) + 3; /* data - 4 + 3 */
-
-#endif /* 0 */
+++ /dev/null
-/*
- * mac_time.c
- * (Originally time_stuff.c)
- *
- * Copyright 1989 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- * Macintosh ooperating system interface for Kerberos.
- */
-
-#include "mit-copyright.h"
-#include "krb.h"
-#include "des.h"
-#include "AddressXlation.h" /* for ip_addr */
-#include <time.h>
-#include <sys/time.h>
-
-#include <script.h> /* Defines MachineLocation, used by getTimeZoneOffset */
-#include <ToolUtils.h> /* Defines BitTst(), called by getTimeZoneOffset() */
-#include <OSUtils.h> /* Defines GetDateTime */
-
-/* Mac Cincludes */
-#include <string.h>
-#include <stddef.h>
-
-
- /*******************************
- The Unix epoch is 1/1/70, the Mac epoch is 1/1/04.
-
- 70 - 4 = 66 year differential
-
- Thus the offset is:
-
- (66 yrs) * (365 days/yr) * (24 hours/day) * (60 mins/hour) * (60 secs/min)
- plus
- (17 leap days) * (24 hours/day) * (60 mins/hour) * (60 secs/min)
-
- Don't forget the offset from GMT.
- *******************************/
-
-
-/* returns the offset in hours between the mac local time and the GMT */
-
-unsigned long
-getTimeZoneOffset()
-{
- MachineLocation macLocation;
- long gmtDelta;
-
- macLocation.gmtFlags.gmtDelta=0L;
- ReadLocation(&macLocation);
- gmtDelta=macLocation.gmtFlags.gmtDelta & 0x00FFFFFF;
- if (BitTst((void *)&gmtDelta,23L)) gmtDelta |= 0xFF000000;
- gmtDelta /= 3600L;
- return(gmtDelta);
-}
-
-
-/* Returns the GMT in seconds using the Unix epoch, ie. Net time */
-
-static unsigned long
-gettimeofdaynet_no_offset()
-{
- time_t the_time;
-
- GetDateTime (&the_time);
- the_time = the_time -
- ((66 * 365 * 24 * 60 * 60) +
- (17 * 24 * 60 * 60) +
- (getTimeZoneOffset() * 60 * 60));
- return the_time;
-}
-
-
-
-int
-gettimeofdaynet (struct timeval *tp, struct timezone *tz)
-{
- tp->tv_sec = gettimeofdaynet_no_offset();
- return 0;
-}
-
-
-#if 0
-
-int
-gettimeofdaynet (struct timeval *tp, struct timezone *tz)
-{
- int result;
-
- if (!net_got_offset)
- result = get_net_offset();
- else result = 0;
-
- time ((time_t *) &(tp->tv_sec));
-
- tp->tv_sec = tp->tv_sec - (66 * 365 * 24 * 60 * 60
- + 17 * 60 * 60 * 24) + net_offset;
-
- return (result);
-}
-
-
-#define TIME_PORT 37
-#define TM_OFFSET 2208988800
-
-/*
- *
- * get_net_offset () -- Use UDP time protocol to figure out the
- * offset between what the Mac thinks the time is an what
- * the network thinks.
- *
- */
-int
-get_net_offset()
-{
- time_t tv;
- char buf[512],ts[256];
- long *nettime;
- int attempts, cc, time_port;
- long unixtime;
- char realm[REALM_SZ];
- ip_addr fromaddr;
- unsigned short fromport;
- int result;
-
- nettime = (long *)buf;
- time_port = TIME_PORT;
-
- cc = sizeof(buf);
- result = hosts_send_recv(ts, 1, buf, &cc, "", time_port);
- time (&tv);
-
- if (result!=KSUCCESS || cc<4) {
- net_offset = 0;
- if (!result) result = 100;
- return result;
- }
-
- unixtime = (long) ntohl(*nettime) - TM_OFFSET;
-
- tv -= 66 * 365 * 24 * 60 * 60
- + 17 * 60 * 60 * 24; /* Convert to unix time w/o offset */
- net_offset = unixtime - tv;
- net_got_offset = 1;
-
- return 0;
-}
-
-#endif
+++ /dev/null
-/*
- * memcache.c
- *
- * Kerberos credential cache
- * Originally coded by Tim Miller / Brown University as KRB_Store.c
- * Mods 1/92 By Peter Bosanko
- *
- * Modified May-June 1994 by Julia Menapace and John Gilmore
- * of Cygnus Support.
- *
- * This file incorporates replacements for the Unix files
- * in_tkt.c, dest_tkt.c, tf_util.c, and tkt_string.c.
- */
-
-#include "krb.h"
-#include "krb4int.h"
-#include "autoconf.h"
-
-#ifdef _WIN32
-#include <errno.h>
-
-typedef DWORD OSErr;
-#define noErr 0
-#define cKrbCredsDontExist 12001
-#define cKrbSessDoesntExist 12002
-#define memFullErr ENOMEM
-#endif
-
-#ifndef unix
-#ifdef _AIX
-#define unix
-#endif
-#endif
-
-#ifdef unix
-/* Unix interface to memory cache Mac functions. */
-
-#include <stdio.h>
-#include <errno.h>
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>
-#else
-extern char *malloc (), *realloc ();
-#endif
-
-typedef int OSErr;
-#define noErr 0
-#define memFullErr ENOMEM
-
-#endif /* unix */
-
-#include "memcache.h"
-
-
-/* Lower level data structures */
-
-static int fNumSessions = 0;
-static Session **fSessions = 0;
-
-#ifndef _WIN32
-#define change_cache()
-#endif
-
-#if defined (_WIN32) || defined (unix)
-/* Fake Mac handles up for general use. */
-#define Handle char **
-#define Size int
-
-static OSErr memerror = noErr;
-
-/*
- * Simulates Macintosh routine by allocating a block of memory
- * and a pointer to that block of memory. If the requested block
- * size is 0, then we just allocate the indirect pointer and 0
- * it, otherwise we allocate an indirect pointer and place a pointer
- * to the actual allocated block in the indirect pointer location.
- */
-Handle
-NewHandleSys(s)
- int s;
-{
- Handle h;
-
- h = (char **) malloc(sizeof(char *));
-
- if (h == NULL) {
- memerror = memFullErr;
- return (NULL);
- }
-
- if (s > 0) {
- *h = malloc(s);
-
- if (*h == NULL) {
- free(h);
- memerror = memFullErr;
- return (NULL);
- }
- }
- else
- *h = NULL;
-
- memerror = noErr;
-
- return h;
-}
-
-/*
- * Frees allocated indirect pointer and the block of memory it points
- * to. If the indirect pointer is NULL, then the block is considered
- * to have 0 length.
- */
-void
-DisposHandle(h)
- Handle h;
-{
- if (*h != NULL)
- free(*h);
- free(h);
-}
-
-/*
- * Resizes a block of memory pointed to by and indirect pointer. The
- * indirect pointer is updated when the block of memory is reallocated.
- * If the indirect pointer is 0, then the block of memory is allocated
- * rather than reallocated. If the size requested is 0, then the block
- * is deallcated rather than reallocated.
- */
-void
-SetHandleSize(h, s)
- Handle h;
- int s;
-{
- if (*h != NULL) {
- if (s > 0) {
- *h = realloc(*h, s);
- if (*h == NULL) {
- memerror = memFullErr;
- return;
- }
- }
- else {
- free(*h);
- *h = NULL;
- }
- }
-
- else {
- if (s > 0) {
- *h = malloc(s);
- if (*h == NULL) {
- memerror = memFullErr;
- return;
- }
- }
- }
-
- memerror = noErr;
-}
-
-OSErr
-MemError()
-{
- return memerror;
-}
-
-#endif /* Windows || unix */
-
-#ifdef _WIN32
-
-/*
- * change_cache should be called after the cache changes.
- * If the session count is > 0 it forces the DLL to stay in
- * memory even after the calling program exits providing cross
- * session ticket cacheing. Also a notification message is
- * is posted out to all top level Windows so that they may
- * recheck the cache based on the changes made. The
- * krb_get_notifcation_message routine will return the
- * current notificaiton message for the system which an
- * application can expect to get.
- */
-void
-change_cache()
-{
- char fname[260];
- static BOOL locked = FALSE;
-
- if (fNumSessions > 0 && !locked) {
- GetModuleFileName(get_lib_instance(), fname, sizeof(fname));
- LoadLibrary(fname);
- locked = TRUE;
- }
-
- else if (fNumSessions == 0 && locked) {
- FreeLibrary(get_lib_instance());
- locked = FALSE;
- }
-
- PostMessage(HWND_BROADCAST, krb_get_notification_message(), 0, 0);
-}
-
-
-/*
- * Returns a system wide unique notification message. This
- * message will be broadcast to all top level windows when
- * the credential cache changes.
- */
-unsigned int
-krb_get_notification_message(void)
-{
- static UINT message = 0;
-
- if (message == 0)
- message = RegisterWindowMessage(WM_KERBEROS_CHANGED);
-
- return message;
-}
-
-
-#endif /* Windows */
-
-
-/* The low level routines in this file are capable of storing
- tickets for multiple "sessions", each led by a different
- ticket-granting ticket. For now, since the top level code
- doesn't know how to handle that, we are short-cutting all
- that with a fixed top level identifying tag for the (one)
- session supported.
-
- FIXME jcm - Force one named cache for now for compatibility with
- Cygnus source tree. Figure out later how to access the multiple
- cache functionality in KClient.
- */
-
-char uname[] = "Fixed User";
-char uinstance[] = "Fixed Instance";
-char urealm[] = "Fixed Realm";
-
-static char curr_auth_uname [ANAME_SZ];
-static char curr_auth_uinst [INST_SZ];
-
-
-/*
- in_tkt() is used to initialize the ticket cache.
- It inits the driver's credentials storage, by deleting any tickets.
- in_tkt() returns KSUCCESS on success, or KFAILURE if something goes wrong.
-
- User name, instance and realm are not currently being stored in
- the credentials cache because currently we are forcing a single
- named cache by using a fixed user name,inst,and realm in the
- memcache accessor routines.
-
- FIXME jcm - needed while stubbing out multi-caching with fixed
- user etc... Store currently authenticated user name and instance
- in this file. We will use this information to fill out the p_user
- and p_inst fields in the credential.
-
- FIXME jcm - more kludges: make sure default user name matches the
- current credentials cache. Telnet asks for default user name. It
- may have last been set to another user name programmatically or
- via ResEdit.
-
- */
-int KRB5_CALLCONV
-in_tkt(pname,pinst)
- char *pname;
- char *pinst;
-{
- int retval;
-
- strncpy (curr_auth_uname, pname, ANAME_SZ);
- strncpy (curr_auth_uinst, pinst, INST_SZ);
-
- krb_set_default_user (pname);
-
- retval = dest_tkt();
- if (!retval)
- return retval;
- else
- return KSUCCESS;
-
-}
-
-int KRB5_CALLCONV
-krb_in_tkt(pname, pinst, prealm)
- char *pname;
- char *pinst;
- char *prealm;
-{
- return in_tkt(pname, pinst);
-}
-
-/*
- * dest_tkt() is used to destroy the ticket store upon logout.
- * If the ticket file does not exist, dest_tkt() returns RET_TKFIL.
- * Otherwise the function returns RET_OK on success, KFAILURE on
- * failure.
- *
- */
-int KRB5_CALLCONV
-dest_tkt()
-{
- /*
- FIXME jcm - Force one named cache for now for
- compatibility with Cygnus source tree. Figure out
- later how to access the multiple cache functionality in
- KClient.
- */
- OSErr err;
-
- err = DeleteSession(uname, uinstance, urealm);
-
- change_cache();
-
- switch(err) {
- case noErr:
- return RET_OK;
- case cKrbSessDoesntExist:
- return RET_TKFIL;
- default:
- return KFAILURE;
- }
- }
-
-
-int dest_all_tkts()
-{
- int i=0;
- char name[ANAME_SZ], inst[INST_SZ], realm[REALM_SZ];
- int ndeletes=0;
- int err=0;
-
- (void) GetNumSessions(&i);
- if(!i) return RET_TKFIL;
-
- for( ; i; i--) {
- if(!GetNthSession(i, name, inst, realm)) {
- if (err = DeleteSession(name, inst, realm))
- break;
- ndeletes++;
- }
- else {
- err = KFAILURE;
- break;
- }
- }
-
- if (ndeletes > 0)
- change_cache();
-
- if (err)
- return KFAILURE;
- else
- return KSUCCESS;
- }
-
-
-/* krb_get_tf_realm -- return the realm of the current ticket file. */
-int KRB5_CALLCONV
-krb_get_tf_realm (tktfile, lrealm)
- char *tktfile;
- char *lrealm; /* Result stored through here */
-{
-
- return krb_get_tf_fullname(tktfile, (char*) 0, (char*) 0 , lrealm);
-}
-
-
-/* krb_get_tf_fullname -- return name, instance and realm of the
-principal in the current ticket file. */
-int KRB5_CALLCONV
-krb_get_tf_fullname (tktfile, name, instance, realm)
- char *tktfile;
- char *name;
- char *instance;
- char *realm;
-
-{
- OSErr err;
-
-/*
- Explaining this ugly hack:
- uname, uinstance, and urealm in the session record are "fixed"
- to short circuit multicache functionality, yielding only one
- session/cache for all cases. This was done under protest to remain
- API compatable with UNIX. The principal's and service realm are
- always the same and are stored in the same field of the credential.
- Principal's name and instance are stored neither in the session
- record or the credentials cache but in the file static variables
- curr_auth_uname, and curr_auth_uinst as set by in_tkt from its
- arguments pname and pinst.
-
- FIXME for multiple sessions -- keep track of which one is
- the "current" session, as picked by the user. tktfile not
- used for anything right now...
-*/
-
- err = GetNthCredentials(uname, uinstance, urealm, name,
- instance, realm, 1);
-
- if (err != noErr)
- return NO_TKT_FIL;
-
- if (name)
- strcpy(name, curr_auth_uname);
- if (instance)
- strcpy(instance, curr_auth_uinst);
-
- return KSUCCESS;
-
-}
-
-
-/*
- * krb_get_cred takes a service name, instance, and realm, and a
- * structure of type CREDENTIALS to be filled in with ticket
- * information. It then searches the ticket file for the appropriate
- * ticket and fills in the structure with the corresponding
- * information from the file. If successful, it returns KSUCCESS.
- * On failure it returns a Kerberos error code.
- */
-int KRB5_CALLCONV
-krb_get_cred (service, instance, realm, c)
- char *service; /* Service name */
- char *instance; /* Instance */
- char *realm; /* Authorization domain */
- CREDENTIALS *c; /* Credentials struct */
-{
- strcpy(c->service, service);
- strcpy(c->instance, instance);
- strcpy(c->realm, realm);
-
- /*
- FIXME jcm - Force one named cache for now for
- compatibility with Cygnus source tree. Figure out
- later how to access the multiple cache functionality
- from KClient.
- */
-
- switch(GetCredentials(uname, uinstance, urealm, c)) {
- case noErr:
- return KSUCCESS;
- case cKrbCredsDontExist:
- case cKrbSessDoesntExist:
- return GC_NOTKT;
- default:
- return KFAILURE;
- }
-}
-
-/*
- * This routine takes a ticket and associated info and
- * stores them in the ticket cache. The peer
- * routine for extracting a ticket and associated info from the
- * ticket cache is krb_get_cred(). When changes are made to
- * this routine, the corresponding changes should be made
- * in krb_get_cred() as well.
- *
- * Returns KSUCCESS if all goes well, otherwise KFAILURE.
- */
-
-int
-krb4int_save_credentials_addr(sname, sinst, srealm, session,
- lifetime, kvno, ticket, issue_date, laddr)
-
- char* sname; /* Service name */
- char* sinst; /* Instance */
- char* srealm; /* Auth domain */
- C_Block session; /* Session key */
- int lifetime; /* Lifetime */
- int kvno; /* Key version number */
- KTEXT ticket; /* The ticket itself */
- KRB4_32 issue_date; /* The issue time */
- KRB_UINT32 laddr;
-{
- CREDENTIALS cr;
-
- strcpy(cr.service, sname);
- strcpy(cr.instance, sinst);
- strcpy(cr.realm, srealm);
- memcpy((void*)cr.session, (void*)session, sizeof(C_Block));
- cr.lifetime = lifetime;
- cr.kvno = kvno;
- cr.ticket_st = *ticket;
- cr.issue_date = issue_date;
- strcpy(cr.pname, curr_auth_uname); /* FIXME for mult sessions */
- strcpy(cr.pinst, curr_auth_uinst); /* FIXME for mult sessions */
-
- if(AddCredentials(uname, uinstance, urealm, &cr)) return KFAILURE;
- change_cache();
- return KSUCCESS;
-}
-
-int KRB5_CALLCONV
-krb_save_credentials(
- char *name,
- char *inst,
- char *realm,
- C_Block session,
- int lifetime,
- int kvno,
- KTEXT ticket,
- KRB4_32 issue_date)
-{
- return krb4int_save_credentials_addr(name, inst, realm, session,
- lifetime, kvno, ticket,
- issue_date, 0);
-}
-
-
-int
-krb_delete_cred (sname, sinstance, srealm)
- char *sname;
- char *sinstance;
- char *srealm;
-{
-
- if (DeleteCredentials (uname, uinstance, urealm, sname, sinstance, srealm))
- return KFAILURE;
-
- change_cache();
-
- return KSUCCESS;
-
- /*
- FIXME jcm - translate better between KClient internal OSErr errors
- (eg. cKrbCredsDontExist) and kerberos error codes (eg. GC_NOTKT)
- */
-}
-
-int
-krb_get_nth_cred (sname, sinstance, srealm, n)
- char *sname;
- char *sinstance;
- char *srealm;
- int n;
-{
- if (GetNthCredentials(uname, uinstance, urealm, sname, sinstance, srealm, n))
- return KFAILURE;
- else
- return KSUCCESS;
-}
-
-/*
- * Return the number of credentials in the current credential cache (ticket cache).
- * On error, returns -1.
- */
-int
-krb_get_num_cred ()
-{
- int n;
- int s;
-
- s = GetNumCredentials(uname, uinstance, urealm, &n);
- if (s) return -1;
- else return n;
-}
-
-
-
-/* Lower level routines */
-
-OSErr GetNumSessions(n)
- int *n;
-{
- *n = fNumSessions;
- return 0;
- }
-
-/* n starts at 1, not 0 */
-OSErr
-GetNthSession(n, name, instance, realm)
- const int n;
- char *name;
- char *instance;
- char *realm;
-{
- Session *sptr;
-
- if(n > fNumSessions || !fSessions) return cKrbSessDoesntExist;
-
- sptr = (*fSessions) + n-1;
- if (name) strcpy(name, sptr->name);
- if (instance) strcpy(instance, sptr->instance);
- if (realm) strcpy(realm, sptr->realm);
-
- return noErr;
- }
-
-OSErr DeleteSession(name, instance, realm)
- const char *name;
- const char *instance;
- const char *realm;
-{
- int i;
- Session *sptr;
- Handle creds;
-
- if(!fNumSessions || !fSessions) return cKrbSessDoesntExist;
-
- sptr = *fSessions;
-
- for(i = 0; i < fNumSessions; i++) {
- if(!strcmp(sptr[i].name, name) &&
- !strcmp(sptr[i].instance, instance) &&
- !strcmp(sptr[i].realm, realm)) {
- break;
- }
- }
-
- if(i == fNumSessions) return cKrbSessDoesntExist;
-
- fNumSessions--;
-
- creds = (Handle) sptr[i].creds;
-
- for( ; i < fNumSessions; i++) {
- strcpy(sptr[i].name, sptr[i+1].name);
- strcpy(sptr[i].instance, sptr[i+1].instance);
- strcpy(sptr[i].realm, sptr[i+1].realm);
- }
-
- SetHandleSize((Handle) fSessions, fNumSessions * sizeof(Session));
- if(creds) DisposHandle(creds);
-
- return MemError();
- }
-
-OSErr GetCredentials(name, instance, realm, cr)
- const char *name;
- const char *instance;
- const char *realm;
- CREDENTIALS *cr;
-{
- int i;
- Session *sptr;
- CREDENTIALS *cptr;
-
- if(!fNumSessions || !fSessions) return cKrbSessDoesntExist;
-
- sptr = *fSessions;
-
- for(i = 0; i < fNumSessions; i++) {
- if(!strcmp(sptr[i].name, name) &&
- !strcmp(sptr[i].instance, instance) &&
- !strcmp(sptr[i].realm, realm)) {
- break;
- }
- }
-
- if(i == fNumSessions) return cKrbSessDoesntExist;
-
- sptr = sptr + i;
-
- if(!sptr->numcreds || !sptr->creds) return cKrbCredsDontExist;
-
- cptr = *(sptr->creds);
-
- for(i = 0; i < sptr->numcreds; i++) {
- if(!strcmp(cptr[i].service, cr->service) &&
- !strcmp(cptr[i].instance, cr->instance) &&
- !strcmp(cptr[i].realm, cr->realm)) {
- break;
- }
- }
-
- if(i == sptr->numcreds) return cKrbCredsDontExist;
-
- *cr = cptr[i];
- return noErr;
- }
-
-OSErr AddCredentials(name, instance, realm, cr)
- const char *name;
- const char *instance;
- const char *realm;
- const CREDENTIALS *cr;
-{
- Session *sptr;
- Handle creds;
- int i, thesess;
- CREDENTIALS *cptr;
-
- /* find the appropriate session, or create it if it doesn't exist */
- if(!fSessions) {
- fSessions = (Session**) NewHandleSys(0);
- if(MemError()) return MemError();
- fNumSessions = 0;
- }
-
- sptr = *fSessions;
-
- for(thesess = 0; thesess < fNumSessions; thesess++) {
- if(!strcmp(sptr[thesess].name, name) &&
- !strcmp(sptr[thesess].instance, instance) &&
- !strcmp(sptr[thesess].realm, realm)) {
- break;
- }
- }
-
- sptr = (*fSessions) + thesess;
-
- if(thesess == fNumSessions) { /* doesn't exist, create it */
- fNumSessions++;
- SetHandleSize((Handle) fSessions, fNumSessions * sizeof(Session));
- if(MemError()) return MemError();
-
- /* fSessions may have been moved, so redereference */
- sptr = (*fSessions) + thesess;
- strcpy(sptr->name, (char *)name);
- strcpy(sptr->instance, (char *)instance);
- strcpy(sptr->realm, (char *)realm);
- sptr->numcreds = 0;
- sptr->creds = 0;
- }
-
- /* if the session has no assoc creds, create storage for them so rest of algorithm
- doesn't break */
- if(!sptr->numcreds || !sptr->creds) {
- creds = NewHandleSys((Size) 0);
- if(MemError()) return MemError();
-
- /* rederef */
- sptr = (*fSessions) + thesess;
- sptr->creds = (CREDENTIALS **)creds;
- sptr->numcreds = 0;
- }
-
- /* find creds if we already have an instance of them, or create a new slot for them
- if we don't */
- cptr = *(sptr->creds);
-
- for(i = 0; i < sptr->numcreds; i++) {
- if(!strcmp(cptr[i].service, cr->service) &&
- !strcmp(cptr[i].instance, cr->instance) &&
- !strcmp(cptr[i].realm, cr->realm)) {
- break;
- }
- }
-
- if(i == sptr->numcreds) {
- sptr->numcreds++;
- SetHandleSize((Handle)sptr->creds, sptr->numcreds * sizeof(CREDENTIALS));
- if(MemError()) return MemError();
-
- /* rederef */
- sptr = (*fSessions) + thesess;
- cptr = *(sptr->creds);
- }
-
- /* store them (possibly replacing previous creds if they already exist) */
- cptr[i] = *cr;
- return noErr;
- }
-
-OSErr
-DeleteCredentials (uname, uinst, urealm, sname, sinst, srealm)
- const char *uname;
- const char *uinst;
- const char *urealm;
- const char *sname;
- const char *sinst;
- const char *srealm;
-{
- int i;
- Session *sptr;
- CREDENTIALS *cptr;
-
- if(!fNumSessions || !fSessions) return cKrbSessDoesntExist;
-
- sptr = *fSessions;
-
- for(i = 0; i < fNumSessions; i++) {
- if(!strcmp(sptr[i].name, uname) &&
- !strcmp(sptr[i].instance, uinstance) &&
- !strcmp(sptr[i].realm, urealm)) {
- break;
- }
- }
-
- if(i == fNumSessions) return cKrbSessDoesntExist;
-
- sptr = sptr + i;
-
- if(!sptr->numcreds || !sptr->creds) return cKrbCredsDontExist;
-
- cptr = *(sptr->creds);
-
- for(i = 0; i < sptr->numcreds; i++) {
- if(!strcmp(cptr[i].service, sname) &&
- !strcmp(cptr[i].instance, sinst) &&
- !strcmp(cptr[i].realm, srealm)) {
- break;
- }
- }
-
- if(i == sptr->numcreds) return cKrbCredsDontExist;
-
- sptr->numcreds--;
-
- for( ; i < sptr->numcreds; i++) {
- cptr[i] = cptr[i+1];
- }
-
- SetHandleSize((Handle) sptr->creds, sptr->numcreds * sizeof(CREDENTIALS));
-
- return MemError();
- }
-
-OSErr GetNumCredentials(name, instance, realm, n)
- const char *name;
- const char *instance;
- const char *realm;
- int *n;
-{
- int i;
- Session *sptr;
-
- if(!fNumSessions || !fSessions) {
- *n = 0;
- return cKrbSessDoesntExist;
- }
-
- sptr = *fSessions;
-
- for(i = 0; i < fNumSessions; i++) {
- if(!strcmp(sptr[i].name, name) &&
- !strcmp(sptr[i].instance, instance) &&
- !strcmp(sptr[i].realm, realm)) {
- break;
- }
- }
-
- if(i == fNumSessions) {
- *n = 0;
- return cKrbCredsDontExist;
- }
-
- *n = sptr[i].numcreds;
- return noErr;
- }
-
-/* returns service name, service instance and realm of the nth credential. */
-/* n starts at 1, not 0 */
-OSErr
-GetNthCredentials(uname, uinstance, urealm, sname, sinst, srealm, n)
- const char *uname;
- const char *uinstance;
- const char *urealm;
- char *sname;
- char *sinst;
- char *srealm;
- const int n;
-{
- int i;
- Session *sptr;
- CREDENTIALS *cptr;
-
- if(!fNumSessions || !fSessions) return cKrbSessDoesntExist;
-
- sptr = *fSessions;
-
- for(i = 0; i < fNumSessions; i++) {
- if(!strcmp(sptr[i].name, uname) &&
- !strcmp(sptr[i].instance, uinstance) &&
- !strcmp(sptr[i].realm, urealm)) {
- break;
- }
- }
-
- if(i == fNumSessions) return cKrbSessDoesntExist;
-
- sptr = (*fSessions) + i;
-
- if(n > sptr->numcreds || !sptr->creds) return cKrbCredsDontExist;
-
- cptr = (*(sptr->creds)) + n-1;
-
- /*
- check for null pointers cuz. some callers don't provide
- storage for all this info, eg. Kerb_get_tf_fullname.
- */
-
- if (sname)
- strcpy(sname, cptr->service);
- if (sinst)
- strcpy(sinst, cptr->instance);
- if (srealm)
- strcpy(srealm, cptr->realm);
- return noErr;
-}
+++ /dev/null
-/*
- memcache.h
- Kerberos credential store in memory
- Originally coded by Tim Miller / Brown University
- Mods 1/92 By Peter Bosanko
-
- Modified May-June 1994 by Julia Menapace and John Gilmore,
- Cygnus Support.
-*/
-
-struct Session {
- char name[ANAME_SZ];
- char instance[INST_SZ];
- char realm[REALM_SZ];
- int numcreds;
- CREDENTIALS **creds;
-};
-typedef struct Session Session;
-
-OSErr GetNumSessions(int *n);
-OSErr GetNthSession(const int n, char *name, char *instance, char *realm);
-OSErr DeleteSession(const char *name, const char *instance, const char *realm);
-OSErr GetCredentials(const char *name, const char *instance, const char *realm,
- CREDENTIALS *cr);
-/* name, instance, and realm of service wanted should be set in *cr
- before calling */
-OSErr AddCredentials(const char *name, const char *instance, const char *realm,
- const CREDENTIALS *cr);
-OSErr DeleteCredentials(const char *uname, const char *uinst,
- const char *urealm, const char *sname,
- const char *sinst, const char *srealm);
-OSErr GetNumCredentials(const char *name, const char *instance,
- const char *realm, int *n);
-OSErr GetNthCredentials(const char *uname, const char *uinst,
- const char *urealm, char *sname, char *sinst,
- char *srealm, const int n);
+++ /dev/null
-/*
- * lib/krb4/mk_auth.c
- *
- * Copyright 1987, 1988, 2000, 2001 by the Massachusetts Institute of
- * Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * Derived from sendauth.c by John Gilmore, 10 October 1994.
- */
-
-#include <stdio.h>
-#include "krb.h"
-#include "prot.h"
-#include <errno.h>
-#include <string.h>
-
-#define KRB_SENDAUTH_VERS "AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN chars */
-/*
- * If the protocol changes, you will need to change the version string
- * and make appropriate changes in recvauth.c and sendauth.c.
- */
-
-/*
- * This file contains two routines: krb_mk_auth() and krb_check_auth().
- *
- * krb_mk_auth() packages a ticket for transmission to an application
- * server.
- *
- * krb_krb_check_auth() validates a mutual-authentication response from
- * the application server.
- *
- * These routines are portable versions that implement a protocol
- * compatible with the original Unix "sendauth".
- */
-
-/*
- * The first argument to krb_mk_auth() contains a bitfield of
- * options (the options are defined in "krb.h"):
- *
- * KOPT_DONT_CANON Don't canonicalize instance as a hostname.
- * (If this option is not chosen, krb_get_phost()
- * is called to canonicalize it.)
- *
- * KOPT_DONT_MK_REQ Don't request server ticket from Kerberos.
- * A ticket must be supplied in the "ticket"
- * argument.
- * (If this option is not chosen, and there
- * is no ticket for the given server in the
- * ticket cache, one will be fetched using
- * krb_mk_req() and returned in "ticket".)
- *
- * KOPT_DO_MUTUAL Do mutual authentication, requiring that the
- * receiving server return the checksum+1 encrypted
- * in the session key. The mutual authentication
- * is done using krb_mk_priv() on the other side
- * (see "recvauth.c") and krb_rd_priv() on this
- * side.
- *
- * The "ticket" argument is used to store the new ticket
- * from the krb_mk_req() call. If the KOPT_DONT_MK_REQ options is
- * chosen, the ticket must be supplied in the "ticket" argument.
- * The "service", "inst", and "realm" arguments identify the ticket.
- * If "realm" is null, the local realm is used.
- *
- * The following argument is only needed if the KOPT_DO_MUTUAL option
- * is chosen:
- *
- * The "checksum" argument is a number that the server will add 1 to
- * to authenticate itself back to the client.
- *
- * The application protocol version number (of up to KRB_SENDAUTH_VLEN
- * characters) is passed in "version".
- *
- * The ticket is packaged into a message in the buffer pointed to by
- * the argument "buf".
- *
- * If all goes well, KSUCCESS is returned, otherwise some error code.
- *
- * The format of the message packaged to send to the application server is:
- *
- * Size Variable Field
- * ---- -------- -----
- *
- * KRB_SENDAUTH_VLEN KRB_SENDAUTH_VER sendauth protocol
- * bytes version number
- *
- * KRB_SENDAUTH_VLEN version application protocol
- * bytes version number
- *
- * 4 bytes ticket->length length of ticket
- *
- * ticket->length ticket->dat ticket itself
- */
-
-/*
- * Build a "sendauth" packet compatible with Unix sendauth/recvauth.
- */
-int KRB5_CALLCONV
-krb_mk_auth(options, ticket, service, inst, realm, checksum, version, buf)
- long options; /* bit-pattern of options */
- KTEXT ticket; /* where to put ticket (return); or
- supplied in case of KOPT_DONT_MK_REQ */
- char *service; /* service name */
- char *inst; /* instance (OUTPUT canonicalized) */
- char *realm; /* realm */
- unsigned KRB4_32 checksum; /* checksum to include in request */
- char *version; /* version string */
- KTEXT buf; /* Output buffer to fill */
-{
- int rem;
- char krb_realm[REALM_SZ];
- char *phost;
- int phostlen;
- unsigned char *p;
-
- rem = KSUCCESS;
-
- /* get current realm if not passed in */
- if (!realm) {
- rem = krb_get_lrealm(krb_realm,1);
- if (rem != KSUCCESS)
- return rem;
- realm = krb_realm;
- }
-
- if (!(options & KOPT_DONT_CANON)) {
- phost = krb_get_phost(inst);
- phostlen = krb4int_strnlen(phost, INST_SZ) + 1;
- if (phostlen <= 0 || phostlen > INST_SZ)
- return KFAILURE;
- memcpy(inst, phost, (size_t)phostlen);
- }
-
- /* get the ticket if desired */
- if (!(options & KOPT_DONT_MK_REQ)) {
- rem = krb_mk_req(ticket, service, inst, realm, (KRB4_32)checksum);
- if (rem != KSUCCESS)
- return rem;
- }
-
-#ifdef ATHENA_COMPAT
- /* this is only for compatibility with old servers */
- if (options & KOPT_DO_OLDSTYLE) {
- (void) snprintf(buf->dat, sizeof(buf->dat), "%d ",ticket->length);
- (void) write(fd, buf, strlen(buf));
- (void) write(fd, (char *) ticket->dat, ticket->length);
- return(rem);
- }
-#endif /* ATHENA_COMPAT */
-
- /* Check buffer size */
- if (sizeof(buf->dat) < (KRB_SENDAUTH_VLEN + KRB_SENDAUTH_VLEN
- + 4 + ticket->length)
- || ticket->length < 0)
- return KFAILURE;
-
- /* zero the buffer */
- memset(buf->dat, 0, sizeof(buf->dat));
- p = buf->dat;
-
- /* insert version strings */
- strncpy((char *)p, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN);
- p += KRB_SENDAUTH_VLEN;
- strncpy((char *)p, version, KRB_SENDAUTH_VLEN);
- p += KRB_SENDAUTH_VLEN;
-
- /* put ticket length into buffer */
- KRB4_PUT32BE(p, ticket->length);
-
- /* put ticket into buffer */
- memcpy(p, ticket->dat, (size_t)ticket->length);
- p += ticket->length;
-
- buf->length = p - buf->dat;
- return KSUCCESS;
-}
-
-/*
- * For mutual authentication using mk_auth, check the server's response
- * to validate that we're really talking to the server which holds the
- * key that we obtained from the Kerberos key server.
- *
- * The "buf" argument is the response we received from the app server.
- * The "checksum" argument is a number that the server has added 1 to
- * to authenticate itself back to the client (us); the "msg_data" argument
- * returns the returned mutual-authentication message from the server
- * (i.e., the checksum+1); "session" holds the
- * session key of the server, extracted from the ticket file, for use
- * in decrypting the mutual authentication message from the server;
- * and "schedule" returns the key schedule for that decryption. The
- * the local and server addresses are given in "laddr" and "faddr".
- */
-int KRB5_CALLCONV
-krb_check_auth (buf, checksum, msg_data, session, schedule, laddr, faddr)
- KTEXT buf; /* The response we read from app server */
- unsigned KRB4_32 checksum; /* checksum we included in request */
- MSG_DAT *msg_data; /* mutual auth MSG_DAT (return) */
- C_Block session; /* credentials (input) */
- Key_schedule schedule; /* key schedule (return) */
- struct sockaddr_in *laddr; /* local address */
- struct sockaddr_in *faddr; /* address of foreign host on fd */
-{
- int cc;
- unsigned KRB4_32 cksum;
- unsigned char *p;
-
- /* decrypt it */
-#ifndef NOENCRYPTION
- key_sched(session, schedule);
-#endif /* !NOENCRYPTION */
- if (buf->length < 0)
- return KFAILURE;
- cc = krb_rd_priv(buf->dat, (unsigned KRB4_32)buf->length, schedule,
- (C_Block *)session, faddr, laddr, msg_data);
- if (cc)
- return cc;
-
- /*
- * Fetch the (incremented) checksum that we supplied in the
- * request.
- */
- if (msg_data->app_length < 4)
- return KFAILURE;
- p = msg_data->app_data;
- KRB4_GET32BE(cksum, p);
-
- /* if it doesn't match, fail -- reply wasn't from our real server. */
- if (cksum != checksum + 1)
- return KFAILURE; /* XXX */
- return KSUCCESS;
-}
+++ /dev/null
-/*
- * lib/krb4/mk_err.c
- *
- * Copyright 1985, 1986, 1987, 1988, 2000 by the Massachusetts
- * Institute of Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include "prot.h"
-#include <string.h>
-
-/*
- * This routine creates a general purpose error reply message. It
- * doesn't use KTEXT because application protocol may have long
- * messages, and may want this part of buffer contiguous to other
- * stuff.
- *
- * The error reply is built in "p", using the error code "e" and
- * error text "e_string" given. The length of the error reply is
- * returned.
- *
- * The error reply is in the following format:
- *
- * unsigned char KRB_PROT_VERSION protocol version no.
- * unsigned char AUTH_MSG_APPL_ERR message type
- * (least significant
- * bit of above) HOST_BYTE_ORDER local byte order
- * 4 bytes e given error code
- * string e_string given error text
- */
-
-long KRB5_CALLCONV
-krb_mk_err(p, e, e_string)
- u_char *p; /* Where to build error packet */
- KRB4_32 e; /* Error code */
- char *e_string; /* Text of error */
-{
- u_char *start;
- size_t e_len;
-
- e_len = strlen(e_string) + 1;
-
- /* Just return the buffer length if p is NULL, because writing to the
- * buffer would be a bad idea. Note that this feature is a change from
- * previous versions, and can therefore only be used safely in this
- * source tree, where we know this function supports it. */
- if (p == NULL) {
- return 1 + 1 + 4 + e_len;
- }
-
- start = p;
-
- /* Create fixed part of packet */
- *p++ = KRB_PROT_VERSION;
- *p++ = AUTH_MSG_APPL_ERR;
-
- /* Add the basic info */
- KRB4_PUT32BE(p, e);
- memcpy(p, e_string, e_len); /* err text */
- p += e_len;
-
- /* And return the length */
- return p - start;
-}
+++ /dev/null
-/* mk_preauth.c */
-/* part of Cygnus Network Security */
-/* Copyright 1994 Cygnus Support */
-/*
- * Permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation.
- * Cygnus Support makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include <string.h>
-
-#include "autoconf.h"
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>
-#else
-extern char *malloc(), *calloc(), *realloc();
-#endif
-
-int
-krb_mk_preauth(preauth_p, preauth_len,
- key_proc, aname, inst, realm, password, key)
- char **preauth_p;
- int *preauth_len;
- key_proc_type key_proc;
- char *aname;
- char *inst;
- char *realm;
- char *password;
- C_Block key;
-{
-#ifdef NOENCRYPTION
- *preauth_len = strlen(aname) + 1; /* include the trailing 0 */
- *preauth_p = malloc(*preauth_len);
- strcpy(*preauth_p, aname); /* this will copy the trailing 0 */
-#else
- des_key_schedule key_s;
- int sl = strlen(aname);
-#endif
-
- (*key_proc)(aname, inst, realm, password, key);
-
-#ifndef NOENCRYPTION
- /*
- * preauth_len is set to a length greater than sl + 1
- * and a multpile of 8
- */
- *preauth_len = (((sl + 1) / 8) + 1) * 8;
- /* allocate memory for preauth_p and fill it with 0 */
- *preauth_p = malloc((size_t)*preauth_len);
- /* create the key schedule */
- if (des_key_sched(key, key_s)) {
- return 1;
- }
- /*
- * encrypt aname using key_s as the key schedule and key as the
- * initialization vector.
- */
- des_pcbc_encrypt((des_cblock *)aname, (des_cblock *)*preauth_p,
- (long)(sl + 1), key_s, (des_cblock *)key, DES_ENCRYPT);
- memset(key_s, 0, sizeof(key_s));
-#endif
- return 0;
-}
-
-void
-krb_free_preauth(preauth_p, preauth_len)
- char *preauth_p;
- int preauth_len;
-{
- free(preauth_p);
- return;
-}
+++ /dev/null
-/*
- * lib/krb4/mk_priv.c
- *
- * Copyright 1986, 1987, 1988, 2000 by the Massachusetts Institute of
- * Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * This routine constructs a Kerberos 'private msg', i.e.
- * cryptographically sealed with a private session key.
- *
- * Returns either < 0 ===> error, or resulting size of message
- *
- * Steve Miller Project Athena MIT/DEC
- */
-
-#include <stdio.h>
-#include <string.h>
-
-#include "krb.h"
-#include "prot.h"
-#include "des.h"
-#include "lsb_addr_cmp.h"
-#include "port-sockets.h"
-
-extern int krb_debug;
-
-/*
- * krb_mk_priv() constructs an AUTH_MSG_PRIVATE message. It takes
- * some user data "in" of "length" bytes and creates a packet in "out"
- * consisting of the user data, a timestamp, and the sender's network
- * address.
-#ifndef NOENCRYTION
- * The packet is encrypted by pcbc_encrypt(), using the given
- * "key" and "schedule".
-#endif
- * The length of the resulting packet "out" is
- * returned.
- *
- * It is similar to krb_mk_safe() except for the additional key
- * schedule argument "schedule" and the fact that the data is encrypted
- * rather than appended with a checksum. Also, the protocol version
- * number is "private_msg_ver", defined in krb_rd_priv.c, rather than
- * KRB_PROT_VERSION, defined in "krb.h".
- *
- * The "out" packet consists of:
- *
- * Size Variable Field
- * ---- -------- -----
- *
- * 1 byte private_msg_ver protocol version number
- * 1 byte AUTH_MSG_PRIVATE | message type plus local
- * HOST_BYTE_ORDER byte order in low bit
- *
-#ifdef NOENCRYPTION
- * 4 bytes c_length length of data
-#else
- * 4 bytes c_length length of encrypted data
- *
- * ===================== begin encrypt ================================
-#endif
- *
- * 4 bytes length length of user data
- * length in user data
- * 1 byte msg_time_5ms timestamp milliseconds
- * 4 bytes sender->sin.addr.s_addr sender's IP address
- *
- * 4 bytes msg_time_sec or timestamp seconds with
- * -msg_time_sec direction in sign bit
- *
- * 0<=n<=7 bytes pad to 8 byte multiple zeroes
-#ifndef NOENCRYPTION
- * (done by pcbc_encrypt())
- *
- * ======================= end encrypt ================================
-#endif
- */
-
-/* Utility function:
-
- Determine order of addresses, if SENDER less than RECEIVER return 1
- so caller will negate timestamp. Return -1 for failure. */
-int
-krb4int_address_less (struct sockaddr_in *sender, struct sockaddr_in *receiver)
-{
- unsigned long sender_addr, receiver_addr;
- unsigned short sender_port, receiver_port;
- switch (sender->sin_family) {
- case AF_INET:
- sender_addr = sender->sin_addr.s_addr;
- sender_port = sender->sin_port;
- break;
-#ifdef KRB5_USE_INET6
- case AF_INET6:
- {
- struct sockaddr_in6 *s6 = (struct sockaddr_in6 *) sender;
- if (IN6_IS_ADDR_V4MAPPED (&s6->sin6_addr)) {
- struct sockaddr_in sintmp = { 0 };
- memcpy (&sintmp.sin_addr.s_addr,
- 12+(char*)&s6->sin6_addr.s6_addr,
- 4);
- sender_addr = sintmp.sin_addr.s_addr;
- } else
- return -1;
- sender_port = s6->sin6_port;
- break;
- }
-#endif
- default:
- return -1;
- }
- switch (receiver->sin_family) {
- case AF_INET:
- receiver_addr = receiver->sin_addr.s_addr;
- receiver_port = receiver->sin_port;
- break;
-#ifdef KRB5_USE_INET6
- case AF_INET6:
- {
- struct sockaddr_in6 *s6 = (struct sockaddr_in6 *) receiver;
- if (IN6_IS_ADDR_V4MAPPED (&s6->sin6_addr)) {
- struct sockaddr_in sintmp = { 0 };
- memcpy (&sintmp.sin_addr.s_addr,
- 12+(char*)&s6->sin6_addr.s6_addr,
- 4);
- receiver_addr = sintmp.sin_addr.s_addr;
- } else
- return -1;
- receiver_port = s6->sin6_port;
- break;
- }
-#endif
- default:
- return -1;
- }
- /* For compatibility with broken old code, compares are done in
- VAX byte order (LSBFIRST). */
- if (lsb_net_ulong_less(sender_addr, receiver_addr) == -1
- || (lsb_net_ulong_less(sender_addr, receiver_addr) == 0
- && lsb_net_ushort_less(sender_port, receiver_port) == -1))
- return 1;
- return 0;
- /*
- * all that for one tiny bit! Heaven help those that talk to
- * themselves.
- */
-}
-
-long KRB5_CALLCONV
-krb_mk_priv(in, out, length, schedule, key, sender, receiver)
- u_char *in; /* application data */
- u_char *out; /* put msg here, leave room for
- * header! breaks if in and out
- * (header stuff) overlap */
- unsigned KRB4_32 length; /* of in data */
- Key_schedule schedule; /* precomputed key schedule */
- C_Block *key; /* encryption key for seed and ivec */
- struct sockaddr_in *sender; /* sender address */
- struct sockaddr_in *receiver; /* receiver address */
-{
- register u_char *p,*q;
- u_char *c_length_ptr;
- extern int private_msg_ver; /* in krb_rd_priv.c */
-
- unsigned KRB4_32 c_length, c_length_raw;
- u_char msg_time_5ms;
- unsigned KRB4_32 msg_time_sec;
- unsigned KRB4_32 msg_time_usec;
-
- /* Be really paranoid. */
- if (sizeof(sender->sin_addr.s_addr) != 4)
- return -1;
- /*
- * get the current time to use instead of a sequence #, since
- * process lifetime may be shorter than the lifetime of a session
- * key.
- */
- msg_time_sec = TIME_GMT_UNIXSEC_US(&msg_time_usec);
- msg_time_5ms = msg_time_usec / 5000; /* 5ms quanta */
-
- p = out;
-
- /* Cruftiness below! */
- *p++ = private_msg_ver ? private_msg_ver : KRB_PROT_VERSION;
- *p++ = AUTH_MSG_PRIVATE;
-
- /* save ptr to cipher length */
- c_length_ptr = p;
- p += 4;
-
-#ifndef NOENCRYPTION
- /* start for encrypted stuff */
-#endif
- q = p;
-
- /* stuff input length */
- KRB4_PUT32BE(p, length);
-
-#ifdef NOENCRYPTION
- /* make all the stuff contiguous for checksum */
-#else
- /* make all the stuff contiguous for checksum and encryption */
-#endif
- memcpy(p, in, (size_t)length);
- p += length;
-
- /* stuff time 5ms */
- *p++ = msg_time_5ms;
-
- /* stuff source address */
- if (sender->sin_family == AF_INET)
- memcpy(p, &sender->sin_addr.s_addr, sizeof(sender->sin_addr.s_addr));
-#ifdef KRB5_USE_INET6
- else if (sender->sin_family == AF_INET6
- && IN6_IS_ADDR_V4MAPPED (&((struct sockaddr_in6 *)sender)->sin6_addr))
- memcpy(p, 12+(char*)&((struct sockaddr_in6 *)sender)->sin6_addr, 4);
-#endif
- else
- /* The address isn't one we can encode in 4 bytes -- but
- that's okay if the receiver doesn't care. */
- memset(p, 0, 4);
- p += sizeof(sender->sin_addr.s_addr);
-
- /*
- * direction bit is the sign bit of the timestamp. Ok
- * until 2038??
- */
- switch (krb4int_address_less (sender, receiver)) {
- case 1:
- msg_time_sec = -msg_time_sec;
- break;
- case -1:
- /* Which way should we go in this case? */
- case 0:
- break;
- }
-
- /* stuff time sec */
- KRB4_PUT32BE(p, msg_time_sec);
-
- /*
- * All that for one tiny bit! Heaven help those that talk to
- * themselves.
- */
-
-#ifdef notdef
- /*
- * calculate the checksum of the length, address, sequence, and
- * inp data
- */
- cksum = quad_cksum(q,NULL,p-q,0,key);
- DEB (("\ncksum = %u",cksum));
- /* stuff checksum */
- memcpy(p, &cksum, sizeof(cksum));
- p += sizeof(cksum);
-#endif
-
-#ifdef NOENCRYPTION
- /*
- * All the data have been assembled, compute length
- */
-#else
- /*
- * All the data have been assembled, compute length and encrypt
- * starting with the length, data, and timestamps use the key as
- * an ivec.
- */
-#endif
-
- c_length_raw = p - q;
- c_length = ((c_length_raw + sizeof(C_Block) -1)
- / sizeof(C_Block)) * sizeof(C_Block);
- /* stuff the length */
- p = c_length_ptr;
- KRB4_PUT32BE(p, c_length);
-
-#ifndef NOENCRYPTION
- /* pcbc encrypt, pad as needed, use key as ivec */
- pcbc_encrypt((C_Block *)q,(C_Block *)q, (long)c_length_raw,
- schedule, key, ENCRYPT);
-#endif /* NOENCRYPTION */
-
- return q - out + c_length; /* resulting size */
-}
+++ /dev/null
-/*
- * lib/krb4/mk_req.c
- *
- * Copyright 1985, 1986, 1987, 1988, 2000, 2002 by the Massachusetts
- * Institute of Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include "prot.h"
-#include "des.h"
-#include <string.h>
-#include "krb4int.h"
-
-extern int krb_ap_req_debug;
-static int lifetime = 255; /* Default based on the TGT */
-
-static int krb_mk_req_creds_prealm(KTEXT, CREDENTIALS *, KRB4_32, char *);
-
-/*
- * krb_mk_req takes a text structure in which an authenticator is to
- * be built, the name of a service, an instance, a realm,
- * and a checksum. It then retrieves a ticket for
- * the desired service and creates an authenticator in the text
- * structure passed as the first argument. krb_mk_req returns
- * KSUCCESS on success and a Kerberos error code on failure.
- *
- * The peer procedure on the other end is krb_rd_req. When making
- * any changes to this routine it is important to make corresponding
- * changes to krb_rd_req.
- *
- * The authenticator consists of the following:
- *
- * authent->dat
- *
- * unsigned char KRB_PROT_VERSION protocol version no.
- * unsigned char AUTH_MSG_APPL_REQUEST message type
- * (least significant
- * bit of above) HOST_BYTE_ORDER local byte ordering
- * unsigned char kvno from ticket server's key version
- * string realm server's realm
- * unsigned char tl ticket length
- * unsigned char idl request id length
- * text ticket->dat ticket for server
- * text req_id->dat request id
- *
- * The ticket information is retrieved from the ticket cache or
- * fetched from Kerberos. The request id (called the "authenticator"
-#ifdef NOENCRYPTION
- * in the papers on Kerberos) contains the following:
-#else
- * in the papers on Kerberos) contains information encrypted in the session
- * key for the client and ticket-granting service: {req_id}Kc,tgs
- * Before encryption, it contains the following:
-#endif
- *
- * req_id->dat
- *
- * string cr.pname {name, instance, and
- * string cr.pinst realm of principal
- * string myrealm making this request}
- * 4 bytes checksum checksum argument given
- * unsigned char time_usecs time (microseconds)
- * 4 bytes time_secs time (seconds)
- *
- * req_id->length = 3 strings + 3 terminating nulls + 5 bytes for time,
- * all rounded up to multiple of 8.
- */
-
-static int
-krb_mk_req_creds_prealm(authent, creds, checksum, myrealm)
- register KTEXT authent; /* Place to build the authenticator */
- CREDENTIALS *creds;
- KRB4_32 checksum; /* Checksum of data (optional) */
- char *myrealm; /* Client's realm */
-{
- KTEXT_ST req_st; /* Temp storage for req id */
- KTEXT req_id = &req_st;
- unsigned char *p, *q, *reqid_lenp;
- int tl; /* Tkt len */
- int idl; /* Reqid len */
- register KTEXT ticket; /* Pointer to tkt_st */
- Key_schedule key_s;
- size_t realmlen, pnamelen, pinstlen, myrealmlen;
- unsigned KRB4_32 time_secs;
- unsigned KRB4_32 time_usecs;
-
- /* Don't risk exposing stack garbage to correspondent, even if
- encrypted from other prying eyes. */
- memset(&req_st, 0x69, sizeof(req_st));
-
- ticket = &creds->ticket_st;
- /* Get the ticket and move it into the authenticator */
- if (krb_ap_req_debug)
- DEB (("Realm: %s\n", creds->realm));
-
- realmlen = strlen(creds->realm) + 1;
- if (sizeof(authent->dat) < (1 + 1 + 1
- + realmlen
- + 1 + 1 + ticket->length)
- || ticket->length < 0 || ticket->length > 255) {
- authent->length = 0;
- return KFAILURE;
- }
-
- if (krb_ap_req_debug)
- DEB (("%s %s %s %s %s\n", creds->service, creds->instance,
- creds->realm, creds->pname, creds->pinst));
-
- p = authent->dat;
-
- /* The fixed parts of the authenticator */
- *p++ = KRB_PROT_VERSION;
- *p++ = AUTH_MSG_APPL_REQUEST;
- *p++ = creds->kvno;
-
- memcpy(p, creds->realm, realmlen);
- p += realmlen;
-
- tl = ticket->length;
- *p++ = tl;
- /* Save ptr to where req_id->length goes. */
- reqid_lenp = p;
- p++;
- memcpy(p, ticket->dat, (size_t)tl);
- p += tl;
-
- if (krb_ap_req_debug)
- DEB (("Ticket->length = %d\n",ticket->length));
- if (krb_ap_req_debug)
- DEB (("Issue date: %d\n",creds->issue_date));
-
- pnamelen = strlen(creds->pname) + 1;
- pinstlen = strlen(creds->pinst) + 1;
- myrealmlen = strlen(myrealm) + 1;
- if (sizeof(req_id->dat) / 8 < (pnamelen + pinstlen + myrealmlen
- + 4 + 1 + 4 + 7) / 8) {
- return KFAILURE;
- }
-
- q = req_id->dat;
-
- /* Build request id */
- /* Auth name */
- memcpy(q, creds->pname, pnamelen);
- q += pnamelen;
- /* Principal's instance */
- memcpy(q, creds->pinst, pinstlen);
- q += pinstlen;
- /* Authentication domain */
- memcpy(q, myrealm, myrealmlen);
- q += myrealmlen;
- /* Checksum */
- KRB4_PUT32BE(q, checksum);
-
- /* Fill in the times on the request id */
- time_secs = TIME_GMT_UNIXSEC_US (&time_usecs);
- *q++ = time_usecs; /* time_usecs % 255 */
- /* Time (coarse) */
- KRB4_PUT32BE(q, time_secs);
-
- /* Fill to a multiple of 8 bytes for DES */
- req_id->length = ((q - req_id->dat + 7) / 8) * 8;
-
-#ifndef NOENCRYPTION
- /* Encrypt the request ID using the session key */
- key_sched(creds->session, key_s);
- pcbc_encrypt((C_Block *)req_id->dat, (C_Block *)req_id->dat,
- (long)req_id->length, key_s, &creds->session, 1);
- /* clean up */
- memset(key_s, 0, sizeof(key_s));
-#endif /* NOENCRYPTION */
-
- /* Copy it into the authenticator */
- idl = req_id->length;
- if (idl > 255)
- return KFAILURE;
- *reqid_lenp = idl;
- memcpy(p, req_id->dat, (size_t)idl);
- p += idl;
-
- authent->length = p - authent->dat;
-
- /* clean up */
- memset(req_id, 0, sizeof(*req_id));
-
- if (krb_ap_req_debug)
- DEB (("Authent->length = %d\n",authent->length));
- if (krb_ap_req_debug)
- DEB (("idl = %d, tl = %d\n", idl, tl));
-
- return KSUCCESS;
-}
-
-int KRB5_CALLCONV
-krb_mk_req(authent, service, instance, realm, checksum)
- register KTEXT authent; /* Place to build the authenticator */
- char *service; /* Name of the service */
- char *instance; /* Service instance */
- char *realm; /* Authentication domain of service */
- KRB4_32 checksum; /* Checksum of data (optional) */
-{
- char krb_realm[REALM_SZ]; /* Our local realm, if not specified */
- char myrealm[REALM_SZ]; /* Realm of initial TGT. */
- int retval;
- CREDENTIALS creds;
-
- /* get current realm if not passed in */
- if (realm == NULL) {
- retval = krb_get_lrealm(krb_realm, 1);
- if (retval != KSUCCESS)
- return retval;
- realm = krb_realm;
- }
- /*
- * Determine realm of these tickets. We will send this to the
- * KDC from which we are requesting tickets so it knows what to
- * with our session key.
- */
- retval = krb_get_tf_realm(TKT_FILE, myrealm);
- if (retval != KSUCCESS)
- retval = krb_get_lrealm(myrealm, 1);
- if (retval != KSUCCESS)
- return retval;
-
- retval = krb_get_cred(service, instance, realm, &creds);
- if (retval == RET_NOTKT) {
- retval = get_ad_tkt(service, instance, realm, lifetime);
- if (retval)
- return retval;
- retval = krb_get_cred(service, instance, realm, &creds);
- if (retval)
- return retval;
- }
- if (retval != KSUCCESS)
- return retval;
-
- retval = krb_mk_req_creds_prealm(authent, &creds, checksum, myrealm);
- memset(&creds.session, 0, sizeof(creds.session));
- return retval;
-}
-
-int KRB5_CALLCONV
-krb_mk_req_creds(authent, creds, checksum)
- register KTEXT authent; /* Place to build the authenticator */
- CREDENTIALS *creds;
- KRB4_32 checksum; /* Checksum of data (optional) */
-{
- return krb_mk_req_creds_prealm(authent, creds, checksum, creds->realm);
-}
-
-/*
- * krb_set_lifetime sets the default lifetime for additional tickets
- * obtained via krb_mk_req().
- *
- * It returns the previous value of the default lifetime.
- */
-
-int KRB5_CALLCONV
-krb_set_lifetime(newval)
-int newval;
-{
- int olife = lifetime;
-
- lifetime = newval;
- return olife;
-}
+++ /dev/null
-/*
- * lib/krb4/mk_req.c
- *
- * Copyright 1986, 1987, 1988, 2000 by the Massachusetts Institute of
- * Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * This routine constructs a Kerberos 'safe msg', i.e. authenticated
- * using a private session key to seed a checksum. Msg is NOT
- * encrypted.
- *
- * Returns either <0 ===> error, or resulting size of message
- *
- * Steve Miller Project Athena MIT/DEC
- */
-
-#include <stdio.h>
-#include <string.h>
-
-#include "krb.h"
-#include "des.h"
-#include "prot.h"
-#include "lsb_addr_cmp.h"
-#include "port-sockets.h"
-
-extern int krb_debug;
-
-/*
- * krb_mk_safe() constructs an AUTH_MSG_SAFE message. It takes some
- * user data "in" of "length" bytes and creates a packet in "out"
- * consisting of the user data, a timestamp, and the sender's network
- * address, followed by a checksum computed on the above, using the
- * given "key". The length of the resulting packet is returned.
- *
- * The "out" packet consists of:
- *
- * Size Variable Field
- * ---- -------- -----
- *
- * 1 byte KRB_PROT_VERSION protocol version number
- * 1 byte AUTH_MSG_SAFE | message type plus local
- * HOST_BYTE_ORDER byte order in low bit
- *
- * ===================== begin checksum ================================
- *
- * 4 bytes length length of user data
- * length in user data
- * 1 byte msg_time_5ms timestamp milliseconds
- * 4 bytes sender->sin.addr.s_addr sender's IP address
- *
- * 4 bytes msg_time_sec or timestamp seconds with
- * -msg_time_sec direction in sign bit
- *
- * ======================= end checksum ================================
- *
- * 16 bytes big_cksum quadratic checksum of
- * above using "key"
- */
-
-long KRB5_CALLCONV
-krb_mk_safe(in, out, length, key, sender, receiver)
- u_char *in; /* application data */
- u_char *out; /*
- * put msg here, leave room for header!
- * breaks if in and out (header stuff)
- * overlap
- */
- unsigned KRB4_32 length; /* of in data */
- C_Block *key; /* encryption key for seed and ivec */
- struct sockaddr_in *sender; /* sender address */
- struct sockaddr_in *receiver; /* receiver address */
-{
- register u_char *p,*q;
-
- unsigned KRB4_32 cksum;
- unsigned KRB4_32 big_cksum[4];
- unsigned KRB4_32 msg_secs;
- unsigned KRB4_32 msg_usecs;
- u_char msg_time_5ms;
- KRB4_32 msg_time_sec;
- int i;
-
- /* Be really paranoid. */
- if (sizeof(sender->sin_addr.s_addr) != 4)
- return -1;
- /*
- * get the current time to use instead of a sequence #, since
- * process lifetime may be shorter than the lifetime of a session
- * key.
- */
- msg_secs = TIME_GMT_UNIXSEC_US(&msg_usecs);
- msg_time_sec = msg_secs;
- msg_time_5ms = msg_usecs / 5000; /* 5ms quanta */
-
- p = out;
-
- *p++ = KRB_PROT_VERSION;
- *p++ = AUTH_MSG_SAFE;
-
- q = p; /* start for checksum stuff */
- /* stuff input length */
- KRB4_PUT32BE(p, length);
-
- /* make all the stuff contiguous for checksum */
- memcpy(p, in, length);
- p += length;
-
- /* stuff time 5ms */
- *p++ = msg_time_5ms;
-
- /* stuff source address */
- if (sender->sin_family == AF_INET)
- memcpy(p, &sender->sin_addr.s_addr, sizeof(sender->sin_addr.s_addr));
-#ifdef KRB5_USE_INET6
- else if (sender->sin_family == AF_INET6
- && IN6_IS_ADDR_V4MAPPED (&((struct sockaddr_in6 *)sender)->sin6_addr))
- memcpy(p, 12+(char*)&((struct sockaddr_in6 *)sender)->sin6_addr, 4);
-#endif
- else
- /* The address isn't one we can encode in 4 bytes -- but
- that's okay if the receiver doesn't care. */
- memset(p, 0, 4);
- p += sizeof(sender->sin_addr.s_addr);
-
- /*
- * direction bit is the sign bit of the timestamp. Ok until
- * 2038??
- */
- if (krb4int_address_less (sender, receiver) == 1)
- msg_time_sec = -msg_time_sec;
- /* stuff time sec */
- KRB4_PUT32BE(p, msg_time_sec);
-
-#ifdef NOENCRYPTION
- cksum = 0;
- memset(big_cksum, 0, sizeof(big_cksum));
-#else /* Do encryption */
- /* calculate the checksum of length, timestamps, and input data */
- cksum = quad_cksum(q, (unsigned KRB4_32 *)big_cksum,
- p - q, 2, key);
-#endif /* NOENCRYPTION */
- DEB(("\ncksum = %u",cksum));
-
- /* stuff checksum */
- for (i = 0; i < 4; i++)
- KRB4_PUT32BE(p, big_cksum[i]);
-
- return p - out; /* resulting size */
-}
+++ /dev/null
-/*
- * month_sname.c
- *
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- */
-
-/*
- * Given an integer 1-12, month_sname() returns a string
- * containing the first three letters of the corresponding
- * month. Returns 0 if the argument is out of range.
- */
-
-#include <krb.h>
-#include "krb4int.h"
-
-const char *month_sname(n)
- int n;
-{
- static const char name[][4] = {
- "Jan","Feb","Mar","Apr","May","Jun",
- "Jul","Aug","Sep","Oct","Nov","Dec"
- };
- return((n < 1 || n > 12) ? 0 : name [n-1]);
-}
+++ /dev/null
-/*
- * lib/krb4/netwrite.c
- *
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include <errno.h>
-#include "krb.h"
-#include "autoconf.h"
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include "port-sockets.h"
-
-/*
- * krb_net_read() reads from the file descriptor "fd" to the buffer
- * "buf", until either 1) "len" bytes have been read or 2) cannot
- * read anymore from "fd". It returns the number of bytes read
- * or a read() error. (The calling interface is identical to
- * read(2).)
- *
- * XXX must not use non-blocking I/O
- */
-int
-krb_net_read(fd, buf, len)
-int fd;
-register char *buf;
-register int len;
-{
- int cc, len2 = 0;
-
- do {
- cc = SOCKET_READ(fd, buf, len);
- if (cc < 0)
- {
- if (SOCKET_ERRNO == SOCKET_EINTR)
- continue;
- return(cc); /* errno is already set */
- }
- else if (cc == 0) {
- return(len2);
- } else {
- buf += cc;
- len2 += cc;
- len -= cc;
- }
- } while (len > 0);
- return(len2);
-}
+++ /dev/null
-/*
- * lib/krb4/netwrite.c
- *
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include <errno.h>
-#include "krb.h"
-#include "autoconf.h"
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include "port-sockets.h"
-
-/*
- * krb_net_write() writes "len" bytes from "buf" to the file
- * descriptor "fd". It returns the number of bytes written or
- * a write() error. (The calling interface is identical to
- * write(2).)
- *
- * XXX must not use non-blocking I/O
- */
-int
-krb_net_write(fd, buf, len)
-int fd;
-register char *buf;
-int len;
-{
- int cc;
- register int wrlen = len;
- do {
- cc = SOCKET_WRITE(fd, buf, wrlen);
- if (cc < 0)
- {
- if (SOCKET_ERRNO == SOCKET_EINTR)
- continue;
- return(cc);
- }
- else {
- buf += cc;
- wrlen -= cc;
- }
- } while (wrlen > 0);
- return(len);
-}
+++ /dev/null
-/*
- * lib/krb4/password_to_key.c
- *
- * Copyright 1999, 2002 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * password_to_key functions merged from KfM
- */
-
-#include <string.h>
-#include <stdlib.h>
-
-#ifdef USE_CCAPI
-#include <CredentialsCache.h>
-#endif
-#include "krb.h"
-#include "krb4int.h"
-
-#include "k5-platform.h"
-
-/*
- * passwd_to_key(): given a password, return a DES key.
- * There are extra arguments here which (used to be?)
- * used by srvtab_to_key().
- *
- * If the "passwd" argument is not null, generate a DES
- * key from it, using string_to_key().
- *
- * If the "passwd" argument is null, then on a Unix system we call
- * des_read_password() to prompt for a password and then convert it
- * into a DES key. But "prompting" the user is harder in a Windows or
- * Macintosh environment, so we rely on our caller to explicitly do
- * that now.
- *
- * In either case, the resulting key is put in the "key" argument,
- * and 0 is returned.
- */
-
-
-key_proc_type *krb_get_keyprocs (key_proc_type keyproc)
-{
- static key_proc_type default_keyprocs[4] = { mit_passwd_to_key,
- afs_passwd_to_key,
- krb5_passwd_to_key,
- NULL };
-
- static key_proc_type user_keyprocs[2] = { NULL, NULL };
-
- /* generate the list of key procs */
- if (keyproc == NULL) {
- return default_keyprocs; /* use the default */
- } else {
- user_keyprocs[0] = keyproc;
- return user_keyprocs; /* use the caller provided keyprocs */
- }
-}
-
-int KRB5_CALLCONV
-mit_passwd_to_key(
- char *user,
- char *instance,
- char *realm,
- char *passwd,
- C_Block key)
-{
-#if 0 /* what system? */
-#pragma unused(user)
-#pragma unused(instance)
-#pragma unused(realm)
-#endif
-
- if (passwd) {
- des_string_to_key(passwd, key);
- } else {
-#if !(defined(_WIN32) || defined(USE_LOGIN_LIBRARY))
- des_read_password((des_cblock *)key, "Password", 0);
-#else
- return (-1);
-#endif
- }
- return (0);
-}
-
-/* So we can use a v4 kinit against a v5 kdc with no krb4 salted key */
-int KRB5_CALLCONV
-krb5_passwd_to_key(
- char *user,
- char *instance,
- char *realm,
- char *passwd,
- C_Block key)
-{
- char *p;
-
- if (user && instance && realm && passwd) {
- if (strlen(realm) + strlen(user) + strlen(instance) > MAX_K_NAME_SZ)
- /* XXX Is this right? The old code returned 0, which is
- also what it returns after sucessfully generating a
- key. The other error path returns -1. */
- return 0;
- if (asprintf(&p, "%s%s%s%s", passwd, realm, user, instance) >= 0) {
- des_string_to_key (p, key);
- free (p);
- return 0;
- }
- }
- return -1;
-}
-
-int KRB5_CALLCONV
-afs_passwd_to_key(
- char *user,
- char *instance,
- char *realm,
- char *passwd,
- C_Block key)
-{
-#if 0 /* what system? */
-#pragma unused(user)
-#pragma unused(instance)
-#endif
-
- if (passwd) {
- afs_string_to_key(passwd, realm, key);
- } else {
-#if !(defined(_WIN32) || defined(USE_LOGIN_LIBRARY))
- des_read_password((des_cblock *)key, "Password", 0);
-#else
- return (-1);
-#endif
- }
- return (0);
-}
+++ /dev/null
-/*
- * pkt_cipher.c
- *
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- */
-
-#include "mit-copyright.h"
-#include <string.h>
-#include "krb.h"
-#include "prot.h"
-
-
-/*
- * This routine takes a reply packet from the Kerberos ticket-granting
- * service and returns a pointer to the beginning of the ciphertext in it.
- *
- * See "prot.h" for packet format.
- */
-
-KTEXT
-pkt_cipher(packet)
- KTEXT packet;
-{
- unsigned char *ptr = pkt_a_realm(packet) + 6
- + strlen((char *)pkt_a_realm(packet));
- /* Skip a few more fields */
- ptr += 3 + 4; /* add 4 for exp_date */
-
- /* And return the pointer */
- return((KTEXT) ptr);
-}
+++ /dev/null
-/*
- * pkt_clen.c
- *
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- */
-
-#include "mit-copyright.h"
-#include <string.h>
-#include "krb.h"
-#include "prot.h"
-
-extern int krb_debug;
-int swap_bytes=0;
-
-/*
- * Given a pointer to an AUTH_MSG_KDC_REPLY packet, return the length of
- * its ciphertext portion. The external variable "swap_bytes" is assumed
- * to have been set to indicate whether or not the packet is in local
- * byte order. pkt_clen() takes this into account when reading the
- * ciphertext length out of the packet.
- */
-
-int
-pkt_clen(pkt)
- KTEXT pkt;
-{
- static unsigned short temp;
- int clen = 0;
-
- /* Start of ticket list */
- unsigned char *ptr = pkt_a_realm(pkt) + 10
- + strlen((char *)pkt_a_realm(pkt));
-
- /* Finally the length */
- memcpy((char *)&temp, (char *)(++ptr), 2); /* alignment */
- if (swap_bytes)
- temp = krb4_swab16(temp);
-
- clen = (int) temp;
-
- DEB (("Clen is %d\n",clen));
- return(clen);
-}
+++ /dev/null
-/*
- * lib/krb4/prot_client.c
- *
- * Copyright 2001 by the Massachusetts Institute of Technology. All
- * Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * Contains protocol encoders and decoders used by a krb4 client.
- */
-
-#include "krb.h"
-#include "prot.h"
-#include <string.h>
-
-/*
- * encode_kdc_request
- *
- * Packet format is originally from g_in_tkt.c.
- *
- * Size Variable Field
- * ---- -------- -----
- * 1 byte KRB_PROT_VERSION protocol version number
- * 1 byte AUTH_MSG_KDC_REQUEST | message type
- * HOST_BYTE_ORDER local byte order in lsb
- * string user client's name
- * string instance client's instance
- * string realm client's realm
- * 4 bytes tlocal.tv_sec timestamp in seconds
- * 1 byte life desired lifetime
- * string service service's name
- * string sinstance service's instance
- */
-int KRB5_CALLCONV
-krb4prot_encode_kdc_request(char *pname, char *pinst, char *prealm,
- KRB4_32 tlocal, int life,
- char *sname, char *sinst,
- char *preauth, int preauthlen,
- int chklen, /* check input str len? */
- int le, /* little-endian? */
- KTEXT pkt)
-{
- unsigned char *p;
- int ret;
- size_t snamelen, sinstlen;
-
- p = pkt->dat;
-
- *p++ = KRB_PROT_VERSION;
- *p++ = AUTH_MSG_KDC_REQUEST | !!le;
-
- ret = krb4prot_encode_naminstrlm(pname, pinst, prealm, chklen,
- pkt, &p);
- if (ret)
- return ret;
-
- snamelen = strlen(sname) + 1;
- sinstlen = strlen(sinst) + 1;
- if (chklen && (snamelen > ANAME_SZ || sinstlen > INST_SZ))
- return KRB4PROT_ERR_OVERRUN;
- if ((sizeof(pkt->dat) - (p - pkt->dat))
- < (4 + 1 + snamelen + sinstlen + preauthlen))
- return KRB4PROT_ERR_OVERRUN;
-
- /* timestamp */
- KRB4_PUT32(p, tlocal, le);
-
- *p++ = life;
-
- memcpy(p, sname, snamelen);
- p += snamelen;
- memcpy(p, sinst, sinstlen);
- p += sinstlen;
-
- if (preauthlen)
- memcpy(p, preauth, (size_t)preauthlen);
- p += preauthlen;
-
- pkt->length = p - pkt->dat;
- return KRB4PROT_OK;
-}
-
-/*
- * decode_kdc_reply
- */
-int KRB5_CALLCONV
-krb4prot_decode_kdc_reply(KTEXT pkt,
- int *le,
- char *pname, char *pinst, char *prealm,
- long *time_ws, int *n,
- unsigned long *x_date, int *kvno,
- KTEXT ciph)
-{
- unsigned char *p;
- int msg_type;
- int ret;
- unsigned int ciph_len;
-
- p = pkt->dat;
- if (pkt->length < 2)
- return KRB4PROT_ERR_UNDERRUN;
- if (*p++ != KRB_PROT_VERSION)
- return KRB4PROT_ERR_PROT_VERS;
- msg_type = *p++;
- *le = msg_type & 1;
- msg_type &= ~1;
- if (msg_type != AUTH_MSG_KDC_REPLY)
- return KRB4PROT_ERR_MSG_TYPE;
-
- ret = krb4prot_decode_naminstrlm(ciph, &p, pname, pinst, prealm);
- if (ret)
- return ret;
-
-#define PKT_REMAIN (pkt->length - (p - pkt->dat))
-
- if (PKT_REMAIN < (4 /* time */
- + 1 /* number of tickets */
- + 4 /* exp date */
- + 1 /* kvno */
- + 2)) /* ciph length */
- return KRB4PROT_ERR_UNDERRUN;
- if (time_ws != NULL)
- KRB4_GET32(*time_ws, p, *le); /* XXX signed/unsigned */
- else
- p += 4;
- if (n != NULL)
- *n = *p++;
- else
- p++;
- if (x_date != NULL)
- KRB4_GET32(*x_date, p, *le);
- else
- p += 4;
- if (kvno != NULL)
- *kvno = *p++;
- else
- p++;
- KRB4_GET16(ciph_len, p, *le);
- if (PKT_REMAIN < ciph_len)
- return KRB4PROT_ERR_UNDERRUN;
- ciph->length = ciph_len;
- memcpy(ciph->dat, p, (size_t)ciph->length);
- return KRB4PROT_OK;
-#undef PKT_REMAIN
-}
-
-int KRB5_CALLCONV
-krb4prot_decode_ciph(KTEXT ciph, int le,
- C_Block session,
- char *name, char *inst, char *realm,
- int *life, int *kvno,
- KTEXT tkt, unsigned long *kdc_time)
-{
- unsigned char *p;
- int ret;
-
- p = ciph->dat;
- if (ciph->length < 8)
- return KRB4PROT_ERR_UNDERRUN;
- memcpy(session, p, 8);
- p += 8;
- ret = krb4prot_decode_naminstrlm(ciph, &p, name, inst, realm);
- if (ret)
- return ret;
-#define CIPH_REMAIN (ciph->length - (p - ciph->dat))
- if (CIPH_REMAIN < (1 /* life */
- + 1 /* kvno */
- + 1)) /* tkt->length */
- return KRB4PROT_ERR_UNDERRUN;
- if (life != NULL)
- *life = *p++;
- else
- p++;
- if (kvno != NULL)
- *kvno = *p++;
- else
- p++;
- tkt->length = *p++;
- if (CIPH_REMAIN < (tkt->length
- + 4)) /* kdc_time */
- return KRB4PROT_ERR_UNDERRUN;
- memcpy(tkt->dat, p, (size_t)tkt->length);
- p += tkt->length;
-
- if (kdc_time != NULL)
- KRB4_GET32(*kdc_time, p, le);
-
- return KRB4PROT_OK;
-#undef CIPH_REMAIN
-}
-
-/*
- * encode_apreq
- *
- * The following was originally from mk_req.c.
- *
- * unsigned char KRB_PROT_VERSION protocol version no.
- * unsigned char AUTH_MSG_APPL_REQUEST message type
- * (least significant
- * bit of above) HOST_BYTE_ORDER local byte ordering
- * unsigned char kvno from ticket server's key version
- * string realm server's realm
- * unsigned char tl ticket length
- * unsigned char idl request id length
- * binary ticket->dat ticket for server
- * binary req_id->dat request id
- */
-int KRB5_CALLCONV
-krb4prot_encode_apreq(int kvno, char *realm,
- KTEXT tkt, KTEXT req_id,
- int chklen, /* check str len? */
- int le, /* little-endian? */
- KTEXT pkt)
-{
- unsigned char *p;
- size_t realmlen;
-
- p = pkt->dat;
- /* Assume >= 3 bytes in a KTEXT. */
- *p++ = KRB_PROT_VERSION;
- *p++ = AUTH_MSG_APPL_REQUEST | !!le;
-
- *p++ = kvno;
-
- realmlen = strlen(realm) + 1;
- if (chklen && realmlen > REALM_SZ)
- return KRB4PROT_ERR_OVERRUN;
- if (tkt->length > 255 || req_id->length > 255)
- return KRB4PROT_ERR_OVERRUN;
- if ((sizeof(pkt->dat) - (p - pkt->dat))
- < (realmlen
- + 1 /* tkt->length */
- + 1 /* req_id->length */
- + tkt->length + req_id->length))
- return KRB4PROT_ERR_OVERRUN;
-
- memcpy(p, realm, realmlen);
- p += realmlen;
-
- *p++ = tkt->length;
- *p++ = req_id->length;
- memcpy(p, tkt->dat, (size_t)tkt->length);
- p += tkt->length;
- memcpy(p, req_id->dat, (size_t)req_id->length);
- p += req_id->length;
-
- pkt->length = p - pkt->dat;
- return KRB4PROT_OK;
-}
-
-/*
- * encode_authent
- *
- * Encodes an authenticator (called req_id in some of the code for
- * some weird reason). Does not encrypt.
- *
- * The following packet layout is originally from mk_req.c. It is
- * rounded up to the next multiple of 8 bytes.
- *
- * string cr.pname {name, instance, and
- * string cr.pinst realm of principal
- * string myrealm making this request}
- * 4 bytes checksum checksum argument given
- * unsigned char time_usecs time (microseconds)
- * 4 bytes time_secs time (seconds)
- */
-int KRB5_CALLCONV
-krb4prot_encode_authent(char *pname, char *pinst, char *prealm,
- KRB4_32 checksum,
- int time_usec, long time_sec,
- int chklen, /* check str lens? */
- int le, /* little-endian? */
- KTEXT pkt)
-{
- unsigned char *p;
- int ret;
-
- p = pkt->dat;
- ret = krb4prot_encode_naminstrlm(pname, pinst, prealm, chklen,
- pkt, &p);
- if (ret)
- return ret;
- if ((sizeof(pkt->dat) - (p - pkt->dat)) / 8
- < (4 /* checksum */
- + 1 /* microsec */
- + 4 /* time */
- + 7) / 8) /* roundoff */
- return KRB4PROT_ERR_OVERRUN;
-
- KRB4_PUT32(p, checksum, le);
- *p++ = time_usec;
- KRB4_PUT32(p, time_sec, le);
-
- memset(p, 0, 7); /* nul-pad */
- pkt->length = (((p - pkt->dat) + 7) / 8) * 8;
- return KRB4PROT_OK;
-}
-
-/*
- * decode_error
- *
- * Decodes an error reply from the KDC.
- */
-int KRB5_CALLCONV
-krb4prot_decode_error(KTEXT pkt, int *le,
- char *pname, char *pinst, char *prealm,
- unsigned long *time_ws,
- unsigned long *err, char *err_string)
-{
- unsigned char *p;
- int msg_type, ret, errstrlen;
-
- p = pkt->dat;
- if (pkt->length < 2)
- return KRB4PROT_ERR_UNDERRUN;
- if (*p++ != KRB_PROT_VERSION)
- return KRB4PROT_ERR_PROT_VERS;
- msg_type = *p++;
- *le = msg_type & 1;
- msg_type &= ~1;
- if (msg_type != AUTH_MSG_ERR_REPLY)
- return KRB4PROT_ERR_MSG_TYPE;
-
- ret = krb4prot_decode_naminstrlm(pkt, &p, pname, pinst, prealm);
- if (ret)
- return ret;
-
-#define PKT_REMAIN (pkt->length - (p - pkt->dat))
- if (PKT_REMAIN < (4 /* time */
- + 4)) /* err code */
- return KRB4PROT_ERR_UNDERRUN;
-
- if (time_ws != NULL)
- KRB4_GET32(*time_ws, p, le);
- else
- p += 4;
- if (err != NULL)
- KRB4_GET32(*err, p, le);
- else
- p += 4;
-
- if (PKT_REMAIN <= 0) /* allow for missing error string */
- return KRB4PROT_OK;
-
- errstrlen = krb4int_strnlen((char *)p, PKT_REMAIN) + 1;
- if (errstrlen <= 0) /* If it's there, it must be nul-terminated. */
- return KRB4PROT_ERR_OVERRUN;
- if (err_string != NULL)
- memcpy(err_string, p, (size_t)errstrlen);
-
- return KRB4PROT_OK;
-#undef PKT_REMAIN
-}
+++ /dev/null
-/*
- * lib/krb4/prot_common.c
- *
- * Copyright 2001 by the Massachusetts Institute of Technology. All
- * Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * Contains some common code used by multiple encoders/decoders.
- */
-
-#include "krb.h"
-#include "prot.h"
-#include <string.h>
-
-/*
- * encode_naminstrlm
- *
- * Takes input string triplet of a principal, encodes into PKT.
- * Assumes that input strings are properly terminated. If CHKLEN is
- * non-zero, validate input string lengths against their respective
- * limits. The pointer P is the address of the moving pointer used by
- * the caller, and is updated here.
- *
- * Returns zero on success, non-zero on failure.
- *
- * PKT->LENGTH is NOT updated. The caller must update it.
- */
-int KRB5_CALLCONV
-krb4prot_encode_naminstrlm(char *name, char *inst, char *realm,
- int chklen, /* check input str len? */
- KTEXT pkt, /* buffer to encode into */
- unsigned char **p /* moving pointer */)
-{
- size_t namelen, instlen, realmlen;
-
- namelen = strlen(name) + 1;
- instlen = strlen(inst) + 1;
- realmlen = strlen(realm) + 1;
- if (chklen && (namelen > ANAME_SZ || instlen > INST_SZ
- || realmlen > REALM_SZ))
- return KRB4PROT_ERR_OVERRUN;
- if (*p - pkt->dat < namelen + instlen + realmlen)
- return KRB4PROT_ERR_OVERRUN;
- memcpy(*p, name, namelen);
- *p += namelen;
- memcpy(*p, inst, instlen);
- *p += namelen;
- memcpy(*p, realm, realmlen);
- *p += namelen;
- return KRB4PROT_OK;
-}
-
-/*
- * decode_naminstrlm
- *
- * Grabs a string triplet corresponding to a principal. The input
- * buffer PKT should have its length properly set. The pointer P is
- * the address of the moving pointer used by the caller, and will be
- * updated. If any input pointer is NULL, merely skip the string.
- *
- * The output strings NAME, INST, and REALM are assumed to be of the
- * correct sizes (ANAME_SZ, INST_SZ, REALM_SZ).
- *
- * Returns 0 on success, non-zero on failure.
- */
-int KRB5_CALLCONV
-krb4prot_decode_naminstrlm(KTEXT pkt, /* buffer to decode from */
- unsigned char **p, /* moving pointer */
- char *name, char *inst, char *realm)
-{
- int len;
-
-#define PKT_REMAIN (pkt->length - (*p - pkt->dat))
- if (PKT_REMAIN <= 0)
- return KRB4PROT_ERR_UNDERRUN;
- len = krb4int_strnlen((char *)*p, PKT_REMAIN) + 1;
- if (len == 0 || len > ANAME_SZ)
- return KRB4PROT_ERR_OVERRUN;
- if (name != NULL)
- memcpy(name, *p, (size_t)len);
- *p += len;
-
- if (PKT_REMAIN <= 0)
- return KRB4PROT_ERR_UNDERRUN;
- len = krb4int_strnlen((char *)*p, PKT_REMAIN) + 1;
- if (len <= 0 || len > INST_SZ)
- return KRB4PROT_ERR_OVERRUN;
- if (name != NULL)
- memcpy(inst, *p, (size_t)len);
- *p += len;
-
- if (PKT_REMAIN <= 0)
- return KRB4PROT_ERR_UNDERRUN;
- len = krb4int_strnlen((char *)*p, PKT_REMAIN) + 1;
- if (len <= 0 || len > REALM_SZ)
- return KRB4PROT_ERR_OVERRUN;
- if (realm != NULL)
- memcpy(realm, *p, (size_t)len);
- *p += len;
- return KRB4PROT_OK;
-#undef PKT_REMAIN
-}
-
-int KRB5_CALLCONV
-krb4prot_decode_header(KTEXT pkt,
- int *pver, int *msgtype, int *le)
-{
- unsigned char *p;
-
- p = pkt->dat;
- if (pkt->length < 2)
- return KRB4PROT_ERR_UNDERRUN;
- *pver = *p++;
- *msgtype = *p++;
- *le = *msgtype & 1;
- *msgtype &= ~1;
- return KRB4PROT_OK;
-}
+++ /dev/null
-/*
- * lib/krb4/prot_kdc.c
- *
- * Copyright 1985--1988, 2000, 2001 by the Massachusetts Institute of
- * Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * Contains the protocol encoders and decoders used by the KDC.
- */
-
-#include "krb.h"
-#include "prot.h"
-#include <string.h>
-#include "port-sockets.h"
-
-/*
- * encode_kdc_reply
- *
- * Encodes a reply from the KDC to the client.
- *
- * Returns KRB4PROT_OK on success, non-zero on failure.
- *
- * Caller is responsible for cleaning up OUTBUF.
- *
- * This packet layout description was originally in cr_auth_repl.c:
- *
- * variable
- * type or constant data
- * ---- ----------- ----
- * unsigned char KRB_PROT_VERSION protocol version number
- *
- * unsigned char AUTH_MSG_KDC_REPLY protocol message type
- *
- * [least significant HOST_BYTE_ORDER sender's (server's) byte
- * bit of above field] order
- *
- * string pname principal's name
- *
- * string pinst principal's instance
- *
- * string prealm principal's realm
- *
- * unsigned long time_ws client's timestamp
- *
- * unsigned char n number of tickets
- *
- * unsigned long x_date expiration date
- *
- * unsigned char kvno master key version
- *
- * short cipher->length cipher length
- *
- * binary cipher->dat cipher data
- */
-int KRB5_CALLCONV
-krb4prot_encode_kdc_reply(char *pname, char *pinst, char *prealm,
- long time_ws,
- int n, /* Number of tickets; 0 for krb4 (!) */
- unsigned long x_date, /* exp date */
- int kvno,
- KTEXT cipher, /* encrypted ticket */
- int chklen, /* check input str len? */
- int le, /* little-endian? */
- KTEXT outbuf)
-{
- unsigned char *p;
- int ret;
-
- p = outbuf->dat;
- /* This is really crusty. */
- if (n != 0)
- *p++ = 3;
- else
- *p++ = KRB_PROT_VERSION;
- /* little-endianness based on input, usually big-endian, though. */
- *p++ = AUTH_MSG_KDC_REPLY | !!le;
-
- ret = krb4prot_encode_naminstrlm(pname, pinst, prealm, chklen,
- outbuf, &p);
- if (ret)
- return ret;
-
- /* Check lengths */
- if (cipher->length > 65535 || cipher->length < 0)
- return KRB4PROT_ERR_OVERRUN;
- if ((sizeof(outbuf->dat) - (p - outbuf->dat)
- < (4 /* timestamp */
- + 1 /* num of tickets */
- + 4 /* exp date */
- + 1 /* kvno */
- + 2 /* cipher->length */
- + cipher->length))) /* cipher->dat */
- return KRB4PROT_ERR_OVERRUN;
-
- /* Workstation timestamp */
- KRB4_PUT32(p, time_ws, le);
-
- /* Number of tickets */
- *p++ = n;
-
- /* Expiration date */
- KRB4_PUT32(p, x_date, le);
-
- /* Now send the ciphertext and info to help decode it */
- *p++ = kvno;
- KRB4_PUT16(p, cipher->length, le);
- memcpy(p, cipher->dat, (size_t)cipher->length);
- p += cipher->length;
-
- /* And return the packet */
- outbuf->length = p - outbuf->dat;
- return KRB4PROT_OK;
-}
-
-/*
- * encode_ciph
- *
- * Encodes a "cipher" that is to be included in a KDC reply message.
- *
- * Caller is responsible for cleaning up CIPH.
- *
- * Returns KRB4PROT_OK on success, non-zero on failure.
- *
- * Packet format below is originally from cr_ciph.c:
- *
- * variable
- * type or constant data
- * ---- ----------- ----
- * 8 bytes session session key for client, service
- *
- * string service service name
- *
- * string instance service instance
- *
- * string realm KDC realm
- *
- * unsigned char life ticket lifetime
- *
- * unsigned char kvno service key version number
- *
- * unsigned char tkt->length length of following ticket
- *
- * data tkt->dat ticket for service
- *
- * 4 bytes kdc_time KDC's timestamp
- *
- * <=7 bytes null null pad to 8 byte multiple
- */
-int KRB5_CALLCONV
-krb4prot_encode_ciph(C_Block session,
- char *name, char *inst, char *realm,
- unsigned long life, int kvno,
- KTEXT tkt, /* ticket */
- unsigned long kdc_time,
- int chklen, /* check str lens? */
- int le, /* little-endian? */
- KTEXT ciph) /* output buffer */
-{
- unsigned char *p;
- int ret;
-
- p = ciph->dat;
- /*
- * Assume that there will be >= 8 bytes in a KTEXT. If there
- * aren't, we have worse problems.
- */
- memcpy(p, session, 8);
- p += 8;
-
- ret = krb4prot_encode_naminstrlm(name, inst, realm, chklen,
- ciph, &p);
- if (ret)
- return ret;
- if (tkt->length > 255 || tkt->length < 0)
- return KRB4PROT_ERR_OVERRUN;
- if ((sizeof(ciph->dat) - (p - ciph->dat)) / 8
- < (1 /* life */
- + 1 /* kvno */
- + 1 /* tkt->length */
- + tkt->length /* tkt->dat */
- + 4 /* kdc_time */
- + 7) / 8) /* roundoff */
- return KRB4PROT_ERR_OVERRUN;
-
- *p++ = life;
- *p++ = kvno;
- *p++ = tkt->length;
-
- memcpy(p, tkt->dat, (size_t)tkt->length);
- p += tkt->length;
-
- KRB4_PUT32(p, kdc_time, le);
-
- /* Guarantee null pad to multiple of 8 bytes */
- memset(p, 0, 7);
- ciph->length = (((p - ciph->dat) + 7) / 8) * 8;
- return KRB4PROT_OK;
-}
-
-/*
- * encode_tkt
- *
- * Encode ticket to include in a "cipher". Does not encrypt.
- *
- * Caller is responsible for cleaning TKT.
- *
- * The length of the ticket is a multiple of
- * eight bytes and is in tkt->length.
- *
- * If the ticket is not a multiple of eight bytes long, the ticket
- * will contain nulls.
- *
- * Returns KRB4PROT_OK on success, non-zero on failure.
- *
- * The following packet layout is from cr_tkt.c:
- *
- * variable
- * type or constant data
- * ---- ----------- ----
- * unsigned char flags namely, HOST_BYTE_ORDER
- *
- * string pname client's name
- *
- * string pinstance client's instance
- *
- * string prealm client's realm
- *
- * 4 bytes paddress client's address
- *
- * 8 bytes session session key
- *
- * 1 byte life ticket lifetime
- *
- * 4 bytes time_sec KDC timestamp
- *
- * string sname service's name
- *
- * string sinstance service's instance
- *
- * <=7 bytes null null pad to 8 byte multiple
- */
-int KRB5_CALLCONV
-krb4prot_encode_tkt(unsigned int flags,
- char *pname, char *pinst, char *prealm,
- unsigned long paddress,
- char *session,
- int life, long time_sec,
- char *sname, char *sinst,
- int chklen, /* check str lens? */
- int le, /* little-endian? */
- KTEXT tkt) /* output buf */
-{
- struct in_addr paddr;
- unsigned char *p;
- size_t snamelen, sinstlen;
-
- /* Be really paranoid. */
- if (sizeof(paddr.s_addr) != 4)
- return KFAILURE;
-
- p = tkt->dat;
- /*
- * Assume at least one byte in a KTEXT. If not, we have bigger
- * problems. Also, bitwise-OR in the little-endian flag.
- */
- *p++ = flags | !!le;
-
- if (krb4prot_encode_naminstrlm(pname, pinst, prealm, chklen,
- tkt, &p))
- return KFAILURE;
-
- snamelen = strlen(sname) + 1;
- sinstlen = strlen(sinst) + 1;
- if (life > 255 || life < 0)
- return KFAILURE;
- if (chklen && (snamelen > ANAME_SZ || sinstlen > INST_SZ))
- return KFAILURE;
- if ((sizeof(tkt->dat) - (p - tkt->dat)) / 8
- < (4 /* address */
- + 8 /* session */
- + 1 /* life */
- + 4 /* issue time */
- + snamelen + sinstlen
- + 7) / 8) /* roundoff */
- return KFAILURE;
-
- paddr.s_addr = paddress;
- memcpy(p, &paddr.s_addr, sizeof(paddr.s_addr));
- p += sizeof(paddr.s_addr);
-
- memcpy(p, session, 8);
- p += 8;
- *p++ = life;
- /* issue time */
- KRB4_PUT32(p, time_sec, le);
-
- memcpy(p, sname, snamelen);
- p += snamelen;
- memcpy(p, sinst, sinstlen);
- p += sinstlen;
-
- /* guarantee null padded ticket to multiple of 8 bytes */
- memset(p, 0, 7);
- tkt->length = ((p - tkt->dat + 7) / 8) * 8;
- return KSUCCESS;
-}
-
-/*
- * encode_err_reply
- *
- * Encode an error reply message from the KDC to the client.
- *
- * Returns KRB4PROT_OK on success, non-zero on error.
- *
- * The following packet layout description is from cr_err_repl.c:
- *
- * type variable data
- * or constant
- * ---- ----------- ----
- * unsigned char req_ack_vno protocol version number
- *
- * unsigned char AUTH_MSG_ERR_REPLY protocol message type
- *
- * [least significant HOST_BYTE_ORDER sender's (server's) byte
- * bit of above field] order
- *
- * string pname principal's name
- *
- * string pinst principal's instance
- *
- * string prealm principal's realm
- *
- * unsigned long time_ws client's timestamp
- *
- * unsigned long e error code
- *
- * string e_string error text
- */
-int KRB5_CALLCONV
-krb4prot_encode_err_reply(char *pname, char *pinst, char *prealm,
- unsigned long time_ws,
- unsigned long err, /* error code */
- char *err_string, /* error text */
- int chklen, /* check str lens? */
- int le, /* little-endian? */
- KTEXT pkt) /* output buf */
-{
- unsigned char *p;
- size_t err_stringlen;
-
- p = pkt->dat;
- /* Assume >= 2 bytes in KTEXT. */
- *p++ = KRB_PROT_VERSION;
- *p++ = AUTH_MSG_ERR_REPLY | !!le;
-
- if (krb4prot_encode_naminstrlm(pname, pinst, prealm, chklen,
- pkt, &p))
- return KFAILURE;
-
- err_stringlen = strlen(err_string) + 1;
- if ((sizeof(pkt->dat) - (p - pkt->dat))
- < (4 /* timestamp */
- + 4 /* err code */
- + err_stringlen))
- return KFAILURE;
- /* ws timestamp */
- KRB4_PUT32(p, time_ws, le);
- /* err code */
- KRB4_PUT32(p, err, le);
- /* err text */
- memcpy(p, err_string, err_stringlen);
- p += err_stringlen;
-
- /* And return */
- pkt->length = p - pkt->dat;
- return KSUCCESS;
-}
-
-/*
- * decode_kdc_request
- *
- * Decode an initial ticket request sent from the client to the KDC.
- *
- * Packet format is described in g_in_tkt.c.
- *
- * Returns KRB4PROT_OK on success, non-zero on failure.
- */
-int KRB5_CALLCONV
-krb4prot_decode_kdc_request(KTEXT pkt,
- int *le,
- char *pname, char *pinst, char *prealm,
- long *req_time, int *life,
- char *sname, char *sinst)
-{
- unsigned char *p;
- int msg_type, ret, len;
-
- p = pkt->dat;
-
- /* Get prot vers and msg type */
- if (pkt->length < 2)
- return KRB4PROT_ERR_UNDERRUN;
- if (*p++ != KRB_PROT_VERSION)
- return KRB4PROT_ERR_PROT_VERS;
- msg_type = *p++;
- *le = msg_type & 1;
- msg_type &= ~1;
- if (msg_type != AUTH_MSG_KDC_REQUEST)
- return KRB4PROT_ERR_MSG_TYPE;
-
- ret = krb4prot_decode_naminstrlm(pkt, &p, pname, pinst, prealm);
- if (ret)
- return ret;
-
-#define PKT_REMAIN (pkt->length - (p - pkt->dat))
-
- if (PKT_REMAIN < (4 /* time */
- + 1)) /* life */
- return KRB4PROT_ERR_UNDERRUN;
-
- KRB4_GET32(*req_time, p, *le);
-
- *life = *p++;
-
- if (PKT_REMAIN <= 0)
- return KRB4PROT_ERR_UNDERRUN;
- len = krb4int_strnlen((char *)p, PKT_REMAIN) + 1;
- if (len <= 0 || len > ANAME_SZ)
- return KRB4PROT_ERR_OVERRUN;
- memcpy(sname, p, (size_t)len);
- p += len;
-
- if (PKT_REMAIN <= 0)
- return KRB4PROT_ERR_UNDERRUN;
- len = krb4int_strnlen((char *)p, PKT_REMAIN) + 1;
- if (len <= 0 || len > INST_SZ)
- return KRB4PROT_ERR_OVERRUN;
- memcpy(sinst, p, (size_t)len);
- p += len;
-
- /* XXX krb4 preauth? */
- return KRB4PROT_OK;
-}
+++ /dev/null
-/* lib/krb/put_svc_key.c */
-/* Copyright 1994 Cygnus Support */
-/* Mark W. Eichin */
-/*
- * Permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation.
- * Cygnus Support makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-/*
- * put_svc_key is a simple version of what 'ksrvutil add' provides, for some
- * circumstances when service keys are distributed by applictions.
- *
- * Caveats: currently uses UNIX I/O (open, read) rather than stdio - this
- * should be fixed.
- * It could probably be made more general (and then actually be used
- * by ksrvutil.) This version supports just enough to be useful.
- */
-
-#include "krb.h"
-#include "krb4int.h"
-
-#include <string.h>
-#include <stdio.h>
-#include <fcntl.h>
-#include "autoconf.h"
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include "k5-platform.h"
-
-#define KEYSZ sizeof(C_Block)
-/* strict put_svc_key.
- The srvtab must already exist;
- The key (exact match) must already be in the file;
- version numbers are not checked.
- */
-int KRB5_CALLCONV
-put_svc_key(sfile,name,inst,realm,newvno,key)
- char *sfile;
- char *name;
- char *inst;
- char *realm;
- int newvno;
- char *key;
-{
- int fd;
- char fname[SNAME_SZ], finst[INST_SZ], frlm[REALM_SZ];
- unsigned char fvno;
- char fkey[KEYSZ];
-
- if (!sfile)
- sfile = KEYFILE;
-
- if ((fd = open(sfile, O_RDWR)) < 0)
- return KFAILURE;
- set_cloexec_fd(fd);
-
- while(getst(fd,fname,SNAME_SZ) > 0) {
- getst(fd,finst,INST_SZ);
- getst(fd,frlm,REALM_SZ);
- if (!strcmp(fname,name)
- && !strcmp(finst,inst)
- && !strcmp(frlm,realm)) {
- /* all matched, so write new data */
- fvno = newvno;
- lseek(fd,0,SEEK_CUR);
- if (write(fd,&fvno,1) != 1) {
- close(fd);
- return KFAILURE;
- }
- if (write(fd,key,KEYSZ) != KEYSZ) {
- close(fd);
- return KFAILURE;
- }
- close(fd);
- return KSUCCESS;
- }
- if (read(fd,&fvno,1) != 1) {
- close(fd);
- return KFAILURE;
- }
- if (read(fd,fkey,KEYSZ) != KEYSZ) {
- close(fd);
- return KFAILURE;
- }
- }
- /* never found it */
- close(fd);
- return KFAILURE;
-}
+++ /dev/null
-/*
- * lib/krb4/rd_err.c
- *
- * Copyright 1986, 1987, 1988, 2000 by the Massachusetts Institute of
- * Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * Steve Miller Project Athena MIT/DEC
- */
-
-#include <string.h>
-
-#include "krb.h"
-#include "prot.h"
-
-/*
- * Given an AUTH_MSG_APPL_ERR message, "in" and its length "in_length",
- * return the error code from the message in "code" and the text in
- * "m_data" as follows:
- *
- * m_data->app_data points to the error text
- * m_data->app_length points to the length of the error text
- *
- * If all goes well, return RD_AP_OK. If the version number
- * is wrong, return RD_AP_VERSION, and if it's not an AUTH_MSG_APPL_ERR
- * type message, return RD_AP_MSG_TYPE.
- *
- * The AUTH_MSG_APPL_ERR message format can be found in mk_err.c
- */
-
-int KRB5_CALLCONV
-krb_rd_err(in, in_length, code, m_data)
- u_char *in; /* pointer to the msg received */
- u_long in_length; /* of in msg */
- long *code; /* received error code */
- MSG_DAT *m_data;
-{
- register u_char *p;
- int le;
- unsigned KRB4_32 raw_code;
-
- p = in; /* beginning of message */
-
- if (in_length < 1 + 1 + 4)
- return RD_AP_MODIFIED; /* XXX should have better error code */
- if (*p++ != KRB_PROT_VERSION)
- return RD_AP_VERSION;
- if (((*p) & ~1) != AUTH_MSG_APPL_ERR)
- return RD_AP_MSG_TYPE;
- le = *p++ & 1;
-
- KRB4_GET32(raw_code, p, le);
- *code = raw_code; /* XXX unsigned->signed conversion! */
-
- m_data->app_data = p; /* we're now at the error text
- * message */
- m_data->app_length = p - in;
-
- return RD_AP_OK; /* OK == 0 */
-}
+++ /dev/null
-/* rd_preauth.c */
-/* part of Cygnus Network Security */
-/* Copyright 1994 Cygnus Support */
-/*
- * Permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation.
- * Cygnus Support makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include "krb_db.h"
-#include "prot.h"
-#include "des.h"
-#include "krb4int.h"
-#include <string.h>
-
-/* #define KERB_ERR_PREAUTH_SHORT 11 */
-/* #define KERB_ERR_PREAUTH_MISMATCH 12 */
-
-
-int
-krb_rd_preauth(pkt, preauth_p, preauth_len, auth_pr, key)
- KTEXT pkt;
- char *preauth_p;
- int preauth_len;
- Principal *auth_pr;
- des_cblock key;
-{
- int st;
- char *name_p;
-
- name_p = auth_pr->name;
-
-#ifndef NOENCRYPTION
- /* Decrypt preauth_p using key as the key and initialization vector. */
- /* check preauth_len */
- if ((((strlen(name_p) + 1) / 8) + 1) * 8 != preauth_len)
- return KERB_ERR_PREAUTH_SHORT;
- else {
- des_key_schedule key_s;
-
- if (des_key_sched(key, key_s)) {
- return 1;
- }
- des_pcbc_encrypt((des_cblock *)preauth_p, (des_cblock *)preauth_p,
- (long)preauth_len, key_s, (des_cblock *)key,
- DES_DECRYPT);
- memset(key_s, 0, sizeof(key_s));
- }
-#endif /* R3_NO_MODIFICATIONS */
-
- /* since the preauth data has the trailing 0, this just works */
- st = strcmp(preauth_p, name_p);
- if (st)
- return KERB_ERR_PREAUTH_MISMATCH;
- return 0;
-}
+++ /dev/null
-/*
- * lib/krb4/rd_priv.c
- *
- * Copyright 1986, 1987, 1988, 2000 by the Massachusetts Institute of
- * Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * This routine dissects a a Kerberos 'private msg', decrypting it,
- * checking its integrity, and returning a pointer to the application
- * data contained and its length.
- *
- * Returns 0 (RD_AP_OK) for success or an error code (RD_AP_...). If
- * the return value is RD_AP_TIME, then either the times are too far
- * out of synch, OR the packet was modified.
- *
- * Steve Miller Project Athena MIT/DEC
- */
-
-/* system include files */
-#include <stdio.h>
-#include <string.h>
-
-/* application include files */
-#include "krb.h"
-#include "prot.h"
-#include "des.h"
-#include "lsb_addr_cmp.h"
-#include "port-sockets.h"
-
-extern int krb_debug;
-
-/* This one is exported, for use by krb_mk_priv. */
-int private_msg_ver = KRB_PROT_VERSION;
-
-/*
-#ifdef NOENCRPYTION
- * krb_rd_priv() checks the integrity of an
-#else
- * krb_rd_priv() decrypts and checks the integrity of an
-#endif
- * AUTH_MSG_PRIVATE message. Given the message received, "in",
- * the length of that message, "in_length", the key "schedule"
-#ifdef NOENCRYPTION
- * and "key", and the network addresses of the
-#else
- * and "key" to decrypt with, and the network addresses of the
-#endif
- * "sender" and "receiver" of the message, krb_rd_safe() returns
- * RD_AP_OK if the message is okay, otherwise some error code.
- *
- * The message data retrieved from "in" are returned in the structure
-#ifdef NOENCRYPTION
- * "m_data". The pointer to the application data
-#else
- * "m_data". The pointer to the decrypted application data
-#endif
- * (m_data->app_data) refers back to the appropriate place in "in".
- *
- * See the file "mk_priv.c" for the format of the AUTH_MSG_PRIVATE
- * message. The structure containing the extracted message
- * information, MSG_DAT, is defined in "krb.h".
- */
-
-long KRB5_CALLCONV
-krb_rd_priv(in, in_length, schedule, key, sender, receiver, m_data)
- u_char *in; /* pointer to the msg received */
- unsigned KRB4_32 in_length; /* length of "in" msg */
- Key_schedule schedule; /* precomputed key schedule */
- C_Block *key; /* encryption key for seed and ivec */
- struct sockaddr_in *sender;
- struct sockaddr_in *receiver;
- MSG_DAT *m_data; /*various input/output data from msg */
-{
- register u_char *p,*q;
- int v, t, le;
- struct in_addr src_addr;
- unsigned KRB4_32 c_length;
- int swap_bytes;
- unsigned KRB4_32 t_local;
- KRB4_32 delta_t; /* Difference between timestamps */
-
- p = in; /* beginning of message */
-#define IN_REMAIN (in_length - (p - in))
- swap_bytes = 0;
-
- if (IN_REMAIN < 1 + 1 + 4)
- return RD_AP_MODIFIED;
- v = *p++;
- if (v != KRB_PROT_VERSION && v != 3)
- return RD_AP_VERSION;
- private_msg_ver = v;
- t = *p++;
- if ((t & ~1) != AUTH_MSG_PRIVATE)
- return RD_AP_MSG_TYPE;
- le = t & 1;
-
- /* get cipher length */
- KRB4_GET32(c_length, p, le);
- /* check for rational length so we don't go comatose */
- if (IN_REMAIN < c_length)
- return RD_AP_MODIFIED;
-
-#ifndef NOENCRYPTION
- /*
- * decrypt to obtain length, timestamps, app_data, and checksum
- * use the session key as an ivec
- */
-#endif
-
- q = p; /* mark start of encrypted stuff */
-
-#ifndef NOENCRYPTION
- /* pcbc decrypt, use key as ivec */
- pcbc_encrypt((C_Block *)q, (C_Block *)q, (long)c_length,
- schedule, key, DECRYPT);
-#endif
-
- /* safely get application data length */
- KRB4_GET32(m_data->app_length, p, le);
-
- if (IN_REMAIN < m_data->app_length + 4 + 1 + 4)
- return RD_AP_MODIFIED;
-
-#ifndef NOENCRYPTION
- /* we're now at the decrypted application data */
-#endif
- m_data->app_data = p;
-
- p += m_data->app_length;
-
- /* safely get time_5ms */
- m_data->time_5ms = *p++;
-
- /* safely get src address */
- memcpy(&src_addr.s_addr, p, sizeof(src_addr.s_addr));
- /* don't swap, net order always */
- p += sizeof(src_addr.s_addr);
-
- if (!krb_ignore_ip_address) {
- switch (sender->sin_family) {
- case AF_INET:
- if (src_addr.s_addr != sender->sin_addr.s_addr)
- return RD_AP_MODIFIED;
- break;
-#ifdef KRB5_USE_INET6
- case AF_INET6:
- if (IN6_IS_ADDR_V4MAPPED (&((struct sockaddr_in6 *)sender)->sin6_addr)
- && !memcmp (&src_addr.s_addr,
- 12 + (char *) &((struct sockaddr_in6 *)sender)->sin6_addr,
- 4))
- break;
- /* Not v4 mapped? Not ignoring addresses? You lose. */
- return RD_AP_MODIFIED;
-#endif
- default:
- return RD_AP_MODIFIED;
- }
- }
-
- /* safely get time_sec */
- KRB4_GET32(m_data->time_sec, p, le);
-
- /* check direction bit is the sign bit */
- /* For compatibility with broken old code, compares are done in VAX
- byte order (LSBFIRST) */
- /* However, if we don't have good ip addresses anyhow, just clear
- the bit. This makes it harder to detect replay of sent packets
- back to the receiver, but most higher level protocols can deal
- with that more directly. */
- if (krb_ignore_ip_address) {
- if (m_data->time_sec < 0)
- m_data->time_sec = -m_data->time_sec;
- } else
- switch (krb4int_address_less (sender, receiver)) {
- case 1:
- m_data->time_sec = -m_data->time_sec;
- break;
- case -1:
- if (m_data->time_sec < 0)
- m_data->time_sec = -m_data->time_sec;
- break;
- }
-
- /* check the time integrity of the msg */
- t_local = TIME_GMT_UNIXSEC;
- delta_t = t_local - m_data->time_sec;
- if (delta_t < 0)
- delta_t = -delta_t; /* Absolute value of difference */
- if (delta_t > CLOCK_SKEW)
- return RD_AP_TIME; /* XXX should probably be better code */
- DEB(("\ndelta_t = %d", delta_t));
-
- /*
- * caller must check timestamps for proper order and
- * replays, since server might have multiple clients
- * each with its own timestamps and we don't assume
- * tightly synchronized clocks.
- */
-
-#ifdef notdef
- memcpy((char *)&cksum, (char *) p, sizeof(cksum));
- if (swap_bytes) cksum = krb4_swab32(cksum)
- /*
- * calculate the checksum of the length, sequence,
- * and input data, on the sending byte order!!
- */
- calc_cksum = quad_cksum(q, NULL, p-q, 0, key);
-
- DEB (("\ncalc_cksum = %u, received cksum = %u",
- calc_cksum, cksum));
- if (cksum != calc_cksum)
- return RD_AP_MODIFIED;
-#endif
- return RD_AP_OK; /* OK == 0 */
-}
+++ /dev/null
-/*
- * lib/krb4/rd_req.c
- *
- * Copyright 1985, 1986, 1987, 1988, 2000, 2001, 2002 by the
- * Massachusetts Institute of Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "des.h"
-#include "krb.h"
-#include "prot.h"
-#include <string.h>
-#include <krb5.h>
-#include <krb54proto.h>
-
-extern int krb_ap_req_debug;
-
-static int
-krb_rd_req_with_key(KTEXT, char *, char *, KRB_UINT32, AUTH_DAT *,
- Key_schedule, krb5_keyblock *);
-
-/* declared in krb.h */
-int krb_ignore_ip_address = 0;
-
-/*
- * Keep the following information around for subsequent calls
- * to this routine by the same server using the same key.
- */
-
-static Key_schedule serv_key; /* Key sched to decrypt ticket */
-static C_Block ky; /* Initialization vector */
-static int st_kvno; /* version number for this key */
-static char st_rlm[REALM_SZ]; /* server's realm */
-static char st_nam[ANAME_SZ]; /* service name */
-static char st_inst[INST_SZ]; /* server's instance */
-static int krb5_key; /* whether krb5 key is used for decrypt */
-
-/*
- * This file contains two functions. krb_set_key() takes a DES
- * key or password string and returns a DES key (either the original
- * key, or the password converted into a DES key) and a key schedule
- * for it.
- *
- * krb_rd_req() reads an authentication request and returns information
- * about the identity of the requestor, or an indication that the
- * identity information was not authentic.
- */
-
-/*
- * krb_set_key() takes as its first argument either a DES key or a
- * password string. The "cvt" argument indicates how the first
- * argument "key" is to be interpreted: if "cvt" is null, "key" is
- * taken to be a DES key; if "cvt" is non-null, "key" is taken to
- * be a password string, and is converted into a DES key using
- * string_to_key(). In either case, the resulting key is returned
- * in the external static variable "ky". A key schedule is
- * generated for "ky" and returned in the external static variable
- * "serv_key".
- *
- * This routine returns the return value of des_key_sched.
- *
- * krb_set_key() needs to be in the same .o file as krb_rd_req() so that
- * the key set by krb_set_key() is available in private storage for
- * krb_rd_req().
- */
-
-static krb5_keyblock srv_k5key;
-
-int
-krb_set_key(key, cvt)
- char *key;
- int cvt;
-{
- if (krb5_key)
- /* XXX assumes that context arg is ignored */
- krb5_free_keyblock_contents(NULL, &srv_k5key);
- krb5_key = 0;
-#ifdef NOENCRYPTION
- memset(ky, 0, sizeof(ky));
- return KSUCCESS;
-#else /* Encrypt */
- if (cvt)
- string_to_key(key, ky);
- else
- memcpy((char *)ky, key, 8);
- return des_key_sched(ky,serv_key);
-#endif /* NOENCRYPTION */
-}
-
-int
-krb_set_key_krb5(ctx, key)
- krb5_context ctx;
- krb5_keyblock *key;
-{
- if (krb5_key)
- krb5_free_keyblock_contents(ctx, &srv_k5key);
- krb5_key = 1;
- return krb5_copy_keyblock_contents(ctx, key, &srv_k5key);
-}
-
-void
-krb_clear_key_krb5(ctx)
- krb5_context ctx;
-{
- if (krb5_key)
- krb5_free_keyblock_contents(ctx, &srv_k5key);
- krb5_key = 0;
-}
-
-/*
- * krb_rd_req() takes an AUTH_MSG_APPL_REQUEST or
- * AUTH_MSG_APPL_REQUEST_MUTUAL message created by krb_mk_req(),
- * checks its integrity and returns a judgement as to the requestor's
- * identity.
- *
- * The "authent" argument is a pointer to the received message.
- * The "service" and "instance" arguments name the receiving server,
- * and are used to get the service's ticket to decrypt the ticket
- * in the message, and to compare against the server name inside the
- * ticket. "from_addr" is the network address of the host from which
- * the message was received; this is checked against the network
- * address in the ticket. If "from_addr" is zero, the check is not
- * performed. "ad" is an AUTH_DAT structure which is
- * filled in with information about the sender's identity according
- * to the authenticator and ticket sent in the message. Finally,
- * "fn" contains the name of the file containing the server's key.
- * (If "fn" is NULL, the server's key is assumed to have been set
- * by krb_set_key(). If "fn" is the null string ("") the default
- * file KEYFILE, defined in "krb.h", is used.)
- *
- * krb_rd_req() returns RD_AP_OK if the authentication information
- * was genuine, or one of the following error codes (defined in
- * "krb.h"):
- *
- * RD_AP_VERSION - wrong protocol version number
- * RD_AP_MSG_TYPE - wrong message type
- * RD_AP_UNDEC - couldn't decipher the message
- * RD_AP_INCON - inconsistencies found
- * RD_AP_BADD - wrong network address
- * RD_AP_TIME - client time (in authenticator)
- * too far off server time
- * RD_AP_NYV - Kerberos time (in ticket) too
- * far off server time
- * RD_AP_EXP - ticket expired
- *
- * For the message format, see krb_mk_req().
- *
- * Mutual authentication is not implemented.
- */
-
-static int
-krb_rd_req_with_key(authent, service, instance, from_addr, ad, ks, k5key)
- register KTEXT authent; /* The received message */
- char *service; /* Service name */
- char *instance; /* Service instance */
- unsigned KRB4_32 from_addr; /* Net address of originating host */
- AUTH_DAT *ad; /* Structure to be filled in */
- Key_schedule ks;
- krb5_keyblock *k5key;
-{
- KTEXT_ST ticket; /* Temp storage for ticket */
- KTEXT tkt = &ticket;
- KTEXT_ST req_id_st; /* Temp storage for authenticator */
- register KTEXT req_id = &req_id_st;
-
- char realm[REALM_SZ]; /* Realm of issuing kerberos */
- Key_schedule seskey_sched; /* Key sched for session key */
- char sname[SNAME_SZ]; /* Service name from ticket */
- char iname[INST_SZ]; /* Instance name from ticket */
- char r_aname[ANAME_SZ]; /* Client name from authenticator */
- char r_inst[INST_SZ]; /* Client instance from authenticator */
- char r_realm[REALM_SZ]; /* Client realm from authenticator */
- unsigned int r_time_ms; /* Fine time from authenticator */
- unsigned KRB4_32 r_time_sec; /* Coarse time from authenticator */
- register unsigned char *ptr; /* For stepping through */
- unsigned KRB4_32 t_local; /* Local time on our side of the protocol */
- KRB4_32 delta_t; /* Time in authenticator minus local time */
-#ifdef KRB_CRYPT_DEBUG
- KRB4_32 tkt_age; /* Age of ticket */
-#endif
- int le; /* is little endian? */
- int mutual; /* Mutual authentication requested? */
- int t; /* msg type */
- unsigned char s_kvno; /* Version number of the server's key
- Kerberos used to encrypt ticket */
- int ret;
- int len;
-
- tkt->mbz = req_id->mbz = 0;
-
- if (authent->length < 1 + 1 + 1)
- return RD_AP_MODIFIED;
-
- ptr = authent->dat;
-#define AUTHENT_REMAIN (authent->length - (ptr - authent->dat))
-
- /* get msg version, type and byte order, and server key version */
-
- /* check version */
- if (KRB_PROT_VERSION != *ptr++)
- return RD_AP_VERSION;
-
- /* byte order */
- t = *ptr++;
- le = t & 1;
-
- /* check msg type */
- mutual = 0;
- switch (t & ~1) {
- case AUTH_MSG_APPL_REQUEST:
- break;
- case AUTH_MSG_APPL_REQUEST_MUTUAL:
- mutual++;
- break;
- default:
- return RD_AP_MSG_TYPE;
- }
-
-#ifdef lint
- /* XXX mutual is set but not used; why??? */
- /* this is a crock to get lint to shut up */
- if (mutual)
- mutual = 0;
-#endif /* lint */
- s_kvno = *ptr++; /* get server key version */
- len = krb4int_strnlen((char *)ptr, AUTHENT_REMAIN) + 1;
- if (len <= 0 || len > sizeof(realm)) {
- return RD_AP_MODIFIED; /* must have been modified, the client wouldn't
- try to trick us with wacky data */
- }
- /* And the realm of the issuing KDC */
- (void)memcpy(realm, ptr, (size_t)len);
- ptr += len; /* skip the realm "hint" */
-
- /* Get ticket length */
- tkt->length = *ptr++;
- /* Get authenticator length while we're at it. */
- req_id->length = *ptr++;
- if (AUTHENT_REMAIN < tkt->length + req_id->length)
- return RD_AP_MODIFIED;
- /* Copy ticket */
- memcpy(tkt->dat, ptr, (size_t)tkt->length);
- ptr += tkt->length;
-
-#ifdef KRB_CRYPT_DEBUG
- if (krb_ap_req_debug)
- log("ticket->length: %d",tkt->length);
- if (krb_ap_req_debug)
- log("authent->length: %d", authent->length);
-#endif
-
-#ifndef NOENCRYPTION
- /* Decrypt and take apart ticket */
-#endif
-
- if (k5key == NULL) {
- if (decomp_ticket(tkt,&ad->k_flags,ad->pname,ad->pinst,ad->prealm,
- &(ad->address),ad->session, &(ad->life),
- &(ad->time_sec),sname,iname,ky,ks)) {
-#ifdef KRB_CRYPT_DEBUG
- log("Can't decode ticket");
-#endif
- return(RD_AP_UNDEC);
- }
- } else {
- if (decomp_tkt_krb5(tkt, &ad->k_flags, ad->pname, ad->pinst,
- ad->prealm, &ad->address, ad->session,
- &ad->life, &ad->time_sec, sname, iname,
- k5key)) {
- return RD_AP_UNDEC;
- }
- }
-
-#ifdef KRB_CRYPT_DEBUG
- if (krb_ap_req_debug) {
- log("Ticket Contents.");
- log(" Aname: %s%s%s@%s",ad->pname,
- ((int)*(ad->pinst) ? "." : ""), ad->pinst,
- ((int)*(ad->prealm) ? ad->prealm : "Athena"));
- log(" Service: %s%s%s",sname,((int)*iname ? "." : ""),iname);
- log(" sname=%s, sinst=%s", sname, iname);
- }
-#endif
-
- /* Extract the authenticator */
- memcpy(req_id->dat, ptr, (size_t)req_id->length);
-
-#ifndef NOENCRYPTION
- /* And decrypt it with the session key from the ticket */
-#ifdef KRB_CRYPT_DEBUG
- if (krb_ap_req_debug) log("About to decrypt authenticator");
-#endif
-
- key_sched(ad->session, seskey_sched);
- pcbc_encrypt((C_Block *)req_id->dat, (C_Block *)req_id->dat,
- (long)req_id->length,
- seskey_sched, &ad->session, DES_DECRYPT);
- memset(seskey_sched, 0, sizeof(seskey_sched));
-
-#ifdef KRB_CRYPT_DEBUG
- if (krb_ap_req_debug) log("Done.");
-#endif
-#endif /* NOENCRYPTION */
-
- ptr = req_id->dat;
-#define REQID_REMAIN (req_id->length - (ptr - req_id->dat))
-
- ret = RD_AP_MODIFIED;
-
- len = krb4int_strnlen((char *)ptr, REQID_REMAIN) + 1;
- if (len <= 0 || len > ANAME_SZ)
- goto cleanup;
- memcpy(r_aname, ptr, (size_t)len); /* Authentication name */
- ptr += len;
- len = krb4int_strnlen((char *)ptr, REQID_REMAIN) + 1;
- if (len <= 0 || len > INST_SZ)
- goto cleanup;
- memcpy(r_inst, ptr, (size_t)len); /* Authentication instance */
- ptr += len;
- len = krb4int_strnlen((char *)ptr, REQID_REMAIN) + 1;
- if (len <= 0 || len > REALM_SZ)
- goto cleanup;
- memcpy(r_realm, ptr, (size_t)len); /* Authentication name */
- ptr += len;
-
- if (REQID_REMAIN < 4 + 1 + 4)
- goto cleanup;
- KRB4_GET32(ad->checksum, ptr, le);
- r_time_ms = *ptr++; /* Time (fine) */
-#ifdef lint
- /* XXX r_time_ms is set but not used. why??? */
- /* this is a crock to get lint to shut up */
- if (r_time_ms)
- r_time_ms = 0;
-#endif /* lint */
- /* Time (coarse) */
- KRB4_GET32(r_time_sec, ptr, le);
-
- /* Check for authenticity of the request */
-#ifdef KRB_CRYPT_DEBUG
- if (krb_ap_req_debug)
- log("Pname: %s %s",ad->pname,r_aname);
-#endif
-
- ret = RD_AP_INCON;
- if (strcmp(ad->pname,r_aname) != 0)
- goto cleanup;
- if (strcmp(ad->pinst,r_inst) != 0)
- goto cleanup;
-
-#ifdef KRB_CRYPT_DEBUG
- if (krb_ap_req_debug)
- log("Realm: %s %s",ad->prealm,r_realm);
-#endif
-
- if (strcmp(ad->prealm,r_realm) != 0)
- goto cleanup;
-
- /* check the time integrity of the msg */
- ret = RD_AP_TIME;
- t_local = TIME_GMT_UNIXSEC;
- delta_t = t_local - r_time_sec;
- if (delta_t < 0) delta_t = -delta_t; /* Absolute value of difference */
- if (delta_t > CLOCK_SKEW) {
-#ifdef KRB_CRYPT_DEBUG
- if (krb_ap_req_debug)
- log("Time out of range: %d - %d = %d",
- time_secs, r_time_sec, delta_t);
-#endif
- goto cleanup;
- }
-
- /* Now check for expiration of ticket */
-
- ret = RD_AP_NYV;
-#ifdef KRB_CRYPT_DEBUG
- tkt_age = t_local - ad->time_sec;
- if (krb_ap_req_debug)
- log("Time: %d Issue Date: %d Diff: %d Life %x",
- time_secs, ad->time_sec, tkt_age, ad->life);
-#endif
- if (t_local < ad->time_sec) {
- if ((ad->time_sec - t_local) > CLOCK_SKEW)
- goto cleanup;
- } else if (krb_life_to_time((KRB4_32)ad->time_sec, ad->life)
- < t_local + CLOCK_SKEW) {
- /*
- * This calculation is different than the same expiration
- * calculation in krb5. In krb5 the ticket lasts for
- * clock_skew seconds longer than its expiration; in krb4 it
- * lasts clock_skew seconds less. This difference is
- * necessary to avoid using an almost expired tgt to get a new
- * tgt that will last for another 5 minutes. This code
- * interacts with the login in src/kdc/kerberos_v4.c to
- * back-date tickets to avoid them expiring late. The
- * combination may be overly conservative, but I'm fairly sure
- * either removing the kerberos_v4 backdating or replacing
- * this check with the krb5 check is sufficient to create a
- * security problem.
- */
- ret = RD_AP_EXP;
- goto cleanup;
- }
-
-#ifdef KRB_CRYPT_DEBUG
- if (krb_ap_req_debug)
- log("Address: %d %d",ad->address,from_addr);
-#endif
-
- if (!krb_ignore_ip_address
- && from_addr && (ad->address != from_addr)) {
- ret = RD_AP_BADD;
- goto cleanup;
- }
-
- /* All seems OK */
- ad->reply.length = 0;
- ret = 0;
-
-cleanup:
- if (ret) {
- /* Stomp on session key if there is an error. */
- memset(ad->session, 0, sizeof(ad->session));
- return ret;
- }
-
- return RD_AP_OK;
-}
-
-int KRB5_CALLCONV
-krb_rd_req_int(authent, service, instance, from_addr, ad, key)
- KTEXT authent; /* The received message */
- char *service; /* Service name */
- char *instance; /* Service instance */
- KRB_UINT32 from_addr; /* Net address of originating host */
- AUTH_DAT *ad; /* Structure to be filled in */
- C_Block key; /* Key to decrypt ticket with */
-{
- Key_schedule ks;
- int ret;
-
- do {
- ret = des_key_sched(key, ks);
- if (ret) break;
- ret = krb_rd_req_with_key(authent, service, instance,
- from_addr, ad, ks, NULL);
- } while (0);
- memset(ks, 0, sizeof(ks));
- return ret;
-}
-
-int KRB5_CALLCONV
-krb_rd_req(authent, service, instance, from_addr, ad, fn)
- register KTEXT authent; /* The received message */
- char *service; /* Service name */
- char *instance; /* Service instance */
- unsigned KRB4_32 from_addr; /* Net address of originating host */
- AUTH_DAT *ad; /* Structure to be filled in */
- char *fn; /* Filename to get keys from */
-{
- unsigned char *ptr;
- unsigned char s_kvno;
- char realm[REALM_SZ];
- unsigned char skey[KKEY_SZ];
-#ifdef KRB4_USE_KEYTAB
- krb5_keyblock keyblock;
-#endif
- int len;
- int status;
-
-#define AUTHENT_REMAIN (authent->length - (ptr - authent->dat))
- if (authent->length < 3)
- return RD_AP_MODIFIED;
- ptr = authent->dat + 2;
- s_kvno = *ptr++; /* get server key version */
- len = krb4int_strnlen((char *)ptr, AUTHENT_REMAIN) + 1;
- if (len <= 0 || len > sizeof(realm))
- return RD_AP_MODIFIED;
- (void)memcpy(realm, ptr, (size_t)len);
-#undef AUTHENT_REMAIN
- /*
- * If "fn" is NULL, key info should already be set; don't
- * bother with ticket file. Otherwise, check to see if we
- * already have key info for the given server and key version
- * (saved in the static st_* variables). If not, go get it
- * from the ticket file. If "fn" is the null string, use the
- * default ticket file.
- */
- if (fn && (strcmp(st_nam,service) || strcmp(st_inst,instance)
- || strcmp(st_rlm,realm) || (st_kvno != s_kvno))) {
- if (*fn == 0)
- fn = KEYFILE;
- st_kvno = s_kvno;
- if (read_service_key(service,instance,realm, (int)s_kvno,
- fn, (char *)skey) == 0) {
- if ((status = krb_set_key((char *)skey,0)))
- return(status);
-#ifdef KRB4_USE_KEYTAB
- } else if (krb54_get_service_keyblock(service, instance,
- realm, (int)s_kvno,
- fn, &keyblock) == 0) {
- krb_set_key_krb5(krb5__krb4_context, &keyblock);
- krb5_free_keyblock_contents(krb5__krb4_context, &keyblock);
-#endif
- } else
- return RD_AP_UNDEC;
-
- len = krb4int_strnlen(realm, sizeof(st_rlm)) + 1;
- if (len <= 0)
- return KFAILURE;
- memcpy(st_rlm, realm, (size_t)len);
- len = krb4int_strnlen(service, sizeof(st_nam)) + 1;
- if (len <= 0)
- return KFAILURE;
- memcpy(st_nam, service, (size_t)len);
- len = krb4int_strnlen(instance, sizeof(st_inst)) + 1;
- if (len <= 0)
- return KFAILURE;
- memcpy(st_inst, instance, (size_t)len);
- }
- return krb_rd_req_with_key(authent, service, instance,
- from_addr, ad,
- krb5_key ? NULL : serv_key,
- krb5_key ? &srv_k5key : NULL);
-}
+++ /dev/null
-/*
- * lib/krb4/rd_safe.c
- *
- * Copyright 1986, 1987, 1988, 2000 by the Massachusetts Institute of
- * Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * This routine dissects a a Kerberos 'safe msg', checking its
- * integrity, and returning a pointer to the application data
- * contained and its length.
- *
- * Returns 0 (RD_AP_OK) for success or an error code (RD_AP_...)
- *
- * Steve Miller Project Athena MIT/DEC
- */
-
-/* system include files */
-#include <stdio.h>
-#include <string.h>
-
-/* application include files */
-#include "krb.h"
-#include "prot.h"
-#include "des.h"
-#include "lsb_addr_cmp.h"
-#include "port-sockets.h"
-
-extern int krb_debug;
-
-/*
- * krb_rd_safe() checks the integrity of an AUTH_MSG_SAFE message.
- * Given the message received, "in", the length of that message,
- * "in_length", the "key" to compute the checksum with, and the
- * network addresses of the "sender" and "receiver" of the message,
- * krb_rd_safe() returns RD_AP_OK if message is okay, otherwise
- * some error code.
- *
- * The message data retrieved from "in" is returned in the structure
- * "m_data". The pointer to the application data (m_data->app_data)
- * refers back to the appropriate place in "in".
- *
- * See the file "mk_safe.c" for the format of the AUTH_MSG_SAFE
- * message. The structure containing the extracted message
- * information, MSG_DAT, is defined in "krb.h".
- */
-
-long KRB5_CALLCONV
-krb_rd_safe(in,in_length,key,sender,receiver,m_data)
- u_char *in; /* pointer to the msg received */
- unsigned KRB4_32 in_length; /* length of "in" msg */
- C_Block *key; /* encryption key for seed and ivec */
- struct sockaddr_in *sender; /* sender's address */
- struct sockaddr_in *receiver; /* receiver's address -- me */
- MSG_DAT *m_data; /* where to put message information */
-{
- int i;
- unsigned KRB4_32 calc_cksum[4];
- unsigned KRB4_32 big_cksum[4];
- int le;
-
- u_char *p,*q;
- int t;
- struct in_addr src_addr;
- unsigned KRB4_32 t_local; /* Local time in our machine */
- KRB4_32 delta_t; /* Difference between timestamps */
-
- /* Be very conservative */
- if (sizeof(src_addr.s_addr) != 4) {
-#ifdef DEBUG
- fprintf(stderr, "\nkrb_rd_safe protocol err "
- "sizeof(src_addr.s_addr) != 4\n");
-#endif
- return RD_AP_VERSION;
- }
-
- p = in; /* beginning of message */
-#define IN_REMAIN (in_length - (p - in))
- if (IN_REMAIN < 1 + 1 + 4)
- return RD_AP_MODIFIED;
-
- if (*p++ != KRB_PROT_VERSION)
- return RD_AP_VERSION;
- t = *p++;
- if ((t & ~1) != AUTH_MSG_SAFE)
- return RD_AP_MSG_TYPE;
- le = t & 1;
-
- q = p; /* mark start of cksum stuff */
-
- /* safely get length */
- KRB4_GET32(m_data->app_length, p, le);
-
- if (IN_REMAIN < m_data->app_length + 1 + 4 + 4 + 4 * 4)
- return RD_AP_MODIFIED;
-
- m_data->app_data = p; /* we're now at the application data */
-
- /* skip app data */
- p += m_data->app_length;
-
- /* safely get time_5ms */
- m_data->time_5ms = *p++;
-
- /* safely get src address */
- (void)memcpy(&src_addr.s_addr, p, sizeof(src_addr.s_addr));
- /* don't swap, net order always */
- p += sizeof(src_addr.s_addr);
-
- if (!krb_ignore_ip_address) {
- switch (sender->sin_family) {
- case AF_INET:
- if (src_addr.s_addr != sender->sin_addr.s_addr)
- return RD_AP_MODIFIED;
- break;
-#ifdef KRB5_USE_INET6
- case AF_INET6:
- if (IN6_IS_ADDR_V4MAPPED (&((struct sockaddr_in6 *)sender)->sin6_addr)
- && !memcmp (&src_addr.s_addr,
- 12 + (char *) &((struct sockaddr_in6 *)sender)->sin6_addr,
- 4))
- break;
- /* Not v4 mapped? Not ignoring addresses? You lose. */
- return RD_AP_MODIFIED;
-#endif
- default:
- return RD_AP_MODIFIED;
- }
- }
-
- /* safely get time_sec */
- KRB4_GET32(m_data->time_sec, p, le);
-
- /* check direction bit is the sign bit */
- /* For compatibility with broken old code, compares are done in VAX
- byte order (LSBFIRST) */
- /* However, if we don't have good ip addresses anyhow, just clear
- the bit. This makes it harder to detect replay of sent packets
- back to the receiver, but most higher level protocols can deal
- with that more directly. */
- if (krb_ignore_ip_address) {
- if (m_data->time_sec < 0)
- m_data->time_sec = -m_data->time_sec;
- } else
- switch (krb4int_address_less (sender, receiver)) {
- case 1:
- m_data->time_sec = -m_data->time_sec;
- break;
- case -1:
- if (m_data->time_sec < 0)
- m_data->time_sec = -m_data->time_sec;
- break;
- }
-
- /* check the time integrity of the msg */
- t_local = TIME_GMT_UNIXSEC;
- delta_t = t_local - m_data->time_sec;
- if (delta_t < 0) delta_t = -delta_t; /* Absolute value of difference */
- if (delta_t > CLOCK_SKEW) {
- return(RD_AP_TIME); /* XXX should probably be better
- code */
- }
-
- /*
- * caller must check timestamps for proper order and replays, since
- * server might have multiple clients each with its own timestamps
- * and we don't assume tightly synchronized clocks.
- */
-
-#ifdef NOENCRYPTION
- memset(calc_cksum, 0, sizeof(calc_cksum));
-#else /* Do encryption */
- /* calculate the checksum of the length, timestamps, and
- * input data, on the sending byte order !! */
- quad_cksum(q,calc_cksum,p-q,2,key);
-#endif /* NOENCRYPTION */
-
- for (i = 0; i < 4; i++)
- KRB4_GET32(big_cksum[i], p, le);
-
- DEB (("\n0: calc %l big %lx\n1: calc %lx big %lx\n2: calc %lx big %lx\n3: calc %lx big %lx\n",
- calc_cksum[0], big_cksum[0],
- calc_cksum[1], big_cksum[1],
- calc_cksum[2], big_cksum[2],
- calc_cksum[3], big_cksum[3]));
- for (i = 0; i < 4; i++)
- if (big_cksum[i] != calc_cksum[i])
- return RD_AP_MODIFIED;
-
- return RD_AP_OK; /* OK == 0 */
-}
+++ /dev/null
-/*
- * rd_svc_key.c
- *
- * Copyright 1985, 1986, 1987, 1988, 2007 by the Massachusetts Institute
- * of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- */
-
-#include "mit-copyright.h"
-#include "krb.h"
-#include "krb4int.h"
-#include <stdio.h>
-#include <string.h>
-
-#include "k5-int.h"
-#include <krb54proto.h>
-#include "prot.h"
-
-/*
- * The private keys for servers on a given host are stored in a
- * "srvtab" file (typically "/etc/srvtab"). This routine extracts
- * a given server's key from the file.
- *
- * read_service_key() takes the server's name ("service"), "instance",
- * and "realm" and a key version number "kvno", and looks in the given
- * "file" for the corresponding entry, and if found, returns the entry's
- * key field in "key".
- *
- * If "instance" contains the string "*", then it will match
- * any instance, and the chosen instance will be copied to that
- * string. For this reason it is important that the there is enough
- * space beyond the "*" to receive the entry.
- *
- * If "kvno" is 0, it is treated as a wild card and the first
- * matching entry regardless of the "vno" field is returned.
- *
- * This routine returns KSUCCESS on success, otherwise KFAILURE.
- *
- * The format of each "srvtab" entry is as follows:
- *
- * Size Variable Field in file
- * ---- -------- -------------
- * string serv server name
- * string inst server instance
- * string realm server realm
- * 1 byte vno server key version #
- * 8 bytes key server's key
- * ... ... ...
- */
-
-#ifdef __i960__
-/* special hack to use a global srvtab variable... */
-#define open vxworks_srvtab_open
-#define close vxworks_srvtab_close
-#define getst vxworks_srvtab_getst
-#define read vxworks_srvtab_read
-
-extern char *vxworks_srvtab_base;
-char *vxworks_srvtab_ptr;
-int vxworks_srvtab_getchar(s)
- char *s;
-{
- int tmp1;
- if(vxworks_srvtab_ptr >= (vxworks_srvtab_base + strlen(vxworks_srvtab_base)))
- return 0;
-
- sscanf(vxworks_srvtab_ptr, "%2x", &tmp1);
-
- *s = tmp1;
- vxworks_srvtab_ptr+=2;
- return 1;
-}
-
-int vxworks_srvtab_getst(fd,s,n)
- int fd;
- register char *s;
- int n;
-{
- register count = n;
- while (vxworks_srvtab_getchar(s) && --count)
- if (*s++ == '\0')
- return (n - count);
- *s = '\0';
- return (n - count);
-}
-
-int vxworks_srvtab_open(s, n, m)
- char *s;
- int n, m;
-{
- vxworks_srvtab_ptr = vxworks_srvtab_base;
- return 1;
-}
-
-int vxworks_srvtab_close(fd)
- int fd;
-{
- vxworks_srvtab_ptr = 0;
- return 0;
-}
-
-int vxworks_srvtab_read(fd, s, n)
- int fd;
- char *s;
- int n;
-{
- int count = n;
- /* we want to get exactly n chars. */
- while(vxworks_srvtab_getchar(s) && --count)
- s++;
- return (n-count);
-}
-#endif
-
-#ifdef KRB4_USE_KEYTAB
-/*
- * This function looks up the requested Krb4 srvtab key using the krb5
- * keytab format, if possible.
- */
-extern krb5_error_code
-krb54_get_service_keyblock(service,instance,realm,kvno,file,keyblock)
- char *service; /* Service Name */
- char *instance; /* Instance name or "*" */
- char *realm; /* Realm */
- int kvno; /* Key version number */
- char *file; /* Filename */
- krb5_keyblock * keyblock;
-{
- krb5_error_code retval;
- krb5_principal princ = NULL;
- krb5_keytab kt_id;
- krb5_keytab_entry kt_entry;
- char sname[ANAME_SZ+1];
- char sinst[INST_SZ+1];
- char srealm[REALM_SZ+1];
- char keytabname[MAX_KEYTAB_NAME_LEN + 1]; /* + 1 for NULL termination */
-
- if (!krb5__krb4_context) {
- retval = krb5_init_context(&krb5__krb4_context);
- if (retval)
- return retval;
- }
-
- if (!strcmp(instance, "*")) {
- if ((retval = krb5_sname_to_principal(krb5__krb4_context, NULL, NULL,
- KRB5_NT_SRV_HST, &princ)))
- goto errout;
-
- if ((retval = krb5_524_conv_principal(krb5__krb4_context, princ,
- sname, sinst, srealm)))
- goto errout;
-
- instance = sinst;
- krb5_free_principal(krb5__krb4_context, princ);
- princ = 0;
- }
-
- if ((retval = krb5_425_conv_principal(krb5__krb4_context, service,
- instance, realm, &princ)))
- goto errout;
-
- /*
- * Figure out what name to use; if the name is one of the standard
- * /etc/srvtab, /etc/athena/srvtab, etc., use the default keytab
- * name. Otherwise, append .krb5 to the filename and try to use
- * that.
- */
- if (file &&
- strcmp(file, "/etc/srvtab") &&
- strcmp(file, "/etc/athena/srvtab") &&
- strcmp(file, KEYFILE)) {
- strncpy(keytabname, file, sizeof(keytabname));
- keytabname[sizeof(keytabname)-1] = 0;
- if (strlen(keytabname)+6 < sizeof(keytabname))
- strcat(keytabname, ".krb5");
- } else {
- if ((retval = krb5_kt_default_name(krb5__krb4_context,
- (char *)keytabname, sizeof(keytabname)-1)))
- goto errout;
- }
-
- if ((retval = krb5_kt_resolve(krb5__krb4_context, keytabname, &kt_id)))
- goto errout;
-
- if ((retval = krb5_kt_get_entry(krb5__krb4_context, kt_id, princ, kvno,
- 0, &kt_entry))) {
- krb5_kt_close(krb5__krb4_context, kt_id);
- goto errout;
- }
-
- retval = krb5_copy_keyblock_contents(krb5__krb4_context,
- &kt_entry.key, keyblock);
- /* Bash types */
- /* KLUDGE! If it's a non-raw des3 key, bash its enctype */
- /* See kdc/kerberos_v4.c */
- if (keyblock->enctype == ENCTYPE_DES3_CBC_SHA1 )
- keyblock->enctype = ENCTYPE_DES3_CBC_RAW;
-
- krb5_kt_free_entry(krb5__krb4_context, &kt_entry);
- krb5_kt_close (krb5__krb4_context, kt_id);
-
-errout:
- if (princ)
- krb5_free_principal(krb5__krb4_context, princ);
- return retval;
-}
-#endif
-
-
-int KRB5_CALLCONV
-read_service_key(service,instance,realm,kvno,file,key)
- char *service; /* Service Name */
- char *instance; /* Instance name or "*" */
- char *realm; /* Realm */
- int kvno; /* Key version number */
- char *file; /* Filename */
- char *key; /* Pointer to key to be filled in */
-{
- int kret;
-
-#ifdef KRB4_USE_KEYTAB
- krb5_error_code retval;
- krb5_keyblock keyblock;
-#endif
-
- kret = get_service_key(service,instance,realm,&kvno,file,key);
-
- if (! kret)
- return KSUCCESS;
-
-#ifdef KRB4_USE_KEYTAB
- kret = KFAILURE;
- keyblock.magic = KV5M_KEYBLOCK;
- keyblock.contents = 0;
-
- retval = krb54_get_service_keyblock(service,instance,realm,kvno,file,
- &keyblock);
- if (retval)
- goto errout;
-
- if ((keyblock.length != sizeof(C_Block)) ||
- ((keyblock.enctype != ENCTYPE_DES_CBC_CRC) &&
- (keyblock.enctype != ENCTYPE_DES_CBC_MD4) &&
- (keyblock.enctype != ENCTYPE_DES_CBC_MD5))) {
- goto errout;
- }
- (void) memcpy(key, keyblock.contents, sizeof(C_Block));
- kret = KSUCCESS;
-
-errout:
- if (keyblock.contents)
- krb5_free_keyblock_contents(krb5__krb4_context, &keyblock);
-#endif
-
- return kret;
-}
-
-/* kvno is passed by reference, so that if it is zero, and we find a match,
- the match gets written back into *kvno so the caller can find it.
- */
-int KRB5_CALLCONV
-get_service_key(service,instance,realm,kvno,file,key)
- char *service; /* Service Name */
- char *instance; /* Instance name or "*" */
- char *realm; /* Realm */
- int *kvno; /* Key version number */
- char *file; /* Filename */
- char *key; /* Pointer to key to be filled in */
-{
- char serv[SNAME_SZ];
- char inst[INST_SZ];
- char rlm[REALM_SZ];
- unsigned char vno; /* Key version number */
- int wcard;
- char krb_realm[REALM_SZ];
-
- int stab;
-
- if (!file)
- file = KEYFILE;
-
- if ((stab = open(file, 0, 0)) < 0)
- return(KFAILURE);
- set_cloexec_fd(stab);
-
- wcard = (instance[0] == '*') && (instance[1] == '\0');
- /* get current realm if not passed in */
- if (!realm) {
- int rem;
-
- rem = krb_get_lrealm(krb_realm,1);
- if (rem != KSUCCESS)
- return(rem);
- realm = krb_realm;
- }
-
- while(getst(stab,serv,SNAME_SZ) > 0) { /* Read sname */
- (void) getst(stab,inst,INST_SZ); /* Instance */
- (void) getst(stab,rlm,REALM_SZ); /* Realm */
- /* Vers number */
- if (read(stab,(char *)&vno,1) != 1) {
- close(stab);
- return(KFAILURE);
- }
- /* Key */
- if (read(stab,key,8) != 8) {
- close(stab);
- return(KFAILURE);
- }
- /* Is this the right service */
- if (strcmp(serv,service))
- continue;
- /* How about instance */
- if (!wcard && strcmp(inst,instance))
- continue;
- if (wcard)
- (void) strncpy(instance,inst,INST_SZ);
- /* Is this the right realm */
-#if defined(ATHENA_COMPAT) || defined(ATHENA_OLD_SRVTAB)
- /* XXX For backward compatibility: if keyfile says "Athena"
- and caller wants "ATHENA.MIT.EDU", call it a match */
- if (strcmp(rlm,realm) &&
- (strcmp(rlm,"Athena") ||
- strcmp(realm,"ATHENA.MIT.EDU")))
- continue;
-#else /* ! ATHENA_COMPAT */
- if (strcmp(rlm,realm))
- continue;
-#endif /* ATHENA_COMPAT */
-
- /* How about the key version number */
- if (*kvno && *kvno != (int) vno)
- continue;
-
- (void) close(stab);
- *kvno = vno;
- return(KSUCCESS);
- }
-
- /* Can't find the requested service */
- (void) close(stab);
- return(KFAILURE);
-}
+++ /dev/null
-/*
- * lib/krb4/recvauth.c
- *
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include <errno.h>
-#include <stdio.h>
-#include <string.h>
-#include "autoconf.h"
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include "port-sockets.h"
-
-
-#define KRB_SENDAUTH_VERS "AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN
- chars */
-
-/*
- * If the protocol changes, you will need to change the version string
- * and make appropriate changes in krb_sendauth.c
- * be sure to support old versions of krb_sendauth!
- */
-
-/*
- * krb_recvauth() reads (and optionally responds to) a message sent
- * using krb_sendauth(). The "options" argument is a bit-field of
- * selected options (see "sendauth.c" for options description).
- * The only option relevant to krb_recvauth() is KOPT_DO_MUTUAL
- * (mutual authentication requested). The "fd" argument supplies
- * a file descriptor to read from (and write to, if mutual authenti-
- * cation is requested).
- *
- * Part of the received message will be a Kerberos ticket sent by the
- * client; this is read into the "ticket" argument. The "service" and
- * "instance" arguments supply the server's Kerberos name. If the
- * "instance" argument is the string "*", it is treated as a wild card
- * and filled in during the krb_rd_req() call (see read_service_key()).
- *
- * The "faddr" and "laddr" give the sending (client) and receiving
- * (local server) network addresses. ("laddr" may be left NULL unless
- * mutual authentication is requested, in which case it must be set.)
- *
- * The authentication information extracted from the message is returned
- * in "kdata". The "filename" argument indicates the file where the
- * server's key can be found. (It is passed on to krb_rd_req().) If
- * left null, the default "/etc/srvtab" will be used.
- *
- * If mutual authentication is requested, the session key schedule must
- * be computed in order to reply; this schedule is returned in the
- * "schedule" argument. A string containing the application version
- * number from the received message is returned in "version", which
- * should be large enough to hold a KRB_SENDAUTH_VLEN-character string.
- *
- * See krb_sendauth() for the format of the received client message.
- *
- * This routine supports another client format, for backward
- * compatibility, consisting of:
- *
- * Size Variable Field
- * ---- -------- -----
- *
- * string tmp_buf, tkt_len length of ticket, in
- * ascii
- *
- * char ' ' (space char) separator
- *
- * tkt_len ticket->dat the ticket
- *
- * This old-style version does not support mutual authentication.
- *
- * krb_recvauth() first reads the protocol version string from the
- * given file descriptor. If it doesn't match the current protocol
- * version (KRB_SENDAUTH_VERS), the old-style format is assumed. In
- * that case, the string of characters up to the first space is read
- * and interpreted as the ticket length, then the ticket is read.
- *
- * If the first string did match KRB_SENDAUTH_VERS, krb_recvauth()
- * next reads the application protocol version string. Then the
- * ticket length and ticket itself are read.
- *
- * The ticket is decrypted and checked by the call to krb_rd_req().
- * If no mutual authentication is required, the result of the
- * krb_rd_req() call is retured by this routine. If mutual authenti-
- * cation is required, a message in the following format is returned
- * on "fd":
- *
- * Size Variable Field
- * ---- -------- -----
- *
- * 4 bytes tkt_len length of ticket or -1
- * if error occurred
- *
- * priv_len tmp_buf "private" message created
- * by krb_mk_priv() which
- * contains the incremented
- * checksum sent by the client
- * encrypted in the session
- * key. (This field is not
- * present in case of error.)
- *
- * If all goes well, KSUCCESS is returned; otherwise KFAILURE or some
- * other error code is returned.
- */
-
-#ifndef max
-#define max(a,b) (((a) > (b)) ? (a) : (b))
-#endif /* max */
-
-int KRB5_CALLCONV
-krb_recvauth(options, fd, ticket, service, instance, faddr, laddr, kdata,
- filename, schedule, version)
- long options; /* bit-pattern of options */
- int fd; /* file descr. to read from */
- KTEXT ticket; /* storage for client's ticket */
- char *service; /* service expected */
- char *instance; /* inst expected (may be filled in) */
- struct sockaddr_in *faddr; /* address of foreign host on fd */
- struct sockaddr_in *laddr; /* local address */
- AUTH_DAT *kdata; /* kerberos data (returned) */
- char *filename; /* name of file with service keys */
- Key_schedule schedule; /* key schedule (return) */
- char *version; /* version string (filled in) */
-{
-
- int i, cc, old_vers = 0;
- char krb_vers[KRB_SENDAUTH_VLEN + 1]; /* + 1 for the null terminator */
- char *cp = NULL;
- int rem;
- KRB4_32 tkt_len, priv_len;
- unsigned KRB4_32 cksum;
- u_char tmp_buf[MAX_KTXT_LEN+max(KRB_SENDAUTH_VLEN+1,21)] = { 0 };
-
- /* read the protocol version number */
- if (krb_net_read(fd, krb_vers, KRB_SENDAUTH_VLEN) !=
- KRB_SENDAUTH_VLEN)
- return(errno);
- krb_vers[KRB_SENDAUTH_VLEN] = '\0';
-
- /* check version string */
- if (strcmp(krb_vers,KRB_SENDAUTH_VERS)) {
- /* Assume the old version of sendkerberosdata: send ascii
- length, ' ', and ticket. */
- if (options & KOPT_DO_MUTUAL)
- return(KFAILURE); /* XXX can't do old style with mutual auth */
- old_vers = 1;
-
- /* copy what we have read into tmp_buf */
- (void) memcpy((char *) tmp_buf, krb_vers, KRB_SENDAUTH_VLEN);
-
- /* search for space, and make it a null */
- for (i = 0; i < KRB_SENDAUTH_VLEN; i++)
- if (tmp_buf[i]== ' ') {
- tmp_buf[i] = '\0';
- /* point cp to the beginning of the real ticket */
- cp = (char *) &tmp_buf[i+1];
- break;
- }
-
- if (i == KRB_SENDAUTH_VLEN)
- /* didn't find the space, keep reading to find it */
- for (; i<20; i++) {
- if (read(fd, (char *)&tmp_buf[i], 1) != 1) {
- return(KFAILURE);
- }
- if (tmp_buf[i] == ' ') {
- tmp_buf[i] = '\0';
- /* point cp to the beginning of the real ticket */
- cp = (char *) &tmp_buf[i+1];
- break;
- }
- }
-
- if (i==20)
- return(KFAILURE);
-
- tkt_len = (KRB4_32) atoi((char *) tmp_buf);
-
- /* sanity check the length */
- /* These conditions make sure that cp got initialized */
- if ((tkt_len<=0)||(tkt_len>MAX_KTXT_LEN))
- return(KFAILURE);
-
- if (i < KRB_SENDAUTH_VLEN) {
- /* since we already got the space, and part of the ticket,
- we read fewer bytes to get the rest of the ticket */
- int len_to_read = tkt_len - KRB_SENDAUTH_VLEN + 1 + i;
- if (len_to_read <= 0)
- return KFAILURE;
- if (krb_net_read(fd, (char *)(tmp_buf+KRB_SENDAUTH_VLEN),
- len_to_read)
- != len_to_read)
- return(errno);
- } else {
- if (krb_net_read(fd, (char *)(tmp_buf+i), (int)tkt_len) !=
- (int) tkt_len)
- return(errno);
- }
- ticket->length = tkt_len;
- /* copy the ticket into the struct */
- (void) memcpy((char *) ticket->dat, cp, ticket->length);
-
- } else {
- /* read the application version string */
- if (krb_net_read(fd, version, KRB_SENDAUTH_VLEN) !=
- KRB_SENDAUTH_VLEN)
- return(errno);
- version[KRB_SENDAUTH_VLEN] = '\0';
-
- /* get the length of the ticket */
- if (krb_net_read(fd, (char *)&tkt_len, sizeof(tkt_len)) !=
- sizeof(tkt_len))
- return(errno);
-
- /* sanity check */
- ticket->length = ntohl((unsigned KRB4_32)tkt_len);
- if ((ticket->length <= 0) || (ticket->length > MAX_KTXT_LEN)) {
- if (options & KOPT_DO_MUTUAL) {
- rem = KFAILURE;
- goto mutual_fail;
- } else
- return(KFAILURE); /* XXX there may still be junk on the fd? */
- }
-
- /* read the ticket */
- if (krb_net_read(fd, (char *) ticket->dat, ticket->length)
- != ticket->length)
- return(errno);
- }
- /*
- * now have the ticket. decrypt it to get the authenticated
- * data.
- */
- rem = krb_rd_req(ticket,service,instance,faddr->sin_addr.s_addr,
- kdata,filename);
-
- if (old_vers) return(rem); /* XXX can't do mutual with old client */
-
- /* if we are doing mutual auth, compose a response */
- if (options & KOPT_DO_MUTUAL) {
- if (rem != KSUCCESS)
- /* the krb_rd_req failed */
- goto mutual_fail;
-
- /* add one to the (formerly) sealed checksum, and re-seal it
- for return to the client */
- cksum = kdata->checksum + 1;
- cksum = htonl(cksum);
-#ifndef NOENCRYPTION
- key_sched(kdata->session,schedule);
-#endif /* !NOENCRYPTION */
- priv_len = krb_mk_priv((unsigned char *)&cksum,
- tmp_buf,
- (unsigned KRB4_32) sizeof(cksum),
- schedule,
- &kdata->session,
- laddr,
- faddr);
- if (priv_len < 0) {
- /* re-sealing failed; notify the client */
- rem = KFAILURE; /* XXX */
-mutual_fail:
- priv_len = -1;
- tkt_len = htonl((unsigned KRB4_32) priv_len);
- /* a length of -1 is interpreted as an authentication
- failure by the client */
- if ((cc = krb_net_write(fd, (char *)&tkt_len, sizeof(tkt_len)))
- != sizeof(tkt_len))
- return(cc);
- return(rem);
- } else {
- /* re-sealing succeeded, send the private message */
- tkt_len = htonl((unsigned KRB4_32)priv_len);
- if ((cc = krb_net_write(fd, (char *)&tkt_len, sizeof(tkt_len)))
- != sizeof(tkt_len))
- return(cc);
- if ((cc = krb_net_write(fd, (char *)tmp_buf, (int) priv_len))
- != (int) priv_len)
- return(cc);
- }
- }
- return(rem);
-}
+++ /dev/null
-#!/bin/sh
-# Rename Kerberos Cygnus V4 filenames to proposed names
-# for converting old trees.
-awk '/^@ / { if ($6 != "")
- if ($6 != $4)
- print "mv " $6 " " $4
- else ;
- else if ($2 != $4 && $2 != "-")
- print "mv " $2 " " $4
- }
- ' <ren.msg | grep -v '(gone)' | sh -x
+++ /dev/null
-rename crerrep.c cr_err_repl.c
-rename crauthre.c cr_auth_repl.c
-rename cr_death.c cr_death_pkt.c
-rename crticket.c cr_tkt.c
-rename decomtkt.c decomp_tkt.c
-rename getadtkt.c g_ad_tkt.c
-rename getadmhs.c g_admhst.c
-rename get_cred.c g_cred.c
-rename getintkt.c g_pw_in_tkt.c
-rename getkrbhs.c g_krbhst.c
-rename getphost.c g_phost.c
-rename getpwtkt.c g_pw_tkt.c
-rename get_req.c g_request.c
-rename g_svctkt.c g_svc_in_tkt.c
-rename gettfnam.c g_tf_fname.c
-rename gettfrlm.c g_tf_realm.c
-rename getrealm.c realmofhost.c
-rename k_gethst.c gethostname.c
-rename knm_pars.c kname_parse.c
-rename k_errtxt.c err_txt.c
-rename k_gettkt.c g_in_tkt.c
-rename mth_snam.c month_sname.c
-rename pkt_ciph.c pkt_cipher.c
-rename rdservky.c rd_svc_key.c
-rename savecred.c save_creds.c
-rename send_kdc.c send_to_kdc.c
-rename s_cascmp.c strcasecmp.c
-rename tkt_strg.c tkt_string.c
-rename util.c ad_print.c
+++ /dev/null
-# Rename Kerberos V4 MIT PC-port filenames to proposed names
-# for converting old PC trees on Unix systems.
-awk '/^@ / {
- if ($3 != $4 && $3 != "-")
- print "mv " $3 " " $4
- }
- ' <ren.msg | grep -v '(gone)' | sh -x
+++ /dev/null
-# Rename Kerberos V4 pl10 filenames to proposed names
-# for converting old trees.
-awk '/^@ / {
- if ($2 != $4 && $2 != "-")
- print "mv " $2 " " $4
- }
- ' <ren.msg | grep -v '(gone)' | sh -x
+++ /dev/null
-Subject: Kerberos file renaming for short DOS names
-Date: Tue, 19 Apr 1994 13:34:28 -0700
-From: John Gilmore <gnu@cygnus.com>
-
-[edited since sending, to bring it up to date with what actually happened.]
-
-I'd like to come up with some file naming and configuration
-conventions that will work in DOS, Unix, and Mac environments. At
-Cygnus, we are creating a single freely available K4 source tree that
-works on many Unixes, Windows, and Mac. It currently works on Unixes.
-(To get a copy, send mail to info@cygnus.com requesting our Kerberos
-release. It's in a hidden FTP location due to export control.)
-
-I diffed the current MIT release of Kerberos for PC and Windows
-against the V4 patchlevel 10 release, and identified some 30 files in
-lib/krb that have been renamed between Unix and PC. Comparing source
-trees becomes much more painful when files are renamed. If we don't
-come to sync on the file names, it will be very hard to collaborate,
-which would make more work for all of us.
-
-My plan, which we have used successfully in the GNU software, is to
-make sure that all filenames are unique if you take the first 8 chars
-and the first 3 after the dot. No files have more than a single dot
-in them. We don't restrict file names to just 8.3 characters, since
-doing so would impact readability for the (99.9%) of the developers
-who are on Unix or Mac, where long file names are fine.
-
-There's an additional complication that names longer than 14
-characters present problems to old System V Unix and to `ar' on Unix.
-DJ Delorie's excellent `doschk' program points out all these problems.
-(prep.ai.mit.edu:/pub/gnu/doschk-1.1.tar.gz).
-
-Here's my proposal for the lib/krb directory. In general, I tried to
-regularize the names, turning get_ into g_, removing krb_, turning
-reply into repl, turning ticket into tkt, keeping all file names
-unique across the various libraries, and making a file name more like
-the function name contained in it when there were conflicts. Some
-resulting truncated names are more readable than in the current MIT K4
-PC, some are less readable -- but the overall advantage is that the
-new names should be acceptable to Unix/Mac developers, while the old
-ones weren't.
-
- MIT K4 patch10 MIT K4 PC PROPOSED NAME (trunc to 8.3) old Cyg
-$1 $2 $3 $4 $5 $6
-
-@ add_ticket.c (gone) add_tkt.c add_tkt.c
-@ - - ChangeLog changelo
-@ cr_err_reply.c crerrep.c cr_err_repl.c cr_err_r.c
-@ create_auth_reply.c crauthre.c cr_auth_repl.c cr_auth_.c cr_auth_reply.c
-@ create_ciph.c cr_ciph.c cr_ciph.c cr_ciph.c
-@ create_death_packet.c cr_death.c cr_death_pkt.c cr_death.c cr_death_pkt.c
-@ create_ticket.c crticket.c cr_tkt.c cr_tkt.c
-@ debug_decl.c debug.c debug.c debug.c
-@ decomp_ticket.c decomtkt.c decomp_tkt.c decomp_t.c
-@ - - DNR.c dnr.c
-@ extract_ticket.c ext_tkt.c ext_tkt.c ext_tkt.c extract_tkt.c
-@ - - g_cnffile.c g_cnffil.c
-@ get_ad_tkt.c getadtkt.c g_ad_tkt.c g_ad_tkt.c
-@ get_admhst.c getadmhs.c g_admhst.c g_admhst.c
-@ get_cred.c get_cred.c g_cred.c g_cred.c
-@ get_in_tkt.c getintkt.c g_pw_in_tkt.c g_pw_in_.c
-@ get_krbhst.c getkrbhs.c g_krbhst.c g_krbhst.c
-@ get_krbrlm.c g_krbrlm.c g_krbrlm.c g_krbrlm.c
-@ get_phost.c getphost.c g_phost.c g_phost.c
-@ get_pw_tkt.c getpwtkt.c g_pw_tkt.c g_pw_tkt.c
-@ get_request.c get_req.c (gone) (gone)
-@ get_svc_in_tkt.c g_svctkt.c g_svc_in_tkt.c g_svc_in.c get_svc_in.c
-@ get_tf_fullname.c gettfnam.c g_tf_fname.c g_tf_fna.c get_tf_fname.c
-@ get_tf_realm.c gettfrlm.c g_tf_realm.c g_tf_rea.c
-@ - - g_tkt_svc.c g_tkt_sv.c
-@ getrealm.c getrealm.c realmofhost.c realmofh.c
-@ k_gethostname.c k_gethst.c gethostname.c gethostn.c
-@ kname_parse.c knm_pars.c kname_parse.c kname_pa.c
-@ krb_err_txt.c k_errtxt.c err_txt.c err_txt.c
-@ krb_get_in_tkt.c k_gettkt.c g_in_tkt.c g_in_tkt.c krb_get_in.c
-@ - - mac_store.c mac_stor.c
-@ - - mac_store.h mac_stor.h
-@ - - mac_stubs.c mac_stub.c
-@ - - Makefile.in makefile.in
-@ - - mk_preauth.c mk_preau.c
-@ month_sname.c mth_snam.c month_sname.c month_sn.c
-@ pkt_cipher.c pkt_ciph.c pkt_cipher.c pkt_ciph.c
-@ - - Password.c password.c
-@ - - rd_preauth.c rd_preau.c
-@ - - put_svc_key.c put_svc_.c
-@ read_service_key.c rdservky.c rd_svc_key.c rd_svc_k.c read_svc_key.c
-@ save_credentials.c savecred.c save_creds.c save_cre.c save_creds.c
-@ send_to_kdc.c send_kdc.c send_to_kdc.c send_to_.c
-@ strcasecmp.c s_cascmp.c strcasecmp.c strcasec.c
-@ tkt_string.c tkt_strg.c tkt_string.c tkt_stri.c
-@ - - unix_glue.c unix_glu.c
-@ util.c util.c ad_print.c ad_print.c
-@ - - win_store.c win_stor.c
-# Cleanup for simplified sed scripts that use this table
-@sed s/tf_ad_print\./tf_util\./g
-
-I've supplied Unix shell scripts in the distribution for moving:
-ren-pl10.sh V4 pl10 filenames to proposed names for converting old trees
-ren-pc.sh V4 MIT PC names to proposed names for converting old trees
-ren2long.sh truncated names to proposed names for moving DOS->unix
-ren2dos.sh proposed names to truncated names for unix->DOS names
-
-There's also shell scripts to produce sed scripts for converting Makefiles
-and documentation. You use them like:
- ./sed-pl10.sh >/tmp/sed
- sed -f /tmp/sed <Makefile >newMakefile
-sed-pl10.sh V4 pl10 filenames to proposed names for converting old trees
-sed-pc.sh V4 MIT PC names to proposed names for converting old trees
-
-I'll also supply a DOS script for moving:
-ren-pc.bat V4 MIT PC names to proposed names for converting old trees
-
-And an MPW script for moving
-ren-pl10.mpw V4 pl10 filenames to proposed names for converting old trees
-
- John Gilmore
- Cygnus Support
+++ /dev/null
-# Rename Unix filenames to DOS-truncated filenames for KRB library.
-# for converting Unix distributions to DOS distributions
-awk '/^@ / {
- if ($4 != $5)
- print "mv " $4 " " $5
- }
- ' <ren.msg | sh -x
+++ /dev/null
-# Rename DOS-truncated filenames to Unix filenames for KRB library.
-# for converting DOS distributions to Unix distributions
-awk '/^@ / {
- if ($4 != $5)
- print "mv " $5 " " $4
- }
- ' <ren.msg | sh -x
+++ /dev/null
-/*
- * save_creds.c
- *
- * Copyright 1985, 1986, 1987, 1988, 2002 by the Massachusetts
- * Institute of Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include <stdio.h>
-#include "krb.h"
-#include "krb4int.h"
-
-/*
- * This routine takes a ticket and associated info and calls
- * tf_save_cred() to store them in the ticket cache. The peer
- * routine for extracting a ticket and associated info from the
- * ticket cache is krb_get_cred(). When changes are made to
- * this routine, the corresponding changes should be made
- * in krb_get_cred() as well.
- *
- * Returns KSUCCESS if all goes well, otherwise an error returned
- * by the tf_init() or tf_save_cred() routines.
- *
- * This used to just be called save_credentials, but when we formalized
- * the DOS/Mac interface, we created and exported krb_save_credentials
- * to avoid namespace pollution.
- */
-
-int
-krb4int_save_credentials_addr(service, instance, realm, session, lifetime, kvno,
- ticket, issue_date, local_addr)
- char *service; /* Service name */
- char *instance; /* Instance */
- char *realm; /* Auth domain */
- C_Block session; /* Session key */
- int lifetime; /* Lifetime */
- int kvno; /* Key version number */
- KTEXT ticket; /* The ticket itself */
- KRB4_32 issue_date; /* The issue time */
- KRB_UINT32 local_addr;
-{
- int tf_status; /* return values of the tf_util calls */
-
- /* Open and lock the ticket file for writing */
- if ((tf_status = tf_init(TKT_FILE, W_TKT_FIL)) != KSUCCESS)
- return(tf_status);
-
- /* Save credentials by appending to the ticket file */
- tf_status = tf_save_cred(service, instance, realm, session,
- lifetime, kvno, ticket, issue_date);
- (void) tf_close();
- return (tf_status);
-}
-
-int KRB5_CALLCONV
-krb_save_credentials(
- char *service,
- char *instance,
- char *realm,
- C_Block session,
- int lifetime,
- int kvno,
- KTEXT ticket,
- long issue_date)
-{
- return krb4int_save_credentials_addr(service, instance, realm,
- session, lifetime, kvno,
- ticket, (KRB4_32)issue_date, 0);
-}
+++ /dev/null
-#!/bin/sh
-# Produce a sed script for converting Kerberos Cygnus V4 filenames to proposed
-# names -- for converting old makefiles and doc.
-# We fix any "oldfoo." into "newfoo." including .c and .o and .h files.
-awk '/^@ / { if ($6 != "")
- if ($6 != $4)
- print "s/" $6 "/" $4 "/g"
- else ;
- else if ($2 != $4 && $2 != "-")
- print "s/" $2 "/" $4 "/g"
- }
- /^@sed / { print $2 }
- ' <ren.msg | grep -v '(gone)' | sed 's/\.c/\\./g'
+++ /dev/null
-#!/bin/sh
-# Produce a sed script for converting Kerberos V4 MIT PC filenames to proposed
-# names -- for converting old makefiles and doc.
-# We fix any "oldfoo." into "newfoo." including .c and .o and .h files.
-awk '/^@ / {
- if ($3 != $4)
- print "s/" $3 "/" $4 "/g"
- }
- /^@sed / { print $2 }
- ' <ren.msg | grep -v '(gone)' | sed 's/\.c/\\./g'
-
+++ /dev/null
-#!/bin/sh
-# Produce a sed script for converting Kerberos V4 pl10 filenames to proposed
-# names -- for converting old makefiles and doc.
-# We fix any "oldfoo." into "newfoo." including .c and .o and .h files.
-awk '/^@ / {
- if ($2 != $4)
- print "s/" $2 "/" $4 "/g"
- }
- /^@sed / { print $2 }
- ' <ren.msg | sed 's/\.c/\\./g'
+++ /dev/null
-/*
- * lib/krb4/send_to_kdc.c
- *
- * Copyright 1987-2002 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include "krbports.h"
-#include "prot.h"
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "autoconf.h"
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include "port-sockets.h"
-#include "fake-addrinfo.h"
-#include "k5-int.h"
-#include "krb4int.h"
-
-#define S_AD_SZ sizeof(struct sockaddr_in)
-
-/* These are really defaults from getservbyname() or hardcoded. */
-static int cached_krb_udp_port = 0;
-static int cached_krbsec_udp_port = 0;
-
-int krb4int_send_to_kdc_addr(KTEXT, KTEXT, char *,
- struct sockaddr *, socklen_t *);
-
-#ifdef DEBUG
-static char *prog = "send_to_kdc";
-#endif
-
-/*
- * send_to_kdc() sends a message to the Kerberos authentication
- * server(s) in the given realm and returns the reply message.
- * The "pkt" argument points to the message to be sent to Kerberos;
- * the "rpkt" argument will be filled in with Kerberos' reply.
- * The "realm" argument indicates the realm of the Kerberos server(s)
- * to transact with. If the realm is null, the local realm is used.
- *
- * If more than one Kerberos server is known for a given realm,
- * different servers will be queried until one of them replies.
- * Several attempts (retries) are made for each server before
- * giving up entirely.
- *
- * The following results can be returned:
- *
- * KSUCCESS - an answer was received from a Kerberos host
- *
- * SKDC_CANT - can't get local realm
- * - can't find "kerberos" in /etc/services database
- * - can't open socket
- * - can't bind socket
- * - all ports in use
- * - couldn't find any Kerberos host
- *
- * SKDC_RETRY - couldn't get an answer from any Kerberos server,
- * after several retries
- */
-
-int
-krb4int_send_to_kdc_addr(
- KTEXT pkt, KTEXT rpkt, char *realm,
- struct sockaddr *addr, socklen_t *addrlen)
-{
- struct addrlist al = ADDRLIST_INIT;
- char lrealm[REALM_SZ];
- krb5int_access internals;
- krb5_error_code retval;
- struct servent *sp;
- int krb_udp_port = 0;
- int krbsec_udp_port = 0;
- char krbhst[MAXHOSTNAMELEN];
- char *scol;
- int i;
- int err;
- krb5_data message, reply;
-
- /*
- * If "realm" is non-null, use that, otherwise get the
- * local realm.
- */
- if (realm)
- strncpy(lrealm, realm, sizeof(lrealm) - 1);
- else {
- if (krb_get_lrealm(lrealm, 1)) {
- DEB (("%s: can't get local realm\n", prog));
- return SKDC_CANT;
- }
- }
- lrealm[sizeof(lrealm) - 1] = '\0';
- DEB (("lrealm is %s\n", lrealm));
-
- retval = krb5int_accessor(&internals, KRB5INT_ACCESS_VERSION);
- if (retval)
- return KFAILURE;
-
- /* The first time, decide what port to use for the KDC. */
- if (cached_krb_udp_port == 0) {
- sp = getservbyname("kerberos","udp");
- if (sp)
- cached_krb_udp_port = sp->s_port;
- else
- cached_krb_udp_port = htons(KERBEROS_PORT); /* kerberos/udp */
- DEB (("cached_krb_udp_port is %d\n", cached_krb_udp_port));
- }
- /* If kerberos/udp isn't 750, try using kerberos-sec/udp (or 750)
- as a fallback. */
- if (cached_krbsec_udp_port == 0 &&
- cached_krb_udp_port != htons(KERBEROS_PORT)) {
- sp = getservbyname("kerberos-sec","udp");
- if (sp)
- cached_krbsec_udp_port = sp->s_port;
- else
- cached_krbsec_udp_port = htons(KERBEROS_PORT); /* kerberos/udp */
- DEB (("cached_krbsec_udp_port is %d\n", cached_krbsec_udp_port));
- }
-
- for (i = 1; krb_get_krbhst(krbhst, lrealm, i) == KSUCCESS; ++i) {
-#ifdef DEBUG
- if (krb_debug) {
- DEB (("Getting host entry for %s...",krbhst));
- (void) fflush(stdout);
- }
-#endif
- if (0 != (scol = strchr(krbhst,':'))) {
- krb_udp_port = htons(atoi(scol+1));
- *scol = 0;
- if (krb_udp_port == 0) {
-#ifdef DEBUG
- if (krb_debug) {
- DEB (("bad port number %s\n",scol+1));
- (void) fflush(stdout);
- }
-#endif
- continue;
- }
- krbsec_udp_port = 0;
- } else {
- krb_udp_port = cached_krb_udp_port;
- krbsec_udp_port = cached_krbsec_udp_port;
- }
- err = internals.add_host_to_list(&al, krbhst,
- krb_udp_port, krbsec_udp_port,
- SOCK_DGRAM, PF_INET);
- if (err) {
- retval = SKDC_CANT;
- goto free_al;
- }
- }
- if (al.naddrs == 0) {
- DEB (("%s: can't find any Kerberos host.\n", prog));
- retval = SKDC_CANT;
- }
-
- message.length = pkt->length;
- message.data = (char *)pkt->dat; /* XXX yuck */
- retval = internals.sendto_udp(NULL, &message, &al, NULL, &reply, addr,
- addrlen, NULL, 0, NULL, NULL, NULL);
- DEB(("sendto_udp returns %d\n", retval));
-free_al:
- internals.free_addrlist(&al);
- if (retval)
- return SKDC_CANT;
- DEB(("reply.length=%d\n", reply.length));
- if (reply.length > sizeof(rpkt->dat))
- retval = SKDC_CANT;
- rpkt->length = 0;
- if (!retval) {
- memcpy(rpkt->dat, reply.data, reply.length);
- rpkt->length = reply.length;
- }
- krb5_free_data_contents(NULL, &reply);
- return retval;
-}
-
-int
-send_to_kdc(KTEXT pkt, KTEXT rpkt, char *realm)
-{
- return krb4int_send_to_kdc_addr(pkt, rpkt, realm, NULL, NULL);
-}
+++ /dev/null
-/*
- * sendauth.c
- *
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- */
-
-#include "mit-copyright.h"
-
-#include "krb.h"
-#include "krb4int.h"
-#include <errno.h>
-#include <stdio.h>
-#include <string.h>
-#include "port-sockets.h"
-
-#define KRB_SENDAUTH_VERS "AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN chars */
-/*
- * If the protocol changes, you will need to change the version string
- * and make appropriate changes in krb_recvauth.c
- */
-
-/*
- * This file contains two routines: krb_sendauth() and krb_sendsrv().
- *
- * krb_sendauth() transmits a ticket over a file descriptor for a
- * desired service, instance, and realm, doing mutual authentication
- * with the server if desired.
- *
- * Most of the real work of krb_sendauth() has been moved into mk_auth.c
- * for portability; sendauth takes a Unix file descriptor as argument,
- * which doesn't work on other operating systems.
- *
- * krb_sendsvc() sends a service name to a remote knetd server, and is
- * only for Athena compatability.
- */
-
-/*
- * The first argument to krb_sendauth() contains a bitfield of
- * options (the options are defined in "krb.h"):
- *
- * KOPT_DONT_CANON Don't canonicalize instance as a hostname.
- * (If this option is not chosen, krb_get_phost()
- * is called to canonicalize it.)
- *
- * KOPT_DONT_MK_REQ Don't request server ticket from Kerberos.
- * A ticket must be supplied in the "ticket"
- * argument.
- * (If this option is not chosen, and there
- * is no ticket for the given server in the
- * ticket cache, one will be fetched using
- * krb_mk_req() and returned in "ticket".)
- *
- * KOPT_DO_MUTUAL Do mutual authentication, requiring that the
- * receiving server return the checksum+1 encrypted
- * in the session key. The mutual authentication
- * is done using krb_mk_priv() on the other side
- * (see "recvauth.c") and krb_rd_priv() on this
- * side.
- *
- * The "fd" argument is a file descriptor to write to the remote
- * server on. The "ticket" argument is used to store the new ticket
- * from the krb_mk_req() call. If the KOPT_DONT_MK_REQ options is
- * chosen, the ticket must be supplied in the "ticket" argument.
- * The "service", "inst", and "realm" arguments identify the ticket.
- * If "realm" is null, the local realm is used.
- *
- * The following arguments are only needed if the KOPT_DO_MUTUAL option
- * is chosen:
- *
- * The "checksum" argument is a number that the server will add 1 to
- * to authenticate itself back to the client; the "msg_data" argument
- * holds the returned mutual-authentication message from the server
- * (i.e., the checksum+1); the "cred" structure is used to hold the
- * session key of the server, extracted from the ticket file, for use
- * in decrypting the mutual authentication message from the server;
- * and "schedule" holds the key schedule for that decryption. The
- * the local and server addresses are given in "laddr" and "faddr".
- *
- * The application protocol version number (of up to KRB_SENDAUTH_VLEN
- * characters) is passed in "version".
- *
- * If all goes well, KSUCCESS is returned, otherwise some error code.
- *
- * The format of the message sent to the server is:
- *
- * Size Variable Field
- * ---- -------- -----
- *
- * KRB_SENDAUTH_VLEN KRB_SENDAUTH_VER sendauth protocol
- * bytes version number
- *
- * KRB_SENDAUTH_VLEN version application protocol
- * bytes version number
- *
- * 4 bytes ticket->length length of ticket
- *
- * ticket->length ticket->dat ticket itself
- */
-
-/*
- * XXX: Note that krb_rd_priv() is coded in such a way that
- * "msg_data->app_data" will be pointing into "packet", which
- * will disappear when krb_sendauth() returns.
- *
- * See FIXME KLUDGE code in appl/bsd/kcmd.c.
- */
-KRB4_32 __krb_sendauth_hidden_tkt_len=0;
-#define raw_tkt_len __krb_sendauth_hidden_tkt_len
-
-
-/*
- * Read a server's sendauth response out of a file descriptor.
- * Returns a Kerberos error code.
- *
- * Note sneaky code using raw_tkt_len to stash away a bit of info
- * for use by appl/bsd/kcmd.c. Now that krb_net_rd_sendauth is
- * a separate function, kcmd should call it directly to get this
- * sneaky info.
- */
-int
-krb_net_rd_sendauth (fd, reply, raw_len)
- int fd; /* file descriptor to write onto */
- KTEXT reply; /* Where we put the reply message */
- KRB4_32 *raw_len; /* Where to read the length field info */
-{
- KRB4_32 tkt_len;
- int got;
-
- reply->length = 0; /* Nothing read from net yet */
- reply->mbz = 0;
-
- /* get the length of the reply */
- reread:
- got = krb_net_read(fd, (char *)raw_len, sizeof(KRB4_32));
- if (got != sizeof(KRB4_32))
- return KFAILURE;
-
- /* Here's an amazing hack. If we are contacting an rlogin server,
- and it is running on a Sun4, and it was compiled with the wrong
- shared libary version, it will print an ld.so warning message
- when it starts up. We just ignore any such message and keep
- going. This doesn't affect security: we just require the
- ticket to follow the warning message. */
- if (!memcmp("ld.s", raw_len, 4)) {
- char c;
-
- while (krb_net_read(fd, &c, 1) == 1 && c != '\n')
- ;
- goto reread;
- }
-
- tkt_len = ntohl(*raw_len);
-
- /* if the length is negative, the server failed to recognize us. */
- if ((tkt_len < 0) || (tkt_len > sizeof(reply->dat)))
- return KFAILURE; /* XXX */
- /* read the reply... */
- got = krb_net_read(fd, (char *)reply->dat, (int) tkt_len);
- if (got != (int) tkt_len)
- return KFAILURE;
-
- reply->length = tkt_len;
- reply->mbz = 0;
- return KSUCCESS;
-}
-
-
-/*
- * krb_sendauth
- *
- * The original routine, provided on Unix.
- * Obtains a service ticket using the ticket-granting ticket,
- * uses it to stuff an authorization request down a Unix socket to the
- * end-user application server, sucks a response out of the socket,
- * and decodes it to verify mutual authentication.
- */
-int KRB5_CALLCONV
-krb_sendauth(options, fd, ticket, service, inst, realm, checksum,
- msg_data, cred, schedule, laddr, faddr, version)
- long options; /* bit-pattern of options */
- int fd; /* file descriptor to write onto */
- KTEXT ticket; /* where to put ticket (return); or
- supplied in case of KOPT_DONT_MK_REQ */
- char *service; /* service name */
- char *inst; /* service instance */
- char *realm; /* service realm */
- unsigned KRB4_32 checksum; /* checksum to include in request */
- MSG_DAT *msg_data; /* mutual auth MSG_DAT (return) */
- CREDENTIALS *cred; /* credentials (return) */
- Key_schedule schedule; /* key schedule (return) */
- struct sockaddr_in *laddr; /* local address */
- struct sockaddr_in *faddr; /* address of foreign host on fd */
- char *version; /* version string */
-{
- int rem, cc;
- char srv_inst[INST_SZ];
- char krb_realm[REALM_SZ];
- KTEXT_ST packet[1]; /* Re-use same one for msg and reply */
-
- /* get current realm if not passed in */
- if (!realm) {
- rem = krb_get_lrealm(krb_realm,1);
- if (rem != KSUCCESS)
- return(rem);
- realm = krb_realm;
- }
-
- /* copy instance into local storage, so mk_auth can canonicalize */
- (void) strncpy(srv_inst, inst, INST_SZ-1);
- srv_inst[INST_SZ-1] = 0;
- rem = krb_mk_auth (options, ticket, service, srv_inst, realm, checksum,
- version, packet);
- if (rem != KSUCCESS)
- return rem;
-
-#ifdef ATHENA_COMPAT
- /* this is only for compatibility with old servers */
- if (options & KOPT_DO_OLDSTYLE) {
- (void) sprintf(buf,"%d ",ticket->length);
- (void) write(fd, buf, strlen(buf));
- (void) write(fd, (char *) ticket->dat, ticket->length);
- return(rem);
- }
-#endif /* ATHENA_COMPAT */
-
- /* write the request to the server */
- if ((cc = krb_net_write(fd, packet->dat, packet->length)) != packet->length)
- return(cc);
-
- /* mutual authentication, if desired */
- if (options & KOPT_DO_MUTUAL) {
- /* get credentials so we have service session
- key for decryption below */
- cc = krb_get_cred(service, srv_inst, realm, cred);
- if (cc)
- return(cc);
-
- /* Get the reply out of the socket. */
- cc = krb_net_rd_sendauth (fd, packet, &raw_tkt_len);
- if (cc != KSUCCESS)
- return cc;
-
- /* Check the reply to verify that server is really who we expect. */
- cc = krb_check_auth (packet, checksum,
- msg_data, cred->session, schedule, laddr, faddr);
- if (cc != KSUCCESS)
- return cc;
- }
- return(KSUCCESS);
-}
-
-
-#ifdef ATHENA_COMPAT
-/*
- * krb_sendsvc
- */
-
-int
-krb_sendsvc(fd, service)
- int fd;
- char *service;
-{
- /* write the service name length and then the service name to
- the fd */
- KRB4_32 serv_length;
- int cc;
-
- serv_length = htonl((unsigned long)strlen(service));
- if ((cc = krb_net_write(fd, (char *) &serv_length,
- sizeof(serv_length)))
- != sizeof(serv_length))
- return(cc);
- if ((cc = krb_net_write(fd, service, strlen(service)))
- != strlen(service))
- return(cc);
- return(KSUCCESS);
-}
-#endif /* ATHENA_COMPAT */
+++ /dev/null
-/*
- * Copyright (c) 1987 Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms are permitted
- * provided that the above copyright notice and this paragraph are
- * duplicated in all such forms and that any documentation,
- * advertising materials, and other materials related to such
- * distribution and use acknowledge that the software was developed
- * by the University of California, Berkeley. The name of the
- * University may not be used to endorse or promote products derived
- * from this software without specific prior written permission.
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#if defined(LIBC_SCCS) && !defined(lint)
-static char sccsid[] = "@(#)setenv.c 5.2 (Berkeley) 6/27/88";
-#endif /* LIBC_SCCS and not lint */
-
-#include "conf.h"
-#include <stdio.h>
-#include <string.h>
-
-/*
- * setenv --
- * Set the value of the environmental variable "name" to be
- * "value". If rewrite is set, replace any current value.
- */
-int setenv(name, value, rewrite)
- register char *name, *value;
- int rewrite;
-{
- extern char **environ;
- static int alloced; /* if allocated space before */
- register char *C;
- int l_value, offset;
- char *malloc(), *realloc(), *_findenv();
-
- if (*value == '=') /* no `=' in value */
- ++value;
- l_value = strlen(value);
- if ((C = _findenv(name, &offset))) { /* find if already exists */
- if (!rewrite)
- return(0);
- if (strlen(C) >= l_value) { /* old larger; copy over */
- while (*C++ = *value++);
- return(0);
- }
- }
- else { /* create new slot */
- register int cnt;
- register char **P;
-
- for (P = environ, cnt = 0; *P; ++P, ++cnt);
- if (alloced) { /* just increase size */
- environ = (char **)realloc((char *)environ,
- (u_int)(sizeof(char *) * (cnt + 2)));
- if (!environ)
- return(-1);
- }
- else { /* get new space */
- alloced = 1; /* copy old entries into it */
- P = (char **)malloc((u_int)(sizeof(char *) *
- (cnt + 2)));
- if (!P)
- return(-1);
- memcpy(P, environ, cnt * sizeof(char *));
- environ = P;
- }
- environ[cnt + 1] = NULL;
- offset = cnt;
- }
- for (C = name; *C && *C != '='; ++C); /* no `=' in name */
- if (!(environ[offset] = /* name + `=' + value */
- malloc((u_int)((int)(C - name) + l_value + 2))))
- return(-1);
- for (C = environ[offset]; (*C = *name++) && *C != '='; ++C);
- for (*C++ = '='; *C++ = *value++;);
- return(0);
-}
-
-/*
- * unsetenv(name) --
- * Delete environmental variable "name".
- */
-void
-unsetenv(name)
- char *name;
-{
- extern char **environ;
- register char **P;
- int offset;
- char *_findenv();
-
- while (_findenv(name, &offset)) /* if set multiple times */
- for (P = &environ[offset];; ++P)
- if (!(*P = *(P + 1)))
- break;
-}
-/*
- * Copyright (c) 1987 Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms are permitted
- * provided that the above copyright notice and this paragraph are
- * duplicated in all such forms and that any documentation,
- * advertising materials, and other materials related to such
- * distribution and use acknowledge that the software was developed
- * by the University of California, Berkeley. The name of the
- * University may not be used to endorse or promote products derived
- * from this software without specific prior written permission.
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#ifndef HAVE_GETENV
-#if defined(LIBC_SCCS) && !defined(lint)
-static char sccsid[] = "@(#)getenv.c 5.5 (Berkeley) 6/27/88";
-#endif /* LIBC_SCCS and not lint */
-
-/*
- * getenv --
- * Returns ptr to value associated with name, if any, else NULL.
- */
-char *
-getenv(name)
- char *name;
-{
- int offset;
- char *_findenv();
-
- return(_findenv(name, &offset));
-}
-#endif
-/*
- * _findenv --
- * Returns pointer to value associated with name, if any, else NULL.
- * Sets offset to be the offset of the name/value combination in the
- * environmental array, for use by setenv(3) and unsetenv(3).
- * Explicitly removes '=' in argument name.
- *
- * This routine *should* be a static; don't use it.
- */
-char *
-_findenv(name, offset)
- register char *name;
- int *offset;
-{
- extern char **environ;
- register int len;
- register char **P, *C;
-
- for (C = name, len = 0; *C && *C != '='; ++C, ++len);
- for (P = environ; *P; ++P)
- if (!strncmp(*P, name, len))
- if (*(C = *P + len) == '=') {
- *offset = P - environ;
- return(++C);
- }
- return(NULL);
-}
+++ /dev/null
-/*
- * lib/krb4/stime.c
- *
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute of
- * Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include "krb4int.h"
-#include <stdio.h> /* for sprintf() */
-#ifndef _WIN32
-#include <time.h>
-#include <sys/time.h>
-#endif
-
-/*
- * Given a pointer to a long containing the number of seconds
- * since the beginning of time (midnight 1 Jan 1970 GMT), return
- * a string containing the local time in the form:
- *
- * "25-Jan-88 10:17:56"
- */
-
-char *krb_stime(t)
- long *t;
-{
- static char st[40];
- static time_t adjusted_time;
- struct tm *tm;
-
- adjusted_time = *t - CONVERT_TIME_EPOCH;
- tm = localtime(&adjusted_time);
- (void) snprintf(st,sizeof(st),"%2d-%s-%d %02d:%02d:%02d",tm->tm_mday,
- month_sname(tm->tm_mon + 1),1900+tm->tm_year,
- tm->tm_hour, tm->tm_min, tm->tm_sec);
- return st;
-}
-
+++ /dev/null
-/*
- * Copyright (c) 1987 Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms are permitted
- * provided that the above copyright notice and this paragraph are
- * duplicated in all such forms and that any documentation,
- * advertising materials, and other materials related to such
- * distribution and use acknowledge that the software was developed
- * by the University of California, Berkeley. The name of the
- * University may not be used to endorse or promote products derived
- * from this software without specific prior written permission.
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-/*
- * This array is designed for mapping upper and lower case letter
- * together for a case independent comparison. The mappings are
- * based upon ascii character sequences.
- */
-static unsigned char charmap[] = {
- '\000', '\001', '\002', '\003', '\004', '\005', '\006', '\007',
- '\010', '\011', '\012', '\013', '\014', '\015', '\016', '\017',
- '\020', '\021', '\022', '\023', '\024', '\025', '\026', '\027',
- '\030', '\031', '\032', '\033', '\034', '\035', '\036', '\037',
- '\040', '\041', '\042', '\043', '\044', '\045', '\046', '\047',
- '\050', '\051', '\052', '\053', '\054', '\055', '\056', '\057',
- '\060', '\061', '\062', '\063', '\064', '\065', '\066', '\067',
- '\070', '\071', '\072', '\073', '\074', '\075', '\076', '\077',
- '\100', '\141', '\142', '\143', '\144', '\145', '\146', '\147',
- '\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157',
- '\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167',
- '\170', '\171', '\172', '\133', '\134', '\135', '\136', '\137',
- '\140', '\141', '\142', '\143', '\144', '\145', '\146', '\147',
- '\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157',
- '\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167',
- '\170', '\171', '\172', '\173', '\174', '\175', '\176', '\177',
- '\200', '\201', '\202', '\203', '\204', '\205', '\206', '\207',
- '\210', '\211', '\212', '\213', '\214', '\215', '\216', '\217',
- '\220', '\221', '\222', '\223', '\224', '\225', '\226', '\227',
- '\230', '\231', '\232', '\233', '\234', '\235', '\236', '\237',
- '\240', '\241', '\242', '\243', '\244', '\245', '\246', '\247',
- '\250', '\251', '\252', '\253', '\254', '\255', '\256', '\257',
- '\260', '\261', '\262', '\263', '\264', '\265', '\266', '\267',
- '\270', '\271', '\272', '\273', '\274', '\275', '\276', '\277',
- '\300', '\341', '\342', '\343', '\344', '\345', '\346', '\347',
- '\350', '\351', '\352', '\353', '\354', '\355', '\356', '\357',
- '\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367',
- '\370', '\371', '\372', '\333', '\334', '\335', '\336', '\337',
- '\340', '\341', '\342', '\343', '\344', '\345', '\346', '\347',
- '\350', '\351', '\352', '\353', '\354', '\355', '\356', '\357',
- '\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367',
- '\370', '\371', '\372', '\373', '\374', '\375', '\376', '\377',
-};
-
-strcasecmp(s1, s2)
- char *s1, *s2;
-{
- register unsigned char *cm = charmap,
- *us1 = (unsigned char *)s1,
- *us2 = (unsigned char *)s2;
-
- while (cm[*us1] == cm[*us2++])
- if (*us1++ == '\0')
- return(0);
- return(cm[*us1] - cm[*--us2]);
-}
-
-strncasecmp(s1, s2, n)
- char *s1, *s2;
- register int n;
-{
- register unsigned char *cm = charmap,
- *us1 = (unsigned char *)s1,
- *us2 = (unsigned char *)s2;
-
- while (--n >= 0 && cm[*us1] == cm[*us2++])
- if (*us1++ == '\0')
- return(0);
- return(n < 0 ? 0 : cm[*us1] - cm[*--us2]);
-}
+++ /dev/null
-/*
- * lib/krb4/strnlen.c
- *
- * Copyright 2000, 2001 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include <stddef.h>
-#include "krb.h"
-#include "prot.h"
-
-/*
- * krb4int_strnlen()
- *
- * Return the length of the string if a NUL is found in the first n
- * bytes, otherwise, -1.
- */
-
-int KRB5_CALLCONV
-krb4int_strnlen(const char *s, int n)
-{
- int i = 0;
-
- for (i = 0; i < n; i++) {
- if (s[i] == '\0') {
- return i;
- }
- }
- return -1;
-}
+++ /dev/null
-/* simple implementation of swab. */
-
-swab(from,to,nbytes)
- char *from;
- char *to;
- int nbytes;
-{
- char tmp;
- while ( (nbytes-=2) >= 0 ) {
- tmp = from[1];
- to[1] = from[0];
- to[0] = tmp;
- to++; to++;
- from++; from++;
- }
-}
-
-
+++ /dev/null
-/*
- * tf_shm.c
- *
- * Copyright 1988, 2007 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- * Shared memory segment functions for session keys. Derived from code
- * contributed by Dan Kolkowitz (kolk@jessica.stanford.edu).
- */
-
-#include "mit-copyright.h"
-
-#include <stdio.h>
-#include <sys/ipc.h>
-#include <sys/shm.h>
-#include "krb.h"
-#include "des.h"
-#include <sys/stat.h>
-#include <fcntl.h>
-
-#define MAX_BUFF sizeof(des_cblock)*1000 /* room for 1k keys */
-
-extern int krb_debug;
-
-/*
- * krb_create_shmtkt:
- *
- * create a shared memory segment for session keys, leaving its id
- * in the specified filename.
- */
-
-int
-krb_shm_create(file_name)
-char *file_name;
-{
- int retval;
- int shmid;
- struct shmid_ds shm_buf;
- FILE *sfile;
- uid_t me, metoo, getuid(), geteuid();
-
- (void) krb_shm_dest(file_name); /* nuke it if it exists...
- this cleans up to make sure we
- don't slowly lose memory. */
-
- shmid = shmget((long)IPC_PRIVATE,MAX_BUFF, IPC_CREAT);
- if (shmid == -1) {
- if (krb_debug)
- perror("krb_shm_create shmget");
- return(KFAILURE); /* XXX */
- }
- me = getuid();
- metoo = geteuid();
- /*
- * now set up the buffer so that we can modify it
- */
- shm_buf.shm_perm.uid = me;
- shm_buf.shm_perm.gid = getgid();
- shm_buf.shm_perm.mode = 0600;
- if (shmctl(shmid,IPC_SET,&shm_buf) < 0) { /*can now map it */
- if (krb_debug)
- perror("krb_shm_create shmctl");
- (void) shmctl(shmid, IPC_RMID, 0);
- return(KFAILURE); /* XXX */
- }
-#if !defined(_AIX)
- (void) shmctl(shmid, SHM_LOCK, 0); /* attempt to lock-in-core */
-#endif
- /* arrange so the file is owned by the ruid
- (swap real & effective uid if necessary). */
- if (me != metoo) {
- if (setreuid(metoo, me) < 0) {
- /* can't switch??? barf! */
- if (krb_debug)
- perror("krb_shm_create: setreuid");
- (void) shmctl(shmid, IPC_RMID, 0);
- return(KFAILURE);
- } else
- if (krb_debug)
- printf("swapped UID's %d and %d\n",metoo,me);
- }
- if ((sfile = fopen(file_name,"w")) == 0) {
- if (krb_debug)
- perror("krb_shm_create file");
- (void) shmctl(shmid, IPC_RMID, 0);
- return(KFAILURE); /* XXX */
- }
- set_cloexec_file(sfile);
- if (fchmod(fileno(sfile),0600) < 0) {
- if (krb_debug)
- perror("krb_shm_create fchmod");
- (void) shmctl(shmid, IPC_RMID, 0);
- return(KFAILURE); /* XXX */
- }
- if (me != metoo) {
- if (setreuid(me, metoo) < 0) {
- /* can't switch??? barf! */
- if (krb_debug)
- perror("krb_shm_create: setreuid2");
- (void) shmctl(shmid, IPC_RMID, 0);
- return(KFAILURE);
- } else
- if (krb_debug)
- printf("swapped UID's %d and %d\n",me,metoo);
- }
-
- (void) fprintf(sfile,"%d",shmid);
- (void) fflush(sfile);
- (void) fclose(sfile);
- return(KSUCCESS);
-}
-
-
-/*
- * krb_is_diskless:
- *
- * check / to see if file .diskless exists. If so it is diskless.
- * Do it this way now to avoid dependencies on a particular routine.
- * Choose root file system since that will be private to the client.
- */
-
-int krb_is_diskless()
-{
- struct stat buf;
- if (stat("/.diskless",&buf) < 0)
- return(0);
- else return(1);
-}
-
-/*
- * krb_shm_dest: destroy shared memory segment with session keys, and remove
- * file pointing to it.
- */
-
-int krb_shm_dest(file)
-char *file;
-{
- int shmid;
- FILE *sfile;
- struct stat st_buf;
-
- if (stat(file,&st_buf) == 0) {
- /* successful stat */
- if ((sfile = fopen(file,"r")) == 0) {
- if (krb_debug)
- perror("cannot open shared memory file");
- return(KFAILURE); /* XXX */
- }
- set_cloexec_file(sfile);
- if (fscanf(sfile,"%d",&shmid) == 1) {
- if (shmctl(shmid,IPC_RMID,0) != 0) {
- if (krb_debug)
- perror("krb_shm_dest: cannot delete shm segment");
- (void) fclose(sfile);
- return(KFAILURE); /* XXX */
- }
- } else {
- if (krb_debug)
- fprintf(stderr, "bad format in shmid file\n");
- (void) fclose(sfile);
- return(KFAILURE); /* XXX */
- }
- (void) fclose(sfile);
- (void) unlink(file);
- return(KSUCCESS);
- } else
- return(RET_TKFIL); /* XXX */
-}
-
-
-
+++ /dev/null
-/*
- * lib/krb4/tf_util.c
- *
- * Copyright 1985, 1986, 1987, 1988, 2000, 2001, 2007 by the Massachusetts
- * Institute of Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include "k5-int.h"
-#include "krb4int.h"
-
-
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include <sys/stat.h>
-#include <fcntl.h>
-
-#ifdef TKT_SHMEM
-#include <sys/param.h>
-#include <sys/ipc.h>
-#include <sys/shm.h>
-#endif /* TKT_SHMEM */
-
-
-
-#define TOO_BIG -1
-#define TF_LCK_RETRY ((unsigned)2) /* seconds to sleep before
- * retry if ticket file is
- * locked */
-extern int krb_debug;
-
-void tf_close();
-
-#ifdef TKT_SHMEM
-char *krb_shm_addr;
-static char *tmp_shm_addr;
-static const char krb_dummy_skey[8];
-
-char *shmat();
-#endif /* TKT_SHMEM */
-
-#ifdef NEED_UTIMES
-
-#include <sys/time.h>
-#ifdef __SCO__
-#include <utime.h>
-#endif
-#if defined(__svr4__) || defined(__SVR4)
-#include <utime.h>
-#endif
-int utimes(path, times)
- char* path;
- struct timeval times[2];
-{
- struct utimbuf tv;
- tv.actime = times[0].tv_sec;
- tv.modtime = times[1].tv_sec;
- return utime(path,&tv);
-}
-#endif
-
-#ifdef HAVE_SETEUID
-#define do_seteuid(e) seteuid((e))
-#else
-#ifdef HAVE_SETRESUID
-#define do_seteuid(e) setresuid(-1, (e), -1)
-#else
-#ifdef HAVE_SETREUID
-#define do_seteuid(e) setreuid(geteuid(), (e))
-#else
-#define do_seteuid(e) (errno = EPERM, -1)
-#endif
-#endif
-#endif
-
-
-#ifdef K5_LE
-/* This was taken from jhutz's patch for heimdal krb4. It only
- * applies to little endian systems. Big endian systems have a
- * less elegant solution documented below.
- *
- * This record is written after every real ticket, to ensure that
- * both 32- and 64-bit readers will perceive the next real ticket
- * as starting in the same place. This record looks like a ticket
- * with the following properties:
- * Field 32-bit 64-bit
- * ============ ================= =================
- * sname "." "."
- * sinst "" ""
- * srealm ".." ".."
- * session key 002E2E00 xxxxxxxx xxxxxxxx 00000000
- * lifetime 0 0
- * kvno 0 12
- * ticket 12 nulls 4 nulls
- * issue 0 0
- *
- * Our code always reads and writes the 32-bit format, but knows
- * to skip 00000000 at the front of a record, and to completely
- * ignore tickets for the special alignment principal.
- */
-static unsigned char align_rec[] = {
- 0x2e, 0x00, 0x00, 0x2e, 0x2e, 0x00, 0x00, 0x2e,
- 0x2e, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x00,
- 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00
-};
-
-#else /* Big Endian */
-
-/* These alignment records are for big endian systems. We need more
- * of them because the portion of the 64-bit issue_date that overlaps
- * with the start of a ticket on 32-bit systems contains an unpredictable
- * number of NULL bytes. Preceeding these records is a second copy of the
- * 32-bit issue_date. The srealm for the alignment records is always one of
- * ".." or "?.."
- */
-
-/* No NULL bytes
- * This is actually two alignment records since both 32- and 64-bit
- * readers will agree on everything in the first record up through the
- * issue_date size, except where sname starts.
- * Field (1) 32-bit 64-bit
- * ============ ================= =================
- * sname "????." "."
- * sinst "" ""
- * srealm ".." ".."
- * session key 00000000 xxxxxxxx 00000000 xxxxxxxx
- * lifetime 0 0
- * kvno 0 0
- * ticket 4 nulls 4 nulls
- * issue 0 0
- *
- * Field (2) 32-bit 64-bit
- * ============ ================= =================
- * sname "." "."
- * sinst "" ""
- * srealm ".." ".."
- * session key 002E2E00 xxxxxxxx xxxxxxxx 00000000
- * lifetime 0 0
- * kvno 0 12
- * ticket 12 nulls 4 nulls
- * issue 0 0
- *
- */
-static unsigned char align_rec_0[] = {
- 0x2e, 0x00, 0x00, 0x2e, 0x2e, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x2e, 0x00, 0x00, 0x2e, 0x2e, 0x00,
- 0x00, 0x2e, 0x2e, 0x00, 0xff, 0xff, 0xff, 0xff,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x04,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00
-};
-
-/* One NULL byte
- * Field 32-bit 64-bit
- * ============ ================= =================
- * sname "x" |"xx"|"xxx" "."
- * sinst "xx."|"x."|"." ".."
- * srealm ".." "..."
- * session key 2E2E2E00 xxxxxxxx xxxxxxxx 00000000
- * lifetime 0 0
- * kvno 0 12
- * ticket 12 nulls 4 nulls
- * issue 0 0
- */
-static unsigned char align_rec_1[] = {
- 0x2e, 0x00, 0x2e, 0x2e, 0x00, 0x2e, 0x2e, 0x2e,
- 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x0c, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00
-};
-
-/* Two NULL bytes
- * Field 32-bit 64-bit
- * ============ ================= =================
- * sname "x" |"x" |"xx" ".."
- * sinst "" |"x" |"" ""
- * srealm "x.."|".."|".." ".."
- * session key 002E2E00 xxxxxxxx xxxxxxxx 00000000
- * lifetime 0 0
- * kvno 0 12
- * ticket 12 nulls 4 nulls
- * issue 0 0
- */
- static unsigned char align_rec_2[] = {
- 0x2e, 0x2e, 0x00, 0x00, 0x2e, 0x2e, 0x00, 0xff,
- 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x00,
- 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-};
-
-/* Three NULL bytes
- * Things break here for 32-bit krb4 libraries that don't
- * understand this alignment record. We can't really do
- * anything about the fact that the three strings ended
- * in the duplicate timestamp. The good news is that this
- * only happens once every 0x1000000 seconds, once roughly
- * every six and a half months. We'll live.
- *
- * Discussion on the krbdev list has suggested the
- * issue_date be incremented by one in this case to avoid
- * the problem. I'm leaving this here just in case.
- *
- * Field 32-bit 64-bit
- * ============ ================= =================
- * sname "" "."
- * sinst "" ""
- * srealm "" ".."
- * session key 2E00002E 2E00FFFF xxxx0000 0000xxxx
- * lifetime 0 0
- * kvno 4294901760 917504
- * ticket 14 nulls 4 nulls
- * issue 0 0
- */
-/*
-static unsigned char align_rec_3[] = {
- 0x2e, 0x00, 0x00, 0x2e, 0x2e, 0x00, 0xff, 0xff,
- 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x0e, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-};
-*/
-#endif /* K5_LE*/
-
-/*
- * fd must be initialized to something that won't ever occur as a real
- * file descriptor. Since open(2) returns only non-negative numbers as
- * valid file descriptors, and tf_init always stuffs the return value
- * from open in here even if it is an error flag, we must
- * a. Initialize fd to a negative number, to indicate that it is
- * not initially valid.
- * b. When checking for a valid fd, assume that negative values
- * are invalid (ie. when deciding whether tf_init has been
- * called.)
- * c. In tf_close, be sure it gets reinitialized to a negative
- * number.
- */
-static int fd = -1;
-static int curpos; /* Position in tfbfr */
-static int lastpos; /* End of tfbfr */
-static char tfbfr[BUFSIZ]; /* Buffer for ticket data */
-
-static int tf_gets (char *, int), tf_read (char *, int);
-
-/*
- * This file contains routines for manipulating the ticket cache file.
- *
- * The ticket file is in the following format:
- *
- * principal's name (null-terminated string)
- * principal's instance (null-terminated string)
- * CREDENTIAL_1
- * CREDENTIAL_2
- * ...
- * CREDENTIAL_n
- * EOF
- *
- * Where "CREDENTIAL_x" consists of the following fixed-length
- * fields from the CREDENTIALS structure (see "krb.h"):
- *
- * string service[ANAME_SZ]
- * string instance[INST_SZ]
- * string realm[REALM_SZ]
- * C_Block session
- * int lifetime
- * int kvno
- * KTEXT_ST ticket_st
- * KRB4_32 issue_date
- *
- * Strings are stored NUL-terminated, and read back until a NUL is
- * found or the indicated number of bytes have been read. (So if you
- * try to store a string exactly that long or longer, reading them
- * back will not work.) The KTEXT_ST structure is stored as an int
- * length followed by that many data bytes. All ints are stored using
- * host size and byte order for "int".
- *
- * Short description of routines:
- *
- * tf_init() opens the ticket file and locks it.
- *
- * tf_get_pname() returns the principal's name.
- *
- * tf_get_pinst() returns the principal's instance (may be null).
- *
- * tf_get_cred() returns the next CREDENTIALS record.
- *
- * tf_save_cred() appends a new CREDENTIAL record to the ticket file.
- *
- * tf_close() closes the ticket file and releases the lock.
- *
- * tf_gets() returns the next null-terminated string. It's an internal
- * routine used by tf_get_pname(), tf_get_pinst(), and tf_get_cred().
- *
- * tf_read() reads a given number of bytes. It's an internal routine
- * used by tf_get_cred().
- */
-
-/*
- * tf_init() should be called before the other ticket file routines.
- * It takes the name of the ticket file to use, "tf_name", and a
- * read/write flag "rw" as arguments.
- *
- * It tries to open the ticket file, checks the mode, and if everything
- * is okay, locks the file. If it's opened for reading, the lock is
- * shared. If it's opened for writing, the lock is exclusive.
- *
- * Returns KSUCCESS if all went well, otherwise one of the following:
- *
- * NO_TKT_FIL - file wasn't there
- * TKT_FIL_ACC - file was in wrong mode, etc.
- * TKT_FIL_LCK - couldn't lock the file, even after a retry
- */
-
-int KRB5_CALLCONV tf_init(tf_name, rw)
- const char *tf_name;
- int rw;
-{
- int wflag;
- uid_t me, metoo;
- struct stat stat_buf, stat_buffd;
-#ifdef TKT_SHMEM
- char shmidname[MAXPATHLEN];
- FILE *sfp;
- int shmid;
-#endif
-
- if (!krb5__krb4_context) {
- if (krb5_init_context(&krb5__krb4_context))
- return TKT_FIL_LCK;
- }
-
- me = getuid();
- metoo = geteuid();
-
- switch (rw) {
- case R_TKT_FIL:
- wflag = 0;
- break;
- case W_TKT_FIL:
- wflag = 1;
- break;
- default:
- if (krb_debug) fprintf(stderr, "tf_init: illegal parameter\n");
- return TKT_FIL_ACC;
- }
-
- /* If ticket cache selector is null, use default cache. */
- if (tf_name == 0)
- tf_name = tkt_string();
-
-#ifdef TKT_SHMEM
- (void) strncpy(shmidname, tf_name, sizeof(shmidname) - 1);
- shmidname[sizeof(shmidname) - 1] = '\0';
- (void) strncat(shmidname, ".shm", sizeof(shmidname) - 1 - strlen(shmidname));
-#endif /* TKT_SHMEM */
-
- /*
- * If "wflag" is set, open the ticket file in append-writeonly mode
- * and lock the ticket file in exclusive mode. If unable to lock
- * the file, sleep and try again. If we fail again, return with the
- * proper error message.
- */
-
- curpos = sizeof(tfbfr);
-
-#ifdef TKT_SHMEM
- if (lstat(shmidname, &stat_buf) < 0) {
- switch (errno) {
- case ENOENT:
- return NO_TKT_FIL;
- default:
- return TKT_FIL_ACC;
- }
- }
- if (stat_buf.st_uid != me || !(stat_buf.st_mode & S_IFREG)
- || stat_buf.st_nlink != 1 || stat_buf.st_mode & 077) {
- return TKT_FIL_ACC;
- }
-
- /*
- * Yes, we do uid twiddling here. It's not optimal, but some
- * applications may expect that the ruid is what should really own
- * the ticket file, e.g. setuid applications.
- */
- if (me != metoo && do_seteuid(me) < 0)
- return KFAILURE;
- sfp = fopen(shmidname, "r"); /* only need read/write on the
- actual tickets */
- if (sfp != 0)
- set_cloexec_file(sfp);
- if (me != metoo && do_seteuid(metoo) < 0)
- return KFAILURE;
- if (sfp == 0) {
- switch(errno) {
- case ENOENT:
- return NO_TKT_FIL;
- default:
- return TKT_FIL_ACC;
- }
- }
-
- /*
- * fstat() the file to check that the file we opened is the one we
- * think it is.
- */
- if (fstat(fileno(sfp), &stat_buffd) < 0) {
- (void) close(fd);
- fd = -1;
- switch(errno) {
- case ENOENT:
- return NO_TKT_FIL;
- default:
- return TKT_FIL_ACC;
- }
- }
- /* Check that it's the right file */
- if ((stat_buf.st_ino != stat_buffd.st_ino) ||
- (stat_buf.st_dev != stat_buffd.st_dev)) {
- (void) close(fd);
- fd = -1;
- return TKT_FIL_ACC;
- }
- /* Check ownership */
- if ((stat_buffd.st_uid != me && me != 0) ||
- ((stat_buffd.st_mode & S_IFMT) != S_IFREG)) {
- (void) close(fd);
- fd = -1;
- return TKT_FIL_ACC;
- }
-
-
-
- shmid = -1;
- {
- char buf[BUFSIZ];
- int val; /* useful for debugging fscanf */
- /* We provide our own buffer here since some STDIO libraries
- barf on unbuffered input with fscanf() */
- setbuf(sfp, buf);
- if ((val = fscanf(sfp,"%d",&shmid)) != 1) {
- (void) fclose(sfp);
- return TKT_FIL_ACC;
- }
- if (shmid < 0) {
- (void) fclose(sfp);
- return TKT_FIL_ACC;
- }
- (void) fclose(sfp);
- }
- /*
- * global krb_shm_addr is initialized to 0. Ultrix bombs when you try and
- * attach the same segment twice so we need this check.
- */
- if (!krb_shm_addr) {
- if ((krb_shm_addr = shmat(shmid,0,0)) == -1){
- if (krb_debug)
- fprintf(stderr,
- "cannot attach shared memory for segment %d\n",
- shmid);
- krb_shm_addr = 0; /* reset so we catch further errors */
- return TKT_FIL_ACC;
- }
- }
- tmp_shm_addr = krb_shm_addr;
-#endif /* TKT_SHMEM */
-
- if (lstat(tf_name, &stat_buf) < 0) {
- switch (errno) {
- case ENOENT:
- return NO_TKT_FIL;
- default:
- return TKT_FIL_ACC;
- }
- }
- if (stat_buf.st_uid != me || !(stat_buf.st_mode & S_IFREG)
- || stat_buf.st_nlink != 1 || stat_buf.st_mode & 077) {
- return TKT_FIL_ACC;
- }
-
- if (wflag) {
- if (me != metoo && do_seteuid(me) < 0)
- return KFAILURE;
- fd = open(tf_name, O_RDWR, 0600);
- if (fd >= 0)
- set_cloexec_fd(fd);
- if (me != metoo && do_seteuid(metoo) < 0)
- return KFAILURE;
- if (fd < 0) {
- switch(errno) {
- case ENOENT:
- return NO_TKT_FIL;
- default:
- return TKT_FIL_ACC;
- }
- }
- /*
- * fstat() the file to check that the file we opened is the
- * one we think it is, and to check ownership.
- */
- if (fstat(fd, &stat_buffd) < 0) {
- (void) close(fd);
- fd = -1;
- switch(errno) {
- case ENOENT:
- return NO_TKT_FIL;
- default:
- return TKT_FIL_ACC;
- }
- }
- /* Check that it's the right file */
- if ((stat_buf.st_ino != stat_buffd.st_ino) ||
- (stat_buf.st_dev != stat_buffd.st_dev)) {
- (void) close(fd);
- fd = -1;
- return TKT_FIL_ACC;
- }
- /* Check ownership */
- if ((stat_buffd.st_uid != me && me != 0) ||
- ((stat_buffd.st_mode & S_IFMT) != S_IFREG)) {
- (void) close(fd);
- fd = -1;
- return TKT_FIL_ACC;
- }
- if (krb5_lock_file(krb5__krb4_context, fd,
- KRB5_LOCKMODE_EXCLUSIVE |
- KRB5_LOCKMODE_DONTBLOCK) < 0) {
- sleep(TF_LCK_RETRY);
- if (krb5_lock_file(krb5__krb4_context, fd,
- KRB5_LOCKMODE_EXCLUSIVE |
- KRB5_LOCKMODE_DONTBLOCK) < 0) {
- (void) close(fd);
- fd = -1;
- return TKT_FIL_LCK;
- }
- }
- return KSUCCESS;
- }
- /*
- * Otherwise "wflag" is not set and the ticket file should be opened
- * for read-only operations and locked for shared access.
- */
-
- if (me != metoo && do_seteuid(me) < 0)
- return KFAILURE;
- fd = open(tf_name, O_RDONLY, 0600);
- if (fd >= 0)
- set_cloexec_fd(fd);
- if (me != metoo && do_seteuid(metoo) < 0)
- return KFAILURE;
- if (fd < 0) {
- switch(errno) {
- case ENOENT:
- return NO_TKT_FIL;
- default:
- return TKT_FIL_ACC;
- }
- }
- /*
- * fstat() the file to check that the file we opened is the one we
- * think it is, and to check ownership.
- */
- if (fstat(fd, &stat_buffd) < 0) {
- (void) close(fd);
- fd = -1;
- switch(errno) {
- case ENOENT:
- return NO_TKT_FIL;
- default:
- return TKT_FIL_ACC;
- }
- }
- /* Check that it's the right file */
- if ((stat_buf.st_ino != stat_buffd.st_ino) ||
- (stat_buf.st_dev != stat_buffd.st_dev)) {
- (void) close(fd);
- fd = -1;
- return TKT_FIL_ACC;
- }
- /* Check ownership */
- if ((stat_buffd.st_uid != me && me != 0) ||
- ((stat_buffd.st_mode & S_IFMT) != S_IFREG)) {
- (void) close(fd);
- fd = -1;
- return TKT_FIL_ACC;
- }
- if (krb5_lock_file(krb5__krb4_context, fd,
- KRB5_LOCKMODE_SHARED |
- KRB5_LOCKMODE_DONTBLOCK) < 0) {
- sleep(TF_LCK_RETRY);
- if (krb5_lock_file(krb5__krb4_context, fd,
- KRB5_LOCKMODE_SHARED |
- KRB5_LOCKMODE_DONTBLOCK) < 0) {
- (void) close(fd);
- fd = -1;
- return TKT_FIL_LCK;
- }
- }
- return KSUCCESS;
-}
-
-/*
- * tf_get_pname() reads the principal's name from the ticket file. It
- * should only be called after tf_init() has been called. The
- * principal's name is filled into the "p" parameter. If all goes well,
- * KSUCCESS is returned. If tf_init() wasn't called, TKT_FIL_INI is
- * returned. If the name was null, or EOF was encountered, or the name
- * was longer than ANAME_SZ, TKT_FIL_FMT is returned.
- */
-
-int KRB5_CALLCONV tf_get_pname(p)
- char *p;
-{
- if (fd < 0) {
- if (krb_debug)
- fprintf(stderr, "tf_get_pname called before tf_init.\n");
- return TKT_FIL_INI;
- }
- if (tf_gets(p, ANAME_SZ) < 2) /* can't be just a null */
- return TKT_FIL_FMT;
- return KSUCCESS;
-}
-
-/*
- * tf_get_pinst() reads the principal's instance from a ticket file.
- * It should only be called after tf_init() and tf_get_pname() have been
- * called. The instance is filled into the "inst" parameter. If all
- * goes well, KSUCCESS is returned. If tf_init() wasn't called,
- * TKT_FIL_INI is returned. If EOF was encountered, or the instance
- * was longer than ANAME_SZ, TKT_FIL_FMT is returned. Note that the
- * instance may be null.
- */
-
-int KRB5_CALLCONV tf_get_pinst(inst)
- char *inst;
-{
- if (fd < 0) {
- if (krb_debug)
- fprintf(stderr, "tf_get_pinst called before tf_init.\n");
- return TKT_FIL_INI;
- }
- if (tf_gets(inst, INST_SZ) < 1)
- return TKT_FIL_FMT;
- return KSUCCESS;
-}
-
-/*
- * tf_get_cred() reads a CREDENTIALS record from a ticket file and fills
- * in the given structure "c". It should only be called after tf_init(),
- * tf_get_pname(), and tf_get_pinst() have been called. If all goes well,
- * KSUCCESS is returned. Possible error codes are:
- *
- * TKT_FIL_INI - tf_init wasn't called first
- * TKT_FIL_FMT - bad format
- * EOF - end of file encountered
- */
-
-static int real_tf_get_cred(c)
- CREDENTIALS *c;
-{
- KTEXT ticket = &c->ticket_st; /* pointer to ticket */
- int k_errno;
- unsigned char nullbuf[3]; /* used for 64-bit issue_date tf compatibility */
-
- if (fd < 0) {
- if (krb_debug)
- fprintf(stderr, "tf_get_cred called before tf_init.\n");
- return TKT_FIL_INI;
- }
- if ((k_errno = tf_gets(c->service, SNAME_SZ)) < 2) {
-
-#ifdef K5_BE
- /* If we're big endian then we can have a null service name as part of
- * an alignment record. */
- if (k_errno < 2)
- switch (k_errno) {
- case TOO_BIG:
- tf_close();
- return TKT_FIL_FMT;
- case 0:
- return EOF;
- }
-#else /* Little Endian */
- /* If we read an empty service name, it's possible that's because
- * the file was written by someone who thinks issue_date should be
- * 64 bits. If that is the case, there will be three more zeros,
- * followed by the real record.*/
-
- if (k_errno == 1 &&
- tf_read(nullbuf, 3) == 3 &&
- !nullbuf[0] && !nullbuf[1] && !nullbuf[2])
- k_errno = tf_gets(c->service, SNAME_SZ);
-
- if (k_errno < 2)
- switch (k_errno) {
- case TOO_BIG:
- case 1: /* can't be just a null */
- tf_close();
- return TKT_FIL_FMT;
- case 0:
- return EOF;
- }
-#endif/*K5_BE*/
-
- }
- if ((k_errno = tf_gets(c->instance, INST_SZ)) < 1)
- switch (k_errno) {
- case TOO_BIG:
- return TKT_FIL_FMT;
- case 0:
- return EOF;
- }
- if ((k_errno = tf_gets(c->realm, REALM_SZ)) < 2) {
- switch (k_errno) {
- case TOO_BIG:
- case 1: /* can't be just a null */
- tf_close();
- return TKT_FIL_FMT;
- case 0:
- return EOF;
- }
- }
-
- if (
- tf_read((char *) (c->session), KEY_SZ) < 1 ||
- tf_read((char *) &(c->lifetime), sizeof(c->lifetime)) < 1 ||
- tf_read((char *) &(c->kvno), sizeof(c->kvno)) < 1 ||
- tf_read((char *) &(ticket->length), sizeof(ticket->length))
- < 1 ||
- /* don't try to read a silly amount into ticket->dat */
- ticket->length > MAX_KTXT_LEN ||
- tf_read((char *) (ticket->dat), ticket->length) < 1 ||
- tf_read((char *) &(c->issue_date), sizeof(c->issue_date)) < 1
- ) {
- tf_close();
- return TKT_FIL_FMT;
- }
-
-#ifdef K5_BE
- /* If the issue_date is 0 and we're not dealing with an alignment
- record, then it's likely we've run into an issue_date written by
- a 64-bit library that is using long instead of KRB4_32. Let's get
- the next four bytes instead.
- */
- if (0 == c->issue_date) {
- int len = strlen(c->realm);
- if (!(2 == len && 0 == strcmp(c->realm, "..")) &&
- !(3 == len && 0 == strcmp(c->realm + 1, ".."))) {
- if (tf_read((char *) &(c->issue_date), sizeof(c->issue_date)) < 1) {
- tf_close();
- return TKT_FIL_FMT;
- }
- }
- }
-
-#endif
-
- return KSUCCESS;
-}
-
-int KRB5_CALLCONV tf_get_cred(c)
- CREDENTIALS *c;
-{
- int k_errno;
- int fake;
-
- do {
- fake = 0;
- k_errno = real_tf_get_cred(c);
- if (k_errno)
- return k_errno;
-
-#ifdef K5_BE
- /* Here we're checking to see if the realm is one of the
- * alignment record realms, ".." or "?..", so we can skip it.
- * If it's not, then we need to verify that the service name
- * was not null as this should be a valid ticket.
- */
- {
- int len = strlen(c->realm);
- if (2 == len && 0 == strcmp(c->realm, ".."))
- fake = 1;
- if (3 == len && 0 == strcmp(c->realm + 1, ".."))
- fake = 1;
- if (!fake && 0 == strlen(c->service)) {
- tf_close();
- return TKT_FIL_FMT;
- }
- }
-#else /* Little Endian */
- /* Here we're checking to see if the service principal is the
- * special alignment record principal ".@..", so we can skip it.
- */
- if (strcmp(c->service, ".") == 0 &&
- strcmp(c->instance, "") == 0 &&
- strcmp(c->realm, "..") == 0)
- fake = 1;
-#endif/*K5_BE*/
- } while (fake);
-
-#ifdef TKT_SHMEM
- memcpy(c->session, tmp_shm_addr, KEY_SZ);
- tmp_shm_addr += KEY_SZ;
-#endif /* TKT_SHMEM */
- return KSUCCESS;
-}
-
-/*
- * tf_close() closes the ticket file and sets "fd" to -1. If "fd" is
- * not a valid file descriptor, it just returns. It also clears the
- * buffer used to read tickets.
- *
- * The return value is not defined.
- */
-
-void KRB5_CALLCONV tf_close()
-{
- if (!(fd < 0)) {
-#ifdef TKT_SHMEM
- if (shmdt(krb_shm_addr)) {
- /* what kind of error? */
- if (krb_debug)
- fprintf(stderr, "shmdt 0x%x: errno %d",krb_shm_addr, errno);
- } else {
- krb_shm_addr = 0;
- }
-#endif /* TKT_SHMEM */
- if (!krb5__krb4_context)
- krb5_init_context(&krb5__krb4_context);
- (void) krb5_lock_file(krb5__krb4_context, fd, KRB5_LOCKMODE_UNLOCK);
- (void) close(fd);
- fd = -1; /* see declaration of fd above */
- }
- memset(tfbfr, 0, sizeof(tfbfr));
-}
-
-/*
- * tf_gets() is an internal routine. It takes a string "s" and a count
- * "n", and reads from the file until either it has read "n" characters,
- * or until it reads a null byte. When finished, what has been read exists
- * in "s". If it encounters EOF or an error, it closes the ticket file.
- *
- * Possible return values are:
- *
- * n the number of bytes read (including null terminator)
- * when all goes well
- *
- * 0 end of file or read error
- *
- * TOO_BIG if "count" characters are read and no null is
- * encountered. This is an indication that the ticket
- * file is seriously ill.
- */
-
-static int
-tf_gets(s, n)
- register char *s;
- int n;
-{
- register int count;
-
- if (fd < 0) {
- if (krb_debug)
- fprintf(stderr, "tf_gets called before tf_init.\n");
- return TKT_FIL_INI;
- }
- for (count = n - 1; count > 0; --count) {
- if (curpos >= sizeof(tfbfr)) {
- lastpos = read(fd, tfbfr, sizeof(tfbfr));
- curpos = 0;
- }
- if (curpos == lastpos) {
- tf_close();
- return 0;
- }
- *s = tfbfr[curpos++];
- if (*s++ == '\0')
- return (n - count);
- }
- tf_close();
- return TOO_BIG;
-}
-
-/*
- * tf_read() is an internal routine. It takes a string "s" and a count
- * "n", and reads from the file until "n" bytes have been read. When
- * finished, what has been read exists in "s". If it encounters EOF or
- * an error, it closes the ticket file.
- *
- * Possible return values are:
- *
- * n the number of bytes read when all goes well
- *
- * 0 on end of file or read error
- */
-
-static int
-tf_read(s, n)
- register char *s;
- register int n;
-{
- register int count;
-
- for (count = n; count > 0; --count) {
- if (curpos >= sizeof(tfbfr)) {
- lastpos = read(fd, tfbfr, sizeof(tfbfr));
- curpos = 0;
- }
- if (curpos == lastpos) {
- tf_close();
- return 0;
- }
- *s++ = tfbfr[curpos++];
- }
- return n;
-}
-
-/*
- * tf_save_cred() appends an incoming ticket to the end of the ticket
- * file. You must call tf_init() before calling tf_save_cred().
- *
- * The "service", "instance", and "realm" arguments specify the
- * server's name; "session" contains the session key to be used with
- * the ticket; "kvno" is the server key version number in which the
- * ticket is encrypted, "ticket" contains the actual ticket, and
- * "issue_date" is the time the ticket was requested (local host's time).
- *
- * Returns KSUCCESS if all goes well, TKT_FIL_INI if tf_init() wasn't
- * called previously, and KFAILURE for anything else that went wrong.
- */
-
-int tf_save_cred(service, instance, realm, session, lifetime, kvno,
- ticket, issue_date)
- char *service; /* Service name */
- char *instance; /* Instance */
- char *realm; /* Auth domain */
- C_Block session; /* Session key */
- int lifetime; /* Lifetime */
- int kvno; /* Key version number */
- KTEXT ticket; /* The ticket itself */
- KRB4_32 issue_date; /* The issue time */
-{
-
- off_t lseek();
- unsigned int count; /* count for write */
-#ifdef TKT_SHMEM
- int *skey_check;
-#endif /* TKT_SHMEM */
-
- if (fd < 0) { /* fd is ticket file as set by tf_init */
- if (krb_debug)
- fprintf(stderr, "tf_save_cred called before tf_init.\n");
- return TKT_FIL_INI;
- }
- /* Find the end of the ticket file */
- (void) lseek(fd, (off_t)0, 2);
-#ifdef TKT_SHMEM
- /* scan to end of existing keys: pick first 'empty' slot.
- we assume that no real keys will be completely zero (it's a weak
- key under DES) */
-
- skey_check = (int *) krb_shm_addr;
-
- while (*skey_check && *(skey_check+1))
- skey_check += 2;
- tmp_shm_addr = (char *)skey_check;
-#endif /* TKT_SHMEM */
-
- /* Write the ticket and associated data */
- /* Service */
- count = strlen(service) + 1;
- if (write(fd, service, count) != count)
- goto bad;
- /* Instance */
- count = strlen(instance) + 1;
- if (write(fd, instance, count) != count)
- goto bad;
- /* Realm */
- count = strlen(realm) + 1;
- if (write(fd, realm, count) != count)
- goto bad;
- /* Session key */
-#ifdef TKT_SHMEM
- memcpy(tmp_shm_addr, session, 8);
- tmp_shm_addr+=8;
- if (write(fd,krb_dummy_skey,8) != 8)
- goto bad;
-#else /* ! TKT_SHMEM */
- if (write(fd, (char *) session, 8) != 8)
- goto bad;
-#endif /* TKT_SHMEM */
- /* Lifetime */
- if (write(fd, (char *) &lifetime, sizeof(int)) != sizeof(int))
- goto bad;
- /* Key vno */
- if (write(fd, (char *) &kvno, sizeof(int)) != sizeof(int))
- goto bad;
- /* Tkt length */
- if (write(fd, (char *) &(ticket->length), sizeof(int)) !=
- sizeof(int))
- goto bad;
- /* Ticket */
- count = ticket->length;
- if (write(fd, (char *) (ticket->dat), count) != count)
- goto bad;
- /* Issue date */
- if (write(fd, (char *) &issue_date, sizeof(KRB4_32))
- != sizeof(KRB4_32))
- goto bad;
- /* Alignment Record */
-#ifdef K5_BE
- {
- int null_bytes = 0;
- if (0 == (issue_date & 0xff000000))
- ++null_bytes;
- if (0 == (issue_date & 0x00ff0000))
- ++null_bytes;
- if (0 == (issue_date & 0x0000ff00))
- ++null_bytes;
- if (0 == (issue_date & 0x000000ff))
- ++null_bytes;
-
- switch(null_bytes) {
- case 0:
- /* Issue date */
- if (write(fd, (char *) &issue_date, sizeof(KRB4_32))
- != sizeof(KRB4_32))
- goto bad;
- if (write(fd, align_rec_0, sizeof(align_rec_0))
- != sizeof(align_rec_0))
- goto bad;
- break;
-
- case 1:
- if (write(fd, (char *) &issue_date, sizeof(KRB4_32))
- != sizeof(KRB4_32))
- goto bad;
- if (write(fd, align_rec_1, sizeof(align_rec_1))
- != sizeof(align_rec_1))
- goto bad;
- break;
-
- case 3:
- /* Three NULLS are troublesome but rare. We'll just pretend
- * they don't exist by decrementing the issue_date.
- */
- --issue_date;
- case 2:
- if (write(fd, (char *) &issue_date, sizeof(KRB4_32))
- != sizeof(KRB4_32))
- goto bad;
- if (write(fd, align_rec_2, sizeof(align_rec_2))
- != sizeof(align_rec_2))
- goto bad;
- break;
-
- default:
- goto bad;
- }
-
- }
-#else
- if (write(fd, align_rec, sizeof(align_rec)) != sizeof(align_rec))
- goto bad;
-#endif
-
- /* Actually, we should check each write for success */
- return (KSUCCESS);
-bad:
- return (KFAILURE);
-}
+++ /dev/null
-/*
- * tkt_string.c
- *
- * Copyright 1985, 1986, 1987, 1988, 2002 by the Massachusetts
- * Institute of Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include <stdio.h>
-#include <string.h>
-#include <sys/types.h>
-#include "autoconf.h"
-#include "port-sockets.h" /* XXX this gets us MAXPATHLEN but we should find
- a better way */
-
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>
-#else
-char *getenv();
-#endif
-
-
-#ifdef _WIN32
-typedef unsigned long uid_t;
-uid_t getuid(void) { return 0; }
-#endif /* _WIN32 */
-
-/*
- * This routine is used to generate the name of the file that holds
- * the user's cache of server tickets and associated session keys.
- *
- * If it is set, krb_ticket_string contains the ticket file name.
- * Otherwise, the filename is constructed as follows:
- *
- * If it is set, the environment variable "KRBTKFILE" will be used as
- * the ticket file name. Otherwise TKT_ROOT (defined in "krb.h") and
- * the user's uid are concatenated to produce the ticket file name
- * (e.g., "/tmp/tkt123"). A pointer to the string containing the ticket
- * file name is returned.
- */
-
-static char krb_ticket_string[MAXPATHLEN];
-
-const char *tkt_string()
-{
- char *env;
- uid_t getuid();
-
- if (!*krb_ticket_string) {
- env = getenv("KRBTKFILE");
- if (env) {
- (void) strncpy(krb_ticket_string, env,
- sizeof(krb_ticket_string)-1);
- krb_ticket_string[sizeof(krb_ticket_string)-1] = '\0';
- } else {
- /* 32 bits of signed integer will always fit in 11 characters
- (including the sign), so no need to worry about overflow */
- (void) snprintf(krb_ticket_string, sizeof(krb_ticket_string),
- "%s%d",TKT_ROOT,(int) getuid());
- }
- }
- return krb_ticket_string;
-}
-
-/*
- * This routine is used to set the name of the file that holds the user's
- * cache of server tickets and associated session keys.
- *
- * The value passed in is copied into local storage.
- *
- * NOTE: This routine should be called during initialization, before other
- * Kerberos routines are called; otherwise tkt_string() above may be called
- * and return an undesired ticket file name until this routine is called.
- */
-
-void KRB5_CALLCONV
-krb_set_tkt_string(val)
- const char *val;
-{
- (void) strncpy(krb_ticket_string, val, sizeof(krb_ticket_string)-1);
- krb_ticket_string[sizeof(krb_ticket_string)-1] = '\0';
-}
+++ /dev/null
-/*
- * unix_glue.c
- *
- * Glue code for pasting Kerberos into the Unix environment.
- *
- * Originally written by John Gilmore, Cygnus Support, May '94.
- * Public Domain.
- */
-
-#include "krb.h"
-#include <sys/time.h>
-#include "krb4int.h"
-
-/* Start and end Kerberos library access. On Unix, this is a No-op. */
-int
-krb_start_session (x)
- char *x;
-{
- return KSUCCESS;
-}
-
-int
-krb_end_session (x)
- char *x;
-{
- return KSUCCESS;
-}
-
-char *
-krb_get_default_user ()
-{
- return 0; /* FIXME */
-}
-
-int
-krb_set_default_user (x)
- char *x;
-{
- return KFAILURE; /* FIXME */
-}
+++ /dev/null
-/*
- * unix_time.c
- *
- * Glue code for pasting Kerberos into the Unix environment.
- *
- * Originally written by John Gilmore, Cygnus Support, May '94.
- * Public Domain.
- */
-
-#include "krb.h"
-#include <sys/time.h>
-
-/* Time handling. Translate Unix time calls into Kerberos cnternal
- procedure calls. See ../../include/cc-unix.h. */
-
-unsigned KRB4_32 KRB5_CALLCONV
-unix_time_gmt_unixsec (usecptr)
- unsigned KRB4_32 *usecptr;
-{
- struct timeval now;
-
- (void) gettimeofday (&now, (struct timezone *)0);
- if (usecptr)
- *usecptr = now.tv_usec;
- return now.tv_sec;
-}
+++ /dev/null
-$ write sys$output "start of run"
-$ cc /decc /inc=inc /debug=all des.c
-$ cc /decc /inc=inc /debug=all d3des.c
-$ cc /decc /inc=inc /debug=all cbc.c
-$ cc /decc /inc=([],inc) /debug=all qcksum.c
-$ cc /decc /inc=([],inc) /debug=all str2key.c
-$ cc /decc /inc=([],inc) /debug=all parity.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all ad_print.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all add_tkt.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all cr_auth_repl.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all cr_ciph.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all cr_death_pkt.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all cr_err_repl.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all cr_tkt.c
-$ write sys$output "begin d"
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all debug.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all decomp_tkt.c
-stat $ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all dest_tkt.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all err_txt.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all ext_tkt.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all fakeenv.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all fgetst.c
-$ write sys$output "begin g"
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all g_ad_tkt.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all g_admhst.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all g_cnffile.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all g_cred.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all g_in_tkt.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all g_krbhst.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all g_krbrlm.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all g_phost.c
-sgtty $ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all g_pw_in_tkt.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all g_pw_tkt.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all g_request.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all g_svc_in_tkt.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all g_tf_fname.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all g_tf_realm.c
-$ write sys$output "end g_"
-$ cc/decc/inc=inc /define=("HOST_BYTE_ORDER=1",BSD42) /debug=all gethostname.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all getst.c
-stat $ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all in_tkt.c
-$ cc/decc/inc=inc /define=("HOST_BYTE_ORDER=1",NEED_TIME_H) /debug=all klog.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all kname_parse.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all kntoln.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all kparse.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all krbglue.c
-stat $ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all kuserok.c
-$ write sys$output "end k"
-$ cc/decc/inc=inc /define=("HOST_BYTE_ORDER=1",NEED_TIME_H) /debug=all log.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all mk_err.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all mk_preauth.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all mk_priv.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all mk_req.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all mk_safe.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all month_sname.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all netread.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all netwrite.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all pkt_cipher.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all pkt_clen.c
-$ write sys$output "begin rd"
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all rd_err.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all rd_preauth.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all rd_priv.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all rd_req.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all rd_safe.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all rd_svc_key.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all realmofhost.c
-$ write sys$output "begin recv"
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all recvauth.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all save_creds.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all send_to_kdc.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all sendauth.c
-$ cc/decc/inc=inc /define=("HOST_BYTE_ORDER=1",NEED_TIME_H) /debug=all stime.c
-stat $ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all tf_shm.c
-stat $ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all tf_util.c
-MAXPATHLEN $ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all tkt_string.c
-$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all vmsswab.c
-$ library /create /list libkrb *.obj
-
+++ /dev/null
-/* Copyright 1994 Cygnus Support */
-/* Mark W. Eichin */
-/*
- * Permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation.
- * Cygnus Support makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-/* VMS doesn't have swab, but everything else does */
-/* so make this available anyway ... someday it might go
- into the VMS makefile fragment, but for now it is only
- referenced by l.com. */
-
-swab(from,to,nbytes)
- char *from;
- char *to;
- int nbytes;
-{
- char tmp;
-
- while ( (nbytes-=2) >= 0 ) {
- tmp = from[1];
- to[1] = from[0];
- to[0] = tmp;
- to++; to++;
- from++; from++;
- }
-}
-
+++ /dev/null
-/*
- * win-glue.c
- *
- * Glue code for pasting Kerberos into the Windows environment.
- *
- * Originally written by John Gilmore, Cygnus Support, May '94.
- * Public Domain.
- */
-
-#include "krb.h"
-
-#include <sys/types.h>
-#include <stdio.h>
-#include <windows.h>
-
-
-/*
- * We needed a way to print out what might be FAR pointers on Windows,
- * but might be ordinary pointers on real machines. Printf modifiers
- * scattered through the code don't cut it,
- * since they might break on real machines. Microloss
- * didn't provide a function to print a char *, so we wrote one.
- * It gets #define'd to fputs on real machines.
- */
-int
-far_fputs(string, stream)
- char *string;
- FILE *stream;
-{
- return fprintf(stream, "%Fs", string);
-}
-
-int
-krb_start_session(x)
- char *x;
-{
- return KSUCCESS;
-}
-
-int
-krb_end_session(x)
- char *x;
-{
- return KSUCCESS;
-}
-
-void KRB5_CALLCONV
-krb_set_tkt_string(val)
-char *val;
-{
-}
+++ /dev/null
-/*
- * win_store.c
- *
- * Kerberos configuration storage management routines.
- *
- * Originally coded by John Rivlin / Fusion Software, Inc.
- *
- * This file incorporates replacements for the following Unix files:
- * g_cnffil.c
- */
-
-#include "krb.h"
-#include "k5-int.h"
-#include <stdio.h>
-#include <assert.h>
-
-krb5_context krb5__krb4_context = 0;
-
-char *
-krb__get_srvtabname(default_srvtabname)
- const char *default_srvtabname;
-{
- const char* names[3];
- char **full_name = 0, **cpp;
- krb5_error_code retval;
- char *retname;
-
- if (!krb5__krb4_context) {
- retval = krb5_init_context(&krb5__krb4_context);
- if (!retval)
- return NULL;
- }
- names[0] = "libdefaults";
- names[1] = "krb4_srvtab";
- names[2] = 0;
- retval = profile_get_values(krb5__krb4_context->profile, names,
- &full_name);
- if (retval == 0 && full_name && full_name[0]) {
- retname = strdup(full_name[0]);
- for (cpp = full_name; *cpp; cpp++)
- krb5_xfree(*cpp);
- krb5_xfree(full_name);
- } else {
- retname = strdup(default_srvtabname);
- }
- return retname;
-}
-
-/*
- * Returns an open file handle to the configuration file. This
- * file was called "krb.conf" on Unix. Here we search for the entry
- * "krb.conf=" in the "[FILES]" section of the "kerberos.ini" file
- * located in the Windows directory. If the entry doesn't exist in
- * the kerberos.ini file, then "krb.con" in the Windows directory is
- * used in its place.
- */
-FILE*
-krb__get_cnffile()
-{
- FILE *cnffile = 0;
- char cnfname[FILENAME_MAX];
- char defname[FILENAME_MAX];
- UINT rc;
-
- defname[sizeof(defname) - 1] = '\0';
- rc = GetWindowsDirectory(defname, sizeof(defname) - 1);
- assert(rc > 0);
-
- strncat(defname, "\\", sizeof(defname) - 1 - strlen(defname));
-
- strncat(defname, DEF_KRB_CONF, sizeof(defname) - 1 - strlen(defname));
-
- cnfname[sizeof(cnfname) - 1] = '\0';
- GetPrivateProfileString(INI_FILES, INI_KRB_CONF, defname,
- cnfname, sizeof(cnfname) - 1, KERBEROS_INI);
-
- cnffile = fopen(cnfname, "r");
- if (cnffile)
- set_cloexec_file(cnffile);
-
- return cnffile;
-}
-
-
-/*
- * Returns an open file handle to the realms file. This
- * file was called "krb.realms" on Unix. Here we search for the entry
- * "krb.realms=" in the "[FILES]" section of the "kerberos.ini" file
- * located in the Windows directory. If the entry doesn't exist in
- * the kerberos.ini file, then "krb.rea" in the Windows directory is
- * used in its place.
- */
-FILE*
-krb__get_realmsfile()
-{
- FILE *realmsfile = 0;
- char realmsname[FILENAME_MAX];
- char defname[FILENAME_MAX];
- UINT rc;
-
- defname[sizeof(defname) - 1] = '\0';
- rc = GetWindowsDirectory(defname, sizeof(defname) - 1);
- assert(rc > 0);
-
- strncat(defname, "\\", sizeof(defname) - 1 - strlen(defname));
-
- strncat(defname, DEF_KRB_REALMS, sizeof(defname) - 1 - strlen(defname));
-
- defname[sizeof(defname) - 1] = '\0';
- GetPrivateProfileString(INI_FILES, INI_KRB_REALMS, defname,
- realmsname, sizeof(realmsname) - 1, KERBEROS_INI);
-
- realmsfile = fopen(realmsname, "r");
- if (realmsfile)
- set_cloexec_file(realmsfile);
-
- return realmsfile;
-}
-
-
-/*
- * Returns the current default user. This information is stored in
- * the [DEFAULTS] section of the "kerberos.ini" file located in the
- * Windows directory.
- */
-char * KRB5_CALLCONV
-krb_get_default_user()
-{
- static char username[ANAME_SZ];
-
- GetPrivateProfileString(INI_DEFAULTS, INI_USER, "",
- username, sizeof(username), KERBEROS_INI);
-
- return username;
-}
-
-
-/*
- * Sets the default user name stored in the "kerberos.ini" file.
- */
-int KRB5_CALLCONV
-krb_set_default_user(username)
- char *username;
-{
- BOOL rc;
-
- rc = WritePrivateProfileString(INI_DEFAULTS, INI_USER,
- username, KERBEROS_INI);
-
- if (rc)
- return KSUCCESS;
- else
- return KFAILURE;
-}
+++ /dev/null
-/*
- * win_time.c
- *
- * Glue code for pasting Kerberos into the Windows environment.
- *
- * Originally written by John Gilmore, Cygnus Support, May '94.
- * Public Domain.
- */
-
-#include "krb.h"
-
-#include <sys/types.h>
-#include <time.h>
-#include <sys/timeb.h>
-#include <stdio.h>
-#include <windows.h>
-#include <dos.h>
-
-#ifdef _WIN32
-
-unsigned KRB4_32
-win_time_gmt_unixsec (usecptr)
- unsigned KRB4_32 *usecptr;
-{
- struct _timeb timeptr;
-
- _ftime(&timeptr); /* Get the current time */
-
- if (usecptr)
- *usecptr = timeptr.millitm * 1000;
-
- return timeptr.time + CONVERT_TIME_EPOCH;
-}
-
-#else
-
-/*
- * Time handling. Translate Unix time calls into Kerberos internal
- * procedure calls. See ../../include/c-win.h.
- *
- * Due to the fact that DOS time can be unreliable we have reverted
- * to using the AT hardware clock and converting it to Unix time.
- */
-
-unsigned KRB4_32
-win_time_gmt_unixsec (usecptr)
- unsigned KRB4_32 *usecptr;
-{
- struct tm tm;
- union _REGS inregs;
- union _REGS outregs;
- struct _timeb now;
- time_t time;
-
- _ftime(&now);
-
- #if 0
- if (usecptr)
- *usecptr = now.millitm * 1000;
- #endif
-
- /* Get time from AT hardware clock INT 0x1A, AH=2 */
- memset(&inregs, 0, sizeof(inregs));
- inregs.h.ah = 2;
-
- _int86(0x1a, &inregs, &outregs);
-
- /* 0x13 = decimal 13, hence the decoding below */
- tm.tm_sec = 10 * ((outregs.h.dh & 0xF0) >> 4) + (outregs.h.dh & 0x0F);
- tm.tm_min = 10 * ((outregs.h.cl & 0xF0) >> 4) + (outregs.h.cl & 0x0F);
- tm.tm_hour = 10 * ((outregs.h.ch & 0xF0) >> 4) + (outregs.h.ch & 0x0F);
-
- /* Get date from AT hardware clock INT 0x1A, AH=4 */
- memset(&inregs, 0, sizeof(inregs));
- inregs.h.ah = 4;
-
- _int86(0x1a, &inregs, &outregs);
-
- tm.tm_mday = 10 * ((outregs.h.dl & 0xF0) >> 4) + (outregs.h.dl & 0x0F);
- tm.tm_mon = 10 * ((outregs.h.dh & 0xF0) >> 4) + (outregs.h.dh & 0x0F) - 1;
- tm.tm_year = 10 * ((outregs.h.cl & 0xF0) >> 4) + (outregs.h.cl & 0x0F);
- tm.tm_year += 100 * ((10 * (outregs.h.ch & 0xF0) >> 4)
- + (outregs.h.ch & 0x0F) - 19);
-
- tm.tm_wday = 0;
- tm.tm_yday = 0;
- tm.tm_isdst = now.dstflag;
-
- time = mktime(&tm);
-
- if (usecptr)
- *usecptr = 0;
-
- return time + CONVERT_TIME_EPOCH;
-}
-
-#endif
-
-/*
- * This routine figures out the current time epoch and returns the
- * conversion factor. It exists because
- * Microloss screwed the pooch on the time() and _ftime() calls in
- * its release 7.0 libraries. They changed the epoch to Dec 31, 1899!
- * Idiots... We try to cope.
- */
-
-static struct tm jan_1_70 = {0, 0, 0, 1, 0, 70};
-static long epoch = 0;
-static int epoch_set = 0;
-
-long
-win_time_get_epoch()
-{
-
- if (!epoch_set) {
- epoch = - mktime (&jan_1_70); /* Seconds til 1970 localtime */
- epoch += timezone; /* Seconds til 1970 GMT */
- epoch_set = 1;
- }
- return epoch;
-}
#include "krb5.h"
#include "autoconf.h"
-#ifdef KRB5_KRB4_COMPAT
-#include "kerberosIV/krb.h"
-#endif
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
{
krb5_principal princ = 0;
krb5_error_code retval;
-#ifndef KRB5_KRB4_COMPAT
#define ANAME_SZ 40
#define INST_SZ 40
#define REALM_SZ 40
-#endif
char aname[ANAME_SZ+1], inst[INST_SZ+1], realm[REALM_SZ+1];
aname[ANAME_SZ] = inst[INST_SZ] = realm[REALM_SZ] = 0;
KRB5_RUN_ENV= @KRB5_RUN_ENV@
PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
-KRB4_RUNTESTFLAGS=@KRB4_DEJAGNU_TEST@
SRCS=$(srcdir)/t_inetd.c
sed -e 's%=\.%='`pwd`'/.%g' > site.exp
echo "set KRB5_DB_MODULE_DIR {$(KRB5_DB_MODULE_DIR)}" >> site.exp
echo "set PRIOCNTL_HACK @PRIOCNTL_HACK@" >> site.exp
- echo set $(KRB4_RUNTESTFLAGS) | sed -e 's/=/ /' >> site.exp
# +++ Dependency line eater +++
#
# kadmind +4
# kpasswd +5
# (nothing) +6
-# krb524 +7
# application servers (krlogind, telnetd, krshd, ftpd, etc) +8
# iprop +9 (if enabled)
# kpropd +10
}
puts $conffile " krb4_config = $tmppwd/krb.conf"
puts $conffile " krb4_realms = $tmppwd/krb.realms"
- puts $conffile " krb4_srvtab = $tmppwd/v4srvtab"
if { $mode == "tcp" } {
puts $conffile " udp_preference_limit = 1"
}
puts $conffile " admin_server = $hostname:[expr 4 + $portbase]"
puts $conffile " kpasswd_server = $hostname:[expr 5 + $portbase]"
puts $conffile " default_domain = $domain"
- puts $conffile " krb524_server = $hostname:[expr 7 + $portbase]"
puts $conffile " database_module = foo_db2"
puts $conffile " \}"
puts $conffile ""
set env(KRB5CCNAME) $tmppwd/tkt
verbose "KRB5CCNAME=$env(KRB5CCNAME)"
- # Direct the Kerberos programs at a local ticket file.
- set env(KRBTKFILE) $tmppwd/tktv4
- verbose "KRBTKFILE=$env(KRBTKFILE)"
-
# Direct the Kerberos server at a cache file stored in the
# temporary directory.
set env(KRB5RCACHEDIR) $tmppwd
envstack_push
setup_kerberos_env kdc
- spawn $KRB5KDC -r $REALMNAME -n -4 full
+ spawn $KRB5KDC -r $REALMNAME -n full
envstack_pop
set kdc_pid [exp_pid]
set kdc_spawn_id $spawn_id
}
}
-# kinit
-# Use kinit to get a ticket. If the argument is non-zero, call pass
-# at relevant points. Returns 1 on success, 0 on failure.
-
-proc v4kinit { name pass standalone } {
- global REALMNAME
- global KINIT
- global spawn_id
- global des3_krbtgt
-
- # Use kinit to get a ticket.
- #
- # For now always get forwardable tickets. Later when we need to make
- # tests that distiguish between forwardable tickets and otherwise
- # we should but another option to this proc. --proven
- #
- spawn $KINIT -4 $name@$REALMNAME
- expect {
- "Password for $name@$REALMNAME:" {
- verbose "v4kinit started"
- }
- timeout {
- fail "v4kinit"
- return 0
- }
- eof {
- fail "v4kinit"
- return 0
- }
- }
- send "$pass\r"
- expect eof
- if {$des3_krbtgt == 0} {
- if ![check_exit_status v4kinit] {
- return 0
- }
- } else {
- # Fail if kinit is successful with a des3 TGT.
- set status_list [wait -i $spawn_id]
- set testname v4kinit
- verbose "wait -i $spawn_id returned $status_list ($testname)"
- if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 1 } {
- verbose -log "exit status: $status_list"
- fail "$testname (exit status)"
- }
- }
- if {$standalone} {
- pass "v4kinit"
- }
-
- return 1
-}
-
-proc v4kinit_kt { name keytab standalone } {
- global REALMNAME
- global KINIT
- global spawn_id
-
- # Use kinit to get a ticket.
- #
- # For now always get forwardable tickets. Later when we need to make
- # tests that distiguish between forwardable tickets and otherwise
- # we should but another option to this proc. --proven
- #
- spawn $KINIT -4 -k -t $keytab $name@$REALMNAME
- expect {
- timeout {
- fail "v4kinit"
- return 0
- }
- eof { }
- }
- if ![check_exit_status kinit] {
- return 0
- }
-
- if {$standalone} {
- pass "v4kinit"
- }
-
- return 1
-}
-
-# List v4 tickets.
-# Client and server are regular expressions.
-proc v4klist { client server testname } {
- global KLIST
- global tmppwd
-
- spawn $KLIST -4
- expect {
- -re "Kerberos 4 ticket cache:\[ \]*(.+:)?$tmppwd/tkt.*Principal:\[ \]*$client.*$server\r\n" {
- verbose "klist started"
- }
- timeout {
- fail $testname
- return 0
- }
- eof {
- fail $testname
- return 0
- }
- }
-
- expect eof
-
- if ![check_exit_status $testname] {
- return 0
- }
- pass $testname
- return 1
-}
-
-# Destroy tickets.
-proc v4kdestroy { testname } {
- global KDESTROY
- spawn $KDESTROY -4
- if ![check_exit_status $testname] {
- return 0
- }
- pass $testname
- return 1
-}
-
-# Try to list the krb4 tickets -- there shouldn't be any ticket file.
-proc v4klist_none { testname } {
- global KLIST
- global tmppwd
-
- # Double check that the ticket was destroyed.
- spawn $KLIST -4
- expect {
- -re "Kerberos 4 ticket cache:\[ \]*(.+:)?$tmppwd/tkt.*klist: You have no tickets cached.*\r\n" {
- verbose "v4klist started"
- pass "$testname (output)"
- }
- timeout {
- fail "$testname (output)"
- # Skip the 'wait' below, if it's taking too long.
- untested "$testname (exit status)"
- return 0
- }
- eof {
- fail "$testname (output)"
- }
- }
- # We can't use check_exit_status, because we expect an exit status
- # of 1.
- expect eof
- set status_list [wait -i $spawn_id]
- verbose "wait -i $spawn_id returned $status_list (v4klist)"
- if { [lindex $status_list 2] != 0 } {
- fail "$testname (exit status)"
- return 0
- } else {
- if { [lindex $status_list 3] != 1 } {
- fail "$testname (exit status)"
- return 0
- } else {
- pass "$testname (exit status)"
- }
- }
- return 1
-}
-
# Set up a root shell using rlogin $hostname -l root. This is used
# when testing the daemons that must be run as root, such as telnetd
# or rlogind. This sets the global variables rlogin_spawn_id and
# we don't need to use inetd. The portbase+8 is the port to listen at.
# Note that tmppwd here is a shell variable, which is set in
# setup_root_shell, not a TCL variable.
- send -i $rlogin_spawn_id "sh -c \"$TELNETD $args -debug -t \$tmppwd/srvtab -R $REALMNAME -L $tmppwd/login.wrap -X KERBEROS_V4 [expr 8 + $portbase]\" &\r"
+ send -i $rlogin_spawn_id "sh -c \"$TELNETD $args -debug -t \$tmppwd/srvtab -R $REALMNAME -L $tmppwd/login.wrap [expr 8 + $portbase]\" &\r"
expect {
-i $rlogin_spawn_id
-re "$ROOT_PROMPT" { }
kinit_kt "foo/bar" $tmppwd/fookeytab 1 "kt kvno $vno"
do_klist "foo/bar" "krbtgt/$REALMNAME@$REALMNAME" "klist kt foo/bar vno $vno"
do_kdestroy "kdestroy foo/bar vno $vno"
-
- if {[info exists KRBIV] && $KRBIV &&
- [regexp {des-cbc-[a-z0-9-]*:v4} [lindex $supported_enctypes 0]]} {
- catch "exec rm -f $tmppwd/foosrvtab"
- spawn $KTUTIL
- expect_after {
- timeout { fail "ktutil converting keytab to srvtab" ; set ok 0 }
- eof { fail "ktutil converting keytab to srvtab" ; set ok 0 }
- }
- expect "ktutil: "
- send "rkt $tmppwd/fookeytab\r"
- expect -ex "rkt $tmppwd/fookeytab\r"
- expect "ktutil: "
-# for debugging, just log this
-# send "list\r"
-# expect "ktutil: "
- #
- send "wst $tmppwd/foosrvtab\r"
- expect -ex "wst $tmppwd/foosrvtab\r"
- expect "ktutil: "
-# for debugging, just log this
-# send "clear\r"
-# expect "ktutil: "
-# send "rst $tmppwd/foosrvtab\r"
-# expect "ktutil: "
-# send "list\r"
-# expect "ktutil: "
- # okay, now quit and finish testing
- send "quit\r"
- expect eof
- catch expect_after
- if [check_exit_status "ktutil converting keytab to srvtab (vno $vno)"] {
- pass "ktutil converting keytab to srvtab (vno $vno)"
- do_klist_kt $tmppwd/fookeytab "klist srvtab foo/bar vno $vno"
- kinit_kt "foo/bar" "SRVTAB:$tmppwd/foosrvtab" 1 "st kvno $vno"
- do_klist "foo/bar" "krbtgt/$REALMNAME@$REALMNAME" "klist st foo/bar vno $vno"
- do_kdestroy "kdestroy st foo/bar vno $vno"
- }
- } else {
- verbose "skipping v5kinit/srvtab tests because of non-v4 enctype"
- }
}
catch "exec rm -f $keytab"
# Check that kadmin.local can actually read the correct kvno, even
+++ /dev/null
-# Kerberos ftp test.
-# This is a DejaGnu test script.
-# This script tests Kerberos ftp.
-# Originally written by Ian Lance Taylor, Cygnus Support, <ian@cygnus.com>.
-# Modified bye Ezra Peisach for GSSAPI support.
-
-# Find the programs we need. We use the binaries from the build tree
-# if they exist. If they do not, then they must be in PATH. We
-# expect $objdir to be .../kerberos/build/tests/dejagnu
-
-if ![info exists FTP] {
- set FTP [findfile $objdir/../../appl/gssftp/ftp/ftp]
-}
-
-if ![info exists FTPD] {
- set FTPD [findfile $objdir/../../appl/gssftp/ftpd/ftpd]
-}
-
-# If we do not have what is for a V4 test - return
-if ![v4_compatible_enctype] {
- return
-}
-
-# A procedure to start up the ftp daemon.
-
-proc start_ftp_daemon { } {
- global FTPD
- global tmppwd
- global ftpd_spawn_id
- global ftpd_pid
- global portbase
-
- # The -p argument tells it to accept a single connection, so we
- # don't need to use inetd. Portbase+8 is the port to listen at.
- # We rely on KRB5_KTNAME being set to the proper keyfile as there is
- # no way to cleanly set it with the gssapi API.
- # The -U argument tells it to use an alternate ftpusers file (using
- # /dev/null will allow root to login regardless of /etc/ftpusers).
- # The -a argument requires authorization, to mitigate any
- # vulnerability introduced by circumventing ftpusers.
- spawn $FTPD -p [expr 8 + $portbase] -a -U /dev/null -r $tmppwd/krb.conf
- set ftpd_spawn_id $spawn_id
- set ftpd_pid [exp_pid]
-
- # Give the ftp daemon a few seconds to get set up.
- sleep 2
-}
-
-# A procedure to stop the ftp daemon.
-
-proc stop_ftp_daemon { } {
- global ftpd_spawn_id
- global ftpd_pid
-
- if [info exists ftpd_pid] {
- catch "close -i $ftpd_spawn_id"
- catch "exec kill $ftpd_pid"
- catch "wait -i $ftpd_spawn_id"
- unset ftpd_pid
- }
-}
-
-# Test that a file was copied correctly.
-proc check_file { filename {bigfile 0}} {
- if ![file exists $filename] {
- verbose "$filename does not exist"
- send_log "$filename does not exist\n"
- return 0
- }
-
- set file [open $filename r]
- if { [gets $file line] == -1 } {
- verbose "$filename is empty"
- send_log "$filename is empty\n"
- close $file
- return 0
- }
-
- if ![string match "This file is used for ftp testing." $line] {
- verbose "$filename contains $line"
- send_log "$filename contains $line\n"
- close $file
- return 0
- }
-
- if {$bigfile} {
- # + 1 for the newline
- seek $file 1048577 current
- if { [gets $file line] == -1 } {
- verbose "$filename is truncated"
- send_log "$filename is truncated\n"
- close $file
- return 0
- }
-
- if ![string match "This file is used for ftp testing." $line] {
- verbose "$filename contains $line"
- send_log "$filename contains $line\n"
- close $file
- return 0
- }
- }
-
- if { [gets $file line] != -1} {
- verbose "$filename is too long ($line)"
- send_log "$filename is too long ($line)\n"
- close $file
- return 0
- }
-
- close $file
-
- return 1
-}
-
-#
-# Restore environment variables possibly set.
-#
-proc ftp_restore_env { } {
- global env
- global ftp_save_ktname
- global ftp_save_ccname
-
- catch "unset env(KRB5_KTNAME)"
- if [info exists ftp_save_ktname] {
- set env(KRB5_KTNAME) $ftp_save_ktname
- unset ftp_save_ktname
- }
-
- catch "unset env(KRB5CCNAME)"
- if [info exists ftp_save_ccname] {
- set env(KRB5CCNAME) $ftp_save_ccname
- unset ftp_save_ccname
- }
-}
-
-# Wrap the tests in a procedure, so that we can kill the daemons if
-# we get some sort of error.
-
-proc v4ftp_test { } {
- global FTP
- global KEY
- global REALMNAME
- global hostname
- global localhostname
- global env
- global ftpd_spawn_id
- global ftpd_pid
- global spawn_id
- global tmppwd
- global ftp_save_ktname
- global ftp_save_ccname
- global des3_krbtgt
- global portbase
-
- if {$des3_krbtgt} {
- return
- }
- # Start up the kerberos and kadmind daemons and get a srvtab and a
- # ticket file.
- if {![start_kerberos_daemons 0] \
- || ![add_random_key ftp/$hostname 0] \
- || ![setup_srvtab 0 ftp] \
- || ![add_kerberos_key $env(USER) 0] \
- || ![v4kinit $env(USER) $env(USER)$KEY 0]} {
- return
- }
-
- #
- # Save settings of KRB5_KTNAME
- #
- if [info exists env(KRB5_KTNAME)] {
- set ftp_save_ktname $env(KRB5_KTNAME)
- }
-
- #
- # set KRB5_KTNAME
- #
- set env(KRB5_KTNAME) FILE:$tmppwd/srvtab
- verbose "KRB5_KTNAME=$env(KRB5_KTNAME)"
-
- #
- # Save settings of KRB5CCNAME
- # These tests fail if the krb5 cache happens to have a valid credential
- # which can result from running the gssftp.exp test immediately
- # preceeding these tests.
- #
- if [info exists env(KRB5CCNAME)] {
- set ftp_save_ccname $env(KRB5CCNAME)
- }
-
- #
- # set KRB5_KTNAME
- #
- set env(KRB5CCNAME) FILE:$tmppwd/non-existant-cache
- verbose "KRB5CCNAME=$env(KRB5CCNAME)"
-
- # Start the ftp daemon.
- start_ftp_daemon
-
- # Make an ftp client connection to it.
- spawn $FTP $hostname [expr 8 + $portbase]
-
- expect_after {
- timeout {
- fail "$testname (timeout)"
- catch "expect_after"
- return
- }
- eof {
- fail "$testname (eof)"
- catch "expect_after"
- return
- }
- }
-
- set testname "ftp connection(v4)"
- expect -nocase "connected to $hostname"
- expect -nocase -re "$localhostname.*ftp server .version \[0-9.\]*. ready."
- expect -re "Using authentication type GSSAPI; ADAT must follow"
- expect "GSSAPI accepted as authentication type"
- expect -re "GSSAPI error major: (Unspecified GSS|Miscellaneous) failure"
- expect {
- "GSSAPI error minor: Unsupported credentials cache format version number" {}
- "GSSAPI error minor: No credentials cache found" {}
- -re "GSSAPI error minor: Credentials cache file '.*' not found" {}
- "GSSAPI error minor: Decrypt integrity check failed" {}
- }
- expect "GSSAPI error: initializing context"
- expect "GSSAPI authentication failed"
- expect -re "Using authentication type KERBEROS_V4; ADAT must follow"
- expect {
- "Kerberos V4 authentication succeeded" { pass "ftp authentication" }
- eof { fail "ftp authentication" ; catch "expect_after" ; return }
- -re "Kerberos V4 .* failed.*\r" {
- fail "ftp authentication";
- send "quit\r"; catch "expect_after";
- return
- }
- }
- expect -nocase "name ($hostname:$env(USER)): "
- send "$env(USER)\r"
- expect "Kerberos user $env(USER)@$REALMNAME is authorized as $env(USER)"
- expect "Remote system type is UNIX."
- expect "Using binary mode to transfer files."
- expect "ftp> " {
- pass $testname
- }
-
- set testname "binary(v4)"
- send "binary\r"
- expect "ftp> " {
- pass $testname
- }
-
- set testname "status(v4)"
- send "status\r"
- expect -nocase "connected to $hostname."
- expect "Authentication type: KERBEROS_V4"
- expect "ftp> " {
- pass $testname
- }
-
- set testname "ls(v4)"
- send "ls $tmppwd/ftp-test\r"
- expect -re "Opening ASCII mode data connection for .*ls."
- expect -re ".* $tmppwd/ftp-test"
- expect "ftp> " {
- pass $testname
- }
-
- set testname "nlist(v4)"
- send "nlist $tmppwd/ftp-test\r"
- expect -re "Opening ASCII mode data connection for file list."
- expect -re "$tmppwd/ftp-test"
- expect -re ".* Transfer complete."
- expect "ftp> " {
- pass $testname
- }
-
- set testname "ls missing(v4)"
- send "ls $tmppwd/ftp-testmiss\r"
- expect -re "Opening ASCII mode data connection for .*ls."
- expect {
- -re "$tmppwd/ftp-testmiss not found" {}
- -re "$tmppwd/ftp-testmiss: No such file or directory"
- }
- expect "ftp> " {
- pass $testname
- }
-
-
- set testname "get(v4)"
- catch "exec rm -f $tmppwd/copy"
- send "get $tmppwd/ftp-test $tmppwd/copy\r"
- expect "Opening BINARY mode data connection for $tmppwd/ftp-test"
- expect "Transfer complete"
- expect -re "\[0-9\]+ bytes received in \[0-9.e-\]+ seconds"
- expect "ftp> "
- if [check_file $tmppwd/copy] {
- pass $testname
- } else {
- fail $testname
- }
-
- set testname "put(v4)"
- catch "exec rm -f $tmppwd/copy"
- send "put $tmppwd/ftp-test $tmppwd/copy\r"
- expect "Opening BINARY mode data connection for $tmppwd/copy"
- expect "Transfer complete"
- expect -re "\[0-9\]+ bytes sent in \[0-9.e-\]+ seconds"
- expect "ftp> "
- if [check_file $tmppwd/copy] {
- pass $testname
- } else {
- fail $testname
- }
-
- set testname "cd(v4)"
- send "cd $tmppwd\r"
- expect "CWD command successful."
- expect "ftp> " {
- pass $testname
- }
-
- set testname "lcd(v4)"
- send "lcd $tmppwd\r"
- expect "Local directory now $tmppwd"
- expect "ftp> " {
- pass $testname
- }
-
- set testname "local get(v4)"
- catch "exec rm -f $tmppwd/copy"
- send "get ftp-test copy\r"
- expect "Opening BINARY mode data connection for ftp-test"
- expect "Transfer complete"
- expect -re "\[0-9\]+ bytes received in \[0-9.e-\]+ seconds"
- expect "ftp> "
- if [check_file $tmppwd/copy] {
- pass $testname
- } else {
- fail $testname
- }
-
- set testname "big local get(v4)"
- catch "exec rm -f $tmppwd/copy"
- send "get bigftp-test copy\r"
- expect "Opening BINARY mode data connection for bigftp-test"
- expect "Transfer complete"
- expect -re "\[0-9\]+ bytes received in \[0-9.e-\]+ seconds"
- expect "ftp> "
- if [check_file $tmppwd/copy 1] {
- pass $testname
- } else {
- fail $testname
- }
-
- set testname "start encryption(v4)"
- send "private\r"
- expect "Data channel protection level set to private"
- expect "ftp> " {
- pass $testname
- }
-
- set testname "status(v4)"
- send "status\r"
- expect "Protection Level: private"
- expect "ftp> " {
- pass $testname
- }
-
- set testname "encrypted get(v4)"
- catch "exec rm -f $tmppwd/copy"
- send "get ftp-test copy\r"
- expect "Opening BINARY mode data connection for ftp-test"
- expect "Transfer complete"
- expect {
- -re "\[0-9\]+ bytes received in \[0-9.e-\]+ seconds" {}
- -re "krb_rd_priv failed for KERBEROS_V4" {
- fail $testname
- send "quit\r"
- catch "expect_after"
- return
- }
- }
- expect "ftp> "
- if [check_file $tmppwd/copy] {
- pass $testname
- } else {
- fail $testname
- }
-
-
- # Test a large file that will overflow PBSZ size
- set testname "big encrypted get(v4)"
- catch "exec rm -f $tmppwd/copy"
- send "get bigftp-test copy\r"
- expect "Opening BINARY mode data connection for bigftp-test"
- expect "Transfer complete"
- expect {
- -re "\[0-9\]+ bytes received in \[0-9.e+-\]+ seconds" {}
- -re "krb_rd_priv failed for KERBEROS_V4" {
- fail $testname
- send "quit\r"
- catch "expect_after"
- return
- }
- }
- expect "ftp> "
- if [check_file $tmppwd/copy 1] {
- pass $testname
- } else {
- fail $testname
- }
-
- set testname "close(v4)"
- send "close\r"
- expect "Goodbye."
- expect "ftp> "
- set status_list [wait -i $ftpd_spawn_id]
- verbose "wait -i $ftpd_spawn_id returned $status_list ($testname)"
- catch "close -i $ftpd_spawn_id"
- if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 0 } {
- send_log "exit status: $status_list\n"
- verbose "exit status: $status_list"
- fail $testname
- } else {
- pass $testname
- unset ftpd_pid
- }
-
- set testname "quit(v4)"
- send "quit\r"
- expect_after
- expect eof
- if [check_exit_status $testname] {
- pass $testname
- }
-
-}
-
-run_once v4gssftp {
- # Make sure .klogin is reasonable.
- if ![check_k5login ftp] {
- return
- }
-
- if ![check_klogin ftp] {
- return
- }
-
- # Set up the kerberos database.
- if {![get_hostname] \
- || ![setup_kerberos_files] \
- || ![setup_kerberos_env] \
- || ![setup_kerberos_db 0]} {
- return
- }
-
- # Create a file to use for ftp testing.
- set file [open $tmppwd/ftp-test w]
- puts $file "This file is used for ftp testing."
- close $file
-
- # Create a large file to use for ftp testing. File needs to be
- # larger that 2^20 or 1MB for PBSZ testing.
- set file [open $tmppwd/bigftp-test w]
- puts $file "This file is used for ftp testing.\n"
- seek $file 1048576 current
- puts $file "This file is used for ftp testing."
- close $file
-
- # The ftp client will look in $HOME/.netrc for the user name to use.
- # To avoid confusing the testsuite, point $HOME at a directory where
- # we know there is no .netrc file.
- if [info exists env(HOME)] {
- set home $env(HOME)
- } elseif [info exists home] {
- unset home
- }
- set env(HOME) $tmppwd
-
- # Run the test. Logging in sometimes takes a while, so increase the
- # timeout.
- set oldtimeout $timeout
- set timeout 60
- set status [catch v4ftp_test msg]
- set timeout $oldtimeout
-
- # Shut down the kerberos daemons and the ftp daemon.
- stop_kerberos_daemons
-
- stop_ftp_daemon
-
- ftp_restore_env
-
- # Reset $HOME, for safety in case we are going to run more tests.
- if [info exists home] {
- set env(HOME) $home
- } else {
- unset env(HOME)
- }
-
- if { $status != 0 } {
- perror "error in v4gssftp.exp: $msg"
- }
-}
+++ /dev/null
-# Standalone Kerberos test.
-# This is a DejaGnu test script.
-# This script tests that the Kerberos tools can talk to each other.
-
-# This mostly just calls procedures in testsuite/config/default.exp.
-
-if ![info exists K524INIT] {
- set K524INIT [findfile $objdir/../../krb524/k524init]
-}
-
-if ![info exists KRB524D] {
- set KRB524D [findfile $objdir/../../krb524/krb524d]
-}
-
-if ![info exists KLIST] {
- set KLIST [findfile $objdir/../../clients/klist/klist]
-}
-
-if ![info exists KDESTROY] {
- set KDESTROY [findfile $objdir/../../clients/kdestroy/kdestroy]
-}
-
-# Set up the Kerberos files and environment.
-if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
- return
-}
-
-# If we do not have what is for a V4 test - return
-if ![v4_compatible_enctype] {
- return
-}
-
-# Initialize the Kerberos database. The argument tells
-# setup_kerberos_db that it is being called from here.
-if ![setup_kerberos_db 1] {
- return
-}
-
-# A procedure to stop the krb524 daemon.
-proc start_k524_daemon { } {
- global KRB524D
- global k524d_spawn_id
- global k524d_pid
- global REALMNAME
- global portbase
-
- spawn $KRB524D -m -p [expr 7 + $portbase] -r $REALMNAME -nofork
- set k524d_spawn_id $spawn_id
- set k524d_pid [exp_pid]
-
- # Give the krb524d daemon a few seconds to get set up.
- sleep 2
-}
-
-# A procedure to stop the krb524 daemon.
-proc stop_k524_daemon { } {
- global k524d_spawn_id
- global k524d_pid
-
- if [info exists k524d_pid] {
- catch "close -i $k524d_spawn_id"
- catch "exec kill $k524d_pid"
- catch "wait -i $k524d_spawn_id"
- unset k524d_pid
- }
-}
-
-# We are about to start up a couple of daemon processes. We do all
-# the rest of the tests inside a proc, so that we can easily kill the
-# processes when the procedure ends.
-
-proc doit { } {
- global env
- global KEY
- global K524INIT
- # To pass spawn_id to the wait process
- global spawn_id
- global KLIST
- global KDESTROY
- global tmppwd
- global REALMNAME
- global des3_krbtgt
-
- if {$des3_krbtgt} {
- return
- }
- # Start up the kerberos and kadmind daemons.
- if ![start_kerberos_daemons 1] {
- return
- }
-
- # Add a user key and get a V5 ticket
- if {![add_kerberos_key $env(USER) 0] \
- || ![kinit $env(USER) $env(USER)$KEY 0]} {
- return
- }
-
- # Start the krb524d daemon.
- start_k524_daemon
-
- # The k524init program does not advertise anything on success -
- #only failure.
- spawn $K524INIT
- expect {
- -timeout 10
- -re "k524init: .*\r" {
- fail "k524init"
- return
- }
- eof {}
- timeout {}
- }
-
-
- if ![check_exit_status "k524init"] {
- return
- }
- pass "k524init"
-
- # Make sure that klist can see the ticket.
- spawn $KLIST -4
- expect {
- -re "Kerberos 4 ticket cache:\[ \]*(.+:)?$tmppwd/tkt.*Principal:\[ \]*$env(USER)@$REALMNAME.*krbtgt\.$REALMNAME@$REALMNAME\r\n" {
- verbose "klist started"
- }
- timeout {
- fail "v4klist"
- return
- }
- eof {
- fail "v4klist"
- return
- }
- }
-
- expect {
- "\r" { }
- eof { }
- }
-
- if ![check_exit_status "klist"] {
- return
- }
- pass "krb524d: v4klist"
-
- # Destroy the ticket.
- spawn $KDESTROY -4
- if ![check_exit_status "kdestroy"] {
- return
- }
- pass "krb524d: v4kdestroy"
-
- pass "krb524d: krb524d"
-}
-
-set status [catch doit msg]
-
-stop_kerberos_daemons
-
-stop_k524_daemon
-
-if { $status != 0 } {
- send_error "ERROR: error in v4krb524d.exp\n"
- send_error "$msg\n"
- exit 1
-}
-
-
+++ /dev/null
-# Standalone Kerberos test.
-# This is a DejaGnu test script.
-# This script tests that the Kerberos tools can talk to each other.
-
-# This mostly just calls procedures in testsuite/config/default.exp.
-
-# Set up the Kerberos files and environment.
-if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
- return
-}
-
-# If we do not have what is for a V4 test - return
-if ![v4_compatible_enctype] {
- return
-}
-
-# Initialize the Kerberos database. The argument tells
-# setup_kerberos_db that it is being called from here.
-if ![setup_kerberos_db 1] {
- return
-}
-
-# We are about to start up a couple of daemon processes. We do all
-# the rest of the tests inside a proc, so that we can easily kill the
-# processes when the procedure ends.
-
-proc check_and_destroy_v4_tix { client server } {
- global REALMNAME
- global des3_krbtgt
-
- # Skip this if we're using a des3 TGT, since that's supposed to fail.
- if {$des3_krbtgt} {
- return
- }
- # Make sure that klist can see the ticket.
- if ![v4klist "$client" "$server" "v4klist"] {
- return
- }
-
- # Destroy the ticket.
- if ![v4kdestroy "v4kdestroy"] {
- return
- }
-
- if ![v4klist_none "v4klist no tix 1"] {
- return
- }
-}
-
-proc doit { } {
- global REALMNAME
- global KLIST
- global KDESTROY
- global KEY
- global hostname
- global spawn_id
- global tmppwd
-
- # Start up the kerberos and kadmind daemons.
- if ![start_kerberos_daemons 1] {
- return
- }
-
- # Use kadmin to add an host key.
- if ![add_random_key host/$hostname 1] {
- return
- }
-
- # Use ksrvutil to create a srvtab entry.
- if ![setup_srvtab 1] {
- return
- }
-
- # Use kinit to get a ticket.
- if [v4kinit krbtest.admin adminpass$KEY 1] {
- check_and_destroy_v4_tix krbtest.admin@$REALMNAME krbtgt.$REALMNAME@$REALMNAME
- }
-
- # Use kinit with srvtab to get a ticket.
- # XXX - Currently kinit doesn't support "-4 -k"!
-# set shorthost [string range $hostname 0 [expr [string first . $hostname] - 1]]
-# if [v4kinit_kt host.$shorthost SRVTAB:$tmppwd/srvtab 1] {
-# check_and_destroy_v4_tix host.$shorthost@$REALMNAME krbtgt.$REALMNAME@$REALMNAME
-# }
-}
-
-set status [catch doit msg]
-
-stop_kerberos_daemons
-
-if { $status != 0 } {
- send_error "ERROR: error in v4standalone.exp\n"
- send_error "$msg\n"
- exit 1
-}
$_ = &uniquify($_);
- # Some krb4 dependencies should only be present if building with krb4
- # enabled.
- s;\$\(BUILDTOP\)/include/kerberosIV/krb_err.h ;\$(KRB_ERR_H_DEP) ;g;
-
# Delete trailing whitespace.
s; *$;;g;
utils.c
options.so options.po $(OUTPRE)options.$(OBJEXT): $(BUILDTOP)/include/ss/ss_err.h \
$(COM_ERR_DEPS) copyright.h options.c ss.h
-cmd_tbl.lex.o: cmd_tbl.lex.c ct.tab.h
+cmd_tbl.lex.o: cmd_tbl.lex.c
ct.tab.o: $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) \
ct.tab.c ss.h
ss_err.so ss_err.po $(OUTPRE)ss_err.$(OBJEXT): $(COM_ERR_DEPS) \