+2003-05-24 Ken Raeburn <raeburn@mit.edu>
+
+ * aclocal.m4 (WITH_KRB4): Don't set or substitute KRB524_DEPLIB,
+ KRB524_LIB, KRB524_H_DEP, or KRB524_ERR_H_DEP.
+ * Makefile.in (ETOUT): Update location of krb524_err files.
+ (krb524/krb524_err.h, krb524/krb524_err.c): Delete.
+ ($(INC)krb524_err.h, $(ET)krb524_err.c): New targets.
+
2003-05-22 Tom Yu <tlyu@mit.edu>
* aclocal.m4: Add -DKRB5_DEPRECATED=1 so stuff in tree builds.
PR = util/profile/
ETOUT = \
- krb524\krb524_err.h krb524\krb524_err.c \
$(INC)asn1_err.h $(ET)asn1_err.c \
$(INC)kdb5_err.h $(ET)kdb5_err.c \
$(INC)krb5_err.h $(ET)krb5_err.c \
$(INC)kv5m_err.h $(ET)kv5m_err.c \
+ $(INC)krb524_err.h $(ET)krb524_err.c \
$(INC)/kerberosIV/kadm_err.h lib/krb4/kadm_err.c \
$(INC)/kerberosIV/krb_err.h lib/krb4/krb_err.c \
$(PR)prof_err.h $(PR)prof_err.c \
rm -rf bin
rm -f include/autoconf.h Makefile macsrc* macfile.maclist
-krb524/krb524_err.h: $(AH) krb524/krb524_err.et
- $(AWK) -f $(AH) outfile=$@ krb524/krb524_err.et
-krb524/krb524_err.c: $(AC) krb524/krb524_err.et
- $(AWK) -f $(AC) outfile=$@ krb524/krb524_err.et
-
$(INC)asn1_err.h: $(AH) $(ET)asn1_err.et
$(AWK) -f $(AH) outfile=$@ $(ET)asn1_err.et
$(INC)kdb5_err.h: $(AH) $(ET)kdb5_err.et
$(AWK) -f $(AH) outfile=$@ $(ET)krb5_err.et
$(INC)kv5m_err.h: $(AH) $(ET)kv5m_err.et
$(AWK) -f $(AH) outfile=$@ $(ET)kv5m_err.et
+$(INC)krb524_err.h: $(AH) $(ET)krb524_err.et
+ $(AWK) -f $(AH) outfile=$@ $(ET)krb524_err.et
$(INC)/kerberosIV/kadm_err.h: $(AH) lib/krb4/kadm_err.et
$(AWK) -f $(AH) outfile=$@ lib/krb4/kadm_err.et
$(INC)/kerberosIV/krb_err.h: $(AH) lib/krb4/krb_err.et
$(AWK) -f $(AC) outfile=$@ $(ET)krb5_err.et
$(ET)kv5m_err.c: $(AC) $(ET)kv5m_err.et
$(AWK) -f $(AC) outfile=$@ $(ET)kv5m_err.et
+$(ET)krb524_err.c: $(AC) $(ET)krb524_err.et
+ $(AWK) -f $(AC) outfile=$@ $(ET)krb524_err.et
lib/krb4/kadm_err.c: $(AC) lib/krb4/kadm_err.et
$(AWK) -f $(AC) outfile=$@ lib/krb4/kadm_err.et
lib/krb4/krb_err.c: $(AC) lib/krb4/krb_err.et
KRB4_DEPLIB=
KRB4_INCLUDES=
KRB4_LIBPATH=
- KRB524_DEPLIB=
- KRB524_LIB=
KRB_ERR_H_DEP=
- KRB524_H_DEP=
- KRB524_ERR_H_DEP=
krb5_cv_build_krb4_libs=no
krb5_cv_krb4_libdir=
else
KRB4_LIB=-lkrb4
KRB4_INCLUDES='-I$(SRCTOP)/include/kerberosIV -I$(BUILDTOP)/include/kerberosIV'
KRB4_LIBPATH=
- KRB524_DEPLIB='$(BUILDTOP)/krb524/libkrb524.a'
- KRB524_LIB='$(BUILDTOP)/krb524/libkrb524.a'
KRB_ERR_H_DEP='$(BUILDTOP)/include/kerberosIV/krb_err.h'
- KRB524_H_DEP='$(BUILDTOP)/include/krb524.h'
- KRB524_ERR_H_DEP='$(BUILDTOP)/include/krb524_err.h'
krb5_cv_build_krb4_libs=yes
krb5_cv_krb4_libdir=
else
KRB4_INCLUDES="-I$withval/include"
KRB4_LIBPATH="-L$withval/lib"
KRB_ERR_H_DEP=
- KRB524_H_DEP=
- KRB524_ERR_H_DEP=
krb5_cv_build_krb4_libs=no
krb5_cv_krb4_libdir="$withval/lib"
fi
AC_SUBST(KRB4_LIBPATH)
AC_SUBST(KRB4_LIB)
AC_SUBST(KRB4_DEPLIB)
-AC_SUBST(KRB524_DEPLIB)
-AC_SUBST(KRB524_LIB)
AC_SUBST(KRB_ERR_H_DEP)
-AC_SUBST(KRB524_H_DEP)
-AC_SUBST(KRB524_ERR_H_DEP)
dnl We always compile the des425 library
DES425_DEPLIB='$(TOPLIBD)/libdes425$(DEPLIBEXT)'
DES425_LIB=-ldes425
+2003-05-23 Ken Raeburn <raeburn@mit.edu>
+
+ * configure.in: Don't use libkrb524.a any more.
+ * login.c: Don't include krb524.h.
+ (try_convert524): Don't call krb524_init_ets.
+
2003-05-09 Tom Yu <tlyu@mit.edu>
* krcp.c (main): Rename getlocalsubkey -> getsendsubkey.
$(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
$(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/kerberosIV/krb.h \
$(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
- $(KRB524_H_DEP) $(KRB524_ERR_H_DEP) loginpaths.h
+ loginpaths.h
$(OUTPRE)krshd.$(OBJEXT): krshd.c $(BUILDTOP)/include/libpty.h \
$(SRCTOP)/include/syslog.h $(BUILDTOP)/include/krb5.h \
$(COM_ERR_DEPS) loginpaths.h $(SRCTOP)/include/kerberosIV/krb.h \
V4RCP=
V4RCPO=
else
- AC_MSG_RESULT(Adding in krb4 support)
- LOGINLIBS="../../krb524/libkrb524.a $LOGINLIBS"
+ AC_MSG_RESULT(Adding in krb4 rcp support)
V4RCP=v4rcp
V4RCPO=v4rcp.o
fi
#include <arpa/resolv.h>
#endif /* BIND_HACK */
-#ifdef KRB4_CONVERT
-#include <krb524.h>
-#endif
-
/* Hacks to maintain compatability with Athena libkrb*/
#ifndef HAVE_KRB_SAVE_CREDENTIALS
#define krb_save_credentials save_credentials
CREDENTIALS v4creds;
- /* or do this directly with krb524_convert_creds_kdc */
- krb524_init_ets(kctx);
-
/* If we have forwarded v5 tickets, retrieve the credentials from
* the cache; otherwise, the v5 credentials are in my_creds.
*/
+2003-05-23 Ken Raeburn <raeburn@mit.edu>
+
+ * configure.in: Don't use libkrb524.a any more.
+ * ftpd.c: Don't include krb524.h.
+ (main): Don't call krb524_init_ets.
+
2003-01-10 Ken Raeburn <raeburn@mit.edu>
* configure.in: Use V5_AC_OUTPUT_MAKEFILE instead of
if test $krb5_cv_shadow_pwd = yes; then
AC_DEFINE(HAVE_SHADOW)
fi
-AC_ARG_WITH([krb4],
-[ --without-krb4 don't include Kerberos V4 backwards compatibility
- --with-krb4 use V4 libraries included with V5 (default)
- --with-krb4=KRB4DIR use preinstalled V4 libraries],
-,
-withval=yes
-)dnl
-if test $withval = no; then
- AC_MSG_RESULT(no krb4 support)
-else
- AC_MSG_RESULT(Adding in krb4 support)
- FTPD_LIBS="../../../krb524/libkrb524.a"
-fi
case $krb5_cv_host in
alpha*-dec-osf*)
AC_CHECK_LIB(security,setluid,
$(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/port-sockets.h \
$(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/krb.h \
$(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
- $(BUILDTOP)/include/profile.h $(KRB524_H_DEP) $(KRB524_ERR_H_DEP) \
- $(SRCTOP)/include/socket-utils.h $(BUILDTOP)/include/gssapi/gssapi.h \
+ $(BUILDTOP)/include/profile.h $(BUILDTOP)/include/gssapi/gssapi.h \
$(BUILDTOP)/include/gssapi/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
ftpd_var.h secure.h
$(OUTPRE)ftpcmd.$(OBJEXT): ftpcmd.c $(srcdir)/../arpa/ftp.h \
#ifdef KRB5_KRB4_COMPAT
#include <krb5.h>
#include <krb.h>
-#include <krb524.h>
AUTH_DAT kdata;
KTEXT_ST ticket;
#ifdef GSSAPI
krb5_init_context(&kcontext);
-#ifdef KRB5_KRB4_COMPAT
- krb524_init_ets(kcontext);
-#endif
#endif
while ((c = getopt(argc, argv, option_string)) != -1) {
+2003-05-23 Ken Raeburn <raeburn@mit.edu>
+
+ * Makefile.in (kinit): Don't use krb524 library.
+ * kinit.c: Don't include krb524.h.
+ (try_convert524): Don't call krb524_init_ets.
+
2002-11-05 Tom Yu <tlyu@mit.edu>
* kinit.c (k4_kinit): Remove trailing colon, as new implementation
all-windows:: $(OUTPRE)kinit.exe
all-mac::
-kinit: kinit.o $(KRB4COMPAT_DEPLIBS) $(KRB524_DEPLIB)
- $(CC_LINK) -o $@ kinit.o $(KRB524_LIB) $(KRB4COMPAT_LIBS)
+kinit: kinit.o $(KRB4COMPAT_DEPLIBS)
+ $(CC_LINK) -o $@ kinit.o $(KRB4COMPAT_LIBS)
$(OUTPRE)kinit.exe: $(OUTPRE)kinit.obj $(BUILDTOP)\util\windows\$(OUTPRE)getopt.lib $(KLIB) $(CLIB)
link $(EXE_LINKOPTS) -out:$@ $** advapi32.lib
#endif /* HAVE_UNISTD_H */
#endif /* GETOPT_LONG */
-#ifdef HAVE_KRB524
-#include "krb524.h"
-#endif
-
#ifndef _WIN32
#define GET_PROGNAME(x) (strrchr((x), '/') ? strrchr((x), '/')+1 : (x))
#else
initialized.
*/
- /* or do this directly with krb524_convert_creds_kdc */
- krb524_init_ets(k5->ctx);
-
if ((code = krb5_build_principal(k5->ctx,
&kpcserver,
krb5_princ_realm(k5->ctx, k5->me)->length,
+2003-05-23 Ken Raeburn <raeburn@mit.edu>
+
+ * pre.in (KRB524_H_DEP, KRB524_ERR_H_DEP, KRB524_LIB,
+ KRB524_DEPLIB): Deleted.
+
2003-04-24 Ken Raeburn <raeburn@mit.edu>
* post.in (configure): Try running autoconf with --include, and if
SS_DEPLIB = $(SS_DEPLIB-@SS_VERSION@)
SS_DEPLIB-k5 = $(TOPLIBD)/libss.a
SS_DEPLIB-sys =
-KRB524_DEPLIB = @KRB524_DEPLIB@
PTY_DEPLIB = $(TOPLIBD)/libpty.a
KRB5_BASE_DEPLIBS = $(KRB5_DEPLIB) $(CRYPTO_DEPLIB) $(COM_ERR_DEPLIB)
# is compiled.
KRB_ERR_H_DEP = @KRB_ERR_H_DEP@
-KRB524_H_DEP = @KRB524_H_DEP@
-KRB524_ERR_H_DEP= @KRB524_ERR_H_DEP@
# LIBS gets substituted in... e.g. -lnsl -lsocket
# needs fixing if ever used on Mac OS X!
DES425_LIB = @DES425_LIB@
-# KRB524_LIB is $(BUILDTOP)/krb524/libkrb524.a if building --with-krb4
-# needs fixing if ever used on Mac OS X!
-KRB524_LIB = @KRB524_LIB@
-
# HESIOD_LIBS is -lhesiod...
HESIOD_LIBS = @HESIOD_LIBS@
+2003-05-23 Ken Raeburn <raeburn@mit.edu>
+
+ * Makefile.in (krb5.h): Include krb524_err.h.
+ (krb524_err.h): Depend on rebuild-error-tables like krb5_err.h and
+ friends. Add a null command to cause make to recheck the
+ timestamp on the files possibly updated.
+ (clean-unix): Get rid of it.
+ * k5-int.h (KRb5INT_ACCESS_STRUCT_VERSION): Update to 7.
+ (struct ktext) [!defined(ANAME_SZ)]: Declare forward.
+ (krb5int_access): Delete krb5_locate_kdc, krb5_locate_server,
+ krb5_max_dgram_size and timeout fields. Add krb_life_to_time,
+ krb_time_to_life, and krb524_encode_v4tkt function pointer
+ fields. Reorder fields, and add comments.
+ (krb5int_krb_life_to_time, krb5int_krb_time_to_life,
+ krb5int_encode_v4tkt, krb5int_524_sendto_kdc): Declare.
+ * krb5.hin (KRB524_SERVICE, KRB524_PORT): New macros.
+ (struct credentials): Declare forward.
+ (krb524_convert_creds_kdc): Declare.
+
2003-05-22 Tom Yu <tlyu@mit.edu>
* k5-int.h: Add prototype for krb5int_auth_con_chkseqnum.
cd $(srcdir) && ($(AUTOHEADER) --include=$(CONFIG_RELTOPDIR) $(AUTOHEADERFLAGS) || $(AUTOHEADER) --localdir=$(CONFIG_RELTOPDIR) $(AUTOHEADERFLAGS))
touch $(srcdir)/krb5/autoconf.stmp
-krb5.h: krb5/autoconf.h $(srcdir)/krb5.hin krb5_err.h kdb5_err.h kv5m_err.h \
+krb5.h: krb5/autoconf.h $(srcdir)/krb5.hin krb5_err.h kdb5_err.h kv5m_err.h krb524_err.h \
asn1_err.h
echo "/* This file is generated, please don't edit it directly. */" > krb5.h
grep SIZEOF krb5/autoconf.h >> krb5.h
- cat $(srcdir)/krb5.hin krb5_err.h kdb5_err.h kv5m_err.h \
+ cat $(srcdir)/krb5.hin krb5_err.h kdb5_err.h kv5m_err.h krb524_err.h \
asn1_err.h >> krb5.h
#
# Build the error table include files:
-# asn1_err.h kdb5_err.h krb5_err.h kv5m_err.h
+# asn1_err.h kdb5_err.h krb5_err.h kv5m_err.h krb524_err.h
-asn1_err.h kdb5_err.h krb5_err.h kv5m_err.h: rebuild-error-tables
+asn1_err.h kdb5_err.h krb5_err.h kv5m_err.h krb524_err.h: rebuild-error-tables
+ : $@
rebuild-error-tables:
(cd ../lib/krb5/error_tables && $(MAKE) includes)
kdb5_err.h: $(SRCTOP)/lib/krb5/error_tables/kdb5_err.et
krb5_err.h: $(SRCTOP)/lib/krb5/error_tables/krb5_err.et
kv5m_err.h: $(SRCTOP)/lib/krb5/error_tables/kv5m_err.et
+krb524_err.h: $(SRCTOP)/lib/krb5/error_tables/krb524_err.et
clean-unix::
- $(RM) krb5.h krb5_err.h kdb5_err.h kv5m_err.h \
+ $(RM) krb5.h krb5_err.h kdb5_err.h kv5m_err.h krb524_err.h \
asn1_err.h
clean-mac::
/* To keep happy libraries which are (for now) accessing internal stuff */
/* Make sure to increment by one when changing the struct */
-#define KRB5INT_ACCESS_STRUCT_VERSION 6
+#define KRB5INT_ACCESS_STRUCT_VERSION 7
+#ifndef ANAME_SZ
+struct ktext; /* from krb.h, for krb524 support */
+#endif
typedef struct _krb5int_access {
- krb5_error_code (*krb5_locate_kdc) (krb5_context, const krb5_data *,
- struct addrlist *, int, int, int);
- krb5_error_code (*krb5_locate_server) (krb5_context, const krb5_data *,
- struct addrlist *, int,
- const char *, const char *,
- int, int, int, int);
- void (*free_addrlist) (struct addrlist *);
- unsigned int krb5_max_skdc_timeout;
- unsigned int krb5_skdc_timeout_shift;
- unsigned int krb5_skdc_timeout_1;
- unsigned int krb5_max_dgram_size;
+ /* crypto stuff */
const struct krb5_hash_provider *md5_hash_provider;
const struct krb5_enc_provider *arcfour_enc_provider;
krb5_error_code (* krb5_hmac) (const struct krb5_hash_provider *hash,
const krb5_keyblock *key,
unsigned int icount, const krb5_data *input,
krb5_data *output);
+ /* service location and communication */
krb5_error_code (*sendto_udp) (krb5_context, const krb5_data *msg,
const struct addrlist *, krb5_data *reply,
struct sockaddr *, socklen_t *);
const char *hostname,
int port, int secport,
int socktype, int family);
+ void (*free_addrlist) (struct addrlist *);
+ /* krb4 compatibility stuff -- may be null if not enabled */
+ krb5_int32 (*krb_life_to_time)(krb5_int32, int);
+ int (*krb_time_to_life)(krb5_int32, krb5_int32);
+ int (*krb524_encode_v4tkt)(struct ktext *, char *, unsigned int *);
} krb5int_access;
#define KRB5INT_ACCESS_VERSION \
krb5_error_code KRB5_CALLCONV krb5int_accessor
(krb5int_access*, krb5_int32);
+/* Ick -- some krb524 and krb4 support placed in the krb5 library,
+ because AFS (and potentially other applications?) use the krb4
+ object as an opaque token, which (in some implementations) is not
+ in fact a krb4 ticket, so we don't want to drag in the krb4 support
+ just to enable this. */
+
+/* v4lifetime.c */
+extern krb5_int32 krb5int_krb_life_to_time(krb5_int32, int);
+extern int krb5int_krb_time_to_life(krb5_int32, krb5_int32);
+
+/* conv_creds.c */
+int krb5int_encode_v4tkt
+ (struct ktext *v4tkt, char *buf, unsigned int *encoded_len);
+
+/* send524.c */
+int krb5int_524_sendto_kdc
+ (krb5_context context, const krb5_data * message,
+ const krb5_data * realm, krb5_data * reply,
+ struct sockaddr *, socklen_t *);
+
/* temporary -- this should be under lib/krb5/ccache somewhere */
struct _krb5_ccache {
(krb5_context context, krb5_const_principal princ,
char *name, char *inst, char *realm);
+#define KRB524_SERVICE "krb524"
+#define KRB524_PORT 4444
+
+struct credentials;
+int krb524_convert_creds_kdc
+ (krb5_context context, krb5_creds *v5creds,
+ struct credentials *v4creds);
/* libkt.spec */
#if KRB5_PRIVATE
ChangeLog
Makefile.in
README
-RELEASE_NOTES
configure
configure.in
cnv_tkt_skey.c
-conv_creds.c
conv_princ.c
conv_tkt.c
-encode.c
-getcred.c
-globals.c
k524init.c
-krb524.h
-krb524_err.et
+krb524d.h
krb524_prot
krb524d.c
-misc.c
-sendmsg.c
test.c
Things-to-lose:
+2003-05-24 Ken Raeburn <raeburn@mit.edu>
+
+ * conv_creds.c, encode.c, globals.c, sendmsg.c: Deleted. Contents
+ added to krb5 library.
+ * getcred.c, misc.c: Deleted.
+ * krb524.h: Library declarations moved to krb5.hin and k5-int.h.
+ Remainder renamed to krb524d.h.
+ * krb524_err.et: Moved to lib/krb5/error_tables.
+ * cnv_tkt_skey.c: Include krb524d.h, not krb524.h.
+ (krb524d_debug): Define new variable. Replace all references to
+ krb524_debug.
+ * conv_princ.c: Don't include krb524.h.
+ * k524init.c: Don't include krb524.h.
+ (main): Don't call krb524_init_ets.
+ * krb524d.c: Include krb524d.h, not krb524.h.
+ (encode_v4tkt): New function pointer variable.
+ (main): Initialize it using krb5int_accessor.
+ * test.c: Don't include krb524.h.
+ (main): Don't set krb524_debug, and don't call krb524_init_ets.
+ * Makefile.in: Don't pull in library makefile fragments.
+ (LIB, LIBMAJOR, LIBMINOR, RELDIR): Deleted.
+ (KRB524_DEPLIB, KRB524_LIB, STOBJLISTS, STLIBOBJS): Deleted.
+ (GENS, KRB524_HDR, KRB524_ERR_HDR): Deleted.
+ (SRCS): Remove deleted/moved files.
+ (all-unix): Don't depend on $(GENS) on includes.
+ (includes, all-windows): Don't depend on headers.
+ ($(KRB524_HDR), $(KRB524_ERR_HDR)): Delete rules.
+ (all-windows): Comment out dependency on $(K524LIB) for now.
+ (CLIENT_OBJS, SERVER_OBJS): New variables.
+ (krb524test, krb524d, k524init): Don't use KRB524_*LIB, just
+ KRB5_*LIB. Use *_OBJS lists.
+ (install-unix, clean-unix, clean-windows): Don't install or clean
+ libs or headers.
+ (krb524_err.c): Target deleted.
+
2003-04-01 Nalin Dahyabhai <nalin@redhat.com>
* krb524d.c (do_connection): Use krb5_princ_size rather than
# PERFORMANCE OF THIS SOFTWARE.
#
-##WIN32##!if 0
-LIB=krb524
-##WIN32##!endif
-LIBMAJOR=1
-LIBMINOR=0
-RELDIR=../krb524
-STOBJLISTS=OBJS.ST
-
DEFINES = -DUSE_MASTER -DKRB524_PRIVATE=1
PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH)
PROG_RPATH=$(KRB5_LIBDIR)
-KRB524_DEPLIB = libkrb524.a
-KRB524_LIB = libkrb524.a
##WIN32##!ifdef USE_ALTERNATE_KRB4_INCLUDES
##WIN32##KRB4_INCLUDES=-I$(USE_ALTERNATE_KRB4_INCLUDES)
# Library sources
SRCS = \
- $(srcdir)/conv_creds.c \
$(srcdir)/conv_princ.c \
$(srcdir)/cnv_tkt_skey.c \
- $(srcdir)/encode.c \
- $(srcdir)/misc.c \
- $(srcdir)/globals.c \
- $(srcdir)/sendmsg.c \
- $(srcdir)/krb524_err.et \
$(srcdir)/libinit.c
EXTRADEPSRCS = \
$(srcdir)/k524init.c \
$(srcdir)/krb524d.c
-STLIBOBJS = \
- $(OUTPRE)conv_creds.$(OBJEXT) \
- $(OUTPRE)conv_princ.$(OBJEXT) \
- $(OUTPRE)cnv_tkt_skey.$(OBJEXT) \
- $(OUTPRE)encode.$(OBJEXT) \
- $(OUTPRE)misc.$(OBJEXT) \
- $(OUTPRE)globals.$(OBJEXT) \
- $(OUTPRE)sendmsg.$(OBJEXT) \
- $(OUTPRE)krb524_err.$(OBJEXT) \
- $(OUTPRE)libinit.$(OBJEXT)
-
##WIN32##!ifdef KRB524_STATIC_HACK
##WIN32##LPREFIX=..\lib
##WIN32##K5_GLUE=$(LPREFIX)\$(OUTPRE)k5_glue.obj
##WIN32##K524DEP=$(STLIBOBJS)
##WIN32##!endif
-GENS = krb524_err.c krb524_err.h
-
-KRB524_HDR=$(BUILDTOP)$(S)include$(S)krb524.h
-KRB524_ERR_HDR=$(BUILDTOP)$(S)include$(S)krb524_err.h
-
-all-unix:: $(GENS)
-all-unix:: all-libs
-all-unix:: includes
-
all-unix:: krb524d krb524test k524init
-includes:: $(KRB524_HDR) $(KRB524_ERR_HDR)
-
-$(KRB524_HDR): krb524.h
-##WIN32## $(CP) $? "$@"
-##WIN32##!if 0
-$(KRB524_HDR): krb524.h
- if cmp $(srcdir)/krb524.h \
- $(BUILDTOP)/include/krb524.h >/dev/null 2>&1; then :; \
- else \
- (set -x; $(RM) $(BUILDTOP)/include/krb524.h; \
- $(CP) $(srcdir)/krb524.h \
- $(BUILDTOP)/include/krb524.h) ; \
- fi
-##WIN32##!endif
-
-$(KRB524_ERR_HDR): krb524_err.h
-##WIN32## $(CP) $? "$@"
-##WIN32##!if 0
-$(KRB524_ERR_HDR): krb524_err.h
- if cmp krb524_err.h \
- $(BUILDTOP)/include/krb524_err.h >/dev/null 2>&1; then :; \
- else \
- (set -x; $(RM) $(BUILDTOP)/include/krb524_err.h; \
- $(CP) krb524_err.h \
- $(BUILDTOP)/include/krb524_err.h) ; \
- fi
-##WIN32##!endif
+all-windows:: $(OUTPRE)k524init.exe # $(K524LIB)
-all-windows:: $(KRB524_HDR) $(K524LIB) $(OUTPRE)k524init.exe
+krb524test: test.o $(KRB5_DEPLIB) $(KRB4COMPAT_DEPLIBS)
+ $(CC_LINK) -o krb524test test.o $(KRB5_LIB) $(KRB4COMPAT_LIBS)
-krb524test: libkrb524.a test.o $(KRB524_DEPLIB) $(KRB4COMPAT_DEPLIBS)
- $(CC_LINK) -o krb524test test.o $(KRB524_LIB) $(KRB4COMPAT_LIBS)
+SERVER_OBJS= krb524d.o cnv_tkt_skey.o conv_princ.o
+CLIENT_OBJS= $(OUTPRE)k524init.$(OBJEXT)
-krb524d: krb524d.o $(KADMSRV_DEPLIBS) $(KRB524_DEPLIB) $(KRB4COMPAT_DEPLIBS)
- $(CC_LINK) -o krb524d krb524d.o $(KADMSRV_LIBS) $(KRB524_LIB) $(KRB4COMPAT_LIBS)
+krb524d: $(SERVER_OBJS) $(KADMSRV_DEPLIBS) $(KRB5_DEPLIB) $(KRB4COMPAT_DEPLIBS)
+ $(CC_LINK) -o krb524d $(SERVER_OBJS) $(KADMSRV_LIBS) $(KRB5_LIB) $(KRB4COMPAT_LIBS)
-k524init: k524init.o $(KRB524_DEPLIB) $(KRB4COMPAT_DEPLIBS)
- $(CC_LINK) -o k524init k524init.o $(KRB524_LIB) $(KRB4COMPAT_LIBS)
+k524init: $(CLIENT_OBJS) $(KRB5_DEPLIB) $(KRB4COMPAT_DEPLIBS)
+ $(CC_LINK) -o k524init $(CLIENT_OBJS) $(KRB5_LIB) $(KRB4COMPAT_LIBS)
$(K524LIB): $(STLIBOBJS) $(K4LIB) $(KLIB)
link $(DLL_LINKOPTS) -def:$(K524DEF) -out:$*.dll $** $(WINLIBS)
$(OUTPRE)k524init.exe: $(OUTPRE)k524init.$(OBJEXT) $(K524DEP) $(KLIB) $(K4LIB) $(CLIB) $(BUILDTOP)\util\windows\$(OUTPRE)getopt.lib
link $(EXE_LINKOPTS) -out:$@ $** $(WINLIBS)
-install-unix:: install-libs
+install-unix::
$(INSTALL_PROGRAM) krb524d $(DESTDIR)$(SERVER_BINDIR)/krb524d
$(INSTALL_PROGRAM) k524init $(DESTDIR)$(CLIENT_BINDIR)/krb524init
-clean-unix:: clean-libs clean-libobjs
- $(RM) $(OBJS) $(GENS) core *~ *.bak #*
+clean-unix::
+ $(RM) $(OBJS) core *~ *.bak #*
$(RM) krb524test krb524d k524init test.o krb524d.o k524init.o
- $(RM) $(BUILDTOP)/include/krb524.h $(BUILDTOP)/include/krb524_err.h
-
-clean-windows::
- $(RM) $(GENS)
-
-krb524_err.c : krb524_err.et
-
-# @libobj_frag@
-# @lib_frag@
# +++ Dependency line eater +++
#
# Makefile dependencies follow. This must be the last section in
# the Makefile.in file
#
-conv_creds.so conv_creds.po $(OUTPRE)conv_creds.$(OBJEXT): conv_creds.c $(BUILDTOP)/include/krb5.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
- $(BUILDTOP)/include/profile.h krb524.h $(KRB524_ERR_H_DEP)
-conv_princ.so conv_princ.po $(OUTPRE)conv_princ.$(OBJEXT): conv_princ.c $(BUILDTOP)/include/krb5.h \
+$(OUTPRE)conv_princ.$(OBJEXT): conv_princ.c $(BUILDTOP)/include/krb5.h \
$(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/krb.h \
$(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
- $(BUILDTOP)/include/profile.h krb524.h $(KRB524_ERR_H_DEP) \
- $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(SRCTOP)/include/socket-utils.h
-cnv_tkt_skey.so cnv_tkt_skey.po $(OUTPRE)cnv_tkt_skey.$(OBJEXT): cnv_tkt_skey.c $(SRCTOP)/include/k5-int.h \
+ $(BUILDTOP)/include/profile.h
+$(OUTPRE)cnv_tkt_skey.$(OBJEXT): cnv_tkt_skey.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
$(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
$(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
$(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/kerberosIV/krb.h \
$(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
- krb524.h $(KRB524_ERR_H_DEP)
-encode.so encode.po $(OUTPRE)encode.$(OBJEXT): encode.c $(BUILDTOP)/include/krb5.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
- $(BUILDTOP)/include/profile.h krb524.h $(KRB524_ERR_H_DEP) \
- $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(SRCTOP)/include/socket-utils.h
-misc.so misc.po $(OUTPRE)misc.$(OBJEXT): misc.c $(BUILDTOP)/include/krb5.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
- $(BUILDTOP)/include/profile.h krb524.h $(KRB524_ERR_H_DEP) \
- $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(SRCTOP)/include/socket-utils.h
-globals.so globals.po $(OUTPRE)globals.$(OBJEXT): globals.c
-sendmsg.so sendmsg.po $(OUTPRE)sendmsg.$(OBJEXT): sendmsg.c $(SRCTOP)/include/fake-addrinfo.h \
- $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/k5-int.h \
- $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5.h \
- $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/krb5/kdb.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
- $(KRB_ERR_H_DEP) krb524.h $(KRB524_ERR_H_DEP)
-libinit.so libinit.po $(OUTPRE)libinit.$(OBJEXT): libinit.c
-test.so test.po $(OUTPRE)test.$(OBJEXT): test.c $(SRCTOP)/include/k5-int.h \
+ krb524d.h
+$(OUTPRE)libinit.$(OBJEXT): libinit.c
+$(OUTPRE)test.$(OBJEXT): test.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
$(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
$(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
$(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(KRB_ERR_H_DEP) \
- krb524.h $(KRB524_ERR_H_DEP)
-k524init.so k524init.po $(OUTPRE)k524init.$(OBJEXT): k524init.c $(BUILDTOP)/include/krb5.h \
+ $(SRCTOP)/include/kerberosIV/krb.h $(KRB_ERR_H_DEP)
+$(OUTPRE)k524init.$(OBJEXT): k524init.c $(BUILDTOP)/include/krb5.h \
$(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/krb.h \
$(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
- $(BUILDTOP)/include/profile.h krb524.h $(KRB524_ERR_H_DEP) \
- $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(SRCTOP)/include/socket-utils.h
-krb524d.so krb524d.po $(OUTPRE)krb524d.$(OBJEXT): krb524d.c $(BUILDTOP)/include/krb5.h \
+ $(BUILDTOP)/include/profile.h
+$(OUTPRE)krb524d.$(OBJEXT): krb524d.c $(BUILDTOP)/include/krb5.h \
$(COM_ERR_DEPS) $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \
$(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/xdr.h \
$(BUILDTOP)/include/gssrpc/auth.h $(BUILDTOP)/include/gssrpc/clnt.h \
$(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
$(SRCTOP)/include/krb5/adm_proto.h $(SRCTOP)/include/kerberosIV/krb.h \
$(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
- krb524.h $(KRB524_ERR_H_DEP)
+ krb524d.h
#include <netinet/in.h>
#endif
#include <krb.h>
-#include "krb524.h"
+#include "krb524d.h"
+
+static int krb524d_debug = 0;
static int
krb524int_krb_create_ticket(KTEXT, unsigned int, char *, char *, char *, long,
v5etkt->session->enctype != ENCTYPE_DES_CBC_MD4 &&
v5etkt->session->enctype != ENCTYPE_DES_CBC_MD5) ||
v5etkt->session->length != sizeof(C_Block)) {
- if (krb524_debug)
+ if (krb524d_debug)
fprintf(stderr, "v5 session keyblock type %d length %d != C_Block size %d\n",
v5etkt->session->enctype,
v5etkt->session->length,
give out a v4 ticket with as much of the v5 lifetime is available
"now" instead. */
if ((ret = krb5_timeofday(context, &server_time))) {
- if (krb524_debug)
+ if (krb524d_debug)
fprintf(stderr, "krb5_timeofday failed!\n");
krb5_free_enc_tkt_part(context, v5etkt);
v5tkt->enc_part2 = NULL;
if (v4endtime > v5etkt->times.endtime)
server_time -= v4endtime - v5etkt->times.endtime;
} else {
- if (krb524_debug)
+ if (krb524d_debug)
fprintf(stderr, "v5 ticket time out of bounds\n");
krb5_free_enc_tkt_part(context, v5etkt);
v5tkt->enc_part2 = NULL;
kaddr.contents = (krb5_octet *)&sinp->sin_addr;
if (!krb5_address_search(context, &kaddr, v5etkt->caddrs)) {
- if (krb524_debug)
+ if (krb524d_debug)
fprintf(stderr, "Invalid v5creds address information.\n");
krb5_free_enc_tkt_part(context, v5etkt);
v5tkt->enc_part2 = NULL;
return KRB524_BADADDR;
}
- if (krb524_debug)
+ if (krb524d_debug)
printf("startime = %ld, authtime = %ld, lifetime = %ld\n",
(long) v5etkt->times.starttime,
(long) v5etkt->times.authtime,
+++ /dev/null
-/*
- * Copyright 1994 by OpenVision Technologies, Inc.
- *
- * Permission to use, copy, modify, distribute, and sell this software
- * and its documentation for any purpose is hereby granted without fee,
- * provided that the above copyright notice appears in all copies and
- * that both that copyright notice and this permission notice appear in
- * supporting documentation, and that the name of OpenVision not be used
- * in advertising or publicity pertaining to distribution of the software
- * without specific, written prior permission. OpenVision makes no
- * representations about the suitability of this software for any
- * purpose. It is provided "as is" without express or implied warranty.
- *
- * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
- * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
- * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
- * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
- * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "krb5.h"
-#include <stdio.h>
-#include <string.h>
-#include <sys/types.h>
-#include "port-sockets.h"
-#include "socket-utils.h"
-#include <krb.h>
-#include "krb524.h"
-
-#ifdef USE_CCAPI
-#include <CredentialsCache.h>
-#endif
-
-krb5_error_code krb524_convert_creds_plain
-(krb5_context context, krb5_creds *v5creds,
- CREDENTIALS *v4creds);
-
-krb5_error_code
-krb524_convert_creds_kdc(context, v5creds, v4creds)
- krb5_context context;
- krb5_creds *v5creds;
- CREDENTIALS *v4creds;
-{
- krb5_error_code ret;
- krb5_data reply;
- char *p;
- struct sockaddr_storage ss;
- socklen_t slen = sizeof(ss);
-
- ret = krb524_convert_creds_plain(context, v5creds, v4creds);
- if (ret)
- return ret;
-
- reply.data = NULL;
- ret = krb524_sendto_kdc(context, &v5creds->ticket,
- &v5creds->server->realm, &reply,
- ss2sa(&ss), &slen);
- if (ret)
- return ret;
-
-#if TARGET_OS_MAC
-#ifdef USE_CCAPI
- v4creds->stk_type = cc_v4_stk_des;
-#endif
- if (slen == sizeof(struct sockaddr_in)
- && ss2sa(&ss)->sa_family == AF_INET) {
- v4creds->address = ss2sin(&ss)->sin_addr.s_addr;
- }
- /* Otherwise, leave it set to all-zero. */
-#endif
-
- p = reply.data;
- ret = ntohl(*((krb5_error_code *) p));
- p += sizeof(krb5_int32);
- reply.length -= sizeof(krb5_int32);
- if (ret)
- goto fail;
-
- v4creds->kvno = ntohl(*((krb5_error_code *) p));
- p += sizeof(krb5_int32);
- reply.length -= sizeof(krb5_int32);
- ret = decode_v4tkt(&v4creds->ticket_st, p, &reply.length);
-
-fail:
- if (reply.data)
- free(reply.data);
- reply.data = NULL;
- return ret;
-}
-
-krb5_error_code
-krb524_convert_creds_plain(context, v5creds, v4creds)
- krb5_context context;
- krb5_creds *v5creds;
- CREDENTIALS *v4creds;
-{
- int ret;
- krb5_timestamp endtime;
- char dummy[REALM_SZ];
- memset((char *) v4creds, 0, sizeof(CREDENTIALS));
-
- if ((ret = krb524_convert_princs(context, v5creds->client,
- v5creds->server,
- v4creds->pname, v4creds->pinst,
- dummy, v4creds->service,
- v4creds->instance, v4creds->realm)))
- return ret;
-
- /* Check enctype too */
- if (v5creds->keyblock.length != sizeof(C_Block)) {
- if (krb524_debug)
- fprintf(stderr, "v5 session keyblock length %d != C_Block size %d\n",
- v5creds->keyblock.length,
- (int) sizeof(C_Block));
- return KRB524_BADKEY;
- } else
- memcpy(v4creds->session, (char *) v5creds->keyblock.contents,
- sizeof(C_Block));
-
- /* V4 has no concept of authtime or renew_till, so ignore them */
- v4creds->issue_date = v5creds->times.starttime;
- v4creds->lifetime = krb_time_to_life(v5creds->times.starttime,
- v5creds->times.endtime);
- endtime = krb_life_to_time(v5creds->times.starttime,
- v4creds->lifetime);
- /*
- * Adjust start time backwards to deal with rounding up in
- * krb_time_to_life(), to match code on server side.
- */
- if (endtime > v5creds->times.endtime)
- v4creds->issue_date -= endtime - v5creds->times.endtime;
-
- return 0;
-}
#include "krb5.h"
#include <krb.h>
-#include "krb524.h"
int krb524_convert_princs(context, client, server, pname, pinst, prealm,
sname, sinst, srealm)
+++ /dev/null
-/*
- * Copyright 1994 by OpenVision Technologies, Inc.
- *
- * Permission to use, copy, modify, distribute, and sell this software
- * and its documentation for any purpose is hereby granted without fee,
- * provided that the above copyright notice appears in all copies and
- * that both that copyright notice and this permission notice appear in
- * supporting documentation, and that the name of OpenVision not be used
- * in advertising or publicity pertaining to distribution of the software
- * without specific, written prior permission. OpenVision makes no
- * representations about the suitability of this software for any
- * purpose. It is provided "as is" without express or implied warranty.
- *
- * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
- * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
- * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
- * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
- * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "krb5.h"
-#include <stdio.h>
-#include <string.h>
-#include <signal.h>
-#include <sys/types.h>
-
-#ifdef _WIN32
-#include "port-sockets.h"
-#else
-#include <sys/time.h>
-#include <sys/signal.h>
-#include <netinet/in.h>
-#endif
-
-#include <krb.h>
-#include "krb524.h"
-
-/*
- * I'm sure that this is reinventing the wheel, but I don't know where
- * the wheel is hidden.
- */
-
-int encode_v4tkt (KTEXT_ST *, char *, unsigned int *),
- encode_ktext (char **, int *, KTEXT_ST *),
- encode_bytes (char **, int *, char *, unsigned int),
- encode_int32 (char **, int *, krb5_int32 *);
-
-int decode_v4tkt (KTEXT_ST *, char *, unsigned int *),
- decode_ktext (char **, int *, KTEXT_ST *),
- decode_bytes (char **, int *, char *, unsigned int),
- decode_int32 (char **, int *, krb5_int32 *);
-
-int encode_bytes(out, outlen, in, len)
- char **out;
- int *outlen;
- char *in;
- unsigned int len;
-{
- if (len > *outlen)
- return KRB524_ENCFULL;
- memcpy(*out, in, len);
- *out += len;
- *outlen -= len;
- return 0;
-}
-
-int encode_int32(out, outlen, v)
- char **out;
- int *outlen;
- krb5_int32 *v;
-{
- krb5_int32 nv; /* Must be 4 bytes */
-
- nv = htonl(*v);
- return encode_bytes(out, outlen, (char *) &nv, sizeof(nv));
-}
-
-int encode_v4tkt(v4tkt, buf, encoded_len)
- KTEXT_ST *v4tkt;
- char *buf;
- unsigned int *encoded_len;
-{
- int buflen, ret;
-
- buflen = *encoded_len;
-
- if ((ret = encode_int32(&buf, &buflen, &v4tkt->length)))
- return ret;
- if ((ret = encode_bytes(&buf, &buflen, (char *)v4tkt->dat, MAX_KTXT_LEN)))
- return ret;
- if ((ret = encode_int32(&buf, &buflen, (krb5_int32 *) &v4tkt->mbz)))
- return ret;
-
- *encoded_len -= buflen;
- return 0;
-}
-
-/* decode functions */
-
-int decode_bytes(out, outlen, in, len)
- char **out;
- int *outlen;
- char *in;
- unsigned int len;
-{
- if (len > *outlen)
- return KRB524_DECEMPTY;
- memcpy(in, *out, len);
- *out += len;
- *outlen -= len;
- return 0;
-}
-
-int decode_int32(out, outlen, v)
- char **out;
- int *outlen;
- krb5_int32 *v;
-{
- int ret;
- krb5_int32 nv; /* Must be four bytes */
-
- if ((ret = decode_bytes(out, outlen, (char *) &nv, sizeof(nv))))
- return ret;
- *v = ntohl(nv);
- return 0;
-}
-
-int decode_v4tkt(v4tkt, buf, encoded_len)
- KTEXT_ST *v4tkt;
- char *buf;
- unsigned int *encoded_len;
-{
- int buflen, ret;
-
- buflen = *encoded_len;
- if ((ret = decode_int32(&buf, &buflen, &v4tkt->length)))
- return ret;
- if ((ret = decode_bytes(&buf, &buflen, (char *)v4tkt->dat, MAX_KTXT_LEN)))
- return ret;
- if ((ret = decode_int32(&buf, &buflen, (krb5_int32 *) &v4tkt->mbz)))
- return ret;
- *encoded_len -= buflen;
- return 0;
-}
-
+++ /dev/null
-/*
- * Copyright 1994 by OpenVision Technologies, Inc.
- *
- * Permission to use, copy, modify, distribute, and sell this software
- * and its documentation for any purpose is hereby granted without fee,
- * provided that the above copyright notice appears in all copies and
- * that both that copyright notice and this permission notice appear in
- * supporting documentation, and that the name of OpenVision not be used
- * in advertising or publicity pertaining to distribution of the software
- * without specific, written prior permission. OpenVision makes no
- * representations about the suitability of this software for any
- * purpose. It is provided "as is" without express or implied warranty.
- *
- * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
- * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
- * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
- * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
- * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <stdio.h>
-#include "krb5.h"
-#include <krb.h>
-
-main(argc, argv)
- int argc;
- char **argv;
-{
- krb5_principal client, server;
- krb5_ccache cc;
- krb5_creds v5creds;
- CREDENTIALS v4creds;
- int i, ret;
- krb5_context context;
- krb5_error_code retval;
-
- retval = krb5_init_context(&context);
- if (retval) {
- com_err(argv[0], retval, "while initializing krb5");
- exit(1);
- }
-
- if (ret = krb5_parse_name(argv[1], &client)) {
- com_err("getcred", ret, "parsing client name");
- exit(1);
- }
- if (ret = krb5_parse_name(argv[2], &server)) {
- com_err("getcred", ret, "parsing server name");
- exit(1);
- }
- if (ret = krb5_cc_default(context, &cc)) {
- com_err("getcred", ret, "opening default credentials cache");
- exit(1);
- }
-
- memset((char *) &v5creds, 0, sizeof(v5creds));
- v5creds.client = client;
- v5creds.server = server;
- v5creds.times.endtime = 0;
- v5creds.keyblock.enctype = ENCTYPE_DES_CBC_MD5;
- if (ret = krb5_get_credentials(context, 0, cc, &v5creds)) {
- com_err("getcred", ret, "getting V5 credentials");
- exit(1);
- }
-
- if (ret = krb524_convert_creds_kdc(context, &v5creds, &v4creds)) {
- com_err("getcred", ret, "converting to V4 credentials");
- exit(1);
- }
-
- return 0;
-}
+++ /dev/null
-/*
- * Copyright 1994 by OpenVision Technologies, Inc.
- *
- * Permission to use, copy, modify, distribute, and sell this software
- * and its documentation for any purpose is hereby granted without fee,
- * provided that the above copyright notice appears in all copies and
- * that both that copyright notice and this permission notice appear in
- * supporting documentation, and that the name of OpenVision not be used
- * in advertising or publicity pertaining to distribution of the software
- * without specific, written prior permission. OpenVision makes no
- * representations about the suitability of this software for any
- * purpose. It is provided "as is" without express or implied warranty.
- *
- * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
- * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
- * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
- * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
- * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-int krb524_debug = 0;
#endif
#include <krb.h>
-#include "krb524.h"
extern int optind;
extern char *optarg;
exit(1);
}
- krb524_init_ets(context);
-
if ((code = krb5_cc_default(context, &cc))) {
com_err(prog, code, "opening default credentials cache");
exit(1);
+++ /dev/null
-/*
- * Copyright 1994 by OpenVision Technologies, Inc.
- *
- * Permission to use, copy, modify, distribute, and sell this software
- * and its documentation for any purpose is hereby granted without fee,
- * provided that the above copyright notice appears in all copies and
- * that both that copyright notice and this permission notice appear in
- * supporting documentation, and that the name of OpenVision not be used
- * in advertising or publicity pertaining to distribution of the software
- * without specific, written prior permission. OpenVision makes no
- * representations about the suitability of this software for any
- * purpose. It is provided "as is" without express or implied warranty.
- *
- * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
- * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
- * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
- * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
- * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef KRB524_H
-#define KRB524_H
-
-#define KRB524_SERVICE "krb524"
-#define KRB524_PORT 4444
-
-#if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__))
-# include <TargetConditionals.h>
-# ifndef KRB524_PRIVATE /* Allow e.g. build system to override */
-# define KRB524_PRIVATE 0
-# endif
-#else
-# ifndef KRB524_PRIVATE
-# define KRB524_PRIVATE 1
-# endif
-#endif
-
-#include <krb524_err.h>
-
-#ifndef KRB524INT_BEGIN_DECLS
-#ifdef __cplusplus
-#define KRB524INT_BEGIN_DECLS extern "C" {
-#define KRB524INT_END_DECLS }
-#else
-#define KRB524INT_BEGIN_DECLS
-#define KRB524INT_END_DECLS
-#endif
-#endif
-
-#if TARGET_OS_MAC
-# if defined(__MWERKS__)
-# pragma import on
-# endif
-# pragma options align=mac68k
-#endif
-
-KRB524INT_BEGIN_DECLS
-
-#if KRB524_PRIVATE
-extern int krb524_debug;
-
-struct sockaddr;
-struct sockaddr_in;
-
-int krb524_convert_tkt_skey
- (krb5_context context, krb5_ticket *v5tkt, KTEXT_ST *v4tkt,
- krb5_keyblock *v5_skey, krb5_keyblock *v4_skey,
- struct sockaddr_in *saddr);
-
-/* conv_princ.c */
-
-int krb524_convert_princs
- (krb5_context context, krb5_principal client, krb5_principal server,
- char *pname, char *pinst, char *prealm,
- char *sname, char *sinst, char *srealm);
-
-/* conv_creds.c */
-
-int krb524_convert_creds_addr
- (krb5_context context, krb5_creds *v5creds,
- CREDENTIALS *v4creds, struct sockaddr *saddr);
-#endif /* KRB524_PRIVATE */
-
-int krb524_convert_creds_kdc
- (krb5_context context, krb5_creds *v5creds,
- CREDENTIALS *v4creds);
-
-#if KRB524_PRIVATE
-/* conv_tkt.c */
-
-int krb524_convert_tkt
- (krb5_principal server, krb5_data *v5tkt, KTEXT_ST *v4tkt,
- int *kvno, struct sockaddr_in *saddr);
-
-/* encode.c */
-
-int encode_v4tkt
- (KTEXT_ST *v4tkt, char *buf, unsigned int *encoded_len);
-
-int decode_v4tkt
- (KTEXT_ST *v4tkt, char *buf, unsigned int *encoded_len);
-
-
-/* misc.c */
-
-void krb524_init_ets
- (krb5_context context);
-
-/* sendmsg.c */
-
-#include "port-sockets.h"
-#include "socket-utils.h" /* for socklen_t */
-int krb524_sendto_kdc
- (krb5_context context, const krb5_data * message,
- const krb5_data * realm, krb5_data * reply,
- struct sockaddr *, socklen_t *);
-#endif /* KRB524_PRIVATE */
-
-#if TARGET_OS_MAC
-# if defined(__MWERKS__)
-# pragma import reset
-# endif
-# pragma options align=reset
-#endif
-
-KRB524INT_END_DECLS
-
-#endif /* KRB524_H */
#include <netinet/in.h>
#include <krb.h>
-#include "krb524.h"
+#include "krb524d.h"
#if defined(NEED_DAEMON_PROTO)
extern int daemon(int, int);
signalled = 1;
}
+int (*encode_v4tkt)(KTEXT, char *, unsigned int *) = 0;
+
int main(argc, argv)
int argc;
char **argv;
exit(1);
}
+ {
+ krb5int_access k5int;
+ retval = krb5int_accessor(&k5int, KRB5INT_ACCESS_VERSION);
+ if (retval != 0) {
+ com_err(whoami, retval,
+ "while accessing krb5 library internal support");
+ exit(1);
+ }
+ encode_v4tkt = k5int.krb524_encode_v4tkt;
+ if (encode_v4tkt == NULL) {
+ com_err(whoami, 0,
+ "krb4 support disabled in krb5 support library");
+ exit(1);
+ }
+ }
+
argv++; argc--;
use_master = use_keytab = nofork = 0;
config_params.mask = 0;
* PERFORMANCE OF THIS SOFTWARE.
*/
-#include <krb5.h>
-#include <stdio.h>
-#include <sys/types.h>
-
-#ifndef _WIN32
-#include <sys/time.h>
-#include <sys/signal.h>
-#include <netinet/in.h>
+#ifndef KRB524INT_H
+#define KRB524INT_H
+
+#include "port-sockets.h"
+#include "kerberosIV/krb.h"
+
+#ifndef KRB524INT_BEGIN_DECLS
+#ifdef __cplusplus
+#define KRB524INT_BEGIN_DECLS extern "C" {
+#define KRB524INT_END_DECLS }
+#else
+#define KRB524INT_BEGIN_DECLS
+#define KRB524INT_END_DECLS
+#endif
+#endif
+
+KRB524INT_BEGIN_DECLS
+
+int krb524_convert_tkt_skey
+ (krb5_context context, krb5_ticket *v5tkt, KTEXT_ST *v4tkt,
+ krb5_keyblock *v5_skey, krb5_keyblock *v4_skey,
+ struct sockaddr_in *saddr);
+
+/* conv_princ.c */
+
+int krb524_convert_princs
+ (krb5_context context, krb5_principal client, krb5_principal server,
+ char *pname, char *pinst, char *prealm,
+ char *sname, char *sinst, char *srealm);
+
+#if TARGET_OS_MAC
+# if defined(__MWERKS__)
+# pragma import reset
+# endif
+# pragma options align=reset
#endif
-#include <krb.h>
-#include "krb524.h"
+KRB524INT_END_DECLS
-void krb524_init_ets(context)
- krb5_context context;
-{
- initialize_k524_error_table();
-}
+#endif /* KRB524INT_H */
#include <des.h>
#include <krb.h>
-#include "krb524.h"
#include "com_err.h"
#define KEYSIZE 8
krb5_context context;
krb5_error_code retval;
+#if 0
krb524_debug = 1;
+#endif
retval = krb5_init_context(&context);
if (retval) {
exit(1);
}
- krb524_init_ets(context);
-
local = 0;
remote = NULL;
argc--; argv++;
+2003-05-24 Ken Raeburn <raeburn@mit.edu>
+
+ * lifetime.c (krb_life_to_time, krb_time_to_life): Rewrite to use
+ support functions in the krb5 library via krb5int_accessor. Moved
+ old implementation into krb5 library.
+
2003-05-12 Tom Yu <tlyu@mit.edu>
* Makefile.in: Add setting of KRB_ERR on Windows.
$(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h
lifetime.so lifetime.po $(OUTPRE)lifetime.$(OBJEXT): lifetime.c $(SRCTOP)/include/kerberosIV/krb.h \
$(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
- $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/k5-int.h \
+ $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
+ $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
g_in_tkt.so g_in_tkt.po $(OUTPRE)g_in_tkt.$(OBJEXT): g_in_tkt.c $(SRCTOP)/include/kerberosIV/krb.h \
$(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
$(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h krb4int.h \
/*
- * Copyright 2000, 2001 by the Massachusetts Institute of Technology.
+ * Copyright 2000, 2001, 2003 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
*/
#include "krb.h"
-
-/*
- * Only lifetime bytes values less than 128 are on a linear scale.
- * The following table contains an exponential scale that covers the
- * lifetime values 128 to 191 inclusive (a total of 64 values).
- * Values greater than 191 get interpreted the same as 191, but they
- * will never be generated by the functions in this file.
- *
- * The ratio is approximately 1.069144898 (actually exactly
- * exp(log(67.5)/63), where 67.5 = 2592000/38400, and 259200 = 30
- * days, and 38400 = 128*5 minutes. This allows a lifetime byte of
- * 191 to correspond to a ticket life of exactly 30 days and a
- * lifetime byte of 128 to correspond to exactly 128*5 minutes, with
- * the other values spread on an exponential curve fit in between
- * them. This table should correspond exactly to the set of extended
- * ticket lifetime values used by AFS and CMU.
- *
- * The following awk script is sufficient to reproduce the table:
- * BEGIN {
- * r = exp(log(2592000/38400)/63);
- * x = 38400;
- * for (i=0;i<64;i++) {
- * printf("%d\n",x+0.5);
- * x *= r;
- * }
- * }
- */
-#ifndef SHORT_LIFETIME
-#define NLIFETIMES 64
-static const KRB4_32 lifetimes[NLIFETIMES] = {
- 38400, 41055, /* 00:10:40:00, 00:11:24:15 */
- 43894, 46929, /* 00:12:11:34, 00:13:02:09 */
- 50174, 53643, /* 00:13:56:14, 00:14:54:03 */
- 57352, 61318, /* 00:15:55:52, 00:17:01:58 */
- 65558, 70091, /* 00:18:12:38, 00:19:28:11 */
- 74937, 80119, /* 00:20:48:57, 00:22:15:19 */
- 85658, 91581, /* 00:23:47:38, 01:01:26:21 */
- 97914, 104684, /* 01:03:11:54, 01:05:04:44 */
- 111922, 119661, /* 01:07:05:22, 01:09:14:21 */
- 127935, 136781, /* 01:11:32:15, 01:13:59:41 */
- 146239, 156350, /* 01:16:37:19, 01:19:25:50 */
- 167161, 178720, /* 01:22:26:01, 02:01:38:40 */
- 191077, 204289, /* 02:05:04:37, 02:08:44:49 */
- 218415, 233517, /* 02:12:40:15, 02:16:51:57 */
- 249664, 266926, /* 02:21:21:04, 03:02:08:46 */
- 285383, 305116, /* 03:07:16:23, 03:12:45:16 */
- 326213, 348769, /* 03:18:36:53, 04:00:52:49 */
- 372885, 398668, /* 04:07:34:45, 04:14:44:28 */
- 426234, 455705, /* 04:22:23:54, 05:06:35:05 */
- 487215, 520904, /* 05:15:20:15, 06:00:41:44 */
- 556921, 595430, /* 06:10:42:01, 06:21:23:50 */
- 636601, 680618, /* 07:08:50:01, 07:21:03:38 */
- 727680, 777995, /* 08:10:08:00, 09:00:06:35 */
- 831789, 889303, /* 09:15:03:09, 10:07:01:43 */
- 950794, 1016537, /* 11:00:06:34, 11:18:22:17 */
- 1086825, 1161973, /* 12:13:53:45, 13:10:46:13 */
- 1242318, 1328218, /* 14:09:05:18, 15:08:56:58 */
- 1420057, 1518247, /* 16:10:27:37, 17:13:44:07 */
- 1623226, 1735464, /* 18:18:53:46, 20:02:04:24 */
- 1855462, 1983758, /* 21:11:24:22, 22:23:02:38 */
- 2120925, 2267576, /* 24:13:08:45, 26:05:52:56 */
- 2424367, 2592000 /* 28:01:26:07, 30:00:00:00 */
-};
-#define MINFIXED 0x80
-#define MAXFIXED (MINFIXED + NLIFETIMES - 1)
-#endif /* !SHORT_LIFETIME */
+#include "k5-int.h"
/*
* krb_life_to_time
KRB4_32 KRB5_CALLCONV
krb_life_to_time(KRB4_32 start, int life)
{
- if (life < 0 || life > 255) /* possibly sign botch in caller */
+ krb5int_access k5internals;
+
+ if (krb5int_accessor(&k5internals, KRB5INT_ACCESS_VERSION)
+ || k5internals.krb_life_to_time == NULL)
return start;
-#ifndef SHORT_LIFETIME
- if (life < MINFIXED)
- return start + life * 5 * 60;
- if (life > MAXFIXED)
- return start + lifetimes[NLIFETIMES - 1];
- return start + lifetimes[life - MINFIXED];
-#else /* SHORT_LIFETIME */
- return start + life * 5 * 60;
-#endif /* SHORT_LIFETIME */
+ return k5internals.krb_life_to_time(start, life);
}
/*
int KRB5_CALLCONV
krb_time_to_life(KRB4_32 start, KRB4_32 end)
{
- KRB4_32 dt;
-#ifndef SHORT_LIFETIME
- int i;
-#endif
+ krb5int_access k5internals;
- dt = end - start;
- if (dt <= 0)
+ if (krb5int_accessor(&k5internals, KRB5INT_ACCESS_VERSION)
+ || k5internals.krb_time_to_life == NULL)
return 0;
-#ifndef SHORT_LIFETIME
- if (dt < lifetimes[0])
- return (dt + 5 * 60 - 1) / (5 * 60);
- /* This depends on the array being ordered. */
- for (i = 0; i < NLIFETIMES; i++) {
- if (lifetimes[i] >= dt)
- return i + MINFIXED;
- }
- return MAXFIXED;
-#else /* SHORT_LIFETIME */
- if (dt > 5 * 60 * 255)
- return 255;
- else
- return (dt + 5 * 60 - 1) / (5 * 60);
-#endif /* SHORT_LIFETIME */
+ return k5internals.krb_time_to_life(start, end);
}
init_ets.c
kdb5_err.et
krb5_err.et
+krb524_err.et
kv5m_err.et
Things-to-lose:
+2003-05-24 Ken Raeburn <raeburn@mit.edu>
+
+ * krb524_err.et: New file, moved from ../../../krb524. Add new
+ error code KRB524_KRB4_DISABLED.
+ * Makefile.in (STLIBOBJS, HDRS, OBJS, ETSRCS, SRCS, awk-windows):
+ Add it.
+ ($(OUTPRE)krb524_err.$(OBJEXT)): List dependence on .c file.
+ * init_ets.c (krb5_init_ets): Call initialize_k524_error_table.
+
2003-03-04 Ken Raeburn <raeburn@mit.edu>
* krb5_err.et (KRB5_ERR_BAD_S2K_PARAMS): New error code.
EHDRDIR=$(BUILDTOP)$(S)include$(S)krb5
STLIBOBJS= asn1_err.o kdb5_err.o krb5_err.o \
- kv5m_err.o init_ets.o
+ kv5m_err.o krb524_err.o init_ets.o
-HDRS= asn1_err.h kdb5_err.h krb5_err.h kv5m_err.h
+HDRS= asn1_err.h kdb5_err.h krb5_err.h kv5m_err.h krb524_err.h
OBJS= $(OUTPRE)asn1_err.$(OBJEXT) $(OUTPRE)kdb5_err.$(OBJEXT) $(OUTPRE)krb5_err.$(OBJEXT) \
- $(OUTPRE)kv5m_err.$(OBJEXT) $(OUTPRE)init_ets.$(OBJEXT)
-ETSRCS= asn1_err.c kdb5_err.c krb5_err.c kv5m_err.c
-SRCS= asn1_err.c kdb5_err.c krb5_err.c kv5m_err.c \
+ $(OUTPRE)kv5m_err.$(OBJEXT) $(OUTPRE)krb524_err.$(OBJEXT) \
+ $(OUTPRE)init_ets.$(OBJEXT)
+ETSRCS= asn1_err.c kdb5_err.c krb5_err.c kv5m_err.c krb524_err.c
+SRCS= asn1_err.c kdb5_err.c krb5_err.c kv5m_err.c krb524_err.c \
$(srcdir)/init_ets.c
##DOS##LIBOBJS = $(OBJS)
$(AWK) -f $(SRCTOP)/util/et/et_h.awk outfile=kdb5_err.h kdb5_err.et
$(AWK) -f $(SRCTOP)/util/et/et_h.awk outfile=krb5_err.h krb5_err.et
$(AWK) -f $(SRCTOP)/util/et/et_h.awk outfile=kv5m_err.h kv5m_err.et
+ $(AWK) -f $(SRCTOP)/util/et/et_h.awk outfile=krb524_err.h krb524_err.et
$(AWK) -f $(SRCTOP)/util/et/et_c.awk outfile=asn1_err.c asn1_err.et
$(AWK) -f $(SRCTOP)/util/et/et_c.awk outfile=kdb5_err.c kdb5_err.et
$(AWK) -f $(SRCTOP)/util/et/et_c.awk outfile=krb5_err.c krb5_err.et
$(AWK) -f $(SRCTOP)/util/et/et_c.awk outfile=kv5m_err.c kv5m_err.et
+ $(AWK) -f $(SRCTOP)/util/et/et_c.awk outfile=krb524_err.c krb524_err.et
if exist asn1_err.h copy asn1_err.h "$(EHDRDIR)"
if exist kdb5_err.h copy kdb5_err.h "$(EHDRDIR)"
if exist krb5_err.h copy krb5_err.h "$(EHDRDIR)"
if exist kv5m_err.h copy kv5m_err.h "$(EHDRDIR)"
+ if exist krb524_err.h copy krb524_err.h "$(EHDRDIR)"
#
# dependencies for traditional makes
$(OUTPRE)kdb5_err.$(OBJEXT): kdb5_err.c
$(OUTPRE)krb5_err.$(OBJEXT): krb5_err.c
$(OUTPRE)kv5m_err.$(OBJEXT): kv5m_err.c
+$(OUTPRE)krb524_err.$(OBJEXT): krb524_err.c
clean-unix:: clean-libobjs
$(RM) $(HDRS) $(ETSRCS)
kdb5_err.so kdb5_err.po $(OUTPRE)kdb5_err.$(OBJEXT): kdb5_err.c $(COM_ERR_DEPS)
krb5_err.so krb5_err.po $(OUTPRE)krb5_err.$(OBJEXT): krb5_err.c $(COM_ERR_DEPS)
kv5m_err.so kv5m_err.po $(OUTPRE)kv5m_err.$(OBJEXT): kv5m_err.c $(COM_ERR_DEPS)
+krb524_err.so krb524_err.po $(OUTPRE)krb524_err.$(OBJEXT): krb524_err.c $(COM_ERR_DEPS)
init_ets.so init_ets.po $(OUTPRE)init_ets.$(OBJEXT): init_ets.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
$(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
initialize_kv5m_error_table();
initialize_kdb5_error_table();
initialize_asn1_error_table();
+ initialize_k524_error_table();
}
void
error_code KRB524_ENCFULL, "Encoding too large"
error_code KRB524_DECEMPTY, "Decoding out of data"
error_code KRB524_NOTRESP, "Service not responding"
+error_code KRB524_KRB4_DISABLED, "Kerberos version 4 support is disabled"
end
cleanup.h
configure
configure.in
+conv_creds.c
conv_princ.c
copy_addrs.c
copy_athctr.c
t_ser.c
tgtname.c
unparse.c
+v4lifetime.c
valid_times.c
walk_rtree.c
+2003-05-24 Ken Raeburn <raeburn@mit.edu>
+
+ * conv_creds.c: New file, moved from krb524/conv_creds.c and
+ krb524/encode.c. Rename exported encode routine, make other
+ encode and decode routines static. If KRB5_KRB4_COMPAT is not
+ defined, return an error.
+ * v4lifetime.c: New file, moved from lib/krb4/lifetime.c. Renamed
+ functions, changed interface to use krb5 types.
+ * Makefile.in (STLIBOBJS, OBJS, SRCS): Add them.
+
2003-05-23 Sam Hartman <hartmans@mit.edu>
* get_in_tkt.c (krb5_get_init_creds): Initialize options based on
bld_princ.o \
chk_trans.o \
chpw.o \
+ conv_creds.o \
conv_princ.o \
copy_addrs.o \
copy_auth.o \
str_conv.o \
tgtname.o \
unparse.o \
+ v4lifetime.o \
valid_times.o \
vfy_increds.o \
vic_opt.o \
$(OUTPRE)bld_princ.$(OBJEXT) \
$(OUTPRE)chk_trans.$(OBJEXT) \
$(OUTPRE)chpw.$(OBJEXT) \
+ $(OUTPRE)conv_creds.$(OBJEXT) \
$(OUTPRE)conv_princ.$(OBJEXT) \
$(OUTPRE)copy_addrs.$(OBJEXT) \
$(OUTPRE)copy_auth.$(OBJEXT) \
$(OUTPRE)str_conv.$(OBJEXT) \
$(OUTPRE)tgtname.$(OBJEXT) \
$(OUTPRE)unparse.$(OBJEXT) \
+ $(OUTPRE)v4lifetime.$(OBJEXT) \
$(OUTPRE)valid_times.$(OBJEXT) \
$(OUTPRE)vfy_increds.$(OBJEXT) \
$(OUTPRE)vic_opt.$(OBJEXT) \
$(srcdir)/brand.c \
$(srcdir)/chk_trans.c \
$(srcdir)/chpw.c \
+ $(srcdir)/conv_creds.c \
$(srcdir)/conv_princ.c \
$(srcdir)/copy_addrs.c \
$(srcdir)/copy_auth.c \
$(srcdir)/str_conv.c \
$(srcdir)/tgtname.c \
$(srcdir)/unparse.c \
+ $(srcdir)/v4lifetime.c \
$(srcdir)/valid_times.c \
$(srcdir)/vfy_increds.c \
$(srcdir)/vic_opt.c \
$(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
$(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/krb5_err.h \
auth_con.h
+conv_creds.so conv_creds.po $(OUTPRE)conv_creds.$(OBJEXT): conv_creds.c $(SRCTOP)/include/k5-int.h \
+ $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
+ $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+ $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/kerberosIV/krb.h \
+ $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP)
conv_princ.so conv_princ.po $(OUTPRE)conv_princ.$(OBJEXT): conv_princ.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
$(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
$(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
$(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
$(SRCTOP)/include/krb5/kdb.h
+v4lifetime.so v4lifetime.po $(OUTPRE)v4lifetime.$(OBJEXT): v4lifetime.c $(SRCTOP)/include/k5-int.h \
+ $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
+ $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+ $(SRCTOP)/include/krb5/kdb.h
valid_times.so valid_times.po $(OUTPRE)valid_times.$(OBJEXT): valid_times.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
$(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
--- /dev/null
+/*
+ * Copyright 1994 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose. It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "k5-int.h"
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include "port-sockets.h"
+#include "socket-utils.h"
+
+#ifdef KRB5_KRB4_COMPAT
+#include "kerberosIV/krb.h"
+
+#ifdef USE_CCAPI
+#include <CredentialsCache.h>
+#endif
+
+#define krb524_debug krb5int_krb524_debug
+int krb524_debug = 0;
+
+static krb5_error_code krb524_convert_creds_plain
+(krb5_context context, krb5_creds *v5creds,
+ CREDENTIALS *v4creds);
+
+static int decode_v4tkt
+ (struct ktext *v4tkt, char *buf, unsigned int *encoded_len);
+
+krb5_error_code
+krb524_convert_creds_kdc(krb5_context context, krb5_creds *v5creds,
+ CREDENTIALS *v4creds)
+{
+ krb5_error_code ret;
+ krb5_data reply;
+ char *p;
+ struct sockaddr_storage ss;
+ socklen_t slen = sizeof(ss);
+
+ ret = krb524_convert_creds_plain(context, v5creds, v4creds);
+ if (ret)
+ return ret;
+
+ reply.data = NULL;
+ ret = krb5int_524_sendto_kdc(context, &v5creds->ticket,
+ &v5creds->server->realm, &reply,
+ ss2sa(&ss), &slen);
+ if (ret)
+ return ret;
+
+#if TARGET_OS_MAC
+#ifdef USE_CCAPI
+ v4creds->stk_type = cc_v4_stk_des;
+#endif
+ if (slen == sizeof(struct sockaddr_in)
+ && ss2sa(&ss)->sa_family == AF_INET) {
+ v4creds->address = ss2sin(&ss)->sin_addr.s_addr;
+ }
+ /* Otherwise, leave it set to all-zero. */
+#endif
+
+ p = reply.data;
+ ret = ntohl(*((krb5_error_code *) p));
+ p += sizeof(krb5_int32);
+ reply.length -= sizeof(krb5_int32);
+ if (ret)
+ goto fail;
+
+ v4creds->kvno = ntohl(*((krb5_error_code *) p));
+ p += sizeof(krb5_int32);
+ reply.length -= sizeof(krb5_int32);
+ ret = decode_v4tkt(&v4creds->ticket_st, p, &reply.length);
+
+fail:
+ if (reply.data)
+ free(reply.data);
+ reply.data = NULL;
+ return ret;
+}
+
+static krb5_error_code
+krb524_convert_creds_plain(context, v5creds, v4creds)
+ krb5_context context;
+ krb5_creds *v5creds;
+ CREDENTIALS *v4creds;
+{
+ int ret;
+ krb5_timestamp endtime;
+ char dummy[REALM_SZ];
+ memset((char *) v4creds, 0, sizeof(CREDENTIALS));
+
+ if ((ret = krb5_524_conv_principal(context, v5creds->client,
+ v4creds->pname, v4creds->pinst,
+ dummy)))
+ return ret;
+ if ((ret = krb5_524_conv_principal(context, v5creds->server,
+ v4creds->service, v4creds->instance,
+ v4creds->realm)))
+ return ret;
+
+ /* Check enctype too */
+ if (v5creds->keyblock.length != sizeof(C_Block)) {
+ if (krb524_debug)
+ fprintf(stderr, "v5 session keyblock length %d != C_Block size %d\n",
+ v5creds->keyblock.length,
+ (int) sizeof(C_Block));
+ return KRB524_BADKEY;
+ } else
+ memcpy(v4creds->session, (char *) v5creds->keyblock.contents,
+ sizeof(C_Block));
+
+ /* V4 has no concept of authtime or renew_till, so ignore them */
+ v4creds->issue_date = v5creds->times.starttime;
+ v4creds->lifetime = krb5int_krb_time_to_life(v5creds->times.starttime,
+ v5creds->times.endtime);
+ endtime = krb5int_krb_life_to_time(v5creds->times.starttime,
+ v4creds->lifetime);
+ /*
+ * Adjust start time backwards to deal with rounding up in
+ * krb_time_to_life(), to match code on server side.
+ */
+ if (endtime > v5creds->times.endtime)
+ v4creds->issue_date -= endtime - v5creds->times.endtime;
+
+ return 0;
+}
+
+/* this used to be krb524/encode.c, under same copyright as above */
+/*
+ * I'm sure that this is reinventing the wheel, but I don't know where
+ * the wheel is hidden.
+ */
+
+int encode_v4tkt (KTEXT_ST *, char *, unsigned int *);
+static int encode_bytes (char **, int *, char *, unsigned int),
+ encode_int32 (char **, int *, krb5_int32 *);
+
+static int decode_bytes (char **, int *, char *, unsigned int),
+ decode_int32 (char **, int *, krb5_int32 *);
+
+static int encode_bytes(out, outlen, in, len)
+ char **out;
+ int *outlen;
+ char *in;
+ unsigned int len;
+{
+ if (len > *outlen)
+ return KRB524_ENCFULL;
+ memcpy(*out, in, len);
+ *out += len;
+ *outlen -= len;
+ return 0;
+}
+
+static int encode_int32(out, outlen, v)
+ char **out;
+ int *outlen;
+ krb5_int32 *v;
+{
+ krb5_int32 nv; /* Must be 4 bytes */
+
+ nv = htonl(*v);
+ return encode_bytes(out, outlen, (char *) &nv, sizeof(nv));
+}
+
+int krb5int_encode_v4tkt(v4tkt, buf, encoded_len)
+ KTEXT_ST *v4tkt;
+ char *buf;
+ unsigned int *encoded_len;
+{
+ int buflen, ret;
+
+ buflen = *encoded_len;
+
+ if ((ret = encode_int32(&buf, &buflen, &v4tkt->length)))
+ return ret;
+ if ((ret = encode_bytes(&buf, &buflen, (char *)v4tkt->dat, MAX_KTXT_LEN)))
+ return ret;
+ if ((ret = encode_int32(&buf, &buflen, (krb5_int32 *) &v4tkt->mbz)))
+ return ret;
+
+ *encoded_len -= buflen;
+ return 0;
+}
+
+/* decode functions */
+
+static int decode_bytes(out, outlen, in, len)
+ char **out;
+ int *outlen;
+ char *in;
+ unsigned int len;
+{
+ if (len > *outlen)
+ return KRB524_DECEMPTY;
+ memcpy(in, *out, len);
+ *out += len;
+ *outlen -= len;
+ return 0;
+}
+
+static int decode_int32(out, outlen, v)
+ char **out;
+ int *outlen;
+ krb5_int32 *v;
+{
+ int ret;
+ krb5_int32 nv; /* Must be four bytes */
+
+ if ((ret = decode_bytes(out, outlen, (char *) &nv, sizeof(nv))))
+ return ret;
+ *v = ntohl(nv);
+ return 0;
+}
+
+static int decode_v4tkt(v4tkt, buf, encoded_len)
+ KTEXT_ST *v4tkt;
+ char *buf;
+ unsigned int *encoded_len;
+{
+ int buflen, ret;
+
+ buflen = *encoded_len;
+ if ((ret = decode_int32(&buf, &buflen, &v4tkt->length)))
+ return ret;
+ if ((ret = decode_bytes(&buf, &buflen, (char *)v4tkt->dat, MAX_KTXT_LEN)))
+ return ret;
+ if ((ret = decode_int32(&buf, &buflen, (krb5_int32 *) &v4tkt->mbz)))
+ return ret;
+ *encoded_len -= buflen;
+ return 0;
+}
+
+#else /* no krb4 compat */
+
+krb5_error_code
+krb524_convert_creds_kdc(krb5_context context, krb5_creds *v5creds,
+ struct credentials *v4creds)
+{
+ return KRB524_KRB4_DISABLED;
+}
+
+#endif
--- /dev/null
+/*
+ * Copyright 2000, 2001, 2003 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ */
+
+#include "k5-int.h"
+
+/*
+ * Only lifetime bytes values less than 128 are on a linear scale.
+ * The following table contains an exponential scale that covers the
+ * lifetime values 128 to 191 inclusive (a total of 64 values).
+ * Values greater than 191 get interpreted the same as 191, but they
+ * will never be generated by the functions in this file.
+ *
+ * The ratio is approximately 1.069144898 (actually exactly
+ * exp(log(67.5)/63), where 67.5 = 2592000/38400, and 259200 = 30
+ * days, and 38400 = 128*5 minutes. This allows a lifetime byte of
+ * 191 to correspond to a ticket life of exactly 30 days and a
+ * lifetime byte of 128 to correspond to exactly 128*5 minutes, with
+ * the other values spread on an exponential curve fit in between
+ * them. This table should correspond exactly to the set of extended
+ * ticket lifetime values used by AFS and CMU.
+ *
+ * The following awk script is sufficient to reproduce the table:
+ * BEGIN {
+ * r = exp(log(2592000/38400)/63);
+ * x = 38400;
+ * for (i=0;i<64;i++) {
+ * printf("%d\n",x+0.5);
+ * x *= r;
+ * }
+ * }
+ */
+#ifndef SHORT_LIFETIME
+#define NLIFETIMES 64
+static const krb5_int32 lifetimes[NLIFETIMES] = {
+ 38400, 41055, /* 00:10:40:00, 00:11:24:15 */
+ 43894, 46929, /* 00:12:11:34, 00:13:02:09 */
+ 50174, 53643, /* 00:13:56:14, 00:14:54:03 */
+ 57352, 61318, /* 00:15:55:52, 00:17:01:58 */
+ 65558, 70091, /* 00:18:12:38, 00:19:28:11 */
+ 74937, 80119, /* 00:20:48:57, 00:22:15:19 */
+ 85658, 91581, /* 00:23:47:38, 01:01:26:21 */
+ 97914, 104684, /* 01:03:11:54, 01:05:04:44 */
+ 111922, 119661, /* 01:07:05:22, 01:09:14:21 */
+ 127935, 136781, /* 01:11:32:15, 01:13:59:41 */
+ 146239, 156350, /* 01:16:37:19, 01:19:25:50 */
+ 167161, 178720, /* 01:22:26:01, 02:01:38:40 */
+ 191077, 204289, /* 02:05:04:37, 02:08:44:49 */
+ 218415, 233517, /* 02:12:40:15, 02:16:51:57 */
+ 249664, 266926, /* 02:21:21:04, 03:02:08:46 */
+ 285383, 305116, /* 03:07:16:23, 03:12:45:16 */
+ 326213, 348769, /* 03:18:36:53, 04:00:52:49 */
+ 372885, 398668, /* 04:07:34:45, 04:14:44:28 */
+ 426234, 455705, /* 04:22:23:54, 05:06:35:05 */
+ 487215, 520904, /* 05:15:20:15, 06:00:41:44 */
+ 556921, 595430, /* 06:10:42:01, 06:21:23:50 */
+ 636601, 680618, /* 07:08:50:01, 07:21:03:38 */
+ 727680, 777995, /* 08:10:08:00, 09:00:06:35 */
+ 831789, 889303, /* 09:15:03:09, 10:07:01:43 */
+ 950794, 1016537, /* 11:00:06:34, 11:18:22:17 */
+ 1086825, 1161973, /* 12:13:53:45, 13:10:46:13 */
+ 1242318, 1328218, /* 14:09:05:18, 15:08:56:58 */
+ 1420057, 1518247, /* 16:10:27:37, 17:13:44:07 */
+ 1623226, 1735464, /* 18:18:53:46, 20:02:04:24 */
+ 1855462, 1983758, /* 21:11:24:22, 22:23:02:38 */
+ 2120925, 2267576, /* 24:13:08:45, 26:05:52:56 */
+ 2424367, 2592000 /* 28:01:26:07, 30:00:00:00 */
+};
+#define MINFIXED 0x80
+#define MAXFIXED (MINFIXED + NLIFETIMES - 1)
+#endif /* !SHORT_LIFETIME */
+
+/*
+ * krb_life_to_time
+ *
+ * Given a start date and a lifetime byte, compute the expiration
+ * date.
+ */
+krb5_int32
+krb5int_krb_life_to_time(krb5_int32 start, int life)
+{
+ if (life < 0 || life > 255) /* possibly sign botch in caller */
+ return start;
+#ifndef SHORT_LIFETIME
+ if (life < MINFIXED)
+ return start + life * 5 * 60;
+ if (life > MAXFIXED)
+ return start + lifetimes[NLIFETIMES - 1];
+ return start + lifetimes[life - MINFIXED];
+#else /* SHORT_LIFETIME */
+ return start + life * 5 * 60;
+#endif /* SHORT_LIFETIME */
+}
+
+/*
+ * krb_time_to_life
+ *
+ * Given the start date and the end date, compute the lifetime byte.
+ * Round up, since we can adjust the start date backwards if we are
+ * issuing the ticket to cause it to expire at the correct time.
+ */
+int
+krb5int_krb_time_to_life(krb5_int32 start, krb5_int32 end)
+{
+ krb5_int32 dt;
+#ifndef SHORT_LIFETIME
+ int i;
+#endif
+
+ dt = end - start;
+ if (dt <= 0)
+ return 0;
+#ifndef SHORT_LIFETIME
+ if (dt < lifetimes[0])
+ return (dt + 5 * 60 - 1) / (5 * 60);
+ /* This depends on the array being ordered. */
+ for (i = 0; i < NLIFETIMES; i++) {
+ if (lifetimes[i] >= dt)
+ return i + MINFIXED;
+ }
+ return MAXFIXED;
+#else /* SHORT_LIFETIME */
+ if (dt > 5 * 60 * 255)
+ return 255;
+ else
+ return (dt + 5 * 60 - 1) / (5 * 60);
+#endif /* SHORT_LIFETIME */
+}
read_pwd.c
realm_dom.c
ref_std_conf.out
+send524.c
sendto_kdc.c
sn2princ.c
timeofday.c
+2003-05-24 Ken Raeburn <raeburn@mit.edu>
+
+ * send524.c: New file, moved from krb524/sendmsg.c. Rename
+ function to have krb5int_ prefix. If KRB5_KRB4_COMPAT not
+ defined, return an error.
+ * accessor.c (krb5int_accessor): Update for deleted and added
+ fields. If KRB5_KRB4_COMPAT is not defined, just use null
+ pointers for the new fields.
+
2003-05-06 Alexandra Ellwood <lxs@mit.edu>
+
* init_os_ctx.c: Added support for KLL's __KLAllowHomeDirectoryAccess()
function so that krb4, krb5 and gssapi will not access the user's homedir
if the application forbids it.
read_pwd.o \
realm_dom.o \
realm_iter.o \
+ send524.o \
sendto_kdc.o \
sn2princ.o \
timeofday.o \
$(OUTPRE)read_pwd.$(OBJEXT) \
$(OUTPRE)realm_dom.$(OBJEXT) \
$(OUTPRE)realm_iter.$(OBJEXT) \
+ $(OUTPRE)send524.$(OBJEXT) \
$(OUTPRE)sendto_kdc.$(OBJEXT) \
$(OUTPRE)sn2princ.$(OBJEXT) \
$(OUTPRE)timeofday.$(OBJEXT) \
$(srcdir)/realm_dom.c \
$(srcdir)/realm_iter.c \
$(srcdir)/port2ip.c \
+ $(srcdir)/send524.c \
$(srcdir)/sendto_kdc.c \
$(srcdir)/sn2princ.c \
$(srcdir)/timeofday.c \
$(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
$(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
$(SRCTOP)/include/krb5/kdb.h os-proto.h
+send524.so send524.po $(OUTPRE)send524.$(OBJEXT): send524.c $(SRCTOP)/include/fake-addrinfo.h \
+ $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/k5-int.h \
+ $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/krb5/kdb.h \
+ os-proto.h
sendto_kdc.so sendto_kdc.po $(OUTPRE)sendto_kdc.$(OBJEXT): sendto_kdc.c $(SRCTOP)/include/fake-addrinfo.h \
$(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/k5-int.h \
if (version == KRB5INT_ACCESS_VERSION)
{
krb5int_access internals_temp;
- internals_temp.krb5_locate_server = krb5int_locate_server;
- internals_temp.krb5_locate_kdc = krb5_locate_kdc;
internals_temp.free_addrlist = krb5int_free_addrlist;
- internals_temp.krb5_max_skdc_timeout = krb5_max_skdc_timeout;
- internals_temp.krb5_skdc_timeout_shift = krb5_skdc_timeout_shift;
- internals_temp.krb5_skdc_timeout_1 = krb5_skdc_timeout_1;
- internals_temp.krb5_max_dgram_size = krb5_max_dgram_size;
internals_temp.krb5_hmac = krb5_hmac;
internals_temp.md5_hash_provider = &krb5int_hash_md5;
internals_temp.arcfour_enc_provider = &krb5int_enc_arcfour;
internals_temp.sendto_udp = &krb5int_sendto;
internals_temp.add_host_to_list = krb5int_add_host_to_list;
+#ifdef KRB5_KRB4_COMPAT
+ internals_temp.krb_life_to_time = krb5int_krb_life_to_time;
+ internals_temp.krb_time_to_life = krb5int_krb_time_to_life;
+ internals_temp.krb524_encode_v4tkt = krb5int_encode_v4tkt;
+#else
+ internals_temp.krb_life_to_time = 0;
+ internals_temp.krb_time_to_life = 0;
+ internals_temp.krb524_encode_v4tkt = 0;
+#endif
*internals = internals_temp;
return 0;
}
#include <stdlib.h>
#include <string.h>
-#include <krb.h>
-#include "krb524.h"
+#include "os-proto.h"
/*
* krb524_sendto_kdc:
*/
krb5_error_code
-krb524_sendto_kdc (context, message, realm, reply, addr, addrlen)
+krb5int_524_sendto_kdc (context, message, realm, reply, addr, addrlen)
krb5_context context;
const krb5_data * message;
const krb5_data * realm;
struct sockaddr *addr;
socklen_t *addrlen;
{
+#ifdef KRB5_KRB4_COMPAT
int i;
struct addrlist al = ADDRLIST_INIT;
struct servent *serv;
krb5_error_code retval;
- krb5int_access internals;
int port;
- retval = krb5int_accessor(&internals, KRB5INT_ACCESS_VERSION);
- if (retval)
- return retval;
/*
* find KDC location(s) for realm
*/
serv = getservbyname(KRB524_SERVICE, "udp");
port = serv ? serv->s_port : htons (KRB524_PORT);
- retval = internals.krb5_locate_server(context, realm, &al, 0,
- "krb524_server", "_krb524",
- SOCK_DGRAM, port,
- 0, PF_INET);
+ retval = krb5int_locate_server(context, realm, &al, 0,
+ "krb524_server", "_krb524",
+ SOCK_DGRAM, port,
+ 0, PF_INET);
if (retval == KRB5_REALM_CANT_RESOLVE || retval == KRB5_REALM_UNKNOWN) {
/* Fallback heuristic: Assume krb524 port on every KDC might
work. */
- retval = internals.krb5_locate_kdc(context, realm, &al, 0,
- SOCK_DGRAM, PF_INET);
+ retval = krb5_locate_kdc(context, realm, &al, 0, SOCK_DGRAM, PF_INET);
/*
* Bash the ports numbers.
*/
if (al.naddrs == 0)
return KRB5_REALM_UNKNOWN;
- retval = internals.sendto_udp (context, message, &al, reply, addr,
- addrlen);
- internals.free_addrlist (&al);
+ retval = krb5int_sendto (context, message, &al, reply, addr, addrlen);
+ krb5int_free_addrlist (&al);
return retval;
+#else
+ return KRB524_KRB4_DISABLED;
+#endif
}
+2003-05-23 Ken Raeburn <raeburn@mit.edu>
+
+ * depfix.sed: Don't check for krb524 headers.
+
2003-05-18 Ken Raeburn <raeburn@mit.edu>
* depgen.sed: Put print command on separate lines from
# Some krb4 dependencies should only be present if building with krb4 enabled
s;\$(BUILDTOP)/include/kerberosIV/krb_err.h ;$(KRB_ERR_H_DEP) ;g
-s;\$(BUILDTOP)/include/krb524.h ;$(KRB524_H_DEP) ;g
-s;\$(BUILDTOP)/include/krb524_err.h ;$(KRB524_ERR_H_DEP) ;g
# now delete trailing whitespace
s; *$;;g
projects / krb5.git / commitdiff