+Mon Mar 27 07:56:26 1995 Chris Provenzano (proven@mit.edu)
+
+ * krcp.c (send_auth()): Use new calling convention for krb5_rd_req().
+
+ * krshd.c (recvauth()): Use new calling convention for
+ krb5_compat_recvauth().
+
+ * krlogind.c (recvauth()): Use new calling convention for
+ krb5_compat_recvauth().
+
Thu Mar 23 23:23:25 1995 Theodore Y. Ts'o <tytso@dcl>
* Makefile.in (krshd): Move $(K4LIB) after $(KLIB) so that if
* krlogind.c (main, doit): Minor type fixes to gethostbyname(),
accept().
+Tue Mar 14 12:30:23 1995 Chris Provenzano (proven@mit.edu)
+
+ * kcmd.c (kcmd()): Don't pass any data to sendauth() to be
+ checksummed. The remote side doesn't check it anyway.
+
Fri Mar 10 18:32:22 1995 Theodore Y. Ts'o <tytso@dcl>
* kcmd.c (kcmd): Initialize ret_cred to zero so that in case of an
krb5_error_code status;
krb5_error *err_ret;
krb5_ap_rep_enc_part *rep_ret;
- krb5_data in_data;
- char *tmpstr = 0;
krb5_error *error = 0;
int sin_len;
krb5_ccache cc;
sin_len = strlen(host_save) + strlen(service)
+ (realm ? strlen(realm): 0) + 3;
if ( sin_len < 20 ) sin_len = 20;
- tmpstr = (char *) malloc(sin_len);
- if ( tmpstr == (char *) 0){
- fprintf(stderr,"kcmd: no memory\n");
- return(-1);
- }
if (!(get_cred = (krb5_creds *)calloc(1, sizeof(krb5_creds)))) {
fprintf(stderr,"kcmd: no memory\n");
#else
sigsetmask(oldmask);
#endif /* POSIX_SIGNALS */
- if (tmpstr) krb5_xfree(tmpstr);
krb5_free_creds(bsd_context, get_cred);
return (-1);
}
#else
sigsetmask(oldmask);
#endif /* POSIX_SIGNALS */
- if (tmpstr) krb5_xfree(tmpstr);
krb5_free_creds(bsd_context, get_cred);
return (-1);
}
goto bad2;
}
- in_data.data = tmpstr;
- in_data.length = strlen(tmpstr);
-
status = krb5_cc_default(bsd_context, &cc);
if (status) goto bad2;
authentication. */
status = krb5_sendauth(bsd_context, &auth_context, (krb5_pointer) &s,
"KCMDV0.1", ret_cred->client, ret_cred->server,
- authopts,
- &in_data,
- ret_cred,
- 0, /* We have the credentials */
- &error, /* No error return */
- &rep_ret, NULL);
+ authopts, NULL, ret_cred, 0, &error, &rep_ret, NULL);
if (status) {
printf("Couldn't authenticate to server: %s\n", error_message(status));
if (error) {
sigsetmask(oldmask);
#endif /* POSIX_SIGNALS */
*sock = s;
- if (tmpstr) krb5_xfree(tmpstr);
/* pass back credentials if wanted */
if (cred) krb5_copy_creds(bsd_context, ret_cred, cred);
#else
sigsetmask(oldmask);
#endif /* POSIX_SIGNALS */
- if (tmpstr) krb5_xfree(tmpstr);
if (ret_cred)
krb5_free_creds(bsd_context, ret_cred);
return (status);
#define SIZEOF_INADDR sizeof(struct in_addr)
#endif
-krb5_error_code tgt_keyproc(context, keyprocarg, principal, vno, keytype, key)
- krb5_context context;
- krb5_pointer keyprocarg;
- krb5_principal principal;
- krb5_kvno vno;
- krb5_keytype keytype;
- krb5_keyblock ** key;
-{
- krb5_creds *creds = (krb5_creds *)keyprocarg;
-
- return krb5_copy_keyblock(context, &creds->keyblock, key);
-}
-
-
-
void send_auth()
{
int sin_len;
krb5_ccache cc;
krb5_creds in_creds, *out_creds;
krb5_data reply, princ_data;
- krb5_tkt_authent *authdat;
krb5_error_code status;
krb5_address faddr;
+ krb5_ticket * ticket = NULL;
+ krb5_auth_context * auth_context = NULL;
if (status = krb5_cc_default(bsd_context, &cc)){
faddr.addrtype = foreign.sin_family;
faddr.length = SIZEOF_INADDR;
faddr.contents = (krb5_octet *) &foreign.sin_addr;
+
+ if (krb5_auth_con_init(bsd_context, &auth_context))
+ exit(1);
+
+ krb5_auth_con_setaddrs(bsd_context, auth_context, NULL, &faddr);
+
+ if (krb5_auth_con_setuseruserkey(bsd_context, auth_context,
+ &out_creds->keyblock))
+ exit(1);
/* read the ap_req to get the session key */
- status = krb5_rd_req(bsd_context, &reply,
+ status = krb5_rd_req(bsd_context, &auth_context, &reply,
0, /* don't know server's name... */
- &faddr,
- 0, /* no fetchfrom */
- tgt_keyproc,
- (krb5_pointer)out_creds, /* credentials as arg to
- keyproc */
- 0, /* no rcache for the moment XXX */
- &authdat);
+ NULL, /* default keytab */
+ NULL, & ticket);
krb5_xfree(reply.data);
if (status) {
fprintf(stderr, "rcp: send_auth failed krb5_rd_req: %s\n",
exit(1);
}
- krb5_copy_keyblock(bsd_context, authdat->ticket->enc_part2->session,
+ krb5_copy_keyblock(bsd_context, ticket->enc_part2->session,
&session_key);
- krb5_free_tkt_authent(bsd_context, authdat);
krb5_free_creds(bsd_context, out_creds);
krb5_use_keytype(bsd_context, &eblock, session_key->keytype);
krb5_error_code
recvauth()
{
+ krb5_auth_context * auth_context = NULL;
krb5_error_code status;
struct sockaddr_in peersin, laddr;
char krb_vers[KRB_SENDAUTH_VLEN + 1];
strcpy(v4_instance, "*");
- status = krb5_compat_recvauth(bsd_context, &netf,
+ if (status = krb5_auth_con_init(bsd_context, &auth_context))
+ return status;
+
+ krb5_auth_con_setaddrs(bsd_context, auth_context, NULL, &peeraddr);
+
+ if (status = krb5_compat_recvauth(bsd_context, &auth_context, &netf,
"KCMDV0.1",
- server, /* Specify daemon principal */
- &peeraddr, /* We do want to match */
- /* this against caddrs in */
- /* the ticket */
- 0, /* use v5srvtab */
- 0, /* no keyproc */
- 0, /* no keyprocarg */
- 0, /* default rc_type */
- 0, /* no flags */
+ server, /* Specify daemon principal */
+ 0, /* default rc_type */
+ 0, /* no flags */
+ NULL, /* default keytab */
do_encrypt ? KOPT_DO_MUTUAL : 0, /*v4_opts*/
- "rcmd", /* v4_service */
- v4_instance, /* v4_instance */
- &peersin, /* foriegn address */
- &laddr, /* our local address */
- "", /* use default srvtab */
-
- &auth_sys, /* which authentication system */
- 0, /* no seq number */
- &client, /* return client */
- &ticket, /* return ticket */
- &kdata, /* return authenticator */
-
- &v4_kdata, v4_schedule, v4_version);
-
- if (status) {
+ "rcmd", /* v4_service */
+ v4_instance, /* v4_instance */
+ &peersin, /* foriegn address */
+ &laddr, /* our local address */
+ "", /* use default srvtab */
+
+ &ticket, /* return ticket */
+ &auth_sys, /* which authentication system*/
+ &v4_kdata, v4_schedule, v4_version)) {
+
if (auth_sys == KRB5_RECVAUTH_V5) {
/*
* clean up before exiting
getstr(netf, lusername, sizeof (lusername), "locuser");
getstr(netf, term, sizeof(term), "Terminal type");
+ if (status = krb5_copy_principal(bsd_context, ticket->enc_part2->client,
+ &client))
+ return status;
+
#ifdef KRB5_KRB4_COMPAT
if (auth_sys == KRB5_RECVAUTH_V4) {
struct sockaddr_in peersin;
krb5_address peeraddr;
{
+ krb5_auth_context *auth_context = NULL;
krb5_error_code status;
struct sockaddr_in laddr;
char krb_vers[KRB_SENDAUTH_VLEN + 1];
strcpy(v4_instance, "*");
- status = krb5_compat_recvauth(bsd_context, &netf,
+ if (status = krb5_auth_con_init(bsd_context, &auth_context))
+ return status;
+
+ krb5_auth_con_setaddrs(bsd_context, auth_context, NULL, &peeraddr);
+
+ status = krb5_compat_recvauth(bsd_context, &auth_context, &netf,
"KCMDV0.1",
server, /* Specify daemon principal */
- &peeraddr, /* We do want to match */
- /* this against caddrs in */
- /* the ticket */
- 0, /* use v5srvtab */
- 0, /* no keyproc */
- 0, /* no keyprocarg */
- 0, /* default rc_type */
- 0, /* no flags */
-
+ 0, /* default rc_type */
+ 0, /* no flags */
+ NULL, /* default keytab */
0, /* v4_opts */
"rcmd", /* v4_service */
v4_instance, /* v4_instance */
&laddr, /* our local address */
"", /* use default srvtab */
- &auth_sys, /* which authentication system */
- 0, /* no seq number */
- &client, /* return client */
&ticket, /* return ticket */
- &kdata, /* return authenticator */
-
+ &auth_sys, /* which authentication system*/
&v4_kdata, 0, v4_version);
if (status) {
getstr(netf, remuser, sizeof(locuser), "remuser");
- if (status = krb5_unparse_name(bsd_context, client, &kremuser))
+ if (status = krb5_unparse_name(bsd_context, ticket->enc_part2->client,
+ &kremuser))
return status;
/* Setup eblock for encrypted sessions. */