+2003-05-19 Sam Hartman <hartmans@mit.edu>
+
+ * k5-int.h: Prototype krb5int_populate_gic_opt
+
2003-05-18 Tom Yu <tlyu@mit.edu>
* k5-int.h: Sequence numbers are now unsigned.
/*
- * Copyright (C) 1989,1990,1991,1992,1993,1994,1995,2000,2001 by the Massachusetts Institute of Technology,
+ * Copyright (C) 1989,1990,1991,1992,1993,1994,1995,2000,2001, 2003 by the Massachusetts Institute of Technology,
* Cambridge, MA, USA. All Rights Reserved.
*
* This software is being provided to you, the LICENSEE, by the
int master,
krb5_kdc_rep **as_reply);
+krb5_error_code krb5int_populate_gic_opt (
+ krb5_context, krb5_get_init_creds_opt *,
+ krb5_flags options, krb5_address * const *addrs, krb5_enctype *ktypes,
+ krb5_preauthtype *pre_auth_types);
+
krb5_error_code krb5_do_preauth
(krb5_context, krb5_kdc_req *,
gen_subkey.c
get_creds.c
get_in_tkt.c
-in_tkt_ktb.c
-in_tkt_pwd.c
in_tkt_sky.c
init_ctx.c
int-proto.h
+2003-05-20 Sam Hartman <hartmans@mit.edu>
+
+ * Makefile.in (SRCS): Remove in_ktb.c
+
+ * gic_keytab.c (krb5_get_in_tkt_with_keytab): Move from
+ in_tkt_keytab.c and rewrite to use krb5_get_init_creds
+
+ * gic_pwd.c (krb5_get_in_tkt_with_password): Moved here from
+ in_tkt_pwd.c so it can share code with
+ krb5_get_init_creds_password. Rewritten to call
+ krb5_get_in_tkt_password
+
+ * Makefile.in (SRCS): Delete in_tkt_pwd.c
+
2003-05-18 Tom Yu <tlyu@mit.edu>
* auth_con.h: Sequence numbers are now unsigned.
gic_keytab.o \
gic_opt.o \
gic_pwd.o \
- in_tkt_ktb.o \
- in_tkt_pwd.o \
in_tkt_sky.o \
init_ctx.o \
init_keyblock.o \
$(OUTPRE)gic_keytab.$(OBJEXT) \
$(OUTPRE)gic_opt.$(OBJEXT) \
$(OUTPRE)gic_pwd.$(OBJEXT) \
- $(OUTPRE)in_tkt_ktb.$(OBJEXT) \
- $(OUTPRE)in_tkt_pwd.$(OBJEXT) \
$(OUTPRE)in_tkt_sky.$(OBJEXT) \
$(OUTPRE)init_ctx.$(OBJEXT) \
$(OUTPRE)init_keyblock.$(OBJEXT) \
$(srcdir)/gic_keytab.c \
$(srcdir)/gic_opt.c \
$(srcdir)/gic_pwd.c \
- $(srcdir)/in_tkt_ktb.c \
- $(srcdir)/in_tkt_pwd.c \
$(srcdir)/in_tkt_sky.c \
$(srcdir)/init_ctx.c \
$(srcdir)/init_keyblock.c \
return(ret);
}
+krb5_error_code KRB5_CALLCONV
+krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options,
+ krb5_address *const *addrs, krb5_enctype *ktypes,
+ krb5_preauthtype *pre_auth_types,
+ krb5_keytab arg_keytab, krb5_ccache ccache,
+ krb5_creds *creds, krb5_kdc_rep **ret_as_reply)
+{
+ krb5_error_code retval;
+ krb5_get_init_creds_opt opt;
+ char * server = NULL;
+ krb5_keytab keytab;
+ krb5int_populate_gic_opt(context, &opt,
+ options, addrs, ktypes,
+ pre_auth_types);
+ if (arg_keytab == NULL) {
+ retval = krb5_kt_default(context, &keytab);
+ if (retval)
+ return retval;
+ }
+ else keytab = arg_keytab;
+
+ retval = krb5_unparse_name( context, creds->server, &server);
+ if (retval)
+ goto cleanup;
+ retval = krb5_get_init_creds (context,
+ creds, creds->client,
+ krb5_prompter_posix, NULL,
+ 0, server, &opt,
+ krb5_get_as_key_keytab, &keytab,
+ 0, ret_as_reply);
+ krb5_free_unparsed_name( context, server);
+ if (retval) {
+ goto cleanup;
+ }
+
+ /* store it in the ccache! */
+ if (ccache)
+ if ((retval = krb5_cc_store_cred(context, ccache, creds)))
+ goto cleanup;
+ cleanup: if (arg_keytab == NULL)
+ krb5_kt_close(context, keytab);
+ return retval;
+}
+
return(EIO);
if ((ret = krb5_unparse_name(context, client, &clientstr)))
- return(ret);
+ return(ret);
strcpy(promptstr, "Password for ");
strncat(promptstr, clientstr, sizeof(promptstr)-strlen(promptstr)-1);
return(ret);
}
+krb5_error_code krb5int_populate_gic_opt (
+ krb5_context context, krb5_get_init_creds_opt *opt,
+ krb5_flags options, krb5_address * const *addrs, krb5_enctype *ktypes,
+ krb5_preauthtype *pre_auth_types)
+{
+ int i;
+ krb5_get_init_creds_opt_init(opt);
+ if (addrs)
+ krb5_get_init_creds_opt_set_address_list(opt, (krb5_address **) addrs);
+ if (ktypes) {
+ for (i=0; ktypes[i]; i++);
+ if (i)
+ krb5_get_init_creds_opt_set_etype_list(opt, ktypes, i);
+ }
+ if (pre_auth_types) {
+ for (i=0; pre_auth_types[i]; i++);
+ if (i)
+ krb5_get_init_creds_opt_set_preauth_list(opt, pre_auth_types, i);
+ }
+ if (options&KDC_OPT_FORWARDABLE)
+ krb5_get_init_creds_opt_set_forwardable(opt, 1);
+ else krb5_get_init_creds_opt_set_forwardable(opt, 0);
+ if (options&KDC_OPT_PROXIABLE)
+ krb5_get_init_creds_opt_set_proxiable(opt, 1);
+ else krb5_get_init_creds_opt_set_proxiable(opt, 0);
+
+
+}
+
+/*
+ Rewrites get_in_tkt in terms of newer get_init_creds API.
+ Attempts to get an initial ticket for creds->client to use server
+ creds->server, (realm is taken from creds->client), with options
+ options, and using creds->times.starttime, creds->times.endtime,
+ creds->times.renew_till as from, till, and rtime.
+ creds->times.renew_till is ignored unless the RENEWABLE option is requested.
+
+ If addrs is non-NULL, it is used for the addresses requested. If it is
+ null, the system standard addresses are used.
+
+ If password is non-NULL, it is converted using the cryptosystem entry
+ point for a string conversion routine, seeded with the client's name.
+ If password is passed as NULL, the password is read from the terminal,
+ and then converted into a key.
+
+ A succesful call will place the ticket in the credentials cache ccache.
+
+ returns system errors, encryption errors
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_get_in_tkt_with_password(krb5_context context, krb5_flags options,
+ krb5_address *const *addrs, krb5_enctype *ktypes,
+ krb5_preauthtype *pre_auth_types,
+ const char *password, krb5_ccache ccache,
+ krb5_creds *creds, krb5_kdc_rep **ret_as_reply)
+{
+ krb5_error_code retval;
+ krb5_data pw0;
+ char pw0array[1024];
+ krb5_get_init_creds_opt opt;
+ char * server;
+
+ pw0array[0] = '\0';
+ pw0.data = pw0array;
+ if (password) {
+ if (strlen(password) >= sizeof(pw0array))
+ return EINVAL;
+ strncpy(pw0.data, password, sizeof(pw0array));
+ pw0array[strlen(password)] = '\0';
+ }
+ pw0.length = sizeof(pw0array);
+
+ krb5int_populate_gic_opt(context, &opt,
+ options, addrs, ktypes,
+ pre_auth_types);
+ retval = krb5_unparse_name( context, creds->server, &server);
+ if (retval)
+ return (retval);
+ retval = krb5_get_init_creds (context,
+ creds, creds->client,
+ krb5_prompter_posix, NULL,
+ 0, server, &opt,
+ krb5_get_as_key_password, &pw0,
+ 0, ret_as_reply);
+ krb5_free_unparsed_name( context, server);
+ if (retval) {
+ return (retval);
+ }
+
+ /* store it in the ccache! */
+ if (ccache)
+ if ((retval = krb5_cc_store_cred(context, ccache, creds)))
+ return (retval);
+ return retval;
+ }
+
+++ /dev/null
-/*
- * lib/krb5/krb/in_tkt_ktb.c
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * krb5_get_in_tkt_with_keytab()
- *
- */
-
-#include "k5-int.h"
-
-struct keytab_keyproc_arg {
- krb5_keytab keytab;
- krb5_principal client;
-};
-
-/*
- * Key-generator for in_tkt_keytab, below.
- * "keyseed" is actually a krb5_keytab, or NULL if we should fetch
- * from system area.
- */
-static krb5_error_code keytab_keyproc
- (krb5_context,
- const krb5_enctype,
- krb5_data *,
- krb5_const_pointer,
- krb5_keyblock **);
-
-static krb5_error_code
-keytab_keyproc(krb5_context context, krb5_enctype type, krb5_data *salt,
- krb5_const_pointer keyseed, krb5_keyblock **key)
-{
- const struct keytab_keyproc_arg * arg =
- (const struct keytab_keyproc_arg *)keyseed;
- krb5_keyblock *realkey;
- krb5_error_code retval = 0;
- krb5_keytab kt_id;
- krb5_keytab_entry kt_ent;
-
- kt_id = arg->keytab;
-
- if (!krb5_c_valid_enctype(type))
- return KRB5_PROG_ETYPE_NOSUPP;
-
- if (kt_id == NULL)
- /* Fetch from default keytab location */
- if ((retval = krb5_kt_default(context, &kt_id)))
- return retval;
-
-
- if ((retval = krb5_kt_get_entry(context, kt_id, arg->client,
- 0, /* don't have vno available */
- type, &kt_ent)))
- goto cleanup;
-
- if ((retval = krb5_copy_keyblock(context, &kt_ent.key, &realkey))) {
- (void) krb5_kt_free_entry(context, &kt_ent);
- goto cleanup;
- }
-
- (void) krb5_kt_free_entry(context, &kt_ent);
- *key = realkey;
-
-cleanup:
- if (! arg->keytab)
- krb5_kt_close(context, kt_id);
- return retval;
-}
-
-/*
- Similar to krb5_get_in_tkt_with_skey.
-
- Attempts to get an initial ticket for creds->client to use server
- creds->server, (realm is taken from creds->client), with options
- options, and using creds->times.starttime, creds->times.endtime,
- creds->times.renew_till as from, till, and rtime.
- creds->times.renew_till is ignored unless the RENEWABLE option is requested.
-
- If addrs is non-NULL, it is used for the addresses requested. If it is
- null, the system standard addresses are used.
-
- A succesful call will place the ticket in the credentials cache ccache.
-
- returns system errors, encryption errors
-
- */
-krb5_error_code KRB5_CALLCONV
-krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options,
- krb5_address *const *addrs, krb5_enctype *ktypes,
- krb5_preauthtype *pre_auth_types,
- krb5_keytab keytab, krb5_ccache ccache,
- krb5_creds *creds, krb5_kdc_rep **ret_as_reply)
-{
- struct keytab_keyproc_arg arg;
-
- arg.keytab = keytab;
- arg.client = creds->client;
-
- return(krb5_get_in_tkt(context, options, addrs, ktypes,
- pre_auth_types,
- keytab_keyproc, (krb5_pointer)&arg,
- krb5_kdc_rep_decrypt_proc, 0, creds,
- ccache, ret_as_reply));
-}
+++ /dev/null
-/*
- * lib/krb5/krb/in_tkt_pwd.c
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * krb5_get_in_tkt_with_password()
- */
-
-#include "k5-int.h"
-
-extern char *krb5_default_pwd_prompt1;
-
-/*
- * key-producing procedure for use by krb5_get_in_tkt_with_password.
- */
-static krb5_error_code pwd_keyproc
- (krb5_context,
- const krb5_enctype,
- krb5_data *,
- krb5_const_pointer,
- krb5_keyblock **);
-
-static krb5_error_code
-pwd_keyproc(krb5_context context, krb5_enctype type, krb5_data *salt,
- krb5_const_pointer keyseed, krb5_keyblock **key)
-{
- krb5_error_code retval;
- krb5_data * password;
- unsigned int pwsize;
-
- password = (krb5_data *)keyseed;
-
- if (!password->length) {
- pwsize = BUFSIZ;
- if ((password->data = malloc(pwsize)) == NULL)
- return ENOMEM;
-
- if ((retval = krb5_read_password(context, krb5_default_pwd_prompt1, 0,
- password->data, &pwsize))) {
- return retval;
- }
- password->length = pwsize;
- }
-
- if (!(*key = (krb5_keyblock *)malloc(sizeof(**key))))
- return ENOMEM;
-
- if ((retval = krb5_c_string_to_key(context, type, password, salt, *key)))
- krb5_xfree(*key);
-
- return(retval);
-}
-
-/*
- Attempts to get an initial ticket for creds->client to use server
- creds->server, (realm is taken from creds->client), with options
- options, and using creds->times.starttime, creds->times.endtime,
- creds->times.renew_till as from, till, and rtime.
- creds->times.renew_till is ignored unless the RENEWABLE option is requested.
-
- If addrs is non-NULL, it is used for the addresses requested. If it is
- null, the system standard addresses are used.
-
- If password is non-NULL, it is converted using the cryptosystem entry
- point for a string conversion routine, seeded with the client's name.
- If password is passed as NULL, the password is read from the terminal,
- and then converted into a key.
-
- A succesful call will place the ticket in the credentials cache ccache.
-
- returns system errors, encryption errors
- */
-krb5_error_code KRB5_CALLCONV
-krb5_get_in_tkt_with_password(krb5_context context, krb5_flags options,
- krb5_address *const *addrs, krb5_enctype *ktypes,
- krb5_preauthtype *pre_auth_types,
- const char *password, krb5_ccache ccache,
- krb5_creds *creds, krb5_kdc_rep **ret_as_reply)
-{
- krb5_error_code retval;
- krb5_data data;
-
-
- if ((data.data = (char *)password)) {
- data.length = strlen(password);
- } else {
- data.length = 0;
- }
-
- retval = krb5_get_in_tkt(context, options, addrs, ktypes, pre_auth_types,
- pwd_keyproc, (krb5_pointer) &data,
- krb5_kdc_rep_decrypt_proc, 0,
- creds, ccache, ret_as_reply);
-
- if ((password == NULL) && (data.data)) {
- memset(data.data, 0, strlen(data.data));
- free(data.data);
- }
-
- return retval;
-}
-
projects / krb5.git / commitdiff