* kprop.c : Use new calling conventions for krb5_sendauth(),
authorChris Provenzano <proven@mit.edu>
Mon, 27 Mar 1995 14:50:30 +0000 (14:50 +0000)
committerChris Provenzano <proven@mit.edu>
Mon, 27 Mar 1995 14:50:30 +0000 (14:50 +0000)
krb5_mk_safe(), krb5_rd_safe() and krb5_mk_priv().

        * kpropd.c : Use new calling conventions for krb5_recvauth(),
krb5_mk_safe(), krb5_rd_safe() and krb5_rd_priv().

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5266 dc483132-0cff-0310-8789-dd5450dbe970

src/slave/ChangeLog
src/slave/kprop.c
src/slave/kpropd.c

index fd1219d630f91e1b1f4e69146e49f8e1724dfb65..5b1285eaf9d08aa018f71c83076c98743d4764bb 100644 (file)
@@ -1,3 +1,11 @@
+Mon Mar 27 07:56:26 1995 Chris Provenzano (proven@mit.edu)
+
+        * kprop.c : Use new calling conventions for krb5_sendauth(),
+               krb5_mk_safe(), krb5_rd_safe() and krb5_mk_priv().
+
+        * kpropd.c : Use new calling conventions for krb5_recvauth(),
+               krb5_mk_safe(), krb5_rd_safe() and krb5_rd_priv().
+
 Fri Mar 24 14:49:41 1995    <tytso@rsx-11.mit.edu>
 
        * kpropd.c (PRS): Don't bother initializing server_addrs since
index 5755a32bb564b5483a042e562a8688114c54e52a..880fea6e6c84239139ab716051dc4494b2ca4c3a 100644 (file)
@@ -61,8 +61,6 @@ krb5_principal        my_principal;           /* The Kerberos principal we'll be */
 krb5_ccache    ccache;         /* Credentials cache which we'll be using */
 /* krb5_creds  my_creds;       /* My credentials */
 krb5_creds     creds;
-krb5_int32     my_seq_num;     /* Sequence number to use for connection */
-krb5_int32     his_seq_num;    /* Remote sequence number */
 krb5_address   sender_addr;
 krb5_address   receiver_addr;
 
@@ -75,13 +73,15 @@ static void usage
 krb5_error_code open_connection 
        PROTOTYPE((char *, int *, char *));
 void   kerberos_authenticate 
-       PROTOTYPE((krb5_context, int, krb5_principal, krb5_creds **));
+       PROTOTYPE((krb5_context, krb5_auth_context **, 
+                  int, krb5_principal, krb5_creds **));
 int    open_database 
        PROTOTYPE((krb5_context, char *, int *));
 void   close_database 
        PROTOTYPE((krb5_context, int));
 void   xmit_database 
-       PROTOTYPE((krb5_context, krb5_creds *, int, int, int));
+       PROTOTYPE((krb5_context, krb5_auth_context *, krb5_creds *, 
+                  int, int, int));
 void   send_error 
        PROTOTYPE((krb5_context, krb5_creds *, int, char *, krb5_error_code));
 void   update_last_prop_file 
@@ -102,10 +102,12 @@ main(argc, argv)
        int     fd, database_fd, database_size;
        krb5_error_code retval;
        krb5_context context;
-       krb5_creds my_creds;
+       krb5_creds *my_creds;
+       krb5_auth_context * auth_context;
        char    Errmsg[256];
        
        PRS(context, argv);
+       krb5_init_context(&context);
        get_tickets(context);
 
        database_fd = open_database(context, file, &database_size);
@@ -119,15 +121,13 @@ main(argc, argv)
                        progname, Errmsg, slave_host);
                exit(1);
        }
-       kerberos_authenticate(context, fd, my_principal, &my_creds);
-       if (debug) {
-               printf("My sequence number: %d\n", my_seq_num);
-               printf("His sequence number: %d\n", his_seq_num);
-       }
-       xmit_database(context, & my_creds, fd, database_fd, database_size);
+       kerberos_authenticate(context, &auth_context, fd, my_principal, 
+                             &my_creds);
+       xmit_database(context, auth_context, my_creds, fd, database_fd, 
+                     database_size);
        update_last_prop_file(slave_host, file);
        printf("Database propagation to %s: SUCCEEDED\n", slave_host);
-       krb5_free_cred_contents(context, &my_creds);
+       krb5_free_cred_contents(context, my_creds);
        close_database(context, database_fd);
        exit(0);
 }
@@ -356,8 +356,9 @@ open_connection(host, fd, Errmsg)
 }
 
 
-void kerberos_authenticate(context, fd, me, new_creds)
+void kerberos_authenticate(context, auth_context, fd, me, new_creds)
     krb5_context context;
+    krb5_auth_context **auth_context;
     int        fd;
     krb5_principal me;
     krb5_creds ** new_creds;
@@ -366,9 +367,15 @@ void kerberos_authenticate(context, fd, me, new_creds)
        krb5_error      *error = NULL;
        krb5_ap_rep_enc_part    *rep_result;
 
-       if (retval = krb5_sendauth(context, (void *)&fd, kprop_version, me,
-                                  creds.server, AP_OPTS_MUTUAL_REQUIRED,
-                                  NULL, &creds, NULL, &my_seq_num, NULL,
+    if (retval = krb5_auth_con_init(context, auth_context)) 
+       exit(1);
+
+    krb5_auth_con_setflags(context, *auth_context, 
+                          KRB5_AUTH_CONTEXT_DO_SEQUENCE);
+
+       if (retval = krb5_sendauth(context, auth_context, (void *)&fd, 
+                                  kprop_version, me, creds.server,
+                                  AP_OPTS_MUTUAL_REQUIRED, NULL, &creds, NULL,
                                   &error, &rep_result, new_creds)) {
                com_err(progname, retval, "while authenticating to server");
                if (error) {
@@ -390,7 +397,6 @@ void kerberos_authenticate(context, fd, me, new_creds)
                }
                exit(1);
        }
-       his_seq_num = rep_result->seq_number;
        krb5_free_ap_rep_enc_part(context, rep_result);
 }
 
@@ -493,17 +499,17 @@ close_database(context, fd)
  * will abort the entire operation.
  */
 void
-xmit_database(context, my_creds, fd, database_fd, database_size)
+xmit_database(context, auth_context, my_creds, fd, database_fd, database_size)
     krb5_context context;
+    krb5_auth_context * auth_context;
     krb5_creds *my_creds;
     int        fd;
     int        database_fd;
     int        database_size;
 {
-       int     send_size, sent_size, n, eblock_size;
+       int     send_size, sent_size, n;
        krb5_data       inbuf, outbuf;
        char            buf[KPROP_BUFSIZ];
-       char            *i_vector;
        krb5_error_code retval;
        krb5_error      *error;
        
@@ -513,13 +519,9 @@ xmit_database(context, my_creds, fd, database_fd, database_size)
        send_size = htonl(database_size);
        inbuf.data = (char *) &send_size;
        inbuf.length = sizeof(send_size); /* must be 4, really */
-       if (retval = krb5_mk_safe(context, &inbuf, KPROP_CKSUMTYPE,
-                                 &my_creds->keyblock, 
-                                 &sender_addr, &receiver_addr,
-                                 my_seq_num++,
-                                 KRB5_PRIV_DOSEQUENCE|KRB5_SAFE_NOTIME,
-                                 0,    /* no rcache when NOTIME */
-                                 &outbuf)) {
+       /* KPROP_CKSUMTYPE */
+       if (retval = krb5_mk_safe(context, auth_context, &inbuf, 
+                                 &outbuf, NULL)) {
                com_err(progname, retval, "while encoding database size");
                send_error(context, my_creds, fd, "while encoding database size", retval);
                exit(1);
@@ -530,18 +532,15 @@ xmit_database(context, my_creds, fd, database_fd, database_size)
                exit(1);
        }
        krb5_xfree(outbuf.data);
-       /*
-        * Initialize the initial vector.
-        */
-       eblock_size = krb5_keytype_array[my_creds->keyblock.keytype]->
-               system->block_length;
-       if (!(i_vector=malloc(eblock_size))) {
-               com_err(progname, ENOMEM, "while allocating i_vector");
-               send_error(context, my_creds, fd, 
-                          "malloc failed while allocating i_vector", ENOMEM);
-               exit(1);
-       }
-       memset(i_vector, 0, eblock_size);
+    /*
+     * Initialize the initial vector.
+     */
+    if (retval = krb5_auth_con_initivector(context, auth_context)) {
+       send_error(context, my_creds, fd, 
+                  "failed while initializing i_vector", retval);
+       com_err(progname, retval, "while allocating i_vector");
+       exit(1);
+    }
        /*
         * Send over the file, block by block....
         */
@@ -549,15 +548,8 @@ xmit_database(context, my_creds, fd, database_fd, database_size)
        sent_size = 0;
        while (n = read(database_fd, buf, sizeof(buf))) {
                inbuf.length = n;
-               if (retval = krb5_mk_priv(context, &inbuf, ETYPE_DES_CBC_CRC,
-                                         &my_creds->keyblock,
-                                         &sender_addr,
-                                         &receiver_addr,
-                                         my_seq_num++,
-                                         KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
-                                         0, /* again, no rcache */
-                                         i_vector,
-                                         &outbuf)) {
+               if (retval = krb5_mk_priv(context, auth_context, &inbuf,
+                                         &outbuf, NULL)) {
                        sprintf(buf,
                                "while encoding database block starting at %d",
                                sent_size);
@@ -618,10 +610,7 @@ xmit_database(context, my_creds, fd, database_fd, database_size)
                krb5_free_error(context, error);
                exit(1);
        }
-       if (retval = krb5_rd_safe(context, &inbuf, &my_creds->keyblock,         
-                                 &receiver_addr, &sender_addr, his_seq_num++,
-                                 KRB5_SAFE_DOSEQUENCE|KRB5_SAFE_NOTIME,
-                                 0, &outbuf)) {
+       if (retval = krb5_rd_safe(context,auth_context,&inbuf,&outbuf,NULL)) {
                com_err(progname, retval,
                        "while decoding final size packet from server");
                exit(1);
index b28238affeb1fde21f60379d8ad5208173aee690..d0872df29afa3c65dad89500eda81eb7bd9baf33 100644 (file)
@@ -67,9 +67,8 @@ int   standalone;
 
 krb5_principal server;         /* This is our server principal name */
 krb5_principal client;         /* This is who we're talking to */
-krb5_keyblock  *session_key;   /* Here is the session key */
-krb5_pointer   kerb_keytab = 0; /* Use default */
 krb5_context kpropd_context;
+krb5_auth_context * auth_context;
 char   *realm = NULL;          /* Our realm */
 char   *file = KPROPD_DEFAULT_FILE;
 char   *temp_file_name;
@@ -77,8 +76,6 @@ char  *kdb5_edit = KPROPD_DEFAULT_KDB5_EDIT;
 char   *kerb_database = KPROPD_DEFAULT_KRB_DB;
 
 int            database_fd;
-krb5_int32     my_seq_num;     /* Sequence number */
-krb5_int32     his_seq_num;    /* The remote's sequence number */
 krb5_address   sender_addr;
 krb5_address   receiver_addr;
 
@@ -250,10 +247,6 @@ void doit(fd)
                free(name);
                exit(1);
        }
-       if (debug) {
-               printf("My sequence number: %d\n", my_seq_num);
-               printf("His sequence number: %d\n", his_seq_num);
-       }
        omask = umask(077);
        lock_fp = fopen(temp_file_name, "a");
        (void) umask(omask);
@@ -437,73 +430,90 @@ void PRS(argv)
  */
 void
 kerberos_authenticate(context, fd, clientp, sin)
-    krb5_context context;
-    int        fd;
-    krb5_principal     *clientp;
-    struct sockaddr_in sin;
+    krb5_context         context;
+    int                          fd;
+    krb5_principal     * clientp;
+    struct sockaddr_in   sin;
 {
-       krb5_error_code retval;
-       krb5_ticket     *ticket;
-       krb5_authenticator      *authent;
-       struct sockaddr_in      r_sin;
-       int                     sin_length;
+    krb5_error_code      retval;
+    krb5_ticket                * ticket;
+    struct sockaddr_in   r_sin;
+    int                          sin_length;
+
+    /*
+     * Set recv_addr and send_addr
+     */
+    sender_addr.addrtype = ADDRTYPE_INET;
+    sender_addr.length = sizeof(sin.sin_addr);
+    sender_addr.contents = (krb5_octet *) malloc(sizeof(sin.sin_addr));
+    memcpy((char *) sender_addr.contents, (char *) &sin.sin_addr,
+           sizeof(sin.sin_addr));
+
+    sin_length = sizeof(r_sin);
+    if (getsockname(fd, (struct sockaddr *) &r_sin, &sin_length)) {
+       com_err(progname, errno, "while getting local socket address");
+       exit(1);
+    }
 
-       /*
-        * Set recv_addr and send_addr
-        */
-       sender_addr.addrtype = ADDRTYPE_INET;
-       sender_addr.length = sizeof(sin.sin_addr);
-       sender_addr.contents = (krb5_octet *) malloc(sizeof(sin.sin_addr));
-       memcpy((char *) sender_addr.contents, (char *) &sin.sin_addr,
-              sizeof(sin.sin_addr));
-
-       sin_length = sizeof(r_sin);
-       if (getsockname(fd, (struct sockaddr *) &r_sin, &sin_length)) {
-               com_err(progname, errno, "while getting local socket address");
-               exit(1);
+    receiver_addr.addrtype = ADDRTYPE_INET;
+    receiver_addr.length = sizeof(r_sin.sin_addr);
+    receiver_addr.contents = (krb5_octet *) malloc(sizeof(r_sin.sin_addr));
+    memcpy((char *) receiver_addr.contents, (char *) &r_sin.sin_addr,
+           sizeof(r_sin.sin_addr));
+
+    if (debug) {
+       char *name;
+       if (retval = krb5_unparse_name(context, server, &name)) {
+           com_err(progname, retval, "While unparsing client name");
+           exit(1);
        }
+       printf("krb5_recvauth(%d, %s, %s, ...)\n", fd, kprop_version, name);
+       free(name);
+    }
 
-       receiver_addr.addrtype = ADDRTYPE_INET;
-       receiver_addr.length = sizeof(r_sin.sin_addr);
-       receiver_addr.contents = (krb5_octet *) malloc(sizeof(r_sin.sin_addr));
-       memcpy((char *) receiver_addr.contents, (char *) &r_sin.sin_addr,
-              sizeof(r_sin.sin_addr));
+    if (retval = krb5_auth_con_init(context, &auth_context)) {
+       syslog(LOG_ERR, "Error in krb5_auth_con_ini: %s",error_message(retval));
+       exit(1);
+    }
 
-       if (debug) {
-               char *name;
-               if (retval = krb5_unparse_name(context, server, &name)) {
-                       com_err(progname, retval,
-                               "While unparsing client name");
-                       exit(1);
-               }
-               printf("krb5_recvauth(%d, %s, %s, ...)\n", fd,
-                      kprop_version, name);
-               free(name);
-       }
+    if (retval = krb5_auth_con_setflags(context, auth_context, 
+                                       KRB5_AUTH_CONTEXT_DO_SEQUENCE)) {
+       syslog(LOG_ERR, "Error in krb5_auth_con_setflags: %s",
+              error_message(retval));
+       exit(1);
+    }
 
-       if (retval = krb5_recvauth(context, (void *) &fd, kprop_version, server,
-                                  &sender_addr, kerb_keytab, NULL, NULL,
-                                  "dfl", 0, &my_seq_num, clientp, &ticket,
-                                  &authent)) {
-               syslog(LOG_ERR, "Error in krb5_recvauth: %s",
-                      error_message(retval));
-               exit(1);
-       }
-       if (debug) {
-               char    *name;
+    if (retval = krb5_auth_con_setaddrs(context, auth_context, &receiver_addr,
+                                       &sender_addr)) {
+       syslog(LOG_ERR, "Error in krb5_auth_con_setaddrs: %s",
+              error_message(retval));
+       exit(1);
+    }
 
-               if (retval = krb5_unparse_name(context, *clientp, &name)) {
-                       com_err(progname, retval,
-                               "While unparsing client name");
-                       exit(1);
-               }
-               printf("authenticated client: %s\n", name);
-               free(name);
+    if (retval = krb5_recvauth(context, &auth_context, (void *) &fd,
+                              kprop_version, server, "dfl", 0, NULL, &ticket)){
+       syslog(LOG_ERR, "Error in krb5_recvauth: %s", error_message(retval));
+       exit(1);
+    }
+
+    if (retval = krb5_copy_principal(context, 
+                                    ticket->enc_part2->client, clientp)) {
+       syslog(LOG_ERR, "Error in krb5_copy_prinicpal: %s", 
+              error_message(retval));
+       exit(1);
+    }
+
+    if (debug) {
+       char * name;
+
+       if (retval = krb5_unparse_name(context, *clientp, &name)) {
+           com_err(progname, retval, "While unparsing client name");
+           exit(1);
        }
-       his_seq_num = authent->seq_number;
-       krb5_copy_keyblock(context, ticket->enc_part2->session, &session_key);
-       krb5_free_ticket(context, ticket);
-       krb5_free_authenticator(context, authent);
+       printf("authenticated client: %s\n", name);
+       free(name);
+    }
+    krb5_free_ticket(context, ticket);
 }
 
 krb5_boolean
@@ -551,10 +561,8 @@ recv_database(context, fd, database_fd)
        int     database_size;
        int     received_size, n;
        char            buf[1024];
-       char            *i_vector;
        krb5_data       inbuf, outbuf;
        krb5_error_code retval;
-       int             eblock_size;
 
        /*
         * Receive and decode size from client
@@ -567,10 +575,7 @@ recv_database(context, fd, database_fd)
        }
        if (krb5_is_krb_error(&inbuf))
                recv_error(context, &inbuf);
-       if (retval = krb5_rd_safe(context, &inbuf, session_key, &sender_addr,
-                                 &receiver_addr, his_seq_num++,
-                                 KRB5_SAFE_DOSEQUENCE|KRB5_SAFE_NOTIME,
-                                 0, &outbuf)) {
+       if (retval = krb5_rd_safe(context,auth_context,&inbuf,&outbuf,NULL)) {
                send_error(context, fd, retval, "while decoding database size");
                krb5_xfree(inbuf.data);
                com_err(progname, retval,
@@ -581,18 +586,16 @@ recv_database(context, fd, database_fd)
        krb5_xfree(inbuf.data);
        krb5_xfree(outbuf.data);
        database_size = ntohl(database_size);
-       /*
-        * Initialize the initial vector.
-        */
-       eblock_size = krb5_keytype_array[session_key->keytype]->
-               system->block_length;
-       if (!(i_vector=malloc(eblock_size))) {
-               com_err(progname, ENOMEM, "while allocating i_vector");
-               send_error(context, fd, ENOMEM,
-                          "malloc failed while allocating i_vector");
-               exit(1);
-       }
-       memset(i_vector, 0, eblock_size);
+
+    /*
+     * Initialize the initial vector.
+     */
+    if (retval = krb5_auth_con_initivector(context, auth_context)) {
+       send_error(context, fd, retval, "failed while initializing i_vector");
+       com_err(progname, retval, "while initializing i_vector");
+       exit(1);
+    }
+
        /*
         * Now start receiving the database from the net
         */
@@ -608,11 +611,8 @@ recv_database(context, fd, database_fd)
                }
                if (krb5_is_krb_error(&inbuf))
                        recv_error(context, &inbuf);
-               if (retval = krb5_rd_priv(context, &inbuf, session_key,
-                                         &sender_addr, &receiver_addr,
-                                         his_seq_num++,
-                                         KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
-                                         i_vector, 0, &outbuf)) {
+               if (retval = krb5_rd_priv(context, auth_context, &inbuf, 
+                                         &outbuf, NULL)) {
                        sprintf(buf,
                                "while decoding database block starting at offset %d",
                                received_size);
@@ -652,15 +652,7 @@ recv_database(context, fd, database_fd)
        database_size = htonl(database_size);
        inbuf.data = (char *) &database_size;
        inbuf.length = sizeof(database_size);
-       if (retval = krb5_mk_safe(context, &inbuf, KPROP_CKSUMTYPE,
-                                 session_key,
-                                 /* Note these are reversed because */
-                                 /* we are sending, not receiving! */
-                                 &receiver_addr, &sender_addr, 
-                                 my_seq_num++,
-                                 KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
-                                 0,    /* no rcache when NOTIME */
-                                 &outbuf)) {
+       if (retval = krb5_mk_safe(context,auth_context,&inbuf,&outbuf,NULL)) {
                com_err(progname, retval,
                        "while encoding # of receieved bytes");
                send_error(context, fd, retval,