+++ /dev/null
-/*
- * lib/krb425/425data.c
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * Common data for krb425 library
- */
-
-
-#include "krb425.h"
-
-char *_krb425_local_realm = 0;
-krb5_ccache _krb425_ccache = 0;
-int _krb425_error_init = 0;
-krb5_keyblock _krb425_servkey;
-
-#ifdef EBUG
-char *
-basename(s)
-char *s;
-{
- char *r;
- char *rindex();
-
- if (r = rindex(s, '/'))
- return(r+1);
- return(s);
-}
-#endif
+++ /dev/null
-/*
- * lib/krb425/425error.c
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * convert error codes from v5 to v4
- */
-
-
-#include <krb.h>
-#include "krb5.h"
-
-int krb5_425_error; /* For people who want to know what */
- /* the *real* error was.... */
-
-int
-krb425error(e)
-krb5_error_code e;
-{
- /*
- * This is not a very good switch.
- * Probably needs to be rewritten.
- */
- krb5_425_error = e;
- switch (e) {
- case 0: /* No error */
- return(KSUCCESS);
-
- case KRB5KDC_ERR_NAME_EXP: /* Client's entry in DB expired */
- return(KDC_NAME_EXP);
-
- case KRB5KDC_ERR_SERVICE_EXP: /* Server's entry in DB expired */
- return(KDC_SERVICE_EXP);
-
- case KRB5KDC_ERR_BAD_PVNO: /* Requested pvno not supported */
- return(KDC_PKT_VER);
-
- case KRB5KDC_ERR_C_OLD_MAST_KVNO:/* C's key encrypted in old master */
- return(KDC_P_MKEY_VER);
-
- case KRB5KDC_ERR_S_OLD_MAST_KVNO:/* S's key encrypted in old master */
- return(KDC_S_MKEY_VER);
-
- case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN:/* Client not found in Kerberos DB */
- case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN:/* Server not found in Kerberos DB */
- return(KDC_PR_UNKNOWN);
-
- case KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE:/* Multiple entries in Kerberos DB */
- return(KDC_PR_N_UNIQUE);
-
- case KRB5KDC_ERR_NULL_KEY: /* The C or S has a null key */
- return(KDC_NULL_KEY);
-
- case KRB5KDC_ERR_CANNOT_POSTDATE:/* Tkt ineligible for postdating */
- case KRB5KDC_ERR_NEVER_VALID: /* Requested starttime > endtime */
- case KRB5KDC_ERR_POLICY: /* KDC policy rejects request */
- case KRB5KDC_ERR_BADOPTION: /* KDC can't do requested opt. */
- case KRB5KDC_ERR_ETYPE_NOSUPP: /* No support for encryption type */
- case KRB5_KDCREP_MODIFIED: /* KDC reply did not match expectations */
- case KRB5_KDCREP_SKEW: /* Clock skew too great in KDC reply */
- return(KDC_GEN_ERR);
- case KRB5_KDC_UNREACH: /* Cannot contact any KDC for requested realm */
- case KRB5_REALM_UNKNOWN: /* Cannot find KDC for requested realm */
- return(SKDC_CANT);
-
- case KRB5KRB_AP_ERR_BAD_INTEGRITY: /* Decrypt integrity check failed */
- case KRB5KRB_AP_ERR_TKT_INVALID: /* Ticket has invalid flag set */
-
- return(RD_AP_UNDEC);
-
- case KRB5KRB_AP_ERR_TKT_EXPIRED:/* Ticket expired */
- return(RD_AP_EXP);
-
- case KRB5KRB_AP_ERR_TKT_NYV: /* Ticket not yet valid */
- return(RD_AP_NYV);
-
- case KRB5KRB_AP_ERR_REPEAT: /* Request is a replay */
- return(RD_AP_REPEAT);
-
- case KRB5KRB_AP_ERR_NOT_US: /* The ticket isn't for us */
- return(RD_AP_NOT_US);
-
- case KRB5KRB_AP_ERR_BADMATCH: /* Ticket/authenticator don't match */
- return(RD_AP_INCON);
-
- case KRB5KRB_AP_ERR_SKEW: /* Clock skew too great */
- return(RD_AP_TIME);
-
- case KRB5KRB_AP_ERR_BADADDR: /* Incorrect net address */
- return(RD_AP_BADD);
-
- case KRB5KRB_AP_ERR_BADVERSION: /* Protocol version mismatch */
- return(RD_AP_VERSION);
-
- case KRB5KRB_AP_ERR_MSG_TYPE: /* Invalid message type */
- case KRB5_BADMSGTYPE: /* Invalid message type specified for encoding */
- return(RD_AP_MSG_TYPE);
-
- case KRB5KRB_AP_ERR_MODIFIED: /* Message stream modified */
- return(RD_AP_MODIFIED);
-
- case KRB5KRB_AP_ERR_BADORDER: /* Message out of order */
- case KRB5KRB_AP_ERR_BADSEQ: /* Message out of order */
- case KRB5KRB_AP_ERR_BADDIRECTION: /* Incorrect message direction */
- return(RD_AP_ORDER);
-
- case KRB5KRB_AP_ERR_BADKEYVER: /* Key version is not available */
- case KRB5KRB_AP_ERR_NOKEY: /* Service key not available */
- case KRB5KRB_AP_ERR_MUT_FAIL: /* Mutual authentication failed */
- return(RD_AP_INCON);
-
- case KRB5_CC_BADNAME: /* Credential cache name malformed */
- case KRB5_CC_UNKNOWN_TYPE: /* Unknown credential cache type */
- case KRB5_CC_TYPE_EXISTS: /* Credentials cache type is already registered */
- case KRB5_CC_IO: /* Credentials cache I/O operation failedXXX */
- case KRB5_CC_NOMEM: /* No more memory to allocate (in credentials cache code) */
- return(TKT_FIL_ACC);
- case KRB5_CC_END: /* End of credential cache reached */
- return(RET_NOTKT);
- case KRB5_CC_NOTFOUND: /* Matching credential not found */
- return(NO_TKT_FIL);
-
- case KRB5_NO_TKT_IN_RLM: /* Cannot find ticket for requested realm */
- return(AD_NOTGT);
- case KRB5KRB_ERR_FIELD_TOOLONG: /* Field is too long for impl. */
- default:
- return(KFAILURE);
- }
-}
+++ /dev/null
-Thu Jul 13 19:47:47 1995 Sam Hartman <hartmans@tertius.mit.edu>
-
- * rd_priv.c rd_safe.c: Include netinet/in.h
-
-Fri Jul 7 16:30:03 EDT 1995 Paul Park (pjpark@mit.edu)
- * Makefile.in - Remove LDFLAGS.
-
-Fri Jun 9 19:27:15 1995 <tytso@rsx-11.mit.edu>
-
- * configure.in: Remove standardized set of autoconf macros, which
- are now handled by CONFIG_RULES.
-
-Tue Mar 7 19:58:07 1995 Mark Eichin <eichin@cygnus.com>
-
- * configure.in: take out ISODE_INCLUDE.
-
-Tue Feb 28 00:23:19 1995 John Gilmore (gnu at toad.com)
-
- * cksum.c, des.c, des.h, enc_dec.c, pcbc_encrypt.c, quad_cksum.c,
- read_passwd.c, string2key.c, weak_key.c: Avoid <krb5/...> includes.
-
-Fri Sep 30 22:00:19 1994 Theodore Y. Ts'o (tytso@dcl)
-
- * realmhost.c (krb_realmofhost): index->strchr
-
- * kuserkok.c (krb_kuserok): index->strchr
-
-Thu Sep 29 15:24:30 1994 Theodore Y. Ts'o (tytso@dcl)
-
- * 425error.c (krb425error): Recognize the KRB5_KDCREP_SKEW and
- return generic error.
-
-Thu Aug 4 03:42:04 1994 Tom Yu (tlyu@dragons-lair)
-
- * configure.in: oops look for install program
-
- * Makefile.in: make install fixes
-
+++ /dev/null
-CFLAGS = $(CCOPTS) $(DEFS) -I$(SRCTOP)/include/kerberosIV
-
-EHDRDIR = $(BUILDTOP)/include/kerberosIV
-
-all:: krb_err.h includes $(OBJS)
-
-OBJS= 425data.o \
- 425error.o \
- des_sched.o \
- get_cred.o \
- get_krbhst.o \
- get_lrealm.o \
- get_phost.o \
- kn_parse.o \
- kntoln.o \
- krb_err.o \
- kuserok.o \
- mk_priv.o \
- mk_req.o \
- mk_safe.o \
- net_read.o \
- net_write.o \
- rd_priv.o \
- rd_req.o \
- rd_safe.o \
- realmhost.o \
- recvauth.o \
- sendauth.o \
- set_key.o
-
-SRCS= $(srcdir)/425data.c \
- $(srcdir)/425error.c \
- $(srcdir)/des_sched.c \
- $(srcdir)/get_cred.c \
- $(srcdir)/get_krbhst.c \
- $(srcdir)/get_lrealm.c \
- $(srcdir)/get_phost.c \
- $(srcdir)/kn_parse.c \
- $(srcdir)/kntoln.c \
- $(srcdir)/krb_err.c \
- $(srcdir)/kuserok.c \
- $(srcdir)/mk_priv.c \
- $(srcdir)/mk_req.c \
- $(srcdir)/mk_safe.c \
- $(srcdir)/net_read.c \
- $(srcdir)/net_write.c \
- $(srcdir)/rd_priv.c \
- $(srcdir)/rd_req.c \
- $(srcdir)/rd_safe.c \
- $(srcdir)/realmhost.c \
- $(srcdir)/recvauth.c \
- $(srcdir)/sendauth.c \
- $(srcdir)/set_key.c
-
-krb_err.o: krb_err.c
-
-libkrb425.a: ${OBJS}
- $(RM) $@
- $(ARADD) $@ $(OBJS)
- $(RANLIB) $@
- $(RM) $(TOPLIBD)/libkrb425.a
- $(CP) libkrb425.a $(BUILDTOP)/lib/libkrb425.a
- $(RANLIB) $(BUILDTOP)/lib/libkrb425.a
-
-install:: libkrb425.a
- $(INSTALL_DATA) libkrb425.a $(KRB5_LIBDIR)/libkrb425.a
- $(RANLIB) $(KRB5_LIBDIR)/libkrb425.a
-
-clean::
- $(RM) libkrb425.a
-
-clean::
- $(RM) krb_err.h krb_err.c
+++ /dev/null
-This library exports the Kerberos V4 API, acts as a glue layer to the
-Kerberos V5 library. However convenient this sounds, in general
-practice the use of this library is not recommened, and its use is not
-supported. In fact, it hasn't even been updated to the new V4 API
-changes yet.
-
-The reason for this is that while it represents a simple and easy way
-to convert an application program which was written to the Kerberos V4
-API to use the Kerberos V5 protocol, the way which the Kerberos V5 protocol
-is used is not guaranteed to be standardized in any way.
-
-Application programmers are urged to take the time to recode their
-applications to call either the Kerberos V5 library directly or better
-yet to use the GSSAPI library. Changes to the application protocol
-may be necessary in either case, but the end result will be much
-cleaner and in all likelihood much more interoperable.
-
- Theodore Ts'o
- May 1, 1995
+++ /dev/null
-AC_INIT(configure.in)
-CONFIG_RULES
-ET_RULES
-AC_PROG_ARCHIVE
-AC_PROG_ARCHIVE_ADD
-AC_PROG_RANLIB
-AC_PROG_INSTALL
-AppendRule([all:: libkrb425.a])
-CopyHeader(krb_err.h,[$(EHDRDIR)])
-V5_AC_OUTPUT_MAKEFILE
+++ /dev/null
-/*
- * lib/krb425/des_sched.c
- *
- * Copyright 1990 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * dummy function for krb425
- */
-
-
-#include "krb425.h"
-
-/*
- * This is a no-op because V5 will always creates it when needed.
- */
-int
-des_key_sched(k, s)
-des_cblock k;
-des_key_schedule s;
-{
- /*
- * Use the variables so saber does not get mad...
- */
- if (k || s)
- return(0);
- return(0);
-}
+++ /dev/null
-/*
- * lib/krb425/get_cred.c
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * krb_get_cred for krb425
- */
-
-
-#include "krb425.h"
-
-int
-krb_get_cred(service, instance, realm, c)
-char *service;
-char *instance;
-char *realm;
-CREDENTIALS *c;
-{
- static krb5_principal client_principal = 0;
-
- krb5_creds creds;
- krb5_error_code r;
- krb5_ticket *ticket;
-
- memset((char *)&creds, 0, sizeof(creds));
- if (r = krb5_build_principal(&creds.server,
- strlen(realm), realm,
- service,
- instance,
- 0)) {
- return(krb425error(r));
- }
-
- if (!_krb425_ccache)
- krb5_cc_default(&_krb425_ccache);
- if (!client_principal)
- krb5_cc_get_principal(_krb425_ccache, &client_principal);
-
- creds.client = client_principal;
- creds.times.endtime = 0;
- creds.keyblock.keytype = KEYTYPE_DES;
-
- r = krb5_get_credentials(0, _krb425_ccache, &creds);
- if (r)
- return(krb425error(r));
-
-#ifdef EBUG
- {
- int i;
- i = 0;
- if (creds.server)
- while (creds.server[i]) {
- EPRINT("server: %d: ``%.*s''\n", i,
- creds.server[i]->length,
- creds.server[i]->data
- ? creds.server[i]->data : "");
- ++i;
- }
- i = 0;
- if (creds.client)
- while (creds.client[i]) {
- EPRINT("client: %d: ``%.*s''\n", i,
- creds.client[i]->length,
- creds.client[i]->data
- ? creds.client[i]->data : "");
- ++i;
- }
- }
-#endif
- set_string(c->pname, ANAME_SZ, krb5_princ_component(creds.client, 0));
- if (creds.client->length > 1) {
- set_string(c->pinst, INST_SZ, krb5_princ_component(creds.client, 1));
- }
- else {
- c->pinst[0] = '\0';
- }
- set_string(c->realm, REALM_SZ, krb5_princ_realm(creds.server));
- set_string(c->service, ANAME_SZ, krb5_princ_component(creds.server, 0));
- set_string(c->instance, INST_SZ, krb5_princ_component(creds.server, 1));
-
- c->ticket_st.length = creds.ticket.length;
- memcpy((char *)c->ticket_st.dat,
- (char *)creds.ticket.data,
- min(c->ticket_st.length, MAX_KTXT_LEN));
- c->ticket_st.mbz = 0;
-
- memcpy((char*)c->session, (char *)creds.keyblock.contents,
- sizeof(C_Block));
-
- c->issue_date = creds.times.starttime;
- c->lifetime = creds.times.endtime;
-
- decode_krb5_ticket(&creds.ticket, &ticket);
- c->kvno = ticket->enc_part.kvno;
- krb5_free_ticket(ticket);
- return(KSUCCESS);
-}
+++ /dev/null
-/*
- * lib/krb425/get_krbhst.c
- *
- * Copyright 1990 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * krb_get_krbhst for krb425
- */
-
-
-#include "krb425.h"
-
-int
-krb_get_krbhst(host, realm, n)
-char *host;
-char *realm;
-int n;
-{
- krb5_data realm5;
- char **hosts;
- krb5_error_code r;
- int i = 0;
-
- if (n < 1)
- n = 1;
-
- set_data5(realm5, realm);
-
- if (r = krb5_get_krbhst(&realm5, &hosts)) {
- return(krb425error(r));
- }
- if (!hosts)
- return(KFAILURE);
-
- while (i < n)
- if (!hosts[i++]) {
- krb5_free_krbhst(hosts);
- return(KFAILURE);
- }
-
- strncpy(host, hosts[n-1], REALM_SZ);
- krb5_free_krbhst(hosts);
- return(KSUCCESS);
-}
-
-#ifdef NOT_IMPLEMENTED
-krb_get_admhst(host, realm, n)
-char *host;
-char *realm;
-int n;
-{
-
-}
-#endif
+++ /dev/null
-/*
- * lib/krb425/get_lrealm.c
- *
- * Copyright 1990 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * krb_get_lrealm for krb425
- */
-
-
-#include "krb425.h"
-
-int
-krb_get_lrealm(realm, n)
-char *realm;
-int n;
-{
- krb5_error_code r;
- char **realms;
- int i = 0;
-
- if (r = krb5_get_host_realm(0, &realms))
- return(krb425error(r));
-
- if (!realms)
- return(KFAILURE);
-
- while (i < n)
- if (!realms[i++]) {
- krb5_free_host_realm(realms);
- return(KFAILURE);
- }
-
- strncpy(realm, realms[n-1], REALM_SZ);
- krb5_free_host_realm(realms);
- return(KSUCCESS);
-}
+++ /dev/null
-/*
- * lib/krb425/get_phost.c
- *
- * Copyright 1990 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * krb_get_phost for krb425
- */
-
-
-#include "krb425.h"
-
-char *
-krb_get_phost(alias)
-char *alias;
-{
- struct hostent *h;
- char *phost = alias;
-
- if ((h = gethostbyname(alias)) != (struct hostent *)0 ) {
- char *p;
-#ifdef OLD_CRUFT
- if (p = strchr( h->h_name, '.' ))
- *p = 0;
-#endif
- p = phost = h->h_name;
- do {
- if (isupper(*p)) *p=tolower(*p);
- } while (*p++);
- }
- return(phost);
-}
+++ /dev/null
-/*
- * lib/krb425/kn_parse.c
- *
- * Copyright 1987,1988,1990,1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-
-
-#include <stdio.h>
-#include <krb.h>
-#include "k5-int.h"
-
-/* max size of full name */
-#define FULL_SZ (ANAME_SZ + INST_SZ + REALM_SZ)
-
-#define NAME 0 /* which field are we in? */
-#define INST 1
-#define REALM 2
-
-extern char *krb_err_txt[];
-
-/*
- * This file contains four routines for handling Kerberos names.
- *
- * kname_parse() breaks a Kerberos name into its name, instance,
- * and realm components.
- *
- * k_isname(), k_isinst(), and k_isrealm() check a given string to see if
- * it's a syntactically legitimate respective part of a Kerberos name,
- * returning 1 if it is, 0 if it isn't.
- *
- * Definition of "syntactically legitimate" names is according to
- * the Project Athena Technical Plan Section E.2.1, page 7 "Specifying
- * names", version dated 21 Dec 1987.
- */
-
-/*
- * kname_parse() takes a Kerberos name "fullname" of the form:
- *
- * username[.instance][@realm]
- *
- * and returns the three components ("name", "instance", and "realm"
- * in the example above) in the given arguments "np", "ip", and "rp".
- *
- * If successful, it returns KSUCCESS. If there was an error,
- * KNAME_FMT is returned.
- */
-
-int
-kname_parse(np, ip, rp, fullname)
- char *np, *ip, *rp, *fullname;
-{
- static char buf[FULL_SZ];
- char *rnext, *wnext; /* next char to read, write */
- register char c;
- int backslash;
- int field;
-
- backslash = 0;
- rnext = buf;
- wnext = np;
- field = NAME;
-
- if (strlen(fullname) > FULL_SZ)
- return KNAME_FMT;
- (void) strcpy(buf, fullname);
-
- while (c = *rnext++) {
- if (backslash) {
- *wnext++ = c;
- backslash = 0;
- continue;
- }
- switch (c) {
- case '\\':
- backslash++;
- break;
- case '.':
- switch (field) {
- case NAME:
- if (wnext == np)
- return KNAME_FMT;
- *wnext = '\0';
- field = INST;
- wnext = ip;
- break;
- case INST:
- return KNAME_FMT;
- /* break; */
- case REALM:
- *wnext++ = c;
- break;
- default:
- fprintf(stderr, "unknown field value\n");
- exit(1);
- }
- break;
- case '@':
- switch (field) {
- case NAME:
- if (wnext == np)
- return KNAME_FMT;
- *ip = '\0';
- /* fall through */
- case INST:
- *wnext = '\0';
- field = REALM;
- wnext = rp;
- break;
- case REALM:
- return KNAME_FMT;
- default:
- fprintf(stderr, "unknown field value\n");
- exit(1);
- }
- break;
- default:
- *wnext++ = c;
- }
- }
- *wnext = '\0';
- if ((strlen(np) > ANAME_SZ - 1) ||
- (strlen(ip) > INST_SZ - 1) ||
- (strlen(rp) > REALM_SZ - 1))
- return KNAME_FMT;
- return KSUCCESS;
-}
-
-/*
- * k_isname() returns 1 if the given name is a syntactically legitimate
- * Kerberos name; returns 0 if it's not.
- */
-int
-k_isname(s)
- char *s;
-{
- register char c;
- int backslash = 0;
-
- if (!*s)
- return 0;
- if (strlen(s) > ANAME_SZ - 1)
- return 0;
- while(c = *s++) {
- if (backslash) {
- backslash = 0;
- continue;
- }
- switch(c) {
- case '\\':
- backslash = 1;
- break;
- case '.':
- return 0;
- /* break; */
- case '@':
- return 0;
- /* break; */
- }
- }
- return 1;
-}
-
-
-/*
- * k_isinst() returns 1 if the given name is a syntactically legitimate
- * Kerberos instance; returns 0 if it's not.
- */
-int
-k_isinst(s)
- char *s;
-{
- register char c;
- int backslash = 0;
-
- if (strlen(s) > INST_SZ - 1)
- return 0;
- while(c = *s++) {
- if (backslash) {
- backslash = 0;
- continue;
- }
- switch(c) {
- case '\\':
- backslash = 1;
- break;
- case '.':
- return 0;
- /* break; */
- case '@':
- return 0;
- /* break; */
- }
- }
- return 1;
-}
-
-/*
- * k_isrealm() returns 1 if the given name is a syntactically legitimate
- * Kerberos realm; returns 0 if it's not.
- */
-int
-k_isrealm(s)
- char *s;
-{
- register char c;
- int backslash = 0;
-
- if (!*s)
- return 0;
- if (strlen(s) > REALM_SZ - 1)
- return 0;
- while(c = *s++) {
- if (backslash) {
- backslash = 0;
- continue;
- }
- switch(c) {
- case '\\':
- backslash = 1;
- break;
- case '@':
- return 0;
- /* break; */
- }
- }
- return 1;
-}
+++ /dev/null
-/*
- * lib/krb425/kntoln.c
- *
- * Copyright 1990 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * krb_kntoln for krb425
- */
-
-
-#include "krb425.h"
-
-int
-krb_kntoln(ad,lname)
-AUTH_DAT *ad;
-char *lname;
-{
- krb5_error_code retval;
-
- if (!_krb425_local_realm)
- if (retval = krb5_get_default_realm(&_krb425_local_realm))
- return(krb425error(retval));
-
- if (strcmp(ad->pinst,""))
- return(KFAILURE);
- if (strcmp(ad->prealm, _krb425_local_realm))
- return(KFAILURE);
-
- (void) strcpy(lname,ad->pname);
- return(KSUCCESS);
-}
+++ /dev/null
-/*
- * lib/krb425/krb425.h
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * krb425.h
- */
-
-
-#ifndef KRB5_krb425__
-#define KRB5_krb425__
-
-#include <ctype.h>
-#include <netdb.h>
-#include <krb.h>
-#include "k5-int.h"
-#include <netinet/in.h>
-#include <stdio.h>
-
-#define min(a,b) ((a) < (b) ? (a) : (b))
-
-#define set_data5(d5,s) d5.length = strlen(s); d5.data = s
-
-#define set_cksum(ck,v) { \
- ck.checksum_type = CKSUMTYPE_CRC32; \
- ck.length = sizeof(v); \
- ck.contents = (krb5_octet *)&v; \
-}
-
-#define set_string(str,sz,d5) { \
- if (d5) { \
- int x; \
- x = min(sz-1, d5->length); \
- strncpy(str, d5->data, x); \
- str[x] = 0; \
- } else \
- str[0] = 0; \
-}
-
-extern char *_krb425_local_realm;
-extern krb5_ccache _krb425_ccache;
-extern int _krb425_error_init;
-extern krb5_keyblock _krb425_servkey;
-
-
-extern int krb425error();
-
-extern char *basename();
-extern int des_key_sched();
-extern int kname_parse();
-extern int krb_get_cred();
-extern int krb_get_lrealm();
-extern int krb_kntoln();
-extern long krb_mk_priv();
-extern int krb_mk_req();
-extern int krb_net_read();
-extern int krb_net_write();
-extern long krb_rd_priv();
-extern int krb_rd_req();
-extern int mit_des_string_to_key();
-
-
-#ifdef EBUG
-#define PLINE { fprintf(stderr, "%26s:%4d\n", basename(__FILE__),__LINE__); \
- fflush(stderr); }
-#define show5(x) fprintf(stderr, "``%.*s''", x.length, x.data)
-#define EPRINT fprintf(stderr, "%26s:%4d: ", basename(__FILE__), __LINE__), \
- fprintf(stderr,
-#define ENEWLINE fprintf(stderr, "\n");
-#define ERROR(error) { \
- if (!_krb425_error_init) { \
- _krb425_error_init = 1; \
- krb5_init_ets(); \
- } \
- fprintf(stderr, "%26s:%4d: %s (%d)\n", basename(__FILE__), __LINE__, \
- error_message(error), error); \
-}
-#else
-#define PLINE
-#endif
-
-#endif /* KRB5_krb425__ */
-
+++ /dev/null
-# Copyright 1987,1988 Massachusetts Institute of Technology
-#
-# For copying and distribution information, see the file
-# "mit-copyright.h".
-#
-# lib/krb425/krb_err.et
-#
- error_table krb
-
- ec KRBET_KSUCCESS,
- "Kerberos successful"
-
- ec KRBET_KDC_NAME_EXP,
- "Kerberos principal expired"
-
- ec KRBET_KDC_SERVICE_EXP,
- "Kerberos service expired"
-
- ec KRBET_KDC_AUTH_EXP,
- "Kerberos auth expired"
-
- ec KRBET_KDC_PKT_VER,
- "Incorrect kerberos master key version"
-
- ec KRBET_KDC_P_MKEY_VER,
- "Incorrect kerberos master key version"
-
- ec KRBET_KDC_S_MKEY_VER,
- "Incorrect kerberos master key version"
-
- ec KRBET_KDC_BYTE_ORDER,
- "Kerberos error: byte order unknown"
-
- ec KRBET_KDC_PR_UNKNOWN,
- "Kerberos principal unknown"
-
- ec KRBET_KDC_PR_N_UNIQUE,
- "Kerberos principal not unique"
-
- ec KRBET_KDC_NULL_KEY,
- "Kerberos principal has null key"
-
- ec KRBET_KRB_RES11,
- "Reserved 11"
-
- ec KRBET_KRB_RES12,
- "Reserved 12"
-
- ec KRBET_KRB_RES13,
- "Reserved 13"
-
- ec KRBET_KRB_RES14,
- "Reserved 14"
-
- ec KRBET_KRB_RES15,
- "Reserved 15"
-
- ec KRBET_KRB_RES16,
- "Reserved 16"
-
- ec KRBET_KRB_RES17,
- "Reserved 17"
-
- ec KRBET_KRB_RES18,
- "Reserved 18"
-
- ec KRBET_KRB_RES19,
- "Reserved 19"
-
- ec KRBET_KDC_GEN_ERR,
- "Generic error from Kerberos KDC"
-
- ec KRBET_GC_TKFIL,
- "Can't read Kerberos ticket file"
-
- ec KRBET_GC_NOTKT,
- "Can't find Kerberos ticket or TGT"
-
- ec KRBET_KRB_RES23,
- "Reserved 23"
-
- ec KRBET_KRB_RES24,
- "Reserved 24"
-
- ec KRBET_KRB_RES25,
- "Reserved 25"
-
- ec KRBET_MK_AP_TGTEXP,
- "Kerberos TGT Expired"
-
- ec KRBET_KRB_RES27,
- "Reserved 27"
-
- ec KRBET_KRB_RES28,
- "Reserved 28"
-
- ec KRBET_KRB_RES29,
- "Reserved 29"
-
- ec KRBET_KRB_RES30,
- "Reserved 30"
-
- ec KRBET_RD_AP_UNDEC,
- "Kerberos error: Can't decode authenticator"
-
- ec KRBET_RD_AP_EXP,
- "Kerberos ticket expired"
-
- ec KRBET_RD_AP_NYV,
- "Kerberos ticket not yet valid"
-
- ec KRBET_RD_AP_REPEAT,
- "Kerberos error: Repeated request"
-
- ec KRBET_RD_AP_NOT_US,
- "The kerberos ticket isn't for us"
-
- ec KRBET_RD_AP_INCON,
- "Kerberos request inconsistent"
-
- ec KRBET_RD_AP_TIME,
- "Kerberos error: delta_t too big"
-
- ec KRBET_RD_AP_BADD,
- "Kerberos error: incorrect net address"
-
- ec KRBET_RD_AP_VERSION,
- "Kerberos protocol version mismatch"
-
- ec KRBET_RD_AP_MSG_TYPE,
- "Kerberos error: invalid msg type"
-
- ec KRBET_RD_AP_MODIFIED,
- "Kerberos error: message stream modified"
-
- ec KRBET_RD_AP_ORDER,
- "Kerberos error: message out of order"
-
- ec KRBET_RD_AP_UNAUTHOR,
- "Kerberos error: unauthorized request"
-
- ec KRBET_KRB_RES44,
- "Reserved 44"
-
- ec KRBET_KRB_RES45,
- "Reserved 45"
-
- ec KRBET_KRB_RES46,
- "Reserved 46"
-
- ec KRBET_KRB_RES47,
- "Reserved 47"
-
- ec KRBET_KRB_RES48,
- "Reserved 48"
-
- ec KRBET_KRB_RES49,
- "Reserved 49"
-
- ec KRBET_KRB_RES50,
- "Reserved 50"
-
- ec KRBET_GT_PW_NULL,
- "Kerberos error: current PW is null"
-
- ec KRBET_GT_PW_BADPW,
- "Kerberos error: Incorrect current password"
-
- ec KRBET_GT_PW_PROT,
- "Kerberos protocol error"
-
- ec KRBET_GT_PW_KDCERR,
- "Error returned by Kerberos KDC"
-
- ec KRBET_GT_PW_NULLTKT,
- "Null Kerberos ticket returned by KDC"
-
- ec KRBET_SKDC_RETRY,
- "Kerberos error: Retry count exceeded"
-
- ec KRBET_SKDC_CANT,
- "Kerberos error: Can't send request"
-
- ec KRBET_KRB_RES58,
- "Reserved 58"
-
- ec KRBET_KRB_RES59,
- "Reserved 59"
-
- ec KRBET_KRB_RES60,
- "Reserved 60"
-
- ec KRBET_INTK_W_NOTALL,
- "Kerberos error: not all tickets returned"
-
- ec KRBET_INTK_BADPW,
- "Kerberos error: incorrect password"
-
- ec KRBET_INTK_PROT,
- "Kerberos error: Protocol Error"
-
- ec KRBET_KRB_RES64,
- "Reserved 64"
-
- ec KRBET_KRB_RES65,
- "Reserved 65"
-
- ec KRBET_KRB_RES66,
- "Reserved 66"
-
- ec KRBET_KRB_RES67,
- "Reserved 67"
-
- ec KRBET_KRB_RES68,
- "Reserved 68"
-
- ec KRBET_KRB_RES69,
- "Reserved 69"
-
- ec KRBET_INTK_ERR,
- "Other error"
-
- ec KRBET_AD_NOTGT,
- "Don't have Kerberos ticket-granting ticket"
-
- ec KRBET_KRB_RES72,
- "Reserved 72"
-
- ec KRBET_KRB_RES73,
- "Reserved 73"
-
- ec KRBET_KRB_RES74,
- "Reserved 74"
-
- ec KRBET_KRB_RES75,
- "Reserved 75"
-
- ec KRBET_NO_TKT_FIL,
- "No ticket file found"
-
- ec KRBET_TKT_FIL_ACC,
- "Couldn't access ticket file"
-
- ec KRBET_TKT_FIL_LCK,
- "Couldn't lock ticket file"
-
- ec KRBET_TKT_FIL_FMT,
- "Bad ticket file format"
-
- ec KRBET_TKT_FIL_INI,
- "tf_init not called first"
-
- ec KRBET_KNAME_FMT,
- "Bad Kerberos name format"
-
- end
-
+++ /dev/null
-/*
- * lib/krb425/kuserok.c
- *
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * kuserok: check if a kerberos principal has
- * access to a local account
- */
-
-#include "krb425.h"
-
-#include <pwd.h>
-#include <string.h>
-#include <sys/param.h>
-#if defined(aix) /* AIX needs BSD defined to some value for socket.h */
-#define _BSD 44
-#endif
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <sys/file.h>
-
-#define OK 0
-#ifdef NOTOK
-#undef NOTOK
-#endif
-#define NOTOK 1
-#define MAX_USERNAME 10
-
-#ifdef unicos61
-#ifdef MAXPATHLEN
-#undef MAXPATHLEN
-#endif
-#define MAXPATHLEN PATHSIZE
-#endif /* unicos61 */
-
-#ifndef F_OK
-#define F_OK 0
-#endif
-
-/*
- * Given a Kerberos principal "kdata", and a local username "luser",
- * determine whether user is authorized to login according to the
- * authorization file ("~luser/.klogin" by default). Returns OK
- * if authorized, NOTOK if not authorized.
- *
- * If there is no account for "luser" on the local machine, returns
- * NOTOK. If there is no authorization file, and the given Kerberos
- * name "kdata" translates to the same name as "luser" (using
- * krb_kntoln()), returns OK. Otherwise, if the authorization file
- * can't be accessed, returns NOTOK. Otherwise, the file is read for
- * a matching principal name, instance, and realm. If one is found,
- * returns OK, if none is found, returns NOTOK.
- *
- * The file entries are in the format:
- *
- * name.instance@realm
- *
- * one entry per line.
- *
- * The ATHENA_COMPAT code supports old-style Athena ~luser/.klogin
- * file entries. See the file "kn_parse.c".
- */
-
-
-int
-kuserok(kdata, luser)
- AUTH_DAT *kdata;
- char *luser;
-{
- struct stat sbuf;
- struct passwd *pwd;
- char pbuf[MAXPATHLEN];
- int isok = NOTOK, rc;
- FILE *fp;
- char kuser[MAX_USERNAME];
- char principal[ANAME_SZ], inst[INST_SZ], realm[REALM_SZ];
- char linebuf[BUFSIZ];
- char *newline;
- int gobble;
-
- /* no account => no access */
- if ((pwd = (struct passwd *) getpwnam(luser)) == NULL) {
- return(NOTOK);
- }
- (void) strcpy(pbuf, pwd->pw_dir);
- (void) strcat(pbuf, "/.klogin");
-
- if (access(pbuf, F_OK)) { /* not accessible */
- /*
- * if he's trying to log in as himself, and there is no .klogin file,
- * let him. To find out, call
- * krb_kntoln to convert the triple in kdata to a name which we can
- * string compare.
- */
- if (!krb_kntoln(kdata, kuser) && (strcmp(kuser, luser) == 0)) {
- return(OK);
- }
- }
- /* open ~/.klogin */
- if ((fp = fopen(pbuf, "r")) == NULL) {
- return(NOTOK);
- }
- /*
- * security: if the user does not own his own .klogin file,
- * do not grant access
- */
- if (fstat(fileno(fp), &sbuf)) {
- fclose(fp);
- return(NOTOK);
- }
- if (sbuf.st_uid != pwd->pw_uid) {
- fclose(fp);
- return(NOTOK);
- }
-
-
- /* check each line */
- while ((isok != OK) && (fgets(linebuf, BUFSIZ, fp) != NULL)) {
- /* null-terminate the input string */
- linebuf[BUFSIZ-1] = '\0';
- newline = NULL;
- /* nuke the newline if it exists */
- if (newline = strchr(linebuf, '\n'))
- *newline = '\0';
- rc = kname_parse(principal, inst, realm, linebuf);
- if (rc == KSUCCESS) {
- isok = (strncmp(kdata->pname, principal, ANAME_SZ) ||
- strncmp(kdata->pinst, inst, INST_SZ) ||
- strncmp(kdata->prealm, realm, REALM_SZ));
- }
- /* clean up the rest of the line if necessary */
- if (!newline)
- while (((gobble = getc(fp)) != EOF) && gobble != '\n');
- }
- fclose(fp);
- return(isok);
-}
+++ /dev/null
-/*
- * lib/krb425/mk_priv.c
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * krb_mk_priv for krb425
- */
-
-
-#include "krb425.h"
-#ifndef hpux
-#include <arpa/inet.h>
-#endif
-
-long
-krb_mk_priv(in, out, in_length, sched, key, sender, receiver)
-u_char *in;
-u_char *out;
-u_long in_length;
-Key_schedule sched; /* ignored */
-des_cblock key;
-struct sockaddr_in *sender;
-struct sockaddr_in *receiver;
-{
- krb5_data inbuf;
- krb5_data out5;
- krb5_keyblock keyb;
- krb5_address saddr, *saddr2;
- krb5_address raddr;
- krb5_error_code r;
- char sa[4], ra[4];
- krb5_rcache rcache;
-
- keyb.keytype = KEYTYPE_DES;
- keyb.length = sizeof(des_cblock);
- keyb.contents = (krb5_octet *)key;
-
- saddr.addrtype = ADDRTYPE_INET;
- saddr.length = 4;
- saddr.contents = (krb5_octet *)sa;
-
- raddr.addrtype = ADDRTYPE_INET;
- raddr.length = 4;
- raddr.contents = (krb5_octet *)ra;
-
- memcpy(sa, (char *)&sender->sin_addr, 4);
- memcpy(ra, (char *)&receiver->sin_addr, 4);
-
- inbuf.data = (char *)in;
- inbuf.length = in_length;
-
- if (r = krb5_gen_portaddr(&saddr, (krb5_pointer)&sender->sin_port,
- &saddr2)) {
-#ifdef EBUG
- ERROR(r);
-#endif
- return(-1);
- }
-
-
- out5.data = inet_ntoa(sender->sin_addr);
- out5.length = strlen(out5.data);
- if (r = krb5_get_server_rcache(&out5,
- &rcache)) {
- krb5_free_address(saddr2);
-#ifdef EBUG
- ERROR(r);
-#endif
- return(-1);
- }
- r = krb5_mk_priv(&inbuf,
- KEYTYPE_DES,
- &keyb,
- saddr2, &raddr,
- 0, /* no sequence number */
- 0, /* default flags (none) */
- rcache,
- 0, /* ignore ivec */
- &out5);
- krb5_rc_close(rcache);
- krb5_free_address(saddr2);
-
- if (r) {
-#ifdef EBUG
- ERROR(r);
-#endif
- return(-1);
- }
-
- memcpy((char *)out, out5.data, out5.length);
- free(out5.data);
- return(out5.length);
-}
+++ /dev/null
-/*
- * lib/krb425/mk_req.c
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * krb_mk_req for krb425
- */
-
-
-#include "krb425.h"
-
-int
-krb_mk_req(authent, service, instance, realm, checksum)
-KTEXT authent;
-char *service;
-char *instance;
-char *realm;
-u_long checksum;
-{
- krb5_principal server;
- krb5_error_code r;
- krb5_data outbuf;
- krb5_checksum ck;
-
- if (r = krb5_build_principal(&server,
- strlen(realm), realm,
- service,
- instance,
- 0)) {
- return(krb425error(r));
- }
-
- if (!_krb425_ccache)
- krb5_cc_default(&_krb425_ccache);
-
-#ifdef EBUG
- EPRINT "Calling krb5_mk_req with:\n");
- EPRINT " Realm : "); show5(srvdata[0]); ENEWLINE
- EPRINT " Service : "); show5(srvdata[1]); ENEWLINE
- EPRINT " Instance: "); show5(srvdata[2]); ENEWLINE
- EPRINT " CheckSum: %08x\n", checksum);
-#endif
- set_cksum(ck, checksum)
-
- r = krb5_mk_req((krb5_principal)server,
- (krb5_flags)0,
- &ck,
- _krb425_ccache,
- &outbuf);
-#ifdef EBUG
- if (r)
- ERROR(r)
-#endif
- krb5_free_principal(server);
- if (!r) {
- if (outbuf.length > MAX_KTXT_LEN) {
-#ifdef EBUG
- EPRINT "Return to long (%d > %d)\n",
- outbuf.length, MAX_KTXT_LEN);
-#endif
- krb5_xfree(outbuf.data);
- return(KFAILURE);
- }
- authent->length = outbuf.length;
- memcpy((char *)authent->dat, (char *)outbuf.data, outbuf.length);
- krb5_xfree(outbuf.data);
- }
- return(krb425error(r));
-}
+++ /dev/null
-/*
- * lib/krb425/mk_safe.c
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * krb_mk_safe for krb425
- */
-
-
-#include "krb425.h"
-#ifndef hpux
-#include <arpa/inet.h>
-#endif
-
-long
-krb_mk_safe(in, out, in_length, key, sender, receiver)
-u_char *in;
-u_char *out;
-u_long in_length;
-des_cblock key;
-struct sockaddr_in *sender;
-struct sockaddr_in *receiver;
-{
- krb5_data inbuf;
- krb5_data out5;
- krb5_keyblock keyb;
- krb5_address saddr, *saddr2;
- krb5_address raddr;
- krb5_error_code r;
- char sa[4], ra[4];
- krb5_rcache rcache;
-
- keyb.keytype = KEYTYPE_DES;
- keyb.length = sizeof(des_cblock);
- keyb.contents = (krb5_octet *)key;
-
- saddr.addrtype = ADDRTYPE_INET;
- saddr.length = 4;
- saddr.contents = (krb5_octet *)sa;
-
- raddr.addrtype = ADDRTYPE_INET;
- raddr.length = 4;
- raddr.contents = (krb5_octet *)ra;
-
- memcpy(sa, (char *)&sender->sin_addr, 4);
- memcpy(ra, (char *)&receiver->sin_addr, 4);
-
- inbuf.data = (char *)in;
- inbuf.length = in_length;
-
- if (r = krb5_gen_portaddr(&saddr, (krb5_pointer)&sender->sin_port,
- &saddr2)) {
-#ifdef EBUG
- ERROR(r);
-#endif
- return(-1);
- }
-
- out5.data = inet_ntoa(sender->sin_addr);
- out5.length = strlen(out5.data);
- if (r = krb5_get_server_rcache(&out5,
- &rcache)) {
- krb5_free_address(saddr2);
-#ifdef EBUG
- ERROR(r);
-#endif
- return(-1);
- }
- r = krb5_mk_safe(&inbuf,
- CKSUMTYPE_RSA_MD4_DES,
- &keyb,
- saddr2, &raddr,
- 0, /* no sequence number */
- 0, /* default flags (none) */
- rcache,
- &out5);
- krb5_rc_close(rcache);
- krb5_free_address(saddr2);
-
- if (r) {
-#ifdef EBUG
- ERROR(r);
-#endif
- return(-1);
- }
-
- memcpy((char *)out, out5.data, out5.length);
- free(out5.data);
- return(out5.length);
-}
+++ /dev/null
-/*
- * lib/krb425/net_read.c
- *
- * Copyright 1990 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * krb_net_read for krb425
- */
-
-
-#include "krb425.h"
-
-int
-krb_net_read(fd,buf,len)
-int fd;
-char *buf;
-int len;
-{
- extern int read();
- int cc, len2 = 0;
-#ifdef EBUG
- char *obuf = buf;
-#endif
-
- do {
- cc = read(fd, buf, len);
- if (cc < 0)
- return(cc); /* errno is already set */
- else if (cc == 0) {
- return(len2);
- } else {
- buf += cc;
- len2 += cc;
- len -= cc;
- }
- } while (len > 0);
-#ifdef EBUG
- buf = obuf;
- EPRINT "Read data: ``");
- for (cc = 0; cc < len2 && cc < 24; ++cc) {
- fprintf(stderr, "%c", (buf[cc] < ' ' || buf[cc] > '~') ? '.' : buf[cc]);
- }
- if (cc < len2) {
- fprintf(stderr, "''(%d)\n", len2);
- } else {
- fprintf(stderr, "''\n");
- }
-#endif
- return(len2);
-}
+++ /dev/null
-/*
- * lib/krb425/net_write.c
- *
- * Copyright 1990 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * krb_net_write for krb425
- */
-
-
-#include "krb425.h"
-
-int
-krb_net_write(fd,buf,len)
-int fd;
-char *buf;
-int len;
-{
- int cc;
- extern int write();
- register int wrlen = len;
-#ifdef EBUG
- EPRINT "Write data: ``");
- for (cc = 0; cc < len && cc < 24; ++cc) {
- fprintf(stderr, "%c", (buf[cc] < ' ' || buf[cc] > '~') ? '.' : buf[cc]);
- }
- if (cc < len) {
- fprintf(stderr, "''(%d)\n", len);
- } else {
- fprintf(stderr, "''\n");
- }
-#endif
- do {
- cc = write(fd, buf, wrlen);
- if (cc < 0)
- return(cc);
- else {
- buf += cc;
- wrlen -= cc;
- }
- } while (wrlen > 0);
- return(len);
-}
+++ /dev/null
-/*
- * lib/krb425/rd_priv.c
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * krb_rd_priv for krb425
- */
-
-
-#include "krb425.h"
-#ifndef hpux
-#include <arpa/inet.h>
-#endif
-#include <netinet/in.h>
-long
-krb_rd_priv(in, in_length, sched, key, sender, receiver, msg)
-u_char *in;
-u_long in_length;
-Key_schedule sched; /* ignored */
-des_cblock key;
-struct sockaddr_in *sender;
-struct sockaddr_in *receiver;
-MSG_DAT *msg;
-{
- krb5_data inbuf;
- krb5_data out;
- krb5_keyblock keyb;
- krb5_address saddr, *saddr2;
- krb5_address raddr;
- krb5_error_code r;
- char sa[4], ra[4];
- krb5_rcache rcache;
- char *cachename;
-
- keyb.keytype = KEYTYPE_DES;
- keyb.length = sizeof(des_cblock);
- keyb.contents = (krb5_octet *)key;
-
- saddr.addrtype = ADDRTYPE_INET;
- saddr.length = 4;
- saddr.contents = (krb5_octet *)sa;
-
- raddr.addrtype = ADDRTYPE_INET;
- raddr.length = 4;
- raddr.contents = (krb5_octet *)ra;
-
- memcpy(sa, (char *)&sender->sin_addr, 4);
- memcpy(ra, (char *)&receiver->sin_addr, 4);
-
- inbuf.data = (char *)in;
- inbuf.length = in_length;
-
- if (r = krb5_gen_portaddr(&saddr, (krb5_pointer)&sender->sin_port,
- &saddr2)) {
-#ifdef EBUG
- ERROR(r);
-#endif
- return(krb425error(r));
- }
- if (cachename = calloc(1, strlen(inet_ntoa(sender->sin_addr)+1+1+5)))
- /* 1 for NUL, 1 for ., 5 for digits of port
- (unsigned 16bit, no greater than 65535) */
- sprintf(cachename, "%s.%u", inet_ntoa(sender->sin_addr),
- ntohs(receiver->sin_port));
- else {
-#ifdef EBUG
- ERROR(ENOMEM);
-#endif
- return(krb425error(ENOMEM));
- }
-
- out.data = cachename;
- out.length = strlen(cachename);
- if (r = krb5_get_server_rcache(&out,
- &rcache)) {
- krb5_free_address(saddr2);
-#ifdef EBUG
- ERROR(r);
-#endif
- return(-1);
- }
- free(cachename);
- r = krb5_rd_priv(&inbuf, &keyb, saddr2, &raddr,
- 0, 0, 0, rcache, &out);
- krb5_rc_close(rcache);
-
- krb5_free_address(saddr2);
-
- if (r) {
-#ifdef EBUG
- ERROR(r);
-#endif
- return(krb425error(r));
- }
-
- msg->app_data = (u_char *)out.data;
- msg->app_length = out.length;
- msg->hash = 0L;
- msg->swap = 0;
- msg->time_sec = 0;
- msg->time_5ms = 0;
- return(KSUCCESS);
-}
+++ /dev/null
-/*
- * lib/krb425/rd_req.c
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * krb_rd_req for krb425
- */
-
-
-#include "krb425.h"
-#include <sys/param.h>
-
-static krb5_error_code
-setkey_key_proc(DECLARG(krb5_pointer,arg),
- DECLARG(krb5_principal,princ),
- DECLARG(krb5_kvno,kvno),
- DECLARG(krb5_keyblock **,retkey))
-OLDDECLARG(krb5_pointer,arg)
-OLDDECLARG(krb5_principal,princ)
-OLDDECLARG(krb5_kvno,kvno)
-OLDDECLARG(krb5_keyblock **,retkey)
-{
- return krb5_copy_keyblock(&_krb425_servkey, retkey);
-}
-
-int
-krb_rd_req(authent, service, instance, from_addr, ad, fn)
-KTEXT authent;
-char *service;
-char *instance;
-u_long from_addr;
-AUTH_DAT *ad;
-char *fn;
-{
- krb5_address peer;
- krb5_tkt_authent *authdat;
- char addr[4];
- krb5_principal server;
- krb5_error_code r;
- krb5_data authe;
- extern int gethostname();
- int use_set_key = 0;
- char file_name[MAXPATHLEN];
-
- if (from_addr) {
- peer.addrtype = ADDRTYPE_INET;
- peer.length = 4;
- peer.contents = (krb5_octet *)addr;
- memcpy(addr, (char *)&from_addr + (sizeof(from_addr) - 4), 4);
- }
-
- if (!_krb425_local_realm)
- if (r = krb5_get_default_realm(&_krb425_local_realm))
- return(krb425error(r));
-
- if (!strcmp(instance, "*")) {
- static char hostname[64] = { 0 };
-
- if (!hostname[0]) {
- struct hostent *h;
-
- gethostname(hostname, sizeof(hostname));
- if (h = gethostbyname(hostname)) {
- char *p;
-
- strncpy(hostname, h->h_name, sizeof(hostname));
- hostname[sizeof(hostname)-1] = 0;
- p = hostname;
- do {
- if (isupper(*p)) *p=tolower(*p);
- } while (*p++);
- }
- }
- instance = hostname;
- }
- if (r = krb5_build_principal(&server,
- strlen(_krb425_local_realm),
- _krb425_local_realm,
- service,
- instance,
- 0)) {
- return(krb425error(r));
- }
-
- authe.length = authent->length;
- authe.data = (char *)authent->dat;
- if (!fn) {
- use_set_key = 1;
- fn = (char *)0;
- } else if (!*fn) {
- fn = (char *)0;
- } else {
- strcpy(file_name, "FILE:");
- strncpy(file_name + 5, fn, MAXPATHLEN-5);
- file_name[sizeof(file_name)-1] = '\0';
- fn = file_name;
- }
-
-
-#ifdef EBUG
- EPRINT "Calling krb5_rd_req with:\n");
- EPRINT " Realm : "); show5(srvdata[0]); ENEWLINE
- EPRINT " Service : "); show5(srvdata[1]); ENEWLINE
- EPRINT " Instance: "); show5(srvdata[2]); ENEWLINE
- EPRINT "Authenenticator : %d bytes\n", authe.length);
- EPRINT "Filename : %s\n", fn ? fn : "none given");
- if (from_addr) {
- EPRINT "Address type : %s\n",
- peer.addrtype == ADDRTYPE_INET ? "inet" :
- peer.addrtype == ADDRTYPE_CHAOS ? "chaos" :
- peer.addrtype == ADDRTYPE_XNS ? "xns" :
- peer.addrtype == ADDRTYPE_ISO ? "iso" :
- peer.addrtype == ADDRTYPE_DDP ? "ddp" : "unknown type");
- EPRINT "Address length : %d\n", peer.length);
- EPRINT "Address :");
- {
- int x;
- for (x = 0; x < peer.length && x < 8; ++x)
- fprintf(stderr, " %d", peer.contents[x]);
- if (x < peer.length)
- fprintf(stderr, " (%d)", peer.length);
- fprintf(stderr, "\n");
- }
- }
-#endif
-
-/* ? : will break some compilers when dealing with function pointers */
- if (use_set_key)
- r = krb5_rd_req(&authe,
- server,
- from_addr ? &peer : 0,
- fn, setkey_key_proc,
- 0, 0, &authdat);
- else
- r = krb5_rd_req(&authe,
- server,
- from_addr ? &peer : 0,
- fn, 0,
- 0, 0, &authdat);
- krb5_free_principal(server);
- if (r) {
-#ifdef EBUG
- ERROR(r)
-#endif
- return(krb425error(r));
- }
-
- ad->k_flags = 0;
-
-#ifdef EBUG
- r = 0;
- while (authdat->authenticator->client[r]) {
- EPRINT "Client[%d]: ", r); show5((*authdat->authenticator->client[r])); ENEWLINE
- ++r;
- }
- r = 0;
- while (authdat->ticket->server[r]) {
- EPRINT "Server[%d]: ", r); show5((*authdat->ticket->server[r])); ENEWLINE
- ++r;
- }
- r = 0;
-#endif
- set_string(ad->pname, ANAME_SZ,
- krb5_princ_component(authdat->authenticator->client, 0));
-
- if (authdat->authenticator->client->length > 1) {
- set_string(ad->pinst, INST_SZ,
- krb5_princ_component(authdat->authenticator->client,
- 1));
- }
- else {
- ad->pinst[0] = '\0';
- }
-
- set_string(ad->prealm, REALM_SZ,
- krb5_princ_realm(authdat->authenticator->client));
-
- ad->checksum = *(long *)authdat->authenticator->checksum->contents;
-
- if (authdat->ticket->enc_part2->session->keytype != KEYTYPE_DES) {
- r = KFAILURE;
- goto out;
- } else
- memcpy((char*)ad->session,
- (char*)authdat->ticket->enc_part2->session->contents,
- sizeof(C_Block));
-
- ad->life = authdat->ticket->enc_part2->times.endtime;
- ad->time_sec = authdat->authenticator->ctime;
- ad->address = 0;
-
- if (authdat->ticket->enc_part2->caddrs[0]->addrtype != ADDRTYPE_INET) {
- r = KFAILURE;
- goto out;
- } else
- memcpy((char*)&ad->address + sizeof(ad->address) - 4,
- (char*)authdat->ticket->enc_part2->caddrs[0]->contents, 4);
-
- if (authdat->ticket->enc_part2->authorization_data &&
- authdat->ticket->enc_part2->authorization_data[0]) {
- ad->reply.length = authdat->ticket->enc_part2->authorization_data[0]->length;
- memcpy((char*)ad->reply.dat,
- (char*)authdat->ticket->enc_part2->authorization_data[0]->contents,
- min(ad->reply.length, MAX_KTXT_LEN));
- ad->reply.mbz = 0;
- }
-out:
- krb5_free_tkt_authent(authdat);
- return(r);
-}
+++ /dev/null
-/*
- * lib/krb425/rd_safe.c
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * krb_rd_safe for krb425
- */
-
-
-#include "krb425.h"
-#ifndef hpux
-#include <arpa/inet.h>
-#endif
-#include <netinet/in.h>
-
-long
-krb_rd_safe(in, in_length, key, sender, receiver, msg)
-u_char *in;
-u_long in_length;
-des_cblock key;
-struct sockaddr_in *sender;
-struct sockaddr_in *receiver;
-MSG_DAT *msg;
-{
- krb5_data inbuf;
- krb5_data out;
- krb5_keyblock keyb;
- krb5_address saddr, *saddr2;
- krb5_address raddr;
- krb5_error_code r;
- char sa[4], ra[4];
- krb5_rcache rcache;
- char *cachename;
-
- keyb.keytype = KEYTYPE_DES;
- keyb.length = sizeof(des_cblock);
- keyb.contents = (krb5_octet *)key;
-
- saddr.addrtype = ADDRTYPE_INET;
- saddr.length = 4;
- saddr.contents = (krb5_octet *)sa;
-
- raddr.addrtype = ADDRTYPE_INET;
- raddr.length = 4;
- raddr.contents = (krb5_octet *)ra;
-
- memcpy(sa, (char *)&sender->sin_addr, 4);
- memcpy(ra, (char *)&receiver->sin_addr, 4);
-
- inbuf.data = (char *)in;
- inbuf.length = in_length;
-
- if (r = krb5_gen_portaddr(&saddr, (krb5_pointer)&sender->sin_port,
- &saddr2)) {
-#ifdef EBUG
- ERROR(r);
-#endif
- return(krb425error(r));
- }
- if (cachename = calloc(1, strlen(inet_ntoa(sender->sin_addr)+1+1+5)))
- /* 1 for NUL, 1 for rc_., 5 for digits of port
- (unsigned 16bit, no greater than 65535) */
- sprintf(cachename, "%s.%u", inet_ntoa(sender->sin_addr),
- ntohs(receiver->sin_port));
- else {
-#ifdef EBUG
- ERROR(ENOMEM);
-#endif
- return(krb425error(ENOMEM));
- }
-
- out.data = cachename;
- out.length = strlen(cachename);
- if (r = krb5_get_server_rcache(&out,
- &rcache)) {
- krb5_free_address(saddr2);
-#ifdef EBUG
- ERROR(r);
-#endif
- return(-1);
- }
- free(cachename);
- r = krb5_rd_safe(&inbuf, &keyb, saddr2, &raddr,
- 0, 0, rcache, &out);
- krb5_rc_close(rcache);
-
- krb5_free_address(saddr2);
-
- if (r) {
-#ifdef EBUG
- ERROR(r);
-#endif
- return(krb425error(r));
- }
-
- msg->app_data = (u_char *)out.data;
- msg->app_length = out.length;
- msg->hash = 0L;
- msg->swap = 0;
- msg->time_sec = 0;
- msg->time_5ms = 0;
- return(KSUCCESS);
-}
+++ /dev/null
-/*
- * lib/krb425/realmhost.c
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * krb_realmofhost for krb425
- */
-
-#include <string.h>
-
-#include "krb425.h"
-
-char *
-krb_realmofhost(host)
-char *host;
-{
- char **realms;
- char *domain;
- static char ret_realm[REALM_SZ+1];
-
-
- domain = strchr(host, '.');
-
- /* prepare default */
- if (domain) {
- char *cp;
-
- strncpy(ret_realm, &domain[1], REALM_SZ);
- ret_realm[REALM_SZ] = '\0';
- /* Upper-case realm */
- for (cp = ret_realm; *cp; cp++)
- if (islower(*cp))
- *cp = toupper(*cp);
- } else {
- if (!_krb425_local_realm &&
- krb5_get_default_realm(&_krb425_local_realm))
- _krb425_local_realm = NULL;
-
- if (_krb425_local_realm) {
- strncpy(ret_realm, _krb425_local_realm, REALM_SZ);
- ret_realm[REALM_SZ-1] = 0;
- }
- }
-
- if (krb5_get_host_realm(host, &realms)) {
- return(ret_realm);
- }
- strncpy(ret_realm, realms[0], REALM_SZ);
- krb5_free_host_realm(realms);
- return(ret_realm);
-}
+++ /dev/null
-/*
- * lib/krb425/recvauth.c
- *
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include "krb425.h"
-
-
-#define KRB_SENDAUTH_VERS "AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN
- chars */
-
-/*
- * If the protocol changes, you will need to change the version string
- * and make appropriate changes in krb_sendauth.c
- * be sure to support old versions of krb_sendauth!
- */
-
-extern int errno;
-
-/*
- * krb_recvauth() reads (and optionally responds to) a message sent
- * using krb_sendauth(). The "options" argument is a bit-field of
- * selected options (see "sendauth.c" for options description).
- * The only option relevant to krb_recvauth() is KOPT_DO_MUTUAL
- * (mutual authentication requested). The "fd" argument supplies
- * a file descriptor to read from (and write to, if mutual authenti-
- * cation is requested).
- *
- * Part of the received message will be a Kerberos ticket sent by the
- * client; this is read into the "ticket" argument. The "service" and
- * "instance" arguments supply the server's Kerberos name. If the
- * "instance" argument is the string "*", it is treated as a wild card
- * and filled in during the krb_rd_req() call (see read_service_key()).
- *
- * The "faddr" and "laddr" give the sending (client) and receiving
- * (local server) network addresses. ("laddr" may be left NULL unless
- * mutual authentication is requested, in which case it must be set.)
- *
- * The authentication information extracted from the message is returned
- * in "kdata". The "filename" argument indicates the file where the
- * server's key can be found. (It is passed on to krb_rd_req().) If
- * left null, the default "/etc/srvtab" will be used.
- *
- * If mutual authentication is requested, the session key schedule must
- * be computed in order to reply; this schedule is returned in the
- * "schedule" argument. A string containing the application version
- * number from the received message is returned in "version", which
- * should be large enough to hold a KRB_SENDAUTH_VLEN-character string.
- *
- * See krb_sendauth() for the format of the received client message.
- *
- * This routine supports another client format, for backward
- * compatibility, consisting of:
- *
- * Size Variable Field
- * ---- -------- -----
- *
- * string tmp_buf, tkt_len length of ticket, in
- * ascii
- *
- * char ' ' (space char) separator
- *
- * tkt_len ticket->dat the ticket
- *
- * This old-style version does not support mutual authentication.
- *
- * krb_recvauth() first reads the protocol version string from the
- * given file descriptor. If it doesn't match the current protocol
- * version (KRB_SENDAUTH_VERS), the old-style format is assumed. In
- * that case, the string of characters up to the first space is read
- * and interpreted as the ticket length, then the ticket is read.
- *
- * If the first string did match KRB_SENDAUTH_VERS, krb_recvauth()
- * next reads the application protocol version string. Then the
- * ticket length and ticket itself are read.
- *
- * The ticket is decrypted and checked by the call to krb_rd_req().
- * If no mutual authentication is required, the result of the
- * krb_rd_req() call is retured by this routine. If mutual authenti-
- * cation is required, a message in the following format is returned
- * on "fd":
- *
- * Size Variable Field
- * ---- -------- -----
- *
- * 4 bytes tkt_len length of ticket or -1
- * if error occurred
- *
- * priv_len tmp_buf "private" message created
- * by krb_mk_priv() which
- * contains the incremented
- * checksum sent by the client
- * encrypted in the session
- * key. (This field is not
- * present in case of error.)
- *
- * If all goes well, KSUCCESS is returned; otherwise KFAILURE or some
- * other error code is returned.
- */
-
-#ifndef max
-#define max(a,b) (((a) > (b)) ? (a) : (b))
-#endif /* max */
-
-int
-krb_recvauth(options, fd, ticket, service, instance, faddr, laddr, kdata,
- filename, schedule, version)
-long options; /* bit-pattern of options */
-int fd; /* file descr. to read from */
-KTEXT ticket; /* storage for client's ticket */
-char *service; /* service expected */
-char *instance; /* inst expected (may be filled in) */
-struct sockaddr_in *faddr; /* address of foreign host on fd */
-struct sockaddr_in *laddr; /* local address */
-AUTH_DAT *kdata; /* kerberos data (returned) */
-char *filename; /* name of file with service keys */
-Key_schedule schedule; /* key schedule (return) */
-char *version; /* version string (filled in) */
-{
-
- int i, cc, old_vers = 0;
- char krb_vers[KRB_SENDAUTH_VLEN + 1]; /* + 1 for the null terminator */
- char *cp;
- int rem;
- long tkt_len, priv_len;
- u_long cksum;
- u_char tmp_buf[MAX_KTXT_LEN+max(KRB_SENDAUTH_VLEN+1,21)];
-
- /* read the protocol version number */
- if (krb_net_read(fd, krb_vers, KRB_SENDAUTH_VLEN) !=
- KRB_SENDAUTH_VLEN)
- return(errno);
- krb_vers[KRB_SENDAUTH_VLEN] = '\0';
-
- /* check version string */
- if (strcmp(krb_vers,KRB_SENDAUTH_VERS)) {
- /* Assume the old version of sendkerberosdata: send ascii
- length, ' ', and ticket. */
- if (options & KOPT_DO_MUTUAL)
- return(KFAILURE); /* XXX can't do old style with mutual auth */
- old_vers = 1;
-
- /* copy what we have read into tmp_buf */
- (void) memcpy((char *) tmp_buf, krb_vers, KRB_SENDAUTH_VLEN);
-
- /* search for space, and make it a null */
- for (i = 0; i < KRB_SENDAUTH_VLEN; i++)
- if (tmp_buf[i]== ' ') {
- tmp_buf[i] = '\0';
- /* point cp to the beginning of the real ticket */
- cp = (char *) &tmp_buf[i+1];
- break;
- }
-
- if (i == KRB_SENDAUTH_VLEN)
- /* didn't find the space, keep reading to find it */
- for (; i<20; i++) {
- if (read(fd, (char *)&tmp_buf[i], 1) != 1) {
- return(KFAILURE);
- }
- if (tmp_buf[i] == ' ') {
- tmp_buf[i] = '\0';
- /* point cp to the beginning of the real ticket */
- cp = (char *) &tmp_buf[i+1];
- break;
- }
- }
-
- tkt_len = (long) atoi((char *) tmp_buf);
-
- /* sanity check the length */
- if ((i==20)||(tkt_len<=0)||(tkt_len>MAX_KTXT_LEN))
- return(KFAILURE);
-
- if (i < KRB_SENDAUTH_VLEN) {
- /* since we already got the space, and part of the ticket,
- we read fewer bytes to get the rest of the ticket */
- if (krb_net_read(fd, (char *)(tmp_buf+KRB_SENDAUTH_VLEN),
- (int) (tkt_len - KRB_SENDAUTH_VLEN + 1 + i))
- != (int)(tkt_len - KRB_SENDAUTH_VLEN + 1 + i))
- return(errno);
- } else {
- if (krb_net_read(fd, (char *)(tmp_buf+i), (int)tkt_len) !=
- (int) tkt_len)
- return(errno);
- }
- ticket->length = tkt_len;
- /* copy the ticket into the struct */
- (void) memcpy((char *) ticket->dat, cp, ticket->length);
-
- } else {
- /* read the application version string */
- if (krb_net_read(fd, version, KRB_SENDAUTH_VLEN) !=
- KRB_SENDAUTH_VLEN)
- return(errno);
- version[KRB_SENDAUTH_VLEN] = '\0';
-
- /* get the length of the ticket */
- if (krb_net_read(fd, (char *)&tkt_len, sizeof(tkt_len)) !=
- sizeof(tkt_len))
- return(errno);
-
- /* sanity check */
- ticket->length = ntohl((unsigned long)tkt_len);
- if ((ticket->length <= 0) || (ticket->length > MAX_KTXT_LEN)) {
- if (options & KOPT_DO_MUTUAL) {
- rem = KFAILURE;
- goto mutual_fail;
- } else
- return(KFAILURE); /* XXX there may still be junk on the fd? */
- }
-
- /* read the ticket */
- if (krb_net_read(fd, (char *) ticket->dat, ticket->length)
- != ticket->length)
- return(errno);
- }
- /*
- * now have the ticket. decrypt it to get the authenticated
- * data.
- */
- rem = krb_rd_req(ticket,service,instance,faddr->sin_addr.s_addr,
- kdata,filename);
-
- if (old_vers) return(rem); /* XXX can't do mutual with old client */
-
- /* if we are doing mutual auth, compose a response */
- if (options & KOPT_DO_MUTUAL) {
- if (rem != KSUCCESS) {
-#ifdef EBUG
- ERROR(rem)
-#endif
- /* the krb_rd_req failed */
- goto mutual_fail;
- }
-
- /* add one to the (formerly) sealed checksum, and re-seal it
- for return to the client */
- cksum = kdata->checksum + 1;
- cksum = htonl(cksum);
-#ifndef NOENCRYPTION
- key_sched(kdata->session,schedule);
-#endif /* !NOENCRYPTION */
- priv_len = krb_mk_priv((unsigned char *)&cksum,
- tmp_buf,
- (unsigned long) sizeof(cksum),
- schedule,
- kdata->session,
- laddr,
- faddr);
- if (priv_len < 0) {
- /* re-sealing failed; notify the client */
- rem = KFAILURE; /* XXX */
-mutual_fail:
- priv_len = -1;
- tkt_len = htonl((unsigned long) priv_len);
- /* a length of -1 is interpreted as an authentication
- failure by the client */
- if ((cc = krb_net_write(fd, (char *)&tkt_len, sizeof(tkt_len)))
- != sizeof(tkt_len))
- return(cc);
- return(rem);
- } else {
- /* re-sealing succeeded, send the private message */
- tkt_len = htonl((unsigned long)priv_len);
- if ((cc = krb_net_write(fd, (char *)&tkt_len, sizeof(tkt_len)))
- != sizeof(tkt_len))
- return(cc);
- if ((cc = krb_net_write(fd, (char *)tmp_buf, (int) priv_len))
- != (int) priv_len)
- return(cc);
- }
- }
- return(rem);
-}
+++ /dev/null
-/*
- * lib/krb425/sendauth.c
- *
- * Copyright 1987,1988,1990 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- */
-
-
-#include "krb425.h"
-
-#include <sys/types.h>
-#include <syslog.h>
-#include <errno.h>
-#include <stdio.h>
-#include <string.h>
-
-#define KRB_SENDAUTH_VERS "AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN chars */
-/*
- * If the protocol changes, you will need to change the version string
- * and make appropriate changes in krb_recvauth.c
- */
-
-extern int errno;
-
-extern char *krb_get_phost();
-
-/*
- * This file contains two routines: krb_sendauth() and krb_sendsrv().
- *
- * krb_sendauth() transmits a ticket over a file descriptor for a
- * desired service, instance, and realm, doing mutual authentication
- * with the server if desired.
- *
- * krb_sendsvc() sends a service name to a remote knetd server.
- */
-
-/*
- * The first argument to krb_sendauth() contains a bitfield of
- * options (the options are defined in "krb.h"):
- *
- * KOPT_DONT_CANON Don't canonicalize instance as a hostname.
- * (If this option is not chosen, krb_get_phost()
- * is called to canonicalize it.)
- *
- * KOPT_DONT_MK_REQ Don't request server ticket from Kerberos.
- * A ticket must be supplied in the "ticket"
- * argument.
- * (If this option is not chosen, and there
- * is no ticket for the given server in the
- * ticket cache, one will be fetched using
- * krb_mk_req() and returned in "ticket".)
- *
- * KOPT_DO_MUTUAL Do mutual authentication, requiring that the
- * receiving server return the checksum+1 encrypted
- * in the session key. The mutual authentication
- * is done using krb_mk_priv() on the other side
- * (see "recvauth.c") and krb_rd_priv() on this
- * side.
- *
- * The "fd" argument is a file descriptor to write to the remote
- * server on. The "ticket" argument is used to store the new ticket
- * from the krb_mk_req() call. If the KOPT_DONT_MK_REQ options is
- * chosen, the ticket must be supplied in the "ticket" argument.
- * The "service", "inst", and "realm" arguments identify the ticket.
- * If "realm" is null, the local realm is used.
- *
- * The following arguments are only needed if the KOPT_DO_MUTUAL option
- * is chosen:
- *
- * The "checksum" argument is a number that the server will add 1 to
- * to authenticate itself back to the client; the "msg_data" argument
- * holds the returned mutual-authentication message from the server
- * (i.e., the checksum+1); the "cred" structure is used to hold the
- * session key of the server, extracted from the ticket file, for use
- * in decrypting the mutual authentication message from the server;
- * and "schedule" holds the key schedule for that decryption. The
- * the local and server addresses are given in "laddr" and "faddr".
- *
- * The application protocol version number (of up to KRB_SENDAUTH_VLEN
- * characters) is passed in "version".
- *
- * If all goes well, KSUCCESS is returned, otherwise some error code.
- *
- * The format of the message sent to the server is:
- *
- * Size Variable Field
- * ---- -------- -----
- *
- * KRB_SENDAUTH_VLEN KRB_SENDAUTH_VER sendauth protocol
- * bytes version number
- *
- * KRB_SENDAUTH_VLEN version application protocol
- * bytes version number
- *
- * 4 bytes ticket->length length of ticket
- *
- * ticket->length ticket->dat ticket itself
- */
-
-/*
- * XXX: Note that krb_rd_priv() is coded in such a way that
- * "msg_data->app_data" will be pointing into "priv_buf", which
- * will disappear when krb_sendauth() returns.
- */
-
-int
-krb_sendauth(options, fd, ticket, service, inst, realm, checksum,
- msg_data, cred, schedule, laddr, faddr, version)
-long options; /* bit-pattern of options */
-int fd; /* file descriptor to write onto */
-KTEXT ticket; /* where to put ticket (return); or
- * supplied in case of KOPT_DONT_MK_REQ */
-char *service, *inst, *realm; /* service name, instance, realm */
-u_long checksum; /* checksum to include in request */
-MSG_DAT *msg_data; /* mutual auth MSG_DAT (return) */
-CREDENTIALS *cred; /* credentials (return) */
-Key_schedule schedule; /* key schedule (return) */
-struct sockaddr_in *laddr; /* local address */
-struct sockaddr_in *faddr; /* address of foreign host on fd */
-char *version; /* version string */
-{
- int rem, i, cc;
- char srv_inst[INST_SZ];
- char krb_realm[REALM_SZ];
- char buf[BUFSIZ];
- long tkt_len;
- u_char priv_buf[1024];
- u_long cksum;
-
- rem=KSUCCESS;
-
- /* get current realm if not passed in */
- if (!realm) {
- rem = krb_get_lrealm(krb_realm,1);
- if (rem != KSUCCESS)
- return(rem);
- realm = krb_realm;
- }
-
- /* copy instance into local storage, canonicalizing if desired */
- if (options & KOPT_DONT_CANON)
- (void) strncpy(srv_inst, inst, INST_SZ);
- else
- (void) strncpy(srv_inst, krb_get_phost(inst), INST_SZ);
-
- /* get the ticket if desired */
- if (!(options & KOPT_DONT_MK_REQ)) {
- rem = krb_mk_req(ticket, service, srv_inst, realm, checksum);
- if (rem != KSUCCESS)
- return(rem);
- }
-
- /* if mutual auth, get credentials so we have service session
- keys for decryption below */
- if (options & KOPT_DO_MUTUAL)
- if (cc = krb_get_cred(service, srv_inst, realm, cred))
- return(cc);
-
- /* zero the buffer */
- (void) memset(buf, 0, BUFSIZ);
-
- /* insert version strings */
- (void) strncpy(buf, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN);
- (void) strncpy(buf+KRB_SENDAUTH_VLEN, version, KRB_SENDAUTH_VLEN);
-
- /* increment past vers strings */
- i = 2*KRB_SENDAUTH_VLEN;
-
- /* put ticket length into buffer */
- tkt_len = htonl((unsigned long) ticket->length);
- (void) memcpy(buf+i, (char *) &tkt_len, sizeof(tkt_len));
- i += sizeof(tkt_len);
-
- /* put ticket into buffer */
- (void) memcpy(buf+i, (char *) ticket->dat, ticket->length);
- i += ticket->length;
-
- /* write the request to the server */
- if ((cc = krb_net_write(fd, buf, i)) != i)
- return(cc);
-
- /* mutual authentication, if desired */
- if (options & KOPT_DO_MUTUAL) {
- int r;
- /* get the length of the reply */
- if ((r = krb_net_read(fd, (char *) &tkt_len, sizeof(tkt_len))) !=
- sizeof(tkt_len)) {
-#ifdef EBUG
- EPRINT "krb_net_read(%d, tkt_len, %d) returns %d\n",
- fd, sizeof(tkt_len), r);
- ERROR(errno);
-#endif
- return(errno);
- }
- tkt_len = ntohl((unsigned long)tkt_len);
-
- /* if the length is negative, the server failed to recognize us. */
- if ((tkt_len < 0) || (tkt_len > sizeof(priv_buf)))
- return(KFAILURE); /* XXX */
- /* read the reply... */
- if (krb_net_read(fd, (char *)priv_buf, (int) tkt_len) != (int) tkt_len)
- return(errno);
-
- /* ...and decrypt it */
-#ifndef NOENCRYPTION
- key_sched(cred->session, schedule);
-#endif /* !NOENCRYPTION */
- if (cc = krb_rd_priv(priv_buf,(unsigned long) tkt_len, schedule,
- cred->session, faddr, laddr, msg_data))
- return(cc);
-
- /* fetch the (modified) checksum */
- (void) memcpy((char *)&cksum, (char *)msg_data->app_data,
- sizeof(cksum));
- cksum = ntohl(cksum);
-
- /* if it doesn't match, fail */
- if (cksum != checksum + 1)
- return(KFAILURE); /* XXX */
- }
- return(KSUCCESS);
-}
-
-#ifdef ATHENA_COMPAT
-/*
- * krb_sendsvc
- */
-
-int
-krb_sendsvc(fd, service)
-int fd;
-char *service;
-{
- /* write the service name length and then the service name to
- the fd */
- long serv_length;
- int cc;
-
- serv_length = htonl((unsigned long)strlen(service));
- if ((cc = krb_net_write(fd, (char *) &serv_length,
- sizeof(serv_length)))
- != sizeof(serv_length))
- return(cc);
- if ((cc = krb_net_write(fd, service, strlen(service)))
- != strlen(service))
- return(cc);
- return(KSUCCESS);
-}
-#endif /* ATHENA_COMPAT */
+++ /dev/null
-/*
- * lib/krb425/set_key.c
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * krb_set_key for krb425
- */
-
-
-#include "krb425.h"
-
-int
-krb_set_key(key, cvt)
-char *key;
-int cvt;
-{
- if (cvt) {
- if (_krb425_servkey.contents)
- krb5_xfree(_krb425_servkey.contents);
- mit_des_string_to_key(KEYTYPE_DES, &_krb425_servkey, 0, 0);
- } else {
- if (!_krb425_servkey.contents &&
- !(_krb425_servkey.contents = (krb5_octet *)malloc(8))) {
- return(KFAILURE);
- }
- _krb425_servkey.length = 8;
- _krb425_servkey.keytype = KEYTYPE_DES;
- memcpy((char *)_krb425_servkey.contents, (char *)key, 8);
- }
- return(KSUCCESS);
-}
projects / krb5.git / commitdiff