* adm_process.c, adm_kadmin.c, adm_adm_func.c, adm_kpasswd.c,
authorChris Provenzano <proven@mit.edu>
Mon, 27 Mar 1995 14:47:28 +0000 (14:47 +0000)
committerChris Provenzano <proven@mit.edu>
Mon, 27 Mar 1995 14:47:28 +0000 (14:47 +0000)
* adm_funcs, adm_nego.c adm_extern.c and adm_listen.c
                Use new calling convention for krb5_recvauth(), krb5_mk_priv(),
                krb5_rd_priv(), krb5_mk_safe(), and krb5_rd_safe().
(Redid many of the internal functions to accomidate new a
uth_context structure and remove old unnecessary structures.)

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5262 dc483132-0cff-0310-8789-dd5450dbe970

src/kadmin/server/ChangeLog
src/kadmin/server/adm_adm_func.c
src/kadmin/server/adm_extern.c
src/kadmin/server/adm_extern.h
src/kadmin/server/adm_funcs.c
src/kadmin/server/adm_kadmin.c
src/kadmin/server/adm_kpasswd.c
src/kadmin/server/adm_listen.c
src/kadmin/server/adm_nego.c
src/kadmin/server/adm_process.c

index 2d34d2c13d2e18110cfc930624ca477712a5e526..8cf428b4b64b28fe8987dfa0aafde901548e2873 100644 (file)
@@ -1,3 +1,13 @@
+
+Mon Mar 27 07:56:26 1995 Chris Provenzano (proven@mit.edu)
+
+        * adm_process.c, adm_kadmin.c, adm_adm_func.c, adm_kpasswd.c, 
+       * adm_funcs, adm_nego.c adm_extern.c and adm_listen.c
+                Use new calling convention for krb5_recvauth(), krb5_mk_priv(),
+                krb5_rd_priv(), krb5_mk_safe(), and krb5_rd_safe().
+               (Redid many of the internal functions to accomidate new a
+               uth_context structure and remove old unnecessary structures.)
+
 Fri Mar 24 14:38:06 1995    <tytso@rsx-11.mit.edu>
 
        * adm_network.c (setup_network): If /etc/services doesn't have the
index 7da1dd3c3fdb18be5d05b4a11cb2241b01db14c1..8fd57b6e8203c3c02afb3173ad1742d31ddc4836 100644 (file)
@@ -46,14 +46,14 @@ extern int classification;
 #endif
 
 krb5_error_code
-adm_build_key (context, newprinc, client_creds, new_passwd, oper_type, entry)
+adm_build_key (context, auth_context, new_passwd, oper_type, entry)
     krb5_context context;
-    krb5_principal newprinc;
-    krb5_ticket *client_creds;
+    krb5_auth_context * auth_context;
     char *new_passwd;
     int oper_type;
     krb5_db_entry entry;
 {
+    krb5_replay_data replaydata;
     krb5_data outbuf;
     int retval;
 #if defined(MACH_PASS) || defined(SANDIA)
@@ -114,16 +114,8 @@ adm_build_key (context, newprinc, client_creds, new_passwd, oper_type, entry)
 #endif
 
     /* Encrypt Password and Phrase */
-    if (retval = krb5_mk_priv(context, &outbuf,
-                             ETYPE_DES_CBC_CRC,
-                             client_creds->enc_part2->session,
-                             &client_server_info.server_addr,
-                             &client_server_info.client_addr,
-                             send_seqno,
-                             KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
-                             0,
-                             0,
-                             &msg_data)) {
+    if (retval = krb5_mk_priv(context, auth_context, &outbuf,
+                             &msg_data, &replaydata)) {
        com_err("adm_build_key", retval, "during mk_priv");
 #if defined(MACH_PASS) || defined(SANDIA)
        free(tmp_passwd);
@@ -159,15 +151,8 @@ adm_build_key (context, newprinc, client_creds, new_passwd, oper_type, entry)
     }
     
     /* Decrypt Client Response */
-    if (retval = krb5_rd_priv(context, &inbuf,
-                             client_creds->enc_part2->session,
-                             &client_server_info.client_addr,
-                             &client_server_info.server_addr,
-                             recv_seqno,
-                             KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
-                             0,
-                             0,
-                             &msg_data)) {
+    if (retval = krb5_rd_priv(context, auth_context, &inbuf,
+                             &msg_data, &replaydata)) {
        syslog(LOG_ERR | LOG_INFO, "adm_build_key krb5_rd_priv error");
        free(inbuf.data);
        return(5);              /* Protocol Failure */
@@ -184,11 +169,11 @@ adm_build_key (context, newprinc, client_creds, new_passwd, oper_type, entry)
 
 /*     kadmin change password request  */
 krb5_error_code
-adm_change_pwd(context, prog, customer_name, client_creds, salttype)
+adm_change_pwd(context, auth_context, prog, customer_name, salttype)
     krb5_context context;
+    krb5_auth_context * auth_context;
     char *prog;
     char *customer_name;
-    krb5_ticket *client_creds;
     int salttype;
 {
     krb5_db_entry entry;
@@ -227,8 +212,8 @@ adm_change_pwd(context, prog, customer_name, client_creds, salttype)
     
     oper_type = (salttype == KRB5_KDB_SALTTYPE_NORMAL) ? CHGOPER : CH4OPER;
 
-    if (retval = adm_build_key(context, newprinc, client_creds
-                              new_passwd, oper_type, entry)) {
+    if (retval = adm_build_key(context, auth_context, new_passwd
+                              oper_type, entry)) {
        krb5_free_principal(context, newprinc);
        krb5_db_free_principal(context, &entry, nprincs);
        free(new_passwd);
@@ -258,11 +243,10 @@ adm_change_pwd(context, prog, customer_name, client_creds, salttype)
 
 /* kadmin add new random key function */
 krb5_error_code
-adm_change_pwd_rnd(context, cmdname, customer_name, client_creds)
+adm_change_pwd_rnd(context, cmdname, customer_name)
     krb5_context context;
     char *cmdname;
     char *customer_name;
-    krb5_ticket *client_creds;
 {
     krb5_db_entry entry;
     int nprincs = 1;
@@ -309,11 +293,11 @@ adm_change_pwd_rnd(context, cmdname, customer_name, client_creds)
 
 /* kadmin add new key function */
 krb5_error_code
-adm_add_new_key(context, cmdname, customer_name, client_creds, salttype)
+adm_add_new_key(context, auth_context, cmdname, customer_name, salttype)
     krb5_context context;
+    krb5_auth_context *auth_context;
     char *cmdname;
     char *customer_name;
-    krb5_ticket *client_creds;
     int salttype;
 {
     krb5_db_entry entry;
@@ -356,11 +340,8 @@ adm_add_new_key(context, cmdname, customer_name, client_creds, salttype)
        return(3);              /* No Memory */
     }
     
-    if (retval = adm_build_key(context, newprinc, 
-                              client_creds, 
-                              new_passwd, 
-                              ADDOPER,
-                              entry)) {
+    if (retval = adm_build_key(context, auth_context, new_passwd, 
+                              ADDOPER, entry)) {
        krb5_free_principal(context, newprinc);
        krb5_db_free_principal(context, &entry, nprincs);
        free(new_passwd);
@@ -385,11 +366,10 @@ adm_add_new_key(context, cmdname, customer_name, client_creds, salttype)
 
 /* kadmin add new random key function */
 krb5_error_code
-adm_add_new_key_rnd(context, cmdname, customer_name, client_creds)
+adm_add_new_key_rnd(context, cmdname, customer_name)
     krb5_context context;
     char *cmdname;
     char *customer_name;
-    krb5_ticket *client_creds;
 {
     krb5_db_entry entry;
     int nprincs = 1;
@@ -488,12 +468,13 @@ adm_del_old_key(context, cmdname, customer_name)
 
 /* kadmin modify existing Principal function */
 krb5_error_code
-adm_mod_old_key(context, cmdname, customer_name, client_creds)
+adm_mod_old_key(context, auth_context, cmdname, customer_name)
     krb5_context context;
+    krb5_auth_context * auth_context;
     char *cmdname;
     char *customer_name;
-    krb5_ticket *client_creds;
 {
+    krb5_replay_data replaydata;
     krb5_db_entry entry;
     int nprincs = 1;
     extern int errno;
@@ -540,16 +521,8 @@ adm_mod_old_key(context, cmdname, customer_name, client_creds)
        outbuf.data[1] = MODOPER;
        outbuf.data[2] = SENDDATA3;
        
-       if (retval = krb5_mk_priv(context, &outbuf,
-                                 ETYPE_DES_CBC_CRC,
-                                 client_creds->enc_part2->session,
-                                 &client_server_info.server_addr,
-                                 &client_server_info.client_addr,
-                                 send_seqno,
-                                 KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
-                                 0,
-                                 0,
-                                 &msg_data)) {
+       if (retval = krb5_mk_priv(context, auth_context, &outbuf,
+                                 &msg_data, &replaydata)) {
            krb5_free_principal(context, newprinc);
            krb5_db_free_principal(context, &entry, nprincs);
            com_err("adm_mod_old_key", retval, "during mk_priv");
@@ -579,15 +552,8 @@ adm_mod_old_key(context, cmdname, customer_name, client_creds)
        }
        
        /* Decrypt Client Response */
-       if (retval = krb5_rd_priv(context, &inbuf,
-                                 client_creds->enc_part2->session,
-                                 &client_server_info.client_addr,
-                                 &client_server_info.server_addr,
-                                 recv_seqno,
-                                 KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
-                                 0,
-                                 0,
-                                 &msg_data)) {
+       if (retval = krb5_rd_priv(context, auth_context, &inbuf,
+                                 &msg_data, &replaydata)) {
            com_err("adm_mod_old_key", retval, "krb5_rd_priv error %s",
                    error_message(retval));
            free(inbuf.data);
@@ -698,15 +664,8 @@ adm_mod_old_key(context, cmdname, customer_name, client_creds)
     }
     
     /* Decrypt Client Response */
-    if (retval = krb5_rd_priv(context, &inbuf,
-                             client_creds->enc_part2->session,
-                             &client_server_info.client_addr,
-                             &client_server_info.server_addr,
-                             recv_seqno,
-                             KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
-                             0,
-                             0,
-                             &msg_data)) {
+    if (retval = krb5_rd_priv(context, auth_context, &inbuf,
+                             &msg_data, &replaydata)) {
        com_err("adm_mod_old_key", retval, "krb5_rd_priv error %s",
                error_message(retval));
        free(inbuf.data);
@@ -721,12 +680,13 @@ adm_mod_old_key(context, cmdname, customer_name, client_creds)
 
 /* kadmin inquire existing Principal function */
 krb5_error_code
-adm_inq_old_key(context, cmdname, customer_name, client_creds)
+adm_inq_old_key(context, auth_context, cmdname, customer_name)
     krb5_context context;
+    krb5_auth_context * auth_context;
     char *cmdname;
     char *customer_name;
-    krb5_ticket *client_creds;
 {
+    krb5_replay_data replaydata;
     krb5_db_entry entry;
     int nprincs = 1;
     
@@ -782,16 +742,8 @@ adm_inq_old_key(context, cmdname, customer_name, client_creds)
     free(fullname);
     
     /* Encrypt Inquiry Data */
-    if (retval = krb5_mk_priv(context, &outbuf,
-                             ETYPE_DES_CBC_CRC,
-                             client_creds->enc_part2->session,
-                             &client_server_info.server_addr,
-                             &client_server_info.client_addr,
-                             send_seqno,
-                             KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
-                             0,
-                             0,
-                             &msg_data)) {
+    if (retval = krb5_mk_priv(context, auth_context, &outbuf,
+                             &msg_data, &replaydata)) {
        com_err("adm_inq_old_key", retval, "during mk_priv");
        free(outbuf.data);
        return(5);              /* Protocol Failure */
@@ -816,15 +768,8 @@ adm_inq_old_key(context, cmdname, customer_name, client_creds)
     }
     
     /* Decrypt Client Response */
-    if (retval = krb5_rd_priv(context, &inbuf,
-                             client_creds->enc_part2->session,
-                             &client_server_info.client_addr,
-                             &client_server_info.server_addr,
-                             recv_seqno,
-                             KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
-                             0,
-                             0,
-                             &msg_data)) {
+    if (retval = krb5_rd_priv(context, auth_context, &inbuf,
+                             &msg_data, &replaydata)) {
        com_err("adm_inq_old_key", retval, "krb5_rd_priv error %s",
                error_message(retval));
        free(inbuf.data);
index ca27149e69db5b32660b8f1c463ddaed58d04b42..5bcf5e58e453ae9b1ab8f508e32eca18fab39aff 100644 (file)
@@ -45,7 +45,6 @@ krb5_data inbuf;
 krb5_data msg_data;
 
 int send_seqno;
-int recv_seqno;
 
 /*
 static krb5_data tgs_name = {KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME};
index fb43d37f09e57f7755beb1ef901d7ef38c04c6b6..d5c4cafe521f3ec43ebca7c762467ddf179ae8d8 100644 (file)
@@ -71,7 +71,6 @@ extern int adm5_ver_len;
 extern int adm_debug_flag;
 
 extern int send_seqno;
-extern int recv_seqno;
 
 extern int exit_now;
 
@@ -89,37 +88,34 @@ extern char *kadmind_kadmin_response[];
 
 krb5_error_code adm_build_key
        PROTOTYPE((krb5_context,
-                  krb5_principal,
-                  krb5_ticket *,
+                  krb5_auth_context *,
                   char *,
                   int,
                   krb5_db_entry));
 
 krb5_error_code adm_change_pwd
        PROTOTYPE((krb5_context,
+                  krb5_auth_context *,
                   char *,
                   char *,
-                  krb5_ticket *,
                   int));
 
 krb5_error_code adm_change_pwd_rnd
        PROTOTYPE((krb5_context,
                   char *,
-                  char *,
-                  krb5_ticket *));
+                  char *));
 
 krb5_error_code adm_add_new_key
        PROTOTYPE((krb5_context,
+                  krb5_auth_context *,
                   char *,
                   char *,
-                  krb5_ticket *,
                   int));
 
 krb5_error_code adm_add_new_key_rnd
        PROTOTYPE((krb5_context, 
                   char *,
-                  char *,
-                  krb5_ticket *));
+                  char *));
 
 krb5_error_code adm_del_old_key
        PROTOTYPE((krb5_context,
@@ -128,15 +124,15 @@ krb5_error_code adm_del_old_key
 
 krb5_error_code adm_mod_old_key
        PROTOTYPE((krb5_context,
+                  krb5_auth_context *,
                   char *,
-                  char *,
-                  krb5_ticket* ));
+                  char *));
 
 krb5_error_code adm_inq_old_key
        PROTOTYPE((krb5_context, 
+                  krb5_auth_context *,
                   char *,
-                  char *,
-                  krb5_ticket *));
+                  char *));
 
 krb5_error_code adm_print_exp_time
        PROTOTYPE((krb5_context, 
@@ -159,30 +155,21 @@ krb5_error_code adm_enter_rnd_pwd_key
 
 krb5_error_code adm5_kadmin
        PROTOTYPE((krb5_context,
+                  krb5_auth_context *,
                   char *,  
-                  krb5_authenticator *,
-                  krb5_ticket *,
                   char *,
                   int *));
 
 krb5_error_code adm_negotiate_key
        PROTOTYPE((krb5_context,
+                  krb5_auth_context *,
                   char const *,
-                  krb5_ticket *,
                   char *));
 
 krb5_error_code setup_network
        PROTOTYPE((krb5_context,
                   const char *));
 
-krb5_error_code cpw_keyproc
-       PROTOTYPE((krb5_context, 
-                  krb5_pointer,
-                  krb5_principal,
-                  krb5_kvno,
-                  krb5_keytype,
-                  krb5_keyblock **));
-
 krb5_error_code process_client
        PROTOTYPE((krb5_context, 
                   char *));
@@ -226,9 +213,9 @@ krb5_error_code adm_enter_pwd_key
 
 krb5_error_code adm5_change
        PROTOTYPE((krb5_context,
+                  krb5_auth_context *,
                   char *,
-                  krb5_principal ,
-                  krb5_ticket *));
+                  krb5_principal));
 
 int adm5_listen_and_process
        PROTOTYPE((krb5_context,
@@ -236,9 +223,9 @@ int adm5_listen_and_process
 
 krb5_error_code adm5_kpasswd
        PROTOTYPE((krb5_context,
+                  krb5_auth_context *,
                   char *,
                   kadmin_requests *,
-                  krb5_ticket *,
                   char *,
                   int *));
 
index 5f86e1c24398efea4b5daa807a531e71371caeec..7d61c7e0673478a754a8bcc99af46b24b8fc284e 100644 (file)
@@ -403,11 +403,11 @@ cleanup:
 }
 
 krb5_error_code
-adm5_change(context, prog, newprinc, client_creds)
+adm5_change(context, auth_context, prog, newprinc)
     krb5_context context;
+    krb5_auth_context * auth_context;
     char *prog;
     krb5_principal newprinc;
-    krb5_ticket *client_creds;
 {
     krb5_db_entry entry;
     int nprincs = 1;
@@ -426,7 +426,7 @@ adm5_change(context, prog, newprinc, client_creds)
     memset((char *) new_passwd, 0, ADM_MAX_PW_LENGTH + 1);
 
                /* Negotiate for New Key */
-    if (retval = adm_negotiate_key(context, "adm5_change", client_creds,
+    if (retval = adm_negotiate_key(context, auth_context, "adm5_change", 
                                   new_passwd)) {
        krb5_db_free_principal(context, &entry, nprincs);
        krb5_free_principal(context, newprinc);
index e58774b541a5f1190364a2ad623bd80167f4a3b5..556c357398d9aa9fbaac4fa171bdd52a23a83798 100644 (file)
 #include "adm_extern.h"
  
 krb5_error_code
-adm5_kadmin(context, prog, client_auth_data, client_creds, retbuf, otype)
+adm5_kadmin(context, auth_context, prog, retbuf, otype)
     krb5_context context;
+    krb5_auth_context * auth_context;
     char *prog;
-    krb5_authenticator *client_auth_data;
-    krb5_ticket *client_creds;
     char *retbuf;              /* Allocated in Calling Routine */
     int *otype;
 {
+    krb5_replay_data replaydata;
     krb5_error_code retval;
     kadmin_requests request_type;
     krb5_data msg_data, outbuf, inbuf;
@@ -62,16 +62,8 @@ adm5_kadmin(context, prog, client_auth_data, client_creds, retbuf, otype)
        retbuf[2] = SENDDATA2;
        outbuf.length = 3;
 
-       retval = krb5_mk_priv(context, &outbuf,
-                       ETYPE_DES_CBC_CRC,
-                       client_creds->enc_part2->session,
-                       &client_server_info.server_addr,
-                       &client_server_info.client_addr,
-                       send_seqno,
-                       KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
-                       0,
-                       0,
-                       &msg_data);
+       retval = krb5_mk_priv(context, auth_context, &outbuf,
+                             &msg_data, &replaydata);
        if (retval ) {
            syslog(LOG_ERR, 
                "adm5_kadmin - Error Performing Acknowledgement mk_priv");
@@ -96,15 +88,8 @@ adm5_kadmin(context, prog, client_auth_data, client_creds, retbuf, otype)
        }
 
                 /* Decrypt Client Response */
-       if ((retval = krb5_rd_priv(context, &inbuf,
-                       client_creds->enc_part2->session,
-                       &client_server_info.client_addr,
-                       &client_server_info.server_addr,
-                       recv_seqno,
-                       KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
-                       0,
-                       0,
-                       &msg_data))) {
+       if ((retval = krb5_rd_priv(context, auth_context, &inbuf,
+                                  &msg_data, &replaydata))) {
            free(inbuf.data);
            syslog(LOG_ERR | LOG_INFO, "Error decoding Username - rd_priv");
            return(5);          /* Protocol Failure */
@@ -165,8 +150,8 @@ adm5_kadmin(context, prog, client_auth_data, client_creds, retbuf, otype)
                }
                *otype = 1;
                salttype = KRB5_KDB_SALTTYPE_NORMAL;
-               retval = adm_add_new_key(context, "adm5_kadmin", customer_name,
-                                        client_creds, salttype);
+               retval = adm_add_new_key(context, auth_context, "adm5_kadmin",
+                                        customer_name, salttype);
                goto process_retval;
 
            case CHGOPER:
@@ -178,8 +163,8 @@ adm5_kadmin(context, prog, client_auth_data, client_creds, retbuf, otype)
                }
                *otype = 2;
                salttype = KRB5_KDB_SALTTYPE_NORMAL;
-               retval = adm_change_pwd(context, "adm5_kadmin", customer_name,
-                                       client_creds, salttype);
+               retval = adm_change_pwd(context, auth_context, "adm5_kadmin",
+                                       customer_name, salttype);
                goto process_retval;
 
            case ADROPER:
@@ -191,7 +176,7 @@ adm5_kadmin(context, prog, client_auth_data, client_creds, retbuf, otype)
                }
                *otype = 3;
                retval = adm_add_new_key_rnd(context, "adm5_kadmin", 
-                                            customer_name, client_creds);
+                                            customer_name);
                goto process_retval;
 
            case CHROPER:
@@ -203,7 +188,7 @@ adm5_kadmin(context, prog, client_auth_data, client_creds, retbuf, otype)
                }
                *otype = 4;
                retval = adm_change_pwd_rnd(context, "adm5_kadmin", 
-                                           customer_name, client_creds);
+                                           customer_name);
                goto process_retval;
 
            case DELOPER:
@@ -225,8 +210,8 @@ adm5_kadmin(context, prog, client_auth_data, client_creds, retbuf, otype)
                    goto process_retval;
                }
                *otype = 6;
-               retval = adm_mod_old_key(context, "adm5_kadmin", customer_name,
-                                        client_creds);
+               retval = adm_mod_old_key(context, auth_context, "adm5_kadmin",
+                                        customer_name);
                goto process_retval;
 
            case INQOPER:
@@ -237,8 +222,8 @@ adm5_kadmin(context, prog, client_auth_data, client_creds, retbuf, otype)
                    goto process_retval;
                }
                *otype = 7;
-               retval = adm_inq_old_key(context, "adm5_kadmin", customer_name,
-                                        client_creds);
+               retval = adm_inq_old_key(context, auth_context, "adm5_kadmin",
+                                        customer_name);
                goto process_retval;
 
            case AD4OPER:
@@ -250,8 +235,8 @@ adm5_kadmin(context, prog, client_auth_data, client_creds, retbuf, otype)
                }
                *otype = 8;
                salttype = KRB5_KDB_SALTTYPE_V4;
-               retval = adm_add_new_key(context, "adm5_kadmin", customer_name,
-                                        client_creds, salttype);
+               retval = adm_add_new_key(context, auth_context, "adm5_kadmin",
+                                        customer_name, salttype);
                goto process_retval;
 
            case CH4OPER:
@@ -263,8 +248,8 @@ adm5_kadmin(context, prog, client_auth_data, client_creds, retbuf, otype)
                }
                *otype = 9;
                salttype = KRB5_KDB_SALTTYPE_V4;
-               retval = adm_change_pwd(context, "adm5_kadmin", customer_name,
-                                       client_creds, salttype);
+               retval = adm_change_pwd(context, auth_context, "adm5_kadmin",
+                                       customer_name, salttype);
                goto process_retval;
 
            default:
@@ -333,22 +318,15 @@ send_last:
        outbuf.length = strlen(retbuf) + 1;
 
                /* Send Completion Message */
-       if (retval = krb5_mk_priv(context, &outbuf,
-                       ETYPE_DES_CBC_CRC,
-                       client_creds->enc_part2->session,
-                       &client_server_info.server_addr,
-                       &client_server_info.client_addr,
-                       send_seqno,
-                       KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
-                       0,
-                       0,
-                       &msg_data)) {
+       if (retval = krb5_mk_priv(context, auth_context, &outbuf,
+                                 &msg_data, &replaydata)) {
            syslog(LOG_ERR, "adm5_kadmin - Error Performing Final mk_priv");
            return(1);
        }
 
                        /* Send Final Reply to Client */
-       if (retval = krb5_write_message(context, &client_server_info.client_socket,
+       if (retval = krb5_write_message(context, 
+                                       &client_server_info.client_socket,
                                        &msg_data)){
            free(msg_data.data);
            syslog(LOG_ERR, "adm5_kadmin - Error Performing Final Write: %s",
index 033533e5532ce31dff5f3ef0f52f0d6addadf192..5ab7c74d35a2af2f063d2325f34660e0ea73151e 100644 (file)
@@ -42,11 +42,11 @@ struct cpw_keyproc_arg {
 };
  
 krb5_error_code
-adm5_kpasswd(context, prog, request_type, client_creds, retbuf, otype)
+adm5_kpasswd(context, auth_context, prog, request_type, retbuf, otype)
     krb5_context context;
+    krb5_auth_context *auth_context;
     char *prog;
     kadmin_requests *request_type;
-    krb5_ticket *client_creds;
     char *retbuf;
     int *otype;
 {
@@ -58,9 +58,8 @@ adm5_kpasswd(context, prog, request_type, client_creds, retbuf, otype)
        *otype = 3;
        syslog(LOG_AUTH | LOG_INFO,
               "adm_kpasswd: kpasswd change received");
-       retval = adm5_change(context, "adm5_kpasswd", 
-                            client_server_info.client,
-                            client_creds);
+       retval = adm5_change(context, auth_context, "adm5_kpasswd", 
+                            client_server_info.client);
 
        switch(retval) {
        case 0:
index d1b8d9a55a37505e4c4c6873cdbfda849b994226..a784b306bc2fb964bb971cd88a4c27f16ff5efb1 100644 (file)
@@ -151,7 +151,8 @@ adm5_listen_and_process(context, prog)
                }
                
                if (adm_debug_flag) {
-                       retval = process_client(context, "adm5_listen_and_process");
+                       retval = process_client(context, 
+                                               "adm5_listen_and_process");
                        exit(retval);
                }
                        
@@ -160,7 +161,8 @@ adm5_listen_and_process(context, prog)
                        /* child */
                        (void) close(client_server_info.server_socket);
 
-                       retval = process_client(context, "adm5_listen_and_process");
+                       retval = process_client(context, 
+                                               "adm5_listen_and_process");
                        exit(retval);
                } else {
                        /* parent */
index d7c09b63345b650c3987db2f6be6bfbbd7b280e3..abde3419a2c00eecaae19f630b17b5fcd70af6ac 100644 (file)
 #include "adm_extern.h"
 
 krb5_error_code
-adm_negotiate_key(context, prog, client_creds, new_passwd)
+adm_negotiate_key(context, auth_context, prog, new_passwd)
     krb5_context context;
+    krb5_auth_context *auth_context;
     char const * prog;
-    krb5_ticket * client_creds;
     char * new_passwd;
 {
+   krb5_replay_data replaydata;
    krb5_data msg_data, inbuf;
    krb5_error_code retval;
 #if defined(MACH_PASS) || defined(SANDIA) /* Machine-generated passwords. */
@@ -221,16 +222,8 @@ adm_negotiate_key(context, prog, client_creds, new_passwd)
     free_phrases();
 
                /* Encrypt Password/Phrases Encoding */
-    retval = krb5_mk_priv(context, encoded_pw_string,
-                       ETYPE_DES_CBC_CRC,
-                       client_creds->enc_part2->session, 
-                       &client_server_info.server_addr, 
-                       &client_server_info.client_addr,
-                       send_seqno,
-                       KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
-                       0,
-                       0,
-                       &msg_data);
+    retval = krb5_mk_priv(context, auth_context, encoded_pw_string,
+                         &msg_data, &replaydata);
     if (retval ) {
        free_passwds();
        free_pwd_and_phrase_structures();
@@ -266,15 +259,8 @@ adm_negotiate_key(context, prog, client_creds, new_passwd)
     }
 
                /* Decrypt Client Response */
-    if ((retval = krb5_rd_priv(context, &inbuf,
-                       client_creds->enc_part2->session,
-                       &client_server_info.client_addr,
-                       &client_server_info.server_addr, 
-                       recv_seqno,
-                       KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
-                       0,
-                       0,
-                       &msg_data))) {
+    if ((retval = krb5_rd_priv(context, auth_context, &inbuf,
+                              &msg_data, &replaydata))) {
        free(inbuf.data);
 #if defined(MACH_PASS) || defined(SANDIA)
        free_passwds();
index 786c6898c03e825ddf9d695b93a3209c75d77b16..ab9add4ef29e18aecfa9a3075fc5fc1975ac82ff 100644 (file)
 extern krb5_encrypt_block master_encblock;
 extern krb5_keyblock master_keyblock;
 
-struct cpw_keyproc_arg {
-    krb5_keyblock *key;
-};
-
-krb5_error_code
-cpw_keyproc(context, keyprocarg, server, key_vno, keytype, key)
+static krb5_error_code
+cpw_keyproc(context, keyblock)
     krb5_context context;
-    krb5_pointer keyprocarg;
-    krb5_principal server;
-    krb5_kvno key_vno;
-    krb5_keytype keytype;
-    krb5_keyblock ** key;
+    krb5_keyblock ** keyblock;
 {
     krb5_error_code retval;
     krb5_db_entry cpw_entry;
     krb5_principal cpw_krb;
     krb5_keyblock *realkey;
-
-    struct cpw_keyproc_arg *arg;
-
     krb5_boolean more;
-
     int nprincs = 1;
 
-    arg = ( struct cpw_keyproc_arg *) keyprocarg;
-
-    if (arg->key) {
-       retval = krb5_copy_keyblock(context, arg->key, key);
-       if (retval)
-           return retval;
-    } else {
-       if (retval = krb5_parse_name(context, client_server_info.name_of_service, 
+    if (*keyblock == NULL) {
+       if (retval = krb5_parse_name(context, 
+                                    client_server_info.name_of_service, 
                                     &cpw_krb)) {
             syslog(LOG_ERR, 
                   "cpw_keyproc %d while attempting to parse \"%s\"",
@@ -77,7 +60,7 @@ cpw_keyproc(context, keyprocarg, server, key_vno, keytype, key)
        }
 
        if (retval = krb5_db_get_principal(context, cpw_krb, &cpw_entry, 
-                       &nprincs, &more)) {
+                                          &nprincs, &more)) {
             syslog(LOG_ERR, 
                   "cpw_keyproc %d while extracting %s entry",
                   client_server_info.name_of_service, retval);
@@ -107,9 +90,8 @@ cpw_keyproc(context, keyprocarg, server, key_vno, keytype, key)
            exit(retval);
        }
 
-       *key = realkey;
+       *keyblock = realkey;
     }
-
     return(0);
 }
 
@@ -120,18 +102,19 @@ process_client(context, prog)
 {
     krb5_error_code retval;
 
-    struct cpw_keyproc_arg cpw_key;
+    krb5_keyblock  * cpw_keyblock = NULL;
 
     int on = 1;
     krb5_db_entry server_entry;
 
-    krb5_ticket *client_creds;
-    krb5_authenticator *client_auth_data;
     char retbuf[512];
 
     krb5_data final_msg;
     char completion_msg[520];
     kadmin_requests request_type;
+    krb5_auth_context *auth_context = NULL;
+    krb5_ticket * client_ticket = NULL;
+    krb5_replay_data replaydata;
 
     int number_of_entries;
     krb5_boolean more;
@@ -196,7 +179,7 @@ process_client(context, prog)
        exit(0);
     }
 
-    if ((cpw_key.key = (krb5_keyblock *) calloc (1, 
+    if ((cpw_keyblock = (krb5_keyblock *) calloc (1, 
                sizeof(krb5_keyblock))) == (krb5_keyblock *) 0) {
        krb5_db_free_principal(context, &server_entry, number_of_entries);
        syslog(LOG_ERR, 
@@ -209,9 +192,9 @@ process_client(context, prog)
     if (retval = krb5_kdb_decrypt_key(context, 
                                      &master_encblock,
                                      &server_entry.key,
-                                     (krb5_keyblock *) cpw_key.key)) {
+                                     cpw_keyblock)) {
        krb5_db_free_principal(context, &server_entry, number_of_entries);
-       free(cpw_key.key);
+       free(cpw_keyblock);
        syslog(LOG_ERR,  
               "kadmind error: Cannot extract kadmin/<realm> from master key");
        close(client_server_info.client_socket);
@@ -250,36 +233,48 @@ process_client(context, prog)
     syslog(LOG_AUTH | LOG_INFO,
        "Request for Administrative Service Received from %s - Authenticating.",
        inet_ntoa( client_server_info.client_name.sin_addr ));
+
+    cpw_keyproc(context, &cpw_keyblock);
        
-    if ((retval = krb5_recvauth(context, 
+    if (krb5_auth_con_init(context, &auth_context))
+        exit(1);
+
+    krb5_auth_con_setflags(context,auth_context,KRB5_AUTH_CONTEXT_RET_SEQUENCE);
+    krb5_auth_con_setaddrs(context, auth_context, 
+                          &client_server_info.server_addr,
+                          &client_server_info.client_addr); 
+    if (krb5_auth_con_setuseruserkey(context, auth_context, cpw_keyblock))
+        exit(1);
+
+    if ((retval = krb5_recvauth(context, &auth_context,
                (krb5_pointer) &client_server_info.client_socket,
                ADM5_CPW_VERSION,
                client_server_info.server,
-               &client_server_info.client_addr,
+               NULL,
                0,
-               cpw_keyproc,
-               (krb5_pointer) &cpw_key,
-               0,
-               0,
-               &send_seqno,
-               &client_server_info.client,
-               &client_creds,
-               &client_auth_data
+               NULL,
+               &client_ticket
                ))) {
        syslog(LOG_ERR, "kadmind error: %s during recvauth\n", 
                        error_message(retval));
        (void) sprintf(retbuf, "kadmind error during recvauth: %s\n", 
                        error_message(retval));
-       krb5_free_keyblock(context, cpw_key.key);
+       krb5_free_keyblock(context, cpw_keyblock);
        goto finish;
     }
-    krb5_free_keyblock(context, cpw_key.key);
+    krb5_free_keyblock(context, cpw_keyblock);
 
+    if (retval = krb5_copy_principal(context, client_ticket->enc_part2->client,
+                                    &client_server_info.client))
+       goto finish;
+                                    
     /* Check if ticket was issued using password (and not tgt)
      * within the last 5 minutes
      */
        
-    if (!(client_creds->enc_part2->flags & TKT_FLG_INITIAL)) {
+    if (!(client_ticket->enc_part2->flags & TKT_FLG_INITIAL)) {
        syslog(LOG_ERR, "Client ticket not initial");
        close(client_server_info.client_socket);
        exit(0);
@@ -291,14 +286,12 @@ process_client(context, prog)
        exit(0);
     }
        
-    if ((adm_time - client_creds->enc_part2->times.authtime) > 60*5) {
+    if ((adm_time - client_ticket->enc_part2->times.authtime) > 60*5) {
        syslog(LOG_ERR, "Client ticket not recent");
        close(client_server_info.client_socket);
        exit(0);
     }
 
-    recv_seqno = client_auth_data->seq_number;
-
     if ((client_server_info.name_of_client =
         (char *) calloc (1, 3 * 255)) == (char *) 0) {
        syslog(LOG_ERR, "kadmind error: No Memory for name_of_client");
@@ -341,15 +334,8 @@ process_client(context, prog)
        goto finish;
     }
 
-    if ((retval = krb5_rd_priv(context, &inbuf, 
-                       client_creds->enc_part2->session,
-                       &client_server_info.client_addr, 
-                       &client_server_info.server_addr,
-                       client_auth_data->seq_number,
-                       KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
-                       0,
-                       0,
-                       &msg_data))) {
+    if ((retval = krb5_rd_priv(context, auth_context, &inbuf, 
+                              &msg_data, &replaydata))) {
        free(inbuf.data);
        syslog(LOG_ERR, "kadmind error: rd_priv:%s\n", error_message(retval));
        goto finish;
@@ -364,16 +350,15 @@ process_client(context, prog)
     switch (request_type.appl_code) {
        case KPASSWD:
            req_type = "kpasswd";
-           if (retval = adm5_kpasswd(context, "process_client", &request_type, 
-                       client_creds, retbuf, &otype)) {
+           if (retval = adm5_kpasswd(context, auth_context, "process_client",
+                                     &request_type, retbuf, &otype)) {
                goto finish;
            }
            break;
 
        case KADMIN:
            req_type = "kadmin";
-           if (retval = adm5_kadmin(context, "process_client", 
-                                    client_auth_data, client_creds, 
+           if (retval = adm5_kadmin(context, auth_context, "process_client", 
                                     retbuf, &otype)) {
                goto finish;
            }
@@ -404,17 +389,9 @@ process_client(context, prog)
     final_msg.data = retbuf;
     final_msg.length = strlen(retbuf) + 1;
 
-                /* Send Completion Message */
-    if (retval = krb5_mk_priv(context, &final_msg,
-                        ETYPE_DES_CBC_CRC,
-                        client_creds->enc_part2->session,
-                        &client_server_info.server_addr,
-                        &client_server_info.client_addr,
-                        send_seqno,
-                        KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
-                        0,
-                        0,
-                        &msg_data)) {
+       /* Send Completion Message */
+    if (retval = krb5_mk_priv(context, auth_context, &final_msg,
+                              &msg_data, &replaydata)) {
        syslog(LOG_ERR, "kadmind error Error Performing Final mk_priv");
        goto finish;
     }