+Mon Aug 21 16:50:54 EDT 1995 Paul Park (pjpark@mit.edu)
+ * klist.c - Add logic to figure out width of time string and then use
+ this width to format the timestamp output. Remove English-
+ specific months and let timestamp_to_sfstring() handle it.
+ Replace etype string array with enctype_to_string().
+ * configure.in - Add -lkadm.
+
+
Fri Jul 7 15:54:35 EDT 1995 Paul Park (pjpark@mit.edu)
* Makefile.in - Remove explicit library handling and LDFLAGS.
* configure.in - Add KRB5_LIBRARIES.
AC_INIT(klist.c)
CONFIG_RULES
AC_PROG_INSTALL
+USE_KADM_LIBRARY
KRB5_LIBRARIES
V5_USE_SHARED_LIB
V5_AC_OUTPUT_MAKEFILE
char *defname;
char *progname;
krb5_int32 now;
+int timestamp_width;
krb5_context kcontext;
void do_ccache KRB5_PROTOTYPE((char *));
void do_keytab KRB5_PROTOTYPE((char *));
void printtime KRB5_PROTOTYPE((time_t));
+void fillit KRB5_PROTOTYPE((FILE *, int, int));
#define DEFAULT 0
#define CCACHE 1
com_err(progname, code, "while getting time of day.");
exit(1);
}
+ else {
+ char tmp[BUFSIZ];
+
+ if (!krb5_timestamp_to_sfstring(now, tmp, 20, (char *) NULL) ||
+ !krb5_timestamp_to_sfstring(now, tmp, sizeof(tmp), (char *) NULL))
+ timestamp_width = (int) strlen(tmp);
+ else
+ timestamp_width = 15;
+ }
if (mode == DEFAULT || mode == CCACHE)
do_ccache(name);
}
if (show_time) {
- printf("KVNO Timestamp Principal\n");
- printf("---- ------------------ -------------------------------------------------------\n");
+ printf("KVNO Timestamp");
+ fillit(stdout, timestamp_width - sizeof("Timestamp") + 2, (int) ' ');
+ printf("Principal\n");
+ printf("---- ");
+ fillit(stdout, timestamp_width, (int) '-');
+ printf(" ");
+ fillit(stdout, 78 - timestamp_width - sizeof("KVNO"), (int) '-');
+ printf("\n");
} else {
printf("KVNO Principal\n");
printf("---- --------------------------------------------------------------------------\n");
if (!status_only) {
printf("Ticket cache: %s\nDefault principal: %s\n\n",
krb5_cc_get_name(kcontext, cache), defname);
- fputs(" Valid starting Expires Service principal\n",
- stdout);
+ fputs("Valid starting", stdout);
+ fillit(stdout, timestamp_width - sizeof("Valid starting") + 3,
+ (int) ' ');
+ fputs("Expires", stdout);
+ fillit(stdout, timestamp_width - sizeof("Expires") + 3,
+ (int) ' ');
+ fputs("Service principal\n", stdout);
}
if ((code = krb5_cc_start_seq_get(kcontext, cache, &cur))) {
if (!status_only)
return(buf);
}
-static char *Month_names[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
- "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };
-
void
printtime(tv)
time_t tv;
{
- struct tm *stime;
-
- stime = localtime((time_t *)&tv);
- printf("%2d-%s-%2d %02d:%02d:%02d",
- stime->tm_mday,
- Month_names[stime->tm_mon],
- stime->tm_year,
- stime->tm_hour,
- stime->tm_min,
- stime->tm_sec);
+ char timestring[BUFSIZ];
+ char fill;
+
+ fill = ' ';
+ if (!krb5_timestamp_to_sfstring((krb5_timestamp) tv,
+ timestring,
+ timestamp_width+1,
+ &fill)) {
+ printf(timestring);
+ }
}
-/* Make sure this list matches the ETYPE order in encryption.h */
-#define ETYPE_MAX 6
-char * etype_string[ETYPE_MAX] = {
- "ETYPE_NULL",
- "ETYPE_DES_CBC_CRC",
- "ETYPE_DES_CBC_MD4",
- "ETYPE_DES_CBC_MD5",
- "ETYPE_RAW_DES_CBC",
- NULL };
-
void
show_credential(progname, kcontext, cred)
char * progname;
if (show_etype) {
krb5_enctype etype = cred->keyblock.etype;
+ char etype_string[BUFSIZ];
if (!first)
putchar('\n');
printf("\tEncryption type: ");
if (etype != ETYPE_UNKNOWN) {
- if ((etype < ETYPE_MAX) && etype_string[etype]) {
- printf("%s", etype_string[etype]);
+ if (!krb5_enctype_to_string(etype, etype_string,
+ sizeof(etype_string))) {
+ printf("%s", etype_string);
} else {
printf("UNRECOGNIZED");
}
free(sname);
}
+void
+fillit(f, num, c)
+ FILE *f;
+ int num;
+ int c;
+{
+ int i;
+
+ for (i=0; i<num; i++)
+ fputc(c, f);
+}
+
+
+Mon Aug 21 16:53:40 EDT 1995 Paul Park (pjpark@mit.edu)
+ * ksu.h - Change lifetime types to krb5_deltat.
+ * main.c - Use string_to_deltat() to parse lifetimes. Fix gcc -Wall.
+ * krb_auth_su.c - Fix gcc -Wall. Remove krb5_parse_lifetime() and
+ convtime(). No longer needed.
+ * ccache.c - Remove English-specific months and let timestamp_to_
+ sfstring() handle it. Fix gcc -Wall.
+ * configure.in - Add -lkadm.
+
Sat Jul 29 04:41:07 1995 Tom Yu <tlyu@dragons-lair.MIT.EDU>
* configure.in: Don't link with -lkadm.
*/
#include "ksu.h"
+#include "adm_proto.h"
/******************************************************************
krb5_cache_copy
cc_other = (krb5_ccache *) calloc(1, sizeof (krb5_ccache));
- if( retval = krb5_cc_resolve(context, cc_other_tag, cc_other)){
+ if ((retval = krb5_cc_resolve(context, cc_other_tag, cc_other))){
com_err (prog_name, retval, "resolving ccache %s",
cc_other_tag);
return retval;
cc_other_name = krb5_cc_get_name(context, *cc_other);
if ( ! stat(cc_def_name, &st_temp)){
- if(retval = krb5_get_nonexp_tkts(context, cc_def, &cc_def_creds_arr)){
+ if((retval = krb5_get_nonexp_tkts(context,cc_def,&cc_def_creds_arr))){
return retval;
}
}
primary_principal);
- if (retval = krb5_cc_initialize(context, *cc_other, primary_principal)){
+ if ((retval = krb5_cc_initialize(context, *cc_other, primary_principal))){
return retval;
}
{
int i = 0;
-int j = 0;
krb5_error_code retval = 0;
krb5_creds ** temp_creds= NULL;
-krb5_boolean cmp;
if ((creds_def == NULL) && (creds_other == NULL))
if (temp_creds){
while(temp_creds[i]){
- if (retval= krb5_cc_store_cred(context, cc,
- temp_creds[i])){
+ if ((retval= krb5_cc_store_cred(context, cc,
+ temp_creds[i]))){
return retval;
}
i++;
memset((char *) &creds, 0, sizeof(creds));
/* initialize the cursor */
- if (retval = krb5_cc_start_seq_get(context, cc, &cur)) {
+ if ((retval = krb5_cc_start_seq_get(context, cc, &cur))) {
return retval;
}
while (!(retval = krb5_cc_next_cred(context, cc, &cur, &creds))){
- if(retval = krb5_check_exp(context, creds.times)){
+ if ((retval = krb5_check_exp(context, creds.times))){
if (retval != KRB5KRB_AP_ERR_TKT_EXPIRED){
return retval;
}
}
else { /* these credentials didn't expire */
- if (retval = krb5_copy_creds(context, &creds,
- &temp_creds[count])){
+ if ((retval = krb5_copy_creds(context, &creds,
+ &temp_creds[count]))){
return retval;
}
count ++;
krb5_error_code retval =0;
krb5_timestamp currenttime;
- if (retval = krb5_timeofday (context, ¤ttime)){
+ if ((retval = krb5_timeofday (context, ¤ttime))){
return retval;
}
if (auth_debug){
return(buf);
}
-static char *Month_names[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
- "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };
-
void printtime(tv)
time_t tv;
{
struct tm *stime;
+ char fmtbuf[18];
+ char fill;
stime = localtime((time_t *)&tv);
- printf("%2d-%s-%2d %02d:%02d:%02d",
- stime->tm_mday,
- Month_names[stime->tm_mon],
- stime->tm_year,
- stime->tm_hour,
- stime->tm_min,
- stime->tm_sec);
+ fill = ' ';
+ if (!krb5_timestamp_to_sfstring((krb5_timestamp) tv,
+ fmtbuf,
+ sizeof(fmtbuf),
+ &fill))
+ printf(fmtbuf);
}
linebuf[BUFSIZ-1] = '\0';
newline = NULL;
/* nuke the newline if it exists */
- if (newline = strchr(linebuf, '\n'))
+ if ((newline = strchr(linebuf, '\n')))
*newline = '\0';
buf_out[count] = linebuf;
return;
}
- if (retval = krb5_cc_get_principal(context, cc, &princ)) {
+ if ((retval = krb5_cc_get_principal(context, cc, &princ))) {
com_err(prog_name, retval, "while retrieving principal name");
return;
}
- if (retval = krb5_unparse_name(context, princ, &defname)) {
+ if ((retval = krb5_unparse_name(context, princ, &defname))) {
com_err(prog_name, retval, "while unparsing principal name");
return;
}
cct_name = krb5_cc_get_name(context, cct);
if ( ! stat(ccs_name, &st_temp)){
- if(retval = krb5_get_nonexp_tkts(context, ccs, &ccs_creds_arr)){
+ if ((retval = krb5_get_nonexp_tkts(context, ccs, &ccs_creds_arr))){
return retval;
}
}
if ( ! stat(cct_name, &st_temp)){
- if (retval = krb5_cc_get_principal(context, cct, &temp_principal)){
+ if ((retval = krb5_cc_get_principal(context, cct, &temp_principal))){
return retval;
}
}else{
temp_principal = primary_principal;
}
- if (retval = krb5_cc_initialize(context, cct, temp_principal)){
+ if ((retval = krb5_cc_initialize(context, cct, temp_principal))){
return retval;
}
temp_creds[i]->client,
prst)== TRUE) {
- if (retval = krb5_cc_store_cred(context,
- cc,temp_creds[i])){
+ if ((retval = krb5_cc_store_cred(context,
+ cc,temp_creds[i]))){
return retval;
}
temp_stored = TRUE;
cc_other = (krb5_ccache *) calloc(1, sizeof (krb5_ccache));
- if( retval = krb5_cc_resolve(context, cc_other_tag, cc_other)){
+ if ((retval = krb5_cc_resolve(context, cc_other_tag, cc_other))){
com_err (prog_name, retval, "resolving ccache %s",
cc_other_tag);
return retval;
cc_other_name = krb5_cc_get_name(context, *cc_other);
if ( ! stat(cc_def_name, &st_temp)){
- if(retval = krb5_get_nonexp_tkts(context, cc_def, &cc_def_creds_arr)){
+ if((retval = krb5_get_nonexp_tkts(context,cc_def,&cc_def_creds_arr))){
return retval;
}
}
- if (retval = krb5_cc_initialize(context, *cc_other, prst)){
+ if ((retval = krb5_cc_initialize(context, *cc_other, prst))){
return retval;
}
fprintf(stderr,"Refreshing cache %s\n", cc_name);
}
- if(retval = krb5_get_nonexp_tkts(context, cc, &cc_creds_arr)){
+ if ((retval = krb5_get_nonexp_tkts(context, cc, &cc_creds_arr))){
return retval;
}
- if (retval = krb5_cc_get_principal(context, cc, &temp_principal)){
+ if ((retval = krb5_cc_get_principal(context, cc, &temp_principal))){
return retval;
}
- if (retval = krb5_cc_initialize(context, cc, temp_principal)){
+ if ((retval = krb5_cc_initialize(context, cc, temp_principal))) {
return retval;
}
- if (retval = krb5_store_all_creds(context, cc, cc_creds_arr, NULL)){
+ if ((retval = krb5_store_all_creds(context, cc, cc_creds_arr, NULL))){
return retval;
}
fprintf(stderr,"puting cache %s through a filter for -z option\n", cc_name);
}
- if(retval = krb5_get_nonexp_tkts(context, cc, &cc_creds_arr)){
+ if ((retval = krb5_get_nonexp_tkts(context, cc, &cc_creds_arr))){
return retval;
}
- if (retval = krb5_cc_get_principal(context, cc, &temp_principal)){
+ if ((retval = krb5_cc_get_principal(context, cc, &temp_principal))){
return retval;
}
- if (retval = krb5_cc_initialize(context, cc, temp_principal)){
+ if ((retval = krb5_cc_initialize(context, cc, temp_principal))){
return retval;
}
- if (retval = krb5_store_some_creds(context, cc, cc_creds_arr,
- NULL, prst, &stored)){
+ if ((retval = krb5_store_some_creds(context, cc, cc_creds_arr,
+ NULL, prst, &stored))){
return retval;
}
cc_name = krb5_cc_get_name(context, cc);
if ( ! stat(cc_name, &st_temp)){
- if(retval = krb5_get_nonexp_tkts(context, cc, &creds_list)){
+ if ((retval = krb5_get_nonexp_tkts(context, cc, &creds_list))){
return retval;
}
}
AC_CHECK_LIB(dbm,main)
AC_CHECK_HEADERS(stdarg.h)
AC_CHECK_FUNCS(getusershell)
+USE_KADM_LIBRARY
KRB5_LIBRARIES
V5_USE_SHARED_LIB
V5_AC_OUTPUT_MAKEFILE
memset((char *) &in_creds, 0, sizeof(krb5_creds));
- if (retval= krb5_copy_principal(context, client_pname, &client)){
+ if ((retval= krb5_copy_principal(context, client_pname, &client))){
com_err(prog_name, retval,"while copying client principal");
return (FALSE) ;
}
if (auth_debug)
{ dump_principal(context, "krb5_auth_check: Client principal name", client); }
- if ( retval = krb5_sname_to_principal(context, hostname, NULL,
- KRB5_NT_SRV_HST, &server)){
+ if ((retval = krb5_sname_to_principal(context, hostname, NULL,
+ KRB5_NT_SRV_HST, &server))){
com_err(prog_name, retval,
"while creating server %s principal name", hostname);
krb5_free_principal(context, client);
/* check to see if the local tgt is in the cache */
- if (retval= krb5_copy_principal(context, client, &tgtq.client)){
+ if ((retval= krb5_copy_principal(context, client, &tgtq.client))){
com_err(prog_name, retval,"while copying client principal");
return (FALSE) ;
}
- if (retval = krb5_tgtname(context, krb5_princ_realm (context, client),
- krb5_princ_realm(context, client),
- &tgtq.server)){
+ if ((retval = krb5_tgtname(context, krb5_princ_realm(context, client),
+ krb5_princ_realm(context, client),
+ &tgtq.server))){
com_err(prog_name, retval, "while creating tgt for local realm");
krb5_free_principal(context, client);
krb5_free_principal(context, server);
}
- if (retval= krb5_copy_principal(context, client, &in_creds.client)){
+ if ((retval= krb5_copy_principal(context, client, &in_creds.client))){
com_err(prog_name, retval,"while copying client principal");
return (FALSE) ;
}
- if (retval= krb5_copy_principal(context, server, &in_creds.server)){
+ if ((retval= krb5_copy_principal(context, server, &in_creds.server))){
com_err(prog_name, retval,"while copying client principal");
return (FALSE) ;
}
- if (retval = krb5_get_cred_from_kdc(context, cc, &in_creds,
- &out_creds, &tgts)){
+ if ((retval = krb5_get_cred_from_kdc(context, cc, &in_creds,
+ &out_creds, &tgts))){
com_err(prog_name, retval, "while geting credentials from kdc");
return (FALSE);
}
fprintf(stderr, "krb5_auth_check: went via multiple realms");
}
while (tgts[i]){
- if (retval = krb5_cc_store_cred(context, cc, tgts[i])) {
+ if ((retval=krb5_cc_store_cred(context,cc,tgts[i]))) {
com_err(prog_name, retval,
"while storing credentials from cross-realm walk");
return (FALSE);
krb5_free_tgt_creds(context, tgts);
}
- if (retval = krb5_verify_tkt_def(context, client, server,
- &out_creds->keyblock,
- &out_creds->ticket, &target_tkt)){
+ if ((retval = krb5_verify_tkt_def(context, client, server,
+ &out_creds->keyblock,
+ &out_creds->ticket, &target_tkt))){
com_err(prog_name, retval, "while verifing ticket for server");
return (FALSE);
}
- if (retval = krb5_cc_store_cred(context, cc, out_creds)){
+ if ((retval = krb5_cc_store_cred(context, cc, out_creds))){
com_err(prog_name, retval,
"While storing credentials");
return (FALSE);
memset((char *) &tgtq, 0, sizeof(tgtq));
memset((char *) &tgt, 0, sizeof(tgt));
- if (retval= krb5_copy_principal(context, client, &tgtq.client)){
+ if ((retval= krb5_copy_principal(context, client, &tgtq.client))){
com_err(prog_name, retval,"while copying client principal");
return (FALSE) ;
}
- if (retval= krb5_copy_principal(context, server, &tgtq.server)){
+ if ((retval= krb5_copy_principal(context, server, &tgtq.server))){
com_err(prog_name, retval,"while copying client principal");
return (FALSE) ;
}
- if (retval = krb5_cc_retrieve_cred(context, cc, KRB5_TC_MATCH_SRV_NAMEONLY,
- &tgtq, &tgt)){
+ if ((retval = krb5_cc_retrieve_cred(context, cc, KRB5_TC_MATCH_SRV_NAMEONLY,
+ &tgtq, &tgt))){
if (auth_debug)
com_err(prog_name, retval,"While Retrieving credentials");
return (FALSE) ;
}
- if (retval = krb5_verify_tkt_def(context, client, server, &tgt.keyblock,
- &tgt.ticket, &target_tkt)){
+ if ((retval = krb5_verify_tkt_def(context, client, server, &tgt.keyblock,
+ &tgt.ticket, &target_tkt))){
com_err(prog_name, retval, "while verifing ticket for server");
return (FALSE);
}
krb5_error_code retval =0;
krb5_keyblock * tkt_ses_key;
- if (retval = decode_krb5_ticket(scr_ticket, &tkt)){
+ if ((retval = decode_krb5_ticket(scr_ticket, &tkt))){
return retval;
}
}
/* get the default keytab */
- if( retval = krb5_kt_default(context, &keytabid)){
+ if ((retval = krb5_kt_default(context, &keytabid))){
krb5_free_ticket(context, tkt);
return retval;
}
/* We have the encryption type get the keytpe. */
keytype = krb5_csarray[tkt->enc_part.etype]->system->proto_keytype;
- if (retval = krb5_kt_get_entry(context, keytabid, server,
- tkt->enc_part.kvno, keytype, &ktentry)){
+ if ((retval = krb5_kt_get_entry(context, keytabid, server,
+ tkt->enc_part.kvno, keytype, &ktentry))){
krb5_free_ticket(context, tkt);
return retval;
}
krb5_kt_close(context, keytabid);
- if ( retval = krb5_copy_keyblock(context, &ktentry.key, &tkt_key)){
+ if ((retval = krb5_copy_keyblock(context, &ktentry.key, &tkt_key))){
krb5_free_ticket(context, tkt);
krb5_kt_free_entry(context, &ktentry);
return retval;
}
/* decrypt the ticket */
- if (retval = krb5_decrypt_tkt_part(context, tkt_key, tkt)) {
+ if ((retval = krb5_decrypt_tkt_part(context, tkt_key, tkt))) {
krb5_free_ticket(context, tkt);
krb5_kt_free_entry(context, &ktentry);
krb5_free_keyblock(context, tkt_key);
krb5_creds my_creds;
krb5_timestamp now;
int pwsize;
- int i;
char password[255], *client_name, prompt[255];
*zero_password = FALSE;
- if (code = krb5_unparse_name(context, client, &client_name)) {
+ if ((code = krb5_unparse_name(context, client, &client_name))) {
com_err (prog_name, code, "when unparsing name");
return (FALSE);
}
memset((char *)&my_creds, 0, sizeof(my_creds));
- if (code = krb5_copy_principal(context, client, &my_creds.client)){
+ if ((code = krb5_copy_principal(context, client, &my_creds.client))){
com_err (prog_name, code, "while copying principal");
return (FALSE);
}
- if (code = krb5_copy_principal(context, server, &my_creds.server)){
+ if ((code = krb5_copy_principal(context, server, &my_creds.server))){
com_err (prog_name, code, "while copying principal");
return (FALSE);
}
return (FALSE);
}
- if (code = krb5_timeofday(context, &now)) {
+ if ((code = krb5_timeofday(context, &now))) {
com_err(prog_name, code, "while getting time of day");
return (FALSE);
}
char * stname;
krb5_error_code retval;
- if (retval = krb5_unparse_name(context, p, &stname)){
+ if ((retval = krb5_unparse_name(context, p, &stname))){
fprintf(stderr," %s while unparsing name \n",
error_message(retval));
}
char * stname;
krb5_error_code retval;
- if (retval = krb5_unparse_name(context, p, &stname)){
+ if ((retval = krb5_unparse_name(context, p, &stname))){
fprintf(stderr," %s while unparsing name \n",
error_message(retval));
}
fprintf(stderr, "%s ", stname );
}
-
-static time_t convtime PROTOTYPE((char *));
-
-krb5_error_code
-krb5_parse_lifetime (time, len)
- char *time;
- long *len;
-{
- *len = convtime(time);
- return 0;
-}
-
-
-/*
- * this next function was lifted from the source to sendmail, which is:
- *
- * Copyright (c) 1983 Eric P. Allman
- * Copyright (c) 1988 Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms are permitted provided
- * that: (1) source distributions retain this entire copyright notice and
- * comment, and (2) distributions including binaries display the following
- * acknowledgement: ``This product includes software developed by the
- * University of California, Berkeley and its contributors'' in the
- * documentation or other materials provided with the distribution and in
- * all advertising materials mentioning features or use of this software.
- * Neither the name of the University nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
- * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#include <ctype.h> /* for isdigit */
-
-static time_t
-convtime(p)
- char *p;
-{
- register time_t t, r;
- register char c;
-
- r = 0;
- while (*p != '\0')
- {
- t = 0;
- while (isdigit(c = *p++))
- t = t * 10 + (c - '0');
- if (c == '\0')
- p--;
- switch (c)
- {
- case 'w': /* weeks */
- t *= 7;
-
- case 'd': /* days */
- t *= 24;
-
- case 'h': /* hours */
- default:
- t *= 60;
-
- case 'm': /* minutes */
- t *= 60;
-
- case 's': /* seconds */
- break;
- }
- r += t;
- }
-
- return (r);
-}
-
#if 0
krb5_error_code get_tgt_via_login_list(context, server, cc, k5login_plist,
client, got_it)
while(plist[i]){
- if (retval = krb5_parse_name(context, plist[i], &temp_client)){
+ if ((retval = krb5_parse_name(context, plist[i], &temp_client))){
return retval;
}
typedef struct opt_info{
int opt;
- long lifetime;
- long rlife;
+ krb5_deltat lifetime;
+ krb5_deltat rlife;
int princ;
}opt_info;
*/
#include "ksu.h"
+#include "adm_proto.h"
/* globals */
char * prog_name;
#define DEBUG
+int
main (argc, argv)
int argc;
char ** argv;
switch (option) {
case 'r':
options.opt |= KDC_OPT_RENEWABLE;
- retval = krb5_parse_lifetime(optarg, &options.rlife);
+ retval = krb5_string_to_deltat(optarg, &options.rlife);
if (retval != 0 || options.rlife == 0) {
fprintf(stderr, "Bad lifetime value (%s hours?)\n", optarg);
errflg++;
optind --;
if (auth_debug){printf("Before get_params optind=%d \n", optind);}
- if ( retval = get_params( & optind, pargc, pargv, ¶ms)){
+ if ((retval = get_params( & optind, pargc, pargv, ¶ms))){
com_err(prog_name, retval, "when gathering parameters");
errflg++;
}
quiet =1;
break;
case 'l':
- retval = krb5_parse_lifetime(optarg, &options.lifetime);
+ retval = krb5_string_to_deltat(optarg, &options.lifetime);
if (retval != 0 || options.lifetime == 0) {
fprintf(stderr, "Bad lifetime value (%s hours?)\n", optarg);
errflg++;
}
break;
case 'n':
- if (retval = krb5_parse_name(ksu_context, optarg, &client)){
+ if ((retval = krb5_parse_name(ksu_context, optarg, &client))){
com_err(prog_name, retval, "when parsing name %s", optarg);
errflg++;
}
case 'e':
cmd = strdup(optarg);
if(auth_debug){printf("Before get_params optind=%d \n", optind);}
- if ( retval = get_params( & optind, pargc, pargv, ¶ms)){
+ if ((retval = get_params( & optind, pargc, pargv, ¶ms))){
com_err(prog_name, retval, "when gathering parameters");
errflg++;
}
}
/* get a handle for the cache */
- if ( retval = krb5_cc_resolve(ksu_context, cc_source_tag, &cc_source)){
+ if ((retval = krb5_cc_resolve(ksu_context, cc_source_tag, &cc_source))){
com_err(prog_name, retval,"while getting source cache");
exit(1);
}
}
- if (retval= krb5_ccache_refresh(ksu_context, cc_source)){
+ if ((retval= krb5_ccache_refresh(ksu_context, cc_source))){
com_err(prog_name, retval,
"while refreshing %s (source cache)", cc_source_tag);
exit(1);
}
- if (retval = get_best_princ_for_target(ksu_context, source_uid,
+ if ((retval = get_best_princ_for_target(ksu_context, source_uid,
target_uid, source_user, target_user, cc_source,
- &options, cmd, localhostname, &client, &hp)){
+ &options, cmd, localhostname, &client, &hp))){
com_err(prog_name,retval, "while selecting the best principal");
exit(1);
}
exit(1);
}
- if (retval = krb5_cc_initialize(ksu_context, cc_source,
- client)){
+ if ((retval = krb5_cc_initialize(ksu_context, cc_source,
+ client))){
com_err(prog_name, retval,
"while initializing source cache");
exit(1);
if ((source_uid == 0) && (target_uid != 0)) {
- if (retval =krb5_ccache_copy_restricted(ksu_context, cc_source,
- cc_target_tag,client,&cc_target, &stored)){
+ if ((retval =krb5_ccache_copy_restricted(ksu_context, cc_source,
+ cc_target_tag,client,&cc_target, &stored))){
com_err (prog_name, retval,
"while copying cache %s to %s",
krb5_cc_get_name(ksu_context, cc_source),cc_target_tag);
}
} else{
- if (retval = krb5_ccache_copy(ksu_context, cc_source, cc_target_tag,
- client,&cc_target, &stored)){
+ if ((retval = krb5_ccache_copy(ksu_context, cc_source, cc_target_tag,
+ client,&cc_target, &stored))){
com_err (prog_name, retval,
"while copying cache %s to %s",
krb5_cc_get_name(ksu_context, cc_source),
cc_target_tag = cc_source_tag;
cc_target_tag_tmp = cc_source_tag_tmp;
- if(retval=krb5_find_princ_in_cache(ksu_context, cc_target,client, &stored)){
+ if ((retval=krb5_find_princ_in_cache(ksu_context, cc_target,client, &stored))){
com_err (prog_name, retval,
"while searching for client in source ccache");
exit(1);
if ((source_uid == 0) || (target_uid == source_uid)){
#ifdef GET_TGT_VIA_PASSWD
if ((!all_rest_copy) && options.princ && (stored == FALSE)){
- if (retval = krb5_tgtname(ksu_context,
+ if ((retval = krb5_tgtname(ksu_context,
krb5_princ_realm (ksu_context, client),
krb5_princ_realm(ksu_context, client),
- &kdc_server)){
+ &kdc_server))){
com_err(prog_name, retval,
"while creating tgt for local realm");
sweep_up(ksu_context, use_source_cache, cc_target);
/* cache the tickets if possible in the source cache */
if (!path_passwd && !use_source_cache){
- if (retval = krb5_ccache_overwrite(ksu_context, cc_target, cc_source,
- client)){
+ if ((retval = krb5_ccache_overwrite(ksu_context, cc_target, cc_source,
+ client))){
com_err (prog_name, retval,
"while copying cache %s to %s",
krb5_cc_get_name(ksu_context, cc_target),
}
}
- if (retval = krb5_unparse_name(ksu_context, client, &client_name)) {
+ if ((retval = krb5_unparse_name(ksu_context, client, &client_name))) {
com_err (prog_name, retval, "When unparsing name");
sweep_up(ksu_context, use_source_cache, cc_target);
exit(1);
prog_name,target_user,client_name,
source_user,ontty());
- if(retval = krb5_authorization(ksu_context, client,target_user,
- local_realm_name, cmd, &authorization_val, &exec_cmd)){
+ if ((retval = krb5_authorization(ksu_context, client,target_user,
+ local_realm_name, cmd, &authorization_val, &exec_cmd))){
com_err(prog_name,retval,"while checking authorization");
sweep_up(ksu_context, use_source_cache, cc_target);
exit(1);
}
if( some_rest_copy){
- if (retval = krb5_ccache_filter(ksu_context, cc_target, client)){
+ if ((retval = krb5_ccache_filter(ksu_context, cc_target, client))){
com_err(prog_name,retval,"while calling cc_filter");
sweep_up(ksu_context, use_source_cache, cc_target);
exit(1);
}
if (all_rest_copy){
- if (retval = krb5_cc_initialize(ksu_context, cc_target, client)){
+ if ((retval = krb5_cc_initialize(ksu_context, cc_target, client))){
com_err(prog_name, retval,
"while erasing target cache");
exit(1);
sweep_up(ksu_context, use_source_cache, cc_target);
exit(1);
}else{
- if (child_pid = fork()){
+ if ((child_pid = fork())){
if (auth_debug){
printf(" The childs pid is %d \n", child_pid);
printf(" The parents pid is %d \n", getpid());
static char buf[MAXPATHLEN + 4];
buf[0] = 0;
- if (p = ttyname(STDERR_FILENO))
+ if ((p = ttyname(STDERR_FILENO)))
sprintf(buf, " on %s", p);
return (buf);
}
if (! use_source_cache){
cc_name = krb5_cc_get_name(context, cc);
if ( ! stat(cc_name, &st_temp)){
- if (retval = krb5_cc_destroy(context, cc)){
+ if ((retval = krb5_cc_destroy(context, cc))){
com_err(prog_name, retval,
"while destroying cache");
}
temp_path = strdup(path);
- if (ptr = strrchr( temp_path, '/')) {
+ if ((ptr = strrchr( temp_path, '/'))) {
*ptr = '\0';
} else {
free (temp_path);
+Mon Aug 21 17:05:18 EDT 1995 Paul Park (pjpark@mit.edu)
+ * adm_server.c - Change dbm_db_set_name to db_set_name. Interpret -k
+ and -e arguments as strings instead of string representations
+ of integers (e.g. des-cbc-md5). Fix gcc -Wall.
+ * adm_extern.h - Add prototype of closedown_network() for gcc -Wall.
+
+
Tue Aug 15 14:29:26 EDT 1995 Paul Park (pjpark@mit.edu)
* adm_{adm_func,fmt_inq,funcs,process,server}.c, adm_extern.h - Replace
adm_find_keytype() with krb5_dbe_find_keytype().
char const *,
char *));
+krb5_error_code closedown_network PROTOTYPE((const char *));
krb5_error_code setup_network
PROTOTYPE((krb5_context,
const char *));
#include "k5-int.h"
#include "adm_extern.h"
+#include "adm_proto.h"
char prog[32];
char *progname = prog;
krb5_flags NEW_ATTRIBUTES;
+int
cleanexit(context, val)
krb5_context context;
int val;
case 'd':
/* put code to deal with alt database place */
dbm_db_name = optarg;
- if (retval = krb5_dbm_db_set_name(context, dbm_db_name)) {
+ if ((retval = krb5_db_set_name(context, dbm_db_name))) {
fprintf(stderr, "opening database %s: %s",
dbm_db_name, error_message(retval));
exit(1);
break;
case 'e':
- kdc_etype = atoi(optarg);
+ if (krb5_string_to_enctype(optarg, &kdc_etype))
+ fprintf(stderr, "%s: %s is an invalid encryption type\n",
+ argv[0], optarg);
break;
case 'k': /* keytype for master key */
- master_keyblock.keytype = atoi(optarg);
- keytypedone++;
+ if (!krb5_string_to_keytype(optarg, &master_keyblock.keytype))
+ keytypedone++;
+ else
+ fprintf(stderr, "%s: %s is an invalid key type\n",
+ argv[0], optarg);
break;
case 'm': /* manual type-in of master key */
if (!realm) {
/* no realm specified, use default realm */
- if (retval = krb5_get_default_realm(context, &local_realm)) {
+ if ((retval = krb5_get_default_realm(context, &local_realm))) {
com_err(argv[0], retval,
"while attempting to retrieve default realm");
exit(1);
}
/* assemble & parse the master key name */
- if (retval = krb5_db_setup_mkey_name(context, mkey_name,
- realm,
- (char **) 0,
- &master_princ)) {
+ if ((retval = krb5_db_setup_mkey_name(context, mkey_name,
+ realm,
+ (char **) 0,
+ &master_princ))) {
com_err(argv[0], retval, "while setting up master key name");
exit(1);
}
}
krb5_use_cstype(context, &master_encblock, kdc_etype);
- if (retval = krb5_db_fetch_mkey(context,
+ if ((retval = krb5_db_fetch_mkey(context,
master_princ,
&master_encblock,
manual,
FALSE, /* only read it once, if at all */
(char *) NULL, /* No stash file */
0, /* No salt supplied */
- &master_keyblock)) {
+ &master_keyblock))) {
com_err(argv[0], retval, "while fetching master key");
exit(1);
}
/* initialize random key generators */
for (etype = 0; etype <= krb5_max_cryptosystem; etype++) {
if (krb5_csarray[etype]) {
- if (retval = (*krb5_csarray[etype]->system->
+ if ((retval = (*krb5_csarray[etype]->system->
init_random_key)(&master_keyblock,
- &krb5_csarray[etype]->random_sequence)) {
+ &krb5_csarray[etype]->random_sequence))) {
com_err(argv[0], retval,
"while setting up random key generator for etype %d--etype disabled",
etype);
return(retval);
/* initialize database */
- if (retval = krb5_db_init(context))
+ if ((retval = krb5_db_init(context)))
return(retval);
- if (retval = krb5_db_verify_master_key(context, masterkeyname,
+ if ((retval = krb5_db_verify_master_key(context, masterkeyname,
masterkeyblock,
- &master_encblock)) {
+ &master_encblock))) {
master_encblock.crypto_entry = 0;
return(retval);
}
/* do any necessary key pre-processing */
- if (retval = krb5_process_key(context, &master_encblock, masterkeyblock)) {
+ if ((retval = krb5_process_key(context, &master_encblock, masterkeyblock))) {
master_encblock.crypto_entry = 0;
(void) krb5_db_fini(context);
return(retval);
* fetch the master database entry, and hold on to it.
*/
number_of_entries = 1;
- if (retval = krb5_db_get_principal(context, masterkeyname, &master_entry,
- &number_of_entries, &more)) {
+ if ((retval = krb5_db_get_principal(context, masterkeyname, &master_entry,
+ &number_of_entries, &more))) {
return(retval);
}
if (number_of_entries != 1) {
tgs_server->type = KRB5_NT_SRV_INST;
number_of_entries = 1;
- if (retval = krb5_db_get_principal(context,
- tgs_server,
- &server_entry,
- &number_of_entries,
- &more)) {
+ if ((retval = krb5_db_get_principal(context,
+ tgs_server,
+ &server_entry,
+ &number_of_entries,
+ &more))) {
return(retval);
}
convert server.key into a real key
(it may be encrypted in the database)
*/
- if (retval = krb5_dbe_find_keytype(context,
- &server_entry,
- KEYTYPE_DES,
- -1,
- -1,
- &kdatap)) {
+ if ((retval = krb5_dbe_find_keytype(context,
+ &server_entry,
+ KEYTYPE_DES,
+ -1,
+ -1,
+ &kdatap))) {
krb5_db_free_principal(context, &server_entry, number_of_entries);
(void) krb5_finish_key(context, &master_encblock);
memset((char *)&master_encblock, 0, sizeof(master_encblock));
(void) krb5_db_fini(context);
return(retval);
}
- if (retval = krb5_dbekd_decrypt_key_data(context,&master_encblock,
- kdatap,&tgs_key,
- &salt)) {
+ if ((retval = krb5_dbekd_decrypt_key_data(context,&master_encblock,
+ kdatap,&tgs_key,
+ &salt))) {
krb5_db_free_principal(context, &server_entry, number_of_entries);
(void) krb5_finish_key(context, &master_encblock);
memset((char *)&master_encblock, 0, sizeof(master_encblock));
** Main does the logical thing, it sets up the database and RPC interface,
** as well as handling the creation and maintenance of the syslog file...
*/
+int
main(argc, argv) /* adm_server main routine */
int argc;
char **argv;
setup_signal_handlers();
- if (retval = init_db(context, dbm_db_name, master_princ,&master_keyblock)) {
+ if ((retval = init_db(context, dbm_db_name, master_princ,
+ &master_keyblock))) {
com_err(argv[0], retval, "while initializing database");
exit(1);
}
- if (retval = setup_network(context, argv[0])) {
+ if ((retval = setup_network(context, argv[0]))) {
exit(1);
}
syslog(LOG_AUTH | LOG_INFO, "Admin Server Commencing Operation");
- if (retval = adm5_listen_and_process(context, argv[0])){
+ if ((retval = adm5_listen_and_process(context, argv[0]))) {
krb5_free_principal(context, client_server_info.server);
com_err(argv[0], retval, "while processing network requests");
errout++;
free(client_server_info.name_of_service);
krb5_free_principal(context, client_server_info.server);
- if (errout = closedown_network(argv[0])) {
+ if ((errout = closedown_network(argv[0]))) {
com_err(argv[0], retval, "while shutting down network");
retval = retval + errout;
}
- if (errout = closedown_db(context)) {
+ if ((errout = closedown_db(context))) {
com_err(argv[0], retval, "while closing database");
retval = retval + errout;
}
+Mon Aug 21 17:03:53 EDT 1995 Paul Park (pjpark@mit.edu)
+ * main.c - Interpret -k and -e arguments as strings instead of string
+ representations of integers (e.g. -e des-cbc-md5).
+ * krb5kdc.M - Remove "ascii representation of a decimal number".
+
+
Thu Aug 17 13:49:14 EDT 1995 Paul Park (pjpark@mit.edu)
* do_as_req.c - Close and re-open the database after performing a
database update. This is the cleanest way to flush out the
The
.B \-k
.I keytype
-option specifies the key type (as an ascii representation of a decimal
-number) of the master key in the database; the default is KEYTYPE_DES.
+option specifies the key type of the master key in the database; the default
+is KEYTYPE_DES.
.PP
The
.B \-M
nofork++; /* don't detach from terminal */
break;
case 'k': /* keytype for master key */
- mkeytype = atoi(optarg);
+ if (krb5_string_to_keytype(optarg, &mkeytype))
+ com_err(argv[0], 0, "invalid keytype %s", optarg);
break;
case 'R':
rcname = optarg;
sport = atoi(optarg);
break;
case 'e':
- kdc_etype = atoi(optarg);
+ if (krb5_string_to_enctype(optarg, &kdc_etype))
+ com_err(argv[0], 0, "invalid encryption type %s", optarg);
break;
case '?':
default:
projects / krb5.git / commitdiff