+2002-11-26 Tom Yu <tlyu@mit.edu>
+
+ * port-sockets.h: Add SOCKET_CONNECT, SOCKET_GETSOCKNAME, and
+ SOCKET_CLOSE to allow for porting of some KfM things.
+
2002-11-14 Tom Yu <tlyu@mit.edu>
* Makefile.in: Remove references to adm_err.h from here too.
+2002-11-26 Tom Yu <tlyu@mit.edu>
+
+ * Makefile.in (KRB4_HEADERS): Don't install kadm.h anymore.
+
+ * des.h: Put "#" characters in first column. Do the
+ KRBINT_BEGIN_DECLS hack to make emacs happy. Shuffle limits.h
+ inclusion to be outside C++ and Mac alignment magic.
+
+ * kadm.h: Remove some spurious prototypes. Rename a bunch of
+ internal kadm_stream stuff to avoid stomping on namespace. Add
+ prototypes for some client-side kadm stuff.
+
+ * krb.h: Do Mac CFM magic. Do C++ mangling protection. Do Mac
+ alignment magic. Move inclusions outside of C++ mangling
+ protection and Mac magic. Add KRB5_CALLCONV to a few functions
+ that KfM's krb.h exports. Merge the *_in_tkt_*_creds,
+ mk_req_creds, and rd_req_int functions from KfM. Add prototypes
+ for some KfM-specific things yet to be merged.
+
+ * prot.h: Don't include krb_conf.h anymore. Twiddle the int
+ encoding/decoding macros a little.
+
+ * des_conf.h:
+ * highc.h:
+ * krb_conf.h:
+ * passwd_server.h:
+ * principal.h: Remove, since they're obsolete.
+
2002-10-07 Sam Hartman <hartmans@mit.edu>
* Makefile.in: Support install-headers
mydir=kerberosIV
MY_SUBDIRS=.
BUILDTOP=$(REL)..$(S)..
-KRB4_HEADERS=krb.h des.h kadm.h mit-copyright.h
+KRB4_HEADERS=krb.h des.h mit-copyright.h
all-unix:: krb_err.h
*/
#if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__))
- #include <TargetConditionals.h>
- #if TARGET_RT_MAC_CFM
- #error "Use KfM 4.0 SDK headers for CFM compilation."
- #endif
+# include <TargetConditionals.h>
+# if TARGET_RT_MAC_CFM
+# error "Use KfM 4.0 SDK headers for CFM compilation."
+# endif
+#endif
+
+#ifdef __cplusplus
+#ifndef KRBINT_BEGIN_DECLS
+#define KRBINT_BEGIN_DECLS extern "C" {
+#define KRBINT_END_DECLS }
+#endif
+#else
+#define KRBINT_BEGIN_DECLS
+#define KRBINT_END_DECLS
#endif
#ifndef KRB5INT_DES_TYPES_DEFINED
#define KRB5INT_DES_TYPES_DEFINED
+#include <limits.h>
+
+KRBINT_BEGIN_DECLS
+
#if TARGET_OS_MAC
- #if defined(__MWERKS__)
- #pragma import on
- #pragma enumsalwaysint on
- #endif
- #pragma options align=mac68k
+# if defined(__MWERKS__)
+# pragma import on
+# pragma enumsalwaysint on
+# endif
+# pragma options align=mac68k
#endif
-#include <limits.h>
-
#if UINT_MAX >= 0xFFFFFFFFUL
#define DES_INT32 int
#define DES_UINT32 unsigned int
*
* This used to be
*
- * typedef struct des_ks_struct { union { DES_INT32 pad; des_cblock _;} __; } des_key_schedule[16];
+ * typedef struct des_ks_struct {
+ * union { DES_INT32 pad; des_cblock _;} __;
+ * } des_key_schedule[16];
*
- * but it would cause trouble if DES_INT32 is ever more than 4 bytes.
- * The reason is that all the encryption functions cast it to
+ * but it would cause trouble if DES_INT32 were ever more than 4
+ * bytes. The reason is that all the encryption functions cast it to
* (DES_INT32 *), and treat it as if it were DES_INT32[32]. If
* 2*sizeof(DES_INT32) is ever more than sizeof(des_cblock), the
* caller-allocated des_key_schedule will be overflowed by the key
typedef struct des_ks_struct { DES_INT32 _[2]; } des_key_schedule[16];
#if TARGET_OS_MAC
- #if defined(__MWERKS__)
- #pragma enumsalwaysint reset
- #pragma import reset
- #endif
- #pragma options align=reset
+# if defined(__MWERKS__)
+# pragma enumsalwaysint reset
+# pragma import reset
+# endif
+# pragma options align=reset
#endif
+KRBINT_END_DECLS
+
#endif /* KRB5INT_DES_TYPES_DEFINED */
/* only do the whole thing once */
#ifndef KRB5INT_CRYPTO_DES_INT
#define DES_DEFS
-#if TARGET_OS_MAC
- #if defined(__MWERKS__)
- #pragma import on
- #pragma enumsalwaysint on
- #endif
- #pragma options align=mac68k
-#endif
-
-#if defined(_WIN32) && !defined(_WINDOWS)
-#define _WINDOWS
-#endif
-
#if defined(_WINDOWS)
#ifndef KRB4
#define KRB4 1
#endif
#include <stdio.h> /* need FILE for des_cblock_print_file */
+KRBINT_BEGIN_DECLS
+
+#if TARGET_OS_MAC
+# if defined(__MWERKS__)
+# pragma import on
+# pragma enumsalwaysint on
+# endif
+# pragma options align=mac68k
+#endif
+
+#if defined(_WIN32) && !defined(_WINDOWS)
+#define _WINDOWS
+#endif
+
/* Windows declarations */
#ifndef KRB5_CALLCONV
#define KRB5_CALLCONV
#endif /* TARGET_OS_MAC */
#if TARGET_OS_MAC
- #if defined(__MWERKS__)
- #pragma enumsalwaysint reset
- #pragma import reset
- #endif
- #pragma options align=reset
+# if defined(__MWERKS__)
+# pragma enumsalwaysint reset
+# pragma import reset
+# endif
+# pragma options align=reset
#endif
+KRBINT_END_DECLS
+
#endif /* KRB5INT_CRYPTO_DES_INT */
#endif /* DES_DEFS */
+++ /dev/null
-This file is obsolete and should not be used any more.
-Use "conf.h" instead.
+++ /dev/null
-/*
- * include/kerberosIV/highc.h
- *
- * Copyright 1988, 1994 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * Known breakage in the version of Metaware's High C compiler that
- * we've got available....
- */
-
-#define const
-/*#define volatile*/
-
-/*
- * Some builtin functions we can take advantage of for inlining....
- */
-
-#define abs _abs
-/* the _max and _min builtins accept any number of arguments */
-#undef MAX
-#define MAX(x,y) _max(x,y)
-#undef MIN
-#define MIN(x,y) _min(x,y)
-/*
- * I'm not sure if 65535 is a limit for this builtin, but it's
- * reasonable for a string length. Or is it?
- */
-/*#define strlen(s) _find_char(s,65535,0)*/
-#define bzero(ptr,len) _fill_char(ptr,len,'\0')
-#define bcmp(b1,b2,len) _compare(b1,b2,len)
/*
* include/kerberosIV/kadm.h
*
- * Copyright 1988, 1994 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
+ * Copyright 1988, 1994, 2002 by the Massachusetts Institute of
+ * Technology. All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
- * Definitions for Kerberos administration server & client
+ * Definitions for Kerberos administration server & client. These
+ * should be considered private; among other reasons, it leaks all
+ * over the namespace.
*/
#ifndef KADM_DEFS
/* The global structures for the client and server */
typedef struct {
- struct sockaddr_in admin_addr;
- struct sockaddr_in my_addr;
- int my_addr_len;
- int admin_fd; /* file descriptor for link to admin server */
- char sname[ANAME_SZ]; /* the service name */
- char sinst[INST_SZ]; /* the services instance */
- char krbrlm[REALM_SZ];
+ struct sockaddr_in admin_addr;
+ struct sockaddr_in my_addr;
+ int my_addr_len;
+ int admin_fd; /* file descriptor for link to admin server */
+ char sname[ANAME_SZ]; /* the service name */
+ char sinst[INST_SZ]; /* the services instance */
+ char krbrlm[REALM_SZ];
+ /* KfM additions... */
+ int default_port;
+ CREDENTIALS creds; /* The client's credentials (from krb_get_pw_in_tkt_creds)*/
} Kadm_Client;
typedef struct { /* status of the server, i.e the parameters */
- int inter; /* Space for command line flags */
- char *sysfile; /* filename of server */
+ int inter; /* Space for command line flags */
+ char *sysfile; /* filename of server */
} admin_params; /* Well... it's the admin's parameters */
/* Largest password length to be supported */
u_char fields[FLDSZ]; /* The active fields in this struct */
char name[ANAME_SZ];
char instance[INST_SZ];
- unsigned long key_low;
- unsigned long key_high;
- unsigned long exp_date;
+ KRB_UINT32 key_low;
+ KRB_UINT32 key_high;
+ KRB_UINT32 exp_date;
unsigned short attributes;
unsigned char max_life;
} Kadm_vals; /* The basic values structure in Kadm */
#define KADM_CYGNUS_EXT_BASE 64
#define DEL_ENT (KADM_CYGNUS_EXT_BASE+1)
-extern long kdb_get_master_key(); /* XXX should be in krb_db.h */
-extern long kdb_verify_master_key(); /* XXX ditto */
-
-extern long krb_mk_priv(), krb_rd_priv(); /* XXX should be in krb.h */
-extern void krb_set_tkt_string(); /* XXX ditto */
-
-extern unsigned long quad_cksum(); /* XXX should be in des.h */
-
#ifdef POSIX
typedef void sigtype;
#else
typedef int sigtype;
#endif
+/* Avoid stomping on namespace... */
+
+#define vals_to_stream kadm_vals_to_stream
+#define build_field_header kadm_build_field_header
+#define vts_string kadm_vts_string
+#define vts_short kadm_vts_short
+#define vts_long kadm_vts_long
+#define vts_char kadm_vts_char
+
+#define stream_to_vals kadm_stream_to_vals
+#define check_field_header kadm_check_field_header
+#define stv_string kadm_stv_string
+#define stv_short kadm_stv_short
+#define stv_long kadm_stv_long
+#define stv_char kadm_stv_char
+
+int vals_to_stream(Kadm_vals *, u_char **);
+int build_field_header(u_char *, u_char **);
+int vts_string(char *, u_char **, int);
+int vts_short(KRB_UINT32, u_char **, int);
+int vts_long(KRB_UINT32, u_char **, int);
+int vts_char(KRB_UINT32, u_char **, int);
+
+int stream_to_vals(u_char *, Kadm_vals *, int);
+int check_field_header(u_char *, u_char *, int);
+int stv_string(u_char *, char *, int, int, int);
+int stv_short(u_char *, u_short *, int, int);
+int stv_long(u_char *, KRB_UINT32 *, int, int);
+int stv_char(u_char *, u_char *, int, int);
+
+int kadm_init_link(char *, char *, char *, Kadm_Client *, int);
+int kadm_cli_send(Kadm_Client *, u_char *, size_t, u_char **, size_t *);
+int kadm_cli_conn(Kadm_Client *);
+void kadm_cli_disconn(Kadm_Client *);
+int kadm_cli_out(Kadm_Client *, u_char *, int, u_char **, size_t *);
+int kadm_cli_keyd(Kadm_Client *, des_cblock, des_key_schedule);
+
#endif /* KADM_DEFS */
/*
* include/kerberosIV/krb.h
*
- * Copyright 1987, 1988, 1994, 2001 by the Massachusetts Institute of
- * Technology. All Rights Reserved.
+ * Copyright 1987, 1988, 1994, 2001, 2002 by the Massachusetts
+ * Institute of Technology. All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
#ifndef KRB_DEFS
#define KRB_DEFS
+#if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__))
+# include <TargetConditionals.h>
+# if TARGET_RT_MAC_CFM
+# error "Use KfM 4.0 SDK headers for CFM compilation."
+# endif
+#endif
+
+/* Define u_char, u_short, u_int, and u_long. */
+/* XXX these typdef names are not standardized! */
+#include <sys/types.h>
+
/* Need some defs from des.h */
#include <kerberosIV/des.h>
-#define KRB4_32 DES_INT32
-#define KRB_INT32 DES_INT32
-#define KRB_UINT32 DES_UINT32
+#include <kerberosIV/krb_err.h> /* XXX FIXME! */
+
+#include <profile.h>
#ifdef _WINDOWS
#include <time.h>
#endif /* _WINDOWS */
+#ifdef __cplusplus
+#ifndef KRBINT_BEGIN_DECLS
+#define KRBINT_BEGIN_DECLS extern "C" {
+#define KRBINT_END_DECLS }
+#endif
+#else
+#define KRBINT_BEGIN_DECLS
+#define KRBINT_END_DECLS
+#endif
+KRBINT_BEGIN_DECLS
+
+#if TARGET_OS_MAC
+# if defined(__MWERKS__)
+# pragma import on
+# pragma enumsalwaysint on
+# endif
+# pragma options align=mac68k
+#endif
+
+#define KRB4_32 DES_INT32
+#define KRB_INT32 DES_INT32
+#define KRB_UINT32 DES_UINT32
+
/* Text describing error codes */
#define MAX_KRB_ERRORS 256
extern const char *const krb_err_txt[MAX_KRB_ERRORS];
#define REALM_SZ 40
#define SNAME_SZ 40
#define INST_SZ 40
+/*
+ * NB: This overcounts due to NULs.
+ */
/* include space for '.' and '@' */
#define MAX_K_NAME_SZ (ANAME_SZ + INST_SZ + REALM_SZ + 2)
#define KKEY_SZ 100
#endif /* PC */
/* Parameters for rd_ap_req */
-/* Maximum alloable clock skew in seconds */
+/* Maximum allowable clock skew in seconds */
#define CLOCK_SKEW 5*60
/* Filename for readservkey */
#define KEYFILE ((char*)krb__get_srvtabname("/etc/srvtab"))
#define TKT_ROOT "/tmp/tkt"
#endif /* PC */
-#include "kerberosIV/krb_err.h" /* XXX FIXME! */
+/*
+ * Error codes are now defined as offsets from com_err (krb_err.et)
+ * values.
+ */
#define KRB_ET(x) ((KRBET_ ## x) - ERROR_TABLE_BASE_krb)
/* Error codes returned from the KDC */
#define KNAME_FMT KRB_ET(KNAME_FMT) /* 81 - Bad krb name fmt */
/* Error code returned by krb_mk_safe */
-#define SAFE_PRIV_ERROR -1 /* syscall error */
+#define SAFE_PRIV_ERROR (-1) /* syscall error */
/* Kerberos ticket flag field bit definitions */
#define K_FLAG_ORDER 0 /* bit 0 --> lsb */
#define K_FLAG_6 /* reserved */
#define K_FLAG_7 /* reserved, bit 7 --> msb */
+/* Are these needed anymore? */
#ifdef OLDNAMES
#define krb_mk_req mk_ap_req
#define krb_rd_req rd_ap_req
#endif /*_WINDOWS*/
-/* Define u_char, u_short, u_int, and u_long. */
-#include <sys/types.h>
-
/* ask to disable IP address checking in the library */
extern int krb_ignore_ip_address;
struct sockaddr_in;
-#ifdef __cplusplus
-extern "C" {
-#endif
-
/* dest_tkt.c */
int KRB5_CALLCONV dest_tkt
(void);
const char * KRB5_CALLCONV krb_get_err_text
(int errnum);
/* g_ad_tkt.c */
-int get_ad_tkt
+/* Previously not KRB5_CALLCONV */
+int KRB5_CALLCONV get_ad_tkt
(char *service, char *sinst, char *realm, int lifetime);
/* g_admhst.c */
int KRB5_CALLCONV krb_get_admhst
(char *service, char *instance, char *realm,
CREDENTIALS *c);
/* g_in_tkt.c */
-int krb_get_in_tkt
+/* Previously not KRB5_CALLCONV */
+int KRB5_CALLCONV krb_get_in_tkt
(char *k_user, char *instance, char *realm,
char *service, char *sinst, int life,
key_proc_type, decrypt_tkt_type, char *arg);
-int krb_get_in_tkt_preauth
+/* Previously not KRB5_CALLCONV */
+int KRB5_CALLCONV krb_get_in_tkt_preauth
(char *k_user, char *instance, char *realm,
char *service, char *sinst, int life,
key_proc_type, decrypt_tkt_type, char *arg,
char *preauth_p, int preauth_len);
+/* From KfM */
+int KRB5_CALLCONV krb_get_in_tkt_creds(char *, char *, char *, char *, char *,
+ int, key_proc_type, decrypt_tkt_type, char *, CREDENTIALS *);
+
/* g_krbhst.c */
int KRB5_CALLCONV krb_get_krbhst
(char *host, char *realm, int idx);
(char *k_user, char *instance, char *realm,
char *service, char *sinstance,
int life, char *password);
+int KRB5_CALLCONV
+krb_get_pw_in_tkt_creds(char *, char *, char *,
+ char *, char *, int, char *, CREDENTIALS *);
+
/* g_svc_in_tkt.c */
int KRB5_CALLCONV krb_get_svc_in_tkt
(char *k_user, char *instance, char *realm,
char *service, char *sinstance,
int life, char *srvtab);
+#if TARGET_OS_MAC && defined(__FILES__)
+int KRB5_CALLCONV
+FSp_krb_get_svc_in_tkt(char *, char *, char *, char *, char *,
+ int, const FSSpec *);
+#endif
+
/* g_tf_fname.c */
int KRB5_CALLCONV krb_get_tf_fullname
(char *ticket_file, char *name, char *inst, char *realm);
int KRB5_CALLCONV kname_parse
(char *name, char *inst, char *realm,
char *fullname);
+/* From KfM XXX to be merged*/
+int KRB5_CALLCONV kname_unparse
+ (char *, const char *, const char *, const char *);
+
int KRB5_CALLCONV k_isname
(char *);
int KRB5_CALLCONV k_isinst
(KTEXT authent,
char *service, char *instance, char *realm,
KRB4_32 checksum);
+/* Merged from KfM */
+int KRB5_CALLCONV krb_mk_req_creds(KTEXT, CREDENTIALS *, KRB_INT32);
+
+/* Added CALLCONV (KfM exports w/o INTERFACE, but KfW doesn't export?) */
+int KRB5_CALLCONV krb_set_lifetime(int newval);
+
/* mk_safe.c */
long KRB5_CALLCONV krb_mk_safe
(u_char *in, u_char *out, unsigned KRB4_32 length,
struct sockaddr_in *sender,
struct sockaddr_in *receiver);
/* netread.c */
+/* XXX private */
int krb_net_read
(int fd, char *buf, int len);
/* netwrite.c */
+/* XXX private */
int krb_net_write
(int fd, char *buf, int len);
/* pkt_clen.c */
+/* XXX private */
int pkt_clen
(KTEXT);
/* put_svc_key.c */
(char *sfile,
char *name, char *inst, char *realm,
int newvno, char *key);
+#if TARGET_OS_MAC && defined(__FILES__)
+int KRB5_CALLCONV FSp_put_svc_key(const FSSpec *, char *, char *, char *,
+ int, char *);
+#endif
+
/* rd_err.c */
int KRB5_CALLCONV krb_rd_err
(u_char *in, u_long in_length,
(KTEXT, char *service, char *inst,
unsigned KRB4_32 from_addr, AUTH_DAT *,
char *srvtab);
+/* Merged from KfM */
+int KRB5_CALLCONV
+krb_rd_req_int(KTEXT, char *, char *, KRB_UINT32, AUTH_DAT *, C_Block);
+
/* rd_safe.c */
long KRB5_CALLCONV krb_rd_safe
(u_char *in, unsigned KRB4_32 in_length,
int KRB5_CALLCONV get_service_key
(char *service, char *instance, char *realm,
int *kvno, char *file, char *key);
+#if TARGET_OS_MAC && defined(__FILES__)
+int KRB5_CALLCONV FSp_read_service_key(char *, char *, char *,
+ int, const FSSpec*, char *);
+#endif
+
/* realmofhost.c */
char * KRB5_CALLCONV krb_realmofhost
(char *host);
C_Block session, int lifetime, int kvno,
KTEXT ticket, long issue_date);
/* send_to_kdc.c */
+/* XXX PRIVATE? KfM doesn't export. */
int send_to_kdc
(KTEXT pkt, KTEXT rpkt, char *realm);
/* tkt_string.c */
-char * tkt_string
+/* Used to return pointer to non-const char */
+const char * KRB5_CALLCONV tkt_string
(void);
-void krb_set_tkt_string
+void KRB5_CALLCONV krb_set_tkt_string
(char *);
/* tf_util.c */
*/
extern int krb_set_key
(char *key, int cvt);
-extern int decomp_ticket
+
+/* This is exported by KfM. It was previously not KRB5_CALLCONV. */
+extern int KRB5_CALLCONV decomp_ticket
(KTEXT tkt, unsigned char *flags, char *pname,
char *pinstance, char *prealm, unsigned KRB4_32 *paddress,
C_Block session, int *life, unsigned KRB4_32 *time_sec,
#endif
#if TARGET_OS_MAC
-/* The following functions are not part of the standard Kerberos v4 API.
- * They were created for Mac implementation, and used by admin tools
- * such as CNS-Config. */
+/*
+ * KfM krb.hin had the following, probably inherited from CNS:
+ *
+ * The following functions are not part of the standard Kerberos v4
+ * API. They were created for Mac implementation, and used by admin
+ * tools such as CNS-Config.
+ */
extern int KRB5_CALLCONV
krb_get_num_cred(void);
-extern int INTERFACE
+extern int KRB5_CALLCONV
krb_get_nth_cred(char *, char *, char *, int);
-extern int INTERFACE
+extern int KRB5_CALLCONV
krb_delete_cred(char *, char *,char *);
-extern int INTERFACE
+extern int KRB5_CALLCONV
dest_all_tkts(void);
#endif /* TARGET_OS_MAC */
+/*
+ * krb_change_password -- merged from KfM
+ */
+/* change_password.c */
+int KRB5_CALLCONV krb_change_password(char *, char *, char *, char *, char *);
+
+/*
+ * RealmConfig-glue.c from KfM XXX to be merged
+ */
+extern int KRB5_CALLCONV krb_get_profile(profile_t *profile);
+
#ifdef _WINDOWS
HINSTANCE get_lib_instance(void);
unsigned int krb_get_notification_message(void);
long win_time_get_epoch(void);
#endif
-#ifdef __cplusplus
-}
+#if TARGET_OS_MAC
+# if defined(__MWERKS__)
+# pragma enumsalwaysint reset
+# pragma import reset
+# endif
+# pragma options align=reset
#endif
+KRBINT_END_DECLS
+
#endif /* KRB_DEFS */
+++ /dev/null
-/*
- * include/kerberosIV/krb_conf.h
- *
- * Copyright 1988, 1994 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * This file contains configuration information for the Kerberos library
- * which is machine specific; currently, this file contains
- * configuration information for the vax, the "ibm032" (RT), and the
- * "PC8086" (IBM PC).
- *
- * Note: cross-compiled targets must appear BEFORE their corresponding
- * cross-compiler host. Otherwise, both will be defined when running
- * the native compiler on the programs that construct cross-compiled
- * sources.
- */
-
-#ifndef KRB_CONF_DEFS
-#define KRB_CONF_DEFS
-
-/* Byte ordering */
-extern int krbONE;
-#define HOST_BYTE_ORDER (* (char *) &krbONE)
-#define MSB_FIRST 0 /* 68000, IBM RT/PC */
-#define LSB_FIRST 1 /* Vax, PC8086 */
-
-#endif /* KRB_CONF_DEFS */
+++ /dev/null
-/*
- * include/kerberosIV/passwd_server.h
- *
- * Copyright 1987, 1988, 1994 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * Include file for password server
- */
-
-#ifndef PASSWD_SERVER_DEFS
-#define PASSWD_SERVER_DEFS
-
-#define PW_SRV_VERSION 2 /* version number */
-#define RETRY_LIMIT 1
-#define TIME_OUT 30
-#define USER_TIMEOUT 90
-#define MAX_KPW_LEN 40 /* hey, seems like a good number */
-
-#define INSTALL_NEW_PW (1<<0) /*
- * ver, cmd, name, password, old_pass,
- * crypt_pass, uid
- */
-
-#define INSTALL_REPLY (1<<1) /* ver, cmd, name, password */
-
-#endif /* PASSWD_SERVER_DEFS */
+++ /dev/null
-/*
- * include/kerberosIV/principal.h
- *
- * Copyright 1988, 1994 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * Definitions for principal names.
- */
-
-#ifndef PRINCIPAL_DEFS
-#define PRINCIPAL_DEFS
-
-#define NAME_LEN 39
-#define INSTANCE_LEN 39
-
-#endif /* PRINCIPAL_DEFS */
* encoding and decoding.
*/
-#include <kerberosIV/krb_conf.h>
-
#ifndef PROT_DEFS
#define PROT_DEFS
* that is a moving pointer of type (unsigned char *) into the buffer,
* and assume that the caller has already bounds-checked.
*/
-#define KRB4_PUT32BE(p, val) \
-do { \
- *(p)++ = ((unsigned KRB4_32)(val) >> 24) & 0xff; \
- *(p)++ = ((unsigned KRB4_32)(val) >> 16) & 0xff; \
- *(p)++ = ((unsigned KRB4_32)(val) >> 8) & 0xff; \
- *(p)++ = (unsigned KRB4_32)(val) & 0xff; \
+#define KRB4_PUT32BE(p, val) \
+do { \
+ (p)[0] = ((KRB_UINT32)(val) >> 24) & 0xff; \
+ (p)[1] = ((KRB_UINT32)(val) >> 16) & 0xff; \
+ (p)[2] = ((KRB_UINT32)(val) >> 8) & 0xff; \
+ (p)[3] = (KRB_UINT32)(val) & 0xff; \
+ (p) += 4; \
} while (0)
-#define KRB4_PUT32LE(p, val) \
-do { \
- *(p)++ = (unsigned KRB4_32)(val) & 0xff; \
- *(p)++ = ((unsigned KRB4_32)(val) >> 8) & 0xff; \
- *(p)++ = ((unsigned KRB4_32)(val) >> 16) & 0xff; \
- *(p)++ = ((unsigned KRB4_32)(val) >> 24) & 0xff; \
+#define KRB4_PUT32LE(p, val) \
+do { \
+ (p)[0] = (KRB_UINT32)(val) & 0xff; \
+ (p)[1] = ((KRB_UINT32)(val) >> 8) & 0xff; \
+ (p)[2] = ((KRB_UINT32)(val) >> 16) & 0xff; \
+ (p)[3] = ((KRB_UINT32)(val) >> 24) & 0xff; \
+ (p) += 4; \
} while (0)
#define KRB4_PUT32(p, val, le) \
KRB4_PUT32BE((p), (val)); \
} while (0)
-#define KRB4_PUT16BE(p, val) \
-do { \
- *(p)++ = ((unsigned KRB4_32)(val) >> 8) & 0xff; \
- *(p)++ = (unsigned KRB4_32)(val) & 0xff; \
+#define KRB4_PUT16BE(p, val) \
+do { \
+ (p)[0] = ((KRB_UINT32)(val) >> 8) & 0xff; \
+ (p)[1] = (KRB_UINT32)(val) & 0xff; \
+ (p) += 2; \
} while (0)
-#define KRB4_PUT16LE(p, val) \
-do { \
- *(p)++ = (unsigned KRB4_32)(val) & 0xff; \
- *(p)++ = ((unsigned KRB4_32)(val) >> 8) & 0xff; \
+#define KRB4_PUT16LE(p, val) \
+do { \
+ (p)[0] = (KRB_UINT32)(val) & 0xff; \
+ (p)[1] = ((KRB_UINT32)(val) >> 8) & 0xff; \
+ (p) += 2; \
} while (0)
#define KRB4_PUT16(p, val, le) \
*/
#define KRB4_GET32BE(val, p) \
do { \
- (val) = (unsigned KRB4_32)*(p)++ << 24; \
- (val) |= (unsigned KRB4_32)*(p)++ << 16; \
- (val) |= (unsigned KRB4_32)*(p)++ << 8; \
- (val) |= (unsigned KRB4_32)*(p)++; \
+ (val) = (KRB_UINT32)(p)[0] << 24; \
+ (val) |= (KRB_UINT32)(p)[1] << 16; \
+ (val) |= (KRB_UINT32)(p)[2] << 8; \
+ (val) |= (KRB_UINT32)(p)[3]; \
+ (p) += 4; \
} while (0)
#define KRB4_GET32LE(val, p) \
do { \
- (val) = (unsigned KRB4_32)*(p)++; \
- (val) |= (unsigned KRB4_32)*(p)++ << 8; \
- (val) |= (unsigned KRB4_32)*(p)++ << 16; \
- (val) |= (unsigned KRB4_32)*(p)++ << 24; \
+ (val) = (KRB_UINT32)(p)[0]; \
+ (val) |= (KRB_UINT32)(p)[1] << 8; \
+ (val) |= (KRB_UINT32)(p)[2] << 16; \
+ (val) |= (KRB_UINT32)(p)[3] << 24; \
+ (p) += 4; \
} while(0)
#define KRB4_GET32(val, p, le) \
#define KRB4_GET16BE(val, p) \
do { \
- (val) = (unsigned KRB4_32)*(p)++ << 8; \
- (val) |= (unsigned KRB4_32)*(p)++; \
+ (val) = (KRB_UINT32)(p)[0] << 8; \
+ (val) |= (KRB_UINT32)(p)[1]; \
+ (p) += 2; \
} while (0)
#define KRB4_GET16LE(val, p) \
do { \
- (val) = (unsigned KRB4_32)*(p)++; \
- (val) |= (unsigned KRB4_32)*(p)++ << 8; \
+ (val) = (KRB_UINT32)(p)[0]; \
+ (val) |= (KRB_UINT32)(p)[1] << 8; \
+ (p) += 2; \
} while (0)
#define KRB4_GET16(val, p, le) \
#define SOCKET_NFDS(f) (0) /* select()'s first arg is ignored */
#define SOCKET_READ(fd, b, l) (recv(fd, b, l, 0))
#define SOCKET_WRITE(fd, b, l) (send(fd, b, l, 0))
+#define SOCKET_CONNECT connect /* XXX */
+#define SOCKET_GETSOCKNAME getsockname /* XXX */
+#define SOCKET_CLOSE close /* XXX */
#define SOCKET_EINTR WSAEINTR
/* Return -1 for error or number of bytes written.
#define SOCKET_NFDS(f) ((f)+1) /* select() arg for a single fd */
#define SOCKET_READ read
#define SOCKET_WRITE write
+#define SOCKET_CONNECT connect
+#define SOCKET_GETSOCKNAME getsockname
+#define SOCKET_CLOSE close
#define SOCKET_EINTR EINTR
#define SOCKET_WRITEV_TEMP int
/* Use TMP to avoid compiler warnings and keep things consistent with
+2002-11-26 Tom Yu <tlyu@mit.edu>
+
+ * Makefile.in (OBJS): Remove kadm_stream.o and kadm_err.o. Also,
+ remove references to kadm_err.et.
+
+ * kadm_err.et: Remove. It lives in lib/krb4 now.
+
+ * kadm_server.h: Remove some prototypes that were moved to
+ kadm.h.
+
+ * kadm_stream.c: Remove. It lives in lib/krb4 now.
+
2002-11-01 Tom Yu <tlyu@mit.edu>
* kadm_ser_wrap.c (kadm_ser_in): Apply fix for MITKRB5-SA-2002-002
PROG = kadmind4
OBJS = kadm_server.o admin_server.o kadm_ser_wrap.o \
- kadm_funcs.o kadm_stream.o kadm_supp.o acl_files.o kadm_err.o
+ kadm_funcs.o kadm_supp.o acl_files.o
all:: $(PROG)
-kadm_err.c kadm_err.h: kadm_err.et
-
-$(OBJS): kadm_err.h
-
$(PROG): $(OBJS) $(KADMCLNT_DEPLIBS) $(KDB5_DEPLIBS) $(KRB4COMPAT_DEPLIBS)
$(CC_LINK) -o $(PROG) $(OBJS) $(KADMCLNT_LIBS) $(KDB5_LIBS) \
$(KRB4COMPAT_LIBS) $(HESIOD_LIBS)
void kadm_prin_to_vals(u_char *, Kadm_vals *, Principal *);
void kadm_vals_to_prin(u_char *, Principal *, Kadm_vals *);
-/* kadm_stream.c */
-int stv_char(u_char *, u_char *, int, int);
-int stv_short(u_char *, u_short *, int, int);
-int stv_long(u_char *, krb5_ui_4 *, int, int);
-int stv_string(u_char *, char *, int, int, int);
-int stream_to_vals(u_char *, Kadm_vals *, int);
-int vals_to_stream(Kadm_vals *, u_char **);
-int vts_string(char *, u_char **, int);
-int vts_short(u_short, u_char **, int);
-int vts_long(krb5_ui_4, u_char **, int);
-int vts_char(u_char, u_char **, int);
-
/* acl_files.c */
int acl_add(char *, char *);
int acl_delete(char *, char *);
+++ /dev/null
-/*
- * kadmin/v4server/kadm_stream.c
- *
- * Copyright 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- * Stream conversion functions for Kerberos administration server
- */
-
-
-#include <mit-copyright.h>
-#include <string.h>
-#include "k5-int.h"
-
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>
-#else
-extern char *malloc(), *calloc(), *realloc();
-#endif
-
-static int check_field_header(u_char *, u_char *, int);
-static int build_field_header(u_char *, u_char **);
-
-
-/*
- kadm_stream.c
- this holds the stream support routines for the kerberos administration server
-
- vals_to_stream: converts a vals struct to a stream for transmission
- internals build_field_header, vts_[string, char, long, short]
- stream_to_vals: converts a stream to a vals struct
- internals check_field_header, stv_[string, char, long, short]
- error: prints out a kadm error message, returns
- fatal: prints out a kadm fatal error message, exits
-*/
-
-#include "kadm.h"
-#include "kadm_server.h"
-
-#define min(a,b) (((a) < (b)) ? (a) : (b))
-
-/*
-vals_to_stream
- recieves : kadm_vals *, u_char *
- returns : a realloced and filled in u_char *
-
-this function creates a byte-stream representation of the kadm_vals structure
-*/
-int
-vals_to_stream(dt_in, dt_out)
-Kadm_vals *dt_in;
-u_char **dt_out;
-{
- int vsloop, stsize; /* loop counter, stream size */
-
- stsize = build_field_header(dt_in->fields, dt_out);
- for (vsloop=31; vsloop>=0; vsloop--)
- if (IS_FIELD(vsloop,dt_in->fields)) {
- switch (vsloop) {
- case KADM_NAME:
- stsize+=vts_string(dt_in->name, dt_out, stsize);
- break;
- case KADM_INST:
- stsize+=vts_string(dt_in->instance, dt_out, stsize);
- break;
- case KADM_EXPDATE:
- stsize+=vts_long(dt_in->exp_date, dt_out, stsize);
- break;
- case KADM_ATTR:
- stsize+=vts_short(dt_in->attributes, dt_out, stsize);
- break;
- case KADM_MAXLIFE:
- stsize+=vts_char(dt_in->max_life, dt_out, stsize);
- break;
- case KADM_DESKEY:
- stsize+=vts_long(dt_in->key_high, dt_out, stsize);
- stsize+=vts_long(dt_in->key_low, dt_out, stsize);
- break;
- default:
- break;
- }
-}
- return(stsize);
-}
-
-static int
-build_field_header(cont, st)
-u_char *cont; /* container for fields data */
-u_char **st; /* stream */
-{
- *st = (u_char *) malloc (4);
- memcpy((char *) *st, (char *) cont, 4);
- return 4; /* return pointer to current stream location */
-}
-
-int
-vts_string(dat, st, loc)
-char *dat; /* a string to put on the stream */
-u_char **st; /* base pointer to the stream */
-int loc; /* offset into the stream for current data */
-{
- *st = (u_char *) realloc ((char *)*st, (unsigned) (loc + strlen(dat) + 1));
- memcpy((char *)(*st + loc), dat, strlen(dat)+1);
- return strlen(dat)+1;
-}
-
-int
-vts_short(dat, st, loc)
-u_short dat; /* the attributes field */
-u_char **st; /* a base pointer to the stream */
-int loc; /* offset into the stream for current data */
-{
- u_short temp; /* to hold the net order short */
-
- temp = htons(dat); /* convert to network order */
- *st = (u_char *) realloc ((char *)*st, (unsigned)(loc + sizeof(u_short)));
- memcpy((char *)(*st + loc), (char *) &temp, sizeof(u_short));
- return sizeof(u_short);
-}
-
-int
-vts_long(dat, st, loc)
-krb5_ui_4 dat; /* the attributes field */
-u_char **st; /* a base pointer to the stream */
-int loc; /* offset into the stream for current data */
-{
- krb5_ui_4 temp; /* to hold the net order short */
-
- temp = htonl(dat); /* convert to network order */
- *st = (u_char *) realloc ((char *)*st, (unsigned)(loc + sizeof(krb5_ui_4)));
- memcpy((char *)(*st + loc), (char *) &temp, sizeof(krb5_ui_4));
- return sizeof(krb5_ui_4);
-}
-
-
-int
-vts_char(dat, st, loc)
-u_char dat; /* the attributes field */
-u_char **st; /* a base pointer to the stream */
-int loc; /* offset into the stream for current data */
-{
- *st = (u_char *) realloc ((char *)*st, (unsigned)(loc + sizeof(u_char)));
- (*st)[loc] = (u_char) dat;
- return 1;
-}
-
-/*
-stream_to_vals
- recieves : u_char *, kadm_vals *
- returns : a kadm_vals filled in according to u_char *
-
-this decodes a byte stream represntation of a vals struct into kadm_vals
-*/
-int
-stream_to_vals(dt_in, dt_out, maxlen)
-u_char *dt_in;
-Kadm_vals *dt_out;
-int maxlen; /* max length to use */
-{
- register int vsloop, stsize; /* loop counter, stream size */
- register int status;
- krb5_ui_4 l_trans;
-
- memset((char *) dt_out, 0, sizeof(*dt_out));
-
- stsize = check_field_header(dt_in, dt_out->fields, maxlen);
- if (stsize < 0)
- return(-1);
- for (vsloop=31; vsloop>=0; vsloop--)
- if (IS_FIELD(vsloop,dt_out->fields))
- switch (vsloop) {
- case KADM_NAME:
- if ((status = stv_string(dt_in, dt_out->name, stsize,
- sizeof(dt_out->name), maxlen)) < 0)
- return(-1);
- stsize += status;
- break;
- case KADM_INST:
- if ((status = stv_string(dt_in, dt_out->instance, stsize,
- sizeof(dt_out->instance), maxlen)) < 0)
- return(-1);
- stsize += status;
- break;
- case KADM_EXPDATE:
- if ((status = stv_long(dt_in, &l_trans, stsize,
- maxlen)) < 0)
- return(-1);
- dt_out->exp_date = l_trans;
- stsize += status;
- break;
- case KADM_ATTR:
- if ((status = stv_short(dt_in, &dt_out->attributes, stsize,
- maxlen)) < 0)
- return(-1);
- stsize += status;
- break;
- case KADM_MAXLIFE:
- if ((status = stv_char(dt_in, &dt_out->max_life, stsize,
- maxlen)) < 0)
- return(-1);
- stsize += status;
- break;
- case KADM_DESKEY:
- if ((status = stv_long(dt_in, &l_trans, stsize,
- maxlen)) < 0)
- return(-1);
- dt_out->key_high = l_trans;
- stsize += status;
- if ((status = stv_long(dt_in, &l_trans, stsize,
- maxlen)) < 0)
- return(-1);
- dt_out->key_low = l_trans;
- stsize += status;
- break;
- default:
- break;
- }
- return stsize;
-}
-
-static int
-check_field_header(st, cont, maxlen)
-u_char *st; /* stream */
-u_char *cont; /* container for fields data */
-int maxlen;
-{
- if (4 > maxlen)
- return(-1);
- memcpy((char *) cont, (char *) st, 4);
- return 4; /* return pointer to current stream location */
-}
-
-int
-stv_string(st, dat, loc, stlen, maxlen)
-register u_char *st; /* base pointer to the stream */
-char *dat; /* a string to read from the stream */
-register int loc; /* offset into the stream for current data */
-int stlen; /* max length of string to copy in */
-int maxlen; /* max length of input stream */
-{
- int maxcount; /* max count of chars to copy */
-
- maxcount = min(maxlen - loc, stlen);
-
- (void) strncpy(dat, (char *)st + loc, maxcount);
-
- if (dat[maxcount-1]) /* not null-term --> not enuf room */
- return(-1);
- return strlen(dat)+1;
-}
-
-int
-stv_short(st, dat, loc, maxlen)
-u_char *st; /* a base pointer to the stream */
-u_short *dat; /* the attributes field */
-int loc; /* offset into the stream for current data */
-int maxlen;
-{
- u_short temp; /* to hold the net order short */
-
- if (loc + sizeof(u_short) > maxlen)
- return(-1);
- memcpy((char *) &temp, (char *) st+ loc, sizeof(u_short));
- *dat = ntohs(temp); /* convert to network order */
- return sizeof(u_short);
-}
-
-int
-stv_long(st, dat, loc, maxlen)
-u_char *st; /* a base pointer to the stream */
-krb5_ui_4 *dat; /* the attributes field */
-int loc; /* offset into the stream for current data */
-int maxlen; /* maximum length of st */
-{
- krb5_ui_4 temp; /* to hold the net order short */
-
- if (loc + sizeof(krb5_ui_4) > maxlen)
- return(-1);
- memcpy((char *) &temp, (char *) st + loc, sizeof(krb5_ui_4));
- *dat = ntohl(temp); /* convert to network order */
- return sizeof(krb5_ui_4);
-}
-
-int
-stv_char(st, dat, loc, maxlen)
-u_char *st; /* a base pointer to the stream */
-u_char *dat; /* the attributes field */
-int loc; /* offset into the stream for current data */
-int maxlen;
-{
- if (loc + 1 > maxlen)
- return(-1);
- *dat = *(st + loc);
- return 1;
-}
-
+2002-11-26 Tom Yu <tlyu@mit.edu>
+
+ * Makefile.in: Update dependencies.
+
+ * kerberos_v4.c: Inline some stuff formerly in krb_conf.h until we
+ get a chance to fix it properly.
+
2002-11-03 Tom Yu <tlyu@mit.edu>
* do_as_req.c (process_as_req): Fix previous patch; it caused an
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
$(BUILDTOP)/include/profile.h kdc_util.h $(SRCTOP)/include/krb5/adm_proto.h \
$(SRCTOP)/include/syslog.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/klog.h \
- $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/kerberosIV/krb_conf.h \
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(SRCTOP)/include/kerberosIV/klog.h $(SRCTOP)/include/kerberosIV/prot.h \
$(SRCTOP)/include/kerberosIV/krb_db.h $(SRCTOP)/include/kerberosIV/kdc.h \
extern.h
/* take this out when we don't need it anymore */
int krbONE = 1;
+/* XXX inline former contents of krb_conf.h for now */
+/* Byte ordering */
+extern int krbONE;
+#define HOST_BYTE_ORDER (* (char *) &krbONE)
+#define MSB_FIRST 0 /* 68000, IBM RT/PC */
+#define LSB_FIRST 1 /* Vax, PC8086 */
int f;
+2002-11-26 Tom Yu <tlyu@mit.edu>
+
+ * Makefile.in (OBJS, SRCS): Add change_password.c, kadm_err.c,
+ kadm_net.c, kadm_stream.c. Remove one.c.
+ Also, add com_err support for kadm_err.et. Update dependencies.
+
+ * change_password.c: New file.
+
+ * configure.in: Remove checks for BITS16, BITS32, MSBFIRST, and
+ LSBFIRST.
+
+ * g_in_tkt.c (krb_mk_in_tkt_preauth): Update to optionally return
+ local address -- not yet fully implemented.
+ (krb_parse_in_tkt_creds): Renamed from krb_parse_in_tkt(). Now
+ fills in a CREDENTIALS instead of storing into a ticket file.
+ (krb_get_in_tkt_preauth_creds): Renamed from
+ krb_get_in_tkt_preauth(). Now fills in a CREDENTIALS instead of
+ storing into a ticket file.
+ (krb_get_in_tkt_creds): Port from KfM.
+ (krb_get_in_tkt_preauth): Reimplement in terms of
+ krb_get_in_tkt_creds_preauth().
+
+ * g_pw_in_tkt.c (krb_get_pw_in_tkt_creds): Port from KfM.
+
+ * kadm_err.et:
+ * kadm_net.c:
+ * kadm_stream.c: New files to implement password changing, ported
+ from KfM.
+
+ * mk_req.c (krb_mk_req_creds_prealm): New internal function --
+ similar to krb_mk_req_creds() but takes the client's realm, since
+ it's needed for forming a correct request but is not present in a
+ CREDENTIALS.
+ (krb_mk_req): Reimplement in terms of krb_mk_req_creds_prealm().
+ Move the logic for acquiring credentials and determining client's
+ realm here.
+ (krb_mk_req_creds): Port from KfM.
+ (krb_set_lifetime): Make KRB5_CALLCONV now.
+
+ * one.c: Remove.
+
+ * password_to_key.c: New file, ported from KfM. Will eventually
+ implement some string-to-key stuff.
+
+ * prot_client.c: Eliminate references to {LSB,MSB}_FIRST.
+
+ * prot_kdc.c: Eliminate references to {LSB,MSB}_FIRST.
+
+ * rd_req.c (krb_rd_req_with_key): New internal function -- can
+ take a key schedule or a krb5_keyblock and use one of those to
+ decrypt the ticket.
+ (krb_rd_req_int): Ported from KfM. Calls into
+ krb_rd_req_with_key().
+ (krb_rd_req): Reimplement in terms of krb_rd_req_with_key(). Copy
+ some of the realm and kvno reading logic here.
+
+ * tkt_string.c: Returns pointer to const now.
+
2002-08-29 Ken Raeburn <raeburn@mit.edu>
* Makefile.in: Revert $(S)=>/ change, for Windows support.
EHDRDIR=$(BUILDTOP)$(S)include$(S)kerberosIV
OBJS = \
+ $(OUTPRE)change_password.$(OBJEXT) \
$(OUTPRE)cr_auth_repl.$(OBJEXT) \
$(OUTPRE)cr_ciph.$(OBJEXT) \
$(OUTPRE)cr_tkt.$(OBJEXT) \
$(OUTPRE)g_tkt_svc.$(OBJEXT) \
$(OUTPRE)gethostname.$(OBJEXT) \
$(OUTPRE)getst.$(OBJEXT) \
+ $(OUTPRE)kadm_err.$(OBJEXT) \
+ $(OUTPRE)kadm_net.$(OBJEXT) \
+ $(OUTPRE)kadm_stream.$(OBJEXT) \
$(OUTPRE)kname_parse.$(OBJEXT) \
$(OUTPRE)lifetime.$(OBJEXT) \
$(OUTPRE)mk_auth.$(OBJEXT) \
$(OUTPRE)mk_req.$(OBJEXT) \
$(OUTPRE)mk_safe.$(OBJEXT) \
$(OUTPRE)month_sname.$(OBJEXT) \
- $(OUTPRE)one.$(OBJEXT) \
$(OUTPRE)prot_client.$(OBJEXT) \
$(OUTPRE)prot_common.$(OBJEXT) \
$(OUTPRE)prot_kdc.$(OBJEXT) \
$(LIB_KRB_HOSTOBJS) $(SERVER_KRB_OBJS) $(NETIO_OBJS) $(REALMDBOBJS)
SRCS = \
+ $(srcdir)/change_password.c \
$(srcdir)/cr_auth_repl.c \
$(srcdir)/cr_ciph.c \
$(srcdir)/cr_tkt.c \
$(srcdir)/g_tkt_svc.c \
$(srcdir)/getst.c \
$(srcdir)/gethostname.c \
+ $(srcdir)/kadm_net.c \
+ $(srcdir)/kadm_stream.c \
$(srcdir)/kname_parse.c \
$(srcdir)/err_txt.c \
$(srcdir)/lifetime.c \
$(srcdir)/mk_req.c \
$(srcdir)/mk_safe.c \
$(srcdir)/month_sname.c \
- $(srcdir)/one.c \
$(srcdir)/pkt_cipher.c \
$(srcdir)/pkt_clen.c \
$(srcdir)/prot_client.c \
# We want *library* compiler options...
DBG=$(DBG_LIB)
-all-unix:: krb_err.h includes all-liblinks
+all-unix:: krb_err.h kadm_err.h includes all-liblinks
##DOS##LIBOBJS = $(OBJS)
krb_err.h:: krb_err.et
krb_err.c: krb_err.et
-depend:: krb_err.h
+kadm_err.h: kadm_err.et
+kadm_err.c: kadm_err.et
+
+depend:: krb_err.h kadm_err.h
depend:: $(CODE)
includes:: krb_err.h
$(CP) krb_err.h $(EHDRDIR)/krb_err.h) ; \
fi
+includes:: kadm_err.h
+ if cmp kadm_err.h $(EHDRDIR)/kadm_err.h >/dev/null 2>&1; then :; \
+ else \
+ (set -x; $(RM) $(EHDRDIR)/kadm_err.h; \
+ $(CP) kadm_err.h $(EHDRDIR)/kadm_err.h) ; \
+ fi
+
clean-unix::
$(RM) $(EHDRDIR)/krb_err.h
+ $(RM) $(EHDRDIR)/kadm_err.h
clean-unix::
-$(RM) krb_err.c
-$(RM) krb_err.h
+ -$(RM) kadm_err.c
+ -$(RM) kadm_err.h
-$(RM) ../../include/kerberosIV/krb_err.h
+ -$(RM) ../../include/kerberosIV/kadm_err.h
clean-unix:: clean-liblinks clean-libs clean-libobjs
# Makefile dependencies follow. This must be the last section in
# the Makefile.in file
#
+change_password.so change_password.po $(OUTPRE)change_password.$(OBJEXT): change_password.c \
+ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
+ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
+ $(BUILDTOP)/include/profile.h krb4int.h $(SRCTOP)/include/kerberosIV/kadm.h \
+ $(SRCTOP)/include/kerberosIV/prot.h
cr_auth_repl.so cr_auth_repl.po $(OUTPRE)cr_auth_repl.$(OBJEXT): cr_auth_repl.c $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \
- $(SRCTOP)/include/kerberosIV/krb_conf.h
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h
cr_ciph.so cr_ciph.po $(OUTPRE)cr_ciph.$(OBJEXT): cr_ciph.c $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \
- $(SRCTOP)/include/kerberosIV/krb_conf.h
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h
cr_tkt.so cr_tkt.po $(OUTPRE)cr_tkt.$(OBJEXT): cr_tkt.c $(BUILDTOP)/include/krb5.h \
$(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/prot.h \
- $(SRCTOP)/include/kerberosIV/krb_conf.h $(SRCTOP)/include/port-sockets.h \
- $(BUILDTOP)/include/krb5/autoconf.h
+ $(SRCTOP)/include/kerberosIV/krb.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \
+ $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h
debug.so debug.po $(OUTPRE)debug.$(OBJEXT): debug.c $(SRCTOP)/include/kerberosIV/mit-copyright.h
decomp_tkt.so decomp_tkt.po $(OUTPRE)decomp_tkt.$(OBJEXT): decomp_tkt.c $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/prot.h \
- $(SRCTOP)/include/kerberosIV/krb_conf.h $(BUILDTOP)/include/krb5.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/krb54proto.h $(SRCTOP)/include/port-sockets.h \
- $(BUILDTOP)/include/krb5/autoconf.h
+ $(SRCTOP)/include/kerberosIV/krb.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \
+ $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/krb54proto.h \
+ $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h
g_ad_tkt.so g_ad_tkt.po $(OUTPRE)g_ad_tkt.$(OBJEXT): g_ad_tkt.c $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \
- $(SRCTOP)/include/kerberosIV/krb_conf.h
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h
g_pw_in_tkt.so g_pw_in_tkt.po $(OUTPRE)g_pw_in_tkt.$(OBJEXT): g_pw_in_tkt.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
$(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/krb.h \
$(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
- $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/kerberosIV/krb_conf.h
+ $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h
g_phost.so g_phost.po $(OUTPRE)g_phost.$(OBJEXT): g_phost.c $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(BUILDTOP)/include/krb5/autoconf.h
g_pw_tkt.so g_pw_tkt.po $(OUTPRE)g_pw_tkt.$(OBJEXT): g_pw_tkt.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h
+ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
+ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
+ $(BUILDTOP)/include/profile.h
g_tkt_svc.so g_tkt_svc.po $(OUTPRE)g_tkt_svc.$(OBJEXT): g_tkt_svc.c $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(BUILDTOP)/include/krb5/autoconf.h
getst.so getst.po $(OUTPRE)getst.$(OBJEXT): getst.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
$(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
- krb4int.h
+ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
+ $(BUILDTOP)/include/profile.h krb4int.h
gethostname.so gethostname.po $(OUTPRE)gethostname.$(OBJEXT): gethostname.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
$(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
- krb4int.h
+ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
+ $(BUILDTOP)/include/profile.h krb4int.h
+kadm_net.so kadm_net.po $(OUTPRE)kadm_net.$(OBJEXT): kadm_net.c $(SRCTOP)/include/port-sockets.h \
+ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/kerberosIV/krb.h \
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/krbports.h \
+ $(SRCTOP)/include/kerberosIV/kadm.h $(BUILDTOP)/include/kerberosIV/kadm_err.h \
+ $(SRCTOP)/include/kerberosIV/prot.h
+kadm_stream.so kadm_stream.po $(OUTPRE)kadm_stream.$(OBJEXT): kadm_stream.c $(SRCTOP)/include/kerberosIV/kadm.h \
+ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
+ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
+ $(BUILDTOP)/include/profile.h $(BUILDTOP)/include/kerberosIV/kadm_err.h \
+ $(SRCTOP)/include/kerberosIV/prot.h
kname_parse.so kname_parse.po $(OUTPRE)kname_parse.$(OBJEXT): kname_parse.c $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h
err_txt.so err_txt.po $(OUTPRE)err_txt.$(OBJEXT): err_txt.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h
+ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
+ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
+ $(BUILDTOP)/include/profile.h
lifetime.so lifetime.po $(OUTPRE)lifetime.$(OBJEXT): lifetime.c $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h
g_in_tkt.so g_in_tkt.po $(OUTPRE)g_in_tkt.$(OBJEXT): g_in_tkt.c $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \
- $(SRCTOP)/include/kerberosIV/krb_conf.h
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h
mk_auth.so mk_auth.po $(OUTPRE)mk_auth.$(OBJEXT): mk_auth.c $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \
- $(SRCTOP)/include/kerberosIV/krb_conf.h
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h
mk_err.so mk_err.po $(OUTPRE)mk_err.$(OBJEXT): mk_err.c $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \
- $(SRCTOP)/include/kerberosIV/krb_conf.h
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h
mk_priv.so mk_priv.po $(OUTPRE)mk_priv.$(OBJEXT): mk_priv.c $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \
- $(SRCTOP)/include/kerberosIV/krb_conf.h $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h \
- $(SRCTOP)/include/kerberosIV/mit-copyright.h $(SRCTOP)/include/port-sockets.h \
- $(BUILDTOP)/include/krb5/autoconf.h
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \
+ $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \
+ $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h
mk_req.so mk_req.po $(OUTPRE)mk_req.$(OBJEXT): mk_req.c $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \
- $(SRCTOP)/include/kerberosIV/krb_conf.h krb4int.h
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \
+ krb4int.h
mk_safe.so mk_safe.po $(OUTPRE)mk_safe.$(OBJEXT): mk_safe.c $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \
- $(SRCTOP)/include/kerberosIV/krb_conf.h $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h \
- $(SRCTOP)/include/kerberosIV/mit-copyright.h $(SRCTOP)/include/port-sockets.h \
- $(BUILDTOP)/include/krb5/autoconf.h
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \
+ $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \
+ $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h
month_sname.so month_sname.po $(OUTPRE)month_sname.$(OBJEXT): month_sname.c $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h krb4int.h
-one.so one.po $(OUTPRE)one.$(OBJEXT): one.c
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h krb4int.h
pkt_cipher.so pkt_cipher.po $(OUTPRE)pkt_cipher.$(OBJEXT): pkt_cipher.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
$(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/kerberosIV/krb_conf.h
+ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
+ $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h
pkt_clen.so pkt_clen.po $(OUTPRE)pkt_clen.$(OBJEXT): pkt_clen.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
$(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/kerberosIV/krb_conf.h
+ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
+ $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h
prot_client.so prot_client.po $(OUTPRE)prot_client.$(OBJEXT): prot_client.c $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \
- $(SRCTOP)/include/kerberosIV/krb_conf.h
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h
prot_common.so prot_common.po $(OUTPRE)prot_common.$(OBJEXT): prot_common.c $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \
- $(SRCTOP)/include/kerberosIV/krb_conf.h
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h
prot_kdc.so prot_kdc.po $(OUTPRE)prot_kdc.$(OBJEXT): prot_kdc.c $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \
- $(SRCTOP)/include/kerberosIV/krb_conf.h $(SRCTOP)/include/port-sockets.h \
- $(BUILDTOP)/include/krb5/autoconf.h
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \
+ $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h
rd_err.so rd_err.po $(OUTPRE)rd_err.$(OBJEXT): rd_err.c $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \
- $(SRCTOP)/include/kerberosIV/krb_conf.h
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h
rd_priv.so rd_priv.po $(OUTPRE)rd_priv.$(OBJEXT): rd_priv.c $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \
- $(SRCTOP)/include/kerberosIV/krb_conf.h $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h \
- $(SRCTOP)/include/kerberosIV/mit-copyright.h $(SRCTOP)/include/port-sockets.h \
- $(BUILDTOP)/include/krb5/autoconf.h
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \
+ $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \
+ $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h
rd_safe.so rd_safe.po $(OUTPRE)rd_safe.$(OBJEXT): rd_safe.c $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \
- $(SRCTOP)/include/kerberosIV/krb_conf.h $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h \
- $(SRCTOP)/include/kerberosIV/mit-copyright.h $(SRCTOP)/include/port-sockets.h \
- $(BUILDTOP)/include/krb5/autoconf.h
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \
+ $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \
+ $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h
send_to_kdc.so send_to_kdc.po $(OUTPRE)send_to_kdc.$(OBJEXT): send_to_kdc.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
$(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krbports.h $(SRCTOP)/include/kerberosIV/prot.h \
- $(SRCTOP)/include/kerberosIV/krb_conf.h $(SRCTOP)/include/port-sockets.h \
+ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
+ $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/krbports.h \
+ $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \
$(BUILDTOP)/include/krb5/autoconf.h
stime.so stime.po $(OUTPRE)stime.$(OBJEXT): stime.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
$(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
- krb4int.h
+ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
+ $(BUILDTOP)/include/profile.h krb4int.h
strnlen.so strnlen.po $(OUTPRE)strnlen.$(OBJEXT): strnlen.c $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \
- $(SRCTOP)/include/kerberosIV/krb_conf.h
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h
rd_preauth.so rd_preauth.po $(OUTPRE)rd_preauth.$(OBJEXT): rd_preauth.c $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb_db.h \
- $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/kerberosIV/krb_conf.h \
- krb4int.h
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/krb_db.h \
+ $(SRCTOP)/include/kerberosIV/prot.h krb4int.h
mk_preauth.so mk_preauth.po $(OUTPRE)mk_preauth.$(OBJEXT): mk_preauth.c $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h
unix_time.so unix_time.po $(OUTPRE)unix_time.$(OBJEXT): unix_time.c $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h
unix_time.so unix_time.po $(OUTPRE)unix_time.$(OBJEXT): unix_time.c $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h
tf_util.so tf_util.po $(OUTPRE)tf_util.$(OBJEXT): tf_util.c $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/k5-int.h \
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+ $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h krb4int.h
+ krb4int.h
dest_tkt.so dest_tkt.po $(OUTPRE)dest_tkt.$(OBJEXT): dest_tkt.c $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h
in_tkt.so in_tkt.po $(OUTPRE)in_tkt.$(OBJEXT): in_tkt.c $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h
-tkt_string.so tkt_string.po $(OUTPRE)tkt_string.$(OBJEXT): tkt_string.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h
+tkt_string.so tkt_string.po $(OUTPRE)tkt_string.$(OBJEXT): tkt_string.c $(SRCTOP)/include/kerberosIV/krb.h \
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(BUILDTOP)/include/krb5/autoconf.h
g_tf_fname.so g_tf_fname.po $(OUTPRE)g_tf_fname.$(OBJEXT): g_tf_fname.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h
+ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
+ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
+ $(BUILDTOP)/include/profile.h
g_tf_realm.so g_tf_realm.po $(OUTPRE)g_tf_realm.$(OBJEXT): g_tf_realm.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h
+ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
+ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
+ $(BUILDTOP)/include/profile.h
g_cred.so g_cred.po $(OUTPRE)g_cred.$(OBJEXT): g_cred.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h
+ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
+ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
+ $(BUILDTOP)/include/profile.h
save_creds.so save_creds.po $(OUTPRE)save_creds.$(OBJEXT): save_creds.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
$(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
- krb4int.h
+ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
+ $(BUILDTOP)/include/profile.h krb4int.h
unix_glue.so unix_glue.po $(OUTPRE)unix_glue.$(OBJEXT): unix_glue.c $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h krb4int.h
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h krb4int.h
klog.so klog.po $(OUTPRE)klog.$(OBJEXT): klog.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
$(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
- krb4int.h $(SRCTOP)/include/kerberosIV/klog.h
+ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
+ $(BUILDTOP)/include/profile.h krb4int.h $(SRCTOP)/include/kerberosIV/klog.h
kuserok.so kuserok.po $(OUTPRE)kuserok.$(OBJEXT): kuserok.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h
+ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
+ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
+ $(BUILDTOP)/include/profile.h
log.so log.po $(OUTPRE)log.$(OBJEXT): log.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
$(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
- krb4int.h $(SRCTOP)/include/kerberosIV/klog.h
+ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
+ $(BUILDTOP)/include/profile.h krb4int.h $(SRCTOP)/include/kerberosIV/klog.h
kntoln.so kntoln.po $(OUTPRE)kntoln.$(OBJEXT): kntoln.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h
+ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
+ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
+ $(BUILDTOP)/include/profile.h
fgetst.so fgetst.po $(OUTPRE)fgetst.$(OBJEXT): fgetst.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
$(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
- krb4int.h
+ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
+ $(BUILDTOP)/include/profile.h krb4int.h
rd_svc_key.so rd_svc_key.po $(OUTPRE)rd_svc_key.$(OBJEXT): rd_svc_key.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
$(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
- krb4int.h $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
- $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
- $(SRCTOP)/include/krb54proto.h $(SRCTOP)/include/kerberosIV/prot.h \
- $(SRCTOP)/include/kerberosIV/krb_conf.h
+ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
+ $(BUILDTOP)/include/profile.h krb4int.h $(SRCTOP)/include/k5-int.h \
+ $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
+ $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
+ $(SRCTOP)/include/krb54proto.h $(SRCTOP)/include/kerberosIV/prot.h
cr_err_repl.so cr_err_repl.po $(OUTPRE)cr_err_repl.$(OBJEXT): cr_err_repl.c $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \
- $(SRCTOP)/include/kerberosIV/krb_conf.h
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h
rd_req.so rd_req.po $(OUTPRE)rd_req.$(OBJEXT): rd_req.c $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/prot.h \
- $(SRCTOP)/include/kerberosIV/krb_conf.h $(BUILDTOP)/include/krb5.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/krb54proto.h
+ $(SRCTOP)/include/kerberosIV/krb.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \
+ $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/krb54proto.h
g_svc_in_tkt.so g_svc_in_tkt.po $(OUTPRE)g_svc_in_tkt.$(OBJEXT): g_svc_in_tkt.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
$(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/kerberosIV/krb_conf.h \
+ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
+ $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \
krb4int.h
recvauth.so recvauth.po $(OUTPRE)recvauth.$(OBJEXT): recvauth.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
$(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h
+ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
+ $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(BUILDTOP)/include/krb5/autoconf.h
krb_err.so krb_err.po $(OUTPRE)krb_err.$(OBJEXT): krb_err.c $(COM_ERR_DEPS)
ad_print.so ad_print.po $(OUTPRE)ad_print.$(OBJEXT): ad_print.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
$(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
- krb4int.h $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h
+ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
+ $(BUILDTOP)/include/profile.h krb4int.h $(SRCTOP)/include/port-sockets.h \
+ $(BUILDTOP)/include/krb5/autoconf.h
cr_death_pkt.so cr_death_pkt.po $(OUTPRE)cr_death_pkt.$(OBJEXT): cr_death_pkt.c $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \
- $(SRCTOP)/include/kerberosIV/krb_conf.h
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h
kparse.so kparse.po $(OUTPRE)kparse.$(OBJEXT): kparse.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
$(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/kparse.h
+ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
+ $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/kparse.h
put_svc_key.so put_svc_key.po $(OUTPRE)put_svc_key.$(OBJEXT): put_svc_key.c $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h krb4int.h
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h krb4int.h
sendauth.so sendauth.po $(OUTPRE)sendauth.$(OBJEXT): sendauth.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
$(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
- krb4int.h $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h
+ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
+ $(BUILDTOP)/include/profile.h krb4int.h $(SRCTOP)/include/port-sockets.h \
+ $(BUILDTOP)/include/krb5/autoconf.h
netread.so netread.po $(OUTPRE)netread.$(OBJEXT): netread.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
$(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h
+ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
+ $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(BUILDTOP)/include/krb5/autoconf.h
netwrite.so netwrite.po $(OUTPRE)netwrite.$(OBJEXT): netwrite.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
$(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h
+ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
+ $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(BUILDTOP)/include/krb5/autoconf.h
g_cnffile.so g_cnffile.po $(OUTPRE)g_cnffile.$(OBJEXT): g_cnffile.c $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/k5-int.h \
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
- $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+ $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
- $(BUILDTOP)/include/profile.h krb4int.h
+ krb4int.h
g_krbhst.so g_krbhst.po $(OUTPRE)g_krbhst.$(OBJEXT): g_krbhst.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
$(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
- krb4int.h $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h
+ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
+ $(BUILDTOP)/include/profile.h krb4int.h $(SRCTOP)/include/port-sockets.h \
+ $(BUILDTOP)/include/krb5/autoconf.h
g_krbrlm.so g_krbrlm.po $(OUTPRE)g_krbrlm.$(OBJEXT): g_krbrlm.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
$(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
- krb4int.h
+ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
+ $(BUILDTOP)/include/profile.h krb4int.h
g_admhst.so g_admhst.po $(OUTPRE)g_admhst.$(OBJEXT): g_admhst.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
$(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
- krb4int.h
+ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
+ $(BUILDTOP)/include/profile.h krb4int.h
realmofhost.so realmofhost.po $(OUTPRE)realmofhost.$(OBJEXT): realmofhost.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
$(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
- krb4int.h
+ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
+ $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+ $(BUILDTOP)/include/krb5/autoconf.h krb4int.h
--- /dev/null
+/*
+ * g_pw_in_tkt.c
+ *
+ * Copyright 1987, 1988, 2002 by the Massachusetts Institute of
+ * Technology. All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <string.h>
+#include <stdlib.h>
+#include <netdb.h>
+
+#if TARGET_OS_MAC /* XXX */
+#include <Kerberos/CredentialsCache.h>
+#endif
+#include "krb.h"
+#include "krb4int.h"
+#include "kadm.h"
+#include "prot.h"
+
+/*
+ * krb_change_password(): This disgusting function handles changing passwords
+ * in a krb4-only environment.
+ * -1783126240
+ * THIS IS NOT A NORMAL KRB4 API FUNCTION! DON'T USE IN PORTABLE CODE!
+ */
+
+int KRB5_CALLCONV
+krb_change_password(char *principal, char *instance, char *realm,
+ char *oldPassword, char *newPassword)
+{
+ KRB_INT32 err;
+ des_cblock key;
+ KRB_UINT32 tempKey;
+ size_t sendSize;
+ u_char *sendStream;
+ size_t receiveSize;
+ u_char *receiveStream;
+ Kadm_Client client_parm;
+ u_char *p;
+
+ err = 0;
+ /*
+ * Get tickets to change the old password and shove them in the
+ * client_parm
+ */
+ err = krb_get_pw_in_tkt_creds(principal, instance, realm,
+ PWSERV_NAME, KADM_SINST, 1,
+ oldPassword, &client_parm.creds);
+ if (err != KSUCCESS)
+ goto cleanup;
+
+#if TARGET_OS_MAC
+ /* Now create the key to send to the server */
+ switch (client_parm.creds.stk_type) {
+ case cc_v4_stk_des:
+ mit_passwd_to_key(principal, instance, realm, newPassword, key);
+ break;
+ case cc_v4_stk_afs:
+ afs_passwd_to_key(principal, instance, realm, newPassword, key);
+ break;
+ case cc_v4_stk_krb5:
+ krb5_passwd_to_key(principal, instance, realm, newPassword, key);
+ break;
+ default:
+ /*
+ * Okay, actually afs_string_to_key sites can't use this
+ * protocol to change passwords
+ */
+ mit_passwd_to_key(principal, instance, realm, newPassword, key);
+ break;
+ }
+#else
+ des_string_to_key(newPassword, key); /* XXX check this! */
+#endif
+ /* Create the link to the server */
+ err = kadm_init_link(PWSERV_NAME, KRB_MASTER, realm, &client_parm, 1);
+ if (err != KADM_SUCCESS)
+ goto cleanup;
+
+ /* Connect to the KDC */
+ err = kadm_cli_conn(&client_parm);
+ if (err != KADM_SUCCESS)
+ goto cleanup;
+
+ /* possible problem with vts_long on a non-multiple of four boundary */
+ sendSize = 0; /* start of our output packet */
+ sendStream = malloc(1); /* to make it reallocable */
+ sendStream[sendSize++] = CHANGE_PW;
+
+ /* change key to stream */
+ /* This looks backwards but gets inverted on the server side. */
+ p = key + 4;
+ KRB4_GET32BE(tempKey, p);
+ sendSize += vts_long(tempKey, &sendStream, (int)sendSize);
+ p = key;
+ KRB4_GET32BE(tempKey, p);
+ sendSize += vts_long(tempKey, &sendStream, (int)sendSize);
+
+ if (newPassword) {
+ sendSize += vts_string(newPassword, &sendStream, (int)sendSize);
+ }
+
+ /* send the data to the kdc */
+ err = kadm_cli_send(&client_parm, sendStream, sendSize,
+ &receiveStream, &receiveSize);
+ free(sendStream);
+ if (receiveSize > 0)
+ /* If there is a string from the kdc, free it - we don't care */
+ free(receiveStream);
+ if (err != KADM_SUCCESS)
+ goto disconnect;
+
+disconnect:
+ /* Disconnect */
+ kadm_cli_disconn(&client_parm);
+
+cleanup:
+ return err;
+}
dnl for stdlib.h
AC_CHECK_HEADERS(stdlib.h)
-AC_C_CROSS dnl pretty up output, eval this before AC_TRY_RUN
-dnl need MSBFIRST, LSBFIRST, BITS16, BITS32
-AC_MSG_CHECKING([if system is msbfirst])
-AC_CACHE_VAL(krb5_cv_is_msbfirst,
-[AC_TRY_RUN(
-[#include <stdio.h>
-int main()
-{
- int one = 1;
- exit (*(char*) &one); /* MSBFIRST iff 1 */
-}],
-krb5_cv_is_msbfirst=yes, krb5_cv_is_msbfirst=no
-)])dnl fail on cross for now
-AC_MSG_RESULT($krb5_cv_is_msbfirst)
-if test $krb5_cv_is_msbfirst = yes; then
- AC_DEFINE(MSBFIRST)
-else
- AC_DEFINE(LSBFIRST)
-fi
-dnl
-dnl check int, set bits16/bits32 based on it
-AC_CHECK_SIZEOF(int)
-if test $ac_cv_sizeof_int = 2; then
- AC_DEFINE(BITS16)
-else
- AC_DEFINE(BITS32)
-fi
AC_TYPE_MODE_T
AC_TYPE_UID_T
AC_DEFINE(KRB4_USE_KEYTAB)
KRB5_BUILD_LIBOBJS
KRB5_BUILD_LIBRARY_WITH_DEPS
V5_AC_OUTPUT_MAKEFILE
-
key_proc_type, KTEXT *);
#endif
-static int
-krb_mk_in_tkt_preauth(char *, char *, char *, char *, char *,
- int, char *, int, KTEXT, int *);
-
-static int
-krb_parse_in_tkt(char *, char *, char *, char *, char *,
- int, KTEXT, int);
+static int decrypt_tkt(char *, char *, char *, char *, key_proc_type, KTEXT *);
+static int krb_mk_in_tkt_preauth(char *, char *, char *, char *, char *,
+ int, char *, int, KTEXT, int *,
+ struct sockaddr_in *);
+static int krb_parse_in_tkt_creds(char *, char *, char *, char *, char *,
+ int, KTEXT, int, CREDENTIALS *);
/*
* decrypt_tkt(): Given user, instance, realm, passwd, key_proc
static int
krb_mk_in_tkt_preauth(user, instance, realm, service, sinstance, life,
- preauth_p, preauth_len, cip, byteorder)
+ preauth_p, preauth_len, cip, byteorder, local_addr)
char *user;
char *instance;
char *realm;
int preauth_len;
KTEXT cip;
int *byteorder;
+ struct sockaddr_in *local_addr;
{
KTEXT_ST pkt_st;
KTEXT pkt = &pkt_st; /* Packet to KDC */
/* SEND THE REQUEST AND RECEIVE THE RETURN PACKET */
rpkt->length = 0;
+#if 0 /* XXX */
+ kerror = send_to_kdc_addr(pkt, rpkt, realm, local_addr);
+#else
kerror = send_to_kdc(pkt, rpkt, realm);
+#endif
if (kerror)
return kerror;
}
static int
-krb_parse_in_tkt(user, instance, realm, service, sinstance, life, cip,
- byteorder)
+krb_parse_in_tkt_creds(user, instance, realm, service, sinstance, life, cip,
+ byteorder, creds)
char *user;
char *instance;
char *realm;
int life;
KTEXT cip;
int byteorder;
+ CREDENTIALS *creds;
{
unsigned char *ptr;
- C_Block ses; /* Session key for tkt */
int len;
int kvno; /* Kvno for session key */
char s_name[SNAME_SZ];
unsigned long kdc_time; /* KDC time */
unsigned KRB4_32 t_local; /* Must be 4 bytes long for memcpy below! */
KRB4_32 t_diff; /* Difference between timestamps */
- int kerror;
int lifetime;
ptr = cip->dat;
return RD_AP_TIME; /* XXX should probably be better code */
}
- /* initialize ticket cache */
- if (in_tkt(user,instance) != KSUCCESS)
- return INTK_ERR;
/* stash ticket, session key, etc. for future use */
- memcpy(ses, cip->dat, 8);
- kerror = krb_save_credentials(s_name, s_instance, rlm, ses,
- lifetime, kvno,
- tkt, (KRB4_32)t_local);
- memset(ses, 0, 8);
- if (kerror)
- return kerror;
+ strncpy(creds->service, s_name, sizeof(creds->service));
+ strncpy(creds->instance, s_instance, sizeof(creds->instance));
+ strncpy(creds->realm, rlm, sizeof(creds->realm));
+ memmove(creds->session, cip->dat, sizeof(C_Block));
+ creds->lifetime = lifetime;
+ creds->kvno = kvno;
+ creds->ticket_st.length = tkt->length;
+ memmove(creds->ticket_st.dat, tkt->dat, (size_t)tkt->length);
+ creds->issue_date = t_local;
+ strncpy(creds->pname, user, sizeof(creds->pname));
+ strncpy(creds->pinst, instance, sizeof(creds->pinst));
return INTK_OK;
}
int
-krb_get_in_tkt_preauth(user, instance, realm, service, sinstance, life,
- key_proc, decrypt_proc, arg, preauth_p, preauth_len)
+krb_get_in_tkt_preauth_creds(user, instance, realm, service, sinstance, life,
+ key_proc, decrypt_proc,
+ arg, preauth_p, preauth_len, creds)
char *user;
char *instance;
char *realm;
char *arg;
char *preauth_p;
int preauth_len;
+ CREDENTIALS *creds;
{
KTEXT_ST cip_st;
KTEXT cip = &cip_st; /* Returned Ciphertext */
int kerror;
int byteorder;
+#if TARGET_OS_MAC
+ struct sockaddr_in local_addr;
+#endif
+#if TARGET_OS_MAC
kerror = krb_mk_in_tkt_preauth(user, instance, realm,
service, sinstance,
life, preauth_p, preauth_len,
- cip, &byteorder);
+ cip, &byteorder, &local_addr);
+#else
+ kerror = krb_mk_in_tkt_preauth(user, instance, realm,
+ service, sinstance,
+ life, preauth_p, preauth_len,
+ cip, &byteorder, NULL);
+#endif
if (kerror)
return kerror;
/* Attempt to decrypt the reply. */
else
(*decrypt_proc)(user, instance, realm, arg, key_proc, &cip);
- kerror = krb_parse_in_tkt(user, instance, realm,
- service, sinstance,
- life, cip, byteorder);
+ kerror = krb_parse_in_tkt_creds(user, instance, realm,
+ service, sinstance,
+ life, cip, byteorder, creds);
+#if TARGET_OS_MAC
+ /* Do this here to avoid OS dependency in parse_in_tkt prototype. */
+ creds->address = local_addr->sin_addr.s_addr;
+#endif
/* stomp stomp stomp */
memset(cip->dat, 0, (size_t)cip->length);
return kerror;
}
+int
+krb_get_in_tkt_creds(user, instance, realm, service, sinstance, life,
+ key_proc, decrypt_proc, arg, creds)
+ char *user;
+ char *instance;
+ char *realm;
+ char *service;
+ char *sinstance;
+ int life;
+ key_proc_type key_proc;
+ decrypt_tkt_type decrypt_proc;
+ char *arg;
+ CREDENTIALS *creds;
+{
+ return krb_get_in_tkt_preauth_creds(user, instance, realm,
+ service, sinstance, life,
+ key_proc, decrypt_proc, arg,
+ NULL, 0, creds);
+}
+
+int
+krb_get_in_tkt_preauth(user, instance, realm, service, sinstance, life,
+ key_proc, decrypt_proc,
+ arg, preauth_p, preauth_len)
+ char *user;
+ char *instance;
+ char *realm;
+ char *service;
+ char *sinstance;
+ int life;
+ key_proc_type key_proc;
+ decrypt_tkt_type decrypt_proc;
+ char *arg;
+ char *preauth_p;
+ int preauth_len;
+{
+ int retval;
+ CREDENTIALS creds;
+
+ do {
+ retval = krb_get_in_tkt_preauth_creds(user, instance, realm,
+ service, sinstance, life,
+ key_proc, decrypt_proc,
+ arg, preauth_p, preauth_len,
+ &creds);
+ if (retval != KSUCCESS) break;
+ if (in_tkt(user, instance) != KSUCCESS) {
+ retval = INTK_ERR;
+ break;
+ }
+#if TARGET_OS_MAC /* XXX */
+ retval = krb_save_credentials_addr(creds.service, creds.instance,
+ creds.realm, creds.session,
+ creds.lifetime, creds.kvno,
+ &creds.ticket_st, creds.issue_date,
+ creds.address, creds.stk_type);
+#else
+ retval = krb_save_credentials(creds.service, creds.instance,
+ creds.realm, creds.session,
+ creds.lifetime, creds.kvno,
+ &creds.ticket_st, creds.issue_date);
+#endif
+ if (retval != KSUCCESS) break;
+ } while (0);
+ memset(&creds, 0, sizeof(creds));
+ return retval;
+}
+
int
krb_get_in_tkt(user, instance, realm, service, sinstance, life,
key_proc, decrypt_proc, arg)
return krb_get_in_tkt_preauth(user, instance, realm,
service, sinstance, life,
key_proc, decrypt_proc, arg,
- (char *)NULL, 0);
+ NULL, 0);
}
(decrypt_tkt_type)NULL, password));
}
+int KRB5_CALLCONV
+krb_get_pw_in_tkt_creds(
+ char *user, char *instance, char *realm, char *service, char *sinstance,
+ int life, char *password, CREDENTIALS *creds)
+{
+ return krb_get_in_tkt_creds(user, instance, realm,
+ service, sinstance, life,
+ (key_proc_type)passwd_to_key,
+ NULL, password, creds);
+}
+
+
/*
* krb_get_pw_in_tkt_preauth() gets handed the password or key explicitly,
* since the whole point of "pre" authentication is to prove that we've
--- /dev/null
+/*
+ * kadm_net.c
+ *
+ * Copyright 1988, 2002 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ * Kerberos administration server client-side network access routines
+ * These routines do actual network traffic, in a machine dependent manner.
+ */
+
+#include <errno.h>
+#include <signal.h>
+#include <string.h>
+#include <stdlib.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#define DEFINE_SOCKADDR /* Ask krb.h for struct sockaddr, etc */
+#include "port-sockets.h"
+#include "krb.h"
+#include "krbports.h"
+#include "kadm.h"
+#include "kadm_err.h"
+#include "prot.h"
+
+/* XXX FIXME! */
+#if defined(_WINDOWS) || defined(macintosh)
+ #define SIGNAL(s, f) 0
+#else
+ #define SIGNAL(s, f) signal(s, f)
+ extern int errno;
+#endif
+
+static void clear_secrets(des_cblock sess_key, Key_schedule sess_sched);
+/* XXX FIXME! */
+static sigtype (*opipe)();
+
+
+/*
+ * kadm_init_link
+ * receives : principal, instance, realm
+ *
+ * initializes client parm, the Kadm_Client structure which holds the
+ * data about the connection between the server and client, the services
+ * used, the locations and other fun things
+ */
+int
+kadm_init_link(char *principal, char *instance, char *realm,
+ Kadm_Client *client_parm, int changepw)
+{
+ struct servent *sep; /* service we will talk to */
+ u_short sep_port;
+ struct hostent *hop; /* host we will talk to */
+ char adm_hostname[MAXHOSTNAMELEN];
+ char *scol = 0;
+
+ (void) strcpy(client_parm->sname, principal);
+ (void) strcpy(client_parm->sinst, instance);
+ (void) strcpy(client_parm->krbrlm, realm);
+ client_parm->admin_fd = -1;
+ client_parm->default_port = 1;
+
+ /*
+ * set up the admin_addr - fetch name of admin or kpasswd host
+ * (usually the admin host is the kpasswd host unless you have
+ * some sort of realm on crack)
+ */
+ if (changepw) {
+#if 0 /* XXX */
+ if (krb_get_kpasswdhst(adm_hostname, client_parm->krbrlm, 1) != KSUCCESS)
+#endif
+ if (krb_get_admhst(adm_hostname, client_parm->krbrlm, 1) != KSUCCESS)
+ return KADM_NO_HOST;
+ } else {
+ if (krb_get_admhst(adm_hostname, client_parm->krbrlm, 1) != KSUCCESS)
+ return KADM_NO_HOST;
+ }
+ scol = strchr(adm_hostname,':');
+ if (scol) *scol = 0;
+ if ((hop = gethostbyname(adm_hostname)) == NULL)
+ /*
+ * couldn't find the admin servers address
+ */
+ return KADM_UNK_HOST;
+ if (scol) {
+ sep_port = htons(atoi(scol+1));
+ client_parm->default_port = 0;
+ } else if ((sep = getservbyname(KADM_SNAME, "tcp")) != NULL)
+ sep_port = sep->s_port;
+ else
+ sep_port = htons(KADM_PORT); /* KADM_SNAME = kerberos_master/tcp */
+ memset(&client_parm->admin_addr, 0, sizeof(client_parm->admin_addr));
+ client_parm->admin_addr.sin_family = hop->h_addrtype;
+ memcpy(&client_parm->admin_addr.sin_addr, hop->h_addr, hop->h_length);
+ client_parm->admin_addr.sin_port = sep_port;
+
+ return KADM_SUCCESS;
+}
+
+/*
+ * kadm_cli_send
+ * recieves : opcode, packet, packet length, serv_name, serv_inst
+ * returns : return code from the packet build, the server, or
+ * something else
+ *
+ * It assembles a packet as follows:
+ * 8 bytes : VERSION STRING
+ * 4 bytes : LENGTH OF MESSAGE DATA and OPCODE
+ * : KTEXT
+ * : OPCODE \
+ * : DATA > Encrypted (with make priv)
+ * : ...... /
+ *
+ * If it builds the packet and it is small enough, then it attempts to open the
+ * connection to the admin server. If the connection is succesfully open
+ * then it sends the data and waits for a reply.
+ */
+int
+kadm_cli_send(Kadm_Client *client_parm,
+ u_char *st_dat, /* the actual data */
+ size_t st_siz, /* length of said data */
+ u_char **ret_dat, /* to give return info */
+ size_t *ret_siz) /* length of returned info */
+{
+/* Macros for use in returning data... used in kadm_cli_send */
+#define RET_N_FREE(r) {clear_secrets(sess_key, sess_sched); free((char *)act_st); free((char *)priv_pak); return r;}
+#define RET_N_FREE2(r) {free((char *)*ret_dat); *ret_dat = 0; *ret_siz = 0; clear_secrets(sess_key, sess_sched); return(r);}
+
+ int act_len; /* current offset into packet, return */
+ KRB_INT32 retdat; /* data */
+ KTEXT_ST authent; /* the authenticator we will build */
+ u_char *act_st; /* the pointer to the complete packet */
+ u_char *priv_pak; /* private version of the packet */
+ long priv_len; /* length of private packet */
+ u_long cksum; /* checksum of the packet */
+ MSG_DAT mdat;
+ u_char *return_dat;
+ u_char *p;
+ KRB_UINT32 uretdat;
+
+ /* Keys for use in the transactions */
+ des_cblock sess_key; /* to be filled in by kadm_cli_keyd */
+ Key_schedule sess_sched;
+
+ act_st = malloc(KADM_VERSIZE); /* verstr stored first */
+ strncpy((char *)act_st, KADM_VERSTR, KADM_VERSIZE);
+ act_len = KADM_VERSIZE;
+
+ if ((retdat = kadm_cli_keyd(client_parm, sess_key, sess_sched)) != KADM_SUCCESS) {
+ free(act_st);
+ return retdat; /* couldnt get key working */
+ }
+ priv_pak = malloc(st_siz + 200);
+ /* 200 bytes for extra info case */
+ /* XXX Check mk_priv return type */
+ if ((priv_len = krb_mk_priv(st_dat, priv_pak, (u_long)st_siz,
+ sess_sched, (C_Block *)sess_key,
+ &client_parm->my_addr,
+ &client_parm->admin_addr)) < 0)
+ RET_N_FREE(KADM_NO_ENCRYPT); /* whoops... we got a lose here */
+ /*
+ * here is the length of priv data. receiver calcs size of
+ * authenticator by subtracting vno size, priv size, and
+ * sizeof(u_long) (for the size indication) from total size
+ */
+ act_len += vts_long((KRB_UINT32)priv_len, &act_st, (int)act_len);
+#ifdef NOENCRYPTION
+ cksum = 0;
+#else
+ cksum = quad_cksum(priv_pak, NULL, priv_len, 0, &sess_key);
+#endif
+ /* XXX cast unsigned->signed */
+ if ((retdat = krb_mk_req_creds(&authent, &client_parm->creds, (long)cksum)) != NULL) {
+ /* authenticator? */
+ RET_N_FREE(retdat);
+ }
+
+ act_st = realloc(act_st, (unsigned) (act_len + authent.length
+ + priv_len));
+ if (!act_st) {
+ clear_secrets(sess_key, sess_sched);
+ free(priv_pak);
+ return KADM_NOMEM;
+ }
+ memcpy(act_st + act_len, authent.dat, authent.length);
+ memcpy(act_st + act_len + authent.length, priv_pak, priv_len);
+ free(priv_pak);
+ if ((retdat = kadm_cli_out(client_parm, act_st,
+ act_len + authent.length + priv_len,
+ ret_dat, ret_siz)) != KADM_SUCCESS)
+ RET_N_FREE(retdat);
+ free(act_st);
+
+ /* first see if it's a YOULOSE */
+ if ((*ret_siz >= KADM_VERSIZE) &&
+ !strncmp(KADM_ULOSE, (char *)*ret_dat, KADM_VERSIZE))
+ {
+ /* it's a youlose packet */
+ if (*ret_siz < KADM_VERSIZE + 4)
+ RET_N_FREE2(KADM_BAD_VER);
+ p = *ret_dat + KADM_VERSIZE;
+ KRB4_GET32BE(uretdat, p);
+ /* XXX unsigned->signed */
+ retdat = (KRB_INT32)uretdat;
+ RET_N_FREE2(retdat);
+ }
+ /* need to decode the ret_dat */
+ if ((retdat = krb_rd_priv(*ret_dat, (u_long)*ret_siz, sess_sched,
+ (C_Block *)sess_key, &client_parm->admin_addr,
+ &client_parm->my_addr, &mdat)) != NULL)
+ RET_N_FREE2(retdat);
+ if (mdat.app_length < KADM_VERSIZE + 4)
+ /* too short! */
+ RET_N_FREE2(KADM_BAD_VER);
+ if (strncmp((char *)mdat.app_data, KADM_VERSTR, KADM_VERSIZE))
+ /* bad version */
+ RET_N_FREE2(KADM_BAD_VER);
+ p = mdat.app_data + KADM_VERSIZE;
+ KRB4_GET32BE(uretdat, p);
+ /* XXX unsigned->signed */
+ retdat = (KRB_INT32)uretdat;
+ if ((mdat.app_length - KADM_VERSIZE - 4) != 0) {
+ if (!(return_dat =
+ malloc((unsigned)(mdat.app_length - KADM_VERSIZE - 4))))
+ RET_N_FREE2(KADM_NOMEM);
+ memcpy(return_dat, p, mdat.app_length - KADM_VERSIZE - 4);
+ } else {
+ /* If it's zero length, still need to malloc a 1 byte string; */
+ /* malloc's of zero will return NULL on AIX & A/UX */
+ if (!(return_dat = malloc((unsigned) 1)))
+ RET_N_FREE2(KADM_NOMEM);
+ *return_dat = '\0';
+ }
+ free(*ret_dat);
+ clear_secrets(sess_key, sess_sched);
+ *ret_dat = return_dat;
+ *ret_siz = mdat.app_length - KADM_VERSIZE - 4;
+ return retdat;
+}
+
+int kadm_cli_conn(Kadm_Client *client_parm)
+{ /* this connects and sets my_addr */
+#if 0
+ int on = 1;
+#endif
+ if ((client_parm->admin_fd =
+ socket(client_parm->admin_addr.sin_family, SOCK_STREAM,0)) < 0)
+ return KADM_NO_SOCK; /* couldnt create the socket */
+ if (SOCKET_CONNECT(client_parm->admin_fd,
+ (struct sockaddr *) & client_parm->admin_addr,
+ sizeof(client_parm->admin_addr))) {
+ (void) SOCKET_CLOSE(client_parm->admin_fd);
+ client_parm->admin_fd = -1;
+
+ /* The V4 kadmind port number is 751. The RFC assigned
+ number, for V5, is 749. Sometimes the entry in
+ /etc/services on a client machine will say 749, but the
+ server may be listening on port 751. We try to partially
+ cope by automatically falling back to try port 751 if we
+ don't get a reply on port we are using. */
+ if (client_parm->admin_addr.sin_port != htons(KADM_PORT)
+ && client_parm->default_port) {
+ client_parm->admin_addr.sin_port = htons(KADM_PORT);
+ return kadm_cli_conn(client_parm);
+ }
+
+ return KADM_NO_CONN; /* couldnt get the connect */
+ }
+ opipe = SIGNAL(SIGPIPE, SIG_IGN);
+ client_parm->my_addr_len = sizeof(client_parm->my_addr);
+ if (SOCKET_GETSOCKNAME(client_parm->admin_fd,
+ (struct sockaddr *) & client_parm->my_addr,
+ &client_parm->my_addr_len) < 0) {
+ (void) SOCKET_CLOSE(client_parm->admin_fd);
+ client_parm->admin_fd = -1;
+ (void) SIGNAL(SIGPIPE, opipe);
+ return KADM_NO_HERE; /* couldnt find out who we are */
+ }
+#if 0
+ if (setsockopt(client_parm.admin_fd, SOL_SOCKET, SO_KEEPALIVE, (char *)&on,
+ sizeof(on)) < 0) {
+ (void) closesocket(client_parm.admin_fd);
+ client_parm.admin_fd = -1;
+ (void) SIGNAL(SIGPIPE, opipe);
+ return KADM_NO_CONN; /* XXX */
+ }
+#endif
+ return KADM_SUCCESS;
+}
+
+void kadm_cli_disconn(Kadm_Client *client_parm)
+{
+ (void) SOCKET_CLOSE(client_parm->admin_fd);
+ (void) SIGNAL(SIGPIPE, opipe);
+ return;
+}
+
+int kadm_cli_out(Kadm_Client *client_parm, u_char *dat, int dat_len,
+ u_char **ret_dat, size_t *ret_siz)
+{
+ u_short dlen;
+ int retval;
+ unsigned char buf[2], *p;
+
+ dlen = (u_short)dat_len;
+ if (dlen > 0x7fff) /* XXX krb_net_write signedness */
+ return KADM_NO_ROOM;
+
+ p = buf;
+ KRB4_PUT16BE(p, dlen);
+ if (krb_net_write(client_parm->admin_fd, (char *)buf, 2) < 0)
+ return SOCKET_ERRNO; /* XXX */
+
+ if (krb_net_write(client_parm->admin_fd, (char *)dat, (int)dat_len) < 0)
+ return SOCKET_ERRNO; /* XXX */
+
+ retval = krb_net_read(client_parm->admin_fd, (char *)buf, 2);
+ if (retval != 2) {
+ if (retval < 0)
+ return SOCKET_ERRNO; /* XXX */
+ else
+ return EPIPE; /* short read ! */
+ }
+
+ p = buf;
+ KRB4_GET16BE(dlen, p);
+ if (dlen > INT_MAX) /* XXX krb_net_read signedness */
+ return KADM_NO_ROOM;
+ *ret_dat = malloc(dlen);
+ if (!*ret_dat)
+ return KADM_NOMEM;
+
+ retval = krb_net_read(client_parm->admin_fd, (char *)*ret_dat, (int)dlen);
+ if (retval != dlen) {
+ if (retval < 0)
+ return SOCKET_ERRNO; /* XXX */
+ else
+ return EPIPE; /* short read ! */
+ }
+ *ret_siz = dlen;
+ return KADM_SUCCESS;
+}
+
+static void
+clear_secrets(des_cblock sess_key, Key_schedule sess_sched)
+{
+ memset(sess_key, 0, sizeof(sess_key));
+ memset(sess_sched, 0, sizeof(sess_sched));
+ return;
+}
+
+/* takes in the sess_key and key_schedule and sets them appropriately */
+int kadm_cli_keyd(Kadm_Client *client_parm,
+ des_cblock s_k, des_key_schedule s_s)
+{
+ int stat;
+
+ memcpy(s_k, client_parm->creds.session, sizeof(des_cblock));
+ stat = key_sched(s_k, s_s);
+ if (stat)
+ return stat;
+ return KADM_SUCCESS;
+} /* This code "works" */
--- /dev/null
+/*
+ * kadm_stream.c
+ *
+ * Copyright 1988, 2002 by the Massachusetts Institute of Technology.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ * Stream conversion functions for Kerberos administration server
+ */
+
+/*
+ kadm_stream.c
+ this holds the stream support routines for the kerberos administration server
+
+ vals_to_stream: converts a vals struct to a stream for transmission
+ internals build_field_header, vts_[string, char, long, short]
+ stream_to_vals: converts a stream to a vals struct
+ internals check_field_header, stv_[string, char, long, short]
+ error: prints out a kadm error message, returns
+ fatal: prints out a kadm fatal error message, exits
+*/
+
+#include <string.h>
+#include <stdlib.h>
+
+#include "kadm.h"
+#include "kadm_err.h"
+#include "prot.h"
+
+#define min(a,b) (((a) < (b)) ? (a) : (b))
+
+/*
+vals_to_stream
+ recieves : kadm_vals *, u_char *
+ returns : a realloced and filled in u_char *
+
+this function creates a byte-stream representation of the kadm_vals structure
+*/
+int
+vals_to_stream(Kadm_vals *dt_in, u_char **dt_out)
+{
+ int vsloop, stsize; /* loop counter, stream size */
+
+ stsize = build_field_header(dt_in->fields, dt_out);
+ for (vsloop = 31; vsloop >= 0; vsloop--)
+ if (IS_FIELD(vsloop, dt_in->fields)) {
+ switch (vsloop) {
+ case KADM_NAME:
+ stsize += vts_string(dt_in->name, dt_out, stsize);
+ break;
+ case KADM_INST:
+ stsize += vts_string(dt_in->instance, dt_out, stsize);
+ break;
+ case KADM_EXPDATE:
+ stsize += vts_long((KRB_UINT32)dt_in->exp_date,
+ dt_out, stsize);
+ break;
+ case KADM_ATTR:
+ stsize += vts_short(dt_in->attributes, dt_out, stsize);
+ break;
+ case KADM_MAXLIFE:
+ stsize += vts_char(dt_in->max_life, dt_out, stsize);
+ break;
+ case KADM_DESKEY:
+ stsize += vts_long(dt_in->key_high, dt_out, stsize);
+ stsize += vts_long(dt_in->key_low, dt_out, stsize);
+ break;
+ default:
+ break;
+ }
+ }
+ return stsize;
+}
+
+int
+build_field_header(
+ u_char *cont, /* container for fields data */
+ u_char **st) /* stream */
+{
+ *st = malloc(4);
+ if (*st == NULL)
+ return -1;
+ memcpy(*st, cont, 4);
+ return 4; /* return pointer to current stream location */
+}
+
+int
+vts_string(char *dat, u_char **st, int loc)
+{
+ size_t len;
+ unsigned char *p;
+
+ if (loc < 0)
+ return -1;
+ len = strlen(dat) + 1;
+ p = realloc(*st, (size_t)loc + len);
+ if (p == NULL)
+ return -1;
+ memcpy(p + loc, dat, len);
+ *st = p;
+ return len;
+}
+
+int
+vts_short(KRB_UINT32 dat, u_char **st, int loc)
+{
+ unsigned char *p;
+
+ if (loc < 0)
+ return -1;
+ p = realloc(*st, (size_t)loc + 2);
+ if (p == NULL)
+ return -1;
+
+ KRB4_PUT16BE(p, dat);
+ *st = p;
+ return 2;
+}
+
+int
+vts_long(KRB_UINT32 dat, u_char **st, int loc)
+{
+ unsigned char *p;
+
+ if (loc < 0)
+ return -1;
+ p = realloc(*st, (size_t)loc + 4);
+ if (p == NULL)
+ return -1;
+
+ KRB4_PUT32BE(p, dat);
+ *st = p;
+ return 4;
+}
+
+int
+vts_char(KRB_UINT32 dat, u_char **st, int loc)
+{
+ unsigned char *p;
+
+ if (loc < 0)
+ return -1;
+ p = realloc(*st, (size_t)loc + 1);
+ if (p == NULL)
+ return -1;
+ p[loc] = dat & 0xff;
+ *st = p;
+ return 1;
+}
+
+/*
+stream_to_vals
+ recieves : u_char *, kadm_vals *
+ returns : a kadm_vals filled in according to u_char *
+
+this decodes a byte stream represntation of a vals struct into kadm_vals
+*/
+int
+stream_to_vals(
+ u_char *dt_in,
+ Kadm_vals *dt_out,
+ int maxlen) /* max length to use */
+{
+ register int vsloop, stsize; /* loop counter, stream size */
+ register int status;
+
+ memset(dt_out, 0, sizeof(*dt_out));
+
+ stsize = check_field_header(dt_in, dt_out->fields, maxlen);
+ if (stsize < 0)
+ return -1;
+ for (vsloop = 31; vsloop >= 0; vsloop--)
+ if (IS_FIELD(vsloop, dt_out->fields))
+ switch (vsloop) {
+ case KADM_NAME:
+ status = stv_string(dt_in, dt_out->name, stsize,
+ sizeof(dt_out->name), maxlen);
+ if (status < 0)
+ return -1;
+ stsize += status;
+ break;
+ case KADM_INST:
+ status = stv_string(dt_in, dt_out->instance, stsize,
+ sizeof(dt_out->instance), maxlen);
+ if (status < 0)
+ return -1;
+ stsize += status;
+ break;
+ case KADM_EXPDATE:
+ {
+ KRB_UINT32 exp_date;
+
+ status = stv_long(dt_in, &exp_date, stsize, maxlen);
+ if (status < 0)
+ return -1;
+ dt_out->exp_date = exp_date;
+ stsize += status;
+ }
+ break;
+ case KADM_ATTR:
+ status = stv_short(dt_in, &dt_out->attributes, stsize,
+ maxlen);
+ if (status < 0)
+ return -1;
+ stsize += status;
+ break;
+ case KADM_MAXLIFE:
+ status = stv_char(dt_in, &dt_out->max_life, stsize,
+ maxlen);
+ if (status < 0)
+ return -1;
+ stsize += status;
+ break;
+ case KADM_DESKEY:
+ status = stv_long(dt_in, &dt_out->key_high, stsize,
+ maxlen);
+ if (status < 0)
+ return -1;
+ stsize += status;
+ status = stv_long(dt_in, &dt_out->key_low, stsize,
+ maxlen);
+ if (status < 0)
+ return -1;
+ stsize += status;
+ break;
+ default:
+ break;
+ }
+ return stsize;
+}
+
+int
+check_field_header(
+ u_char *st, /* stream */
+ u_char *cont, /* container for fields data */
+ int maxlen)
+{
+ if (4 > maxlen)
+ return -1;
+ memcpy(cont, st, 4);
+ return 4; /* return pointer to current stream location */
+}
+
+int
+stv_string(
+ register u_char *st, /* base pointer to the stream */
+ char *dat, /* a string to read from the stream */
+ register int loc, /* offset into the stream for current data */
+ int stlen, /* max length of string to copy in */
+ int maxlen) /* max length of input stream */
+{
+ int maxcount; /* max count of chars to copy */
+
+ if (loc < 0)
+ return -1;
+ maxcount = min(maxlen - loc, stlen);
+ if (maxcount <= 0) /* No strings left in the input stream */
+ return -1;
+
+ (void) strncpy(dat, (char *)st + loc, (size_t)maxcount);
+
+ if (dat[maxcount - 1]) /* not null-term --> not enuf room */
+ return -1;
+ return strlen(dat) + 1;
+}
+
+int
+stv_short(u_char *st, u_short *dat, int loc, int maxlen)
+{
+ u_short temp;
+ unsigned char *p;
+
+ if (loc < 0 || loc + 2 > maxlen)
+ return -1;
+ p = st + loc;
+ KRB4_GET16BE(temp, p);
+ *dat = temp;
+ return 2;
+}
+
+int
+stv_long(u_char *st, KRB_UINT32 *dat, int loc, int maxlen)
+{
+ KRB_UINT32 temp;
+ unsigned char *p;
+
+ if (loc < 0 || loc + 4 > maxlen)
+ return -1;
+ p = st + loc;
+ KRB4_GET32BE(temp, p);
+ *dat = temp;
+ return 4;
+}
+
+int
+stv_char(u_char *st, u_char *dat, int loc, int maxlen)
+{
+ if (loc < 0 || loc + 1 > maxlen)
+ return -1;
+ *dat = *(st + loc);
+ return 1;
+}
/*
* lib/krb4/mk_req.c
*
- * Copyright 1985, 1986, 1987, 1988, 2000 by the Massachusetts
+ * Copyright 1985, 1986, 1987, 1988, 2000, 2002 by the Massachusetts
* Institute of Technology. All Rights Reserved.
*
* Export of this software from the United States of America may
extern int krb_ap_req_debug;
static int lifetime = 255; /* Default based on the TGT */
+static int krb_mk_req_creds_prealm(KTEXT, CREDENTIALS *, KRB4_32, char *);
+
/*
* krb_mk_req takes a text structure in which an authenticator is to
* be built, the name of a service, an instance, a realm,
* all rounded up to multiple of 8.
*/
-int KRB5_CALLCONV
-krb_mk_req(authent, service, instance, realm, checksum)
+static int
+krb_mk_req_creds_prealm(authent, creds, checksum, myrealm)
register KTEXT authent; /* Place to build the authenticator */
- char *service; /* Name of the service */
- char *instance; /* Service instance */
- char *realm; /* Authentication domain of service */
+ CREDENTIALS *creds;
KRB4_32 checksum; /* Checksum of data (optional) */
+ char *myrealm; /* Client's realm */
{
KTEXT_ST req_st; /* Temp storage for req id */
KTEXT req_id = &req_st;
unsigned char *p, *q, *reqid_lenp;
int tl; /* Tkt len */
int idl; /* Reqid len */
- CREDENTIALS cr; /* Credentials used by retr */
- register KTEXT ticket = &(cr.ticket_st); /* Pointer to tkt_st */
- int retval; /* Returned by krb_get_cred */
+ register KTEXT ticket; /* Pointer to tkt_st */
Key_schedule key_s;
- char krb_realm[REALM_SZ]; /* Our local realm, if not specified */
- char myrealm[REALM_SZ]; /* Realm of our TGT */
size_t realmlen, pnamelen, pinstlen, myrealmlen;
unsigned KRB4_32 time_secs;
unsigned KRB4_32 time_usecs;
- /* get current realm if not passed in */
- if (realm == NULL) {
- retval = krb_get_lrealm(krb_realm, 1);
- if (retval != KSUCCESS)
- return retval;
- realm = krb_realm;
- }
-
+ ticket = &creds->ticket_st;
/* Get the ticket and move it into the authenticator */
if (krb_ap_req_debug)
- DEB (("Realm: %s\n",realm));
- /*
- * Determine realm of these tickets. We will send this to the
- * KDC from which we are requesting tickets so it knows what to
- * with our session key.
- */
- retval = krb_get_tf_realm(TKT_FILE, myrealm);
- if (retval != KSUCCESS)
- return retval;
+ DEB (("Realm: %s\n", creds->realm));
- retval = krb_get_cred(service, instance, realm, &cr);
- if (retval == RET_NOTKT) {
- retval = get_ad_tkt(service, instance, realm, lifetime);
- if (retval)
- return retval;
- retval = krb_get_cred(service, instance, realm, &cr);
- if (retval)
- return retval;
- }
- if (retval != KSUCCESS)
- return retval;
-
- realmlen = strlen(realm) + 1;
+ realmlen = strlen(creds->realm) + 1;
if (sizeof(authent->dat) < (1 + 1 + 1
+ realmlen
+ 1 + 1 + ticket->length)
|| ticket->length < 0 || ticket->length > 255) {
authent->length = 0;
- memset(cr.session, 0, sizeof(cr.session));
+ memset(creds->session, 0, sizeof(creds->session));
return KFAILURE;
}
if (krb_ap_req_debug)
- DEB (("%s %s %s %s %s\n", service, instance, realm,
- cr.pname, cr.pinst));
+ DEB (("%s %s %s %s %s\n", creds->service, creds->instance,
+ creds->realm, creds->pname, creds->pinst));
p = authent->dat;
/* The fixed parts of the authenticator */
*p++ = KRB_PROT_VERSION;
*p++ = AUTH_MSG_APPL_REQUEST;
- *p++ = cr.kvno;
+ *p++ = creds->kvno;
- memcpy(p, realm, realmlen);
+ memcpy(p, creds->realm, realmlen);
p += realmlen;
tl = ticket->length;
if (krb_ap_req_debug)
DEB (("Ticket->length = %d\n",ticket->length));
if (krb_ap_req_debug)
- DEB (("Issue date: %d\n",cr.issue_date));
+ DEB (("Issue date: %d\n",creds->issue_date));
- pnamelen = strlen(cr.pname) + 1;
- pinstlen = strlen(cr.pinst) + 1;
+ pnamelen = strlen(creds->pname) + 1;
+ pinstlen = strlen(creds->pinst) + 1;
myrealmlen = strlen(myrealm) + 1;
if (sizeof(req_id->dat) / 8 < (pnamelen + pinstlen + myrealmlen
+ 4 + 1 + 4 + 7) / 8) {
- memset(cr.session, 0, sizeof(cr.session));
+ memset(creds->session, 0, sizeof(creds->session));
return KFAILURE;
}
/* Build request id */
/* Auth name */
- memcpy(q, cr.pname, pnamelen);
+ memcpy(q, creds->pname, pnamelen);
q += pnamelen;
/* Principal's instance */
- memcpy(q, cr.pinst, pinstlen);
+ memcpy(q, creds->pinst, pinstlen);
q += pinstlen;
/* Authentication domain */
memcpy(q, myrealm, myrealmlen);
#ifndef NOENCRYPTION
/* Encrypt the request ID using the session key */
- key_sched(cr.session, key_s);
+ key_sched(creds->session, key_s);
pcbc_encrypt((C_Block *)req_id->dat, (C_Block *)req_id->dat,
- (long)req_id->length, key_s, &cr.session, 1);
+ (long)req_id->length, key_s, &creds->session, 1);
/* clean up */
memset(key_s, 0, sizeof(key_s));
- memset(cr.session, 0, sizeof(cr.session));
+ memset(creds->session, 0, sizeof(creds->session));
#endif /* NOENCRYPTION */
/* Copy it into the authenticator */
return KSUCCESS;
}
+int KRB5_CALLCONV
+krb_mk_req(authent, service, instance, realm, checksum)
+ register KTEXT authent; /* Place to build the authenticator */
+ char *service; /* Name of the service */
+ char *instance; /* Service instance */
+ char *realm; /* Authentication domain of service */
+ KRB4_32 checksum; /* Checksum of data (optional) */
+{
+ char krb_realm[REALM_SZ]; /* Our local realm, if not specified */
+ char myrealm[REALM_SZ]; /* Realm of initial TGT. */
+ int retval;
+ CREDENTIALS creds;
+
+ /* get current realm if not passed in */
+ if (realm == NULL) {
+ retval = krb_get_lrealm(krb_realm, 1);
+ if (retval != KSUCCESS)
+ return retval;
+ realm = krb_realm;
+ }
+ /*
+ * Determine realm of these tickets. We will send this to the
+ * KDC from which we are requesting tickets so it knows what to
+ * with our session key.
+ */
+ retval = krb_get_tf_realm(TKT_FILE, myrealm);
+ if (retval != KSUCCESS)
+ retval = krb_get_lrealm(myrealm, 1);
+ if (retval != KSUCCESS)
+ return retval;
+
+ retval = krb_get_cred(service, instance, realm, &creds);
+ if (retval == RET_NOTKT) {
+ retval = get_ad_tkt(service, instance, realm, lifetime);
+ if (retval)
+ return retval;
+ retval = krb_get_cred(service, instance, realm, &creds);
+ if (retval)
+ return retval;
+ }
+ if (retval != KSUCCESS)
+ return retval;
+
+ return krb_mk_req_creds_prealm(authent, &creds, checksum, myrealm);
+}
+
+int KRB5_CALLCONV
+krb_mk_req_creds(authent, creds, checksum)
+ register KTEXT authent; /* Place to build the authenticator */
+ CREDENTIALS *creds;
+ KRB4_32 checksum; /* Checksum of data (optional) */
+{
+ return krb_mk_req_creds_prealm(authent, creds, checksum, creds->realm);
+}
+
/*
* krb_set_lifetime sets the default lifetime for additional tickets
* obtained via krb_mk_req().
* It returns the previous value of the default lifetime.
*/
-int
+int KRB5_CALLCONV
krb_set_lifetime(newval)
int newval;
{
+++ /dev/null
-/*
- * one.c
- *
- * Copyright 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- */
-
-/*
- * definition of variable set to 1.
- * used in krb_conf.h to determine host byte order.
- */
-
-const int krbONE = 1;
--- /dev/null
+/*
+ * password_to_key.c -- password_to_key functions merged from KfM
+ *
+ * Copyright 1999, 2002 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <string.h>
+#include <stdlib.h>
+
+#if TARGET_OS_MAC
+#include <Kerberos/CredentialsCache.h>
+#endif
+#include "krb.h"
+#include "krb4int.h"
+
+/*
+ * passwd_to_key(): given a password, return a DES key.
+ * There are extra arguments here which (used to be?)
+ * used by srvtab_to_key().
+ *
+ * If the "passwd" argument is not null, generate a DES
+ * key from it, using string_to_key().
+ *
+ * If the "passwd" argument is null, then on a Unix system we call
+ * des_read_password() to prompt for a password and then convert it
+ * into a DES key. But "prompting" the user is harder in a Windows or
+ * Macintosh environment, so we rely on our caller to explicitly do
+ * that now.
+ *
+ * In either case, the resulting key is put in the "key" argument,
+ * and 0 is returned.
+ */
+
+#if TARGET_OS_MAC
+/*ARGSUSED */
+int
+krb_get_keyprocs(KRB_UINT32 stkType,
+ key_proc_array kps, key_proc_type_array sts)
+{
+ /* generates the list of key procs */
+ /* always try them all, but try the specified one first */
+ switch (stkType) {
+ case cc_v4_stk_afs:
+ kps[0] = afs_passwd_to_key;
+ sts[0] = cc_v4_stk_afs;
+
+ kps[1] = mit_passwd_to_key;
+ sts[1] = cc_v4_stk_des;
+
+ kps[2] = krb5_passwd_to_key;
+ sts[2] = cc_v4_stk_krb5;
+
+ kps[3] = NULL;
+ break;
+ case cc_v4_stk_des:
+ case cc_v4_stk_unknown:
+ default:
+ kps[0] = mit_passwd_to_key;
+ sts[0] = cc_v4_stk_des;
+
+ kps[1] = afs_passwd_to_key;
+ sts[1] = cc_v4_stk_afs;
+
+ kps[2] = krb5_passwd_to_key;
+ sts[2] = cc_v4_stk_krb5;
+
+ kps[3] = NULL;
+ break;
+ }
+ return KSUCCESS;
+}
+#endif
+
+int
+mit_passwd_to_key(char *user, char *instance, char *realm,
+ char *passwd, C_Block key)
+{
+#pragma unused(user)
+#pragma unused(instance)
+#pragma unused(realm)
+
+ if (passwd)
+ mit_string_to_key(passwd, key);
+#if !(defined(_WINDOWS) || defined(macintosh))
+ else {
+ des_read_password((C_Block *)key, "Password: ", 0);
+ }
+#endif /* unix */
+ return (0);
+}
+
+/* So we can use a v4 kinit against a v5 kdc with no krb4 salted key */
+int
+krb5_passwd_to_key(char *user, char *instance, char *realm,
+ char *passwd, C_Block key)
+{
+ if (user && instance && realm && passwd) {
+ unsigned int len = MAX_K_NAME_SZ + strlen(passwd) + 1;
+ char *p = malloc (len);
+ if (p != NULL) {
+ snprintf (p, len, "%s%s%s%s", passwd, realm, user, instance);
+ p[len - 1] = '\0';
+ mit_string_to_key (p, key);
+ free (p);
+ return 0;
+ }
+ }
+ return -1;
+}
+
+int
+afs_passwd_to_key(char *user, char *instance, char *realm,
+ char *passwd, C_Block key)
+{
+#pragma unused(user)
+#pragma unused(instance)
+
+ if (passwd)
+ afs_string_to_key(passwd, realm, key);
+#if !(defined(_WINDOWS) || defined(macintosh))
+ else {
+ des_read_password((C_Block *)key, "Password: ", 0);
+ }
+#endif /* unix */
+ return (0);
+}
p = pkt->dat;
*p++ = KRB_PROT_VERSION;
- *p++ = AUTH_MSG_KDC_REQUEST | (le ? LSB_FIRST : MSB_FIRST);
+ *p++ = AUTH_MSG_KDC_REQUEST | !!le;
ret = krb4prot_encode_naminstrlm(pname, pinst, prealm, chklen,
pkt, &p);
p = pkt->dat;
/* Assume >= 3 bytes in a KTEXT. */
*p++ = KRB_PROT_VERSION;
- *p++ = AUTH_MSG_APPL_REQUEST | (le ? LSB_FIRST : MSB_FIRST);
+ *p++ = AUTH_MSG_APPL_REQUEST | !!le;
*p++ = kvno;
else
*p++ = KRB_PROT_VERSION;
/* little-endianness based on input, usually big-endian, though. */
- *p++ = AUTH_MSG_KDC_REPLY | (le ? LSB_FIRST : MSB_FIRST);
+ *p++ = AUTH_MSG_KDC_REPLY | !!le;
ret = krb4prot_encode_naminstrlm(pname, pinst, prealm, chklen,
outbuf, &p);
* Assume at least one byte in a KTEXT. If not, we have bigger
* problems. Also, bitwise-OR in the little-endian flag.
*/
- *p++ = flags | (le ? LSB_FIRST : MSB_FIRST);
+ *p++ = flags | !!le;
if (krb4prot_encode_naminstrlm(pname, pinst, prealm, chklen,
tkt, &p))
p = pkt->dat;
/* Assume >= 2 bytes in KTEXT. */
*p++ = KRB_PROT_VERSION;
- *p++ = AUTH_MSG_ERR_REPLY | (le ? LSB_FIRST : MSB_FIRST);
+ *p++ = AUTH_MSG_ERR_REPLY | !!le;
if (krb4prot_encode_naminstrlm(pname, pinst, prealm, chklen,
pkt, &p))
/*
* lib/krb4/rd_req.c
*
- * Copyright 1985, 1986, 1987, 1988, 2000, 2001 by the Massachusetts
- * Institute of Technology. All Rights Reserved.
+ * Copyright 1985, 1986, 1987, 1988, 2000, 2001, 2002 by the
+ * Massachusetts Institute of Technology. All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
extern int krb_ap_req_debug;
+static int
+krb_rd_req_with_key(KTEXT, char *, char *, KRB_UINT32, AUTH_DAT *,
+ Key_schedule, krb5_keyblock *);
+
/* declared in krb.h */
int krb_ignore_ip_address = 0;
* Mutual authentication is not implemented.
*/
-int KRB5_CALLCONV
-krb_rd_req(authent, service, instance, from_addr, ad, fn)
+static int
+krb_rd_req_with_key(authent, service, instance, from_addr, ad, ks, k5key)
register KTEXT authent; /* The received message */
char *service; /* Service name */
char *instance; /* Service instance */
unsigned KRB4_32 from_addr; /* Net address of originating host */
AUTH_DAT *ad; /* Structure to be filled in */
- char *fn; /* Filename to get keys from */
+ Key_schedule ks;
+ krb5_keyblock *k5key;
{
KTEXT_ST ticket; /* Temp storage for ticket */
KTEXT tkt = &ticket;
char realm[REALM_SZ]; /* Realm of issuing kerberos */
Key_schedule seskey_sched; /* Key sched for session key */
- unsigned char skey[KKEY_SZ]; /* Session key from ticket */
char sname[SNAME_SZ]; /* Service name from ticket */
char iname[INST_SZ]; /* Instance name from ticket */
char r_aname[ANAME_SZ]; /* Client name from authenticator */
Kerberos used to encrypt ticket */
int ret;
int len;
- krb5_keyblock keyblock;
- int status;
tkt->mbz = req_id->mbz = 0;
(void)memcpy(realm, ptr, (size_t)len);
ptr += len; /* skip the realm "hint" */
- /*
- * If "fn" is NULL, key info should already be set; don't
- * bother with ticket file. Otherwise, check to see if we
- * already have key info for the given server and key version
- * (saved in the static st_* variables). If not, go get it
- * from the ticket file. If "fn" is the null string, use the
- * default ticket file.
- */
- if (fn && (strcmp(st_nam,service) || strcmp(st_inst,instance)
- || strcmp(st_rlm,realm) || (st_kvno != s_kvno))) {
- if (*fn == 0)
- fn = KEYFILE;
- st_kvno = s_kvno;
-#ifndef NOENCRYPTION
- if (read_service_key(service,instance,realm, (int)s_kvno,
- fn, (char *)skey) == 0) {
- if ((status = krb_set_key((char *)skey,0)))
- return(status);
-#ifdef KRB4_USE_KEYTAB
- } else if (krb54_get_service_keyblock(service, instance,
- realm, (int)s_kvno,
- fn, &keyblock) == 0) {
- krb_set_key_krb5(krb5__krb4_context, &keyblock);
- krb5_free_keyblock_contents(krb5__krb4_context, &keyblock);
-#endif
- } else
- return RD_AP_UNDEC;
-#endif /* !NOENCRYPTION */
-
- len = krb4int_strnlen(realm, sizeof(st_rlm)) + 1;
- if (len <= 0)
- return KFAILURE;
- memcpy(st_rlm, realm, (size_t)len);
- len = krb4int_strnlen(service, sizeof(st_nam)) + 1;
- if (len <= 0)
- return KFAILURE;
- memcpy(st_nam, service, (size_t)len);
- len = krb4int_strnlen(instance, sizeof(st_inst)) + 1;
- if (len <= 0)
- return KFAILURE;
- memcpy(st_inst, instance, (size_t)len);
- }
-
/* Get ticket length */
tkt->length = *ptr++;
/* Get authenticator length while we're at it. */
/* Decrypt and take apart ticket */
#endif
- if (!krb5_key) {
+ if (k5key == NULL) {
if (decomp_ticket(tkt,&ad->k_flags,ad->pname,ad->pinst,ad->prealm,
&(ad->address),ad->session, &(ad->life),
- &(ad->time_sec),sname,iname,ky,serv_key)) {
+ &(ad->time_sec),sname,iname,ky,ks)) {
#ifdef KRB_CRYPT_DEBUG
log("Can't decode ticket");
#endif
if (decomp_tkt_krb5(tkt, &ad->k_flags, ad->pname, ad->pinst,
ad->prealm, &ad->address, ad->session,
&ad->life, &ad->time_sec, sname, iname,
- &srv_k5key)) {
+ k5key)) {
return RD_AP_UNDEC;
}
}
return RD_AP_OK;
}
+
+int KRB5_CALLCONV
+krb_rd_req_int(authent, service, instance, from_addr, ad, key)
+ KTEXT authent; /* The received message */
+ char *service; /* Service name */
+ char *instance; /* Service instance */
+ KRB_UINT32 from_addr; /* Net address of originating host */
+ AUTH_DAT *ad; /* Structure to be filled in */
+ C_Block key; /* Key to decrypt ticket with */
+{
+ Key_schedule ks;
+ int ret;
+
+ do {
+ ret = des_key_sched(key, ks);
+ if (ret) break;
+ ret = krb_rd_req_with_key(authent, service, instance,
+ from_addr, ad, ks, NULL);
+ } while (0);
+ memset(ks, 0, sizeof(ks));
+ return ret;
+}
+
+int KRB5_CALLCONV
+krb_rd_req(authent, service, instance, from_addr, ad, fn)
+ register KTEXT authent; /* The received message */
+ char *service; /* Service name */
+ char *instance; /* Service instance */
+ unsigned KRB4_32 from_addr; /* Net address of originating host */
+ AUTH_DAT *ad; /* Structure to be filled in */
+ char *fn; /* Filename to get keys from */
+{
+ unsigned char *ptr;
+ unsigned char s_kvno;
+ char realm[REALM_SZ];
+ unsigned char skey[KKEY_SZ];
+ krb5_keyblock keyblock;
+ int len;
+ int status;
+
+#define AUTHENT_REMAIN (authent->length - (ptr - authent->dat))
+ if (authent->length < 3)
+ return RD_AP_MODIFIED;
+ ptr = authent->dat + 2;
+ s_kvno = *ptr++; /* get server key version */
+ len = krb4int_strnlen((char *)ptr, AUTHENT_REMAIN) + 1;
+ if (len <= 0 || len > sizeof(realm))
+ return RD_AP_MODIFIED;
+ (void)memcpy(realm, ptr, (size_t)len);
+#undef AUTHENT_REMAIN
+ /*
+ * If "fn" is NULL, key info should already be set; don't
+ * bother with ticket file. Otherwise, check to see if we
+ * already have key info for the given server and key version
+ * (saved in the static st_* variables). If not, go get it
+ * from the ticket file. If "fn" is the null string, use the
+ * default ticket file.
+ */
+ if (fn && (strcmp(st_nam,service) || strcmp(st_inst,instance)
+ || strcmp(st_rlm,realm) || (st_kvno != s_kvno))) {
+ if (*fn == 0)
+ fn = KEYFILE;
+ st_kvno = s_kvno;
+ if (read_service_key(service,instance,realm, (int)s_kvno,
+ fn, (char *)skey) == 0) {
+ if ((status = krb_set_key((char *)skey,0)))
+ return(status);
+#ifdef KRB4_USE_KEYTAB
+ } else if (krb54_get_service_keyblock(service, instance,
+ realm, (int)s_kvno,
+ fn, &keyblock) == 0) {
+ krb_set_key_krb5(krb5__krb4_context, &keyblock);
+ krb5_free_keyblock_contents(krb5__krb4_context, &keyblock);
+#endif
+ } else
+ return RD_AP_UNDEC;
+
+ len = krb4int_strnlen(realm, sizeof(st_rlm)) + 1;
+ if (len <= 0)
+ return KFAILURE;
+ memcpy(st_rlm, realm, (size_t)len);
+ len = krb4int_strnlen(service, sizeof(st_nam)) + 1;
+ if (len <= 0)
+ return KFAILURE;
+ memcpy(st_nam, service, (size_t)len);
+ len = krb4int_strnlen(instance, sizeof(st_inst)) + 1;
+ if (len <= 0)
+ return KFAILURE;
+ memcpy(st_inst, instance, (size_t)len);
+ }
+ return krb_rd_req_with_key(authent, service, instance,
+ from_addr, ad,
+ krb5_key ? NULL : serv_key,
+ krb5_key ? &srv_k5key : NULL);
+}
return n;
}
-char *tkt_string();
-
/*
* tf_save_cred() appends an incoming ticket to the end of the ticket
* file. You must call tf_init() before calling tf_save_cred().
/*
* tkt_string.c
*
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
+ * Copyright 1985, 1986, 1987, 1988, 2002 by the Massachusetts
+ * Institute of Technology. All Rights Reserved.
*
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
*/
-#include "mit-copyright.h"
#include "krb.h"
#include <stdio.h>
#include <string.h>
static char krb_ticket_string[MAXPATHLEN];
-char *tkt_string()
+const char *tkt_string()
{
char *env;
uid_t getuid();