*/
-#include <CoreServices/CoreServices.h>
#include "krb.h"
#include "krb4int.h"
-#include "prot.h"
#if !defined (USE_CCAPI) || !USE_CCAPI
#error "Cannot use CCache glue without the CCAPI!"
#include <string.h>
#include <stdlib.h>
-void
-UpdateDefaultCache (void);
+/*
+ * The following functions are part of the KfM ABI.
+ * They are deprecated, so they only appear here, not in krb.h.
+ *
+ * Do not change the ABI of these functions!
+ */
+int KRB5_CALLCONV krb_get_num_cred(void);
+int KRB5_CALLCONV krb_get_nth_cred(char *, char *, char *, int);
+int KRB5_CALLCONV krb_delete_cred(char *, char *,char *);
+int KRB5_CALLCONV dest_all_tkts(void);
+
+/* Internal functions */
+static void UpdateDefaultCache (void);
/*
* The way Kerberos v4 normally works is that at any given point in time there is a
#ifdef USE_LOGIN_LIBRARY
// If we are requesting a tgt, prompt for it
- if (strncmp (service, TICKET_GRANTING_TICKET, ANAME_SZ) == 0) {
+ if (strncmp (service, KRB_TICKET_GRANTING_TICKET, ANAME_SZ) == 0) {
OSStatus err;
char *cacheName;
KLPrincipal defaultPrincipal = nil;
* Synchronize default cache for this process with system default cache
*/
-void
+static void
UpdateDefaultCache (void)
{
cc_string_t name;
+2003-03-06 Alexandra Ellwood <lxs@mit.edu>
+
+ * CCache-glue.c: Added prototypes for deprecated functions.
+ Made internal functions static. Removed unused CoreServices
+ include. Changed TICKET_GRANTING_TICKET to new macro:
+ KRB_TICKET_GRANTING_TICKET.
+
+ * change_password.c: Added check of inputs to krb_change_password
+ so we don't crash on bad inputs. Call des_string_to_key not
+ mit_password_to_key on all platforms because we don't want to
+ prompt for a password.
+
+ * FSp-glue.c: Added prototypes for deprecated functions. Changed to
+ use KfM's FSSpecToPOSIXPath which correctly handles FSSpecs where
+ the file does not exist.
+
+ * g_in_tkt.c: Added explanatory comments. Made TARGET_OS_MAC sections
+ a little smaller and easier to read.
+
+ * g_pw_in_tkt.c: Only prompt when we are not using the login library.
+ This is so that Darwin builds do prompt but KfM builds don't.
+
+ * g_svc_in_tkt.c, g_tkt_svc.c: Changed to use KRB_TICKET_GRANTING_TICKET.
+
+ * kadm_net.c: Use autoconf variable krb5_sigtype instead of sigtype,
+ which doesn't seem to be defined on Mac OS X.
+
+ * krb4int.h, RealmsConfig-glue.c: Removed krb_get_stk().
+
+ * rd_req.c: Added #ifdef KRB4_USE_KEYTAB to avoid unused variable warning
+ when KRB4_USE_KEYTAB is not defined.
+
+ * sendauth.c: Fixed warnings with casts.
+
2003-03-04 Ken Raeburn <raeburn@mit.edu>
* password_to_key.c (mit_passwd_to_key, afs_passwd_to_key):
#include <stdio.h>
#include <string.h>
-#if TARGET_OS_MAC && defined(__FILES__)
-
-#include <CoreServices/CoreServices.h>
+#include <Kerberos/FSpUtils.h>
+/*
+ * These functions are compiled in for ABI compatibility with older versions of KfM.
+ * They are deprecated so they do not appear in the KfM headers anymore.
+ *
+ * Do not change their ABIs!
+ */
+int KRB5_CALLCONV FSp_krb_get_svc_in_tkt (char *, char *, char *, char *, char *, int, const FSSpec *);
+int KRB5_CALLCONV FSp_put_svc_key (const FSSpec *, char *, char *, char *, int, char *);
+int KRB5_CALLCONV FSp_read_service_key (char *, char *, char *, int, const FSSpec*, char *);
-static int FSp_srvtab_to_key(char *, char *, char *, char *, C_Block);
-static OSStatus FSSpec2Path (FSSpec *spec, char **path, int pathLen);
+static int FSp_srvtab_to_key (char *, char *, char *, char *, C_Block);
int KRB5_CALLCONV
FSp_read_service_key(
int retval = KFAILURE;
char file [MAXPATHLEN];
if (filespec != NULL) {
- if (FSSpec2Path (filespec, &file, sizeof(file)) != noErr) {
+ if (FSSpecToPOSIXPath (filespec, file, sizeof(file)) != noErr) {
return retval;
}
}
char sfile[MAXPATHLEN];
if (sfilespec != NULL) {
- if (FSSpec2Path (sfilespec, &sfile, sizeof(sfile)) != noErr) {
+ if (FSSpecToPOSIXPath (sfilespec, sfile, sizeof(sfile)) != noErr) {
return retval;
}
}
return FSp_read_service_key(user, instance, realm, 0,
(FSSpec *)srvtab, (char *)key);
}
-
-static OSStatus FSSpec2Path (FSSpec *spec, char **path, int pathLen)
-{
- OSStatus err = noErr;
- FSRef ref;
-
- /* check parameters */
- if (path == NULL) err = paramErr;
-
- /* convert the FSSpec to an FSRef */
- if (err == noErr) {
- FSRefParam pb;
-
- pb.ioVRefNum = spec->vRefNum;
- pb.ioDirID = spec->parID;
- pb.ioNamePtr = (StringPtr) spec->name;
- pb.newRef = &ref;
- err = PBMakeFSRefSync(&pb);
- }
-
- /* and then convert the FSRef to a path */
- if (err == noErr) {
- err = FSRefMakePath (&ref, path, pathLen);
- }
-
- return err;
-}
-
-#endif
#include <stdio.h>
#include <ctype.h>
#include <errno.h>
-#if TARGET_OS_MAC
-#include <CoreServices/CoreServices.h>
-#endif
#include "profile.h"
#include "krb.h"
#include "krb4int.h"
#include "port-sockets.h"
-#ifdef USE_CCAPI
-#include <CredentialsCache.h>
-#endif
-
#define KRB5_PRIVATE 1
/* For krb5_get_default_config_files and krb5_free_config_files */
#include "krb5.h"
return result;
}
-#ifdef USE_CCAPI
-/*
- * Realm -> string_to_key mapping
- */
-int
-krb_get_stk(
- KRB_UINT32 *type,
- char *realm)
-{
- long profErr = 0;
- const char *names[] = {REALMS_V4_PROF_REALMS_SECTION, NULL,
- REALMS_V4_PROF_STK, NULL};
- profile_t profile = NULL;
- void *iter = NULL;
- char *name = NULL;
- char *value = NULL;
- int found = 0;
-
- names[1] = realm;
-
- profErr = krb_get_profile(&profile);
- if (profErr) {
- goto cleanup;
- }
-
- profErr = profile_iterator_create(profile, names,
- PROFILE_ITER_RELATIONS_ONLY, &iter);
- if (profErr) {
- goto cleanup;
- }
-
- profErr = profile_iterator(&iter, &name, &value);
- if (profErr) {
- goto cleanup;
- }
-
- if (name != NULL) {
- if (!strncmp(value, REALMS_V4_MIT_STK, strlen(REALMS_V4_MIT_STK))) {
- *type = cc_v4_stk_des;
- found = 1;
- } else if (!strncmp(value, REALMS_V4_AFS_STK,
- strlen(REALMS_V4_AFS_STK))) {
- *type = cc_v4_stk_afs;
- found = 1;
- } else if (!strncmp(value, REALMS_V4_COLUMBIA_STK,
- strlen(REALMS_V4_COLUMBIA_STK))) {
- *type = cc_v4_stk_columbia_special;
- found = 1;
- }
- }
-
-cleanup:
- if (name != NULL)
- profile_release_string(name);
- if (value != NULL)
- profile_release_string(value);
- if (iter != NULL)
- profile_iterator_free(&iter);
- if (profile != NULL)
- profile_abandon(profile);
-
- /* If this fails, we just rely on autodetecting the realm */
- if (!found) {
- *type = cc_v4_stk_unknown;
- }
- return KSUCCESS;
-}
-#endif /* USE_CCAPI */
-
/*
* Hostname -> realm name mapping
*
u_char *p;
err = 0;
+
+ /* Check inputs: */
+ if (principal == NULL || instance == NULL || realm == NULL ||
+ oldPassword == NULL || newPassword == NULL) {
+ return KFAILURE;
+ }
+
/*
* Get tickets to change the old password and shove them in the
* client_parm
if (err != KSUCCESS)
goto cleanup;
-#if TARGET_OS_MAC
/* Now create the key to send to the server */
- mit_passwd_to_key(principal, instance, realm, newPassword, key);
-#else
- des_string_to_key(newPassword, key); /* XXX check this! */
-#endif
+ /* Use this and not mit_password_to_key so that we don't prompt */
+ des_string_to_key(newPassword, key);
+
/* Create the link to the server */
err = kadm_init_link(PWSERV_NAME, KRB_MASTER, realm, &client_parm, 1);
if (err != KADM_SUCCESS)
static int decrypt_tkt(char *, char *, char *, char *, key_proc_type, KTEXT *);
static int krb_mk_in_tkt_preauth(char *, char *, char *, char *, char *,
- int, char *, int, KTEXT, int *,
- struct sockaddr_in *);
+ int, char *, int, KTEXT, int *, struct sockaddr_in *);
static int krb_parse_in_tkt_creds(char *, char *, char *, char *, char *,
int, KTEXT, int, CREDENTIALS *);
service, sinstance, life, cip, byteorder, creds);
} while ((keyprocs [++i] != NULL) && (kerror == INTK_BADPW));
- if (laddrp != NULL)
- *laddrp = local_addr.sin_addr.s_addr;
+ /* Fill in the local address if the caller wants it */
+ if (laddrp != NULL) {
+ *laddrp = local_addr.sin_addr.s_addr;
+ }
/* stomp stomp stomp */
memset(cip->dat, 0, (size_t)cip->length);
char *arg;
CREDENTIALS *creds;
{
-#if TARGET_OS_MAC /* XXX */
- return krb_get_in_tkt_preauth_creds(user, instance, realm,
- service, sinstance, life,
- key_proc, decrypt_proc, arg,
- NULL, 0, creds, &creds.address);
+#if TARGET_OS_MAC
+ KRB_UINT32 *laddrp = &creds->address;
#else
+ KRB_UINT32 *laddrp = NULL; /* Only the Mac stores the address */
+#endif
+
return krb_get_in_tkt_preauth_creds(user, instance, realm,
service, sinstance, life,
key_proc, decrypt_proc, arg,
- NULL, 0, creds, NULL);
-#endif
+ NULL, 0, creds, laddrp);
}
int KRB5_CALLCONV
int life;
char *password;
{
-#if defined(_WIN32) || defined(macintosh)
+#if defined(_WIN32) || (defined(USE_LOGIN_LIBRARY) && USE_LOGIN_LIBRARY)
/* In spite of the comments above, we don't allow that path here,
to simplify coding the non-UNIX clients. The only code that now
depends on this behavior is the preauth support, which has a
key_proc_type *keyprocs = krb_get_keyprocs (NULL);
int i = 0;
-#if defined(_WIN32) || USE_LOGIN_LIBRARY
+#if defined(_WIN32) || (defined(USE_LOGIN_LIBRARY) && USE_LOGIN_LIBRARY)
/* On non-Unix systems, we can't handle a null password, because
passwd_to_key can't handle prompting for the password. */
if (password == 0)
krb_set_tkt_string(tkt_file);
return krb_get_svc_in_tkt(user,instance,realm,
- "krbtgt",realm,lifetime,srvtab_file);
+ KRB_TICKET_GRANTING_TICKET,realm,lifetime,srvtab_file);
}
krb_set_tkt_string(tkt_file);
return krb_get_svc_in_tkt_preauth(user,instance,realm,
- "krbtgt",realm,lifetime,srvtab_file);
+ KRB_TICKET_GRANTING_TICKET,realm,lifetime,srvtab_file);
}
FIXME gnu - I think this is a bug. We should allow direct
authentication to the desired realm, regardless of what the "local"
realm is. I fixed it. FIXME -- not quite right. */
- err = krb_get_cred ("krbtgt", realm, lrealm, &cr);
+ err = krb_get_cred (KRB_TICKET_GRANTING_TICKET, realm, lrealm, &cr);
if (err)
return err;
static void clear_secrets(des_cblock sess_key, Key_schedule sess_sched);
/* XXX FIXME! */
#ifdef SIGPIPE
-static sigtype (*opipe)();
+static krb5_sigtype (*opipe)();
#endif
/*
int krb_get_in_tkt_preauth_creds(char *, char *, char *,
char *, char *, int,
key_proc_type, decrypt_tkt_type,
- char *, char *, int, CREDENTIALS *,
- KRB_UINT32 *);
+ char *, char *, int, CREDENTIALS *, KRB_UINT32 *);
/* klog.c */
void kset_logfile(char *);
/* RealmConfig-glue.c */
int krb_get_kpasswdhst(char *, char *, int);
-int krb_get_stk(KRB_UINT32 *type, char *realm);
/* err_txt.c */
void krb4int_et_init(void);
unsigned char s_kvno;
char realm[REALM_SZ];
unsigned char skey[KKEY_SZ];
+#ifdef KRB4_USE_KEYTAB
krb5_keyblock keyblock;
+#endif
int len;
int status;
/* get the length of the reply */
reread:
- got = krb_net_read(fd, raw_len, sizeof(KRB4_32));
+ got = krb_net_read(fd, (char *)raw_len, sizeof(KRB4_32));
if (got != sizeof(KRB4_32))
return KFAILURE;
return(cc);
/* Get the reply out of the socket. */
- cc = krb_net_rd_sendauth (fd, packet, (char *)&raw_tkt_len);
+ cc = krb_net_rd_sendauth (fd, packet, &raw_tkt_len);
if (cc != KSUCCESS)
return cc;
projects / krb5.git / commitdiff