+2002-12-12 Tom Yu <tlyu@mit.edu>
+
+ * kerberos.c (kerberos4_send, kerberos4_is): Use
+ krb_get_err_text() instead of krb_err_txt array.
+
+ * strcasecmp.c: Include sys/types.h rather than sys/cdefs.h.
+
2002-11-15 Ezra Peisach <epeisach@bu.edu>
* enc-proto.h, enc_des.c, encrypt.c: Unsigned/signed cleanups.
return(0);
}
if ((r = krb_mk_req(&kauth, KRB_SERVICE_NAME, instance, realm, 0))) {
- printf("mk_req failed: %s\r\n", krb_err_txt[r]);
+ printf("mk_req failed: %s\r\n", krb_get_err_text(r));
return(0);
}
if ((r = krb_get_cred(KRB_SERVICE_NAME, instance, realm, &cred))) {
- printf("get_cred failed: %s\r\n", krb_err_txt[r]);
+ printf("get_cred failed: %s\r\n", krb_get_err_text(r));
return(0);
}
if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
instance, 0, &adat, ""))) {
if (auth_debug_mode)
printf("Kerberos failed him as %s\r\n", name);
- Data(ap, KRB_REJECT, (const void *)krb_err_txt[r], -1);
+ Data(ap, KRB_REJECT, (const void *)krb_get_err_text(r), -1);
auth_finished(ap, AUTH_REJECT);
return;
}
#define const
#endif
-#include <sys/cdefs.h>
+#include <sys/types.h>
#ifdef HAVE_STRING_H
#include <string.h>
#else
+2002-12-12 Tom Yu <tlyu@mit.edu>
+
+ * krb.h: Change _WINDOWS->_WIN32. Add symbols for
+ RealmsConfig-glue.c. Remove explicit errno declaration. Fix some
+ prototypes of functions in RealmsConfig-glue.c to take const char*
+ for realm. Update prorotypes of functions that may take a ticket
+ file name to take const char*. Collect prototypes of FSp-glue.c
+ functions together.
+
2002-12-04 Tom Yu <tlyu@mit.edu>
* des.h: Move explicit definition of _WINDOWS to precede
#ifndef KRB5INT_CRYPTO_DES_INT
#define DES_DEFS
-#if defined(_WIN32) && !defined(_WINDOWS)
-#define _WINDOWS
-#endif
-#if defined(_WINDOWS)
+#if defined(_WIN32)
#ifndef KRB4
#define KRB4 1
#endif
/* Need some defs from des.h */
#include <kerberosIV/des.h>
-
-#include <kerberosIV/krb_err.h> /* XXX FIXME! */
-
+#include <kerberosIV/krb_err.h>
#include <profile.h>
-#ifdef _WINDOWS
+#ifdef _WIN32
#include <time.h>
-#endif /* _WINDOWS */
+#endif /* _WIN32 */
#ifdef __cplusplus
#ifndef KRBINT_BEGIN_DECLS
#define KRB_INT32 DES_INT32
#define KRB_UINT32 DES_UINT32
-/* Text describing error codes */
#define MAX_KRB_ERRORS 256
-extern const char *const krb_err_txt[MAX_KRB_ERRORS];
+extern const char * const * const krb_err_txt;
/* General definitions */
#define KSUCCESS 0
/* Location of ticket file for save_cred and get_cred */
-#ifdef _WINDOWS
+#ifdef _WIN32
#define TKT_FILE "\\kerberos\\ticket.ses"
#else
#define TKT_FILE tkt_string()
#define TKT_ROOT "/tmp/tkt"
-#endif /* PC */
+#endif /* _WIN32 */
/*
* Error codes are now defined as offsets from com_err (krb_err.et)
#endif /* ATHENA_COMPAT */
-#ifdef _WINDOWS
+#ifdef _WIN32
#define TIME_GMT_UNIXSEC win_time_gmt_unixsec((unsigned KRB4_32 *)0)
#define TIME_GMT_UNIXSEC_US(us) win_time_gmt_unixsec((us))
#define CONVERT_TIME_EPOCH win_time_get_epoch()
#define TIME_GMT_UNIXSEC unix_time_gmt_unixsec((unsigned KRB4_32 *)0)
#define TIME_GMT_UNIXSEC_US(us) unix_time_gmt_unixsec((us))
#define CONVERT_TIME_EPOCH ((long)0) /* Unix epoch is Krb epoch */
-#endif /*_WINDOWS*/
-
+#endif /* _WIN32 */
+
+/* Constants for KerberosProfileLib */
+#define REALMS_V4_PROF_REALMS_SECTION "v4 realms"
+#define REALMS_V4_PROF_KDC "kdc"
+#define REALMS_V4_PROF_ADMIN_KDC "admin_server"
+#define REALMS_V4_PROF_KPASSWD_KDC "kpasswd_server"
+#define REALMS_V4_PROF_DOMAIN_SECTION "v4 domain_realm"
+#define REALMS_V4_PROF_LIBDEFAULTS_SECTION "libdefaults"
+#define REALMS_V4_PROF_LOCAL_REALM "default_realm"
+#define REALMS_V4_PROF_STK "string_to_key_type"
+#define REALMS_V4_MIT_STK "mit_string_to_key"
+#define REALMS_V4_AFS_STK "afs_string_to_key"
+#define REALMS_V4_COLUMBIA_STK "columbia_string_to_key"
+#define REALMS_V4_DEFAULT_REALM "default_realm"
+#define REALMS_V4_NO_ADDRESSES "noaddresses"
/* ask to disable IP address checking in the library */
extern int krb_ignore_ip_address;
#define DEB(x) /* nothing */
#endif
-/*
- * Some Unixes don't declare errno in <errno.h>...
- * Move this out to individual c-*.h files if it becomes troublesome.
- */
-#if !defined(errno) && !defined(_WINDOWS)
-extern int errno;
-#endif
-
/* Define a couple of function types including parameters. These
are needed on MS-Windows to convert arguments of the function pointers
to the proper types during calls. */
/* g_krbhst.c */
int KRB5_CALLCONV krb_get_krbhst
- (char *host, char *realm, int idx);
+ (char *host, const char *realm, int idx);
/* g_krbrlm.c */
int KRB5_CALLCONV krb_get_lrealm
(char *realm, int idx);
(char *k_user, char *instance, char *realm,
char *service, char *sinstance,
int life, char *srvtab);
-#if TARGET_OS_MAC && defined(__FILES__)
-int KRB5_CALLCONV
-FSp_krb_get_svc_in_tkt(char *, char *, char *, char *, char *,
- int, const FSSpec *);
-#endif
/* g_tf_fname.c */
int KRB5_CALLCONV krb_get_tf_fullname
- (char *ticket_file, char *name, char *inst, char *realm);
+ (const char *ticket_file, char *name, char *inst, char *realm);
/* g_tf_realm.c */
int KRB5_CALLCONV krb_get_tf_realm
- (char *ticket_file, char *realm);
+ (const char *ticket_file, char *realm);
/* g_tkt_svc.c */
int KRB5_CALLCONV krb_get_ticket_for_service
(char *serviceName,
int KRB5_CALLCONV kname_parse
(char *name, char *inst, char *realm,
char *fullname);
-/* From KfM XXX to be merged*/
+/* Merged from KfM */
int KRB5_CALLCONV kname_unparse
(char *, const char *, const char *, const char *);
(char *sfile,
char *name, char *inst, char *realm,
int newvno, char *key);
-#if TARGET_OS_MAC && defined(__FILES__)
-int KRB5_CALLCONV FSp_put_svc_key(const FSSpec *, char *, char *, char *,
- int, char *);
-#endif
/* rd_err.c */
int KRB5_CALLCONV krb_rd_err
int KRB5_CALLCONV get_service_key
(char *service, char *instance, char *realm,
int *kvno, char *file, char *key);
-#if TARGET_OS_MAC && defined(__FILES__)
-int KRB5_CALLCONV FSp_read_service_key(char *, char *, char *,
- int, const FSSpec*, char *);
-#endif
/* realmofhost.c */
char * KRB5_CALLCONV krb_realmofhost
(char *);
/* tf_util.c */
-int KRB5_CALLCONV tf_init (char *tf_name, int rw);
+int KRB5_CALLCONV tf_init (const char *tf_name, int rw);
int KRB5_CALLCONV tf_get_pname (char *p);
#endif
+/* FSp-glue.c */
+#if TARGET_OS_MAC && defined(__FILES__)
+int KRB5_CALLCONV FSp_krb_get_svc_in_tkt(char *, char *, char *, char *,
+ char *, int, const FSSpec *);
+int KRB5_CALLCONV FSp_put_svc_key(const FSSpec *, char *, char *, char *,
+ int, char *);
+int KRB5_CALLCONV FSp_read_service_key(char *, char *, char *,
+ int, const FSSpec*, char *);
+#endif
+
#if TARGET_OS_MAC
/*
* KfM krb.hin had the following, probably inherited from CNS:
int KRB5_CALLCONV krb_change_password(char *, char *, char *, char *, char *);
/*
- * RealmConfig-glue.c from KfM XXX to be merged
+ * RealmsConfig-glue.c -- merged from KfM
*/
-extern int KRB5_CALLCONV krb_get_profile(profile_t *profile);
+int KRB5_CALLCONV krb_get_profile(profile_t *);
-#ifdef _WINDOWS
+#ifdef _WIN32
HINSTANCE get_lib_instance(void);
unsigned int krb_get_notification_message(void);
char * KRB5_CALLCONV krb_get_default_user(void);
+2002-12-12 Tom Yu <tlyu@mit.edu>
+
+ * kerberos_v4.c (kerberos_v4): Use krb_get_err_text() instead of
+ krb_err_txt array.
+
2002-11-26 Tom Yu <tlyu@mit.edu>
* Makefile.in: Update dependencies.
if (kerno) {
klog(L_ERR_UNK, "FAILED krb_rd_req from %s: %s",
- inet_ntoa(client_host), krb_err_txt[kerno]);
+ inet_ntoa(client_host), krb_get_err_text(kerno));
req_name_ptr = req_inst_ptr = req_realm_ptr = "";
kerb_err_reply(client, pkt, kerno, "krb_rd_req failed");
return;
+2002-12-12 Tom Yu <tlyu@mit.edu>
+
+ * FSp-glue.c: Extracted and ported from various files from KfM.
+ Not built on Unix.
+
+ * Makefile.in: Removed srcdir references from various SRCS
+ variables. Stop building krb_err.o because of gross hack in
+ err_txt.c. Adjust some dependency generation things.
+ (REALMDBOBJS): Use RealmsConfig-glue instead of lots of other
+ files.
+ (LOCALINCLUDES): Use current directory, so we can pick up
+ krb_err.c as an include file.
+
+ * RealmsConfig-glue.c: Ported from KfM and cleaned up. Old
+ REALMDBSRCS inlined here too.
+
+ * g_admhst.c, g_in_tkt.c, g_krbhst.c, g_krbrlm.c, realmofhost.c:
+ Removed. Functionality is now in RealmsConfig-glue.c.
+
+ * g_in_tkt.c (krb_get_in_tkt_creds): Add KRB5_CALLCONV.
+
+ * dest_tkt.c (dest_tkt): TKT_FILE now assigned to a const char *,
+ due to change in tkt_string() return type.
+
+ * err_txt.c: Much grossness. Suck in krb_err.c here, so we can
+ use the static array to initialize the krb_err_txt array.
+
+ * g_in_tkt.c: Call krb4int_send_to_kdc_addr() on MacOS.
+
+ * g_svc_in_tkt.c: Fix up copyright notice; punt gratuitous
+ definition of NULL.
+
+ * g_tf_fname.c (krb_get_tf_fullname): Takes a const char * for
+ ticket file name now, due to change in tkt_string() return type.
+
+ * g_tf_realm.c (krb_get_tf_realm): Takes a const char * for ticket
+ file name now, due to change in tkt_string() return type.
+
+ * in_tkt.c: Include errno.h.
+ (in_tkt): TKT_FILE now assigned to a const char *, due to change
+ in tkt_string() return type.
+
+ * krb4int.h: Add prototype for krb_get_in_tkt_preauth_creds().
+ Fix _WINDOWS->_WIN32.
+
+ * krb_err.et: Sync somewhat with old contents of err_txt.c.
+
+ * tf_util.c (tf_init): Takes const char *tf_name now.
+
2002-12-06 Tom Yu <tlyu@mit.edu>
* g_ad_tkt.c (get_ad_tkt): Add KRB5_CALLCONV.
--- /dev/null
+/*
+ * lib/krb4/FSp-glue.c
+ *
+ * Copyright 1985, 1986, 1987, 1988, 2002 by the Massachusetts
+ * Institute of Technology. All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ * MacOS-specific glue for using FSSpecs to deal with srvtabs.
+ */
+
+#include "krb.h"
+#include "krb4int.h"
+#include <stdio.h>
+#include <string.h>
+
+#if TARGET_OS_MAC && defined(__FILES__)
+
+#include <Kerberos/KerberosFullPath.h>
+
+static int FSp_srvtab_to_key(char *, char *, char *, char *, C_Block);
+
+int KRB5_CALLCONV
+FSp_read_service_key(
+ char *service, /* Service Name */
+ char *instance, /* Instance name or "*" */
+ char *realm, /* Realm */
+ int kvno, /* Key version number */
+ const FSSpec *filespec, /* Filespec */
+ char *key) /* Pointer to key to be filled in */
+{
+ int retval = KFAILURE;
+ char *file = NULL;
+ if (filespec != NULL) {
+ if (FSpGetFullPOSIXPath (filespec, &file) != noErr) {
+ return retval;
+ }
+ }
+ retval = read_service_key(service, instance, realm, kvno, file, key);
+ if (file != NULL) {
+ free (file);
+ }
+ return retval;
+}
+
+int KRB5_CALLCONV
+FSp_put_svc_key(
+ const FSSpec *sfilespec,
+ char *name,
+ char *inst,
+ char *realm,
+ int newvno,
+ char *key)
+{
+ int retval = KFAILURE;
+ char *sfile = NULL;
+ if (sfilespec != NULL) {
+ if (FSpGetFullPOSIXPath (sfilespec, &sfile) != noErr) {
+ return retval;
+ }
+ }
+ retval = put_svc_key(sfile, name, inst, realm, newvno, key);
+ if (sfile != NULL) {
+ free (sfile);
+ }
+ return retval;
+}
+
+int KRB5_CALLCONV
+FSp_krb_get_svc_in_tkt(
+ char *user, char *instance, char *realm,
+ char *service, char *sinstance, int life,
+ const FSSpec *srvtab)
+{
+ /* Cast the FSSpec into the password field. It will be pulled out again */
+ /* by FSp_srvtab_to_key and used to read the real password */
+ return krb_get_in_tkt(user, instance, realm, service, sinstance,
+ life, FSp_srvtab_to_key, NULL, (char *)srvtab);
+}
+
+static int FSp_srvtab_to_key(char *user, char *instance, char *realm,
+ char *srvtab, C_Block key)
+{
+ /* FSp_read_service_key correctly handles a NULL FSSpecPtr */
+ return FSp_read_service_key(user, instance, realm, 0,
+ (FSSpec *)srvtab, (char *)key);
+}
+#endif
myfulldir=lib/krb4
mydir=.
BUILDTOP=$(REL)..$(S)..
-LOCALINCLUDES = -I$(BUILDTOP)/include/kerberosIV -I$(srcdir)/../../include/kerberosIV
+LOCALINCLUDES = -I$(BUILDTOP)/include/kerberosIV -I$(srcdir)/../../include/kerberosIV -I.
##DOS##BUILDTOP = ..\..
##DOS##LIBNAME=$(OUTPRE)krb4.lib
$(LIB_KRB_HOSTOBJS) $(SERVER_KRB_OBJS) $(NETIO_OBJS) $(REALMDBOBJS)
SRCS = \
- $(srcdir)/change_password.c \
- $(srcdir)/cr_auth_repl.c \
- $(srcdir)/cr_ciph.c \
- $(srcdir)/cr_tkt.c \
- $(srcdir)/debug.c \
- $(srcdir)/decomp_tkt.c \
- $(srcdir)/g_ad_tkt.c \
- $(srcdir)/g_pw_in_tkt.c \
- $(srcdir)/g_phost.c \
- $(srcdir)/g_pw_tkt.c \
- $(srcdir)/g_tkt_svc.c \
- $(srcdir)/getst.c \
- $(srcdir)/gethostname.c \
+ change_password.c \
+ cr_auth_repl.c \
+ cr_ciph.c \
+ cr_tkt.c \
+ debug.c \
+ decomp_tkt.c \
+ g_ad_tkt.c \
+ g_pw_in_tkt.c \
+ g_phost.c \
+ g_pw_tkt.c \
+ g_tkt_svc.c \
+ getst.c \
+ gethostname.c \
kadm_err.c \
- $(srcdir)/kadm_net.c \
- $(srcdir)/kadm_stream.c \
- $(srcdir)/kname_parse.c \
- $(srcdir)/err_txt.c \
- $(srcdir)/lifetime.c \
- $(srcdir)/g_in_tkt.c \
- $(srcdir)/mk_auth.c \
- $(srcdir)/mk_err.c \
- $(srcdir)/mk_priv.c \
- $(srcdir)/mk_req.c \
- $(srcdir)/mk_safe.c \
- $(srcdir)/month_sname.c \
- $(srcdir)/pkt_cipher.c \
- $(srcdir)/pkt_clen.c \
- $(srcdir)/prot_client.c \
- $(srcdir)/prot_common.c \
- $(srcdir)/prot_kdc.c \
- $(srcdir)/rd_err.c \
- $(srcdir)/rd_priv.c \
- $(srcdir)/rd_safe.c \
- $(srcdir)/send_to_kdc.c \
- $(srcdir)/stime.c \
- $(srcdir)/strnlen.c \
- $(srcdir)/rd_preauth.c \
- $(srcdir)/mk_preauth.c \
- $(srcdir)/unix_time.c \
+ kadm_net.c \
+ kadm_stream.c \
+ kname_parse.c \
+ err_txt.c \
+ lifetime.c \
+ g_in_tkt.c \
+ mk_auth.c \
+ mk_err.c \
+ mk_priv.c \
+ mk_req.c \
+ mk_safe.c \
+ month_sname.c \
+ pkt_cipher.c \
+ pkt_clen.c \
+ prot_client.c \
+ prot_common.c \
+ prot_kdc.c \
+ rd_err.c \
+ rd_priv.c \
+ rd_safe.c \
+ send_to_kdc.c \
+ stime.c \
+ strnlen.c \
+ rd_preauth.c \
+ mk_preauth.c \
+ unix_time.c \
$(OSSRCS) $(CACHESRCS) $(SETENVSRCS) $(STRCASESRCS) $(SHMSRCS) \
$(LIB_KRB_HOSTSRCS) $(SERVER_KRB_SRCS) $(NETIO_SRCS) $(REALMDBSRCS)
# These objects implement the time computation routines.
#
OSOBJS = $(OUTPRE)unix_time.$(OBJEXT)
-OSSRCS = $(srcdir)/unix_time.c
+OSSRCS = unix_time.c
##DOS##OSOBJS = $(OUTPRE)win_time.obj
# These objects implement ticket cacheing for Unix. They are
# replaced by other files when compiling for Windows or Mac.
#
-CACHESRCS=$(srcdir)/tf_util.c $(srcdir)/dest_tkt.c $(srcdir)/in_tkt.c \
- $(srcdir)/tkt_string.c $(srcdir)/g_tf_fname.c \
- $(srcdir)/g_tf_realm.c $(srcdir)/g_cred.c $(srcdir)/save_creds.c
-CACHEOBJS=$(OUTPRE)tf_util.$(OBJEXT) $(OUTPRE)dest_tkt.$(OBJEXT) $(OUTPRE)in_tkt.$(OBJEXT) \
+CACHESRCS = \
+ tf_util.c dest_tkt.c in_tkt.c \
+ tkt_string.c g_tf_fname.c g_tf_realm.c \
+ g_cred.c save_creds.c
+CACHEOBJS = \
+ $(OUTPRE)tf_util.$(OBJEXT) $(OUTPRE)dest_tkt.$(OBJEXT) $(OUTPRE)in_tkt.$(OBJEXT) \
$(OUTPRE)tkt_string.$(OBJEXT) $(OUTPRE)g_tf_fname.$(OBJEXT) $(OUTPRE)g_tf_realm.$(OBJEXT) \
$(OUTPRE)g_cred.$(OBJEXT) $(OUTPRE)save_creds.$(OBJEXT)
CNFFILE = g_cnffile
##DOS##CNFFILE = win_store
-REALMDBSRCS= $(srcdir)/$(CNFFILE).c $(srcdir)/g_krbhst.c $(srcdir)/g_krbrlm.c \
- $(srcdir)/g_admhst.c $(srcdir)/realmofhost.c
-REALMDBOBJS= $(OUTPRE)$(CNFFILE).$(OBJEXT) $(OUTPRE)g_krbhst.$(OBJEXT) $(OUTPRE)g_krbrlm.$(OBJEXT) \
- $(OUTPRE)g_admhst.$(OBJEXT) $(OUTPRE)realmofhost.$(OBJEXT)
+REALMDBSRCS=$(CNFFILE).c RealmsConfig-glue.c
+REALMDBOBJS=$(OUTPRE)$(CNFFILE).$(OBJEXT) $(OUTPRE)RealmsConfig-glue.$(OBJEXT)
#
# These objects are only used on server or debug implementations of Kerberos,
# and they cause some major or minor sort of trouble for some
# client-only platform (Mac or Windows).
#
-SERVER_KRB_SRCS=$(srcdir)/klog.c $(srcdir)/kuserok.c $(srcdir)/log.c \
- $(srcdir)/kntoln.c $(srcdir)/fgetst.c $(srcdir)/rd_svc_key.c \
- $(srcdir)/cr_err_repl.c $(srcdir)/rd_req.c \
- $(srcdir)/g_svc_in_tkt.c $(srcdir)/recvauth.c \
- krb_err.c $(srcdir)/ad_print.c \
- $(srcdir)/cr_death_pkt.c $(srcdir)/kparse.c \
- $(srcdir)/put_svc_key.c $(srcdir)/sendauth.c
-SERVER_KRB_OBJS=$(OUTPRE)klog.$(OBJEXT) $(OUTPRE)kuserok.$(OBJEXT) $(OUTPRE)log.$(OBJEXT) \
- $(OUTPRE)kntoln.$(OBJEXT) \
- $(OUTPRE)fgetst.$(OBJEXT) $(OUTPRE)rd_svc_key.$(OBJEXT) $(OUTPRE)cr_err_repl.$(OBJEXT) \
- $(OUTPRE)rd_req.$(OBJEXT) $(OUTPRE)g_svc_in_tkt.$(OBJEXT) $(OUTPRE)recvauth.$(OBJEXT) \
- $(OUTPRE)krb_err.$(OBJEXT) $(OUTPRE)ad_print.$(OBJEXT) $(OUTPRE)cr_death_pkt.$(OBJEXT) \
- $(OUTPRE)kparse.$(OBJEXT) $(OUTPRE)put_svc_key.$(OBJEXT) $(OUTPRE)sendauth.$(OBJEXT)
+SERVER_KRB_SRCS = \
+ klog.c kuserok.c log.c \
+ kntoln.c \
+ fgetst.c rd_svc_key.c cr_err_repl.c \
+ rd_req.c g_svc_in_tkt.c recvauth.c \
+ ad_print.c cr_death_pkt.c \
+ kparse.c put_svc_key.c sendauth.c
+SERVER_KRB_OBJS = \
+ $(OUTPRE)klog.$(OBJEXT) $(OUTPRE)kuserok.$(OBJEXT) $(OUTPRE)log.$(OBJEXT) \
+ $(OUTPRE)kntoln.$(OBJEXT) \
+ $(OUTPRE)fgetst.$(OBJEXT) $(OUTPRE)rd_svc_key.$(OBJEXT) $(OUTPRE)cr_err_repl.$(OBJEXT) \
+ $(OUTPRE)rd_req.$(OBJEXT) $(OUTPRE)g_svc_in_tkt.$(OBJEXT) $(OUTPRE)recvauth.$(OBJEXT) \
+ $(OUTPRE)ad_print.$(OBJEXT) $(OUTPRE)cr_death_pkt.$(OBJEXT) \
+ $(OUTPRE)kparse.$(OBJEXT) $(OUTPRE)put_svc_key.$(OBJEXT) $(OUTPRE)sendauth.$(OBJEXT)
#
# These objects are included on Unix and Windows (for kstream and kadm)
# but not under Mac (there are no file descriptors).
#
-NETIO_SRCS=$(srcdir)/netread.c $(srcdir)/netwrite.c
+NETIO_SRCS=netread.c netwrite.c
NETIO_OBJS=$(OUTPRE)netread.$(OBJEXT) $(OUTPRE)netwrite.$(OBJEXT)
#
# (time-of-day access, etc). They are replaced in Mac and Windows
# by other _glue.* routines.
#
-LIB_KRB_HOSTSRCS=$(srcdir)/unix_glue.c
+LIB_KRB_HOSTSRCS=unix_glue.c
LIB_KRB_HOSTOBJS=$(OUTPRE)unix_glue.$(OBJEXT)
##DOS##LIB_KRB_HOSTOBJS=$(OUTPRE)win_glue.obj
ARCHIVEARGS= $@ $(OBJS)
-CODE=$(SRCS) Makefile.in krb_err.et
-
# We want *library* compiler options...
DBG=$(DBG_LIB)
-all-unix:: krb_err.h kadm_err.h includes all-liblinks
+all-unix:: includes all-liblinks
##DOS##LIBOBJS = $(OBJS)
kadm_err.h: kadm_err.et
kadm_err.c: kadm_err.et
-depend:: krb_err.h kadm_err.h
-depend:: $(CODE)
+depend-dependencies: krb_err.h $(EHDRDIR)$(S)krb_err.h \
+ kadm_err.h $(EHDRDIR)$(S)kadm_err.h \
+ krb_err.c
includes: $(EHDRDIR)$(S)krb_err.h $(EHDRDIR)$(S)kadm_err.h
$(RM) $(EHDRDIR)/krb_err.h
$(RM) $(EHDRDIR)/kadm_err.h
-
-
#install-unix::
# $(INSTALL_DATA) krb_err.h $(DESTDIR)$(KRB5_INCDIR)/kerberosIV/krb_err.h
kname_parse.so kname_parse.po $(OUTPRE)kname_parse.$(OBJEXT): kname_parse.c $(SRCTOP)/include/kerberosIV/krb.h \
$(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
$(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h
-err_txt.so err_txt.po $(OUTPRE)err_txt.$(OBJEXT): err_txt.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
- $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
- $(BUILDTOP)/include/profile.h
+err_txt.so err_txt.po $(OUTPRE)err_txt.$(OBJEXT): err_txt.c $(SRCTOP)/include/kerberosIV/krb.h \
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h krb4int.h \
+ krb_err.c
lifetime.so lifetime.po $(OUTPRE)lifetime.$(OBJEXT): lifetime.c $(SRCTOP)/include/kerberosIV/krb.h \
$(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
$(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h
$(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \
$(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \
$(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h
-send_to_kdc.so send_to_kdc.po $(OUTPRE)send_to_kdc.$(OBJEXT): send_to_kdc.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
- $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
- $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/krbports.h \
+send_to_kdc.so send_to_kdc.po $(OUTPRE)send_to_kdc.$(OBJEXT): send_to_kdc.c $(SRCTOP)/include/kerberosIV/krb.h \
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/krbports.h \
$(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \
- $(BUILDTOP)/include/krb5/autoconf.h
+ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/fake-addrinfo.h \
+ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/k5-int.h \
+ $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5.h \
+ $(SRCTOP)/include/krb5/kdb.h krb4int.h
stime.so stime.po $(OUTPRE)stime.$(OBJEXT): stime.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
$(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
$(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
unix_time.so unix_time.po $(OUTPRE)unix_time.$(OBJEXT): unix_time.c $(SRCTOP)/include/kerberosIV/krb.h \
$(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
$(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h
-unix_time.so unix_time.po $(OUTPRE)unix_time.$(OBJEXT): unix_time.c $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
- $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h
tf_util.so tf_util.po $(OUTPRE)tf_util.$(OBJEXT): tf_util.c $(SRCTOP)/include/kerberosIV/krb.h \
$(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
$(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/k5-int.h \
$(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
$(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
$(BUILDTOP)/include/profile.h
-g_tf_realm.so g_tf_realm.po $(OUTPRE)g_tf_realm.$(OBJEXT): g_tf_realm.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
- $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
- $(BUILDTOP)/include/profile.h
+g_tf_realm.so g_tf_realm.po $(OUTPRE)g_tf_realm.$(OBJEXT): g_tf_realm.c $(SRCTOP)/include/kerberosIV/krb.h \
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h
g_cred.so g_cred.po $(OUTPRE)g_cred.$(OBJEXT): g_cred.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
$(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
$(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
$(SRCTOP)/include/kerberosIV/krb.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
$(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \
$(BUILDTOP)/include/krb5.h $(SRCTOP)/include/krb54proto.h
-g_svc_in_tkt.so g_svc_in_tkt.po $(OUTPRE)g_svc_in_tkt.$(OBJEXT): g_svc_in_tkt.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
- $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
- $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \
+g_svc_in_tkt.so g_svc_in_tkt.po $(OUTPRE)g_svc_in_tkt.$(OBJEXT): g_svc_in_tkt.c $(SRCTOP)/include/kerberosIV/krb.h \
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \
krb4int.h
recvauth.so recvauth.po $(OUTPRE)recvauth.$(OBJEXT): recvauth.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
$(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
$(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
$(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(BUILDTOP)/include/krb5/autoconf.h
-krb_err.so krb_err.po $(OUTPRE)krb_err.$(OBJEXT): krb_err.c $(COM_ERR_DEPS)
ad_print.so ad_print.po $(OUTPRE)ad_print.$(OBJEXT): ad_print.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
$(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
$(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
$(BUILDTOP)/include/krb5.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
krb4int.h
-g_krbhst.so g_krbhst.po $(OUTPRE)g_krbhst.$(OBJEXT): g_krbhst.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
- $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
- $(BUILDTOP)/include/profile.h krb4int.h $(SRCTOP)/include/port-sockets.h \
- $(BUILDTOP)/include/krb5/autoconf.h
-g_krbrlm.so g_krbrlm.po $(OUTPRE)g_krbrlm.$(OBJEXT): g_krbrlm.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
- $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
- $(BUILDTOP)/include/profile.h krb4int.h
-g_admhst.so g_admhst.po $(OUTPRE)g_admhst.$(OBJEXT): g_admhst.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
- $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
- $(BUILDTOP)/include/profile.h krb4int.h
-realmofhost.so realmofhost.po $(OUTPRE)realmofhost.$(OBJEXT): realmofhost.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
- $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \
- $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
- $(BUILDTOP)/include/krb5/autoconf.h krb4int.h
+RealmsConfig-glue.so RealmsConfig-glue.po $(OUTPRE)RealmsConfig-glue.$(OBJEXT): RealmsConfig-glue.c \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/krb.h \
+ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \
+ krb4int.h $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
+ $(BUILDTOP)/include/krb5.h
--- /dev/null
+/*
+ * lib/krb4/RealmsConfig-glue.c
+ *
+ * Copyright 1985-2002 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ * These calls implement the layer of Kerberos v4 library which
+ * accesses realms configuration by calling into the Kerberos Profile
+ * library.
+ */
+
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <errno.h>
+#if TARGET_OS_MAC
+#include <CoreServices/CoreServices.h>
+#endif
+
+#include "profile.h"
+#include "krb.h"
+#include "krb4int.h"
+#include "port-sockets.h"
+
+#if USE_CCAPI
+#include <Kerberos/CredentialsCache.h>
+#endif
+
+#define KRB5_PRIVATE 1
+/* For krb5_get_default_config_files and krb5_free_config_files */
+#include "krb5.h"
+#undef KRB5_PRIVATE
+
+/* These two *must* be kept in sync to avoid buffer overflows. */
+#define SCNSCRATCH "%1023s"
+#define SCRATCHSZ 1024
+#if SCRATCHSZ < MAXHOSTNAMELEN
+#error "SCRATCHSZ must be at least MAXHOSTNAMELEN"
+#endif
+
+/*
+ * Returns to the caller an initialized profile using the same files
+ * as Kerberos4Lib would.
+ */
+int KRB5_CALLCONV
+krb_get_profile(profile_t* profile)
+{
+ int retval = KSUCCESS;
+ profile_filespec_t *files = NULL;
+
+ /* Use krb5 to get the config files */
+ retval = krb5_get_default_config_files(&files);
+
+ if (retval == KSUCCESS) {
+ retval = profile_init((const_profile_filespec_t *)files, profile);
+ }
+
+ if (files) {
+ krb5_free_config_files(files);
+ }
+
+ if (retval == ENOENT) {
+ /* No edu.mit.Kerberos file */
+ return KFAILURE;
+ }
+
+ if ((retval == PROF_SECTION_NOTOP) ||
+ (retval == PROF_SECTION_SYNTAX) ||
+ (retval == PROF_RELATION_SYNTAX) ||
+ (retval == PROF_EXTRA_CBRACE) ||
+ (retval == PROF_MISSING_OBRACE)) {
+ /* Bad config file format */
+ return retval;
+ }
+
+ return retval;
+}
+
+/* Caller must ensure that n >= 1 and that pointers are non-NULL. */
+static int
+krb_prof_get_nth(
+ char *ret,
+ size_t retlen,
+ const char *realm,
+ int n,
+ const char *sec,
+ const char *key)
+{
+ int result;
+ long profErr;
+ profile_t profile = NULL;
+ const char *names[4];
+ void *iter = NULL;
+ char *name = NULL;
+ char *value = NULL;
+ int i;
+
+ result = KFAILURE;
+
+ profErr = krb_get_profile(&profile);
+ if (profErr) {
+ /*
+ * Can krb_get_profile() return errors that change PROFILE?
+ */
+ goto cleanup;
+ }
+ names[0] = sec;
+ names[1] = realm;
+ names[2] = key;
+ names[3] = NULL;
+ profErr = profile_iterator_create(profile, names,
+ PROFILE_ITER_RELATIONS_ONLY, &iter);
+ if (profErr)
+ goto cleanup;
+
+ result = KSUCCESS;
+ for (i = 1; i <= n; i++) {
+ if (name != NULL)
+ profile_release_string(name);
+ if (value != NULL)
+ profile_release_string(value);
+ name = value = NULL;
+
+ profErr = profile_iterator(&iter, &name, &value);
+ if (profErr || (name == NULL)) {
+ result = KFAILURE;
+ break;
+ }
+ }
+ if (result == KSUCCESS) {
+ /* Return error rather than truncating. */
+ if (strlen(value) >= retlen)
+ result = KFAILURE;
+ else
+ strncpy(ret, value, retlen);
+ }
+cleanup:
+ if (name != NULL)
+ profile_release_string(name);
+ if (value != NULL)
+ profile_release_string(value);
+ if (iter != NULL)
+ profile_iterator_free(&iter);
+ if (profile != NULL)
+ profile_abandon(profile);
+ return result;
+}
+
+/*
+ * Index -> realm name mapping
+ *
+ * Not really. The original implementation has a cryptic comment
+ * indicating that the function can only work for n = 1, and always
+ * returns the default realm. I don't know _why_ that's the case, but
+ * I have to do it that way...
+ *
+ * Old description from g_krbrlm.c:
+ *
+ * krb_get_lrealm takes a pointer to a string, and a number, n. It fills
+ * in the string, r, with the name of the nth realm specified on the
+ * first line of the kerberos config file (KRB_CONF, defined in "krb.h").
+ * It returns 0 (KSUCCESS) on success, and KFAILURE on failure. If the
+ * config file does not exist, and if n=1, a successful return will occur
+ * with r = KRB_REALM (also defined in "krb.h").
+ *
+ * NOTE: for archaic & compatibility reasons, this routine will only return
+ * valid results when n = 1.
+ *
+ * For the format of the KRB_CONF file, see comments describing the routine
+ * krb_get_krbhst(). This will also look in KRB_FB_CONF is
+ * ATHENA_CONF_FALLBACK is defined.
+ */
+int KRB5_CALLCONV
+krb_get_lrealm(
+ char *realm,
+ int n)
+{
+ long profErr = 0;
+ char *realmString = NULL;
+ char *realmStringV4 = NULL;
+ profile_t profile = NULL;
+ int result;
+ FILE *cnffile = NULL;
+ char scratch[SCRATCHSZ];
+
+ if (n != 1 || realm == NULL)
+ return KFAILURE;
+
+ result = KFAILURE; /* Start out with failure. */
+
+ profErr = krb_get_profile(&profile);
+ if (profErr)
+ goto cleanup;
+
+ profErr = profile_get_string(profile, REALMS_V4_PROF_LIBDEFAULTS_SECTION,
+ REALMS_V4_DEFAULT_REALM, NULL, NULL,
+ &realmString);
+ if (profErr || realmString == NULL)
+ goto cleanup;
+
+ if (strlen(realmString) >= REALM_SZ)
+ goto cleanup;
+ strncpy(realm, realmString, REALM_SZ);
+ /*
+ * Step 2: the default realm is actually v5 realm, so we have to
+ * check for the case where v4 and v5 realms are different.
+ */
+ profErr = profile_get_string(profile, "realms", realm, "v4_realm",
+ NULL, &realmStringV4);
+ if (profErr || realmStringV4 == NULL)
+ goto cleanup;
+
+ if (strlen(realmStringV4) >= REALM_SZ)
+ goto cleanup;
+ strncpy(realm, realmStringV4, REALM_SZ);
+ result = KSUCCESS;
+cleanup:
+ if (realmString != NULL)
+ profile_release_string(realmString);
+ if (realmStringV4 != NULL)
+ profile_release_string(realmStringV4);
+ if (profile != NULL)
+ profile_abandon(profile);
+
+ if (result == KSUCCESS)
+ return result;
+ /*
+ * Do old-style config file lookup.
+ */
+ do {
+ cnffile = krb__get_cnffile();
+ if (cnffile == NULL)
+ break;
+ if (fscanf(cnffile, SCNSCRATCH, scratch) == 1) {
+ if (strlen(scratch) >= REALM_SZ)
+ result = KFAILURE;
+ else {
+ strncpy(realm, scratch, REALM_SZ);
+ result = KSUCCESS;
+ }
+ }
+ fclose(cnffile);
+ } while (0);
+ if (result == KFAILURE && strlen(KRB_REALM) < REALM_SZ) {
+ strncpy(realm, KRB_REALM, REALM_SZ);
+ result = KSUCCESS;
+ }
+ return result;
+}
+
+/*
+ * Realm, index -> admin KDC mapping
+ *
+ * Old description from g_admhst.c:
+ *
+ * Given a Kerberos realm, find a host on which the Kerberos database
+ * administration server can be found.
+ *
+ * krb_get_admhst takes a pointer to be filled in, a pointer to the name
+ * of the realm for which a server is desired, and an integer n, and
+ * returns (in h) the nth administrative host entry from the configuration
+ * file (KRB_CONF, defined in "krb.h") associated with the specified realm.
+ * If ATHENA_CONF_FALLBACK is defined, also look in old location.
+ *
+ * On error, get_admhst returns KFAILURE. If all goes well, the routine
+ * returns KSUCCESS.
+ *
+ * For the format of the KRB_CONF file, see comments describing the routine
+ * krb_get_krbhst().
+ *
+ * This is a temporary hack to allow us to find the nearest system running
+ * a Kerberos admin server. In the long run, this functionality will be
+ * provided by a nameserver.
+ */
+int KRB5_CALLCONV
+krb_get_admhst(
+ char *host,
+ char *realm,
+ int n)
+{
+ int result;
+ int i;
+ FILE *cnffile;
+ char linebuf[BUFSIZ];
+ char trealm[SCRATCHSZ];
+ char thost[SCRATCHSZ];
+ char scratch[SCRATCHSZ];
+
+ if (n < 1 || host == NULL || realm == NULL)
+ return KFAILURE;
+
+ result = krb_prof_get_nth(host, MAXHOSTNAMELEN, realm, n,
+ REALMS_V4_PROF_REALMS_SECTION,
+ REALMS_V4_PROF_ADMIN_KDC);
+ if (result == KSUCCESS)
+ return result;
+
+ /*
+ * Do old-style config file lookup.
+ */
+ cnffile = krb__get_cnffile();
+ if (cnffile == NULL)
+ return KFAILURE;
+ result = KSUCCESS;
+ for (i = 0; i < n;) {
+ if (fgets(linebuf, BUFSIZ, cnffile) == NULL) {
+ result = KFAILURE;
+ break;
+ }
+ if (!strchr(linebuf, '\n')) {
+ result = KFAILURE;
+ break;
+ }
+ /*
+ * Need to scan for a token after 'admin' to make sure that
+ * admin matched correctly.
+ */
+ if (sscanf(linebuf, SCNSCRATCH " " SCNSCRATCH " admin " SCNSCRATCH,
+ trealm, thost, scratch) != 3)
+ continue;
+ if (!strcmp(trealm, realm))
+ i++;
+ }
+ fclose(cnffile);
+ if (result == KSUCCESS && strlen(thost) < MAXHOSTNAMELEN)
+ strncpy(host, thost, MAXHOSTNAMELEN);
+ else
+ result = KFAILURE;
+ return result;
+}
+
+/*
+ * Realm, index -> kpasswd KDC mapping
+ */
+int KRB5_CALLCONV
+krb_get_kpasswdhst(
+ char *host,
+ char *realm,
+ int n)
+{
+ if (n < 1 || host == NULL || realm == NULL)
+ return KFAILURE;
+
+ return krb_prof_get_nth(host, MAXHOSTNAMELEN, realm, n,
+ REALMS_V4_PROF_REALMS_SECTION,
+ REALMS_V4_PROF_KPASSWD_KDC);
+}
+
+static int
+get_krbhst_default(h, r, n)
+ char *h;
+ char *r;
+ int n;
+{
+ if (n != 1)
+ return KFAILURE;
+ if (strlen(KRB_HOST) + 1 + strlen(r) >= MAXHOSTNAMELEN)
+ return KFAILURE;
+ /* KRB_HOST.REALM (ie. kerberos.CYGNUS.COM) */
+ strncpy(h, KRB_HOST, MAXHOSTNAMELEN);
+ strcat(h, ".");
+ strcat(h, r);
+ return KSUCCESS;
+}
+
+/*
+ * Realm, index -> KDC mapping
+ *
+ * Old description from g_krbhst.c:
+ *
+ * Given a Kerberos realm, find a host on which the Kerberos authenti-
+ * cation server can be found.
+ *
+ * krb_get_krbhst takes a pointer to be filled in, a pointer to the name
+ * of the realm for which a server is desired, and an integer, n, and
+ * returns (in h) the nth entry from the configuration file (KRB_CONF,
+ * defined in "krb.h") associated with the specified realm.
+ *
+ * On end-of-file, krb_get_krbhst returns KFAILURE. If n=1 and the
+ * configuration file does not exist, krb_get_krbhst will return KRB_HOST
+ * (also defined in "krb.h"). If all goes well, the routine returnes
+ * KSUCCESS.
+ *
+ * The KRB_CONF file contains the name of the local realm in the first
+ * line (not used by this routine), followed by lines indicating realm/host
+ * entries. The words "admin server" following the hostname indicate that
+ * the host provides an administrative database server.
+ * This will also look in KRB_FB_CONF if ATHENA_CONF_FALLBACK is defined.
+ *
+ * For example:
+ *
+ * ATHENA.MIT.EDU
+ * ATHENA.MIT.EDU kerberos-1.mit.edu admin server
+ * ATHENA.MIT.EDU kerberos-2.mit.edu
+ * LCS.MIT.EDU kerberos.lcs.mit.edu admin server
+ *
+ * This is a temporary hack to allow us to find the nearest system running
+ * kerberos. In the long run, this functionality will be provided by a
+ * nameserver.
+ */
+int KRB5_CALLCONV
+krb_get_krbhst(
+ char *host,
+ const char *realm,
+ int n)
+{
+ int result;
+ int i;
+ FILE *cnffile;
+ char linebuf[BUFSIZ];
+ char tr[SCRATCHSZ];
+ char scratch[SCRATCHSZ];
+
+ if (n < 1 || host == NULL || realm == NULL)
+ return KFAILURE;
+
+ result = krb_prof_get_nth(host, MAXHOSTNAMELEN, realm, n,
+ REALMS_V4_PROF_REALMS_SECTION,
+ REALMS_V4_PROF_KDC);
+ if (result == KSUCCESS)
+ return result;
+ /*
+ * Do old-style config file lookup.
+ */
+ do {
+ cnffile = krb__get_cnffile();
+ if (cnffile == NULL)
+ break;
+ /* Skip default realm name. */
+ if (fscanf(cnffile, SCNSCRATCH, tr) == EOF) {
+ fclose(cnffile);
+ break;
+ }
+ result = KSUCCESS;
+ for (i = 0; i < n;) {
+ if (fgets(linebuf, BUFSIZ, cnffile) == NULL) {
+ result = KFAILURE;
+ break;
+ }
+ if (!strchr(linebuf, '\n')) {
+ result = KFAILURE;
+ break;
+ }
+ if ((sscanf(linebuf, SCNSCRATCH " " SCNSCRATCH,
+ tr, scratch) != 2))
+ continue;
+ if (!strcmp(tr, realm))
+ i++;
+ }
+ fclose(cnffile);
+ if (result == KSUCCESS && strlen(scratch) < MAXHOSTNAMELEN)
+ strncpy(host, scratch, MAXHOSTNAMELEN);
+ else
+ result = KFAILURE;
+ } while (0);
+ if (result == KFAILURE)
+ result = get_krbhst_default(host, realm, n);
+ return result;
+}
+
+#if USE_CCAPI
+/*
+ * Realm -> string_to_key mapping
+ */
+int KRB5_CALLCONV
+krb_get_stk(
+ KRB_UINT32 *type,
+ char *realm)
+{
+ long profErr = 0;
+ const char *names[] = {REALMS_V4_PROF_REALMS_SECTION, NULL,
+ REALMS_V4_PROF_STK, NULL};
+ profile_t profile = NULL;
+ void *iter = NULL;
+ char *name = NULL;
+ char *value = NULL;
+ int found = 0;
+
+ names[1] = realm;
+
+ profErr = krb_get_profile(&profile);
+ if (profErr) {
+ goto cleanup;
+ }
+
+ profErr = profile_iterator_create(profile, names,
+ PROFILE_ITER_RELATIONS_ONLY, &iter);
+ if (profErr) {
+ goto cleanup;
+ }
+
+ profErr = profile_iterator(&iter, &name, &value);
+ if (profErr) {
+ goto cleanup;
+ }
+
+ if (name != NULL) {
+ if (!strncmp(value, REALMS_V4_MIT_STK, strlen(REALMS_V4_MIT_STK))) {
+ *type = cc_v4_stk_des;
+ found = 1;
+ } else if (!strncmp(value, REALMS_V4_AFS_STK,
+ strlen(REALMS_V4_AFS_STK))) {
+ *type = cc_v4_stk_afs;
+ found = 1;
+ } else if (!strncmp(value, REALMS_V4_COLUMBIA_STK,
+ strlen(REALMS_V4_COLUMBIA_STK))) {
+ *type = cc_v4_stk_columbia_special;
+ found = 1;
+ }
+ }
+
+cleanup:
+ if (name != NULL)
+ profile_release_string(name);
+ if (value != NULL)
+ profile_release_string(value);
+ if (iter != NULL)
+ profile_iterator_free(&iter);
+ if (profile != NULL)
+ profile_abandon(profile);
+
+ /* If this fails, we just rely on autodetecting the realm */
+ if (!found) {
+ *type = cc_v4_stk_unknown;
+ }
+ return KSUCCESS;
+}
+#endif /* USE_CCAPI */
+
+/*
+ * Hostname -> realm name mapping
+ *
+ * Old description from realmofhost.c:
+ *
+ * Given a fully-qualified domain-style primary host name,
+ * return the name of the Kerberos realm for the host.
+ * If the hostname contains no discernable domain, or an error occurs,
+ * return the local realm name, as supplied by get_krbrlm().
+ * If the hostname contains a domain, but no translation is found,
+ * the hostname's domain is converted to upper-case and returned.
+ *
+ * The format of each line of the translation file is:
+ * domain_name kerberos_realm
+ * -or-
+ * host_name kerberos_realm
+ *
+ * domain_name should be of the form .XXX.YYY (e.g. .LCS.MIT.EDU)
+ * host names should be in the usual form (e.g. FOO.BAR.BAZ)
+ */
+char * KRB5_CALLCONV
+krb_realmofhost(char *host)
+{
+ /* Argh! */
+ static char realm[REALM_SZ];
+ char *lhost;
+ const char *names[] = {REALMS_V4_PROF_DOMAIN_SECTION, NULL, NULL};
+ char **values = NULL;
+ profile_t profile = NULL;
+ long profErr;
+ char hostname[MAXHOSTNAMELEN];
+ char *p;
+ char *domain;
+ FILE *trans_file = NULL;
+ int retval;
+ char thost[SCRATCHSZ];
+ char trealm[SCRATCHSZ];
+ struct hostent *h;
+
+ /* Return local realm if all else fails */
+ krb_get_lrealm(realm, 1);
+
+ /* Forward-resolve in case domain is missing. */
+ h = gethostbyname(host);
+ if (h == NULL)
+ lhost = host;
+ else
+ lhost = h->h_name;
+
+ if (strlen(lhost) >= MAXHOSTNAMELEN)
+ return realm;
+ strncpy(hostname, lhost, MAXHOSTNAMELEN);
+
+ /* Remove possible trailing dot. */
+ p = strrchr(hostname, '.');
+ if (p != NULL && p[1] == '\0')
+ *p = '\0';
+ domain = strchr(hostname, '.');
+ /*
+ * If the hostname is just below the top, e.g., CYGNUS.COM, then
+ * we special-case it; if someone really wants a realm called COM
+ * they will just have to specify it properly.
+ */
+ if (domain != NULL) {
+ domain++;
+ p = strchr(domain, '.');
+ if (p == NULL)
+ domain = lhost;
+ if (strlen(domain) < REALM_SZ) {
+ strncpy(realm, domain, REALM_SZ);
+ /* Upcase realm name. */
+ for (p = hostname; *p != '\0'; p++) {
+ if (*p > 0 && islower((unsigned char)*p))
+ *p = toupper((unsigned char)*p);
+ }
+ }
+ }
+ /* Downcase hostname. */
+ for (p = hostname; *p != '\0'; p++) {
+ if (*p > 0 && isupper((unsigned char)*p))
+ *p = tolower((unsigned char)*p);
+ }
+
+ profErr = krb_get_profile(&profile);
+ if (profErr)
+ goto cleanup;
+
+ for (domain = hostname; domain != NULL && *domain != '\0';) {
+ names[1] = domain;
+ values = NULL;
+ profErr = profile_get_values(profile, names, &values);
+ if (!profErr && strlen(values[0]) < REALM_SZ) {
+ /* Found, return it */
+ strncpy(realm, values[0], REALM_SZ);
+ profile_free_list(values);
+ break;
+ } else {
+ /* Skip over leading dot. */
+ if (*domain == '.')
+ domain++;
+ domain = strchr(domain, '.');
+ }
+ profile_free_list(values);
+ }
+cleanup:
+ if (profile != NULL)
+ profile_abandon(profile);
+
+ trans_file = krb__get_realmsfile();
+ if (trans_file == NULL)
+ return realm;
+ domain = strchr(hostname, '.');
+ for (;;) {
+ retval = fscanf(trans_file, SCNSCRATCH " " SCNSCRATCH,
+ thost, trealm);
+ if (retval == EOF)
+ break;
+ if (retval != 2 || strlen(trealm) >= REALM_SZ)
+ continue; /* Ignore malformed lines. */
+ /* Attempt to match domain. */
+ if (*thost == '.') {
+ if (domain && !strcasecmp(thost, domain)) {
+ strncpy(realm, trealm, REALM_SZ);
+ continue; /* Try again for an exact match. */
+ }
+ } else {
+ /* Hostname must match exactly. */
+ if (!strcasecmp(thost, hostname)) {
+ strncpy(realm, trealm, REALM_SZ);
+ break;
+ }
+ }
+ }
+ fclose(trans_file);
+ return realm;
+}
int KRB5_CALLCONV
dest_tkt()
{
- char *file = TKT_FILE;
+ const char *file = TKT_FILE;
int i,fd;
extern int errno;
int ret;
/*
- * err_txt.c
+ * lib/krb4/err_txt.c
*
- * Copyright 1988 by the Massachusetts Institute of Technology.
+ * Copyright 1988, 2002 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
*
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
*/
-#include "mit-copyright.h"
#include "krb.h"
+#include "krb4int.h"
/*
- * This file contains an array of error text strings.
- * The associated error codes (which are defined in "krb.h")
- * follow the string in the comments at the end of each line.
+ * This is gross. We want krb_err_txt to match the contents of the
+ * com_err error table, but the text is static in krb_err.c. To avoid
+ * multiple registrations of the error table, we also want to override
+ * initialize_krb_error_table() in case someone decides to call it.
*/
+#undef initialize_krb_error_table
+#define initialize_krb_error_table krb4int_init_krb_err_tbl
+void krb4int_init_krb_err_tbl(void);
+#include "krb_err.c"
+#undef initialize_krb_error_table
-const
-/* Some C compilers (like ThinkC when producing a driver) can't grok
- initialized multimentional arrays! */
-#ifdef MULTIDIMENSIONAL_ERR_TXT
- char krb_err_txt[256][60] = {
-#else
- char *const krb_err_txt [256] = {
-#endif
- "OK", /* 000 */
- "Principal expired (kerberos)", /* 001 */
- "Service expired (kerberos)", /* 002 */
- "Authentication expired (kerberos)", /* 003 */
- "Unknown protocol version number (kerberos)", /* 004 */
- "Principal: Incorrect master key version (kerberos)", /* 005 */
- "Service: Incorrect master key version (kerberos)", /* 006 */
- "Bad byte order (kerberos)", /* 007 */
- "Principal unknown (kerberos)", /* 008 */
- "Principal not unique (kerberos)", /* 009 */
- "Principal has null key (kerberos)", /* 010 */
- "Reserved error message 11 (kerberos)", /* 011 */
- "Reserved error message 12 (kerberos)", /* 012 */
- "Reserved error message 13 (kerberos)", /* 013 */
- "Reserved error message 14 (kerberos)", /* 014 */
- "Reserved error message 15 (kerberos)", /* 015 */
- "Reserved error message 16 (kerberos)", /* 016 */
- "Reserved error message 17 (kerberos)", /* 017 */
- "Reserved error message 18 (kerberos)", /* 018 */
- "Reserved error message 19 (kerberos)", /* 019 */
- "Permission Denied (kerberos)", /* 020 */
- "Can't read ticket file (krb_get_cred)", /* 021 */
- "Can't find ticket (krb_get_cred)", /* 022 */
- "Reserved error message 23 (krb_get_cred)", /* 023 */
- "Reserved error message 24 (krb_get_cred)", /* 024 */
- "Reserved error message 25 (krb_get_cred)", /* 025 */
- "Ticket granting ticket expired (krb_mk_req)", /* 026 */
- "Reserved error message 27 (krb_mk_req)", /* 027 */
- "Reserved error message 28 (krb_mk_req)", /* 028 */
- "Reserved error message 29 (krb_mk_req)", /* 029 */
- "Reserved error message 30 (krb_mk_req)", /* 030 */
- "Can't decode authenticator (krb_rd_req)", /* 031 */
- "Ticket expired (krb_rd_req)", /* 032 */
- "Ticket issue date too far in the future (krb_rd_req)",/* 033 */
- "Repeat request (krb_rd_req)", /* 034 */
- "Ticket for wrong server (krb_rd_req)", /* 035 */
- "Request inconsistent (krb_rd_req)", /* 036 */
- "Time is out of bounds (krb_rd_req)", /* 037 */
- "Incorrect network address (krb_rd_req)", /* 038 */
- "Protocol version mismatch (krb_rd_req)", /* 039 */
- "Illegal message type (krb_rd_req)", /* 040 */
- "Message integrity error (krb_rd_req)", /* 041 */
- "Message duplicate or out of order (krb_rd_req)", /* 042 */
- "Unauthorized request (krb_rd_req)", /* 043 */
- "Reserved error message 44 (krb_rd_req)", /* 044 */
- "Reserved error message 45 (krb_rd_req)", /* 045 */
- "Reserved error message 46 (krb_rd_req)", /* 046 */
- "Reserved error message 47 (krb_rd_req)", /* 047 */
- "Reserved error message 48 (krb_rd_req)", /* 048 */
- "Reserved error message 49 (krb_rd_req)", /* 049 */
- "Reserved error message 50 (krb_rd_req)", /* 050 */
- "Current password is NULL (get_pw_tkt)", /* 051 */
- "Current password incorrect (get_pw_tkt)", /* 052 */
- "Protocol error (gt_pw_tkt)", /* 053 */
- "Error returned by KDC (gt_pw_tkt)", /* 054 */
- "Null ticket returned by KDC (gt_pw_tkt)", /* 055 */
- "Retry count exceeded (send_to_kdc)", /* 056 */
- "Can't send request (send_to_kdc)", /* 057 */
- "Reserved error message 58 (send_to_kdc)", /* 058 */
- "Reserved error message 59 (send_to_kdc)", /* 059 */
- "Reserved error message 60 (send_to_kdc)", /* 060 */
- "Warning: Not ALL tickets returned", /* 061 */
- "Password incorrect", /* 062 */
- "Protocol error (get_intkt)", /* 063 */
- "Reserved error message 64 (get_in_tkt)", /* 064 */
- "Reserved error message 65 (get_in_tkt)", /* 065 */
- "Reserved error message 66 (get_in_tkt)", /* 066 */
- "Reserved error message 67 (get_in_tkt)", /* 067 */
- "Reserved error message 68 (get_in_tkt)", /* 068 */
- "Reserved error message 69 (get_in_tkt)", /* 069 */
- "Generic error (get_intkt)", /* 070 */
- "Don't have ticket granting ticket (get_ad_tkt)", /* 071 */
- "Reserved error message 72 (get_ad_tkt)", /* 072 */
- "Reserved error message 73 (get_ad_tkt)", /* 073 */
- "Reserved error message 74 (get_ad_tkt)", /* 074 */
- "Reserved error message 75 (get_ad_tkt)", /* 075 */
- "You have no tickets cached", /* 076 */
- "Can't access ticket file (tf_util)", /* 077 */
- "Can't lock ticket file; try later (tf_util)", /* 078 */
- "Bad ticket file format (tf_util)", /* 079 */
- "Read ticket file before tf_init (tf_util)", /* 080 */
- "Bad Kerberos name format (kname_parse)", /* 081 */
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "Generic kerberos error (kfailure)", /* 255 */
-};
+void initialize_krb_error_table(void);
+/* YUCK -- depends on naming of the static table. */
+const char * const * const krb_err_txt = text;
+
+static int inited = 0;
+
+void
+krb4int_et_init(void)
+{
+ if (inited)
+ return;
+ add_error_table(&et_krb_error_table);
+ inited = 1;\
+}
+
+void
+initialize_krb_error_table(void)
+{
+ krb4int_et_init();
+}
+
+void
+krb4int_et_fini(void)
+{
+ if (inited)
+ remove_error_table(&et_krb_error_table);
+}
const char * KRB5_CALLCONV
-krb_get_err_text (code)
+krb_get_err_text(code)
int code;
{
- if (code >= 0 && code < (sizeof (krb_err_txt))/(sizeof *krb_err_txt))
- return krb_err_txt[code];
+ krb4int_et_init();
+ /*
+ * Shift krb error code into com_err number space.
+ */
+ if (code >= 0 && code < MAX_KRB_ERRORS)
+ return error_message(ERROR_TABLE_BASE_krb + code);
else
return "Invalid Kerberos error code";
}
+++ /dev/null
-/*
- * g_admhst.c
- *
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- */
-
-#include "mit-copyright.h"
-#include <stdio.h>
-#include "krb.h"
-#include <string.h>
-#include "krb4int.h"
-
-/*
- * Given a Kerberos realm, find a host on which the Kerberos database
- * administration server can be found.
- *
- * krb_get_admhst takes a pointer to be filled in, a pointer to the name
- * of the realm for which a server is desired, and an integer n, and
- * returns (in h) the nth administrative host entry from the configuration
- * file (KRB_CONF, defined in "krb.h") associated with the specified realm.
- * If ATHENA_CONF_FALLBACK is defined, also look in old location.
- *
- * On error, get_admhst returns KFAILURE. If all goes well, the routine
- * returns KSUCCESS.
- *
- * For the format of the KRB_CONF file, see comments describing the routine
- * krb_get_krbhst().
- *
- * This is a temporary hack to allow us to find the nearest system running
- * a Kerberos admin server. In the long run, this functionality will be
- * provided by a nameserver.
- */
-
-int KRB5_CALLCONV
-krb_get_admhst(h, r, n)
- char *h;
- char *r;
- int n;
-{
- FILE *cnffile;
- char tr[REALM_SZ];
- char linebuf[BUFSIZ];
- char scratch[64];
- register int i;
-
- cnffile = krb__get_cnffile();
- if (!cnffile)
- return(KFAILURE);
- if (fgets(linebuf, BUFSIZ, cnffile) == NULL) {
- /* error reading */
- (void) fclose(cnffile);
- return(KFAILURE);
- }
- if (!strchr(linebuf, '\n')) {
- /* didn't all fit into buffer, punt */
- (void) fclose(cnffile);
- return(KFAILURE);
- }
- for (i = 0; i < n; ) {
- /* run through the file, looking for admin host */
- if (fgets(linebuf, BUFSIZ, cnffile) == NULL) {
- (void) fclose(cnffile);
- return(KFAILURE);
- }
- /* need to scan for a token after 'admin' to make sure that
- admin matched correctly */
- if (sscanf(linebuf, "%s %s admin %s", tr, h, scratch) != 3)
- continue;
- if (!strcmp(tr,r))
- i++;
- }
- (void) fclose(cnffile);
- return(KSUCCESS);
-}
/*
* lib/krb4/g_in_tkt.c
*
- * Copyright 1986, 1987, 1988, 2000, 2001 by the Massachusetts
- * Institute of Technology. All Rights Reserved.
+ * Copyright 1986-2002 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
int msg_byte_order;
int kerror;
+#if TARGET_OS_MAC
+ socklen_t addrlen;
+#endif
#if 0
unsigned long exp_date;
#endif
/* SEND THE REQUEST AND RECEIVE THE RETURN PACKET */
rpkt->length = 0;
-#if 0 /* XXX */
- kerror = send_to_kdc_addr(pkt, rpkt, realm, local_addr);
+#if TARGET_OS_MAC
+ addrlen = sizeof(struct sockaddr_in)
+ kerror = krb4int_send_to_kdc_addr(pkt, rpkt, realm,
+ local_addr, &addrlen);
#else
kerror = send_to_kdc(pkt, rpkt, realm);
#endif
return kerror;
}
-int
+int KRB5_CALLCONV
krb_get_in_tkt_creds(user, instance, realm, service, sinstance, life,
key_proc, decrypt_proc, arg, creds)
char *user;
+++ /dev/null
-/*
- * g_krbhst.c
- *
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- */
-
-#include "mit-copyright.h"
-#include <stdio.h>
-#include "krb.h"
-#include <string.h>
-#include "krb4int.h"
-#include "port-sockets.h"
-
-/*
- * Given a Kerberos realm, find a host on which the Kerberos authenti-
- * cation server can be found.
- *
- * krb_get_krbhst takes a pointer to be filled in, a pointer to the name
- * of the realm for which a server is desired, and an integer, n, and
- * returns (in h) the nth entry from the configuration file (KRB_CONF,
- * defined in "krb.h") associated with the specified realm.
- *
- * On end-of-file, krb_get_krbhst returns KFAILURE. If n=1 and the
- * configuration file does not exist, krb_get_krbhst will return KRB_HOST
- * (also defined in "krb.h"). If all goes well, the routine returnes
- * KSUCCESS.
- *
- * The KRB_CONF file contains the name of the local realm in the first
- * line (not used by this routine), followed by lines indicating realm/host
- * entries. The words "admin server" following the hostname indicate that
- * the host provides an administrative database server.
- * This will also look in KRB_FB_CONF if ATHENA_CONF_FALLBACK is defined.
- *
- * For example:
- *
- * ATHENA.MIT.EDU
- * ATHENA.MIT.EDU kerberos-1.mit.edu admin server
- * ATHENA.MIT.EDU kerberos-2.mit.edu
- * LCS.MIT.EDU kerberos.lcs.mit.edu admin server
- *
- * This is a temporary hack to allow us to find the nearest system running
- * kerberos. In the long run, this functionality will be provided by a
- * nameserver.
- */
-
-static int
-get_krbhst_default(h, r, n)
- char *h;
- char *r;
- int n;
-{
- if (n==1) {
- (void) strncpy(h,KRB_HOST,MAXHOSTNAMELEN-1);
- h[MAXHOSTNAMELEN-1] = '\0';
- (void) strncat(h,".",MAXHOSTNAMELEN-1-strlen(h));
- (void) strncat(h,r,MAXHOSTNAMELEN-1-strlen(h));
- /* KRB_HOST.REALM (ie. kerberos.CYGNUS.COM) */
- return(KSUCCESS);
- }
- else
- return(KFAILURE);
-}
-
-int KRB5_CALLCONV
-krb_get_krbhst(h,r,n)
- char *h;
- char *r;
- int n;
-{
- FILE *cnffile;
- char tr[REALM_SZ];
- char linebuf[BUFSIZ];
- register int i;
-
- cnffile = krb__get_cnffile();
- if (!cnffile)
- return get_krbhst_default(h, r, n);
- if (fscanf(cnffile,"%39s",tr) == EOF) /* XXX assumes REALM_SZ == 40 */
- return get_krbhst_default(h, r, n);
- /* run through the file, looking for the nth server for this realm */
- for (i = 1; i <= n;) {
- if (fgets(linebuf, BUFSIZ, cnffile) == NULL) {
- (void) fclose(cnffile);
- return get_krbhst_default(h, r, n);
- }
- if (sscanf(linebuf, "%39s %1023s", tr, h) != 2) /* REALM_SZ == 40 */
- continue;
- if (!strcmp(tr,r))
- i++;
- }
- (void) fclose(cnffile);
- return(KSUCCESS);
-}
+++ /dev/null
-/*
- * g_krbrlm.c
- *
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- */
-
-#include "mit-copyright.h"
-#include <stdio.h>
-#include "krb.h"
-#include <string.h>
-#include "krb4int.h"
-
-/*
- * krb_get_lrealm takes a pointer to a string, and a number, n. It fills
- * in the string, r, with the name of the nth realm specified on the
- * first line of the kerberos config file (KRB_CONF, defined in "krb.h").
- * It returns 0 (KSUCCESS) on success, and KFAILURE on failure. If the
- * config file does not exist, and if n=1, a successful return will occur
- * with r = KRB_REALM (also defined in "krb.h").
- *
- * NOTE: for archaic & compatibility reasons, this routine will only return
- * valid results when n = 1.
- *
- * For the format of the KRB_CONF file, see comments describing the routine
- * krb_get_krbhst(). This will also look in KRB_FB_CONF is
- * ATHENA_CONF_FALLBACK is defined.
- */
-int KRB5_CALLCONV
-krb_get_lrealm(r,n)
- char *r;
- int n;
-{
- FILE *cnffile;
-
- if (n > 1)
- return(KFAILURE); /* Temporary restriction */
-
- cnffile = krb__get_cnffile();
- if (!cnffile) {
- if (n == 1) {
- (void) strncpy(r, KRB_REALM, REALM_SZ);
- r[REALM_SZ - 1] = '\0';
- return(KSUCCESS);
- }
- else
- return(KFAILURE);
- }
-
- /*
- * XXX This assumes REALM_SZ == 40,
- * and that r is 40 characters long.
- */
- if (fscanf(cnffile,"%39s",r) != 1) {
- (void) fclose(cnffile);
- return(KFAILURE);
- }
- (void) fclose(cnffile);
- return(KSUCCESS);
-}
/*
- * g_svc_in_tkt.c
+ * lib/krb4/g_svc_in_tkt.c
*
* Copyright 1987, 1988 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
*
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
*/
-#include "mit-copyright.h"
+#include <string.h>
+#include <stdlib.h>
#include "krb.h"
#include "prot.h"
#include "krb4int.h"
-#include <string.h>
-
-#ifndef NULL
-#define NULL 0
-#endif
/*
* This file contains two routines: srvtab_to_key(), which gets
int KRB5_CALLCONV
krb_get_tf_fullname(ticket_file, name, instance, realm)
- char *ticket_file;
+ const char *ticket_file;
char *name;
char *instance;
char *realm;
/*
- * g_tf_realm.c
+ * lib/krb4/g_tf_realm.c
*
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
+ * Copyright 1987-2002 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
*
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
*/
-#include "mit-copyright.h"
#include "krb.h"
/*
*/
int KRB5_CALLCONV
-krb_get_tf_realm(ticket_file, realm)
- char *ticket_file;
- char *realm;
+krb_get_tf_realm(const char *ticket_file, char *realm)
{
- return(krb_get_tf_fullname(ticket_file, (char *)0, (char *)0, realm));
+ return krb_get_tf_fullname(ticket_file, NULL, NULL, realm);
}
#include <stdio.h>
#include <string.h>
+#include <errno.h>
#include "krb.h"
#include <fcntl.h>
#include <sys/stat.h>
uid_t me, metoo, getuid(), geteuid();
struct stat statpre, statpost;
int count;
- char *file = TKT_FILE;
+ const char *file = TKT_FILE;
int fd;
register int i;
char charbuf[BUFSIZ];
-/* A series of private prototypes that we are not exporting but should
+/*
+ * lib/krb4/krb4int.h
+ *
+ * Copyright 2001-2002 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ * A series of private prototypes that we are not exporting but should
* be available for self consistancy in the library.
*/
/* gethostname.c */
int k_gethostname(char *, int);
+/* g_in_tkt.c */
+int krb_get_in_tkt_preauth_creds(char *, char *, char *,
+ char *, char *, int,
+ key_proc_type, decrypt_tkt_type,
+ char *, char *, int, CREDENTIALS *);
+
/* klog.c */
void kset_logfile(char *);
int krb_end_session(char *);
-#ifndef _WINDOWS
+#ifndef _WIN32
/* For windows users, these are defined in krb.h */
char *krb_get_default_user (void);
int krb_set_default_user (char *);
#endif
+/* RealmConfig-glue.c */
+int krb_get_kpasswdhst(char *, char *, int);
+int krb_get_stk(KRB_UINT32 *type, char *realm);
-
+/* err_txt.c */
+void krb4int_et_init(void);
+void krb4int_et_fini(void);
"Kerberos auth expired"
ec KRBET_KDC_PKT_VER,
- "Incorrect kerberos master key version"
+ "Unknown kerberos protocol version"
ec KRBET_KDC_P_MKEY_VER,
- "Incorrect kerberos master key version"
+ "Incorrect kerberos master key version for principal"
ec KRBET_KDC_S_MKEY_VER,
- "Incorrect kerberos master key version"
+ "Incorrect kerberos master key version for service"
ec KRBET_KDC_BYTE_ORDER,
- "Kerberos error: byte order unknown"
+ "Bad byte order (kerberos)"
ec KRBET_KDC_PR_UNKNOWN,
"Kerberos principal unknown"
"Kerberos principal has null key"
ec KRBET_KRB_RES11,
- "Reserved 11"
+ "Reserved error message 11 (kerberos)"
ec KRBET_KRB_RES12,
- "Reserved 12"
+ "Reserved error message 12 (kerberos)"
ec KRBET_KRB_RES13,
- "Reserved 13"
+ "Reserved error message 13 (kerberos)"
ec KRBET_KRB_RES14,
- "Reserved 14"
+ "Reserved error message 14 (kerberos)"
ec KRBET_KRB_RES15,
- "Reserved 15"
+ "Reserved error message 15 (kerberos)"
ec KRBET_KRB_RES16,
- "Reserved 16"
+ "Reserved error message 16 (kerberos)"
ec KRBET_KRB_RES17,
- "Reserved 17"
+ "Reserved error message 17 (kerberos)"
ec KRBET_KRB_RES18,
- "Reserved 18"
+ "Reserved error message 18 (kerberos)"
ec KRBET_KRB_RES19,
- "Reserved 19"
+ "Reserved error message 19 (kerberos)"
ec KRBET_KDC_GEN_ERR,
"Generic error from Kerberos KDC"
"Can't find Kerberos ticket or TGT"
ec KRBET_KRB_RES23,
- "Reserved 23"
+ "Reserved error message 23 (krb_get_cred)"
ec KRBET_KRB_RES24,
- "Reserved 24"
+ "Reserved error message 24 (krb_get_cred)"
ec KRBET_KRB_RES25,
- "Reserved 25"
+ "Reserved error message 25 (krb_get_cred)"
ec KRBET_MK_AP_TGTEXP,
"Kerberos TGT Expired"
ec KRBET_KRB_RES27,
- "Reserved 27"
+ "Reserved error message 27 (krb_mk_req)"
ec KRBET_KRB_RES28,
- "Reserved 28"
+ "Reserved error message 28 (krb_mk_req)"
ec KRBET_KRB_RES29,
- "Reserved 29"
+ "Reserved error message 29 (krb_mk_req)"
ec KRBET_KRB_RES30,
- "Reserved 30"
+ "Reserved error message 30 (krb_mk_req)"
ec KRBET_RD_AP_UNDEC,
- "Kerberos error: Can't decode authenticator"
+ "Can't decode authenticator (krb_rd_req)"
ec KRBET_RD_AP_EXP,
- "Kerberos ticket expired"
+ "Kerberos ticket expired (krb_rd_req)"
ec KRBET_RD_AP_NYV,
- "Kerberos ticket not yet valid"
+ "Kerberos ticket not yet valid (krb_rd_req)"
ec KRBET_RD_AP_REPEAT,
- "Kerberos error: Repeated request"
+ "Repeated request (krb_rd_req)"
ec KRBET_RD_AP_NOT_US,
- "The kerberos ticket isn't for us"
+ "Kerberos ticket is for wrong server (krb_rd_req)"
ec KRBET_RD_AP_INCON,
"Kerberos request inconsistent"
ec KRBET_RD_AP_TIME,
- "Kerberos error: time is out of bounds"
+ "Time is out of bounds (krb_rd_req)"
ec KRBET_RD_AP_BADD,
- "Kerberos error: incorrect net address"
+ "Incorrect net address (krb_rd_req)"
ec KRBET_RD_AP_VERSION,
- "Kerberos protocol version mismatch"
+ "Kerberos protocol version mismatch (krb_rd_req)"
ec KRBET_RD_AP_MSG_TYPE,
- "Kerberos error: invalid msg type"
+ "Invalid msg type (krb_rd_req)"
ec KRBET_RD_AP_MODIFIED,
- "Kerberos error: message stream modified"
+ "Message integrity error (krb_rd_req)"
ec KRBET_RD_AP_ORDER,
- "Kerberos error: message out of order"
+ "Message out of order (krb_rd_req)"
ec KRBET_RD_AP_UNAUTHOR,
- "Kerberos error: unauthorized request"
+ "Unauthorized request (krb_rd_req)"
ec KRBET_KRB_RES44,
- "Reserved 44"
+ "Reserved error message 44 (krb_rd_req)"
ec KRBET_KRB_RES45,
- "Reserved 45"
+ "Reserved error message 45 (krb_rd_req)"
ec KRBET_KRB_RES46,
- "Reserved 46"
+ "Reserved error message 46 (krb_rd_req)"
ec KRBET_KRB_RES47,
- "Reserved 47"
+ "Reserved error message 47 (krb_rd_req)"
ec KRBET_KRB_RES48,
- "Reserved 48"
+ "Reserved error message 48 (krb_rd_req)"
ec KRBET_KRB_RES49,
- "Reserved 49"
+ "Reserved error message 49 (krb_rd_req)"
ec KRBET_KRB_RES50,
- "Reserved 50"
+ "Reserved error message 50 (krb_rd_req)"
ec KRBET_GT_PW_NULL,
- "Kerberos error: current PW is null"
+ "Current password is null (get_pw_tkt)"
ec KRBET_GT_PW_BADPW,
- "Kerberos error: Incorrect current password"
+ "Incorrect current password (get_pw_tkt)"
ec KRBET_GT_PW_PROT,
- "Kerberos protocol error"
+ "Protocol error (get_pw_tkt)"
ec KRBET_GT_PW_KDCERR,
- "Error returned by Kerberos KDC"
+ "Error returned by KDC (get_pw_tkt)"
ec KRBET_GT_PW_NULLTKT,
- "Null Kerberos ticket returned by KDC"
+ "Null Kerberos ticket returned by KDC (get_pw_tkt)"
ec KRBET_SKDC_RETRY,
- "Kerberos error: Retry count exceeded"
+ "Retry count exceeded (send_to_kdc)"
ec KRBET_SKDC_CANT,
- "Kerberos error: Can't send request"
+ "Can't send request (send_to_kdc)"
ec KRBET_KRB_RES58,
- "Reserved 58"
+ "Reserved error message 58 (send_to_kdc)"
ec KRBET_KRB_RES59,
- "Reserved 59"
+ "Reserved error message 59 (send_to_kdc)"
ec KRBET_KRB_RES60,
- "Reserved 60"
+ "Reserved error message 60 (send_to_kdc)"
ec KRBET_INTK_W_NOTALL,
"Kerberos error: not all tickets returned"
ec KRBET_INTK_BADPW,
- "Kerberos error: incorrect password"
+ "Incorrect password (get_in_tkt)"
ec KRBET_INTK_PROT,
- "Kerberos error: Protocol Error"
+ "Protocol error (get_in_tkt)"
ec KRBET_KRB_RES64,
- "Reserved 64"
+ "Reserved error message 64 (get_in_tkt)"
ec KRBET_KRB_RES65,
- "Reserved 65"
+ "Reserved error message 65 (get_in_tkt)"
ec KRBET_KRB_RES66,
- "Reserved 66"
+ "Reserved error message 66 (get_in_tkt)"
ec KRBET_KRB_RES67,
- "Reserved 67"
+ "Reserved error message 67 (get_in_tkt)"
ec KRBET_KRB_RES68,
- "Reserved 68"
+ "Reserved error message 68 (get_in_tkt)"
ec KRBET_KRB_RES69,
- "Reserved 69"
+ "Reserved error message 69 (get_in_tkt)"
ec KRBET_INTK_ERR,
- "Other error"
+ "Other error (get_in_tkt)"
ec KRBET_AD_NOTGT,
- "Don't have Kerberos ticket-granting ticket"
+ "Don't have Kerberos ticket-granting ticket (get_ad_tkt)"
ec KRBET_KRB_RES72,
- "Reserved 72"
+ "Reserved error message 72 (get_ad_tkt)"
ec KRBET_KRB_RES73,
- "Reserved 73"
+ "Reserved error message 73 (get_ad_tkt)"
ec KRBET_KRB_RES74,
- "Reserved 74"
+ "Reserved error message 74 (get_ad_tkt)"
ec KRBET_KRB_RES75,
- "Reserved 75"
+ "Reserved error message 75 (get_ad_tkt)"
ec KRBET_NO_TKT_FIL,
"You have no tickets cached"
ec KRBET_TKT_FIL_ACC,
- "Couldn't access ticket file"
+ "Couldn't access ticket file (tf_util)"
ec KRBET_TKT_FIL_LCK,
- "Couldn't lock ticket file"
+ "Couldn't lock ticket file (tf_util)"
ec KRBET_TKT_FIL_FMT,
- "Bad ticket file format"
+ "Bad ticket file format (tf_util)"
ec KRBET_TKT_FIL_INI,
- "tf_init not called first"
+ "tf_init not called before reading from ticket file (tf_util)"
ec KRBET_KNAME_FMT,
- "Bad Kerberos name format"
+ "Bad Kerberos name format (kname_parse)"
- end
+ ec KRBET_RES82,
+ "Reserved error message 82"
+
+ ec KRBET_RES83,
+ "Reserved error message 83"
+
+ ec KRBET_RES84,
+ "Reserved error message 84"
+
+ ec KRBET_RES85,
+ "Reserved error message 85"
+
+ ec KRBET_RES86,
+ "Reserved error message 86"
+
+ ec KRBET_RES87,
+ "Reserved error message 87"
+
+ ec KRBET_RES88,
+ "Reserved error message 88"
+
+ ec KRBET_RES89,
+ "Reserved error message 89"
+
+ ec KRBET_RES90,
+ "Reserved error message 90"
+
+ ec KRBET_RES91,
+ "Reserved error message 91"
+
+ ec KRBET_RES92,
+ "Reserved error message 92"
+
+ ec KRBET_RES93,
+ "Reserved error message 93"
+
+ ec KRBET_RES94,
+ "Reserved error message 94"
+
+ ec KRBET_RES95,
+ "Reserved error message 95"
+
+ ec KRBET_RES96,
+ "Reserved error message 96"
+
+ ec KRBET_RES97,
+ "Reserved error message 97"
+
+ ec KRBET_RES98,
+ "Reserved error message 98"
+
+ ec KRBET_RES99,
+ "Reserved error message 99"
+
+ ec KRBET_RES100,
+ "Reserved error message 100"
+
+ ec KRBET_RES101,
+ "Reserved error message 101"
+
+ ec KRBET_RES102,
+ "Reserved error message 102"
+
+ ec KRBET_RES103,
+ "Reserved error message 103"
+
+ ec KRBET_RES104,
+ "Reserved error message 104"
+
+ ec KRBET_RES105,
+ "Reserved error message 105"
+
+ ec KRBET_RES106,
+ "Reserved error message 106"
+
+ ec KRBET_RES107,
+ "Reserved error message 107"
+
+ ec KRBET_RES108,
+ "Reserved error message 108"
+
+ ec KRBET_RES109,
+ "Reserved error message 109"
+
+ ec KRBET_RES110,
+ "Reserved error message 110"
+
+ ec KRBET_RES111,
+ "Reserved error message 111"
+
+ ec KRBET_RES112,
+ "Reserved error message 112"
+
+ ec KRBET_RES113,
+ "Reserved error message 113"
+
+ ec KRBET_RES114,
+ "Reserved error message 114"
+
+ ec KRBET_RES115,
+ "Reserved error message 115"
+
+ ec KRBET_RES116,
+ "Reserved error message 116"
+
+ ec KRBET_RES117,
+ "Reserved error message 117"
+
+ ec KRBET_RES118,
+ "Reserved error message 118"
+
+ ec KRBET_RES119,
+ "Reserved error message 119"
+
+ ec KRBET_RES120,
+ "Reserved error message 120"
+
+ ec KRBET_RES121,
+ "Reserved error message 121"
+
+ ec KRBET_RES122,
+ "Reserved error message 122"
+
+ ec KRBET_RES123,
+ "Reserved error message 123"
+
+ ec KRBET_RES124,
+ "Reserved error message 124"
+
+ ec KRBET_RES125,
+ "Reserved error message 125"
+
+ ec KRBET_RES126,
+ "Reserved error message 126"
+
+ ec KRBET_RES127,
+ "Reserved error message 127"
+
+ ec KRBET_RES128,
+ "Reserved error message 128"
+
+ ec KRBET_RES129,
+ "Reserved error message 129"
+
+ ec KRBET_RES130,
+ "Reserved error message 130"
+
+ ec KRBET_RES131,
+ "Reserved error message 131"
+
+ ec KRBET_RES132,
+ "Reserved error message 132"
+
+ ec KRBET_RES133,
+ "Reserved error message 133"
+
+ ec KRBET_RES134,
+ "Reserved error message 134"
+
+ ec KRBET_RES135,
+ "Reserved error message 135"
+
+ ec KRBET_RES136,
+ "Reserved error message 136"
+
+ ec KRBET_RES137,
+ "Reserved error message 137"
+
+ ec KRBET_RES138,
+ "Reserved error message 138"
+
+ ec KRBET_RES139,
+ "Reserved error message 139"
+
+ ec KRBET_RES140,
+ "Reserved error message 140"
+
+ ec KRBET_RES141,
+ "Reserved error message 141"
+
+ ec KRBET_RES142,
+ "Reserved error message 142"
+
+ ec KRBET_RES143,
+ "Reserved error message 143"
+
+ ec KRBET_RES144,
+ "Reserved error message 144"
+
+ ec KRBET_RES145,
+ "Reserved error message 145"
+
+ ec KRBET_RES146,
+ "Reserved error message 146"
+
+ ec KRBET_RES147,
+ "Reserved error message 147"
+
+ ec KRBET_RES148,
+ "Reserved error message 148"
+
+ ec KRBET_RES149,
+ "Reserved error message 149"
+
+ ec KRBET_RES150,
+ "Reserved error message 150"
+
+ ec KRBET_RES151,
+ "Reserved error message 151"
+
+ ec KRBET_RES152,
+ "Reserved error message 152"
+
+ ec KRBET_RES153,
+ "Reserved error message 153"
+
+ ec KRBET_RES154,
+ "Reserved error message 154"
+
+ ec KRBET_RES155,
+ "Reserved error message 155"
+
+ ec KRBET_RES156,
+ "Reserved error message 156"
+
+ ec KRBET_RES157,
+ "Reserved error message 157"
+
+ ec KRBET_RES158,
+ "Reserved error message 158"
+
+ ec KRBET_RES159,
+ "Reserved error message 159"
+
+ ec KRBET_RES160,
+ "Reserved error message 160"
+
+ ec KRBET_RES161,
+ "Reserved error message 161"
+
+ ec KRBET_RES162,
+ "Reserved error message 162"
+
+ ec KRBET_RES163,
+ "Reserved error message 163"
+
+ ec KRBET_RES164,
+ "Reserved error message 164"
+
+ ec KRBET_RES165,
+ "Reserved error message 165"
+
+ ec KRBET_RES166,
+ "Reserved error message 166"
+
+ ec KRBET_RES167,
+ "Reserved error message 167"
+
+ ec KRBET_RES168,
+ "Reserved error message 168"
+ ec KRBET_RES169,
+ "Reserved error message 169"
+
+ ec KRBET_RES170,
+ "Reserved error message 170"
+
+ ec KRBET_RES171,
+ "Reserved error message 171"
+
+ ec KRBET_RES172,
+ "Reserved error message 172"
+
+ ec KRBET_RES173,
+ "Reserved error message 173"
+
+ ec KRBET_RES174,
+ "Reserved error message 174"
+
+ ec KRBET_RES175,
+ "Reserved error message 175"
+
+ ec KRBET_RES176,
+ "Reserved error message 176"
+
+ ec KRBET_RES177,
+ "Reserved error message 177"
+
+ ec KRBET_RES178,
+ "Reserved error message 178"
+
+ ec KRBET_RES179,
+ "Reserved error message 179"
+
+ ec KRBET_RES180,
+ "Reserved error message 180"
+
+ ec KRBET_RES181,
+ "Reserved error message 181"
+
+ ec KRBET_RES182,
+ "Reserved error message 182"
+
+ ec KRBET_RES183,
+ "Reserved error message 183"
+
+ ec KRBET_RES184,
+ "Reserved error message 184"
+
+ ec KRBET_RES185,
+ "Reserved error message 185"
+
+ ec KRBET_RES186,
+ "Reserved error message 186"
+
+ ec KRBET_RES187,
+ "Reserved error message 187"
+
+ ec KRBET_RES188,
+ "Reserved error message 188"
+
+ ec KRBET_RES189,
+ "Reserved error message 189"
+
+ ec KRBET_RES190,
+ "Reserved error message 190"
+
+ ec KRBET_RES191,
+ "Reserved error message 191"
+
+ ec KRBET_RES192,
+ "Reserved error message 192"
+
+ ec KRBET_RES193,
+ "Reserved error message 193"
+
+ ec KRBET_RES194,
+ "Reserved error message 194"
+
+ ec KRBET_RES195,
+ "Reserved error message 195"
+
+ ec KRBET_RES196,
+ "Reserved error message 196"
+
+ ec KRBET_RES197,
+ "Reserved error message 197"
+
+ ec KRBET_RES198,
+ "Reserved error message 198"
+
+ ec KRBET_RES199,
+ "Reserved error message 199"
+
+ ec KRBET_RES200,
+ "Reserved error message 200"
+
+ ec KRBET_RES201,
+ "Reserved error message 201"
+
+ ec KRBET_RES202,
+ "Reserved error message 202"
+
+ ec KRBET_RES203,
+ "Reserved error message 203"
+
+ ec KRBET_RES204,
+ "Reserved error message 204"
+
+ ec KRBET_RES205,
+ "Reserved error message 205"
+
+ ec KRBET_RES206,
+ "Reserved error message 206"
+
+ ec KRBET_RES207,
+ "Reserved error message 207"
+
+ ec KRBET_RES208,
+ "Reserved error message 208"
+
+ ec KRBET_RES209,
+ "Reserved error message 209"
+
+ ec KRBET_RES210,
+ "Reserved error message 210"
+
+ ec KRBET_RES211,
+ "Reserved error message 211"
+
+ ec KRBET_RES212,
+ "Reserved error message 212"
+
+ ec KRBET_RES213,
+ "Reserved error message 213"
+
+ ec KRBET_RES214,
+ "Reserved error message 214"
+
+ ec KRBET_RES215,
+ "Reserved error message 215"
+
+ ec KRBET_RES216,
+ "Reserved error message 216"
+
+ ec KRBET_RES217,
+ "Reserved error message 217"
+
+ ec KRBET_RES218,
+ "Reserved error message 218"
+
+ ec KRBET_RES219,
+ "Reserved error message 219"
+
+ ec KRBET_RES220,
+ "Reserved error message 220"
+
+ ec KRBET_RES221,
+ "Reserved error message 221"
+
+ ec KRBET_RES222,
+ "Reserved error message 222"
+
+ ec KRBET_RES223,
+ "Reserved error message 223"
+
+ ec KRBET_RES224,
+ "Reserved error message 224"
+
+ ec KRBET_RES225,
+ "Reserved error message 225"
+
+ ec KRBET_RES226,
+ "Reserved error message 226"
+
+ ec KRBET_RES227,
+ "Reserved error message 227"
+
+ ec KRBET_RES228,
+ "Reserved error message 228"
+
+ ec KRBET_RES229,
+ "Reserved error message 229"
+
+ ec KRBET_RES230,
+ "Reserved error message 230"
+
+ ec KRBET_RES231,
+ "Reserved error message 231"
+
+ ec KRBET_RES232,
+ "Reserved error message 232"
+
+ ec KRBET_RES233,
+ "Reserved error message 233"
+
+ ec KRBET_RES234,
+ "Reserved error message 234"
+
+ ec KRBET_RES235,
+ "Reserved error message 235"
+
+ ec KRBET_RES236,
+ "Reserved error message 236"
+
+ ec KRBET_RES237,
+ "Reserved error message 237"
+
+ ec KRBET_RES238,
+ "Reserved error message 238"
+
+ ec KRBET_RES239,
+ "Reserved error message 239"
+
+ ec KRBET_RES240,
+ "Reserved error message 240"
+
+ ec KRBET_RES241,
+ "Reserved error message 241"
+
+ ec KRBET_RES242,
+ "Reserved error message 242"
+
+ ec KRBET_RES243,
+ "Reserved error message 243"
+
+ ec KRBET_RES244,
+ "Reserved error message 244"
+
+ ec KRBET_RES245,
+ "Reserved error message 245"
+
+ ec KRBET_RES246,
+ "Reserved error message 246"
+
+ ec KRBET_RES247,
+ "Reserved error message 247"
+
+ ec KRBET_RES248,
+ "Reserved error message 248"
+
+ ec KRBET_RES249,
+ "Reserved error message 249"
+
+ ec KRBET_RES250,
+ "Reserved error message 250"
+
+ ec KRBET_RES251,
+ "Reserved error message 251"
+
+ ec KRBET_RES252,
+ "Reserved error message 252"
+
+ ec KRBET_RES253,
+ "Reserved error message 253"
+
+ ec KRBET_RES254,
+ "Reserved error message 254"
+
+ ec KRBET_KFAILURE,
+ "Generic kerberos error (kfailure)"
+ end
+++ /dev/null
-/*
- * realmofhost.c
- *
- * Copyright 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- * routine to convert hostname into realm name.
- */
-
-#include "mit-copyright.h"
-#include "krb.h"
-
-#include <string.h>
-#include <stdio.h>
-#include <ctype.h>
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>
-#else
-extern char *malloc();
-#endif
-#include "port-sockets.h"
-#include "krb4int.h"
-
-/*
- * krb_realmofhost.
- * Given a fully-qualified domain-style primary host name,
- * return the name of the Kerberos realm for the host.
- * If the hostname contains no discernable domain, or an error occurs,
- * return the local realm name, as supplied by get_krbrlm().
- * If the hostname contains a domain, but no translation is found,
- * the hostname's domain is converted to upper-case and returned.
- *
- * The format of each line of the translation file is:
- * domain_name kerberos_realm
- * -or-
- * host_name kerberos_realm
- *
- * domain_name should be of the form .XXX.YYY (e.g. .LCS.MIT.EDU)
- * host names should be in the usual form (e.g. FOO.BAR.BAZ)
- */
-
-static char ret_realm[REALM_SZ+1];
-
-char * KRB5_CALLCONV
-krb_realmofhost(host)
- char *host;
-{
- char *domain;
- FILE *trans_file;
- /*
- * This used to be MAXHOSTNAMELEN, but we don't know how big
- * that will necessarily be on all systems, so assume 1024.
- */
- char trans_host[1024];
- char trans_realm[REALM_SZ+1];
- int retval;
- struct hostent *h;
- char *lhost;
-
- /* First, canonicalize it. This is in case the caller
- didn't have a fully qualified domain name. */
- if ((h=gethostbyname(host)) == NULL)
- lhost = host;
- else {
- lhost = h->h_name;
-#ifdef DO_REVERSE_RESOLVE
- if (h->h_addr_list != NULL && h->h_addr_list[0] != NULL) {
- char *rev_addr; int rev_type, rev_len;
-
- rev_type = h->h_addrtype;
- rev_len = h->h_length;
- rev_addr = malloc(rev_len);
- if (rev_addr != NULL) {
- memcpy(rev_addr, h->h_addr_list[0], rev_len);
- h = gethostbyaddr(rev_addr, rev_len, rev_type);
- free(rev_addr);
- if (h == NULL)
- lhost = host;
- else
- lhost = h->h_name;
- }
- }
-#endif
- }
-
- domain = strchr(lhost, '.');
-
- /* prepare default */
- if (domain) {
- char *cp;
-
- /* If the domain is just below the top, e.g., CYGNUS.COM,
- then we special-case it; if someone really wants a
- realm called COM they will just have to specify it
- properly. */
- if (((cp = strchr(domain+1, '.')) == (char *) 0)
- /* Handle root domain properly (COM.): */
- || (*(cp + 1) == '\0'))
- domain = lhost - 1; /* -1 fakes "period" before domain */
-
- strncpy(ret_realm, domain+1, REALM_SZ);
- ret_realm[REALM_SZ] = '\0';
- /* Upper-case realm */
- for (cp = ret_realm; *cp; cp++)
- if (islower((int) (*cp)))
- *cp = toupper((int) *cp);
- } else {
- krb_get_lrealm(ret_realm, 1);
- }
-
- if ((trans_file = krb__get_realmsfile()) == (FILE *) 0)
- /* krb_errno = KRB_NO_TRANS */
- return(ret_realm);
-
- /* loop while not exact match, and more entries to read */
- while (1) {
- /* XXX REALM_SZ == 40 */
- if ((retval = fscanf(trans_file, "%1023s %40s",
- trans_host, trans_realm)) != 2) {
- if (retval == EOF)
- break;
- continue; /* ignore broken lines */
- }
- trans_host[(MAXHOSTNAMELEN <= 1023) ? MAXHOSTNAMELEN : 1023]
- = '\0';
- trans_realm[REALM_SZ] = '\0';
- if (trans_host[0] == '.') {
- /* want domain match only */
- if (domain && (strlen(trans_host) == strlen(domain))
- && !strcasecmp (trans_host, domain)) {
- /* got domain match, save for later */
- (void) strncpy (ret_realm, trans_realm,
- sizeof(ret_realm) - 1);
- ret_realm[sizeof(ret_realm) - 1] = '\0';
- continue;
- }
- } else {
- /* want exact match of hostname */
- if ((strlen(lhost) == strlen(trans_host)) &&
- !strcasecmp (trans_host, lhost)) {
- (void) strncpy (ret_realm, trans_realm,
- sizeof(ret_realm) - 1);
- ret_realm[sizeof(ret_realm) - 1] = '\0';
- break;
- }
- }
- }
- fclose (trans_file);
- return ret_realm;
-}
/*
- * send_to_kdc.c
+ * lib/krb4/send_to_kdc.c
*
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
+ * Copyright 1987-2002 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
*
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
*/
-#include "mit-copyright.h"
-
#include "krb.h"
#include "krbports.h"
#include "prot.h"
*/
int KRB5_CALLCONV tf_init(tf_name, rw)
- char *tf_name;
+ const char *tf_name;
int rw;
{
int wflag;