From: Tom Yu Date: Tue, 11 Feb 2003 01:35:32 +0000 (+0000) Subject: Fix lots of things to compile on Unix. Fix some typos X-Git-Tag: krb5-1.3-alpha1~104 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=208e27d7e52cdaa9ed75bcfbd22b0527f5a2c4df;p=krb5.git Fix lots of things to compile on Unix. Fix some typos By means of carrying through local addresses in many places, eliminate or reduce sections of code depending on TARGET_OS_MAC conditionals. Conditionalize some prototypes in krb.h with KRB_PRIVATE, to avoid leakage on Mac. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15173 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/include/kerberosIV/ChangeLog b/src/include/kerberosIV/ChangeLog index 6c13b9770..6664127be 100644 --- a/src/include/kerberosIV/ChangeLog +++ b/src/include/kerberosIV/ChangeLog @@ -1,3 +1,10 @@ +2003-02-10 Tom Yu + + * krb.h: Add KRB_PRIVATE conditionals around lots of stuff that + doesn't belong in krb.h, and historically hasn't been in krb.h on + KfM. For now, everything except MacOS will define KRB_PRIVATE to + 1. + 2003-02-07 Tom Yu * krb.h: Declare krb_err_txt differently on Mac. diff --git a/src/include/kerberosIV/krb.h b/src/include/kerberosIV/krb.h index 684f50968..38b35e57b 100644 --- a/src/include/kerberosIV/krb.h +++ b/src/include/kerberosIV/krb.h @@ -37,6 +37,20 @@ # endif #endif +/* + * For MacOS, don't expose prototypes of various private functions. + * Unfortuantely, they've leaked out everywhere else. + */ +#if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__)) +# ifndef KRB_PRIVATE +# define KRB_PRIVATE 0 +# endif +#else +# ifndef KRB_PRIVATE +# define KRB_PRIVATE 1 +# endif +#endif + /* Define u_char, u_short, u_int, and u_long. */ /* XXX these typdef names are not standardized! */ #include @@ -446,12 +460,14 @@ int KRB5_CALLCONV krb_get_in_tkt (char *k_user, char *instance, char *realm, char *service, char *sinst, int life, key_proc_type, decrypt_tkt_type, char *arg); +#if KRB_PRIVATE /* Previously not KRB5_CALLCONV */ int KRB5_CALLCONV krb_get_in_tkt_preauth (char *k_user, char *instance, char *realm, char *service, char *sinst, int life, key_proc_type, decrypt_tkt_type, char *arg, char *preauth_p, int preauth_len); +#endif /* From KfM */ int KRB5_CALLCONV krb_get_in_tkt_creds(char *, char *, char *, char *, char *, int, key_proc_type, decrypt_tkt_type, char *, CREDENTIALS *); @@ -473,10 +489,12 @@ int KRB5_CALLCONV krb_get_pw_in_tkt (char *k_user, char *instance, char *realm, char *service, char *sinstance, int life, char *password); +#if KRB_PRIVATE int KRB5_CALLCONV krb_get_pw_in_tkt_preauth (char *k_user, char *instance, char *realm, char *service, char *sinstance, int life, char *password); +#endif int KRB5_CALLCONV krb_get_pw_in_tkt_creds(char *, char *, char *, char *, char *, int, char *, CREDENTIALS *); @@ -499,11 +517,14 @@ int KRB5_CALLCONV krb_get_ticket_for_service char *buf, unsigned KRB4_32 *buflen, int checksum, des_cblock, Key_schedule, char *version, int includeVersion); +#if KRB_PRIVATE /* in_tkt.c */ int KRB5_CALLCONV in_tkt (char *name, char *inst); int KRB5_CALLCONV krb_in_tkt (char *pname, char *pinst, char *realm); +#endif + /* kname_parse.c */ int KRB5_CALLCONV kname_parse (char *name, char *inst, char *realm, @@ -543,6 +564,7 @@ int KRB5_CALLCONV krb_mk_auth /* mk_err.c */ long KRB5_CALLCONV krb_mk_err (u_char *out, KRB4_32 k4_code, char *text); +#if KRB_PRIVATE /* mk_preauth.c */ int krb_mk_preauth (char **preauth_p, int *preauth_len, key_proc_type, @@ -550,6 +572,7 @@ int krb_mk_preauth C_Block); void krb_free_preauth (char * preauth_p, int len); +#endif /* mk_priv.c */ long KRB5_CALLCONV krb_mk_priv (u_char *in, u_char *out, @@ -574,18 +597,18 @@ long KRB5_CALLCONV krb_mk_safe C_Block *, struct sockaddr_in *sender, struct sockaddr_in *receiver); +#if KRB_PRIVATE /* netread.c */ -/* XXX private */ int krb_net_read (int fd, char *buf, int len); /* netwrite.c */ -/* XXX private */ int krb_net_write (int fd, char *buf, int len); /* pkt_clen.c */ -/* XXX private */ int pkt_clen (KTEXT); +#endif + /* put_svc_key.c */ int KRB5_CALLCONV put_svc_key (char *sfile, @@ -647,6 +670,7 @@ int KRB5_CALLCONV krb_sendauth struct sockaddr_in *laddr, struct sockaddr_in *faddr, char *version); +#if KRB_PRIVATE /* save_creds.c */ int KRB5_CALLCONV krb_save_credentials (char *service, char *instance, char *realm, @@ -656,15 +680,17 @@ int KRB5_CALLCONV krb_save_credentials /* XXX PRIVATE? KfM doesn't export. */ int send_to_kdc (KTEXT pkt, KTEXT rpkt, char *realm); +#endif /* tkt_string.c */ /* Used to return pointer to non-const char */ const char * KRB5_CALLCONV tkt_string (void); -/* Previously not KRB5_CALLCONV */ +/* Previously not KRB5_CALLCONV, and previously took pointer to non-const. */ void KRB5_CALLCONV krb_set_tkt_string - (char *); + (const char *); +#if KRB_PRIVATE /* tf_util.c */ int KRB5_CALLCONV tf_init (const char *tf_name, int rw); @@ -675,7 +701,9 @@ int KRB5_CALLCONV tf_get_pinst (char *p); int KRB5_CALLCONV tf_get_cred (CREDENTIALS *c); void KRB5_CALLCONV tf_close (void); +#endif +#if KRB_PRIVATE /* unix_time.c */ unsigned KRB4_32 KRB5_CALLCONV unix_time_gmt_unixsec (unsigned KRB4_32 *); @@ -724,6 +752,8 @@ extern int krb_set_key_krb5(krb5_context ctx, krb5_keyblock *key); #endif +#endif /* KRB_PRIVATE */ + /* FSp-glue.c */ #if TARGET_OS_MAC && defined(__FILES__) int KRB5_CALLCONV FSp_krb_get_svc_in_tkt(char *, char *, char *, char *, diff --git a/src/lib/des425/ChangeLog b/src/lib/des425/ChangeLog index 91bc5f7d3..cb2881b5e 100644 --- a/src/lib/des425/ChangeLog +++ b/src/lib/des425/ChangeLog @@ -1,3 +1,8 @@ +2003-02-10 Tom Yu + + * str_to_key.c (afs_string_to_key): Move out from under + TARGET_OS_MAC conditional. + 2003-01-10 Ken Raeburn * configure.in: Don't explicitly invoke AC_PROG_INSTALL, or check diff --git a/src/lib/des425/str_to_key.c b/src/lib/des425/str_to_key.c index ccbf80621..ce95a531f 100644 --- a/src/lib/des425/str_to_key.c +++ b/src/lib/des425/str_to_key.c @@ -150,7 +150,6 @@ des_string_to_key(str,key) /* can do dumb things sometimes */ } -#if TARGET_OS_MAC char *mit_afs_crypt (const char *, const char *, const char *); void afs_string_to_key(char *str, char *cell, des_cblock key) @@ -170,6 +169,7 @@ void afs_string_to_key(char *str, char *cell, des_cblock key) mit_afs_string_to_key(&keyblock, &str_data, &cell_data); } +#if TARGET_OS_MAC char *des_crypt(const char *str, const char *salt) { char afs_buf[16]; diff --git a/src/lib/krb4/CCache-glue.c b/src/lib/krb4/CCache-glue.c index 27204c438..1a9d7ed09 100644 --- a/src/lib/krb4/CCache-glue.c +++ b/src/lib/krb4/CCache-glue.c @@ -106,12 +106,28 @@ in_tkt ( return KSUCCESS; } +int KRB5_CALLCONV +krb_save_credentials( + char *service, + char *instance, + char *realm, + C_Block session, + int lifetime, + int kvno, + KTEXT ticket, + long issue_date) +{ + return krb4int_save_credentials_addr(service, instance, realm, + session, lifetime, kvno, + ticket, issue_date, 0); +} + /* * Store a ticket into the default credentials cache * cache must exist (if it didn't exist, it would have been created by in_tkt) */ int -krb_save_credentials ( +krb4int_save_credentials_addr( char* service, char* instance, char* realm, diff --git a/src/lib/krb4/ChangeLog b/src/lib/krb4/ChangeLog index b798a560f..fbef40e26 100644 --- a/src/lib/krb4/ChangeLog +++ b/src/lib/krb4/ChangeLog @@ -1,3 +1,39 @@ +2003-02-10 Tom Yu + + * CCache-glue.c (krb4int_save_credentials_addr): Renamed from + krb_save_credentials(). + (krb_save_credentials): Implement in terms of + krb4int_save_credentials_addr(). + + * Makefile.in (SRCS, OBJS): Add password_to_key. + + * g_ad_tkt.c (get_ad_tkt): Call krb4int_send_to_kdc_addr() instead + of send_to_kdc(). Call krb4int_save_credentials_addr() instead of + krb_save_credentials(). These changes deal with Mac-specific + storage of the local address without introducing more + conditionally compiled code. + + * g_in_tkt.c: Fix to minimize Mac-specific code. Basically, pass + around local address in lots of places. There is still a + Mac-specific difference involving krb_get_in_tkt_creds(). + + * krb4int.h: Include port-sockets.h to get some socket stuff for + some prototypes. Update prototype for + krb_get_in_tkt_preauth_creds(). Add prototypes for + krb4int_save_credentials_addr() and krb4int_send_to_kdc_addr(). + + * password_to_key.c (krb_get_keyprocs): Fix typo. + (mit_passwd_to_key, krb5_passwd_to_key): mit_string_to_key -> + des_string_to_key. + + * save_creds.c (krb_save_credentials): Re-implement in terms of + krb4itn_save_credentials_addr(), which is what library internals + will call. + (krb4int_save_credentials_addr): Renamed from + krb_save_credentials. + + * tkt_string.c (krb_set_tkt_string): Fix to take const char *. + 2003-02-10 Alexandra Ellwood Note: these checkins are partial progress for Tom Yu. They probably don't build; Tom is expecting that. diff --git a/src/lib/krb4/Makefile.in b/src/lib/krb4/Makefile.in index c9b9ff889..c54cd02c6 100644 --- a/src/lib/krb4/Makefile.in +++ b/src/lib/krb4/Makefile.in @@ -56,6 +56,7 @@ OBJS = \ $(OUTPRE)mk_req.$(OBJEXT) \ $(OUTPRE)mk_safe.$(OBJEXT) \ $(OUTPRE)month_sname.$(OBJEXT) \ + $(OUTPRE)password_to_key.$(OBJEXT) \ $(OUTPRE)prot_client.$(OBJEXT) \ $(OUTPRE)prot_common.$(OBJEXT) \ $(OUTPRE)prot_kdc.$(OBJEXT) \ @@ -99,6 +100,7 @@ SRCS = \ mk_req.c \ mk_safe.c \ month_sname.c \ + password_to_key.c \ pkt_cipher.c \ pkt_clen.c \ prot_client.c \ diff --git a/src/lib/krb4/g_ad_tkt.c b/src/lib/krb4/g_ad_tkt.c index 1558b65a1..daae7515f 100644 --- a/src/lib/krb4/g_ad_tkt.c +++ b/src/lib/krb4/g_ad_tkt.c @@ -26,6 +26,7 @@ #include "krb.h" #include "des.h" +#include "krb4int.h" #include "prot.h" #include @@ -249,6 +250,8 @@ get_ad_tkt(service, sinstance, realm, lifetime) char rlm[REALM_SZ]; unsigned char *ptr; KRB4_32 t_local; + struct sockaddr_in laddr; + socklen_t addrlen; unsigned KRB4_32 kdc_time; /* KDC time */ size_t snamelen, sinstlen; @@ -331,7 +334,9 @@ get_ad_tkt(service, sinstance, realm, lifetime) /* Send the request to the local ticket-granting server */ rpkt->length = 0; - kerror = send_to_kdc(pkt, rpkt, realm); + addrlen = sizeof(laddr); + kerror = krb4int_send_to_kdc_addr(pkt, rpkt, realm, + (struct sockaddr *)&laddr, &addrlen); if (!kerror) { /* No error; parse return packet from KDC. */ @@ -355,8 +360,10 @@ get_ad_tkt(service, sinstance, realm, lifetime) return kerror; } - kerror = krb_save_credentials(s_name, s_instance, rlm, - ses, lifetime, kvno, tkt, t_local); + kerror = krb4int_save_credentials_addr(s_name, s_instance, rlm, + ses, lifetime, kvno, tkt, + t_local, + laddr.sin_addr.s_addr); /* * Unconditionally stomp on ses because we don't need it anymore. */ diff --git a/src/lib/krb4/g_in_tkt.c b/src/lib/krb4/g_in_tkt.c index bebdd009c..debfee4f4 100644 --- a/src/lib/krb4/g_in_tkt.c +++ b/src/lib/krb4/g_in_tkt.c @@ -159,9 +159,7 @@ krb_mk_in_tkt_preauth(user, instance, realm, service, sinstance, life, int msg_byte_order; int kerror; -#if TARGET_OS_MAC socklen_t addrlen; -#endif #if 0 unsigned long exp_date; #endif @@ -218,13 +216,10 @@ krb_mk_in_tkt_preauth(user, instance, realm, service, sinstance, life, /* SEND THE REQUEST AND RECEIVE THE RETURN PACKET */ rpkt->length = 0; -#if TARGET_OS_MAC - addrlen = sizeof(struct sockaddr_in) + addrlen = sizeof(struct sockaddr_in); kerror = krb4int_send_to_kdc_addr(pkt, rpkt, realm, - local_addr, &addrlen); -#else - kerror = send_to_kdc(pkt, rpkt, realm); -#endif + (struct sockaddr *)local_addr, + &addrlen); if (kerror) return kerror; @@ -397,7 +392,7 @@ krb_parse_in_tkt_creds(user, instance, realm, service, sinstance, life, cip, int krb_get_in_tkt_preauth_creds(user, instance, realm, service, sinstance, life, key_proc, decrypt_proc, - arg, preauth_p, preauth_len, creds) + arg, preauth_p, preauth_len, creds, laddrp) char *user; char *instance; char *realm; @@ -410,6 +405,7 @@ krb_get_in_tkt_preauth_creds(user, instance, realm, service, sinstance, life, char *preauth_p; int preauth_len; CREDENTIALS *creds; + KRB_UINT32 *laddrp; { KTEXT_ST cip_st; KTEXT cip = &cip_st; /* Returned Ciphertext */ @@ -417,21 +413,12 @@ krb_get_in_tkt_preauth_creds(user, instance, realm, service, sinstance, life, int byteorder; key_proc_type *keyprocs = krb_get_keyprocs (key_proc); int i = 0; -#if TARGET_OS_MAC struct sockaddr_in local_addr; -#endif -#if TARGET_OS_MAC kerror = krb_mk_in_tkt_preauth(user, instance, realm, service, sinstance, life, preauth_p, preauth_len, cip, &byteorder, &local_addr); -#else - kerror = krb_mk_in_tkt_preauth(user, instance, realm, - service, sinstance, - life, preauth_p, preauth_len, - cip, &byteorder, NULL); -#endif if (kerror) return kerror; @@ -445,12 +432,11 @@ krb_get_in_tkt_preauth_creds(user, instance, realm, service, sinstance, life, } kerror = krb_parse_in_tkt_creds(user, instance, realm, service, sinstance, life, cip, byteorder, creds); - } while ((keyprocs [++i] != NULL) && (kerror == INTK_BADPW)) - -#if TARGET_OS_MAC - /* Do this here to avoid OS dependency in parse_in_tkt prototype. */ - creds->address = local_addr->sin_addr.s_addr; -#endif + } while ((keyprocs [++i] != NULL) && (kerror == INTK_BADPW)); + + if (laddrp != NULL) + *laddrp = local_addr.sin_addr.s_addr; + /* stomp stomp stomp */ memset(cip->dat, 0, (size_t)cip->length); return kerror; @@ -470,10 +456,17 @@ krb_get_in_tkt_creds(user, instance, realm, service, sinstance, life, char *arg; CREDENTIALS *creds; { +#if TARGET_OS_MAC /* XXX */ return krb_get_in_tkt_preauth_creds(user, instance, realm, service, sinstance, life, key_proc, decrypt_proc, arg, - NULL, 0, creds); + NULL, 0, creds, &creds.address); +#else + return krb_get_in_tkt_preauth_creds(user, instance, realm, + service, sinstance, life, + key_proc, decrypt_proc, arg, + NULL, 0, creds, NULL); +#endif } int KRB5_CALLCONV @@ -493,6 +486,7 @@ krb_get_in_tkt_preauth(user, instance, realm, service, sinstance, life, int preauth_len; { int retval; + KRB_UINT32 laddr; CREDENTIALS creds; do { @@ -500,24 +494,17 @@ krb_get_in_tkt_preauth(user, instance, realm, service, sinstance, life, service, sinstance, life, key_proc, decrypt_proc, arg, preauth_p, preauth_len, - &creds); + &creds, &laddr); if (retval != KSUCCESS) break; if (in_tkt(user, instance) != KSUCCESS) { retval = INTK_ERR; break; } -#if TARGET_OS_MAC /* XXX */ - retval = krb_save_credentials_addr(creds.service, creds.instance, - creds.realm, creds.session, - creds.lifetime, creds.kvno, - &creds.ticket_st, creds.issue_date, - creds.address); -#else - retval = krb_save_credentials(creds.service, creds.instance, - creds.realm, creds.session, - creds.lifetime, creds.kvno, - &creds.ticket_st, creds.issue_date); -#endif + retval = krb4int_save_credentials_addr(creds.service, creds.instance, + creds.realm, creds.session, + creds.lifetime, creds.kvno, + &creds.ticket_st, + creds.issue_date, laddr); if (retval != KSUCCESS) break; } while (0); memset(&creds, 0, sizeof(creds)); diff --git a/src/lib/krb4/krb4int.h b/src/lib/krb4/krb4int.h index 0b0c19b99..0a09378cf 100644 --- a/src/lib/krb4/krb4int.h +++ b/src/lib/krb4/krb4int.h @@ -27,6 +27,8 @@ * be available for self consistancy in the library. */ +#include "port-sockets.h" + /* ad_print.c */ void ad_print(AUTH_DAT *x); @@ -54,7 +56,8 @@ int k_gethostname(char *, int); int krb_get_in_tkt_preauth_creds(char *, char *, char *, char *, char *, int, key_proc_type, decrypt_tkt_type, - char *, char *, int, CREDENTIALS *); + char *, char *, int, CREDENTIALS *, + KRB_UINT32 *); /* klog.c */ void kset_logfile(char *); @@ -109,3 +112,9 @@ int krb_get_stk(KRB_UINT32 *type, char *realm); /* err_txt.c */ void krb4int_et_init(void); void krb4int_et_fini(void); + +int krb4int_save_credentials_addr( + char *, char *, char *, C_Block, int, int, KTEXT, long, KRB_UINT32); + +int krb4int_send_to_kdc_addr(KTEXT, KTEXT, char *, + struct sockaddr *, socklen_t *); diff --git a/src/lib/krb4/password_to_key.c b/src/lib/krb4/password_to_key.c index b4b4d00b3..ee040fc51 100644 --- a/src/lib/krb4/password_to_key.c +++ b/src/lib/krb4/password_to_key.c @@ -64,7 +64,7 @@ key_proc_type *krb_get_keyprocs (key_proc_type keyproc) static key_proc_type user_keyprocs[2] = { NULL, NULL }; /* generate the list of key procs */ - if (key_proc == NULL) { + if (keyproc == NULL) { return default_keyprocs; /* use the default */ } else { user_keyprocs[0] = keyproc; @@ -80,7 +80,7 @@ int mit_passwd_to_key(char *user, char *instance, char *realm, #pragma unused(realm) if (passwd) { - mit_string_to_key(passwd, key); + des_string_to_key(passwd, key); } else { #if !(defined(_WIN32) || defined(USE_LOGIN_LIBRARY)) des_read_password((des_cblock *)key, "Password: ", 0); @@ -101,7 +101,7 @@ int krb5_passwd_to_key(char *user, char *instance, char *realm, if (p != NULL) { snprintf (p, len, "%s%s%s%s", passwd, realm, user, instance); p[len - 1] = '\0'; - mit_string_to_key (p, key); + des_string_to_key (p, key); free (p); return 0; } diff --git a/src/lib/krb4/save_creds.c b/src/lib/krb4/save_creds.c index 67ec402f1..62961c1b5 100644 --- a/src/lib/krb4/save_creds.c +++ b/src/lib/krb4/save_creds.c @@ -1,14 +1,29 @@ /* * save_creds.c * - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. + * Copyright 1985, 1986, 1987, 1988, 2002 by the Massachusetts + * Institute of Technology. All Rights Reserved. * - * For copying and distribution information, please see the file - * . + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. */ -#include "mit-copyright.h" #include #include "krb.h" #include "krb4int.h" @@ -29,9 +44,9 @@ * to avoid namespace pollution. */ -int KRB5_CALLCONV -krb_save_credentials(service, instance, realm, session, lifetime, kvno, - ticket, issue_date) +int +krb4int_save_credentials_addr(service, instance, realm, session, lifetime, kvno, + ticket, issue_date, local_addr) char *service; /* Service name */ char *instance; /* Instance */ char *realm; /* Auth domain */ @@ -40,6 +55,7 @@ krb_save_credentials(service, instance, realm, session, lifetime, kvno, int kvno; /* Key version number */ KTEXT ticket; /* The ticket itself */ long issue_date; /* The issue time */ + KRB_UINT32 local_addr; { int tf_status; /* return values of the tf_util calls */ @@ -53,3 +69,19 @@ krb_save_credentials(service, instance, realm, session, lifetime, kvno, (void) tf_close(); return (tf_status); } + +int KRB5_CALLCONV +krb_save_credentials( + char *service, + char *instance, + char *realm, + C_Block session, + int lifetime, + int kvno, + KTEXT ticket, + long issue_date) +{ + return krb4int_save_credentials_addr(service, instance, realm, + session, lifetime, kvno, + ticket, issue_date, 0); +} diff --git a/src/lib/krb4/tkt_string.c b/src/lib/krb4/tkt_string.c index b434845eb..70eb60e86 100644 --- a/src/lib/krb4/tkt_string.c +++ b/src/lib/krb4/tkt_string.c @@ -92,7 +92,7 @@ const char *tkt_string() void KRB5_CALLCONV krb_set_tkt_string(val) -char *val; + const char *val; { (void) strncpy(krb_ticket_string, val, sizeof(krb_ticket_string)-1); krb_ticket_string[sizeof(krb_ticket_string)-1] = '\0';