From: Chris Provenzano Date: Mon, 27 Mar 1995 14:03:41 +0000 (+0000) Subject: kcmd.c (kcmd()): Don't pass any data to sendauth() to be X-Git-Tag: krb5-1.0-beta5~460 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=5020b3014ecd2f61bbf82561ff6d4979fa3d815e;p=krb5.git kcmd.c (kcmd()): Don't pass any data to sendauth() to be cchecksummed. The remote side doesn't check it anyway. krcp.c (send_auth()): Use new calling convention for krb5_rd_req(). krshd.c (recvauth()): Use new calling convention for krb5_compat_recvauth(). krlogind.c (recvauth()): Use new calling convention for krb5_compat_recvauth(). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5250 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog index 66c703db2..c416395f3 100644 --- a/src/appl/bsd/ChangeLog +++ b/src/appl/bsd/ChangeLog @@ -1,3 +1,13 @@ +Mon Mar 27 07:56:26 1995 Chris Provenzano (proven@mit.edu) + + * krcp.c (send_auth()): Use new calling convention for krb5_rd_req(). + + * krshd.c (recvauth()): Use new calling convention for + krb5_compat_recvauth(). + + * krlogind.c (recvauth()): Use new calling convention for + krb5_compat_recvauth(). + Thu Mar 23 23:23:25 1995 Theodore Y. Ts'o * Makefile.in (krshd): Move $(K4LIB) after $(KLIB) so that if @@ -27,6 +37,11 @@ Tue Mar 14 16:08:08 1995 * krlogind.c (main, doit): Minor type fixes to gethostbyname(), accept(). +Tue Mar 14 12:30:23 1995 Chris Provenzano (proven@mit.edu) + + * kcmd.c (kcmd()): Don't pass any data to sendauth() to be + checksummed. The remote side doesn't check it anyway. + Fri Mar 10 18:32:22 1995 Theodore Y. Ts'o * kcmd.c (kcmd): Initialize ret_cred to zero so that in case of an diff --git a/src/appl/bsd/kcmd.c b/src/appl/bsd/kcmd.c index 5bda9ff35..ef33d39b5 100644 --- a/src/appl/bsd/kcmd.c +++ b/src/appl/bsd/kcmd.c @@ -97,8 +97,6 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, krb5_error_code status; krb5_error *err_ret; krb5_ap_rep_enc_part *rep_ret; - krb5_data in_data; - char *tmpstr = 0; krb5_error *error = 0; int sin_len; krb5_ccache cc; @@ -129,11 +127,6 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, sin_len = strlen(host_save) + strlen(service) + (realm ? strlen(realm): 0) + 3; if ( sin_len < 20 ) sin_len = 20; - tmpstr = (char *) malloc(sin_len); - if ( tmpstr == (char *) 0){ - fprintf(stderr,"kcmd: no memory\n"); - return(-1); - } if (!(get_cred = (krb5_creds *)calloc(1, sizeof(krb5_creds)))) { fprintf(stderr,"kcmd: no memory\n"); @@ -178,7 +171,6 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, #else sigsetmask(oldmask); #endif /* POSIX_SIGNALS */ - if (tmpstr) krb5_xfree(tmpstr); krb5_free_creds(bsd_context, get_cred); return (-1); } @@ -225,7 +217,6 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, #else sigsetmask(oldmask); #endif /* POSIX_SIGNALS */ - if (tmpstr) krb5_xfree(tmpstr); krb5_free_creds(bsd_context, get_cred); return (-1); } @@ -280,9 +271,6 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, goto bad2; } - in_data.data = tmpstr; - in_data.length = strlen(tmpstr); - status = krb5_cc_default(bsd_context, &cc); if (status) goto bad2; @@ -304,12 +292,7 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, authentication. */ status = krb5_sendauth(bsd_context, &auth_context, (krb5_pointer) &s, "KCMDV0.1", ret_cred->client, ret_cred->server, - authopts, - &in_data, - ret_cred, - 0, /* We have the credentials */ - &error, /* No error return */ - &rep_ret, NULL); + authopts, NULL, ret_cred, 0, &error, &rep_ret, NULL); if (status) { printf("Couldn't authenticate to server: %s\n", error_message(status)); if (error) { @@ -380,7 +363,6 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, sigsetmask(oldmask); #endif /* POSIX_SIGNALS */ *sock = s; - if (tmpstr) krb5_xfree(tmpstr); /* pass back credentials if wanted */ if (cred) krb5_copy_creds(bsd_context, ret_cred, cred); @@ -397,7 +379,6 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, #else sigsetmask(oldmask); #endif /* POSIX_SIGNALS */ - if (tmpstr) krb5_xfree(tmpstr); if (ret_cred) krb5_free_creds(bsd_context, ret_cred); return (status); diff --git a/src/appl/bsd/krcp.c b/src/appl/bsd/krcp.c index 7aaf4bd05..f8152f8ed 100644 --- a/src/appl/bsd/krcp.c +++ b/src/appl/bsd/krcp.c @@ -1139,21 +1139,6 @@ char **save_argv(argc, argv) #define SIZEOF_INADDR sizeof(struct in_addr) #endif -krb5_error_code tgt_keyproc(context, keyprocarg, principal, vno, keytype, key) - krb5_context context; - krb5_pointer keyprocarg; - krb5_principal principal; - krb5_kvno vno; - krb5_keytype keytype; - krb5_keyblock ** key; -{ - krb5_creds *creds = (krb5_creds *)keyprocarg; - - return krb5_copy_keyblock(context, &creds->keyblock, key); -} - - - void send_auth() { int sin_len; @@ -1161,9 +1146,10 @@ void send_auth() krb5_ccache cc; krb5_creds in_creds, *out_creds; krb5_data reply, princ_data; - krb5_tkt_authent *authdat; krb5_error_code status; krb5_address faddr; + krb5_ticket * ticket = NULL; + krb5_auth_context * auth_context = NULL; if (status = krb5_cc_default(bsd_context, &cc)){ @@ -1246,17 +1232,21 @@ void send_auth() faddr.addrtype = foreign.sin_family; faddr.length = SIZEOF_INADDR; faddr.contents = (krb5_octet *) &foreign.sin_addr; + + if (krb5_auth_con_init(bsd_context, &auth_context)) + exit(1); + + krb5_auth_con_setaddrs(bsd_context, auth_context, NULL, &faddr); + + if (krb5_auth_con_setuseruserkey(bsd_context, auth_context, + &out_creds->keyblock)) + exit(1); /* read the ap_req to get the session key */ - status = krb5_rd_req(bsd_context, &reply, + status = krb5_rd_req(bsd_context, &auth_context, &reply, 0, /* don't know server's name... */ - &faddr, - 0, /* no fetchfrom */ - tgt_keyproc, - (krb5_pointer)out_creds, /* credentials as arg to - keyproc */ - 0, /* no rcache for the moment XXX */ - &authdat); + NULL, /* default keytab */ + NULL, & ticket); krb5_xfree(reply.data); if (status) { fprintf(stderr, "rcp: send_auth failed krb5_rd_req: %s\n", @@ -1264,9 +1254,8 @@ void send_auth() exit(1); } - krb5_copy_keyblock(bsd_context, authdat->ticket->enc_part2->session, + krb5_copy_keyblock(bsd_context, ticket->enc_part2->session, &session_key); - krb5_free_tkt_authent(bsd_context, authdat); krb5_free_creds(bsd_context, out_creds); krb5_use_keytype(bsd_context, &eblock, session_key->keytype); diff --git a/src/appl/bsd/krlogind.c b/src/appl/bsd/krlogind.c index 1f9dac7be..d64e2addd 100644 --- a/src/appl/bsd/krlogind.c +++ b/src/appl/bsd/krlogind.c @@ -1484,6 +1484,7 @@ int default_realm(principal) krb5_error_code recvauth() { + krb5_auth_context * auth_context = NULL; krb5_error_code status; struct sockaddr_in peersin, laddr; char krb_vers[KRB_SENDAUTH_VLEN + 1]; @@ -1524,34 +1525,29 @@ recvauth() strcpy(v4_instance, "*"); - status = krb5_compat_recvauth(bsd_context, &netf, + if (status = krb5_auth_con_init(bsd_context, &auth_context)) + return status; + + krb5_auth_con_setaddrs(bsd_context, auth_context, NULL, &peeraddr); + + if (status = krb5_compat_recvauth(bsd_context, &auth_context, &netf, "KCMDV0.1", - server, /* Specify daemon principal */ - &peeraddr, /* We do want to match */ - /* this against caddrs in */ - /* the ticket */ - 0, /* use v5srvtab */ - 0, /* no keyproc */ - 0, /* no keyprocarg */ - 0, /* default rc_type */ - 0, /* no flags */ + server, /* Specify daemon principal */ + 0, /* default rc_type */ + 0, /* no flags */ + NULL, /* default keytab */ do_encrypt ? KOPT_DO_MUTUAL : 0, /*v4_opts*/ - "rcmd", /* v4_service */ - v4_instance, /* v4_instance */ - &peersin, /* foriegn address */ - &laddr, /* our local address */ - "", /* use default srvtab */ - - &auth_sys, /* which authentication system */ - 0, /* no seq number */ - &client, /* return client */ - &ticket, /* return ticket */ - &kdata, /* return authenticator */ - - &v4_kdata, v4_schedule, v4_version); - - if (status) { + "rcmd", /* v4_service */ + v4_instance, /* v4_instance */ + &peersin, /* foriegn address */ + &laddr, /* our local address */ + "", /* use default srvtab */ + + &ticket, /* return ticket */ + &auth_sys, /* which authentication system*/ + &v4_kdata, v4_schedule, v4_version)) { + if (auth_sys == KRB5_RECVAUTH_V5) { /* * clean up before exiting @@ -1566,6 +1562,10 @@ recvauth() getstr(netf, lusername, sizeof (lusername), "locuser"); getstr(netf, term, sizeof(term), "Terminal type"); + if (status = krb5_copy_principal(bsd_context, ticket->enc_part2->client, + &client)) + return status; + #ifdef KRB5_KRB4_COMPAT if (auth_sys == KRB5_RECVAUTH_V4) { diff --git a/src/appl/bsd/krshd.c b/src/appl/bsd/krshd.c index 538d9bc0a..0a2ffc28f 100644 --- a/src/appl/bsd/krshd.c +++ b/src/appl/bsd/krshd.c @@ -1513,6 +1513,7 @@ recvauth(netf, peersin, peeraddr) struct sockaddr_in peersin; krb5_address peeraddr; { + krb5_auth_context *auth_context = NULL; krb5_error_code status; struct sockaddr_in laddr; char krb_vers[KRB_SENDAUTH_VLEN + 1]; @@ -1543,18 +1544,17 @@ recvauth(netf, peersin, peeraddr) strcpy(v4_instance, "*"); - status = krb5_compat_recvauth(bsd_context, &netf, + if (status = krb5_auth_con_init(bsd_context, &auth_context)) + return status; + + krb5_auth_con_setaddrs(bsd_context, auth_context, NULL, &peeraddr); + + status = krb5_compat_recvauth(bsd_context, &auth_context, &netf, "KCMDV0.1", server, /* Specify daemon principal */ - &peeraddr, /* We do want to match */ - /* this against caddrs in */ - /* the ticket */ - 0, /* use v5srvtab */ - 0, /* no keyproc */ - 0, /* no keyprocarg */ - 0, /* default rc_type */ - 0, /* no flags */ - + 0, /* default rc_type */ + 0, /* no flags */ + NULL, /* default keytab */ 0, /* v4_opts */ "rcmd", /* v4_service */ v4_instance, /* v4_instance */ @@ -1562,12 +1562,8 @@ recvauth(netf, peersin, peeraddr) &laddr, /* our local address */ "", /* use default srvtab */ - &auth_sys, /* which authentication system */ - 0, /* no seq number */ - &client, /* return client */ &ticket, /* return ticket */ - &kdata, /* return authenticator */ - + &auth_sys, /* which authentication system*/ &v4_kdata, 0, v4_version); if (status) { @@ -1606,7 +1602,8 @@ recvauth(netf, peersin, peeraddr) getstr(netf, remuser, sizeof(locuser), "remuser"); - if (status = krb5_unparse_name(bsd_context, client, &kremuser)) + if (status = krb5_unparse_name(bsd_context, ticket->enc_part2->client, + &kremuser)) return status; /* Setup eblock for encrypted sessions. */