From: Theodore Tso Date: Tue, 14 May 1996 08:51:15 +0000 (+0000) Subject: Remove old, outdated library X-Git-Tag: krb5-1.0-beta6~92 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=7ddbb21adc99d2f3fa4f4a1b487162a27b848bd2;p=krb5.git Remove old, outdated library git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8019 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/krb425/425data.c b/src/lib/krb425/425data.c deleted file mode 100644 index d88487719..000000000 --- a/src/lib/krb425/425data.c +++ /dev/null @@ -1,47 +0,0 @@ -/* - * lib/krb425/425data.c - * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * Common data for krb425 library - */ - - -#include "krb425.h" - -char *_krb425_local_realm = 0; -krb5_ccache _krb425_ccache = 0; -int _krb425_error_init = 0; -krb5_keyblock _krb425_servkey; - -#ifdef EBUG -char * -basename(s) -char *s; -{ - char *r; - char *rindex(); - - if (r = rindex(s, '/')) - return(r+1); - return(s); -} -#endif diff --git a/src/lib/krb425/425error.c b/src/lib/krb425/425error.c deleted file mode 100644 index 02166bf15..000000000 --- a/src/lib/krb425/425error.c +++ /dev/null @@ -1,147 +0,0 @@ -/* - * lib/krb425/425error.c - * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * convert error codes from v5 to v4 - */ - - -#include -#include "krb5.h" - -int krb5_425_error; /* For people who want to know what */ - /* the *real* error was.... */ - -int -krb425error(e) -krb5_error_code e; -{ - /* - * This is not a very good switch. - * Probably needs to be rewritten. - */ - krb5_425_error = e; - switch (e) { - case 0: /* No error */ - return(KSUCCESS); - - case KRB5KDC_ERR_NAME_EXP: /* Client's entry in DB expired */ - return(KDC_NAME_EXP); - - case KRB5KDC_ERR_SERVICE_EXP: /* Server's entry in DB expired */ - return(KDC_SERVICE_EXP); - - case KRB5KDC_ERR_BAD_PVNO: /* Requested pvno not supported */ - return(KDC_PKT_VER); - - case KRB5KDC_ERR_C_OLD_MAST_KVNO:/* C's key encrypted in old master */ - return(KDC_P_MKEY_VER); - - case KRB5KDC_ERR_S_OLD_MAST_KVNO:/* S's key encrypted in old master */ - return(KDC_S_MKEY_VER); - - case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN:/* Client not found in Kerberos DB */ - case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN:/* Server not found in Kerberos DB */ - return(KDC_PR_UNKNOWN); - - case KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE:/* Multiple entries in Kerberos DB */ - return(KDC_PR_N_UNIQUE); - - case KRB5KDC_ERR_NULL_KEY: /* The C or S has a null key */ - return(KDC_NULL_KEY); - - case KRB5KDC_ERR_CANNOT_POSTDATE:/* Tkt ineligible for postdating */ - case KRB5KDC_ERR_NEVER_VALID: /* Requested starttime > endtime */ - case KRB5KDC_ERR_POLICY: /* KDC policy rejects request */ - case KRB5KDC_ERR_BADOPTION: /* KDC can't do requested opt. */ - case KRB5KDC_ERR_ETYPE_NOSUPP: /* No support for encryption type */ - case KRB5_KDCREP_MODIFIED: /* KDC reply did not match expectations */ - case KRB5_KDCREP_SKEW: /* Clock skew too great in KDC reply */ - return(KDC_GEN_ERR); - case KRB5_KDC_UNREACH: /* Cannot contact any KDC for requested realm */ - case KRB5_REALM_UNKNOWN: /* Cannot find KDC for requested realm */ - return(SKDC_CANT); - - case KRB5KRB_AP_ERR_BAD_INTEGRITY: /* Decrypt integrity check failed */ - case KRB5KRB_AP_ERR_TKT_INVALID: /* Ticket has invalid flag set */ - - return(RD_AP_UNDEC); - - case KRB5KRB_AP_ERR_TKT_EXPIRED:/* Ticket expired */ - return(RD_AP_EXP); - - case KRB5KRB_AP_ERR_TKT_NYV: /* Ticket not yet valid */ - return(RD_AP_NYV); - - case KRB5KRB_AP_ERR_REPEAT: /* Request is a replay */ - return(RD_AP_REPEAT); - - case KRB5KRB_AP_ERR_NOT_US: /* The ticket isn't for us */ - return(RD_AP_NOT_US); - - case KRB5KRB_AP_ERR_BADMATCH: /* Ticket/authenticator don't match */ - return(RD_AP_INCON); - - case KRB5KRB_AP_ERR_SKEW: /* Clock skew too great */ - return(RD_AP_TIME); - - case KRB5KRB_AP_ERR_BADADDR: /* Incorrect net address */ - return(RD_AP_BADD); - - case KRB5KRB_AP_ERR_BADVERSION: /* Protocol version mismatch */ - return(RD_AP_VERSION); - - case KRB5KRB_AP_ERR_MSG_TYPE: /* Invalid message type */ - case KRB5_BADMSGTYPE: /* Invalid message type specified for encoding */ - return(RD_AP_MSG_TYPE); - - case KRB5KRB_AP_ERR_MODIFIED: /* Message stream modified */ - return(RD_AP_MODIFIED); - - case KRB5KRB_AP_ERR_BADORDER: /* Message out of order */ - case KRB5KRB_AP_ERR_BADSEQ: /* Message out of order */ - case KRB5KRB_AP_ERR_BADDIRECTION: /* Incorrect message direction */ - return(RD_AP_ORDER); - - case KRB5KRB_AP_ERR_BADKEYVER: /* Key version is not available */ - case KRB5KRB_AP_ERR_NOKEY: /* Service key not available */ - case KRB5KRB_AP_ERR_MUT_FAIL: /* Mutual authentication failed */ - return(RD_AP_INCON); - - case KRB5_CC_BADNAME: /* Credential cache name malformed */ - case KRB5_CC_UNKNOWN_TYPE: /* Unknown credential cache type */ - case KRB5_CC_TYPE_EXISTS: /* Credentials cache type is already registered */ - case KRB5_CC_IO: /* Credentials cache I/O operation failedXXX */ - case KRB5_CC_NOMEM: /* No more memory to allocate (in credentials cache code) */ - return(TKT_FIL_ACC); - case KRB5_CC_END: /* End of credential cache reached */ - return(RET_NOTKT); - case KRB5_CC_NOTFOUND: /* Matching credential not found */ - return(NO_TKT_FIL); - - case KRB5_NO_TKT_IN_RLM: /* Cannot find ticket for requested realm */ - return(AD_NOTGT); - case KRB5KRB_ERR_FIELD_TOOLONG: /* Field is too long for impl. */ - default: - return(KFAILURE); - } -} diff --git a/src/lib/krb425/ChangeLog b/src/lib/krb425/ChangeLog deleted file mode 100644 index a5692ed65..000000000 --- a/src/lib/krb425/ChangeLog +++ /dev/null @@ -1,38 +0,0 @@ -Thu Jul 13 19:47:47 1995 Sam Hartman - - * rd_priv.c rd_safe.c: Include netinet/in.h - -Fri Jul 7 16:30:03 EDT 1995 Paul Park (pjpark@mit.edu) - * Makefile.in - Remove LDFLAGS. - -Fri Jun 9 19:27:15 1995 - - * configure.in: Remove standardized set of autoconf macros, which - are now handled by CONFIG_RULES. - -Tue Mar 7 19:58:07 1995 Mark Eichin - - * configure.in: take out ISODE_INCLUDE. - -Tue Feb 28 00:23:19 1995 John Gilmore (gnu at toad.com) - - * cksum.c, des.c, des.h, enc_dec.c, pcbc_encrypt.c, quad_cksum.c, - read_passwd.c, string2key.c, weak_key.c: Avoid includes. - -Fri Sep 30 22:00:19 1994 Theodore Y. Ts'o (tytso@dcl) - - * realmhost.c (krb_realmofhost): index->strchr - - * kuserkok.c (krb_kuserok): index->strchr - -Thu Sep 29 15:24:30 1994 Theodore Y. Ts'o (tytso@dcl) - - * 425error.c (krb425error): Recognize the KRB5_KDCREP_SKEW and - return generic error. - -Thu Aug 4 03:42:04 1994 Tom Yu (tlyu@dragons-lair) - - * configure.in: oops look for install program - - * Makefile.in: make install fixes - diff --git a/src/lib/krb425/Makefile.in b/src/lib/krb425/Makefile.in deleted file mode 100644 index 903d3aae0..000000000 --- a/src/lib/krb425/Makefile.in +++ /dev/null @@ -1,73 +0,0 @@ -CFLAGS = $(CCOPTS) $(DEFS) -I$(SRCTOP)/include/kerberosIV - -EHDRDIR = $(BUILDTOP)/include/kerberosIV - -all:: krb_err.h includes $(OBJS) - -OBJS= 425data.o \ - 425error.o \ - des_sched.o \ - get_cred.o \ - get_krbhst.o \ - get_lrealm.o \ - get_phost.o \ - kn_parse.o \ - kntoln.o \ - krb_err.o \ - kuserok.o \ - mk_priv.o \ - mk_req.o \ - mk_safe.o \ - net_read.o \ - net_write.o \ - rd_priv.o \ - rd_req.o \ - rd_safe.o \ - realmhost.o \ - recvauth.o \ - sendauth.o \ - set_key.o - -SRCS= $(srcdir)/425data.c \ - $(srcdir)/425error.c \ - $(srcdir)/des_sched.c \ - $(srcdir)/get_cred.c \ - $(srcdir)/get_krbhst.c \ - $(srcdir)/get_lrealm.c \ - $(srcdir)/get_phost.c \ - $(srcdir)/kn_parse.c \ - $(srcdir)/kntoln.c \ - $(srcdir)/krb_err.c \ - $(srcdir)/kuserok.c \ - $(srcdir)/mk_priv.c \ - $(srcdir)/mk_req.c \ - $(srcdir)/mk_safe.c \ - $(srcdir)/net_read.c \ - $(srcdir)/net_write.c \ - $(srcdir)/rd_priv.c \ - $(srcdir)/rd_req.c \ - $(srcdir)/rd_safe.c \ - $(srcdir)/realmhost.c \ - $(srcdir)/recvauth.c \ - $(srcdir)/sendauth.c \ - $(srcdir)/set_key.c - -krb_err.o: krb_err.c - -libkrb425.a: ${OBJS} - $(RM) $@ - $(ARADD) $@ $(OBJS) - $(RANLIB) $@ - $(RM) $(TOPLIBD)/libkrb425.a - $(CP) libkrb425.a $(BUILDTOP)/lib/libkrb425.a - $(RANLIB) $(BUILDTOP)/lib/libkrb425.a - -install:: libkrb425.a - $(INSTALL_DATA) libkrb425.a $(KRB5_LIBDIR)/libkrb425.a - $(RANLIB) $(KRB5_LIBDIR)/libkrb425.a - -clean:: - $(RM) libkrb425.a - -clean:: - $(RM) krb_err.h krb_err.c diff --git a/src/lib/krb425/README b/src/lib/krb425/README deleted file mode 100644 index f58a0dbe9..000000000 --- a/src/lib/krb425/README +++ /dev/null @@ -1,19 +0,0 @@ -This library exports the Kerberos V4 API, acts as a glue layer to the -Kerberos V5 library. However convenient this sounds, in general -practice the use of this library is not recommened, and its use is not -supported. In fact, it hasn't even been updated to the new V4 API -changes yet. - -The reason for this is that while it represents a simple and easy way -to convert an application program which was written to the Kerberos V4 -API to use the Kerberos V5 protocol, the way which the Kerberos V5 protocol -is used is not guaranteed to be standardized in any way. - -Application programmers are urged to take the time to recode their -applications to call either the Kerberos V5 library directly or better -yet to use the GSSAPI library. Changes to the application protocol -may be necessary in either case, but the end result will be much -cleaner and in all likelihood much more interoperable. - - Theodore Ts'o - May 1, 1995 diff --git a/src/lib/krb425/configure.in b/src/lib/krb425/configure.in deleted file mode 100644 index 4bae4f8fe..000000000 --- a/src/lib/krb425/configure.in +++ /dev/null @@ -1,10 +0,0 @@ -AC_INIT(configure.in) -CONFIG_RULES -ET_RULES -AC_PROG_ARCHIVE -AC_PROG_ARCHIVE_ADD -AC_PROG_RANLIB -AC_PROG_INSTALL -AppendRule([all:: libkrb425.a]) -CopyHeader(krb_err.h,[$(EHDRDIR)]) -V5_AC_OUTPUT_MAKEFILE diff --git a/src/lib/krb425/des_sched.c b/src/lib/krb425/des_sched.c deleted file mode 100644 index da69a681b..000000000 --- a/src/lib/krb425/des_sched.c +++ /dev/null @@ -1,44 +0,0 @@ -/* - * lib/krb425/des_sched.c - * - * Copyright 1990 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * dummy function for krb425 - */ - - -#include "krb425.h" - -/* - * This is a no-op because V5 will always creates it when needed. - */ -int -des_key_sched(k, s) -des_cblock k; -des_key_schedule s; -{ - /* - * Use the variables so saber does not get mad... - */ - if (k || s) - return(0); - return(0); -} diff --git a/src/lib/krb425/get_cred.c b/src/lib/krb425/get_cred.c deleted file mode 100644 index bdac3aeb3..000000000 --- a/src/lib/krb425/get_cred.c +++ /dev/null @@ -1,115 +0,0 @@ -/* - * lib/krb425/get_cred.c - * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * krb_get_cred for krb425 - */ - - -#include "krb425.h" - -int -krb_get_cred(service, instance, realm, c) -char *service; -char *instance; -char *realm; -CREDENTIALS *c; -{ - static krb5_principal client_principal = 0; - - krb5_creds creds; - krb5_error_code r; - krb5_ticket *ticket; - - memset((char *)&creds, 0, sizeof(creds)); - if (r = krb5_build_principal(&creds.server, - strlen(realm), realm, - service, - instance, - 0)) { - return(krb425error(r)); - } - - if (!_krb425_ccache) - krb5_cc_default(&_krb425_ccache); - if (!client_principal) - krb5_cc_get_principal(_krb425_ccache, &client_principal); - - creds.client = client_principal; - creds.times.endtime = 0; - creds.keyblock.keytype = KEYTYPE_DES; - - r = krb5_get_credentials(0, _krb425_ccache, &creds); - if (r) - return(krb425error(r)); - -#ifdef EBUG - { - int i; - i = 0; - if (creds.server) - while (creds.server[i]) { - EPRINT("server: %d: ``%.*s''\n", i, - creds.server[i]->length, - creds.server[i]->data - ? creds.server[i]->data : ""); - ++i; - } - i = 0; - if (creds.client) - while (creds.client[i]) { - EPRINT("client: %d: ``%.*s''\n", i, - creds.client[i]->length, - creds.client[i]->data - ? creds.client[i]->data : ""); - ++i; - } - } -#endif - set_string(c->pname, ANAME_SZ, krb5_princ_component(creds.client, 0)); - if (creds.client->length > 1) { - set_string(c->pinst, INST_SZ, krb5_princ_component(creds.client, 1)); - } - else { - c->pinst[0] = '\0'; - } - set_string(c->realm, REALM_SZ, krb5_princ_realm(creds.server)); - set_string(c->service, ANAME_SZ, krb5_princ_component(creds.server, 0)); - set_string(c->instance, INST_SZ, krb5_princ_component(creds.server, 1)); - - c->ticket_st.length = creds.ticket.length; - memcpy((char *)c->ticket_st.dat, - (char *)creds.ticket.data, - min(c->ticket_st.length, MAX_KTXT_LEN)); - c->ticket_st.mbz = 0; - - memcpy((char*)c->session, (char *)creds.keyblock.contents, - sizeof(C_Block)); - - c->issue_date = creds.times.starttime; - c->lifetime = creds.times.endtime; - - decode_krb5_ticket(&creds.ticket, &ticket); - c->kvno = ticket->enc_part.kvno; - krb5_free_ticket(ticket); - return(KSUCCESS); -} diff --git a/src/lib/krb425/get_krbhst.c b/src/lib/krb425/get_krbhst.c deleted file mode 100644 index be039b9c1..000000000 --- a/src/lib/krb425/get_krbhst.c +++ /dev/null @@ -1,71 +0,0 @@ -/* - * lib/krb425/get_krbhst.c - * - * Copyright 1990 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * krb_get_krbhst for krb425 - */ - - -#include "krb425.h" - -int -krb_get_krbhst(host, realm, n) -char *host; -char *realm; -int n; -{ - krb5_data realm5; - char **hosts; - krb5_error_code r; - int i = 0; - - if (n < 1) - n = 1; - - set_data5(realm5, realm); - - if (r = krb5_get_krbhst(&realm5, &hosts)) { - return(krb425error(r)); - } - if (!hosts) - return(KFAILURE); - - while (i < n) - if (!hosts[i++]) { - krb5_free_krbhst(hosts); - return(KFAILURE); - } - - strncpy(host, hosts[n-1], REALM_SZ); - krb5_free_krbhst(hosts); - return(KSUCCESS); -} - -#ifdef NOT_IMPLEMENTED -krb_get_admhst(host, realm, n) -char *host; -char *realm; -int n; -{ - -} -#endif diff --git a/src/lib/krb425/get_lrealm.c b/src/lib/krb425/get_lrealm.c deleted file mode 100644 index 6d0ec6e2d..000000000 --- a/src/lib/krb425/get_lrealm.c +++ /dev/null @@ -1,54 +0,0 @@ -/* - * lib/krb425/get_lrealm.c - * - * Copyright 1990 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * krb_get_lrealm for krb425 - */ - - -#include "krb425.h" - -int -krb_get_lrealm(realm, n) -char *realm; -int n; -{ - krb5_error_code r; - char **realms; - int i = 0; - - if (r = krb5_get_host_realm(0, &realms)) - return(krb425error(r)); - - if (!realms) - return(KFAILURE); - - while (i < n) - if (!realms[i++]) { - krb5_free_host_realm(realms); - return(KFAILURE); - } - - strncpy(realm, realms[n-1], REALM_SZ); - krb5_free_host_realm(realms); - return(KSUCCESS); -} diff --git a/src/lib/krb425/get_phost.c b/src/lib/krb425/get_phost.c deleted file mode 100644 index 3c44173f9..000000000 --- a/src/lib/krb425/get_phost.c +++ /dev/null @@ -1,49 +0,0 @@ -/* - * lib/krb425/get_phost.c - * - * Copyright 1990 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * krb_get_phost for krb425 - */ - - -#include "krb425.h" - -char * -krb_get_phost(alias) -char *alias; -{ - struct hostent *h; - char *phost = alias; - - if ((h = gethostbyname(alias)) != (struct hostent *)0 ) { - char *p; -#ifdef OLD_CRUFT - if (p = strchr( h->h_name, '.' )) - *p = 0; -#endif - p = phost = h->h_name; - do { - if (isupper(*p)) *p=tolower(*p); - } while (*p++); - } - return(phost); -} diff --git a/src/lib/krb425/kn_parse.c b/src/lib/krb425/kn_parse.c deleted file mode 100644 index 769d0b100..000000000 --- a/src/lib/krb425/kn_parse.c +++ /dev/null @@ -1,246 +0,0 @@ -/* - * lib/krb425/kn_parse.c - * - * Copyright 1987,1988,1990,1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - */ - - - -#include -#include -#include "k5-int.h" - -/* max size of full name */ -#define FULL_SZ (ANAME_SZ + INST_SZ + REALM_SZ) - -#define NAME 0 /* which field are we in? */ -#define INST 1 -#define REALM 2 - -extern char *krb_err_txt[]; - -/* - * This file contains four routines for handling Kerberos names. - * - * kname_parse() breaks a Kerberos name into its name, instance, - * and realm components. - * - * k_isname(), k_isinst(), and k_isrealm() check a given string to see if - * it's a syntactically legitimate respective part of a Kerberos name, - * returning 1 if it is, 0 if it isn't. - * - * Definition of "syntactically legitimate" names is according to - * the Project Athena Technical Plan Section E.2.1, page 7 "Specifying - * names", version dated 21 Dec 1987. - */ - -/* - * kname_parse() takes a Kerberos name "fullname" of the form: - * - * username[.instance][@realm] - * - * and returns the three components ("name", "instance", and "realm" - * in the example above) in the given arguments "np", "ip", and "rp". - * - * If successful, it returns KSUCCESS. If there was an error, - * KNAME_FMT is returned. - */ - -int -kname_parse(np, ip, rp, fullname) - char *np, *ip, *rp, *fullname; -{ - static char buf[FULL_SZ]; - char *rnext, *wnext; /* next char to read, write */ - register char c; - int backslash; - int field; - - backslash = 0; - rnext = buf; - wnext = np; - field = NAME; - - if (strlen(fullname) > FULL_SZ) - return KNAME_FMT; - (void) strcpy(buf, fullname); - - while (c = *rnext++) { - if (backslash) { - *wnext++ = c; - backslash = 0; - continue; - } - switch (c) { - case '\\': - backslash++; - break; - case '.': - switch (field) { - case NAME: - if (wnext == np) - return KNAME_FMT; - *wnext = '\0'; - field = INST; - wnext = ip; - break; - case INST: - return KNAME_FMT; - /* break; */ - case REALM: - *wnext++ = c; - break; - default: - fprintf(stderr, "unknown field value\n"); - exit(1); - } - break; - case '@': - switch (field) { - case NAME: - if (wnext == np) - return KNAME_FMT; - *ip = '\0'; - /* fall through */ - case INST: - *wnext = '\0'; - field = REALM; - wnext = rp; - break; - case REALM: - return KNAME_FMT; - default: - fprintf(stderr, "unknown field value\n"); - exit(1); - } - break; - default: - *wnext++ = c; - } - } - *wnext = '\0'; - if ((strlen(np) > ANAME_SZ - 1) || - (strlen(ip) > INST_SZ - 1) || - (strlen(rp) > REALM_SZ - 1)) - return KNAME_FMT; - return KSUCCESS; -} - -/* - * k_isname() returns 1 if the given name is a syntactically legitimate - * Kerberos name; returns 0 if it's not. - */ -int -k_isname(s) - char *s; -{ - register char c; - int backslash = 0; - - if (!*s) - return 0; - if (strlen(s) > ANAME_SZ - 1) - return 0; - while(c = *s++) { - if (backslash) { - backslash = 0; - continue; - } - switch(c) { - case '\\': - backslash = 1; - break; - case '.': - return 0; - /* break; */ - case '@': - return 0; - /* break; */ - } - } - return 1; -} - - -/* - * k_isinst() returns 1 if the given name is a syntactically legitimate - * Kerberos instance; returns 0 if it's not. - */ -int -k_isinst(s) - char *s; -{ - register char c; - int backslash = 0; - - if (strlen(s) > INST_SZ - 1) - return 0; - while(c = *s++) { - if (backslash) { - backslash = 0; - continue; - } - switch(c) { - case '\\': - backslash = 1; - break; - case '.': - return 0; - /* break; */ - case '@': - return 0; - /* break; */ - } - } - return 1; -} - -/* - * k_isrealm() returns 1 if the given name is a syntactically legitimate - * Kerberos realm; returns 0 if it's not. - */ -int -k_isrealm(s) - char *s; -{ - register char c; - int backslash = 0; - - if (!*s) - return 0; - if (strlen(s) > REALM_SZ - 1) - return 0; - while(c = *s++) { - if (backslash) { - backslash = 0; - continue; - } - switch(c) { - case '\\': - backslash = 1; - break; - case '@': - return 0; - /* break; */ - } - } - return 1; -} diff --git a/src/lib/krb425/kntoln.c b/src/lib/krb425/kntoln.c deleted file mode 100644 index dfd31b36b..000000000 --- a/src/lib/krb425/kntoln.c +++ /dev/null @@ -1,48 +0,0 @@ -/* - * lib/krb425/kntoln.c - * - * Copyright 1990 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * krb_kntoln for krb425 - */ - - -#include "krb425.h" - -int -krb_kntoln(ad,lname) -AUTH_DAT *ad; -char *lname; -{ - krb5_error_code retval; - - if (!_krb425_local_realm) - if (retval = krb5_get_default_realm(&_krb425_local_realm)) - return(krb425error(retval)); - - if (strcmp(ad->pinst,"")) - return(KFAILURE); - if (strcmp(ad->prealm, _krb425_local_realm)) - return(KFAILURE); - - (void) strcpy(lname,ad->pname); - return(KSUCCESS); -} diff --git a/src/lib/krb425/krb425.h b/src/lib/krb425/krb425.h deleted file mode 100644 index 03b9afabf..000000000 --- a/src/lib/krb425/krb425.h +++ /dev/null @@ -1,101 +0,0 @@ -/* - * lib/krb425/krb425.h - * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * krb425.h - */ - - -#ifndef KRB5_krb425__ -#define KRB5_krb425__ - -#include -#include -#include -#include "k5-int.h" -#include -#include - -#define min(a,b) ((a) < (b) ? (a) : (b)) - -#define set_data5(d5,s) d5.length = strlen(s); d5.data = s - -#define set_cksum(ck,v) { \ - ck.checksum_type = CKSUMTYPE_CRC32; \ - ck.length = sizeof(v); \ - ck.contents = (krb5_octet *)&v; \ -} - -#define set_string(str,sz,d5) { \ - if (d5) { \ - int x; \ - x = min(sz-1, d5->length); \ - strncpy(str, d5->data, x); \ - str[x] = 0; \ - } else \ - str[0] = 0; \ -} - -extern char *_krb425_local_realm; -extern krb5_ccache _krb425_ccache; -extern int _krb425_error_init; -extern krb5_keyblock _krb425_servkey; - - -extern int krb425error(); - -extern char *basename(); -extern int des_key_sched(); -extern int kname_parse(); -extern int krb_get_cred(); -extern int krb_get_lrealm(); -extern int krb_kntoln(); -extern long krb_mk_priv(); -extern int krb_mk_req(); -extern int krb_net_read(); -extern int krb_net_write(); -extern long krb_rd_priv(); -extern int krb_rd_req(); -extern int mit_des_string_to_key(); - - -#ifdef EBUG -#define PLINE { fprintf(stderr, "%26s:%4d\n", basename(__FILE__),__LINE__); \ - fflush(stderr); } -#define show5(x) fprintf(stderr, "``%.*s''", x.length, x.data) -#define EPRINT fprintf(stderr, "%26s:%4d: ", basename(__FILE__), __LINE__), \ - fprintf(stderr, -#define ENEWLINE fprintf(stderr, "\n"); -#define ERROR(error) { \ - if (!_krb425_error_init) { \ - _krb425_error_init = 1; \ - krb5_init_ets(); \ - } \ - fprintf(stderr, "%26s:%4d: %s (%d)\n", basename(__FILE__), __LINE__, \ - error_message(error), error); \ -} -#else -#define PLINE -#endif - -#endif /* KRB5_krb425__ */ - diff --git a/src/lib/krb425/krb_err.et b/src/lib/krb425/krb_err.et deleted file mode 100644 index 2411a6f84..000000000 --- a/src/lib/krb425/krb_err.et +++ /dev/null @@ -1,257 +0,0 @@ -# Copyright 1987,1988 Massachusetts Institute of Technology -# -# For copying and distribution information, see the file -# "mit-copyright.h". -# -# lib/krb425/krb_err.et -# - error_table krb - - ec KRBET_KSUCCESS, - "Kerberos successful" - - ec KRBET_KDC_NAME_EXP, - "Kerberos principal expired" - - ec KRBET_KDC_SERVICE_EXP, - "Kerberos service expired" - - ec KRBET_KDC_AUTH_EXP, - "Kerberos auth expired" - - ec KRBET_KDC_PKT_VER, - "Incorrect kerberos master key version" - - ec KRBET_KDC_P_MKEY_VER, - "Incorrect kerberos master key version" - - ec KRBET_KDC_S_MKEY_VER, - "Incorrect kerberos master key version" - - ec KRBET_KDC_BYTE_ORDER, - "Kerberos error: byte order unknown" - - ec KRBET_KDC_PR_UNKNOWN, - "Kerberos principal unknown" - - ec KRBET_KDC_PR_N_UNIQUE, - "Kerberos principal not unique" - - ec KRBET_KDC_NULL_KEY, - "Kerberos principal has null key" - - ec KRBET_KRB_RES11, - "Reserved 11" - - ec KRBET_KRB_RES12, - "Reserved 12" - - ec KRBET_KRB_RES13, - "Reserved 13" - - ec KRBET_KRB_RES14, - "Reserved 14" - - ec KRBET_KRB_RES15, - "Reserved 15" - - ec KRBET_KRB_RES16, - "Reserved 16" - - ec KRBET_KRB_RES17, - "Reserved 17" - - ec KRBET_KRB_RES18, - "Reserved 18" - - ec KRBET_KRB_RES19, - "Reserved 19" - - ec KRBET_KDC_GEN_ERR, - "Generic error from Kerberos KDC" - - ec KRBET_GC_TKFIL, - "Can't read Kerberos ticket file" - - ec KRBET_GC_NOTKT, - "Can't find Kerberos ticket or TGT" - - ec KRBET_KRB_RES23, - "Reserved 23" - - ec KRBET_KRB_RES24, - "Reserved 24" - - ec KRBET_KRB_RES25, - "Reserved 25" - - ec KRBET_MK_AP_TGTEXP, - "Kerberos TGT Expired" - - ec KRBET_KRB_RES27, - "Reserved 27" - - ec KRBET_KRB_RES28, - "Reserved 28" - - ec KRBET_KRB_RES29, - "Reserved 29" - - ec KRBET_KRB_RES30, - "Reserved 30" - - ec KRBET_RD_AP_UNDEC, - "Kerberos error: Can't decode authenticator" - - ec KRBET_RD_AP_EXP, - "Kerberos ticket expired" - - ec KRBET_RD_AP_NYV, - "Kerberos ticket not yet valid" - - ec KRBET_RD_AP_REPEAT, - "Kerberos error: Repeated request" - - ec KRBET_RD_AP_NOT_US, - "The kerberos ticket isn't for us" - - ec KRBET_RD_AP_INCON, - "Kerberos request inconsistent" - - ec KRBET_RD_AP_TIME, - "Kerberos error: delta_t too big" - - ec KRBET_RD_AP_BADD, - "Kerberos error: incorrect net address" - - ec KRBET_RD_AP_VERSION, - "Kerberos protocol version mismatch" - - ec KRBET_RD_AP_MSG_TYPE, - "Kerberos error: invalid msg type" - - ec KRBET_RD_AP_MODIFIED, - "Kerberos error: message stream modified" - - ec KRBET_RD_AP_ORDER, - "Kerberos error: message out of order" - - ec KRBET_RD_AP_UNAUTHOR, - "Kerberos error: unauthorized request" - - ec KRBET_KRB_RES44, - "Reserved 44" - - ec KRBET_KRB_RES45, - "Reserved 45" - - ec KRBET_KRB_RES46, - "Reserved 46" - - ec KRBET_KRB_RES47, - "Reserved 47" - - ec KRBET_KRB_RES48, - "Reserved 48" - - ec KRBET_KRB_RES49, - "Reserved 49" - - ec KRBET_KRB_RES50, - "Reserved 50" - - ec KRBET_GT_PW_NULL, - "Kerberos error: current PW is null" - - ec KRBET_GT_PW_BADPW, - "Kerberos error: Incorrect current password" - - ec KRBET_GT_PW_PROT, - "Kerberos protocol error" - - ec KRBET_GT_PW_KDCERR, - "Error returned by Kerberos KDC" - - ec KRBET_GT_PW_NULLTKT, - "Null Kerberos ticket returned by KDC" - - ec KRBET_SKDC_RETRY, - "Kerberos error: Retry count exceeded" - - ec KRBET_SKDC_CANT, - "Kerberos error: Can't send request" - - ec KRBET_KRB_RES58, - "Reserved 58" - - ec KRBET_KRB_RES59, - "Reserved 59" - - ec KRBET_KRB_RES60, - "Reserved 60" - - ec KRBET_INTK_W_NOTALL, - "Kerberos error: not all tickets returned" - - ec KRBET_INTK_BADPW, - "Kerberos error: incorrect password" - - ec KRBET_INTK_PROT, - "Kerberos error: Protocol Error" - - ec KRBET_KRB_RES64, - "Reserved 64" - - ec KRBET_KRB_RES65, - "Reserved 65" - - ec KRBET_KRB_RES66, - "Reserved 66" - - ec KRBET_KRB_RES67, - "Reserved 67" - - ec KRBET_KRB_RES68, - "Reserved 68" - - ec KRBET_KRB_RES69, - "Reserved 69" - - ec KRBET_INTK_ERR, - "Other error" - - ec KRBET_AD_NOTGT, - "Don't have Kerberos ticket-granting ticket" - - ec KRBET_KRB_RES72, - "Reserved 72" - - ec KRBET_KRB_RES73, - "Reserved 73" - - ec KRBET_KRB_RES74, - "Reserved 74" - - ec KRBET_KRB_RES75, - "Reserved 75" - - ec KRBET_NO_TKT_FIL, - "No ticket file found" - - ec KRBET_TKT_FIL_ACC, - "Couldn't access ticket file" - - ec KRBET_TKT_FIL_LCK, - "Couldn't lock ticket file" - - ec KRBET_TKT_FIL_FMT, - "Bad ticket file format" - - ec KRBET_TKT_FIL_INI, - "tf_init not called first" - - ec KRBET_KNAME_FMT, - "Bad Kerberos name format" - - end - diff --git a/src/lib/krb425/kuserok.c b/src/lib/krb425/kuserok.c deleted file mode 100644 index 17d275d3a..000000000 --- a/src/lib/krb425/kuserok.c +++ /dev/null @@ -1,155 +0,0 @@ -/* - * lib/krb425/kuserok.c - * - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * kuserok: check if a kerberos principal has - * access to a local account - */ - -#include "krb425.h" - -#include -#include -#include -#if defined(aix) /* AIX needs BSD defined to some value for socket.h */ -#define _BSD 44 -#endif -#include -#include -#include - -#define OK 0 -#ifdef NOTOK -#undef NOTOK -#endif -#define NOTOK 1 -#define MAX_USERNAME 10 - -#ifdef unicos61 -#ifdef MAXPATHLEN -#undef MAXPATHLEN -#endif -#define MAXPATHLEN PATHSIZE -#endif /* unicos61 */ - -#ifndef F_OK -#define F_OK 0 -#endif - -/* - * Given a Kerberos principal "kdata", and a local username "luser", - * determine whether user is authorized to login according to the - * authorization file ("~luser/.klogin" by default). Returns OK - * if authorized, NOTOK if not authorized. - * - * If there is no account for "luser" on the local machine, returns - * NOTOK. If there is no authorization file, and the given Kerberos - * name "kdata" translates to the same name as "luser" (using - * krb_kntoln()), returns OK. Otherwise, if the authorization file - * can't be accessed, returns NOTOK. Otherwise, the file is read for - * a matching principal name, instance, and realm. If one is found, - * returns OK, if none is found, returns NOTOK. - * - * The file entries are in the format: - * - * name.instance@realm - * - * one entry per line. - * - * The ATHENA_COMPAT code supports old-style Athena ~luser/.klogin - * file entries. See the file "kn_parse.c". - */ - - -int -kuserok(kdata, luser) - AUTH_DAT *kdata; - char *luser; -{ - struct stat sbuf; - struct passwd *pwd; - char pbuf[MAXPATHLEN]; - int isok = NOTOK, rc; - FILE *fp; - char kuser[MAX_USERNAME]; - char principal[ANAME_SZ], inst[INST_SZ], realm[REALM_SZ]; - char linebuf[BUFSIZ]; - char *newline; - int gobble; - - /* no account => no access */ - if ((pwd = (struct passwd *) getpwnam(luser)) == NULL) { - return(NOTOK); - } - (void) strcpy(pbuf, pwd->pw_dir); - (void) strcat(pbuf, "/.klogin"); - - if (access(pbuf, F_OK)) { /* not accessible */ - /* - * if he's trying to log in as himself, and there is no .klogin file, - * let him. To find out, call - * krb_kntoln to convert the triple in kdata to a name which we can - * string compare. - */ - if (!krb_kntoln(kdata, kuser) && (strcmp(kuser, luser) == 0)) { - return(OK); - } - } - /* open ~/.klogin */ - if ((fp = fopen(pbuf, "r")) == NULL) { - return(NOTOK); - } - /* - * security: if the user does not own his own .klogin file, - * do not grant access - */ - if (fstat(fileno(fp), &sbuf)) { - fclose(fp); - return(NOTOK); - } - if (sbuf.st_uid != pwd->pw_uid) { - fclose(fp); - return(NOTOK); - } - - - /* check each line */ - while ((isok != OK) && (fgets(linebuf, BUFSIZ, fp) != NULL)) { - /* null-terminate the input string */ - linebuf[BUFSIZ-1] = '\0'; - newline = NULL; - /* nuke the newline if it exists */ - if (newline = strchr(linebuf, '\n')) - *newline = '\0'; - rc = kname_parse(principal, inst, realm, linebuf); - if (rc == KSUCCESS) { - isok = (strncmp(kdata->pname, principal, ANAME_SZ) || - strncmp(kdata->pinst, inst, INST_SZ) || - strncmp(kdata->prealm, realm, REALM_SZ)); - } - /* clean up the rest of the line if necessary */ - if (!newline) - while (((gobble = getc(fp)) != EOF) && gobble != '\n'); - } - fclose(fp); - return(isok); -} diff --git a/src/lib/krb425/mk_priv.c b/src/lib/krb425/mk_priv.c deleted file mode 100644 index c53a1f91b..000000000 --- a/src/lib/krb425/mk_priv.c +++ /dev/null @@ -1,111 +0,0 @@ -/* - * lib/krb425/mk_priv.c - * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * krb_mk_priv for krb425 - */ - - -#include "krb425.h" -#ifndef hpux -#include -#endif - -long -krb_mk_priv(in, out, in_length, sched, key, sender, receiver) -u_char *in; -u_char *out; -u_long in_length; -Key_schedule sched; /* ignored */ -des_cblock key; -struct sockaddr_in *sender; -struct sockaddr_in *receiver; -{ - krb5_data inbuf; - krb5_data out5; - krb5_keyblock keyb; - krb5_address saddr, *saddr2; - krb5_address raddr; - krb5_error_code r; - char sa[4], ra[4]; - krb5_rcache rcache; - - keyb.keytype = KEYTYPE_DES; - keyb.length = sizeof(des_cblock); - keyb.contents = (krb5_octet *)key; - - saddr.addrtype = ADDRTYPE_INET; - saddr.length = 4; - saddr.contents = (krb5_octet *)sa; - - raddr.addrtype = ADDRTYPE_INET; - raddr.length = 4; - raddr.contents = (krb5_octet *)ra; - - memcpy(sa, (char *)&sender->sin_addr, 4); - memcpy(ra, (char *)&receiver->sin_addr, 4); - - inbuf.data = (char *)in; - inbuf.length = in_length; - - if (r = krb5_gen_portaddr(&saddr, (krb5_pointer)&sender->sin_port, - &saddr2)) { -#ifdef EBUG - ERROR(r); -#endif - return(-1); - } - - - out5.data = inet_ntoa(sender->sin_addr); - out5.length = strlen(out5.data); - if (r = krb5_get_server_rcache(&out5, - &rcache)) { - krb5_free_address(saddr2); -#ifdef EBUG - ERROR(r); -#endif - return(-1); - } - r = krb5_mk_priv(&inbuf, - KEYTYPE_DES, - &keyb, - saddr2, &raddr, - 0, /* no sequence number */ - 0, /* default flags (none) */ - rcache, - 0, /* ignore ivec */ - &out5); - krb5_rc_close(rcache); - krb5_free_address(saddr2); - - if (r) { -#ifdef EBUG - ERROR(r); -#endif - return(-1); - } - - memcpy((char *)out, out5.data, out5.length); - free(out5.data); - return(out5.length); -} diff --git a/src/lib/krb425/mk_req.c b/src/lib/krb425/mk_req.c deleted file mode 100644 index 88ea745ef..000000000 --- a/src/lib/krb425/mk_req.c +++ /dev/null @@ -1,87 +0,0 @@ -/* - * lib/krb425/mk_req.c - * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * krb_mk_req for krb425 - */ - - -#include "krb425.h" - -int -krb_mk_req(authent, service, instance, realm, checksum) -KTEXT authent; -char *service; -char *instance; -char *realm; -u_long checksum; -{ - krb5_principal server; - krb5_error_code r; - krb5_data outbuf; - krb5_checksum ck; - - if (r = krb5_build_principal(&server, - strlen(realm), realm, - service, - instance, - 0)) { - return(krb425error(r)); - } - - if (!_krb425_ccache) - krb5_cc_default(&_krb425_ccache); - -#ifdef EBUG - EPRINT "Calling krb5_mk_req with:\n"); - EPRINT " Realm : "); show5(srvdata[0]); ENEWLINE - EPRINT " Service : "); show5(srvdata[1]); ENEWLINE - EPRINT " Instance: "); show5(srvdata[2]); ENEWLINE - EPRINT " CheckSum: %08x\n", checksum); -#endif - set_cksum(ck, checksum) - - r = krb5_mk_req((krb5_principal)server, - (krb5_flags)0, - &ck, - _krb425_ccache, - &outbuf); -#ifdef EBUG - if (r) - ERROR(r) -#endif - krb5_free_principal(server); - if (!r) { - if (outbuf.length > MAX_KTXT_LEN) { -#ifdef EBUG - EPRINT "Return to long (%d > %d)\n", - outbuf.length, MAX_KTXT_LEN); -#endif - krb5_xfree(outbuf.data); - return(KFAILURE); - } - authent->length = outbuf.length; - memcpy((char *)authent->dat, (char *)outbuf.data, outbuf.length); - krb5_xfree(outbuf.data); - } - return(krb425error(r)); -} diff --git a/src/lib/krb425/mk_safe.c b/src/lib/krb425/mk_safe.c deleted file mode 100644 index 399a3c1eb..000000000 --- a/src/lib/krb425/mk_safe.c +++ /dev/null @@ -1,108 +0,0 @@ -/* - * lib/krb425/mk_safe.c - * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * krb_mk_safe for krb425 - */ - - -#include "krb425.h" -#ifndef hpux -#include -#endif - -long -krb_mk_safe(in, out, in_length, key, sender, receiver) -u_char *in; -u_char *out; -u_long in_length; -des_cblock key; -struct sockaddr_in *sender; -struct sockaddr_in *receiver; -{ - krb5_data inbuf; - krb5_data out5; - krb5_keyblock keyb; - krb5_address saddr, *saddr2; - krb5_address raddr; - krb5_error_code r; - char sa[4], ra[4]; - krb5_rcache rcache; - - keyb.keytype = KEYTYPE_DES; - keyb.length = sizeof(des_cblock); - keyb.contents = (krb5_octet *)key; - - saddr.addrtype = ADDRTYPE_INET; - saddr.length = 4; - saddr.contents = (krb5_octet *)sa; - - raddr.addrtype = ADDRTYPE_INET; - raddr.length = 4; - raddr.contents = (krb5_octet *)ra; - - memcpy(sa, (char *)&sender->sin_addr, 4); - memcpy(ra, (char *)&receiver->sin_addr, 4); - - inbuf.data = (char *)in; - inbuf.length = in_length; - - if (r = krb5_gen_portaddr(&saddr, (krb5_pointer)&sender->sin_port, - &saddr2)) { -#ifdef EBUG - ERROR(r); -#endif - return(-1); - } - - out5.data = inet_ntoa(sender->sin_addr); - out5.length = strlen(out5.data); - if (r = krb5_get_server_rcache(&out5, - &rcache)) { - krb5_free_address(saddr2); -#ifdef EBUG - ERROR(r); -#endif - return(-1); - } - r = krb5_mk_safe(&inbuf, - CKSUMTYPE_RSA_MD4_DES, - &keyb, - saddr2, &raddr, - 0, /* no sequence number */ - 0, /* default flags (none) */ - rcache, - &out5); - krb5_rc_close(rcache); - krb5_free_address(saddr2); - - if (r) { -#ifdef EBUG - ERROR(r); -#endif - return(-1); - } - - memcpy((char *)out, out5.data, out5.length); - free(out5.data); - return(out5.length); -} diff --git a/src/lib/krb425/net_read.c b/src/lib/krb425/net_read.c deleted file mode 100644 index d693a98de..000000000 --- a/src/lib/krb425/net_read.c +++ /dev/null @@ -1,67 +0,0 @@ -/* - * lib/krb425/net_read.c - * - * Copyright 1990 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * krb_net_read for krb425 - */ - - -#include "krb425.h" - -int -krb_net_read(fd,buf,len) -int fd; -char *buf; -int len; -{ - extern int read(); - int cc, len2 = 0; -#ifdef EBUG - char *obuf = buf; -#endif - - do { - cc = read(fd, buf, len); - if (cc < 0) - return(cc); /* errno is already set */ - else if (cc == 0) { - return(len2); - } else { - buf += cc; - len2 += cc; - len -= cc; - } - } while (len > 0); -#ifdef EBUG - buf = obuf; - EPRINT "Read data: ``"); - for (cc = 0; cc < len2 && cc < 24; ++cc) { - fprintf(stderr, "%c", (buf[cc] < ' ' || buf[cc] > '~') ? '.' : buf[cc]); - } - if (cc < len2) { - fprintf(stderr, "''(%d)\n", len2); - } else { - fprintf(stderr, "''\n"); - } -#endif - return(len2); -} diff --git a/src/lib/krb425/net_write.c b/src/lib/krb425/net_write.c deleted file mode 100644 index cc04de72a..000000000 --- a/src/lib/krb425/net_write.c +++ /dev/null @@ -1,60 +0,0 @@ -/* - * lib/krb425/net_write.c - * - * Copyright 1990 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * krb_net_write for krb425 - */ - - -#include "krb425.h" - -int -krb_net_write(fd,buf,len) -int fd; -char *buf; -int len; -{ - int cc; - extern int write(); - register int wrlen = len; -#ifdef EBUG - EPRINT "Write data: ``"); - for (cc = 0; cc < len && cc < 24; ++cc) { - fprintf(stderr, "%c", (buf[cc] < ' ' || buf[cc] > '~') ? '.' : buf[cc]); - } - if (cc < len) { - fprintf(stderr, "''(%d)\n", len); - } else { - fprintf(stderr, "''\n"); - } -#endif - do { - cc = write(fd, buf, wrlen); - if (cc < 0) - return(cc); - else { - buf += cc; - wrlen -= cc; - } - } while (wrlen > 0); - return(len); -} diff --git a/src/lib/krb425/rd_priv.c b/src/lib/krb425/rd_priv.c deleted file mode 100644 index dadb5a47d..000000000 --- a/src/lib/krb425/rd_priv.c +++ /dev/null @@ -1,121 +0,0 @@ -/* - * lib/krb425/rd_priv.c - * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * krb_rd_priv for krb425 - */ - - -#include "krb425.h" -#ifndef hpux -#include -#endif -#include -long -krb_rd_priv(in, in_length, sched, key, sender, receiver, msg) -u_char *in; -u_long in_length; -Key_schedule sched; /* ignored */ -des_cblock key; -struct sockaddr_in *sender; -struct sockaddr_in *receiver; -MSG_DAT *msg; -{ - krb5_data inbuf; - krb5_data out; - krb5_keyblock keyb; - krb5_address saddr, *saddr2; - krb5_address raddr; - krb5_error_code r; - char sa[4], ra[4]; - krb5_rcache rcache; - char *cachename; - - keyb.keytype = KEYTYPE_DES; - keyb.length = sizeof(des_cblock); - keyb.contents = (krb5_octet *)key; - - saddr.addrtype = ADDRTYPE_INET; - saddr.length = 4; - saddr.contents = (krb5_octet *)sa; - - raddr.addrtype = ADDRTYPE_INET; - raddr.length = 4; - raddr.contents = (krb5_octet *)ra; - - memcpy(sa, (char *)&sender->sin_addr, 4); - memcpy(ra, (char *)&receiver->sin_addr, 4); - - inbuf.data = (char *)in; - inbuf.length = in_length; - - if (r = krb5_gen_portaddr(&saddr, (krb5_pointer)&sender->sin_port, - &saddr2)) { -#ifdef EBUG - ERROR(r); -#endif - return(krb425error(r)); - } - if (cachename = calloc(1, strlen(inet_ntoa(sender->sin_addr)+1+1+5))) - /* 1 for NUL, 1 for ., 5 for digits of port - (unsigned 16bit, no greater than 65535) */ - sprintf(cachename, "%s.%u", inet_ntoa(sender->sin_addr), - ntohs(receiver->sin_port)); - else { -#ifdef EBUG - ERROR(ENOMEM); -#endif - return(krb425error(ENOMEM)); - } - - out.data = cachename; - out.length = strlen(cachename); - if (r = krb5_get_server_rcache(&out, - &rcache)) { - krb5_free_address(saddr2); -#ifdef EBUG - ERROR(r); -#endif - return(-1); - } - free(cachename); - r = krb5_rd_priv(&inbuf, &keyb, saddr2, &raddr, - 0, 0, 0, rcache, &out); - krb5_rc_close(rcache); - - krb5_free_address(saddr2); - - if (r) { -#ifdef EBUG - ERROR(r); -#endif - return(krb425error(r)); - } - - msg->app_data = (u_char *)out.data; - msg->app_length = out.length; - msg->hash = 0L; - msg->swap = 0; - msg->time_sec = 0; - msg->time_5ms = 0; - return(KSUCCESS); -} diff --git a/src/lib/krb425/rd_req.c b/src/lib/krb425/rd_req.c deleted file mode 100644 index c339233c7..000000000 --- a/src/lib/krb425/rd_req.c +++ /dev/null @@ -1,228 +0,0 @@ -/* - * lib/krb425/rd_req.c - * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * krb_rd_req for krb425 - */ - - -#include "krb425.h" -#include - -static krb5_error_code -setkey_key_proc(DECLARG(krb5_pointer,arg), - DECLARG(krb5_principal,princ), - DECLARG(krb5_kvno,kvno), - DECLARG(krb5_keyblock **,retkey)) -OLDDECLARG(krb5_pointer,arg) -OLDDECLARG(krb5_principal,princ) -OLDDECLARG(krb5_kvno,kvno) -OLDDECLARG(krb5_keyblock **,retkey) -{ - return krb5_copy_keyblock(&_krb425_servkey, retkey); -} - -int -krb_rd_req(authent, service, instance, from_addr, ad, fn) -KTEXT authent; -char *service; -char *instance; -u_long from_addr; -AUTH_DAT *ad; -char *fn; -{ - krb5_address peer; - krb5_tkt_authent *authdat; - char addr[4]; - krb5_principal server; - krb5_error_code r; - krb5_data authe; - extern int gethostname(); - int use_set_key = 0; - char file_name[MAXPATHLEN]; - - if (from_addr) { - peer.addrtype = ADDRTYPE_INET; - peer.length = 4; - peer.contents = (krb5_octet *)addr; - memcpy(addr, (char *)&from_addr + (sizeof(from_addr) - 4), 4); - } - - if (!_krb425_local_realm) - if (r = krb5_get_default_realm(&_krb425_local_realm)) - return(krb425error(r)); - - if (!strcmp(instance, "*")) { - static char hostname[64] = { 0 }; - - if (!hostname[0]) { - struct hostent *h; - - gethostname(hostname, sizeof(hostname)); - if (h = gethostbyname(hostname)) { - char *p; - - strncpy(hostname, h->h_name, sizeof(hostname)); - hostname[sizeof(hostname)-1] = 0; - p = hostname; - do { - if (isupper(*p)) *p=tolower(*p); - } while (*p++); - } - } - instance = hostname; - } - if (r = krb5_build_principal(&server, - strlen(_krb425_local_realm), - _krb425_local_realm, - service, - instance, - 0)) { - return(krb425error(r)); - } - - authe.length = authent->length; - authe.data = (char *)authent->dat; - if (!fn) { - use_set_key = 1; - fn = (char *)0; - } else if (!*fn) { - fn = (char *)0; - } else { - strcpy(file_name, "FILE:"); - strncpy(file_name + 5, fn, MAXPATHLEN-5); - file_name[sizeof(file_name)-1] = '\0'; - fn = file_name; - } - - -#ifdef EBUG - EPRINT "Calling krb5_rd_req with:\n"); - EPRINT " Realm : "); show5(srvdata[0]); ENEWLINE - EPRINT " Service : "); show5(srvdata[1]); ENEWLINE - EPRINT " Instance: "); show5(srvdata[2]); ENEWLINE - EPRINT "Authenenticator : %d bytes\n", authe.length); - EPRINT "Filename : %s\n", fn ? fn : "none given"); - if (from_addr) { - EPRINT "Address type : %s\n", - peer.addrtype == ADDRTYPE_INET ? "inet" : - peer.addrtype == ADDRTYPE_CHAOS ? "chaos" : - peer.addrtype == ADDRTYPE_XNS ? "xns" : - peer.addrtype == ADDRTYPE_ISO ? "iso" : - peer.addrtype == ADDRTYPE_DDP ? "ddp" : "unknown type"); - EPRINT "Address length : %d\n", peer.length); - EPRINT "Address :"); - { - int x; - for (x = 0; x < peer.length && x < 8; ++x) - fprintf(stderr, " %d", peer.contents[x]); - if (x < peer.length) - fprintf(stderr, " (%d)", peer.length); - fprintf(stderr, "\n"); - } - } -#endif - -/* ? : will break some compilers when dealing with function pointers */ - if (use_set_key) - r = krb5_rd_req(&authe, - server, - from_addr ? &peer : 0, - fn, setkey_key_proc, - 0, 0, &authdat); - else - r = krb5_rd_req(&authe, - server, - from_addr ? &peer : 0, - fn, 0, - 0, 0, &authdat); - krb5_free_principal(server); - if (r) { -#ifdef EBUG - ERROR(r) -#endif - return(krb425error(r)); - } - - ad->k_flags = 0; - -#ifdef EBUG - r = 0; - while (authdat->authenticator->client[r]) { - EPRINT "Client[%d]: ", r); show5((*authdat->authenticator->client[r])); ENEWLINE - ++r; - } - r = 0; - while (authdat->ticket->server[r]) { - EPRINT "Server[%d]: ", r); show5((*authdat->ticket->server[r])); ENEWLINE - ++r; - } - r = 0; -#endif - set_string(ad->pname, ANAME_SZ, - krb5_princ_component(authdat->authenticator->client, 0)); - - if (authdat->authenticator->client->length > 1) { - set_string(ad->pinst, INST_SZ, - krb5_princ_component(authdat->authenticator->client, - 1)); - } - else { - ad->pinst[0] = '\0'; - } - - set_string(ad->prealm, REALM_SZ, - krb5_princ_realm(authdat->authenticator->client)); - - ad->checksum = *(long *)authdat->authenticator->checksum->contents; - - if (authdat->ticket->enc_part2->session->keytype != KEYTYPE_DES) { - r = KFAILURE; - goto out; - } else - memcpy((char*)ad->session, - (char*)authdat->ticket->enc_part2->session->contents, - sizeof(C_Block)); - - ad->life = authdat->ticket->enc_part2->times.endtime; - ad->time_sec = authdat->authenticator->ctime; - ad->address = 0; - - if (authdat->ticket->enc_part2->caddrs[0]->addrtype != ADDRTYPE_INET) { - r = KFAILURE; - goto out; - } else - memcpy((char*)&ad->address + sizeof(ad->address) - 4, - (char*)authdat->ticket->enc_part2->caddrs[0]->contents, 4); - - if (authdat->ticket->enc_part2->authorization_data && - authdat->ticket->enc_part2->authorization_data[0]) { - ad->reply.length = authdat->ticket->enc_part2->authorization_data[0]->length; - memcpy((char*)ad->reply.dat, - (char*)authdat->ticket->enc_part2->authorization_data[0]->contents, - min(ad->reply.length, MAX_KTXT_LEN)); - ad->reply.mbz = 0; - } -out: - krb5_free_tkt_authent(authdat); - return(r); -} diff --git a/src/lib/krb425/rd_safe.c b/src/lib/krb425/rd_safe.c deleted file mode 100644 index ec5a96f36..000000000 --- a/src/lib/krb425/rd_safe.c +++ /dev/null @@ -1,121 +0,0 @@ -/* - * lib/krb425/rd_safe.c - * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * krb_rd_safe for krb425 - */ - - -#include "krb425.h" -#ifndef hpux -#include -#endif -#include - -long -krb_rd_safe(in, in_length, key, sender, receiver, msg) -u_char *in; -u_long in_length; -des_cblock key; -struct sockaddr_in *sender; -struct sockaddr_in *receiver; -MSG_DAT *msg; -{ - krb5_data inbuf; - krb5_data out; - krb5_keyblock keyb; - krb5_address saddr, *saddr2; - krb5_address raddr; - krb5_error_code r; - char sa[4], ra[4]; - krb5_rcache rcache; - char *cachename; - - keyb.keytype = KEYTYPE_DES; - keyb.length = sizeof(des_cblock); - keyb.contents = (krb5_octet *)key; - - saddr.addrtype = ADDRTYPE_INET; - saddr.length = 4; - saddr.contents = (krb5_octet *)sa; - - raddr.addrtype = ADDRTYPE_INET; - raddr.length = 4; - raddr.contents = (krb5_octet *)ra; - - memcpy(sa, (char *)&sender->sin_addr, 4); - memcpy(ra, (char *)&receiver->sin_addr, 4); - - inbuf.data = (char *)in; - inbuf.length = in_length; - - if (r = krb5_gen_portaddr(&saddr, (krb5_pointer)&sender->sin_port, - &saddr2)) { -#ifdef EBUG - ERROR(r); -#endif - return(krb425error(r)); - } - if (cachename = calloc(1, strlen(inet_ntoa(sender->sin_addr)+1+1+5))) - /* 1 for NUL, 1 for rc_., 5 for digits of port - (unsigned 16bit, no greater than 65535) */ - sprintf(cachename, "%s.%u", inet_ntoa(sender->sin_addr), - ntohs(receiver->sin_port)); - else { -#ifdef EBUG - ERROR(ENOMEM); -#endif - return(krb425error(ENOMEM)); - } - - out.data = cachename; - out.length = strlen(cachename); - if (r = krb5_get_server_rcache(&out, - &rcache)) { - krb5_free_address(saddr2); -#ifdef EBUG - ERROR(r); -#endif - return(-1); - } - free(cachename); - r = krb5_rd_safe(&inbuf, &keyb, saddr2, &raddr, - 0, 0, rcache, &out); - krb5_rc_close(rcache); - - krb5_free_address(saddr2); - - if (r) { -#ifdef EBUG - ERROR(r); -#endif - return(krb425error(r)); - } - - msg->app_data = (u_char *)out.data; - msg->app_length = out.length; - msg->hash = 0L; - msg->swap = 0; - msg->time_sec = 0; - msg->time_5ms = 0; - return(KSUCCESS); -} diff --git a/src/lib/krb425/realmhost.c b/src/lib/krb425/realmhost.c deleted file mode 100644 index 2a989904d..000000000 --- a/src/lib/krb425/realmhost.c +++ /dev/null @@ -1,69 +0,0 @@ -/* - * lib/krb425/realmhost.c - * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * krb_realmofhost for krb425 - */ - -#include - -#include "krb425.h" - -char * -krb_realmofhost(host) -char *host; -{ - char **realms; - char *domain; - static char ret_realm[REALM_SZ+1]; - - - domain = strchr(host, '.'); - - /* prepare default */ - if (domain) { - char *cp; - - strncpy(ret_realm, &domain[1], REALM_SZ); - ret_realm[REALM_SZ] = '\0'; - /* Upper-case realm */ - for (cp = ret_realm; *cp; cp++) - if (islower(*cp)) - *cp = toupper(*cp); - } else { - if (!_krb425_local_realm && - krb5_get_default_realm(&_krb425_local_realm)) - _krb425_local_realm = NULL; - - if (_krb425_local_realm) { - strncpy(ret_realm, _krb425_local_realm, REALM_SZ); - ret_realm[REALM_SZ-1] = 0; - } - } - - if (krb5_get_host_realm(host, &realms)) { - return(ret_realm); - } - strncpy(ret_realm, realms[0], REALM_SZ); - krb5_free_host_realm(realms); - return(ret_realm); -} diff --git a/src/lib/krb425/recvauth.c b/src/lib/krb425/recvauth.c deleted file mode 100644 index 0023ed7c8..000000000 --- a/src/lib/krb425/recvauth.c +++ /dev/null @@ -1,294 +0,0 @@ -/* - * lib/krb425/recvauth.c - * - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - */ - -#include "krb425.h" - - -#define KRB_SENDAUTH_VERS "AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN - chars */ - -/* - * If the protocol changes, you will need to change the version string - * and make appropriate changes in krb_sendauth.c - * be sure to support old versions of krb_sendauth! - */ - -extern int errno; - -/* - * krb_recvauth() reads (and optionally responds to) a message sent - * using krb_sendauth(). The "options" argument is a bit-field of - * selected options (see "sendauth.c" for options description). - * The only option relevant to krb_recvauth() is KOPT_DO_MUTUAL - * (mutual authentication requested). The "fd" argument supplies - * a file descriptor to read from (and write to, if mutual authenti- - * cation is requested). - * - * Part of the received message will be a Kerberos ticket sent by the - * client; this is read into the "ticket" argument. The "service" and - * "instance" arguments supply the server's Kerberos name. If the - * "instance" argument is the string "*", it is treated as a wild card - * and filled in during the krb_rd_req() call (see read_service_key()). - * - * The "faddr" and "laddr" give the sending (client) and receiving - * (local server) network addresses. ("laddr" may be left NULL unless - * mutual authentication is requested, in which case it must be set.) - * - * The authentication information extracted from the message is returned - * in "kdata". The "filename" argument indicates the file where the - * server's key can be found. (It is passed on to krb_rd_req().) If - * left null, the default "/etc/srvtab" will be used. - * - * If mutual authentication is requested, the session key schedule must - * be computed in order to reply; this schedule is returned in the - * "schedule" argument. A string containing the application version - * number from the received message is returned in "version", which - * should be large enough to hold a KRB_SENDAUTH_VLEN-character string. - * - * See krb_sendauth() for the format of the received client message. - * - * This routine supports another client format, for backward - * compatibility, consisting of: - * - * Size Variable Field - * ---- -------- ----- - * - * string tmp_buf, tkt_len length of ticket, in - * ascii - * - * char ' ' (space char) separator - * - * tkt_len ticket->dat the ticket - * - * This old-style version does not support mutual authentication. - * - * krb_recvauth() first reads the protocol version string from the - * given file descriptor. If it doesn't match the current protocol - * version (KRB_SENDAUTH_VERS), the old-style format is assumed. In - * that case, the string of characters up to the first space is read - * and interpreted as the ticket length, then the ticket is read. - * - * If the first string did match KRB_SENDAUTH_VERS, krb_recvauth() - * next reads the application protocol version string. Then the - * ticket length and ticket itself are read. - * - * The ticket is decrypted and checked by the call to krb_rd_req(). - * If no mutual authentication is required, the result of the - * krb_rd_req() call is retured by this routine. If mutual authenti- - * cation is required, a message in the following format is returned - * on "fd": - * - * Size Variable Field - * ---- -------- ----- - * - * 4 bytes tkt_len length of ticket or -1 - * if error occurred - * - * priv_len tmp_buf "private" message created - * by krb_mk_priv() which - * contains the incremented - * checksum sent by the client - * encrypted in the session - * key. (This field is not - * present in case of error.) - * - * If all goes well, KSUCCESS is returned; otherwise KFAILURE or some - * other error code is returned. - */ - -#ifndef max -#define max(a,b) (((a) > (b)) ? (a) : (b)) -#endif /* max */ - -int -krb_recvauth(options, fd, ticket, service, instance, faddr, laddr, kdata, - filename, schedule, version) -long options; /* bit-pattern of options */ -int fd; /* file descr. to read from */ -KTEXT ticket; /* storage for client's ticket */ -char *service; /* service expected */ -char *instance; /* inst expected (may be filled in) */ -struct sockaddr_in *faddr; /* address of foreign host on fd */ -struct sockaddr_in *laddr; /* local address */ -AUTH_DAT *kdata; /* kerberos data (returned) */ -char *filename; /* name of file with service keys */ -Key_schedule schedule; /* key schedule (return) */ -char *version; /* version string (filled in) */ -{ - - int i, cc, old_vers = 0; - char krb_vers[KRB_SENDAUTH_VLEN + 1]; /* + 1 for the null terminator */ - char *cp; - int rem; - long tkt_len, priv_len; - u_long cksum; - u_char tmp_buf[MAX_KTXT_LEN+max(KRB_SENDAUTH_VLEN+1,21)]; - - /* read the protocol version number */ - if (krb_net_read(fd, krb_vers, KRB_SENDAUTH_VLEN) != - KRB_SENDAUTH_VLEN) - return(errno); - krb_vers[KRB_SENDAUTH_VLEN] = '\0'; - - /* check version string */ - if (strcmp(krb_vers,KRB_SENDAUTH_VERS)) { - /* Assume the old version of sendkerberosdata: send ascii - length, ' ', and ticket. */ - if (options & KOPT_DO_MUTUAL) - return(KFAILURE); /* XXX can't do old style with mutual auth */ - old_vers = 1; - - /* copy what we have read into tmp_buf */ - (void) memcpy((char *) tmp_buf, krb_vers, KRB_SENDAUTH_VLEN); - - /* search for space, and make it a null */ - for (i = 0; i < KRB_SENDAUTH_VLEN; i++) - if (tmp_buf[i]== ' ') { - tmp_buf[i] = '\0'; - /* point cp to the beginning of the real ticket */ - cp = (char *) &tmp_buf[i+1]; - break; - } - - if (i == KRB_SENDAUTH_VLEN) - /* didn't find the space, keep reading to find it */ - for (; i<20; i++) { - if (read(fd, (char *)&tmp_buf[i], 1) != 1) { - return(KFAILURE); - } - if (tmp_buf[i] == ' ') { - tmp_buf[i] = '\0'; - /* point cp to the beginning of the real ticket */ - cp = (char *) &tmp_buf[i+1]; - break; - } - } - - tkt_len = (long) atoi((char *) tmp_buf); - - /* sanity check the length */ - if ((i==20)||(tkt_len<=0)||(tkt_len>MAX_KTXT_LEN)) - return(KFAILURE); - - if (i < KRB_SENDAUTH_VLEN) { - /* since we already got the space, and part of the ticket, - we read fewer bytes to get the rest of the ticket */ - if (krb_net_read(fd, (char *)(tmp_buf+KRB_SENDAUTH_VLEN), - (int) (tkt_len - KRB_SENDAUTH_VLEN + 1 + i)) - != (int)(tkt_len - KRB_SENDAUTH_VLEN + 1 + i)) - return(errno); - } else { - if (krb_net_read(fd, (char *)(tmp_buf+i), (int)tkt_len) != - (int) tkt_len) - return(errno); - } - ticket->length = tkt_len; - /* copy the ticket into the struct */ - (void) memcpy((char *) ticket->dat, cp, ticket->length); - - } else { - /* read the application version string */ - if (krb_net_read(fd, version, KRB_SENDAUTH_VLEN) != - KRB_SENDAUTH_VLEN) - return(errno); - version[KRB_SENDAUTH_VLEN] = '\0'; - - /* get the length of the ticket */ - if (krb_net_read(fd, (char *)&tkt_len, sizeof(tkt_len)) != - sizeof(tkt_len)) - return(errno); - - /* sanity check */ - ticket->length = ntohl((unsigned long)tkt_len); - if ((ticket->length <= 0) || (ticket->length > MAX_KTXT_LEN)) { - if (options & KOPT_DO_MUTUAL) { - rem = KFAILURE; - goto mutual_fail; - } else - return(KFAILURE); /* XXX there may still be junk on the fd? */ - } - - /* read the ticket */ - if (krb_net_read(fd, (char *) ticket->dat, ticket->length) - != ticket->length) - return(errno); - } - /* - * now have the ticket. decrypt it to get the authenticated - * data. - */ - rem = krb_rd_req(ticket,service,instance,faddr->sin_addr.s_addr, - kdata,filename); - - if (old_vers) return(rem); /* XXX can't do mutual with old client */ - - /* if we are doing mutual auth, compose a response */ - if (options & KOPT_DO_MUTUAL) { - if (rem != KSUCCESS) { -#ifdef EBUG - ERROR(rem) -#endif - /* the krb_rd_req failed */ - goto mutual_fail; - } - - /* add one to the (formerly) sealed checksum, and re-seal it - for return to the client */ - cksum = kdata->checksum + 1; - cksum = htonl(cksum); -#ifndef NOENCRYPTION - key_sched(kdata->session,schedule); -#endif /* !NOENCRYPTION */ - priv_len = krb_mk_priv((unsigned char *)&cksum, - tmp_buf, - (unsigned long) sizeof(cksum), - schedule, - kdata->session, - laddr, - faddr); - if (priv_len < 0) { - /* re-sealing failed; notify the client */ - rem = KFAILURE; /* XXX */ -mutual_fail: - priv_len = -1; - tkt_len = htonl((unsigned long) priv_len); - /* a length of -1 is interpreted as an authentication - failure by the client */ - if ((cc = krb_net_write(fd, (char *)&tkt_len, sizeof(tkt_len))) - != sizeof(tkt_len)) - return(cc); - return(rem); - } else { - /* re-sealing succeeded, send the private message */ - tkt_len = htonl((unsigned long)priv_len); - if ((cc = krb_net_write(fd, (char *)&tkt_len, sizeof(tkt_len))) - != sizeof(tkt_len)) - return(cc); - if ((cc = krb_net_write(fd, (char *)tmp_buf, (int) priv_len)) - != (int) priv_len) - return(cc); - } - } - return(rem); -} diff --git a/src/lib/krb425/sendauth.c b/src/lib/krb425/sendauth.c deleted file mode 100644 index 55d19821a..000000000 --- a/src/lib/krb425/sendauth.c +++ /dev/null @@ -1,267 +0,0 @@ -/* - * lib/krb425/sendauth.c - * - * Copyright 1987,1988,1990 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - */ - - -#include "krb425.h" - -#include -#include -#include -#include -#include - -#define KRB_SENDAUTH_VERS "AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN chars */ -/* - * If the protocol changes, you will need to change the version string - * and make appropriate changes in krb_recvauth.c - */ - -extern int errno; - -extern char *krb_get_phost(); - -/* - * This file contains two routines: krb_sendauth() and krb_sendsrv(). - * - * krb_sendauth() transmits a ticket over a file descriptor for a - * desired service, instance, and realm, doing mutual authentication - * with the server if desired. - * - * krb_sendsvc() sends a service name to a remote knetd server. - */ - -/* - * The first argument to krb_sendauth() contains a bitfield of - * options (the options are defined in "krb.h"): - * - * KOPT_DONT_CANON Don't canonicalize instance as a hostname. - * (If this option is not chosen, krb_get_phost() - * is called to canonicalize it.) - * - * KOPT_DONT_MK_REQ Don't request server ticket from Kerberos. - * A ticket must be supplied in the "ticket" - * argument. - * (If this option is not chosen, and there - * is no ticket for the given server in the - * ticket cache, one will be fetched using - * krb_mk_req() and returned in "ticket".) - * - * KOPT_DO_MUTUAL Do mutual authentication, requiring that the - * receiving server return the checksum+1 encrypted - * in the session key. The mutual authentication - * is done using krb_mk_priv() on the other side - * (see "recvauth.c") and krb_rd_priv() on this - * side. - * - * The "fd" argument is a file descriptor to write to the remote - * server on. The "ticket" argument is used to store the new ticket - * from the krb_mk_req() call. If the KOPT_DONT_MK_REQ options is - * chosen, the ticket must be supplied in the "ticket" argument. - * The "service", "inst", and "realm" arguments identify the ticket. - * If "realm" is null, the local realm is used. - * - * The following arguments are only needed if the KOPT_DO_MUTUAL option - * is chosen: - * - * The "checksum" argument is a number that the server will add 1 to - * to authenticate itself back to the client; the "msg_data" argument - * holds the returned mutual-authentication message from the server - * (i.e., the checksum+1); the "cred" structure is used to hold the - * session key of the server, extracted from the ticket file, for use - * in decrypting the mutual authentication message from the server; - * and "schedule" holds the key schedule for that decryption. The - * the local and server addresses are given in "laddr" and "faddr". - * - * The application protocol version number (of up to KRB_SENDAUTH_VLEN - * characters) is passed in "version". - * - * If all goes well, KSUCCESS is returned, otherwise some error code. - * - * The format of the message sent to the server is: - * - * Size Variable Field - * ---- -------- ----- - * - * KRB_SENDAUTH_VLEN KRB_SENDAUTH_VER sendauth protocol - * bytes version number - * - * KRB_SENDAUTH_VLEN version application protocol - * bytes version number - * - * 4 bytes ticket->length length of ticket - * - * ticket->length ticket->dat ticket itself - */ - -/* - * XXX: Note that krb_rd_priv() is coded in such a way that - * "msg_data->app_data" will be pointing into "priv_buf", which - * will disappear when krb_sendauth() returns. - */ - -int -krb_sendauth(options, fd, ticket, service, inst, realm, checksum, - msg_data, cred, schedule, laddr, faddr, version) -long options; /* bit-pattern of options */ -int fd; /* file descriptor to write onto */ -KTEXT ticket; /* where to put ticket (return); or - * supplied in case of KOPT_DONT_MK_REQ */ -char *service, *inst, *realm; /* service name, instance, realm */ -u_long checksum; /* checksum to include in request */ -MSG_DAT *msg_data; /* mutual auth MSG_DAT (return) */ -CREDENTIALS *cred; /* credentials (return) */ -Key_schedule schedule; /* key schedule (return) */ -struct sockaddr_in *laddr; /* local address */ -struct sockaddr_in *faddr; /* address of foreign host on fd */ -char *version; /* version string */ -{ - int rem, i, cc; - char srv_inst[INST_SZ]; - char krb_realm[REALM_SZ]; - char buf[BUFSIZ]; - long tkt_len; - u_char priv_buf[1024]; - u_long cksum; - - rem=KSUCCESS; - - /* get current realm if not passed in */ - if (!realm) { - rem = krb_get_lrealm(krb_realm,1); - if (rem != KSUCCESS) - return(rem); - realm = krb_realm; - } - - /* copy instance into local storage, canonicalizing if desired */ - if (options & KOPT_DONT_CANON) - (void) strncpy(srv_inst, inst, INST_SZ); - else - (void) strncpy(srv_inst, krb_get_phost(inst), INST_SZ); - - /* get the ticket if desired */ - if (!(options & KOPT_DONT_MK_REQ)) { - rem = krb_mk_req(ticket, service, srv_inst, realm, checksum); - if (rem != KSUCCESS) - return(rem); - } - - /* if mutual auth, get credentials so we have service session - keys for decryption below */ - if (options & KOPT_DO_MUTUAL) - if (cc = krb_get_cred(service, srv_inst, realm, cred)) - return(cc); - - /* zero the buffer */ - (void) memset(buf, 0, BUFSIZ); - - /* insert version strings */ - (void) strncpy(buf, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN); - (void) strncpy(buf+KRB_SENDAUTH_VLEN, version, KRB_SENDAUTH_VLEN); - - /* increment past vers strings */ - i = 2*KRB_SENDAUTH_VLEN; - - /* put ticket length into buffer */ - tkt_len = htonl((unsigned long) ticket->length); - (void) memcpy(buf+i, (char *) &tkt_len, sizeof(tkt_len)); - i += sizeof(tkt_len); - - /* put ticket into buffer */ - (void) memcpy(buf+i, (char *) ticket->dat, ticket->length); - i += ticket->length; - - /* write the request to the server */ - if ((cc = krb_net_write(fd, buf, i)) != i) - return(cc); - - /* mutual authentication, if desired */ - if (options & KOPT_DO_MUTUAL) { - int r; - /* get the length of the reply */ - if ((r = krb_net_read(fd, (char *) &tkt_len, sizeof(tkt_len))) != - sizeof(tkt_len)) { -#ifdef EBUG - EPRINT "krb_net_read(%d, tkt_len, %d) returns %d\n", - fd, sizeof(tkt_len), r); - ERROR(errno); -#endif - return(errno); - } - tkt_len = ntohl((unsigned long)tkt_len); - - /* if the length is negative, the server failed to recognize us. */ - if ((tkt_len < 0) || (tkt_len > sizeof(priv_buf))) - return(KFAILURE); /* XXX */ - /* read the reply... */ - if (krb_net_read(fd, (char *)priv_buf, (int) tkt_len) != (int) tkt_len) - return(errno); - - /* ...and decrypt it */ -#ifndef NOENCRYPTION - key_sched(cred->session, schedule); -#endif /* !NOENCRYPTION */ - if (cc = krb_rd_priv(priv_buf,(unsigned long) tkt_len, schedule, - cred->session, faddr, laddr, msg_data)) - return(cc); - - /* fetch the (modified) checksum */ - (void) memcpy((char *)&cksum, (char *)msg_data->app_data, - sizeof(cksum)); - cksum = ntohl(cksum); - - /* if it doesn't match, fail */ - if (cksum != checksum + 1) - return(KFAILURE); /* XXX */ - } - return(KSUCCESS); -} - -#ifdef ATHENA_COMPAT -/* - * krb_sendsvc - */ - -int -krb_sendsvc(fd, service) -int fd; -char *service; -{ - /* write the service name length and then the service name to - the fd */ - long serv_length; - int cc; - - serv_length = htonl((unsigned long)strlen(service)); - if ((cc = krb_net_write(fd, (char *) &serv_length, - sizeof(serv_length))) - != sizeof(serv_length)) - return(cc); - if ((cc = krb_net_write(fd, service, strlen(service))) - != strlen(service)) - return(cc); - return(KSUCCESS); -} -#endif /* ATHENA_COMPAT */ diff --git a/src/lib/krb425/set_key.c b/src/lib/krb425/set_key.c deleted file mode 100644 index d38c18d81..000000000 --- a/src/lib/krb425/set_key.c +++ /dev/null @@ -1,49 +0,0 @@ -/* - * lib/krb425/set_key.c - * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * krb_set_key for krb425 - */ - - -#include "krb425.h" - -int -krb_set_key(key, cvt) -char *key; -int cvt; -{ - if (cvt) { - if (_krb425_servkey.contents) - krb5_xfree(_krb425_servkey.contents); - mit_des_string_to_key(KEYTYPE_DES, &_krb425_servkey, 0, 0); - } else { - if (!_krb425_servkey.contents && - !(_krb425_servkey.contents = (krb5_octet *)malloc(8))) { - return(KFAILURE); - } - _krb425_servkey.length = 8; - _krb425_servkey.keytype = KEYTYPE_DES; - memcpy((char *)_krb425_servkey.contents, (char *)key, 8); - } - return(KSUCCESS); -}