From: Danilo Almeida Date: Thu, 20 Jul 2000 00:46:02 +0000 (+0000) Subject: * Makefile.in: Make krb524 library and k524init program build on X-Git-Tag: krb5-1.3-alpha1~1971 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=aaa76aad10fa3caac34fabf5231146a36d579471;p=krb5.git * Makefile.in: Make krb524 library and k524init program build on Windows. * krb524.def, libinit.c: Files needed to build on Windows. * k524init.c: Use public krb_in_tkt() with realm paramter instead of potentially private in_tkt() w/o realm parameter (which does not even exist w/o the realm paramter in some krb4 libraries). Use krb_save_credentials() instead of tf_init() then tf_save_credentials() then tf_close(). * cnv_tkt_skey.c: Put copy of krb_cr_tkt_krb5() and krb_create_ticket() as static functions in this file, calling them krb524int_*(). Call these functions instead of the ones in the MIT krb4 library included in the krb5 tree. * conv_princ.c: Remove unused headers. * k524init.c, cnv_tkt_skey.c, conv_creds.c, encode.c, misc.c, sendmsg.c, test.c: Do not include Unix headers on Windows. * sendmsg.c (krb524_sendto_kdc): Fix call to krb5_locate_kdc() to use right number and types of parameters. Use krb5int_accessor() to get at internals: krb5_locate_kdc(), krb5_max_dgram_size, krb5_skdc_timeout_1, and krb5_skdc_timeout_shift. (The latter 3 should probably be #defines...) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12569 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/krb524/ChangeLog b/src/krb524/ChangeLog index 480ee3179..097cb7f42 100644 --- a/src/krb524/ChangeLog +++ b/src/krb524/ChangeLog @@ -1,3 +1,32 @@ +2000-07-19 Danilo Almeida + + * Makefile.in: Make krb524 library and k524init program build on + Windows. + + * krb524.def, libinit.c: Files needed to build on Windows. + + * k524init.c: Use public krb_in_tkt() with realm paramter instead of + potentially private in_tkt() w/o realm parameter (which does not + even exist w/o the realm paramter in some krb4 libraries). Use + krb_save_credentials() instead of tf_init() then + tf_save_credentials() then tf_close(). + + * cnv_tkt_skey.c: Put copy of krb_cr_tkt_krb5() and + krb_create_ticket() as static functions in this file, calling them + krb524int_*(). Call these functions instead of the ones in the + MIT krb4 library included in the krb5 tree. + + * conv_princ.c: Remove unused headers. + + * k524init.c, cnv_tkt_skey.c, conv_creds.c, encode.c, misc.c, + sendmsg.c, test.c: Do not include Unix headers on Windows. + + * sendmsg.c (krb524_sendto_kdc): Fix call to krb5_locate_kdc() to + use right number and types of parameters. Use krb5int_accessor() + to get at internals: krb5_locate_kdc(), krb5_max_dgram_size, + krb5_skdc_timeout_1, and krb5_skdc_timeout_shift. (The latter 3 + should probably be #defines...) + 2000-07-19 Danilo Almeida * getcred.c (main): Use correct parameters for krb5_cc_default() diff --git a/src/krb524/Makefile.in b/src/krb524/Makefile.in index d64c3eb38..ebac8d587 100644 --- a/src/krb524/Makefile.in +++ b/src/krb524/Makefile.in @@ -23,7 +23,10 @@ BUILDTOP=$(REL)$(U) # PERFORMANCE OF THIS SOFTWARE. # -LIB=krb524 +LIBNAME=krb524 +##WIN32##!if 0 +LIB=$(LIBNAME) +##WIN32##!endif LIBMAJOR=1 LIBMINOR=0 RELDIR=../krb524 @@ -35,20 +38,47 @@ PROG_RPATH=$(KRB5_LIBDIR) KRB524_DEPLIB = libkrb524.a KRB524_LIB = libkrb524.a + +##WIN32##KRB4_INCLUDES = -I../../../krb4/krbv4/include -I../../../krb4/include +##WIN32##K4LIB = ../../../krb4/krbv4/krbdll/$(OUTPRE)krbv4w32.lib +###WIN32##K4LIB = ../lib/$(OUTPRE)krb4_32.lib +K524DEF = krb524.def +WINLIBS = kernel32.lib wsock32.lib user32.lib shell32.lib oldnames.lib \ + version.lib advapi32.lib gdi32.lib + LOCALINCLUDES= $(KRB4_INCLUDES) -I. -I$(srcdir) # Library sources -SRCS = conv_creds.c conv_princ.c cnv_tkt_skey.c \ - encode.c misc.c globals.c sendmsg.c krb524_err.et -STLIBOBJS = conv_creds.o conv_princ.o cnv_tkt_skey.o \ - encode.o misc.o globals.o sendmsg.o krb524_err.o +SRCS = \ + conv_creds.c \ + conv_princ.c \ + cnv_tkt_skey.c \ + encode.c \ + misc.c \ + globals.c \ + sendmsg.c \ + krb524_err.et \ + libinit.c + +STLIBOBJS = \ + $(OUTPRE)conv_creds.$(OBJEXT) \ + $(OUTPRE)conv_princ.$(OBJEXT) \ + $(OUTPRE)cnv_tkt_skey.$(OBJEXT) \ + $(OUTPRE)encode.$(OBJEXT) \ + $(OUTPRE)misc.$(OBJEXT) \ + $(OUTPRE)globals.$(OBJEXT) \ + $(OUTPRE)sendmsg.$(OBJEXT) \ + $(OUTPRE)krb524_err.$(OBJEXT) \ + $(OUTPRE)libinit.$(OBJEXT) GENS = krb524_err.c krb524_err.h -all:: $(GENS) -all:: all-libs +all-unix:: $(GENS) +all-unix:: all-libs -all:: krb524d krb524test k524init +all-unix:: krb524d krb524test k524init + +all-windows:: $(OUTPRE)$(LIBNAME).lib $(OUTPRE)k524init.exe krb524test: libkrb524.a test.o $(KRB524_DEPLIB) $(KRB4COMPAT_DEPLIBS) $(CC_LINK) -o krb524test test.o $(KRB524_LIB) $(KRB4COMPAT_LIBS) @@ -59,10 +89,17 @@ krb524d: krb524d.o $(KADMSRV_DEPLIBS) $(KRB524_DEPLIB) $(KRB4COMPAT_DEPLIBS) k524init: k524init.o $(KRB524_DEPLIB) $(KRB4COMPAT_DEPLIBS) $(CC_LINK) -o k524init k524init.o $(KRB524_LIB) $(KRB4COMPAT_LIBS) -install:: install-libs +$(OUTPRE)$(LIBNAME).lib: $(STLIBOBJS) $(K4LIB) $(KLIB) + link $(DLL_LINKOPTS) -def:$(K524DEF) -out:$*.dll $** $(WINLIBS) + +$(OUTPRE)k524init.exe: $(OUTPRE)k524init.$(OBJEXT) $(KLIB) $(K4LIB) $(BUILDTOP)\util\windows\$(OUTPRE)getopt.lib + link $(EXE_LINKOPTS) -out:$@ $** $(KLIB) $(K4LIB) $(WINLIBS) $(CLIB)\ + $(OUTPRE)krb524.lib + +install-unix:: install-libs $(INSTALL_PROGRAM) krb524d $(DESTDIR)$(SERVER_BINDIR)/krb524d $(INSTALL_PROGRAM) k524init $(DESTDIR)$(CLIENT_BINDIR)/krb524init -clean:: clean-libs clean-libobjs +clean-unix:: clean-libs clean-libobjs $(RM) $(OBJS) $(GENS) core *~ *.bak #* $(RM) krb524test krb524d k524init test.o krb524d.o k524init.o diff --git a/src/krb524/cnv_tkt_skey.c b/src/krb524/cnv_tkt_skey.c index fc25246cd..521e8587e 100644 --- a/src/krb524/cnv_tkt_skey.c +++ b/src/krb524/cnv_tkt_skey.c @@ -23,11 +23,29 @@ #include "k5-int.h" /* we need krb5_context::clockskew */ #include #include + +#ifndef _WIN32 #include #include +#endif + #include #include "krb524.h" +static +int +krb524int_krb_create_ticket(tkt, flags, pname, pinstance, prealm, paddress, + session, life, time_sec, sname, sinstance, key, k5key); + +static +int +krb524int_krb_cr_tkt_krb5(tkt, flags, pname, pinstance, prealm, paddress, + session, life, time_sec, sname, sinstance, k5key); + +static int +krb524int_krb_cr_tkt_int(tkt, flags, pname, pinstance, prealm, paddress, + session, life, time_sec, sname, sinstance, key, k5key); + /* rather than copying the cmu code, these values are derived from a calculation based on the table and comments found there. the expression (in elisp) is: @@ -155,7 +173,7 @@ int krb524_convert_tkt_skey(context, v5tkt, v4tkt, v5_skey, v4_skey, /* XXX are there V5 flags we should map to V4 equivalents? */ if (v4_skey->enctype == ENCTYPE_DES_CBC_CRC) { - ret = krb_create_ticket(v4tkt, + ret = krb524int_krb_create_ticket(v4tkt, 0, /* flags */ pname, pinst, @@ -173,7 +191,7 @@ int krb524_convert_tkt_skey(context, v5tkt, v4tkt, v5_skey, v4_skey, if (v4_skey->enctype == ENCTYPE_DES3_CBC_SHA1 || v4_skey->enctype == ENCTYPE_LOCAL_DES3_HMAC_SHA1) v4_skey->enctype = ENCTYPE_DES3_CBC_RAW; - ret = krb_cr_tkt_krb5(v4tkt, + ret = krb524int_krb_cr_tkt_krb5(v4tkt, 0, /* flags */ pname, pinst, @@ -195,3 +213,226 @@ int krb524_convert_tkt_skey(context, v5tkt, v4tkt, v5_skey, v4_skey, else return KRB524_V4ERR; } + +/***************************************************************************** + * Copied from krb4's cr_tkt. + * Modified functions below to be static. + *****************************************************************************/ + +#define HOST_BYTE_ORDER (* (char *) &temp_ONE) +static const int temp_ONE = 1; + +/* + * Create ticket takes as arguments information that should be in a + * ticket, and the KTEXT object in which the ticket should be + * constructed. It then constructs a ticket and returns, leaving the + * newly created ticket in tkt. +#ifndef NOENCRYPTION + * The data in tkt->dat is encrypted in the server's key. +#endif + * The length of the ticket is a multiple of + * eight bytes and is in tkt->length. + * + * If the ticket is too long, the ticket will contain nulls. + * The return value of the routine is undefined. + * + * The corresponding routine to extract information from a ticket it + * decomp_ticket. When changes are made to this routine, the + * corresponding changes should also be made to that file. + * + * The packet is built in the following format: + * + * variable + * type or constant data + * ---- ----------- ---- + * + * tkt->length length of ticket (multiple of 8 bytes) + * +#ifdef NOENCRYPTION + * tkt->dat: +#else + * tkt->dat: (encrypted in server's key) +#endif + * + * unsigned char flags namely, HOST_BYTE_ORDER + * + * string pname client's name + * + * string pinstance client's instance + * + * string prealm client's realm + * + * 4 bytes paddress client's address + * + * 8 bytes session session key + * + * 1 byte life ticket lifetime + * + * 4 bytes time_sec KDC timestamp + * + * string sname service's name + * + * string sinstance service's instance + * + * <=7 bytes null null pad to 8 byte multiple + * + */ +static +int +krb524int_krb_create_ticket(tkt, flags, pname, pinstance, prealm, paddress, + session, life, time_sec, sname, sinstance, key, k5key) + KTEXT tkt; /* Gets filled in by the ticket */ + unsigned char flags; /* Various Kerberos flags */ + char *pname; /* Principal's name */ + char *pinstance; /* Principal's instance */ + char *prealm; /* Principal's authentication domain */ + long paddress; /* Net address of requesting entity */ + char *session; /* Session key inserted in ticket */ + short life; /* Lifetime of the ticket */ + long time_sec; /* Issue time and date */ + char *sname; /* Service Name */ + char *sinstance; /* Instance Name */ + C_Block key; /* Service's secret key */ +{ + return krb524int_krb_cr_tkt_int(tkt, flags, pname, pinstance, prealm, + paddress, session, life, time_sec, sname, + sinstance, key, NULL); +} + +static +int +krb524int_krb_cr_tkt_krb5(tkt, flags, pname, pinstance, prealm, paddress, + session, life, time_sec, sname, sinstance, k5key) + KTEXT tkt; /* Gets filled in by the ticket */ + unsigned char flags; /* Various Kerberos flags */ + char *pname; /* Principal's name */ + char *pinstance; /* Principal's instance */ + char *prealm; /* Principal's authentication domain */ + long paddress; /* Net address of requesting entity */ + char *session; /* Session key inserted in ticket */ + short life; /* Lifetime of the ticket */ + long time_sec; /* Issue time and date */ + char *sname; /* Service Name */ + char *sinstance; /* Instance Name */ + krb5_keyblock *k5key; /* NULL if not present */ +{ + C_Block key; + + return krb524int_krb_cr_tkt_int(tkt, flags, pname, pinstance, prealm, + paddress, session, life, time_sec, sname, + sinstance, key, k5key); +} + +static int +krb524int_krb_cr_tkt_int(tkt, flags, pname, pinstance, prealm, paddress, + session, life, time_sec, sname, sinstance, key, k5key) + KTEXT tkt; /* Gets filled in by the ticket */ + unsigned char flags; /* Various Kerberos flags */ + char *pname; /* Principal's name */ + char *pinstance; /* Principal's instance */ + char *prealm; /* Principal's authentication domain */ + long paddress; /* Net address of requesting entity */ + char *session; /* Session key inserted in ticket */ + short life; /* Lifetime of the ticket */ + long time_sec; /* Issue time and date */ + char *sname; /* Service Name */ + char *sinstance; /* Instance Name */ + C_Block key; /* Service's secret key */ + krb5_keyblock *k5key; /* NULL if not present */ +{ + Key_schedule key_s; + register char *data; /* running index into ticket */ + + tkt->length = 0; /* Clear previous data */ + + /* Check length of ticket */ + if (sizeof(tkt->dat) < (sizeof(flags) + + 1 + strlen(pname) + + 1 + strlen(pinstance) + + 1 + strlen(prealm) + + 4 + /* address */ + 8 + /* session */ + 1 + /* life */ + 4 + /* issue time */ + 1 + strlen(sname) + + 1 + strlen(sinstance) + + 7) / 8) { /* roundoff */ + memset(tkt->dat, 0, sizeof(tkt->dat)); + return KFAILURE /* XXX */; + } + + flags |= HOST_BYTE_ORDER; /* ticket byte order */ + memcpy((char *) (tkt->dat), (char *) &flags, sizeof(flags)); + data = ((char *)tkt->dat) + sizeof(flags); + (void) strcpy(data, pname); + data += 1 + strlen(pname); + (void) strcpy(data, pinstance); + data += 1 + strlen(pinstance); + (void) strcpy(data, prealm); + data += 1 + strlen(prealm); + memcpy(data, (char *) &paddress, 4); + data += 4; + + memcpy(data, (char *) session, 8); + data += 8; + *(data++) = (char) life; + /* issue time */ + memcpy(data, (char *) &time_sec, 4); + data += 4; + (void) strcpy(data, sname); + data += 1 + strlen(sname); + (void) strcpy(data, sinstance); + data += 1 + strlen(sinstance); + + /* guarantee null padded ticket to multiple of 8 bytes */ + memset(data, 0, 7); + tkt->length = ((data - ((char *)tkt->dat) + 7)/8)*8; + + /* Check length of ticket */ + if (tkt->length > (sizeof(KTEXT_ST) - 7)) { + memset(tkt->dat, 0, tkt->length); + tkt->length = 0; + return KFAILURE /* XXX */; + } + +#ifndef NOENCRYPTION + /* Encrypt the ticket in the services key */ + if (k5key != NULL) { + /* block locals */ + krb5_data in; + krb5_enc_data out; + krb5_error_code ret; + size_t enclen; + + in.length = tkt->length; + in.data = tkt->dat; + /* XXX assumes context arg is ignored */ + ret = krb5_c_encrypt_length(NULL, k5key->enctype, + (size_t)in.length, &enclen); + if (ret) + return KFAILURE; + out.ciphertext.length = enclen; + out.ciphertext.data = malloc(enclen); + if (out.ciphertext.data == NULL) + return KFAILURE; /* XXX maybe ENOMEM? */ + + /* XXX assumes context arg is ignored */ + ret = krb5_c_encrypt(NULL, k5key, KRB5_KEYUSAGE_KDC_REP_TICKET, + NULL, &in, &out); + if (ret) { + free(out.ciphertext.data); + return KFAILURE; + } else { + tkt->length = out.ciphertext.length; + memcpy(tkt->dat, out.ciphertext.data, out.ciphertext.length); + memset(out.ciphertext.data, 0, out.ciphertext.length); + free(out.ciphertext.data); + } + } else { + key_sched(key,key_s); + pcbc_encrypt((C_Block *)tkt->dat,(C_Block *)tkt->dat, + (long) tkt->length,key_s,(C_Block *)key,1); + } +#endif /* !NOENCRYPTION */ + return 0; +} diff --git a/src/krb524/conv_creds.c b/src/krb524/conv_creds.c index ae31f9cf9..d5a9c3a79 100644 --- a/src/krb524/conv_creds.c +++ b/src/krb524/conv_creds.c @@ -24,7 +24,11 @@ #include #include #include +#ifdef _WIN32 +#include +#else #include +#endif #include #include "krb524.h" diff --git a/src/krb524/conv_princ.c b/src/krb524/conv_princ.c index f55f4a23c..d462c8e43 100644 --- a/src/krb524/conv_princ.c +++ b/src/krb524/conv_princ.c @@ -21,14 +21,7 @@ */ #include "krb5.h" -#include -#include -#include -#include -#include - #include - #include "krb524.h" int krb524_convert_princs(context, client, server, pname, pinst, prealm, diff --git a/src/krb524/encode.c b/src/krb524/encode.c index fc40b794f..c81023de5 100644 --- a/src/krb524/encode.c +++ b/src/krb524/encode.c @@ -25,9 +25,13 @@ #include #include #include + +#ifndef _WIN32 #include #include #include +#endif + #include #include "krb524.h" diff --git a/src/krb524/k524init.c b/src/krb524/k524init.c index 680991c44..f86f4ee3f 100644 --- a/src/krb524/k524init.c +++ b/src/krb524/k524init.c @@ -20,16 +20,18 @@ * PERFORMANCE OF THIS SOFTWARE. */ -#include "krb5.h" +#include #include "com_err.h" #include #include #include #include +#ifndef _WIN32 #include #include #include +#endif #include #include "krb524.h" @@ -126,13 +128,12 @@ int main(argc, argv) if (!nodelete) { /* initialize ticket cache */ - if ((code = in_tkt(v4creds.pname,v4creds.pinst) != KSUCCESS)) { + if ((code = krb_in_tkt(v4creds.pname,v4creds.pinst,v4creds.realm) != KSUCCESS)) { com_err("k524init", code, "trying to create the V4 ticket file"); exit(1); } } -#ifdef notdef /* stash ticket, session key, etc. for future use */ if ((code = krb_save_credentials(v4creds.service, v4creds.instance, v4creds.realm, v4creds.session, @@ -142,23 +143,9 @@ int main(argc, argv) com_err("k524init", code, "trying to save the V4 ticket"); exit(1); } -#else /* notdef */ - /* - * krb_save_credentials() as supplied by CNS doesn't exist in the MIT - * Kerberos version 4. So, we're inlining the logic here. - */ - if (((code = tf_init(TKT_FILE, W_TKT_FIL)) != KSUCCESS) || - ((code = tf_save_cred(v4creds.service, v4creds.instance, - v4creds.realm, v4creds.session, - v4creds.lifetime, v4creds.kvno, - &(v4creds.ticket_st), - v4creds.issue_date)))) { - com_err("k524init", code, "trying to save the V4 ticket"); - exit(1); - } - else - (void) tf_close(); -#endif /* notdef */ exit(0); } + + + diff --git a/src/krb524/krb524.def b/src/krb524/krb524.def new file mode 100644 index 000000000..e9ebfa033 --- /dev/null +++ b/src/krb524/krb524.def @@ -0,0 +1,13 @@ +;---------------------------------------------------- +; KRB524.DEF - KRB524.DLL module definition file +;---------------------------------------------------- + +; **************************************************************************** +; Do not add any function to this file until you make sure the calling +; convention for the exported function is KRB5_CALLCONV +; **************************************************************************** + + +EXPORTS + krb524_convert_creds_kdc + krb524_init_ets diff --git a/src/krb524/libinit.c b/src/krb524/libinit.c new file mode 100644 index 000000000..22aeea9f8 --- /dev/null +++ b/src/krb524/libinit.c @@ -0,0 +1,27 @@ +#ifdef _WIN32 +#include + +BOOL +WINAPI +DllMain( + HANDLE hModule, + DWORD fdwReason, + LPVOID lpReserved + ) +{ + switch (fdwReason) + { + case DLL_PROCESS_ATTACH: + break; + case DLL_THREAD_ATTACH: + break; + case DLL_THREAD_DETACH: + break; + case DLL_PROCESS_DETACH: + break; + default: + return FALSE; + } + return TRUE; +} +#endif diff --git a/src/krb524/misc.c b/src/krb524/misc.c index e28f4d1d8..7e3f4e3bc 100644 --- a/src/krb524/misc.c +++ b/src/krb524/misc.c @@ -23,9 +23,12 @@ #include #include #include + +#ifndef _WIN32 #include #include #include +#endif #include #include "krb524.h" diff --git a/src/krb524/sendmsg.c b/src/krb524/sendmsg.c index 77e8f3bf7..8170891b4 100644 --- a/src/krb524/sendmsg.c +++ b/src/krb524/sendmsg.c @@ -30,12 +30,14 @@ #define NEED_LOWLEVEL_IO #include "k5-int.h" +#ifndef _WIN32 #include +#include +#endif + #include #include -#include - #ifdef _AIX #include #endif @@ -43,9 +45,6 @@ #include #include "krb524.h" -/* For krb5_locate_kdc() */ -#include - /* * krb524_sendto_kdc: * @@ -61,11 +60,6 @@ * when finished. */ -extern int krb5_max_dgram_size; -extern int krb5_max_skdc_timeout; -extern int krb5_skdc_timeout_shift; -extern int krb5_skdc_timeout_1; - krb5_error_code krb524_sendto_kdc (context, message, realm, reply) krb5_context context; @@ -83,12 +77,15 @@ krb524_sendto_kdc (context, message, realm, reply) fd_set readable; struct timeval waitlen; int cc; + krb5int_access internals; + if (retval = krb5int_accessor(&internals, KRB5INT_ACCESS_VERSION)) + return retval; /* * find KDC location(s) for realm */ - if ((retval = krb5_locate_kdc(context, realm, &addr, &naddr, NULL, NULL))) + if ((retval = internals.krb5_locate_kdc(context, realm, &addr, &naddr, 0))) return retval; if (naddr == 0) return KRB5_REALM_UNKNOWN; @@ -111,12 +108,12 @@ krb524_sendto_kdc (context, message, realm, reply) else ((struct sockaddr_in *)&addr[i])->sin_port = htons(KRB524_PORT); - if (!(reply->data = malloc(krb5_max_dgram_size))) { + if (!(reply->data = malloc(internals.krb5_max_dgram_size))) { free(addr); free(socklist); return ENOMEM; } - reply->length = krb5_max_dgram_size; + reply->length = internals.krb5_max_dgram_size; #if 0 /* @@ -137,8 +134,8 @@ krb524_sendto_kdc (context, message, realm, reply) * do exponential backoff. */ - for (timeout = krb5_skdc_timeout_1; timeout < krb5_max_skdc_timeout; - timeout <<= krb5_skdc_timeout_shift) { + for (timeout = internals.krb5_skdc_timeout_1; timeout < internals.krb5_max_skdc_timeout; + timeout <<= internals.krb5_skdc_timeout_shift) { sent = 0; for (host = 0; host < naddr; host++) { /* send to the host, wait timeout seconds for a response, diff --git a/src/krb524/test.c b/src/krb524/test.c index 1dba58e23..a69248922 100644 --- a/src/krb524/test.c +++ b/src/krb524/test.c @@ -25,7 +25,10 @@ #include #include #include + +#ifndef _WIN32 #include +#endif #include #include