From: Theodore Tso Date: Wed, 30 Nov 1994 04:08:23 +0000 (+0000) Subject: Move get_for_creds to krb5_get_for_creds in the krb5 library X-Git-Tag: krb5-1.0-beta5~935 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=efff614bf0b875de1e56ba1beaa26a529bc7c6de;p=krb5.git Move get_for_creds to krb5_get_for_creds in the krb5 library git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4717 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/appl/bsd/forward.c b/src/appl/bsd/forward.c index 0819dee99..7a0b96fd4 100644 --- a/src/appl/bsd/forward.c +++ b/src/appl/bsd/forward.c @@ -33,196 +33,6 @@ #include #include -#define KRB5_DEFAULT_LIFE 60*60*8 /* 8 hours */ -/* helper function: convert flags to necessary KDC options */ -#define flags2options(flags) (flags & KDC_TKT_COMMON_MASK) - -/* Get a TGT for use at the remote host */ -krb5_error_code -get_for_creds(etype, sumtype, rhost, client, enc_key, forwardable, outbuf) - const krb5_enctype etype; - const krb5_cksumtype sumtype; - char *rhost; - krb5_principal client; - krb5_keyblock *enc_key; - int forwardable; /* Should forwarded TGT also be forwardable? */ - krb5_data *outbuf; -{ - struct hostent *hp; - krb5_address **addrs; - krb5_error_code retval; - krb5_data *scratch; - krb5_kdc_rep *dec_rep = 0; - krb5_error *err_reply; - krb5_response tgsrep; - krb5_creds creds, tgt; - krb5_ccache cc; - krb5_flags kdcoptions; - krb5_timestamp now; - char *remote_host = 0; - char **hrealms = 0; - int i; - - memset((char *)&creds, 0, sizeof(creds)); - memset((char *)&tgsrep, 0, sizeof(tgsrep)); - - if (!rhost || !(hp = gethostbyname(rhost))) - return KRB5_ERR_BAD_HOSTNAME; - - remote_host = (char *) malloc(strlen(hp->h_name)+1); - if (!remote_host) { - retval = ENOMEM; - goto errout; - } - strcpy(remote_host, hp->h_name); - - if (retval = krb5_get_host_realm(remote_host, &hrealms)) - goto errout; - if (!hrealms[0]) { - retval = KRB5_ERR_HOST_REALM_UNKNOWN; - goto errout; - } - - /* Count elements */ - for(i=0; hp->h_addr_list[i]; i++); - - addrs = (krb5_address **) malloc ((i+1)*sizeof(*addrs)); - if (!addrs) { - retval = ENOMEM; - goto errout; - } - memset(addrs, 0, (i+1)*sizeof(*addrs)); - - for(i=0; hp->h_addr_list[i]; i++) { - addrs[i] = (krb5_address *) malloc(sizeof(krb5_address)); - if (!addrs[i]) { - retval = ENOMEM; - goto errout; - } - addrs[i]->addrtype = hp->h_addrtype; - addrs[i]->length = hp->h_length; - addrs[i]->contents = (unsigned char *)malloc(addrs[i]->length); - if (!addrs[i]->contents) { - retval = ENOMEM; - goto errout; - } - memcpy ((char *)addrs[i]->contents, hp->h_addr_list[i], - addrs[i]->length); - } - addrs[i] = 0; - - if (retval = krb5_copy_principal(client, &creds.client)) - goto errout; - - if (retval = krb5_build_principal_ext(&creds.server, - strlen(hrealms[0]), - hrealms[0], - KRB5_TGS_NAME_SIZE, - KRB5_TGS_NAME, - client->realm.length, - client->realm.data, - 0)) - goto errout; - - creds.times.starttime = 0; - if (retval = krb5_timeofday(&now)) - goto errout; - - creds.times.endtime = now + KRB5_DEFAULT_LIFE; - creds.times.renew_till = 0; - - if (retval = krb5_cc_default(&cc)) - goto errout; - - /* fetch tgt directly from cache */ - retval = krb5_cc_retrieve_cred (cc, - KRB5_TC_MATCH_SRV_NAMEONLY, - &creds, - &tgt); - krb5_cc_close(cc); - if (retval) - goto errout; - - /* tgt->client must be equal to creds.client */ - if (!krb5_principal_compare(tgt.client, creds.client)) { - retval = KRB5_PRINC_NOMATCH; - goto errout; - } - - if (!tgt.ticket.length) { - retval = KRB5_NO_TKT_SUPPLIED; - goto errout; - } - - kdcoptions = flags2options(tgt.ticket_flags)|KDC_OPT_FORWARDED; - - if (!forwardable) /* Reset KDC_OPT_FORWARDABLE */ - kdcoptions &= ~(KDC_OPT_FORWARDABLE); - - if (retval = krb5_send_tgs(kdcoptions, &creds.times, etype, sumtype, - tgt.server, - addrs, - creds.authdata, - 0, /* no padata */ - 0, /* no second ticket */ - &tgt, &tgsrep)) - goto errout; - - switch (tgsrep.message_type) { - case KRB5_TGS_REP: - break; - case KRB5_ERROR: - default: - if (!krb5_is_krb_error(&tgsrep.response)) { - retval = KRB5KRB_AP_ERR_MSG_TYPE; - goto errout; - } else { - if (retval = decode_krb5_error(&tgsrep.response, &err_reply)) - goto errout; - } - - retval = err_reply->error + ERROR_TABLE_BASE_krb5; - - krb5_free_error(err_reply); - goto errout; - } - - if (retval = krb5_decode_kdc_rep(&tgsrep.response, - &tgt.keyblock, - etype, /* enctype */ - &dec_rep)) - goto errout; - - if (dec_rep->msg_type != KRB5_TGS_REP) { - retval = KRB5KRB_AP_ERR_MSG_TYPE; - goto errout; - } - - /* now it's decrypted and ready for prime time */ - - if (!krb5_principal_compare(dec_rep->client, tgt.client)) { - retval = KRB5_KDCREP_MODIFIED; - goto errout; - } - - retval = mk_cred(dec_rep, etype, enc_key, 0, 0, outbuf); - -errout: - if (remote_host) - free(remote_host); - if (hrealms) - krb5_xfree(hrealms); - if (addrs) - krb5_free_addresses(addrs); - krb5_free_cred_contents(&creds); - if (tgsrep.response.data) - free(tgsrep.response.data); - if (dec_rep) - krb5_free_kdc_rep(dec_rep); - return retval; -} - - /* Decode, decrypt and store the forwarded creds in the local ccache. */ krb5_error_code rd_and_store_for_creds(inbuf, ticket, lusername) @@ -237,7 +47,7 @@ rd_and_store_for_creds(inbuf, ticket, lusername) krb5_ccache ccache = NULL; struct passwd *pwd; - if (retval = rd_cred(inbuf, ticket->enc_part2->session, + if (retval = krb5_rd_cred(inbuf, ticket->enc_part2->session, &creds, 0, 0)) { return(retval); } diff --git a/src/appl/bsd/kcmd.c b/src/appl/bsd/kcmd.c index c64e4544e..3ba322a3f 100644 --- a/src/appl/bsd/kcmd.c +++ b/src/appl/bsd/kcmd.c @@ -361,14 +361,14 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, (void) write(s, locuser, strlen(locuser)+1); if (options & OPTS_FORWARD_CREDS) { /* Forward credentials */ - if (status = get_for_creds(ETYPE_DES_CBC_CRC, - krb5_kdc_req_sumtype, - hp->h_name, - ret_cred->client, - &ret_cred->keyblock, - /* Forwardable TGT? */ - options & OPTS_FORWARDABLE_CREDS, - &outbuf)) { + if (status = krb5_get_for_creds(ETYPE_DES_CBC_CRC, + krb5_kdc_req_sumtype, + hp->h_name, + ret_cred->client, + &ret_cred->keyblock, + /* Forwardable TGT? */ + options & OPTS_FORWARDABLE_CREDS, + &outbuf)) { fprintf(stderr, "kcmd: Error getting forwarded creds\n"); goto bad2; }