From 40711cc106681561609b6035c9c3eb613b3efa24 Mon Sep 17 00:00:00 2001 From: Ken Raeburn Date: Sat, 24 May 2003 04:51:38 +0000 Subject: [PATCH] Big step towards integrating libkrb524 into libkrb5: Move libkrb524 code, including error table, into libkrb5. Now libkrb5 initialization pulls in the krb524 error table, so krb524_init_ets is gone; all calls deleted. Move krb4 life/time conversion functions into libkrb5 under new names, using accessor hooks to get at them from libkrb4. Move declarations from krb524.h into krb5.h, k5-int.h, or krb524d.h; the last doesn't get copied into the include directory. Changed inclusions of krb524.h to the appropriate files, if any were needed. Rebuilt dependencies in Makefiles. These changes are likely to break the Windows build; I'll look into that soon. ticket: 1491 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15491 dc483132-0cff-0310-8789-dd5450dbe970 --- src/ChangeLog | 8 + src/Makefile.in | 11 +- src/aclocal.m4 | 14 - src/appl/bsd/ChangeLog | 6 + src/appl/bsd/Makefile.in | 2 +- src/appl/bsd/configure.in | 3 +- src/appl/bsd/login.c | 7 - src/appl/gssftp/ChangeLog | 6 + src/appl/gssftp/configure.in | 13 - src/appl/gssftp/ftpd/Makefile.in | 3 +- src/appl/gssftp/ftpd/ftpd.c | 4 - src/clients/kinit/ChangeLog | 6 + src/clients/kinit/Makefile.in | 4 +- src/clients/kinit/kinit.c | 7 - src/config/ChangeLog | 5 + src/config/pre.in | 7 - src/include/ChangeLog | 19 ++ src/include/Makefile.in | 12 +- src/include/k5-int.h | 43 ++- src/include/krb5.hin | 7 + src/krb524/.Sanitize | 10 +- src/krb524/ChangeLog | 35 +++ src/krb524/Makefile.in | 146 ++-------- src/krb524/cnv_tkt_skey.c | 14 +- src/krb524/conv_creds.c | 136 --------- src/krb524/conv_princ.c | 1 - src/krb524/encode.c | 147 ---------- src/krb524/getcred.c | 74 ----- src/krb524/globals.c | 23 -- src/krb524/k524init.c | 3 - src/krb524/krb524.h | 130 --------- src/krb524/krb524d.c | 20 +- src/krb524/{misc.c => krb524d.h} | 52 +++- src/krb524/test.c | 5 +- src/lib/krb4/ChangeLog | 6 + src/lib/krb4/Makefile.in | 5 +- src/lib/krb4/lifetime.c | 109 +------- src/lib/krb5/error_tables/.Sanitize | 1 + src/lib/krb5/error_tables/ChangeLog | 9 + src/lib/krb5/error_tables/Makefile.in | 16 +- src/lib/krb5/error_tables/init_ets.c | 1 + .../krb5/error_tables}/krb524_err.et | 1 + src/lib/krb5/krb/.Sanitize | 2 + src/lib/krb5/krb/ChangeLog | 10 + src/lib/krb5/krb/Makefile.in | 17 ++ src/lib/krb5/krb/conv_creds.c | 260 ++++++++++++++++++ src/lib/krb5/krb/v4lifetime.c | 149 ++++++++++ src/lib/krb5/os/.Sanitize | 1 + src/lib/krb5/os/ChangeLog | 10 + src/lib/krb5/os/Makefile.in | 9 + src/lib/krb5/os/accessor.c | 15 +- .../sendmsg.c => lib/krb5/os/send524.c} | 29 +- src/util/ChangeLog | 4 + src/util/depfix.sed | 2 - 54 files changed, 758 insertions(+), 881 deletions(-) delete mode 100644 src/krb524/conv_creds.c delete mode 100644 src/krb524/encode.c delete mode 100644 src/krb524/getcred.c delete mode 100644 src/krb524/globals.c delete mode 100644 src/krb524/krb524.h rename src/krb524/{misc.c => krb524d.h} (58%) rename src/{krb524 => lib/krb5/error_tables}/krb524_err.et (95%) create mode 100644 src/lib/krb5/krb/conv_creds.c create mode 100644 src/lib/krb5/krb/v4lifetime.c rename src/{krb524/sendmsg.c => lib/krb5/os/send524.c} (83%) diff --git a/src/ChangeLog b/src/ChangeLog index 05a8b7839..bafbcea79 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,11 @@ +2003-05-24 Ken Raeburn + + * aclocal.m4 (WITH_KRB4): Don't set or substitute KRB524_DEPLIB, + KRB524_LIB, KRB524_H_DEP, or KRB524_ERR_H_DEP. + * Makefile.in (ETOUT): Update location of krb524_err files. + (krb524/krb524_err.h, krb524/krb524_err.c): Delete. + ($(INC)krb524_err.h, $(ET)krb524_err.c): New targets. + 2003-05-22 Tom Yu * aclocal.m4: Add -DKRB5_DEPRECATED=1 so stuff in tree builds. diff --git a/src/Makefile.in b/src/Makefile.in index d16104c6c..d8d12a3c6 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -359,11 +359,11 @@ GK = lib/gssapi/krb5/ PR = util/profile/ ETOUT = \ - krb524\krb524_err.h krb524\krb524_err.c \ $(INC)asn1_err.h $(ET)asn1_err.c \ $(INC)kdb5_err.h $(ET)kdb5_err.c \ $(INC)krb5_err.h $(ET)krb5_err.c \ $(INC)kv5m_err.h $(ET)kv5m_err.c \ + $(INC)krb524_err.h $(ET)krb524_err.c \ $(INC)/kerberosIV/kadm_err.h lib/krb4/kadm_err.c \ $(INC)/kerberosIV/krb_err.h lib/krb4/krb_err.c \ $(PR)prof_err.h $(PR)prof_err.c \ @@ -459,11 +459,6 @@ kerbsrc.mac.tar: awk-windows-mac macfile.list mac-bin-dirs Macfile rm -rf bin rm -f include/autoconf.h Makefile macsrc* macfile.maclist -krb524/krb524_err.h: $(AH) krb524/krb524_err.et - $(AWK) -f $(AH) outfile=$@ krb524/krb524_err.et -krb524/krb524_err.c: $(AC) krb524/krb524_err.et - $(AWK) -f $(AC) outfile=$@ krb524/krb524_err.et - $(INC)asn1_err.h: $(AH) $(ET)asn1_err.et $(AWK) -f $(AH) outfile=$@ $(ET)asn1_err.et $(INC)kdb5_err.h: $(AH) $(ET)kdb5_err.et @@ -472,6 +467,8 @@ $(INC)krb5_err.h: $(AH) $(ET)krb5_err.et $(AWK) -f $(AH) outfile=$@ $(ET)krb5_err.et $(INC)kv5m_err.h: $(AH) $(ET)kv5m_err.et $(AWK) -f $(AH) outfile=$@ $(ET)kv5m_err.et +$(INC)krb524_err.h: $(AH) $(ET)krb524_err.et + $(AWK) -f $(AH) outfile=$@ $(ET)krb524_err.et $(INC)/kerberosIV/kadm_err.h: $(AH) lib/krb4/kadm_err.et $(AWK) -f $(AH) outfile=$@ lib/krb4/kadm_err.et $(INC)/kerberosIV/krb_err.h: $(AH) lib/krb4/krb_err.et @@ -491,6 +488,8 @@ $(ET)krb5_err.c: $(AC) $(ET)krb5_err.et $(AWK) -f $(AC) outfile=$@ $(ET)krb5_err.et $(ET)kv5m_err.c: $(AC) $(ET)kv5m_err.et $(AWK) -f $(AC) outfile=$@ $(ET)kv5m_err.et +$(ET)krb524_err.c: $(AC) $(ET)krb524_err.et + $(AWK) -f $(AC) outfile=$@ $(ET)krb524_err.et lib/krb4/kadm_err.c: $(AC) lib/krb4/kadm_err.et $(AWK) -f $(AC) outfile=$@ lib/krb4/kadm_err.et lib/krb4/krb_err.c: $(AC) lib/krb4/krb_err.et diff --git a/src/aclocal.m4 b/src/aclocal.m4 index 8733a05a3..142deee47 100644 --- a/src/aclocal.m4 +++ b/src/aclocal.m4 @@ -393,11 +393,7 @@ if test $withval = no; then KRB4_DEPLIB= KRB4_INCLUDES= KRB4_LIBPATH= - KRB524_DEPLIB= - KRB524_LIB= KRB_ERR_H_DEP= - KRB524_H_DEP= - KRB524_ERR_H_DEP= krb5_cv_build_krb4_libs=no krb5_cv_krb4_libdir= else @@ -408,11 +404,7 @@ else KRB4_LIB=-lkrb4 KRB4_INCLUDES='-I$(SRCTOP)/include/kerberosIV -I$(BUILDTOP)/include/kerberosIV' KRB4_LIBPATH= - KRB524_DEPLIB='$(BUILDTOP)/krb524/libkrb524.a' - KRB524_LIB='$(BUILDTOP)/krb524/libkrb524.a' KRB_ERR_H_DEP='$(BUILDTOP)/include/kerberosIV/krb_err.h' - KRB524_H_DEP='$(BUILDTOP)/include/krb524.h' - KRB524_ERR_H_DEP='$(BUILDTOP)/include/krb524_err.h' krb5_cv_build_krb4_libs=yes krb5_cv_krb4_libdir= else @@ -422,8 +414,6 @@ dnl DEPKRB4_LIB="$withval/lib/libkrb.a" KRB4_INCLUDES="-I$withval/include" KRB4_LIBPATH="-L$withval/lib" KRB_ERR_H_DEP= - KRB524_H_DEP= - KRB524_ERR_H_DEP= krb5_cv_build_krb4_libs=no krb5_cv_krb4_libdir="$withval/lib" fi @@ -432,11 +422,7 @@ AC_SUBST(KRB4_INCLUDES) AC_SUBST(KRB4_LIBPATH) AC_SUBST(KRB4_LIB) AC_SUBST(KRB4_DEPLIB) -AC_SUBST(KRB524_DEPLIB) -AC_SUBST(KRB524_LIB) AC_SUBST(KRB_ERR_H_DEP) -AC_SUBST(KRB524_H_DEP) -AC_SUBST(KRB524_ERR_H_DEP) dnl We always compile the des425 library DES425_DEPLIB='$(TOPLIBD)/libdes425$(DEPLIBEXT)' DES425_LIB=-ldes425 diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog index 274d2bdfb..3a096e107 100644 --- a/src/appl/bsd/ChangeLog +++ b/src/appl/bsd/ChangeLog @@ -1,3 +1,9 @@ +2003-05-23 Ken Raeburn + + * configure.in: Don't use libkrb524.a any more. + * login.c: Don't include krb524.h. + (try_convert524): Don't call krb524_init_ets. + 2003-05-09 Tom Yu * krcp.c (main): Rename getlocalsubkey -> getsendsubkey. diff --git a/src/appl/bsd/Makefile.in b/src/appl/bsd/Makefile.in index 58289837f..1be6b0b37 100644 --- a/src/appl/bsd/Makefile.in +++ b/src/appl/bsd/Makefile.in @@ -143,7 +143,7 @@ $(OUTPRE)login.$(OBJEXT): login.c $(BUILDTOP)/include/libpty.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/kerberosIV/krb.h \ $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \ - $(KRB524_H_DEP) $(KRB524_ERR_H_DEP) loginpaths.h + loginpaths.h $(OUTPRE)krshd.$(OBJEXT): krshd.c $(BUILDTOP)/include/libpty.h \ $(SRCTOP)/include/syslog.h $(BUILDTOP)/include/krb5.h \ $(COM_ERR_DEPS) loginpaths.h $(SRCTOP)/include/kerberosIV/krb.h \ diff --git a/src/appl/bsd/configure.in b/src/appl/bsd/configure.in index 8f4a16bd6..7bfc68e3b 100644 --- a/src/appl/bsd/configure.in +++ b/src/appl/bsd/configure.in @@ -62,8 +62,7 @@ if test $withval = no; then V4RCP= V4RCPO= else - AC_MSG_RESULT(Adding in krb4 support) - LOGINLIBS="../../krb524/libkrb524.a $LOGINLIBS" + AC_MSG_RESULT(Adding in krb4 rcp support) V4RCP=v4rcp V4RCPO=v4rcp.o fi diff --git a/src/appl/bsd/login.c b/src/appl/bsd/login.c index 5b5603793..8259046d6 100644 --- a/src/appl/bsd/login.c +++ b/src/appl/bsd/login.c @@ -181,10 +181,6 @@ typedef sigtype (*handler)(); #include #endif /* BIND_HACK */ -#ifdef KRB4_CONVERT -#include -#endif - /* Hacks to maintain compatability with Athena libkrb*/ #ifndef HAVE_KRB_SAVE_CREDENTIALS #define krb_save_credentials save_credentials @@ -654,9 +650,6 @@ try_convert524(kctx, me, use_ccache) CREDENTIALS v4creds; - /* or do this directly with krb524_convert_creds_kdc */ - krb524_init_ets(kctx); - /* If we have forwarded v5 tickets, retrieve the credentials from * the cache; otherwise, the v5 credentials are in my_creds. */ diff --git a/src/appl/gssftp/ChangeLog b/src/appl/gssftp/ChangeLog index 9f184f73c..1a0f466f4 100644 --- a/src/appl/gssftp/ChangeLog +++ b/src/appl/gssftp/ChangeLog @@ -1,3 +1,9 @@ +2003-05-23 Ken Raeburn + + * configure.in: Don't use libkrb524.a any more. + * ftpd.c: Don't include krb524.h. + (main): Don't call krb524_init_ets. + 2003-01-10 Ken Raeburn * configure.in: Use V5_AC_OUTPUT_MAKEFILE instead of diff --git a/src/appl/gssftp/configure.in b/src/appl/gssftp/configure.in index 35ca40eb0..a1fb062d0 100644 --- a/src/appl/gssftp/configure.in +++ b/src/appl/gssftp/configure.in @@ -53,19 +53,6 @@ AC_MSG_RESULT($krb5_cv_shadow_pwd) if test $krb5_cv_shadow_pwd = yes; then AC_DEFINE(HAVE_SHADOW) fi -AC_ARG_WITH([krb4], -[ --without-krb4 don't include Kerberos V4 backwards compatibility - --with-krb4 use V4 libraries included with V5 (default) - --with-krb4=KRB4DIR use preinstalled V4 libraries], -, -withval=yes -)dnl -if test $withval = no; then - AC_MSG_RESULT(no krb4 support) -else - AC_MSG_RESULT(Adding in krb4 support) - FTPD_LIBS="../../../krb524/libkrb524.a" -fi case $krb5_cv_host in alpha*-dec-osf*) AC_CHECK_LIB(security,setluid, diff --git a/src/appl/gssftp/ftpd/Makefile.in b/src/appl/gssftp/ftpd/Makefile.in index 49206f880..9adaa613e 100644 --- a/src/appl/gssftp/ftpd/Makefile.in +++ b/src/appl/gssftp/ftpd/Makefile.in @@ -85,8 +85,7 @@ $(OUTPRE)ftpd.$(OBJEXT): ftpd.c $(srcdir)/../arpa/ftp.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/port-sockets.h \ $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/krb.h \ $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \ - $(BUILDTOP)/include/profile.h $(KRB524_H_DEP) $(KRB524_ERR_H_DEP) \ - $(SRCTOP)/include/socket-utils.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/profile.h $(BUILDTOP)/include/gssapi/gssapi.h \ $(BUILDTOP)/include/gssapi/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \ ftpd_var.h secure.h $(OUTPRE)ftpcmd.$(OBJEXT): ftpcmd.c $(srcdir)/../arpa/ftp.h \ diff --git a/src/appl/gssftp/ftpd/ftpd.c b/src/appl/gssftp/ftpd/ftpd.c index c6d3ee0d3..2a09bf3d0 100644 --- a/src/appl/gssftp/ftpd/ftpd.c +++ b/src/appl/gssftp/ftpd/ftpd.c @@ -130,7 +130,6 @@ extern int yyparse(void); #ifdef KRB5_KRB4_COMPAT #include #include -#include AUTH_DAT kdata; KTEXT_ST ticket; @@ -314,9 +313,6 @@ main(argc, argv, envp) #ifdef GSSAPI krb5_init_context(&kcontext); -#ifdef KRB5_KRB4_COMPAT - krb524_init_ets(kcontext); -#endif #endif while ((c = getopt(argc, argv, option_string)) != -1) { diff --git a/src/clients/kinit/ChangeLog b/src/clients/kinit/ChangeLog index 802ab3e01..3ade64c88 100644 --- a/src/clients/kinit/ChangeLog +++ b/src/clients/kinit/ChangeLog @@ -1,3 +1,9 @@ +2003-05-23 Ken Raeburn + + * Makefile.in (kinit): Don't use krb524 library. + * kinit.c: Don't include krb524.h. + (try_convert524): Don't call krb524_init_ets. + 2002-11-05 Tom Yu * kinit.c (k4_kinit): Remove trailing colon, as new implementation diff --git a/src/clients/kinit/Makefile.in b/src/clients/kinit/Makefile.in index d7d5b9547..1d2a6e436 100644 --- a/src/clients/kinit/Makefile.in +++ b/src/clients/kinit/Makefile.in @@ -13,8 +13,8 @@ all-unix:: kinit all-windows:: $(OUTPRE)kinit.exe all-mac:: -kinit: kinit.o $(KRB4COMPAT_DEPLIBS) $(KRB524_DEPLIB) - $(CC_LINK) -o $@ kinit.o $(KRB524_LIB) $(KRB4COMPAT_LIBS) +kinit: kinit.o $(KRB4COMPAT_DEPLIBS) + $(CC_LINK) -o $@ kinit.o $(KRB4COMPAT_LIBS) $(OUTPRE)kinit.exe: $(OUTPRE)kinit.obj $(BUILDTOP)\util\windows\$(OUTPRE)getopt.lib $(KLIB) $(CLIB) link $(EXE_LINKOPTS) -out:$@ $** advapi32.lib diff --git a/src/clients/kinit/kinit.c b/src/clients/kinit/kinit.c index 740b0302a..8db6acbd6 100644 --- a/src/clients/kinit/kinit.c +++ b/src/clients/kinit/kinit.c @@ -55,10 +55,6 @@ extern int getopt(); #endif /* HAVE_UNISTD_H */ #endif /* GETOPT_LONG */ -#ifdef HAVE_KRB524 -#include "krb524.h" -#endif - #ifndef _WIN32 #define GET_PROGNAME(x) (strrchr((x), '/') ? strrchr((x), '/')+1 : (x)) #else @@ -994,9 +990,6 @@ static int try_convert524(k5) initialized. */ - /* or do this directly with krb524_convert_creds_kdc */ - krb524_init_ets(k5->ctx); - if ((code = krb5_build_principal(k5->ctx, &kpcserver, krb5_princ_realm(k5->ctx, k5->me)->length, diff --git a/src/config/ChangeLog b/src/config/ChangeLog index 28192ddc3..93c3b376b 100644 --- a/src/config/ChangeLog +++ b/src/config/ChangeLog @@ -1,3 +1,8 @@ +2003-05-23 Ken Raeburn + + * pre.in (KRB524_H_DEP, KRB524_ERR_H_DEP, KRB524_LIB, + KRB524_DEPLIB): Deleted. + 2003-04-24 Ken Raeburn * post.in (configure): Try running autoconf with --include, and if diff --git a/src/config/pre.in b/src/config/pre.in index b3bdec715..f89a9da40 100644 --- a/src/config/pre.in +++ b/src/config/pre.in @@ -291,7 +291,6 @@ COM_ERR_DEPLIB-k5 = $(TOPLIBD)/libcom_err$(DEPLIBEXT) SS_DEPLIB = $(SS_DEPLIB-@SS_VERSION@) SS_DEPLIB-k5 = $(TOPLIBD)/libss.a SS_DEPLIB-sys = -KRB524_DEPLIB = @KRB524_DEPLIB@ PTY_DEPLIB = $(TOPLIBD)/libpty.a KRB5_BASE_DEPLIBS = $(KRB5_DEPLIB) $(CRYPTO_DEPLIB) $(COM_ERR_DEPLIB) @@ -325,8 +324,6 @@ DB_DEPS-redirect = $(BUILDTOP)/include/db.h # is compiled. KRB_ERR_H_DEP = @KRB_ERR_H_DEP@ -KRB524_H_DEP = @KRB524_H_DEP@ -KRB524_ERR_H_DEP= @KRB524_ERR_H_DEP@ # LIBS gets substituted in... e.g. -lnsl -lsocket @@ -353,10 +350,6 @@ KRB4_LIB = @KRB4_LIB@ # needs fixing if ever used on Mac OS X! DES425_LIB = @DES425_LIB@ -# KRB524_LIB is $(BUILDTOP)/krb524/libkrb524.a if building --with-krb4 -# needs fixing if ever used on Mac OS X! -KRB524_LIB = @KRB524_LIB@ - # HESIOD_LIBS is -lhesiod... HESIOD_LIBS = @HESIOD_LIBS@ diff --git a/src/include/ChangeLog b/src/include/ChangeLog index 2d88cf3ca..bf0ad76d7 100644 --- a/src/include/ChangeLog +++ b/src/include/ChangeLog @@ -1,3 +1,22 @@ +2003-05-23 Ken Raeburn + + * Makefile.in (krb5.h): Include krb524_err.h. + (krb524_err.h): Depend on rebuild-error-tables like krb5_err.h and + friends. Add a null command to cause make to recheck the + timestamp on the files possibly updated. + (clean-unix): Get rid of it. + * k5-int.h (KRb5INT_ACCESS_STRUCT_VERSION): Update to 7. + (struct ktext) [!defined(ANAME_SZ)]: Declare forward. + (krb5int_access): Delete krb5_locate_kdc, krb5_locate_server, + krb5_max_dgram_size and timeout fields. Add krb_life_to_time, + krb_time_to_life, and krb524_encode_v4tkt function pointer + fields. Reorder fields, and add comments. + (krb5int_krb_life_to_time, krb5int_krb_time_to_life, + krb5int_encode_v4tkt, krb5int_524_sendto_kdc): Declare. + * krb5.hin (KRB524_SERVICE, KRB524_PORT): New macros. + (struct credentials): Declare forward. + (krb524_convert_creds_kdc): Declare. + 2003-05-22 Tom Yu * k5-int.h: Add prototype for krb5int_auth_con_chkseqnum. diff --git a/src/include/Makefile.in b/src/include/Makefile.in index c3f873a05..3a882db0c 100644 --- a/src/include/Makefile.in +++ b/src/include/Makefile.in @@ -31,18 +31,19 @@ $(srcdir)/krb5/autoconf.stmp: $(srcdir)/configure.in cd $(srcdir) && ($(AUTOHEADER) --include=$(CONFIG_RELTOPDIR) $(AUTOHEADERFLAGS) || $(AUTOHEADER) --localdir=$(CONFIG_RELTOPDIR) $(AUTOHEADERFLAGS)) touch $(srcdir)/krb5/autoconf.stmp -krb5.h: krb5/autoconf.h $(srcdir)/krb5.hin krb5_err.h kdb5_err.h kv5m_err.h \ +krb5.h: krb5/autoconf.h $(srcdir)/krb5.hin krb5_err.h kdb5_err.h kv5m_err.h krb524_err.h \ asn1_err.h echo "/* This file is generated, please don't edit it directly. */" > krb5.h grep SIZEOF krb5/autoconf.h >> krb5.h - cat $(srcdir)/krb5.hin krb5_err.h kdb5_err.h kv5m_err.h \ + cat $(srcdir)/krb5.hin krb5_err.h kdb5_err.h kv5m_err.h krb524_err.h \ asn1_err.h >> krb5.h # # Build the error table include files: -# asn1_err.h kdb5_err.h krb5_err.h kv5m_err.h +# asn1_err.h kdb5_err.h krb5_err.h kv5m_err.h krb524_err.h -asn1_err.h kdb5_err.h krb5_err.h kv5m_err.h: rebuild-error-tables +asn1_err.h kdb5_err.h krb5_err.h kv5m_err.h krb524_err.h: rebuild-error-tables + : $@ rebuild-error-tables: (cd ../lib/krb5/error_tables && $(MAKE) includes) @@ -53,9 +54,10 @@ asn1_err.h: $(SRCTOP)/lib/krb5/error_tables/asn1_err.et kdb5_err.h: $(SRCTOP)/lib/krb5/error_tables/kdb5_err.et krb5_err.h: $(SRCTOP)/lib/krb5/error_tables/krb5_err.et kv5m_err.h: $(SRCTOP)/lib/krb5/error_tables/kv5m_err.et +krb524_err.h: $(SRCTOP)/lib/krb5/error_tables/krb524_err.et clean-unix:: - $(RM) krb5.h krb5_err.h kdb5_err.h kv5m_err.h \ + $(RM) krb5.h krb5_err.h kdb5_err.h kv5m_err.h krb524_err.h \ asn1_err.h clean-mac:: diff --git a/src/include/k5-int.h b/src/include/k5-int.h index ca6bbf69a..73f0dac33 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -1642,26 +1642,20 @@ krb5_error_code krb5int_setpw_result_code_string /* To keep happy libraries which are (for now) accessing internal stuff */ /* Make sure to increment by one when changing the struct */ -#define KRB5INT_ACCESS_STRUCT_VERSION 6 +#define KRB5INT_ACCESS_STRUCT_VERSION 7 +#ifndef ANAME_SZ +struct ktext; /* from krb.h, for krb524 support */ +#endif typedef struct _krb5int_access { - krb5_error_code (*krb5_locate_kdc) (krb5_context, const krb5_data *, - struct addrlist *, int, int, int); - krb5_error_code (*krb5_locate_server) (krb5_context, const krb5_data *, - struct addrlist *, int, - const char *, const char *, - int, int, int, int); - void (*free_addrlist) (struct addrlist *); - unsigned int krb5_max_skdc_timeout; - unsigned int krb5_skdc_timeout_shift; - unsigned int krb5_skdc_timeout_1; - unsigned int krb5_max_dgram_size; + /* crypto stuff */ const struct krb5_hash_provider *md5_hash_provider; const struct krb5_enc_provider *arcfour_enc_provider; krb5_error_code (* krb5_hmac) (const struct krb5_hash_provider *hash, const krb5_keyblock *key, unsigned int icount, const krb5_data *input, krb5_data *output); + /* service location and communication */ krb5_error_code (*sendto_udp) (krb5_context, const krb5_data *msg, const struct addrlist *, krb5_data *reply, struct sockaddr *, socklen_t *); @@ -1669,6 +1663,11 @@ typedef struct _krb5int_access { const char *hostname, int port, int secport, int socktype, int family); + void (*free_addrlist) (struct addrlist *); + /* krb4 compatibility stuff -- may be null if not enabled */ + krb5_int32 (*krb_life_to_time)(krb5_int32, int); + int (*krb_time_to_life)(krb5_int32, krb5_int32); + int (*krb524_encode_v4tkt)(struct ktext *, char *, unsigned int *); } krb5int_access; #define KRB5INT_ACCESS_VERSION \ @@ -1678,6 +1677,26 @@ typedef struct _krb5int_access { krb5_error_code KRB5_CALLCONV krb5int_accessor (krb5int_access*, krb5_int32); +/* Ick -- some krb524 and krb4 support placed in the krb5 library, + because AFS (and potentially other applications?) use the krb4 + object as an opaque token, which (in some implementations) is not + in fact a krb4 ticket, so we don't want to drag in the krb4 support + just to enable this. */ + +/* v4lifetime.c */ +extern krb5_int32 krb5int_krb_life_to_time(krb5_int32, int); +extern int krb5int_krb_time_to_life(krb5_int32, krb5_int32); + +/* conv_creds.c */ +int krb5int_encode_v4tkt + (struct ktext *v4tkt, char *buf, unsigned int *encoded_len); + +/* send524.c */ +int krb5int_524_sendto_kdc + (krb5_context context, const krb5_data * message, + const krb5_data * realm, krb5_data * reply, + struct sockaddr *, socklen_t *); + /* temporary -- this should be under lib/krb5/ccache somewhere */ struct _krb5_ccache { diff --git a/src/include/krb5.hin b/src/include/krb5.hin index 9c7123e77..86672e01d 100644 --- a/src/include/krb5.hin +++ b/src/include/krb5.hin @@ -1661,6 +1661,13 @@ krb5_error_code KRB5_CALLCONV krb5_524_conv_principal (krb5_context context, krb5_const_principal princ, char *name, char *inst, char *realm); +#define KRB524_SERVICE "krb524" +#define KRB524_PORT 4444 + +struct credentials; +int krb524_convert_creds_kdc + (krb5_context context, krb5_creds *v5creds, + struct credentials *v4creds); /* libkt.spec */ #if KRB5_PRIVATE diff --git a/src/krb524/.Sanitize b/src/krb524/.Sanitize index 7f018c3a7..52d0746f8 100644 --- a/src/krb524/.Sanitize +++ b/src/krb524/.Sanitize @@ -27,23 +27,15 @@ Things-to-keep: ChangeLog Makefile.in README -RELEASE_NOTES configure configure.in cnv_tkt_skey.c -conv_creds.c conv_princ.c conv_tkt.c -encode.c -getcred.c -globals.c k524init.c -krb524.h -krb524_err.et +krb524d.h krb524_prot krb524d.c -misc.c -sendmsg.c test.c Things-to-lose: diff --git a/src/krb524/ChangeLog b/src/krb524/ChangeLog index 80e6c891f..1e58058ef 100644 --- a/src/krb524/ChangeLog +++ b/src/krb524/ChangeLog @@ -1,3 +1,38 @@ +2003-05-24 Ken Raeburn + + * conv_creds.c, encode.c, globals.c, sendmsg.c: Deleted. Contents + added to krb5 library. + * getcred.c, misc.c: Deleted. + * krb524.h: Library declarations moved to krb5.hin and k5-int.h. + Remainder renamed to krb524d.h. + * krb524_err.et: Moved to lib/krb5/error_tables. + * cnv_tkt_skey.c: Include krb524d.h, not krb524.h. + (krb524d_debug): Define new variable. Replace all references to + krb524_debug. + * conv_princ.c: Don't include krb524.h. + * k524init.c: Don't include krb524.h. + (main): Don't call krb524_init_ets. + * krb524d.c: Include krb524d.h, not krb524.h. + (encode_v4tkt): New function pointer variable. + (main): Initialize it using krb5int_accessor. + * test.c: Don't include krb524.h. + (main): Don't set krb524_debug, and don't call krb524_init_ets. + * Makefile.in: Don't pull in library makefile fragments. + (LIB, LIBMAJOR, LIBMINOR, RELDIR): Deleted. + (KRB524_DEPLIB, KRB524_LIB, STOBJLISTS, STLIBOBJS): Deleted. + (GENS, KRB524_HDR, KRB524_ERR_HDR): Deleted. + (SRCS): Remove deleted/moved files. + (all-unix): Don't depend on $(GENS) on includes. + (includes, all-windows): Don't depend on headers. + ($(KRB524_HDR), $(KRB524_ERR_HDR)): Delete rules. + (all-windows): Comment out dependency on $(K524LIB) for now. + (CLIENT_OBJS, SERVER_OBJS): New variables. + (krb524test, krb524d, k524init): Don't use KRB524_*LIB, just + KRB5_*LIB. Use *_OBJS lists. + (install-unix, clean-unix, clean-windows): Don't install or clean + libs or headers. + (krb524_err.c): Target deleted. + 2003-04-01 Nalin Dahyabhai * krb524d.c (do_connection): Use krb5_princ_size rather than diff --git a/src/krb524/Makefile.in b/src/krb524/Makefile.in index 87218874d..d904c70cd 100644 --- a/src/krb524/Makefile.in +++ b/src/krb524/Makefile.in @@ -23,19 +23,9 @@ BUILDTOP=$(REL).. # PERFORMANCE OF THIS SOFTWARE. # -##WIN32##!if 0 -LIB=krb524 -##WIN32##!endif -LIBMAJOR=1 -LIBMINOR=0 -RELDIR=../krb524 -STOBJLISTS=OBJS.ST - DEFINES = -DUSE_MASTER -DKRB524_PRIVATE=1 PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH) PROG_RPATH=$(KRB5_LIBDIR) -KRB524_DEPLIB = libkrb524.a -KRB524_LIB = libkrb524.a ##WIN32##!ifdef USE_ALTERNATE_KRB4_INCLUDES ##WIN32##KRB4_INCLUDES=-I$(USE_ALTERNATE_KRB4_INCLUDES) @@ -55,14 +45,8 @@ LOCALINCLUDES= $(KRB4_INCLUDES) -I. -I$(srcdir) # Library sources SRCS = \ - $(srcdir)/conv_creds.c \ $(srcdir)/conv_princ.c \ $(srcdir)/cnv_tkt_skey.c \ - $(srcdir)/encode.c \ - $(srcdir)/misc.c \ - $(srcdir)/globals.c \ - $(srcdir)/sendmsg.c \ - $(srcdir)/krb524_err.et \ $(srcdir)/libinit.c EXTRADEPSRCS = \ @@ -70,17 +54,6 @@ EXTRADEPSRCS = \ $(srcdir)/k524init.c \ $(srcdir)/krb524d.c -STLIBOBJS = \ - $(OUTPRE)conv_creds.$(OBJEXT) \ - $(OUTPRE)conv_princ.$(OBJEXT) \ - $(OUTPRE)cnv_tkt_skey.$(OBJEXT) \ - $(OUTPRE)encode.$(OBJEXT) \ - $(OUTPRE)misc.$(OBJEXT) \ - $(OUTPRE)globals.$(OBJEXT) \ - $(OUTPRE)sendmsg.$(OBJEXT) \ - $(OUTPRE)krb524_err.$(OBJEXT) \ - $(OUTPRE)libinit.$(OBJEXT) - ##WIN32##!ifdef KRB524_STATIC_HACK ##WIN32##LPREFIX=..\lib ##WIN32##K5_GLUE=$(LPREFIX)\$(OUTPRE)k5_glue.obj @@ -93,55 +66,21 @@ STLIBOBJS = \ ##WIN32##K524DEP=$(STLIBOBJS) ##WIN32##!endif -GENS = krb524_err.c krb524_err.h - -KRB524_HDR=$(BUILDTOP)$(S)include$(S)krb524.h -KRB524_ERR_HDR=$(BUILDTOP)$(S)include$(S)krb524_err.h - -all-unix:: $(GENS) -all-unix:: all-libs -all-unix:: includes - all-unix:: krb524d krb524test k524init -includes:: $(KRB524_HDR) $(KRB524_ERR_HDR) - -$(KRB524_HDR): krb524.h -##WIN32## $(CP) $? "$@" -##WIN32##!if 0 -$(KRB524_HDR): krb524.h - if cmp $(srcdir)/krb524.h \ - $(BUILDTOP)/include/krb524.h >/dev/null 2>&1; then :; \ - else \ - (set -x; $(RM) $(BUILDTOP)/include/krb524.h; \ - $(CP) $(srcdir)/krb524.h \ - $(BUILDTOP)/include/krb524.h) ; \ - fi -##WIN32##!endif - -$(KRB524_ERR_HDR): krb524_err.h -##WIN32## $(CP) $? "$@" -##WIN32##!if 0 -$(KRB524_ERR_HDR): krb524_err.h - if cmp krb524_err.h \ - $(BUILDTOP)/include/krb524_err.h >/dev/null 2>&1; then :; \ - else \ - (set -x; $(RM) $(BUILDTOP)/include/krb524_err.h; \ - $(CP) krb524_err.h \ - $(BUILDTOP)/include/krb524_err.h) ; \ - fi -##WIN32##!endif +all-windows:: $(OUTPRE)k524init.exe # $(K524LIB) -all-windows:: $(KRB524_HDR) $(K524LIB) $(OUTPRE)k524init.exe +krb524test: test.o $(KRB5_DEPLIB) $(KRB4COMPAT_DEPLIBS) + $(CC_LINK) -o krb524test test.o $(KRB5_LIB) $(KRB4COMPAT_LIBS) -krb524test: libkrb524.a test.o $(KRB524_DEPLIB) $(KRB4COMPAT_DEPLIBS) - $(CC_LINK) -o krb524test test.o $(KRB524_LIB) $(KRB4COMPAT_LIBS) +SERVER_OBJS= krb524d.o cnv_tkt_skey.o conv_princ.o +CLIENT_OBJS= $(OUTPRE)k524init.$(OBJEXT) -krb524d: krb524d.o $(KADMSRV_DEPLIBS) $(KRB524_DEPLIB) $(KRB4COMPAT_DEPLIBS) - $(CC_LINK) -o krb524d krb524d.o $(KADMSRV_LIBS) $(KRB524_LIB) $(KRB4COMPAT_LIBS) +krb524d: $(SERVER_OBJS) $(KADMSRV_DEPLIBS) $(KRB5_DEPLIB) $(KRB4COMPAT_DEPLIBS) + $(CC_LINK) -o krb524d $(SERVER_OBJS) $(KADMSRV_LIBS) $(KRB5_LIB) $(KRB4COMPAT_LIBS) -k524init: k524init.o $(KRB524_DEPLIB) $(KRB4COMPAT_DEPLIBS) - $(CC_LINK) -o k524init k524init.o $(KRB524_LIB) $(KRB4COMPAT_LIBS) +k524init: $(CLIENT_OBJS) $(KRB5_DEPLIB) $(KRB4COMPAT_DEPLIBS) + $(CC_LINK) -o k524init $(CLIENT_OBJS) $(KRB5_LIB) $(KRB4COMPAT_LIBS) $(K524LIB): $(STLIBOBJS) $(K4LIB) $(KLIB) link $(DLL_LINKOPTS) -def:$(K524DEF) -out:$*.dll $** $(WINLIBS) @@ -149,81 +88,42 @@ $(K524LIB): $(STLIBOBJS) $(K4LIB) $(KLIB) $(OUTPRE)k524init.exe: $(OUTPRE)k524init.$(OBJEXT) $(K524DEP) $(KLIB) $(K4LIB) $(CLIB) $(BUILDTOP)\util\windows\$(OUTPRE)getopt.lib link $(EXE_LINKOPTS) -out:$@ $** $(WINLIBS) -install-unix:: install-libs +install-unix:: $(INSTALL_PROGRAM) krb524d $(DESTDIR)$(SERVER_BINDIR)/krb524d $(INSTALL_PROGRAM) k524init $(DESTDIR)$(CLIENT_BINDIR)/krb524init -clean-unix:: clean-libs clean-libobjs - $(RM) $(OBJS) $(GENS) core *~ *.bak #* +clean-unix:: + $(RM) $(OBJS) core *~ *.bak #* $(RM) krb524test krb524d k524init test.o krb524d.o k524init.o - $(RM) $(BUILDTOP)/include/krb524.h $(BUILDTOP)/include/krb524_err.h - -clean-windows:: - $(RM) $(GENS) - -krb524_err.c : krb524_err.et - -# @libobj_frag@ -# @lib_frag@ # +++ Dependency line eater +++ # # Makefile dependencies follow. This must be the last section in # the Makefile.in file # -conv_creds.so conv_creds.po $(OUTPRE)conv_creds.$(OBJEXT): conv_creds.c $(BUILDTOP)/include/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ - $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \ - $(BUILDTOP)/include/profile.h krb524.h $(KRB524_ERR_H_DEP) -conv_princ.so conv_princ.po $(OUTPRE)conv_princ.$(OBJEXT): conv_princ.c $(BUILDTOP)/include/krb5.h \ +$(OUTPRE)conv_princ.$(OBJEXT): conv_princ.c $(BUILDTOP)/include/krb5.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/krb.h \ $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \ - $(BUILDTOP)/include/profile.h krb524.h $(KRB524_ERR_H_DEP) \ - $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ - $(SRCTOP)/include/socket-utils.h -cnv_tkt_skey.so cnv_tkt_skey.po $(OUTPRE)cnv_tkt_skey.$(OBJEXT): cnv_tkt_skey.c $(SRCTOP)/include/k5-int.h \ + $(BUILDTOP)/include/profile.h +$(OUTPRE)cnv_tkt_skey.$(OBJEXT): cnv_tkt_skey.c $(SRCTOP)/include/k5-int.h \ $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \ $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/kerberosIV/krb.h \ $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \ - krb524.h $(KRB524_ERR_H_DEP) -encode.so encode.po $(OUTPRE)encode.$(OBJEXT): encode.c $(BUILDTOP)/include/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \ - $(BUILDTOP)/include/profile.h krb524.h $(KRB524_ERR_H_DEP) \ - $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ - $(SRCTOP)/include/socket-utils.h -misc.so misc.po $(OUTPRE)misc.$(OBJEXT): misc.c $(BUILDTOP)/include/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \ - $(BUILDTOP)/include/profile.h krb524.h $(KRB524_ERR_H_DEP) \ - $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ - $(SRCTOP)/include/socket-utils.h -globals.so globals.po $(OUTPRE)globals.$(OBJEXT): globals.c -sendmsg.so sendmsg.po $(OUTPRE)sendmsg.$(OBJEXT): sendmsg.c $(SRCTOP)/include/fake-addrinfo.h \ - $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ - $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/k5-int.h \ - $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5.h \ - $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/krb5/kdb.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - $(KRB_ERR_H_DEP) krb524.h $(KRB524_ERR_H_DEP) -libinit.so libinit.po $(OUTPRE)libinit.$(OBJEXT): libinit.c -test.so test.po $(OUTPRE)test.$(OBJEXT): test.c $(SRCTOP)/include/k5-int.h \ + krb524d.h +$(OUTPRE)libinit.$(OBJEXT): libinit.c +$(OUTPRE)test.$(OBJEXT): test.c $(SRCTOP)/include/k5-int.h \ $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \ $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(KRB_ERR_H_DEP) \ - krb524.h $(KRB524_ERR_H_DEP) -k524init.so k524init.po $(OUTPRE)k524init.$(OBJEXT): k524init.c $(BUILDTOP)/include/krb5.h \ + $(SRCTOP)/include/kerberosIV/krb.h $(KRB_ERR_H_DEP) +$(OUTPRE)k524init.$(OBJEXT): k524init.c $(BUILDTOP)/include/krb5.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/krb.h \ $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \ - $(BUILDTOP)/include/profile.h krb524.h $(KRB524_ERR_H_DEP) \ - $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ - $(SRCTOP)/include/socket-utils.h -krb524d.so krb524d.po $(OUTPRE)krb524d.$(OBJEXT): krb524d.c $(BUILDTOP)/include/krb5.h \ + $(BUILDTOP)/include/profile.h +$(OUTPRE)krb524d.$(OBJEXT): krb524d.c $(BUILDTOP)/include/krb5.h \ $(COM_ERR_DEPS) $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \ $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/xdr.h \ $(BUILDTOP)/include/gssrpc/auth.h $(BUILDTOP)/include/gssrpc/clnt.h \ @@ -236,5 +136,5 @@ krb524d.so krb524d.po $(OUTPRE)krb524d.$(OBJEXT): krb524d.c $(BUILDTOP)/include/ $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ $(SRCTOP)/include/krb5/adm_proto.h $(SRCTOP)/include/kerberosIV/krb.h \ $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \ - krb524.h $(KRB524_ERR_H_DEP) + krb524d.h diff --git a/src/krb524/cnv_tkt_skey.c b/src/krb524/cnv_tkt_skey.c index 3730ce43c..e8bdf7c96 100644 --- a/src/krb524/cnv_tkt_skey.c +++ b/src/krb524/cnv_tkt_skey.c @@ -31,7 +31,9 @@ #include #endif #include -#include "krb524.h" +#include "krb524d.h" + +static int krb524d_debug = 0; static int krb524int_krb_create_ticket(KTEXT, unsigned int, char *, char *, char *, long, @@ -104,7 +106,7 @@ int krb524_convert_tkt_skey(context, v5tkt, v4tkt, v5_skey, v4_skey, v5etkt->session->enctype != ENCTYPE_DES_CBC_MD4 && v5etkt->session->enctype != ENCTYPE_DES_CBC_MD5) || v5etkt->session->length != sizeof(C_Block)) { - if (krb524_debug) + if (krb524d_debug) fprintf(stderr, "v5 session keyblock type %d length %d != C_Block size %d\n", v5etkt->session->enctype, v5etkt->session->length, @@ -121,7 +123,7 @@ int krb524_convert_tkt_skey(context, v5tkt, v4tkt, v5_skey, v4_skey, give out a v4 ticket with as much of the v5 lifetime is available "now" instead. */ if ((ret = krb5_timeofday(context, &server_time))) { - if (krb524_debug) + if (krb524d_debug) fprintf(stderr, "krb5_timeofday failed!\n"); krb5_free_enc_tkt_part(context, v5etkt); v5tkt->enc_part2 = NULL; @@ -139,7 +141,7 @@ int krb524_convert_tkt_skey(context, v5tkt, v4tkt, v5_skey, v4_skey, if (v4endtime > v5etkt->times.endtime) server_time -= v4endtime - v5etkt->times.endtime; } else { - if (krb524_debug) + if (krb524d_debug) fprintf(stderr, "v5 ticket time out of bounds\n"); krb5_free_enc_tkt_part(context, v5etkt); v5tkt->enc_part2 = NULL; @@ -156,14 +158,14 @@ int krb524_convert_tkt_skey(context, v5tkt, v4tkt, v5_skey, v4_skey, kaddr.contents = (krb5_octet *)&sinp->sin_addr; if (!krb5_address_search(context, &kaddr, v5etkt->caddrs)) { - if (krb524_debug) + if (krb524d_debug) fprintf(stderr, "Invalid v5creds address information.\n"); krb5_free_enc_tkt_part(context, v5etkt); v5tkt->enc_part2 = NULL; return KRB524_BADADDR; } - if (krb524_debug) + if (krb524d_debug) printf("startime = %ld, authtime = %ld, lifetime = %ld\n", (long) v5etkt->times.starttime, (long) v5etkt->times.authtime, diff --git a/src/krb524/conv_creds.c b/src/krb524/conv_creds.c deleted file mode 100644 index ba8daaae4..000000000 --- a/src/krb524/conv_creds.c +++ /dev/null @@ -1,136 +0,0 @@ -/* - * Copyright 1994 by OpenVision Technologies, Inc. - * - * Permission to use, copy, modify, distribute, and sell this software - * and its documentation for any purpose is hereby granted without fee, - * provided that the above copyright notice appears in all copies and - * that both that copyright notice and this permission notice appear in - * supporting documentation, and that the name of OpenVision not be used - * in advertising or publicity pertaining to distribution of the software - * without specific, written prior permission. OpenVision makes no - * representations about the suitability of this software for any - * purpose. It is provided "as is" without express or implied warranty. - * - * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO - * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR - * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF - * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR - * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -#include "krb5.h" -#include -#include -#include -#include "port-sockets.h" -#include "socket-utils.h" -#include -#include "krb524.h" - -#ifdef USE_CCAPI -#include -#endif - -krb5_error_code krb524_convert_creds_plain -(krb5_context context, krb5_creds *v5creds, - CREDENTIALS *v4creds); - -krb5_error_code -krb524_convert_creds_kdc(context, v5creds, v4creds) - krb5_context context; - krb5_creds *v5creds; - CREDENTIALS *v4creds; -{ - krb5_error_code ret; - krb5_data reply; - char *p; - struct sockaddr_storage ss; - socklen_t slen = sizeof(ss); - - ret = krb524_convert_creds_plain(context, v5creds, v4creds); - if (ret) - return ret; - - reply.data = NULL; - ret = krb524_sendto_kdc(context, &v5creds->ticket, - &v5creds->server->realm, &reply, - ss2sa(&ss), &slen); - if (ret) - return ret; - -#if TARGET_OS_MAC -#ifdef USE_CCAPI - v4creds->stk_type = cc_v4_stk_des; -#endif - if (slen == sizeof(struct sockaddr_in) - && ss2sa(&ss)->sa_family == AF_INET) { - v4creds->address = ss2sin(&ss)->sin_addr.s_addr; - } - /* Otherwise, leave it set to all-zero. */ -#endif - - p = reply.data; - ret = ntohl(*((krb5_error_code *) p)); - p += sizeof(krb5_int32); - reply.length -= sizeof(krb5_int32); - if (ret) - goto fail; - - v4creds->kvno = ntohl(*((krb5_error_code *) p)); - p += sizeof(krb5_int32); - reply.length -= sizeof(krb5_int32); - ret = decode_v4tkt(&v4creds->ticket_st, p, &reply.length); - -fail: - if (reply.data) - free(reply.data); - reply.data = NULL; - return ret; -} - -krb5_error_code -krb524_convert_creds_plain(context, v5creds, v4creds) - krb5_context context; - krb5_creds *v5creds; - CREDENTIALS *v4creds; -{ - int ret; - krb5_timestamp endtime; - char dummy[REALM_SZ]; - memset((char *) v4creds, 0, sizeof(CREDENTIALS)); - - if ((ret = krb524_convert_princs(context, v5creds->client, - v5creds->server, - v4creds->pname, v4creds->pinst, - dummy, v4creds->service, - v4creds->instance, v4creds->realm))) - return ret; - - /* Check enctype too */ - if (v5creds->keyblock.length != sizeof(C_Block)) { - if (krb524_debug) - fprintf(stderr, "v5 session keyblock length %d != C_Block size %d\n", - v5creds->keyblock.length, - (int) sizeof(C_Block)); - return KRB524_BADKEY; - } else - memcpy(v4creds->session, (char *) v5creds->keyblock.contents, - sizeof(C_Block)); - - /* V4 has no concept of authtime or renew_till, so ignore them */ - v4creds->issue_date = v5creds->times.starttime; - v4creds->lifetime = krb_time_to_life(v5creds->times.starttime, - v5creds->times.endtime); - endtime = krb_life_to_time(v5creds->times.starttime, - v4creds->lifetime); - /* - * Adjust start time backwards to deal with rounding up in - * krb_time_to_life(), to match code on server side. - */ - if (endtime > v5creds->times.endtime) - v4creds->issue_date -= endtime - v5creds->times.endtime; - - return 0; -} diff --git a/src/krb524/conv_princ.c b/src/krb524/conv_princ.c index f52c0dd13..3359981ba 100644 --- a/src/krb524/conv_princ.c +++ b/src/krb524/conv_princ.c @@ -22,7 +22,6 @@ #include "krb5.h" #include -#include "krb524.h" int krb524_convert_princs(context, client, server, pname, pinst, prealm, sname, sinst, srealm) diff --git a/src/krb524/encode.c b/src/krb524/encode.c deleted file mode 100644 index 00698cfeb..000000000 --- a/src/krb524/encode.c +++ /dev/null @@ -1,147 +0,0 @@ -/* - * Copyright 1994 by OpenVision Technologies, Inc. - * - * Permission to use, copy, modify, distribute, and sell this software - * and its documentation for any purpose is hereby granted without fee, - * provided that the above copyright notice appears in all copies and - * that both that copyright notice and this permission notice appear in - * supporting documentation, and that the name of OpenVision not be used - * in advertising or publicity pertaining to distribution of the software - * without specific, written prior permission. OpenVision makes no - * representations about the suitability of this software for any - * purpose. It is provided "as is" without express or implied warranty. - * - * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO - * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR - * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF - * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR - * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -#include "krb5.h" -#include -#include -#include -#include - -#ifdef _WIN32 -#include "port-sockets.h" -#else -#include -#include -#include -#endif - -#include -#include "krb524.h" - -/* - * I'm sure that this is reinventing the wheel, but I don't know where - * the wheel is hidden. - */ - -int encode_v4tkt (KTEXT_ST *, char *, unsigned int *), - encode_ktext (char **, int *, KTEXT_ST *), - encode_bytes (char **, int *, char *, unsigned int), - encode_int32 (char **, int *, krb5_int32 *); - -int decode_v4tkt (KTEXT_ST *, char *, unsigned int *), - decode_ktext (char **, int *, KTEXT_ST *), - decode_bytes (char **, int *, char *, unsigned int), - decode_int32 (char **, int *, krb5_int32 *); - -int encode_bytes(out, outlen, in, len) - char **out; - int *outlen; - char *in; - unsigned int len; -{ - if (len > *outlen) - return KRB524_ENCFULL; - memcpy(*out, in, len); - *out += len; - *outlen -= len; - return 0; -} - -int encode_int32(out, outlen, v) - char **out; - int *outlen; - krb5_int32 *v; -{ - krb5_int32 nv; /* Must be 4 bytes */ - - nv = htonl(*v); - return encode_bytes(out, outlen, (char *) &nv, sizeof(nv)); -} - -int encode_v4tkt(v4tkt, buf, encoded_len) - KTEXT_ST *v4tkt; - char *buf; - unsigned int *encoded_len; -{ - int buflen, ret; - - buflen = *encoded_len; - - if ((ret = encode_int32(&buf, &buflen, &v4tkt->length))) - return ret; - if ((ret = encode_bytes(&buf, &buflen, (char *)v4tkt->dat, MAX_KTXT_LEN))) - return ret; - if ((ret = encode_int32(&buf, &buflen, (krb5_int32 *) &v4tkt->mbz))) - return ret; - - *encoded_len -= buflen; - return 0; -} - -/* decode functions */ - -int decode_bytes(out, outlen, in, len) - char **out; - int *outlen; - char *in; - unsigned int len; -{ - if (len > *outlen) - return KRB524_DECEMPTY; - memcpy(in, *out, len); - *out += len; - *outlen -= len; - return 0; -} - -int decode_int32(out, outlen, v) - char **out; - int *outlen; - krb5_int32 *v; -{ - int ret; - krb5_int32 nv; /* Must be four bytes */ - - if ((ret = decode_bytes(out, outlen, (char *) &nv, sizeof(nv)))) - return ret; - *v = ntohl(nv); - return 0; -} - -int decode_v4tkt(v4tkt, buf, encoded_len) - KTEXT_ST *v4tkt; - char *buf; - unsigned int *encoded_len; -{ - int buflen, ret; - - buflen = *encoded_len; - if ((ret = decode_int32(&buf, &buflen, &v4tkt->length))) - return ret; - if ((ret = decode_bytes(&buf, &buflen, (char *)v4tkt->dat, MAX_KTXT_LEN))) - return ret; - if ((ret = decode_int32(&buf, &buflen, (krb5_int32 *) &v4tkt->mbz))) - return ret; - *encoded_len -= buflen; - return 0; -} - diff --git a/src/krb524/getcred.c b/src/krb524/getcred.c deleted file mode 100644 index ecbb25f10..000000000 --- a/src/krb524/getcred.c +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright 1994 by OpenVision Technologies, Inc. - * - * Permission to use, copy, modify, distribute, and sell this software - * and its documentation for any purpose is hereby granted without fee, - * provided that the above copyright notice appears in all copies and - * that both that copyright notice and this permission notice appear in - * supporting documentation, and that the name of OpenVision not be used - * in advertising or publicity pertaining to distribution of the software - * without specific, written prior permission. OpenVision makes no - * representations about the suitability of this software for any - * purpose. It is provided "as is" without express or implied warranty. - * - * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO - * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR - * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF - * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR - * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -#include -#include "krb5.h" -#include - -main(argc, argv) - int argc; - char **argv; -{ - krb5_principal client, server; - krb5_ccache cc; - krb5_creds v5creds; - CREDENTIALS v4creds; - int i, ret; - krb5_context context; - krb5_error_code retval; - - retval = krb5_init_context(&context); - if (retval) { - com_err(argv[0], retval, "while initializing krb5"); - exit(1); - } - - if (ret = krb5_parse_name(argv[1], &client)) { - com_err("getcred", ret, "parsing client name"); - exit(1); - } - if (ret = krb5_parse_name(argv[2], &server)) { - com_err("getcred", ret, "parsing server name"); - exit(1); - } - if (ret = krb5_cc_default(context, &cc)) { - com_err("getcred", ret, "opening default credentials cache"); - exit(1); - } - - memset((char *) &v5creds, 0, sizeof(v5creds)); - v5creds.client = client; - v5creds.server = server; - v5creds.times.endtime = 0; - v5creds.keyblock.enctype = ENCTYPE_DES_CBC_MD5; - if (ret = krb5_get_credentials(context, 0, cc, &v5creds)) { - com_err("getcred", ret, "getting V5 credentials"); - exit(1); - } - - if (ret = krb524_convert_creds_kdc(context, &v5creds, &v4creds)) { - com_err("getcred", ret, "converting to V4 credentials"); - exit(1); - } - - return 0; -} diff --git a/src/krb524/globals.c b/src/krb524/globals.c deleted file mode 100644 index 0ed868242..000000000 --- a/src/krb524/globals.c +++ /dev/null @@ -1,23 +0,0 @@ -/* - * Copyright 1994 by OpenVision Technologies, Inc. - * - * Permission to use, copy, modify, distribute, and sell this software - * and its documentation for any purpose is hereby granted without fee, - * provided that the above copyright notice appears in all copies and - * that both that copyright notice and this permission notice appear in - * supporting documentation, and that the name of OpenVision not be used - * in advertising or publicity pertaining to distribution of the software - * without specific, written prior permission. OpenVision makes no - * representations about the suitability of this software for any - * purpose. It is provided "as is" without express or implied warranty. - * - * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO - * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR - * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF - * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR - * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -int krb524_debug = 0; diff --git a/src/krb524/k524init.c b/src/krb524/k524init.c index 746fbb938..c9255c6d5 100644 --- a/src/krb524/k524init.c +++ b/src/krb524/k524init.c @@ -37,7 +37,6 @@ #endif #include -#include "krb524.h" extern int optind; extern char *optarg; @@ -92,8 +91,6 @@ int main(argc, argv) exit(1); } - krb524_init_ets(context); - if ((code = krb5_cc_default(context, &cc))) { com_err(prog, code, "opening default credentials cache"); exit(1); diff --git a/src/krb524/krb524.h b/src/krb524/krb524.h deleted file mode 100644 index f44a6b4c9..000000000 --- a/src/krb524/krb524.h +++ /dev/null @@ -1,130 +0,0 @@ -/* - * Copyright 1994 by OpenVision Technologies, Inc. - * - * Permission to use, copy, modify, distribute, and sell this software - * and its documentation for any purpose is hereby granted without fee, - * provided that the above copyright notice appears in all copies and - * that both that copyright notice and this permission notice appear in - * supporting documentation, and that the name of OpenVision not be used - * in advertising or publicity pertaining to distribution of the software - * without specific, written prior permission. OpenVision makes no - * representations about the suitability of this software for any - * purpose. It is provided "as is" without express or implied warranty. - * - * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO - * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR - * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF - * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR - * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef KRB524_H -#define KRB524_H - -#define KRB524_SERVICE "krb524" -#define KRB524_PORT 4444 - -#if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__)) -# include -# ifndef KRB524_PRIVATE /* Allow e.g. build system to override */ -# define KRB524_PRIVATE 0 -# endif -#else -# ifndef KRB524_PRIVATE -# define KRB524_PRIVATE 1 -# endif -#endif - -#include - -#ifndef KRB524INT_BEGIN_DECLS -#ifdef __cplusplus -#define KRB524INT_BEGIN_DECLS extern "C" { -#define KRB524INT_END_DECLS } -#else -#define KRB524INT_BEGIN_DECLS -#define KRB524INT_END_DECLS -#endif -#endif - -#if TARGET_OS_MAC -# if defined(__MWERKS__) -# pragma import on -# endif -# pragma options align=mac68k -#endif - -KRB524INT_BEGIN_DECLS - -#if KRB524_PRIVATE -extern int krb524_debug; - -struct sockaddr; -struct sockaddr_in; - -int krb524_convert_tkt_skey - (krb5_context context, krb5_ticket *v5tkt, KTEXT_ST *v4tkt, - krb5_keyblock *v5_skey, krb5_keyblock *v4_skey, - struct sockaddr_in *saddr); - -/* conv_princ.c */ - -int krb524_convert_princs - (krb5_context context, krb5_principal client, krb5_principal server, - char *pname, char *pinst, char *prealm, - char *sname, char *sinst, char *srealm); - -/* conv_creds.c */ - -int krb524_convert_creds_addr - (krb5_context context, krb5_creds *v5creds, - CREDENTIALS *v4creds, struct sockaddr *saddr); -#endif /* KRB524_PRIVATE */ - -int krb524_convert_creds_kdc - (krb5_context context, krb5_creds *v5creds, - CREDENTIALS *v4creds); - -#if KRB524_PRIVATE -/* conv_tkt.c */ - -int krb524_convert_tkt - (krb5_principal server, krb5_data *v5tkt, KTEXT_ST *v4tkt, - int *kvno, struct sockaddr_in *saddr); - -/* encode.c */ - -int encode_v4tkt - (KTEXT_ST *v4tkt, char *buf, unsigned int *encoded_len); - -int decode_v4tkt - (KTEXT_ST *v4tkt, char *buf, unsigned int *encoded_len); - - -/* misc.c */ - -void krb524_init_ets - (krb5_context context); - -/* sendmsg.c */ - -#include "port-sockets.h" -#include "socket-utils.h" /* for socklen_t */ -int krb524_sendto_kdc - (krb5_context context, const krb5_data * message, - const krb5_data * realm, krb5_data * reply, - struct sockaddr *, socklen_t *); -#endif /* KRB524_PRIVATE */ - -#if TARGET_OS_MAC -# if defined(__MWERKS__) -# pragma import reset -# endif -# pragma options align=reset -#endif - -KRB524INT_END_DECLS - -#endif /* KRB524_H */ diff --git a/src/krb524/krb524d.c b/src/krb524/krb524d.c index 76025067e..a5d05c54e 100644 --- a/src/krb524/krb524d.c +++ b/src/krb524/krb524d.c @@ -60,7 +60,7 @@ #include #include -#include "krb524.h" +#include "krb524d.h" #if defined(NEED_DAEMON_PROTO) extern int daemon(int, int); @@ -111,6 +111,8 @@ static RETSIGTYPE request_exit(signo) signalled = 1; } +int (*encode_v4tkt)(KTEXT, char *, unsigned int *) = 0; + int main(argc, argv) int argc; char **argv; @@ -133,6 +135,22 @@ int main(argc, argv) exit(1); } + { + krb5int_access k5int; + retval = krb5int_accessor(&k5int, KRB5INT_ACCESS_VERSION); + if (retval != 0) { + com_err(whoami, retval, + "while accessing krb5 library internal support"); + exit(1); + } + encode_v4tkt = k5int.krb524_encode_v4tkt; + if (encode_v4tkt == NULL) { + com_err(whoami, 0, + "krb4 support disabled in krb5 support library"); + exit(1); + } + } + argv++; argc--; use_master = use_keytab = nofork = 0; config_params.mask = 0; diff --git a/src/krb524/misc.c b/src/krb524/krb524d.h similarity index 58% rename from src/krb524/misc.c rename to src/krb524/krb524d.h index 7e3f4e3bc..18c70042c 100644 --- a/src/krb524/misc.c +++ b/src/krb524/krb524d.h @@ -20,21 +20,43 @@ * PERFORMANCE OF THIS SOFTWARE. */ -#include -#include -#include - -#ifndef _WIN32 -#include -#include -#include +#ifndef KRB524INT_H +#define KRB524INT_H + +#include "port-sockets.h" +#include "kerberosIV/krb.h" + +#ifndef KRB524INT_BEGIN_DECLS +#ifdef __cplusplus +#define KRB524INT_BEGIN_DECLS extern "C" { +#define KRB524INT_END_DECLS } +#else +#define KRB524INT_BEGIN_DECLS +#define KRB524INT_END_DECLS +#endif +#endif + +KRB524INT_BEGIN_DECLS + +int krb524_convert_tkt_skey + (krb5_context context, krb5_ticket *v5tkt, KTEXT_ST *v4tkt, + krb5_keyblock *v5_skey, krb5_keyblock *v4_skey, + struct sockaddr_in *saddr); + +/* conv_princ.c */ + +int krb524_convert_princs + (krb5_context context, krb5_principal client, krb5_principal server, + char *pname, char *pinst, char *prealm, + char *sname, char *sinst, char *srealm); + +#if TARGET_OS_MAC +# if defined(__MWERKS__) +# pragma import reset +# endif +# pragma options align=reset #endif -#include -#include "krb524.h" +KRB524INT_END_DECLS -void krb524_init_ets(context) - krb5_context context; -{ - initialize_k524_error_table(); -} +#endif /* KRB524INT_H */ diff --git a/src/krb524/test.c b/src/krb524/test.c index 13189e8cf..d0cb92181 100644 --- a/src/krb524/test.c +++ b/src/krb524/test.c @@ -32,7 +32,6 @@ #include #include -#include "krb524.h" #include "com_err.h" #define KEYSIZE 8 @@ -223,7 +222,9 @@ int main(argc, argv) krb5_context context; krb5_error_code retval; +#if 0 krb524_debug = 1; +#endif retval = krb5_init_context(&context); if (retval) { @@ -231,8 +232,6 @@ int main(argc, argv) exit(1); } - krb524_init_ets(context); - local = 0; remote = NULL; argc--; argv++; diff --git a/src/lib/krb4/ChangeLog b/src/lib/krb4/ChangeLog index 68e48620e..010f96f64 100644 --- a/src/lib/krb4/ChangeLog +++ b/src/lib/krb4/ChangeLog @@ -1,3 +1,9 @@ +2003-05-24 Ken Raeburn + + * lifetime.c (krb_life_to_time, krb_time_to_life): Rewrite to use + support functions in the krb5 library via krb5int_accessor. Moved + old implementation into krb5 library. + 2003-05-12 Tom Yu * Makefile.in: Add setting of KRB_ERR on Windows. diff --git a/src/lib/krb4/Makefile.in b/src/lib/krb4/Makefile.in index 3cdecbcfe..33b15c00b 100644 --- a/src/lib/krb4/Makefile.in +++ b/src/lib/krb4/Makefile.in @@ -340,7 +340,10 @@ err_txt.so err_txt.po $(OUTPRE)err_txt.$(OBJEXT): err_txt.c $(SRCTOP)/include/ke $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h lifetime.so lifetime.po $(OUTPRE)lifetime.$(OBJEXT): lifetime.c $(SRCTOP)/include/kerberosIV/krb.h \ $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \ - $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/k5-int.h \ + $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \ + $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h g_in_tkt.so g_in_tkt.po $(OUTPRE)g_in_tkt.$(OBJEXT): g_in_tkt.c $(SRCTOP)/include/kerberosIV/krb.h \ $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h krb4int.h \ diff --git a/src/lib/krb4/lifetime.c b/src/lib/krb4/lifetime.c index b43ed4523..826e090df 100644 --- a/src/lib/krb4/lifetime.c +++ b/src/lib/krb4/lifetime.c @@ -1,5 +1,5 @@ /* - * Copyright 2000, 2001 by the Massachusetts Institute of Technology. + * Copyright 2000, 2001, 2003 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -24,72 +24,7 @@ */ #include "krb.h" - -/* - * Only lifetime bytes values less than 128 are on a linear scale. - * The following table contains an exponential scale that covers the - * lifetime values 128 to 191 inclusive (a total of 64 values). - * Values greater than 191 get interpreted the same as 191, but they - * will never be generated by the functions in this file. - * - * The ratio is approximately 1.069144898 (actually exactly - * exp(log(67.5)/63), where 67.5 = 2592000/38400, and 259200 = 30 - * days, and 38400 = 128*5 minutes. This allows a lifetime byte of - * 191 to correspond to a ticket life of exactly 30 days and a - * lifetime byte of 128 to correspond to exactly 128*5 minutes, with - * the other values spread on an exponential curve fit in between - * them. This table should correspond exactly to the set of extended - * ticket lifetime values used by AFS and CMU. - * - * The following awk script is sufficient to reproduce the table: - * BEGIN { - * r = exp(log(2592000/38400)/63); - * x = 38400; - * for (i=0;i<64;i++) { - * printf("%d\n",x+0.5); - * x *= r; - * } - * } - */ -#ifndef SHORT_LIFETIME -#define NLIFETIMES 64 -static const KRB4_32 lifetimes[NLIFETIMES] = { - 38400, 41055, /* 00:10:40:00, 00:11:24:15 */ - 43894, 46929, /* 00:12:11:34, 00:13:02:09 */ - 50174, 53643, /* 00:13:56:14, 00:14:54:03 */ - 57352, 61318, /* 00:15:55:52, 00:17:01:58 */ - 65558, 70091, /* 00:18:12:38, 00:19:28:11 */ - 74937, 80119, /* 00:20:48:57, 00:22:15:19 */ - 85658, 91581, /* 00:23:47:38, 01:01:26:21 */ - 97914, 104684, /* 01:03:11:54, 01:05:04:44 */ - 111922, 119661, /* 01:07:05:22, 01:09:14:21 */ - 127935, 136781, /* 01:11:32:15, 01:13:59:41 */ - 146239, 156350, /* 01:16:37:19, 01:19:25:50 */ - 167161, 178720, /* 01:22:26:01, 02:01:38:40 */ - 191077, 204289, /* 02:05:04:37, 02:08:44:49 */ - 218415, 233517, /* 02:12:40:15, 02:16:51:57 */ - 249664, 266926, /* 02:21:21:04, 03:02:08:46 */ - 285383, 305116, /* 03:07:16:23, 03:12:45:16 */ - 326213, 348769, /* 03:18:36:53, 04:00:52:49 */ - 372885, 398668, /* 04:07:34:45, 04:14:44:28 */ - 426234, 455705, /* 04:22:23:54, 05:06:35:05 */ - 487215, 520904, /* 05:15:20:15, 06:00:41:44 */ - 556921, 595430, /* 06:10:42:01, 06:21:23:50 */ - 636601, 680618, /* 07:08:50:01, 07:21:03:38 */ - 727680, 777995, /* 08:10:08:00, 09:00:06:35 */ - 831789, 889303, /* 09:15:03:09, 10:07:01:43 */ - 950794, 1016537, /* 11:00:06:34, 11:18:22:17 */ - 1086825, 1161973, /* 12:13:53:45, 13:10:46:13 */ - 1242318, 1328218, /* 14:09:05:18, 15:08:56:58 */ - 1420057, 1518247, /* 16:10:27:37, 17:13:44:07 */ - 1623226, 1735464, /* 18:18:53:46, 20:02:04:24 */ - 1855462, 1983758, /* 21:11:24:22, 22:23:02:38 */ - 2120925, 2267576, /* 24:13:08:45, 26:05:52:56 */ - 2424367, 2592000 /* 28:01:26:07, 30:00:00:00 */ -}; -#define MINFIXED 0x80 -#define MAXFIXED (MINFIXED + NLIFETIMES - 1) -#endif /* !SHORT_LIFETIME */ +#include "k5-int.h" /* * krb_life_to_time @@ -100,17 +35,12 @@ static const KRB4_32 lifetimes[NLIFETIMES] = { KRB4_32 KRB5_CALLCONV krb_life_to_time(KRB4_32 start, int life) { - if (life < 0 || life > 255) /* possibly sign botch in caller */ + krb5int_access k5internals; + + if (krb5int_accessor(&k5internals, KRB5INT_ACCESS_VERSION) + || k5internals.krb_life_to_time == NULL) return start; -#ifndef SHORT_LIFETIME - if (life < MINFIXED) - return start + life * 5 * 60; - if (life > MAXFIXED) - return start + lifetimes[NLIFETIMES - 1]; - return start + lifetimes[life - MINFIXED]; -#else /* SHORT_LIFETIME */ - return start + life * 5 * 60; -#endif /* SHORT_LIFETIME */ + return k5internals.krb_life_to_time(start, life); } /* @@ -123,27 +53,10 @@ krb_life_to_time(KRB4_32 start, int life) int KRB5_CALLCONV krb_time_to_life(KRB4_32 start, KRB4_32 end) { - KRB4_32 dt; -#ifndef SHORT_LIFETIME - int i; -#endif + krb5int_access k5internals; - dt = end - start; - if (dt <= 0) + if (krb5int_accessor(&k5internals, KRB5INT_ACCESS_VERSION) + || k5internals.krb_time_to_life == NULL) return 0; -#ifndef SHORT_LIFETIME - if (dt < lifetimes[0]) - return (dt + 5 * 60 - 1) / (5 * 60); - /* This depends on the array being ordered. */ - for (i = 0; i < NLIFETIMES; i++) { - if (lifetimes[i] >= dt) - return i + MINFIXED; - } - return MAXFIXED; -#else /* SHORT_LIFETIME */ - if (dt > 5 * 60 * 255) - return 255; - else - return (dt + 5 * 60 - 1) / (5 * 60); -#endif /* SHORT_LIFETIME */ + return k5internals.krb_time_to_life(start, end); } diff --git a/src/lib/krb5/error_tables/.Sanitize b/src/lib/krb5/error_tables/.Sanitize index b9521624e..ba18e42bf 100644 --- a/src/lib/krb5/error_tables/.Sanitize +++ b/src/lib/krb5/error_tables/.Sanitize @@ -34,6 +34,7 @@ configure.in init_ets.c kdb5_err.et krb5_err.et +krb524_err.et kv5m_err.et Things-to-lose: diff --git a/src/lib/krb5/error_tables/ChangeLog b/src/lib/krb5/error_tables/ChangeLog index 2de7f07d2..4c8c5bc7c 100644 --- a/src/lib/krb5/error_tables/ChangeLog +++ b/src/lib/krb5/error_tables/ChangeLog @@ -1,3 +1,12 @@ +2003-05-24 Ken Raeburn + + * krb524_err.et: New file, moved from ../../../krb524. Add new + error code KRB524_KRB4_DISABLED. + * Makefile.in (STLIBOBJS, HDRS, OBJS, ETSRCS, SRCS, awk-windows): + Add it. + ($(OUTPRE)krb524_err.$(OBJEXT)): List dependence on .c file. + * init_ets.c (krb5_init_ets): Call initialize_k524_error_table. + 2003-03-04 Ken Raeburn * krb5_err.et (KRB5_ERR_BAD_S2K_PARAMS): New error code. diff --git a/src/lib/krb5/error_tables/Makefile.in b/src/lib/krb5/error_tables/Makefile.in index ed3045fcc..1a975dbad 100644 --- a/src/lib/krb5/error_tables/Makefile.in +++ b/src/lib/krb5/error_tables/Makefile.in @@ -12,13 +12,14 @@ THDRDIR=$(BUILDTOP)$(S)include EHDRDIR=$(BUILDTOP)$(S)include$(S)krb5 STLIBOBJS= asn1_err.o kdb5_err.o krb5_err.o \ - kv5m_err.o init_ets.o + kv5m_err.o krb524_err.o init_ets.o -HDRS= asn1_err.h kdb5_err.h krb5_err.h kv5m_err.h +HDRS= asn1_err.h kdb5_err.h krb5_err.h kv5m_err.h krb524_err.h OBJS= $(OUTPRE)asn1_err.$(OBJEXT) $(OUTPRE)kdb5_err.$(OBJEXT) $(OUTPRE)krb5_err.$(OBJEXT) \ - $(OUTPRE)kv5m_err.$(OBJEXT) $(OUTPRE)init_ets.$(OBJEXT) -ETSRCS= asn1_err.c kdb5_err.c krb5_err.c kv5m_err.c -SRCS= asn1_err.c kdb5_err.c krb5_err.c kv5m_err.c \ + $(OUTPRE)kv5m_err.$(OBJEXT) $(OUTPRE)krb524_err.$(OBJEXT) \ + $(OUTPRE)init_ets.$(OBJEXT) +ETSRCS= asn1_err.c kdb5_err.c krb5_err.c kv5m_err.c krb524_err.c +SRCS= asn1_err.c kdb5_err.c krb5_err.c kv5m_err.c krb524_err.c \ $(srcdir)/init_ets.c ##DOS##LIBOBJS = $(OBJS) @@ -40,14 +41,17 @@ awk-windows: $(AWK) -f $(SRCTOP)/util/et/et_h.awk outfile=kdb5_err.h kdb5_err.et $(AWK) -f $(SRCTOP)/util/et/et_h.awk outfile=krb5_err.h krb5_err.et $(AWK) -f $(SRCTOP)/util/et/et_h.awk outfile=kv5m_err.h kv5m_err.et + $(AWK) -f $(SRCTOP)/util/et/et_h.awk outfile=krb524_err.h krb524_err.et $(AWK) -f $(SRCTOP)/util/et/et_c.awk outfile=asn1_err.c asn1_err.et $(AWK) -f $(SRCTOP)/util/et/et_c.awk outfile=kdb5_err.c kdb5_err.et $(AWK) -f $(SRCTOP)/util/et/et_c.awk outfile=krb5_err.c krb5_err.et $(AWK) -f $(SRCTOP)/util/et/et_c.awk outfile=kv5m_err.c kv5m_err.et + $(AWK) -f $(SRCTOP)/util/et/et_c.awk outfile=krb524_err.c krb524_err.et if exist asn1_err.h copy asn1_err.h "$(EHDRDIR)" if exist kdb5_err.h copy kdb5_err.h "$(EHDRDIR)" if exist krb5_err.h copy krb5_err.h "$(EHDRDIR)" if exist kv5m_err.h copy kv5m_err.h "$(EHDRDIR)" + if exist krb524_err.h copy krb524_err.h "$(EHDRDIR)" # # dependencies for traditional makes @@ -56,6 +60,7 @@ $(OUTPRE)asn1_err.$(OBJEXT): asn1_err.c $(OUTPRE)kdb5_err.$(OBJEXT): kdb5_err.c $(OUTPRE)krb5_err.$(OBJEXT): krb5_err.c $(OUTPRE)kv5m_err.$(OBJEXT): kv5m_err.c +$(OUTPRE)krb524_err.$(OBJEXT): krb524_err.c clean-unix:: clean-libobjs $(RM) $(HDRS) $(ETSRCS) @@ -71,6 +76,7 @@ asn1_err.so asn1_err.po $(OUTPRE)asn1_err.$(OBJEXT): asn1_err.c $(COM_ERR_DEPS) kdb5_err.so kdb5_err.po $(OUTPRE)kdb5_err.$(OBJEXT): kdb5_err.c $(COM_ERR_DEPS) krb5_err.so krb5_err.po $(OUTPRE)krb5_err.$(OBJEXT): krb5_err.c $(COM_ERR_DEPS) kv5m_err.so kv5m_err.po $(OUTPRE)kv5m_err.$(OBJEXT): kv5m_err.c $(COM_ERR_DEPS) +krb524_err.so krb524_err.po $(OUTPRE)krb524_err.$(OBJEXT): krb524_err.c $(COM_ERR_DEPS) init_ets.so init_ets.po $(OUTPRE)init_ets.$(OBJEXT): init_ets.c $(SRCTOP)/include/k5-int.h \ $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \ $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \ diff --git a/src/lib/krb5/error_tables/init_ets.c b/src/lib/krb5/error_tables/init_ets.c index 0ac810abe..a3bf5aac5 100644 --- a/src/lib/krb5/error_tables/init_ets.c +++ b/src/lib/krb5/error_tables/init_ets.c @@ -36,6 +36,7 @@ krb5_init_ets (krb5_context context) initialize_kv5m_error_table(); initialize_kdb5_error_table(); initialize_asn1_error_table(); + initialize_k524_error_table(); } void diff --git a/src/krb524/krb524_err.et b/src/lib/krb5/error_tables/krb524_err.et similarity index 95% rename from src/krb524/krb524_err.et rename to src/lib/krb5/error_tables/krb524_err.et index 471252e56..5a4a004c7 100644 --- a/src/krb524/krb524_err.et +++ b/src/lib/krb5/error_tables/krb524_err.et @@ -29,5 +29,6 @@ error_code KRB524_V4ERR, "Kerberos V4 error" error_code KRB524_ENCFULL, "Encoding too large" error_code KRB524_DECEMPTY, "Decoding out of data" error_code KRB524_NOTRESP, "Service not responding" +error_code KRB524_KRB4_DISABLED, "Kerberos version 4 support is disabled" end diff --git a/src/lib/krb5/krb/.Sanitize b/src/lib/krb5/krb/.Sanitize index 79bbf8259..a2ab3a0d0 100644 --- a/src/lib/krb5/krb/.Sanitize +++ b/src/lib/krb5/krb/.Sanitize @@ -37,6 +37,7 @@ chk_trans.c cleanup.h configure configure.in +conv_creds.c conv_princ.c copy_addrs.c copy_athctr.c @@ -104,6 +105,7 @@ t_ref_kerb.out t_ser.c tgtname.c unparse.c +v4lifetime.c valid_times.c walk_rtree.c diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index 65174d553..d8b1dbae3 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,13 @@ +2003-05-24 Ken Raeburn + + * conv_creds.c: New file, moved from krb524/conv_creds.c and + krb524/encode.c. Rename exported encode routine, make other + encode and decode routines static. If KRB5_KRB4_COMPAT is not + defined, return an error. + * v4lifetime.c: New file, moved from lib/krb4/lifetime.c. Renamed + functions, changed interface to use krb5 types. + * Makefile.in (STLIBOBJS, OBJS, SRCS): Add them. + 2003-05-23 Sam Hartman * get_in_tkt.c (krb5_get_init_creds): Initialize options based on diff --git a/src/lib/krb5/krb/Makefile.in b/src/lib/krb5/krb/Makefile.in index c3b5b5b0c..2f400867e 100644 --- a/src/lib/krb5/krb/Makefile.in +++ b/src/lib/krb5/krb/Makefile.in @@ -23,6 +23,7 @@ STLIBOBJS= \ bld_princ.o \ chk_trans.o \ chpw.o \ + conv_creds.o \ conv_princ.o \ copy_addrs.o \ copy_auth.o \ @@ -93,6 +94,7 @@ STLIBOBJS= \ str_conv.o \ tgtname.o \ unparse.o \ + v4lifetime.o \ valid_times.o \ vfy_increds.o \ vic_opt.o \ @@ -107,6 +109,7 @@ OBJS= $(OUTPRE)addr_comp.$(OBJEXT) \ $(OUTPRE)bld_princ.$(OBJEXT) \ $(OUTPRE)chk_trans.$(OBJEXT) \ $(OUTPRE)chpw.$(OBJEXT) \ + $(OUTPRE)conv_creds.$(OBJEXT) \ $(OUTPRE)conv_princ.$(OBJEXT) \ $(OUTPRE)copy_addrs.$(OBJEXT) \ $(OUTPRE)copy_auth.$(OBJEXT) \ @@ -177,6 +180,7 @@ OBJS= $(OUTPRE)addr_comp.$(OBJEXT) \ $(OUTPRE)str_conv.$(OBJEXT) \ $(OUTPRE)tgtname.$(OBJEXT) \ $(OUTPRE)unparse.$(OBJEXT) \ + $(OUTPRE)v4lifetime.$(OBJEXT) \ $(OUTPRE)valid_times.$(OBJEXT) \ $(OUTPRE)vfy_increds.$(OBJEXT) \ $(OUTPRE)vic_opt.$(OBJEXT) \ @@ -192,6 +196,7 @@ SRCS= $(srcdir)/addr_comp.c \ $(srcdir)/brand.c \ $(srcdir)/chk_trans.c \ $(srcdir)/chpw.c \ + $(srcdir)/conv_creds.c \ $(srcdir)/conv_princ.c \ $(srcdir)/copy_addrs.c \ $(srcdir)/copy_auth.c \ @@ -262,6 +267,7 @@ SRCS= $(srcdir)/addr_comp.c \ $(srcdir)/str_conv.c \ $(srcdir)/tgtname.c \ $(srcdir)/unparse.c \ + $(srcdir)/v4lifetime.c \ $(srcdir)/valid_times.c \ $(srcdir)/vfy_increds.c \ $(srcdir)/vic_opt.c \ @@ -406,6 +412,12 @@ chpw.so chpw.po $(OUTPRE)chpw.$(OBJEXT): chpw.c $(SRCTOP)/include/k5-int.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/krb5_err.h \ auth_con.h +conv_creds.so conv_creds.po $(OUTPRE)conv_creds.$(OBJEXT): conv_creds.c $(SRCTOP)/include/k5-int.h \ + $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \ + $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/kerberosIV/krb.h \ + $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) conv_princ.so conv_princ.po $(OUTPRE)conv_princ.$(OBJEXT): conv_princ.c $(SRCTOP)/include/k5-int.h \ $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \ $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \ @@ -752,6 +764,11 @@ unparse.so unparse.po $(OUTPRE)unparse.$(OBJEXT): unparse.c $(SRCTOP)/include/k5 $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ $(SRCTOP)/include/krb5/kdb.h +v4lifetime.so v4lifetime.po $(OUTPRE)v4lifetime.$(OBJEXT): v4lifetime.c $(SRCTOP)/include/k5-int.h \ + $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \ + $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(SRCTOP)/include/krb5/kdb.h valid_times.so valid_times.po $(OUTPRE)valid_times.$(OBJEXT): valid_times.c $(SRCTOP)/include/k5-int.h \ $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \ $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \ diff --git a/src/lib/krb5/krb/conv_creds.c b/src/lib/krb5/krb/conv_creds.c new file mode 100644 index 000000000..bf694c337 --- /dev/null +++ b/src/lib/krb5/krb/conv_creds.c @@ -0,0 +1,260 @@ +/* + * Copyright 1994 by OpenVision Technologies, Inc. + * + * Permission to use, copy, modify, distribute, and sell this software + * and its documentation for any purpose is hereby granted without fee, + * provided that the above copyright notice appears in all copies and + * that both that copyright notice and this permission notice appear in + * supporting documentation, and that the name of OpenVision not be used + * in advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. OpenVision makes no + * representations about the suitability of this software for any + * purpose. It is provided "as is" without express or implied warranty. + * + * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF + * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR + * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +#include "k5-int.h" +#include +#include +#include +#include "port-sockets.h" +#include "socket-utils.h" + +#ifdef KRB5_KRB4_COMPAT +#include "kerberosIV/krb.h" + +#ifdef USE_CCAPI +#include +#endif + +#define krb524_debug krb5int_krb524_debug +int krb524_debug = 0; + +static krb5_error_code krb524_convert_creds_plain +(krb5_context context, krb5_creds *v5creds, + CREDENTIALS *v4creds); + +static int decode_v4tkt + (struct ktext *v4tkt, char *buf, unsigned int *encoded_len); + +krb5_error_code +krb524_convert_creds_kdc(krb5_context context, krb5_creds *v5creds, + CREDENTIALS *v4creds) +{ + krb5_error_code ret; + krb5_data reply; + char *p; + struct sockaddr_storage ss; + socklen_t slen = sizeof(ss); + + ret = krb524_convert_creds_plain(context, v5creds, v4creds); + if (ret) + return ret; + + reply.data = NULL; + ret = krb5int_524_sendto_kdc(context, &v5creds->ticket, + &v5creds->server->realm, &reply, + ss2sa(&ss), &slen); + if (ret) + return ret; + +#if TARGET_OS_MAC +#ifdef USE_CCAPI + v4creds->stk_type = cc_v4_stk_des; +#endif + if (slen == sizeof(struct sockaddr_in) + && ss2sa(&ss)->sa_family == AF_INET) { + v4creds->address = ss2sin(&ss)->sin_addr.s_addr; + } + /* Otherwise, leave it set to all-zero. */ +#endif + + p = reply.data; + ret = ntohl(*((krb5_error_code *) p)); + p += sizeof(krb5_int32); + reply.length -= sizeof(krb5_int32); + if (ret) + goto fail; + + v4creds->kvno = ntohl(*((krb5_error_code *) p)); + p += sizeof(krb5_int32); + reply.length -= sizeof(krb5_int32); + ret = decode_v4tkt(&v4creds->ticket_st, p, &reply.length); + +fail: + if (reply.data) + free(reply.data); + reply.data = NULL; + return ret; +} + +static krb5_error_code +krb524_convert_creds_plain(context, v5creds, v4creds) + krb5_context context; + krb5_creds *v5creds; + CREDENTIALS *v4creds; +{ + int ret; + krb5_timestamp endtime; + char dummy[REALM_SZ]; + memset((char *) v4creds, 0, sizeof(CREDENTIALS)); + + if ((ret = krb5_524_conv_principal(context, v5creds->client, + v4creds->pname, v4creds->pinst, + dummy))) + return ret; + if ((ret = krb5_524_conv_principal(context, v5creds->server, + v4creds->service, v4creds->instance, + v4creds->realm))) + return ret; + + /* Check enctype too */ + if (v5creds->keyblock.length != sizeof(C_Block)) { + if (krb524_debug) + fprintf(stderr, "v5 session keyblock length %d != C_Block size %d\n", + v5creds->keyblock.length, + (int) sizeof(C_Block)); + return KRB524_BADKEY; + } else + memcpy(v4creds->session, (char *) v5creds->keyblock.contents, + sizeof(C_Block)); + + /* V4 has no concept of authtime or renew_till, so ignore them */ + v4creds->issue_date = v5creds->times.starttime; + v4creds->lifetime = krb5int_krb_time_to_life(v5creds->times.starttime, + v5creds->times.endtime); + endtime = krb5int_krb_life_to_time(v5creds->times.starttime, + v4creds->lifetime); + /* + * Adjust start time backwards to deal with rounding up in + * krb_time_to_life(), to match code on server side. + */ + if (endtime > v5creds->times.endtime) + v4creds->issue_date -= endtime - v5creds->times.endtime; + + return 0; +} + +/* this used to be krb524/encode.c, under same copyright as above */ +/* + * I'm sure that this is reinventing the wheel, but I don't know where + * the wheel is hidden. + */ + +int encode_v4tkt (KTEXT_ST *, char *, unsigned int *); +static int encode_bytes (char **, int *, char *, unsigned int), + encode_int32 (char **, int *, krb5_int32 *); + +static int decode_bytes (char **, int *, char *, unsigned int), + decode_int32 (char **, int *, krb5_int32 *); + +static int encode_bytes(out, outlen, in, len) + char **out; + int *outlen; + char *in; + unsigned int len; +{ + if (len > *outlen) + return KRB524_ENCFULL; + memcpy(*out, in, len); + *out += len; + *outlen -= len; + return 0; +} + +static int encode_int32(out, outlen, v) + char **out; + int *outlen; + krb5_int32 *v; +{ + krb5_int32 nv; /* Must be 4 bytes */ + + nv = htonl(*v); + return encode_bytes(out, outlen, (char *) &nv, sizeof(nv)); +} + +int krb5int_encode_v4tkt(v4tkt, buf, encoded_len) + KTEXT_ST *v4tkt; + char *buf; + unsigned int *encoded_len; +{ + int buflen, ret; + + buflen = *encoded_len; + + if ((ret = encode_int32(&buf, &buflen, &v4tkt->length))) + return ret; + if ((ret = encode_bytes(&buf, &buflen, (char *)v4tkt->dat, MAX_KTXT_LEN))) + return ret; + if ((ret = encode_int32(&buf, &buflen, (krb5_int32 *) &v4tkt->mbz))) + return ret; + + *encoded_len -= buflen; + return 0; +} + +/* decode functions */ + +static int decode_bytes(out, outlen, in, len) + char **out; + int *outlen; + char *in; + unsigned int len; +{ + if (len > *outlen) + return KRB524_DECEMPTY; + memcpy(in, *out, len); + *out += len; + *outlen -= len; + return 0; +} + +static int decode_int32(out, outlen, v) + char **out; + int *outlen; + krb5_int32 *v; +{ + int ret; + krb5_int32 nv; /* Must be four bytes */ + + if ((ret = decode_bytes(out, outlen, (char *) &nv, sizeof(nv)))) + return ret; + *v = ntohl(nv); + return 0; +} + +static int decode_v4tkt(v4tkt, buf, encoded_len) + KTEXT_ST *v4tkt; + char *buf; + unsigned int *encoded_len; +{ + int buflen, ret; + + buflen = *encoded_len; + if ((ret = decode_int32(&buf, &buflen, &v4tkt->length))) + return ret; + if ((ret = decode_bytes(&buf, &buflen, (char *)v4tkt->dat, MAX_KTXT_LEN))) + return ret; + if ((ret = decode_int32(&buf, &buflen, (krb5_int32 *) &v4tkt->mbz))) + return ret; + *encoded_len -= buflen; + return 0; +} + +#else /* no krb4 compat */ + +krb5_error_code +krb524_convert_creds_kdc(krb5_context context, krb5_creds *v5creds, + struct credentials *v4creds) +{ + return KRB524_KRB4_DISABLED; +} + +#endif diff --git a/src/lib/krb5/krb/v4lifetime.c b/src/lib/krb5/krb/v4lifetime.c new file mode 100644 index 000000000..94bf5f6ab --- /dev/null +++ b/src/lib/krb5/krb/v4lifetime.c @@ -0,0 +1,149 @@ +/* + * Copyright 2000, 2001, 2003 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + */ + +#include "k5-int.h" + +/* + * Only lifetime bytes values less than 128 are on a linear scale. + * The following table contains an exponential scale that covers the + * lifetime values 128 to 191 inclusive (a total of 64 values). + * Values greater than 191 get interpreted the same as 191, but they + * will never be generated by the functions in this file. + * + * The ratio is approximately 1.069144898 (actually exactly + * exp(log(67.5)/63), where 67.5 = 2592000/38400, and 259200 = 30 + * days, and 38400 = 128*5 minutes. This allows a lifetime byte of + * 191 to correspond to a ticket life of exactly 30 days and a + * lifetime byte of 128 to correspond to exactly 128*5 minutes, with + * the other values spread on an exponential curve fit in between + * them. This table should correspond exactly to the set of extended + * ticket lifetime values used by AFS and CMU. + * + * The following awk script is sufficient to reproduce the table: + * BEGIN { + * r = exp(log(2592000/38400)/63); + * x = 38400; + * for (i=0;i<64;i++) { + * printf("%d\n",x+0.5); + * x *= r; + * } + * } + */ +#ifndef SHORT_LIFETIME +#define NLIFETIMES 64 +static const krb5_int32 lifetimes[NLIFETIMES] = { + 38400, 41055, /* 00:10:40:00, 00:11:24:15 */ + 43894, 46929, /* 00:12:11:34, 00:13:02:09 */ + 50174, 53643, /* 00:13:56:14, 00:14:54:03 */ + 57352, 61318, /* 00:15:55:52, 00:17:01:58 */ + 65558, 70091, /* 00:18:12:38, 00:19:28:11 */ + 74937, 80119, /* 00:20:48:57, 00:22:15:19 */ + 85658, 91581, /* 00:23:47:38, 01:01:26:21 */ + 97914, 104684, /* 01:03:11:54, 01:05:04:44 */ + 111922, 119661, /* 01:07:05:22, 01:09:14:21 */ + 127935, 136781, /* 01:11:32:15, 01:13:59:41 */ + 146239, 156350, /* 01:16:37:19, 01:19:25:50 */ + 167161, 178720, /* 01:22:26:01, 02:01:38:40 */ + 191077, 204289, /* 02:05:04:37, 02:08:44:49 */ + 218415, 233517, /* 02:12:40:15, 02:16:51:57 */ + 249664, 266926, /* 02:21:21:04, 03:02:08:46 */ + 285383, 305116, /* 03:07:16:23, 03:12:45:16 */ + 326213, 348769, /* 03:18:36:53, 04:00:52:49 */ + 372885, 398668, /* 04:07:34:45, 04:14:44:28 */ + 426234, 455705, /* 04:22:23:54, 05:06:35:05 */ + 487215, 520904, /* 05:15:20:15, 06:00:41:44 */ + 556921, 595430, /* 06:10:42:01, 06:21:23:50 */ + 636601, 680618, /* 07:08:50:01, 07:21:03:38 */ + 727680, 777995, /* 08:10:08:00, 09:00:06:35 */ + 831789, 889303, /* 09:15:03:09, 10:07:01:43 */ + 950794, 1016537, /* 11:00:06:34, 11:18:22:17 */ + 1086825, 1161973, /* 12:13:53:45, 13:10:46:13 */ + 1242318, 1328218, /* 14:09:05:18, 15:08:56:58 */ + 1420057, 1518247, /* 16:10:27:37, 17:13:44:07 */ + 1623226, 1735464, /* 18:18:53:46, 20:02:04:24 */ + 1855462, 1983758, /* 21:11:24:22, 22:23:02:38 */ + 2120925, 2267576, /* 24:13:08:45, 26:05:52:56 */ + 2424367, 2592000 /* 28:01:26:07, 30:00:00:00 */ +}; +#define MINFIXED 0x80 +#define MAXFIXED (MINFIXED + NLIFETIMES - 1) +#endif /* !SHORT_LIFETIME */ + +/* + * krb_life_to_time + * + * Given a start date and a lifetime byte, compute the expiration + * date. + */ +krb5_int32 +krb5int_krb_life_to_time(krb5_int32 start, int life) +{ + if (life < 0 || life > 255) /* possibly sign botch in caller */ + return start; +#ifndef SHORT_LIFETIME + if (life < MINFIXED) + return start + life * 5 * 60; + if (life > MAXFIXED) + return start + lifetimes[NLIFETIMES - 1]; + return start + lifetimes[life - MINFIXED]; +#else /* SHORT_LIFETIME */ + return start + life * 5 * 60; +#endif /* SHORT_LIFETIME */ +} + +/* + * krb_time_to_life + * + * Given the start date and the end date, compute the lifetime byte. + * Round up, since we can adjust the start date backwards if we are + * issuing the ticket to cause it to expire at the correct time. + */ +int +krb5int_krb_time_to_life(krb5_int32 start, krb5_int32 end) +{ + krb5_int32 dt; +#ifndef SHORT_LIFETIME + int i; +#endif + + dt = end - start; + if (dt <= 0) + return 0; +#ifndef SHORT_LIFETIME + if (dt < lifetimes[0]) + return (dt + 5 * 60 - 1) / (5 * 60); + /* This depends on the array being ordered. */ + for (i = 0; i < NLIFETIMES; i++) { + if (lifetimes[i] >= dt) + return i + MINFIXED; + } + return MAXFIXED; +#else /* SHORT_LIFETIME */ + if (dt > 5 * 60 * 255) + return 255; + else + return (dt + 5 * 60 - 1) / (5 * 60); +#endif /* SHORT_LIFETIME */ +} diff --git a/src/lib/krb5/os/.Sanitize b/src/lib/krb5/os/.Sanitize index cf13ff1d4..e17c876b9 100644 --- a/src/lib/krb5/os/.Sanitize +++ b/src/lib/krb5/os/.Sanitize @@ -61,6 +61,7 @@ read_msg.c read_pwd.c realm_dom.c ref_std_conf.out +send524.c sendto_kdc.c sn2princ.c timeofday.c diff --git a/src/lib/krb5/os/ChangeLog b/src/lib/krb5/os/ChangeLog index be62ff39e..a99de43e1 100644 --- a/src/lib/krb5/os/ChangeLog +++ b/src/lib/krb5/os/ChangeLog @@ -1,4 +1,14 @@ +2003-05-24 Ken Raeburn + + * send524.c: New file, moved from krb524/sendmsg.c. Rename + function to have krb5int_ prefix. If KRB5_KRB4_COMPAT not + defined, return an error. + * accessor.c (krb5int_accessor): Update for deleted and added + fields. If KRB5_KRB4_COMPAT is not defined, just use null + pointers for the new fields. + 2003-05-06 Alexandra Ellwood + * init_os_ctx.c: Added support for KLL's __KLAllowHomeDirectoryAccess() function so that krb4, krb5 and gssapi will not access the user's homedir if the application forbids it. diff --git a/src/lib/krb5/os/Makefile.in b/src/lib/krb5/os/Makefile.in index 8e0f8a7d2..72024190f 100644 --- a/src/lib/krb5/os/Makefile.in +++ b/src/lib/krb5/os/Makefile.in @@ -46,6 +46,7 @@ STLIBOBJS= \ read_pwd.o \ realm_dom.o \ realm_iter.o \ + send524.o \ sendto_kdc.o \ sn2princ.o \ timeofday.o \ @@ -89,6 +90,7 @@ OBJS= \ $(OUTPRE)read_pwd.$(OBJEXT) \ $(OUTPRE)realm_dom.$(OBJEXT) \ $(OUTPRE)realm_iter.$(OBJEXT) \ + $(OUTPRE)send524.$(OBJEXT) \ $(OUTPRE)sendto_kdc.$(OBJEXT) \ $(OUTPRE)sn2princ.$(OBJEXT) \ $(OUTPRE)timeofday.$(OBJEXT) \ @@ -132,6 +134,7 @@ SRCS= \ $(srcdir)/realm_dom.c \ $(srcdir)/realm_iter.c \ $(srcdir)/port2ip.c \ + $(srcdir)/send524.c \ $(srcdir)/sendto_kdc.c \ $(srcdir)/sn2princ.c \ $(srcdir)/timeofday.c \ @@ -405,6 +408,12 @@ port2ip.so port2ip.po $(OUTPRE)port2ip.$(OBJEXT): port2ip.c $(SRCTOP)/include/k5 $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ $(SRCTOP)/include/krb5/kdb.h os-proto.h +send524.so send524.po $(OUTPRE)send524.$(OBJEXT): send524.c $(SRCTOP)/include/fake-addrinfo.h \ + $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/k5-int.h \ + $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/krb5/kdb.h \ + os-proto.h sendto_kdc.so sendto_kdc.po $(OUTPRE)sendto_kdc.$(OBJEXT): sendto_kdc.c $(SRCTOP)/include/fake-addrinfo.h \ $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/k5-int.h \ diff --git a/src/lib/krb5/os/accessor.c b/src/lib/krb5/os/accessor.c index 509d317fa..afdd023ca 100644 --- a/src/lib/krb5/os/accessor.c +++ b/src/lib/krb5/os/accessor.c @@ -35,18 +35,21 @@ krb5int_accessor(krb5int_access *internals, krb5_int32 version) if (version == KRB5INT_ACCESS_VERSION) { krb5int_access internals_temp; - internals_temp.krb5_locate_server = krb5int_locate_server; - internals_temp.krb5_locate_kdc = krb5_locate_kdc; internals_temp.free_addrlist = krb5int_free_addrlist; - internals_temp.krb5_max_skdc_timeout = krb5_max_skdc_timeout; - internals_temp.krb5_skdc_timeout_shift = krb5_skdc_timeout_shift; - internals_temp.krb5_skdc_timeout_1 = krb5_skdc_timeout_1; - internals_temp.krb5_max_dgram_size = krb5_max_dgram_size; internals_temp.krb5_hmac = krb5_hmac; internals_temp.md5_hash_provider = &krb5int_hash_md5; internals_temp.arcfour_enc_provider = &krb5int_enc_arcfour; internals_temp.sendto_udp = &krb5int_sendto; internals_temp.add_host_to_list = krb5int_add_host_to_list; +#ifdef KRB5_KRB4_COMPAT + internals_temp.krb_life_to_time = krb5int_krb_life_to_time; + internals_temp.krb_time_to_life = krb5int_krb_time_to_life; + internals_temp.krb524_encode_v4tkt = krb5int_encode_v4tkt; +#else + internals_temp.krb_life_to_time = 0; + internals_temp.krb_time_to_life = 0; + internals_temp.krb524_encode_v4tkt = 0; +#endif *internals = internals_temp; return 0; } diff --git a/src/krb524/sendmsg.c b/src/lib/krb5/os/send524.c similarity index 83% rename from src/krb524/sendmsg.c rename to src/lib/krb5/os/send524.c index 5cbd324ac..f12655552 100644 --- a/src/krb524/sendmsg.c +++ b/src/lib/krb5/os/send524.c @@ -39,8 +39,7 @@ #include #include -#include -#include "krb524.h" +#include "os-proto.h" /* * krb524_sendto_kdc: @@ -58,7 +57,7 @@ */ krb5_error_code -krb524_sendto_kdc (context, message, realm, reply, addr, addrlen) +krb5int_524_sendto_kdc (context, message, realm, reply, addr, addrlen) krb5_context context; const krb5_data * message; const krb5_data * realm; @@ -66,16 +65,13 @@ krb524_sendto_kdc (context, message, realm, reply, addr, addrlen) struct sockaddr *addr; socklen_t *addrlen; { +#ifdef KRB5_KRB4_COMPAT int i; struct addrlist al = ADDRLIST_INIT; struct servent *serv; krb5_error_code retval; - krb5int_access internals; int port; - retval = krb5int_accessor(&internals, KRB5INT_ACCESS_VERSION); - if (retval) - return retval; /* * find KDC location(s) for realm */ @@ -83,15 +79,14 @@ krb524_sendto_kdc (context, message, realm, reply, addr, addrlen) serv = getservbyname(KRB524_SERVICE, "udp"); port = serv ? serv->s_port : htons (KRB524_PORT); - retval = internals.krb5_locate_server(context, realm, &al, 0, - "krb524_server", "_krb524", - SOCK_DGRAM, port, - 0, PF_INET); + retval = krb5int_locate_server(context, realm, &al, 0, + "krb524_server", "_krb524", + SOCK_DGRAM, port, + 0, PF_INET); if (retval == KRB5_REALM_CANT_RESOLVE || retval == KRB5_REALM_UNKNOWN) { /* Fallback heuristic: Assume krb524 port on every KDC might work. */ - retval = internals.krb5_locate_kdc(context, realm, &al, 0, - SOCK_DGRAM, PF_INET); + retval = krb5_locate_kdc(context, realm, &al, 0, SOCK_DGRAM, PF_INET); /* * Bash the ports numbers. */ @@ -107,8 +102,10 @@ krb524_sendto_kdc (context, message, realm, reply, addr, addrlen) if (al.naddrs == 0) return KRB5_REALM_UNKNOWN; - retval = internals.sendto_udp (context, message, &al, reply, addr, - addrlen); - internals.free_addrlist (&al); + retval = krb5int_sendto (context, message, &al, reply, addr, addrlen); + krb5int_free_addrlist (&al); return retval; +#else + return KRB524_KRB4_DISABLED; +#endif } diff --git a/src/util/ChangeLog b/src/util/ChangeLog index 3113e1ae0..00f8fc5f6 100644 --- a/src/util/ChangeLog +++ b/src/util/ChangeLog @@ -1,3 +1,7 @@ +2003-05-23 Ken Raeburn + + * depfix.sed: Don't check for krb524 headers. + 2003-05-18 Ken Raeburn * depgen.sed: Put print command on separate lines from diff --git a/src/util/depfix.sed b/src/util/depfix.sed index 650dda627..22fa394e5 100644 --- a/src/util/depfix.sed +++ b/src/util/depfix.sed @@ -53,8 +53,6 @@ s;\$(BUILDTOP)/include/db.h \$(BUILDTOP)/include/db-config.h ;$(DB_DEPS) ;g # Some krb4 dependencies should only be present if building with krb4 enabled s;\$(BUILDTOP)/include/kerberosIV/krb_err.h ;$(KRB_ERR_H_DEP) ;g -s;\$(BUILDTOP)/include/krb524.h ;$(KRB524_H_DEP) ;g -s;\$(BUILDTOP)/include/krb524_err.h ;$(KRB524_ERR_H_DEP) ;g # now delete trailing whitespace s; *$;;g -- 2.26.2