From 758a58e7277682ae902aa1fd27e6a95d7e40b7fc Mon Sep 17 00:00:00 2001 From: Chris Provenzano Date: Mon, 27 Mar 1995 14:50:30 +0000 Subject: [PATCH] * kprop.c : Use new calling conventions for krb5_sendauth(), krb5_mk_safe(), krb5_rd_safe() and krb5_mk_priv(). * kpropd.c : Use new calling conventions for krb5_recvauth(), krb5_mk_safe(), krb5_rd_safe() and krb5_rd_priv(). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5266 dc483132-0cff-0310-8789-dd5450dbe970 --- src/slave/ChangeLog | 8 ++ src/slave/kprop.c | 93 ++++++++++------------ src/slave/kpropd.c | 190 +++++++++++++++++++++----------------------- 3 files changed, 140 insertions(+), 151 deletions(-) diff --git a/src/slave/ChangeLog b/src/slave/ChangeLog index fd1219d63..5b1285eaf 100644 --- a/src/slave/ChangeLog +++ b/src/slave/ChangeLog @@ -1,3 +1,11 @@ +Mon Mar 27 07:56:26 1995 Chris Provenzano (proven@mit.edu) + + * kprop.c : Use new calling conventions for krb5_sendauth(), + krb5_mk_safe(), krb5_rd_safe() and krb5_mk_priv(). + + * kpropd.c : Use new calling conventions for krb5_recvauth(), + krb5_mk_safe(), krb5_rd_safe() and krb5_rd_priv(). + Fri Mar 24 14:49:41 1995 * kpropd.c (PRS): Don't bother initializing server_addrs since diff --git a/src/slave/kprop.c b/src/slave/kprop.c index 5755a32bb..880fea6e6 100644 --- a/src/slave/kprop.c +++ b/src/slave/kprop.c @@ -61,8 +61,6 @@ krb5_principal my_principal; /* The Kerberos principal we'll be */ krb5_ccache ccache; /* Credentials cache which we'll be using */ /* krb5_creds my_creds; /* My credentials */ krb5_creds creds; -krb5_int32 my_seq_num; /* Sequence number to use for connection */ -krb5_int32 his_seq_num; /* Remote sequence number */ krb5_address sender_addr; krb5_address receiver_addr; @@ -75,13 +73,15 @@ static void usage krb5_error_code open_connection PROTOTYPE((char *, int *, char *)); void kerberos_authenticate - PROTOTYPE((krb5_context, int, krb5_principal, krb5_creds **)); + PROTOTYPE((krb5_context, krb5_auth_context **, + int, krb5_principal, krb5_creds **)); int open_database PROTOTYPE((krb5_context, char *, int *)); void close_database PROTOTYPE((krb5_context, int)); void xmit_database - PROTOTYPE((krb5_context, krb5_creds *, int, int, int)); + PROTOTYPE((krb5_context, krb5_auth_context *, krb5_creds *, + int, int, int)); void send_error PROTOTYPE((krb5_context, krb5_creds *, int, char *, krb5_error_code)); void update_last_prop_file @@ -102,10 +102,12 @@ main(argc, argv) int fd, database_fd, database_size; krb5_error_code retval; krb5_context context; - krb5_creds my_creds; + krb5_creds *my_creds; + krb5_auth_context * auth_context; char Errmsg[256]; PRS(context, argv); + krb5_init_context(&context); get_tickets(context); database_fd = open_database(context, file, &database_size); @@ -119,15 +121,13 @@ main(argc, argv) progname, Errmsg, slave_host); exit(1); } - kerberos_authenticate(context, fd, my_principal, &my_creds); - if (debug) { - printf("My sequence number: %d\n", my_seq_num); - printf("His sequence number: %d\n", his_seq_num); - } - xmit_database(context, & my_creds, fd, database_fd, database_size); + kerberos_authenticate(context, &auth_context, fd, my_principal, + &my_creds); + xmit_database(context, auth_context, my_creds, fd, database_fd, + database_size); update_last_prop_file(slave_host, file); printf("Database propagation to %s: SUCCEEDED\n", slave_host); - krb5_free_cred_contents(context, &my_creds); + krb5_free_cred_contents(context, my_creds); close_database(context, database_fd); exit(0); } @@ -356,8 +356,9 @@ open_connection(host, fd, Errmsg) } -void kerberos_authenticate(context, fd, me, new_creds) +void kerberos_authenticate(context, auth_context, fd, me, new_creds) krb5_context context; + krb5_auth_context **auth_context; int fd; krb5_principal me; krb5_creds ** new_creds; @@ -366,9 +367,15 @@ void kerberos_authenticate(context, fd, me, new_creds) krb5_error *error = NULL; krb5_ap_rep_enc_part *rep_result; - if (retval = krb5_sendauth(context, (void *)&fd, kprop_version, me, - creds.server, AP_OPTS_MUTUAL_REQUIRED, - NULL, &creds, NULL, &my_seq_num, NULL, + if (retval = krb5_auth_con_init(context, auth_context)) + exit(1); + + krb5_auth_con_setflags(context, *auth_context, + KRB5_AUTH_CONTEXT_DO_SEQUENCE); + + if (retval = krb5_sendauth(context, auth_context, (void *)&fd, + kprop_version, me, creds.server, + AP_OPTS_MUTUAL_REQUIRED, NULL, &creds, NULL, &error, &rep_result, new_creds)) { com_err(progname, retval, "while authenticating to server"); if (error) { @@ -390,7 +397,6 @@ void kerberos_authenticate(context, fd, me, new_creds) } exit(1); } - his_seq_num = rep_result->seq_number; krb5_free_ap_rep_enc_part(context, rep_result); } @@ -493,17 +499,17 @@ close_database(context, fd) * will abort the entire operation. */ void -xmit_database(context, my_creds, fd, database_fd, database_size) +xmit_database(context, auth_context, my_creds, fd, database_fd, database_size) krb5_context context; + krb5_auth_context * auth_context; krb5_creds *my_creds; int fd; int database_fd; int database_size; { - int send_size, sent_size, n, eblock_size; + int send_size, sent_size, n; krb5_data inbuf, outbuf; char buf[KPROP_BUFSIZ]; - char *i_vector; krb5_error_code retval; krb5_error *error; @@ -513,13 +519,9 @@ xmit_database(context, my_creds, fd, database_fd, database_size) send_size = htonl(database_size); inbuf.data = (char *) &send_size; inbuf.length = sizeof(send_size); /* must be 4, really */ - if (retval = krb5_mk_safe(context, &inbuf, KPROP_CKSUMTYPE, - &my_creds->keyblock, - &sender_addr, &receiver_addr, - my_seq_num++, - KRB5_PRIV_DOSEQUENCE|KRB5_SAFE_NOTIME, - 0, /* no rcache when NOTIME */ - &outbuf)) { + /* KPROP_CKSUMTYPE */ + if (retval = krb5_mk_safe(context, auth_context, &inbuf, + &outbuf, NULL)) { com_err(progname, retval, "while encoding database size"); send_error(context, my_creds, fd, "while encoding database size", retval); exit(1); @@ -530,18 +532,15 @@ xmit_database(context, my_creds, fd, database_fd, database_size) exit(1); } krb5_xfree(outbuf.data); - /* - * Initialize the initial vector. - */ - eblock_size = krb5_keytype_array[my_creds->keyblock.keytype]-> - system->block_length; - if (!(i_vector=malloc(eblock_size))) { - com_err(progname, ENOMEM, "while allocating i_vector"); - send_error(context, my_creds, fd, - "malloc failed while allocating i_vector", ENOMEM); - exit(1); - } - memset(i_vector, 0, eblock_size); + /* + * Initialize the initial vector. + */ + if (retval = krb5_auth_con_initivector(context, auth_context)) { + send_error(context, my_creds, fd, + "failed while initializing i_vector", retval); + com_err(progname, retval, "while allocating i_vector"); + exit(1); + } /* * Send over the file, block by block.... */ @@ -549,15 +548,8 @@ xmit_database(context, my_creds, fd, database_fd, database_size) sent_size = 0; while (n = read(database_fd, buf, sizeof(buf))) { inbuf.length = n; - if (retval = krb5_mk_priv(context, &inbuf, ETYPE_DES_CBC_CRC, - &my_creds->keyblock, - &sender_addr, - &receiver_addr, - my_seq_num++, - KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, - 0, /* again, no rcache */ - i_vector, - &outbuf)) { + if (retval = krb5_mk_priv(context, auth_context, &inbuf, + &outbuf, NULL)) { sprintf(buf, "while encoding database block starting at %d", sent_size); @@ -618,10 +610,7 @@ xmit_database(context, my_creds, fd, database_fd, database_size) krb5_free_error(context, error); exit(1); } - if (retval = krb5_rd_safe(context, &inbuf, &my_creds->keyblock, - &receiver_addr, &sender_addr, his_seq_num++, - KRB5_SAFE_DOSEQUENCE|KRB5_SAFE_NOTIME, - 0, &outbuf)) { + if (retval = krb5_rd_safe(context,auth_context,&inbuf,&outbuf,NULL)) { com_err(progname, retval, "while decoding final size packet from server"); exit(1); diff --git a/src/slave/kpropd.c b/src/slave/kpropd.c index b28238aff..d0872df29 100644 --- a/src/slave/kpropd.c +++ b/src/slave/kpropd.c @@ -67,9 +67,8 @@ int standalone; krb5_principal server; /* This is our server principal name */ krb5_principal client; /* This is who we're talking to */ -krb5_keyblock *session_key; /* Here is the session key */ -krb5_pointer kerb_keytab = 0; /* Use default */ krb5_context kpropd_context; +krb5_auth_context * auth_context; char *realm = NULL; /* Our realm */ char *file = KPROPD_DEFAULT_FILE; char *temp_file_name; @@ -77,8 +76,6 @@ char *kdb5_edit = KPROPD_DEFAULT_KDB5_EDIT; char *kerb_database = KPROPD_DEFAULT_KRB_DB; int database_fd; -krb5_int32 my_seq_num; /* Sequence number */ -krb5_int32 his_seq_num; /* The remote's sequence number */ krb5_address sender_addr; krb5_address receiver_addr; @@ -250,10 +247,6 @@ void doit(fd) free(name); exit(1); } - if (debug) { - printf("My sequence number: %d\n", my_seq_num); - printf("His sequence number: %d\n", his_seq_num); - } omask = umask(077); lock_fp = fopen(temp_file_name, "a"); (void) umask(omask); @@ -437,73 +430,90 @@ void PRS(argv) */ void kerberos_authenticate(context, fd, clientp, sin) - krb5_context context; - int fd; - krb5_principal *clientp; - struct sockaddr_in sin; + krb5_context context; + int fd; + krb5_principal * clientp; + struct sockaddr_in sin; { - krb5_error_code retval; - krb5_ticket *ticket; - krb5_authenticator *authent; - struct sockaddr_in r_sin; - int sin_length; + krb5_error_code retval; + krb5_ticket * ticket; + struct sockaddr_in r_sin; + int sin_length; + + /* + * Set recv_addr and send_addr + */ + sender_addr.addrtype = ADDRTYPE_INET; + sender_addr.length = sizeof(sin.sin_addr); + sender_addr.contents = (krb5_octet *) malloc(sizeof(sin.sin_addr)); + memcpy((char *) sender_addr.contents, (char *) &sin.sin_addr, + sizeof(sin.sin_addr)); + + sin_length = sizeof(r_sin); + if (getsockname(fd, (struct sockaddr *) &r_sin, &sin_length)) { + com_err(progname, errno, "while getting local socket address"); + exit(1); + } - /* - * Set recv_addr and send_addr - */ - sender_addr.addrtype = ADDRTYPE_INET; - sender_addr.length = sizeof(sin.sin_addr); - sender_addr.contents = (krb5_octet *) malloc(sizeof(sin.sin_addr)); - memcpy((char *) sender_addr.contents, (char *) &sin.sin_addr, - sizeof(sin.sin_addr)); - - sin_length = sizeof(r_sin); - if (getsockname(fd, (struct sockaddr *) &r_sin, &sin_length)) { - com_err(progname, errno, "while getting local socket address"); - exit(1); + receiver_addr.addrtype = ADDRTYPE_INET; + receiver_addr.length = sizeof(r_sin.sin_addr); + receiver_addr.contents = (krb5_octet *) malloc(sizeof(r_sin.sin_addr)); + memcpy((char *) receiver_addr.contents, (char *) &r_sin.sin_addr, + sizeof(r_sin.sin_addr)); + + if (debug) { + char *name; + if (retval = krb5_unparse_name(context, server, &name)) { + com_err(progname, retval, "While unparsing client name"); + exit(1); } + printf("krb5_recvauth(%d, %s, %s, ...)\n", fd, kprop_version, name); + free(name); + } - receiver_addr.addrtype = ADDRTYPE_INET; - receiver_addr.length = sizeof(r_sin.sin_addr); - receiver_addr.contents = (krb5_octet *) malloc(sizeof(r_sin.sin_addr)); - memcpy((char *) receiver_addr.contents, (char *) &r_sin.sin_addr, - sizeof(r_sin.sin_addr)); + if (retval = krb5_auth_con_init(context, &auth_context)) { + syslog(LOG_ERR, "Error in krb5_auth_con_ini: %s",error_message(retval)); + exit(1); + } - if (debug) { - char *name; - if (retval = krb5_unparse_name(context, server, &name)) { - com_err(progname, retval, - "While unparsing client name"); - exit(1); - } - printf("krb5_recvauth(%d, %s, %s, ...)\n", fd, - kprop_version, name); - free(name); - } + if (retval = krb5_auth_con_setflags(context, auth_context, + KRB5_AUTH_CONTEXT_DO_SEQUENCE)) { + syslog(LOG_ERR, "Error in krb5_auth_con_setflags: %s", + error_message(retval)); + exit(1); + } - if (retval = krb5_recvauth(context, (void *) &fd, kprop_version, server, - &sender_addr, kerb_keytab, NULL, NULL, - "dfl", 0, &my_seq_num, clientp, &ticket, - &authent)) { - syslog(LOG_ERR, "Error in krb5_recvauth: %s", - error_message(retval)); - exit(1); - } - if (debug) { - char *name; + if (retval = krb5_auth_con_setaddrs(context, auth_context, &receiver_addr, + &sender_addr)) { + syslog(LOG_ERR, "Error in krb5_auth_con_setaddrs: %s", + error_message(retval)); + exit(1); + } - if (retval = krb5_unparse_name(context, *clientp, &name)) { - com_err(progname, retval, - "While unparsing client name"); - exit(1); - } - printf("authenticated client: %s\n", name); - free(name); + if (retval = krb5_recvauth(context, &auth_context, (void *) &fd, + kprop_version, server, "dfl", 0, NULL, &ticket)){ + syslog(LOG_ERR, "Error in krb5_recvauth: %s", error_message(retval)); + exit(1); + } + + if (retval = krb5_copy_principal(context, + ticket->enc_part2->client, clientp)) { + syslog(LOG_ERR, "Error in krb5_copy_prinicpal: %s", + error_message(retval)); + exit(1); + } + + if (debug) { + char * name; + + if (retval = krb5_unparse_name(context, *clientp, &name)) { + com_err(progname, retval, "While unparsing client name"); + exit(1); } - his_seq_num = authent->seq_number; - krb5_copy_keyblock(context, ticket->enc_part2->session, &session_key); - krb5_free_ticket(context, ticket); - krb5_free_authenticator(context, authent); + printf("authenticated client: %s\n", name); + free(name); + } + krb5_free_ticket(context, ticket); } krb5_boolean @@ -551,10 +561,8 @@ recv_database(context, fd, database_fd) int database_size; int received_size, n; char buf[1024]; - char *i_vector; krb5_data inbuf, outbuf; krb5_error_code retval; - int eblock_size; /* * Receive and decode size from client @@ -567,10 +575,7 @@ recv_database(context, fd, database_fd) } if (krb5_is_krb_error(&inbuf)) recv_error(context, &inbuf); - if (retval = krb5_rd_safe(context, &inbuf, session_key, &sender_addr, - &receiver_addr, his_seq_num++, - KRB5_SAFE_DOSEQUENCE|KRB5_SAFE_NOTIME, - 0, &outbuf)) { + if (retval = krb5_rd_safe(context,auth_context,&inbuf,&outbuf,NULL)) { send_error(context, fd, retval, "while decoding database size"); krb5_xfree(inbuf.data); com_err(progname, retval, @@ -581,18 +586,16 @@ recv_database(context, fd, database_fd) krb5_xfree(inbuf.data); krb5_xfree(outbuf.data); database_size = ntohl(database_size); - /* - * Initialize the initial vector. - */ - eblock_size = krb5_keytype_array[session_key->keytype]-> - system->block_length; - if (!(i_vector=malloc(eblock_size))) { - com_err(progname, ENOMEM, "while allocating i_vector"); - send_error(context, fd, ENOMEM, - "malloc failed while allocating i_vector"); - exit(1); - } - memset(i_vector, 0, eblock_size); + + /* + * Initialize the initial vector. + */ + if (retval = krb5_auth_con_initivector(context, auth_context)) { + send_error(context, fd, retval, "failed while initializing i_vector"); + com_err(progname, retval, "while initializing i_vector"); + exit(1); + } + /* * Now start receiving the database from the net */ @@ -608,11 +611,8 @@ recv_database(context, fd, database_fd) } if (krb5_is_krb_error(&inbuf)) recv_error(context, &inbuf); - if (retval = krb5_rd_priv(context, &inbuf, session_key, - &sender_addr, &receiver_addr, - his_seq_num++, - KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, - i_vector, 0, &outbuf)) { + if (retval = krb5_rd_priv(context, auth_context, &inbuf, + &outbuf, NULL)) { sprintf(buf, "while decoding database block starting at offset %d", received_size); @@ -652,15 +652,7 @@ recv_database(context, fd, database_fd) database_size = htonl(database_size); inbuf.data = (char *) &database_size; inbuf.length = sizeof(database_size); - if (retval = krb5_mk_safe(context, &inbuf, KPROP_CKSUMTYPE, - session_key, - /* Note these are reversed because */ - /* we are sending, not receiving! */ - &receiver_addr, &sender_addr, - my_seq_num++, - KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, - 0, /* no rcache when NOTIME */ - &outbuf)) { + if (retval = krb5_mk_safe(context,auth_context,&inbuf,&outbuf,NULL)) { com_err(progname, retval, "while encoding # of receieved bytes"); send_error(context, fd, retval, -- 2.26.2