From a47d0f998c4189ee968431eab81fe317baadc0cc Mon Sep 17 00:00:00 2001 From: Paul Park Date: Mon, 21 Aug 1995 21:21:46 +0000 Subject: [PATCH] Use libkadm string handling routines git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6563 dc483132-0cff-0310-8789-dd5450dbe970 --- src/clients/klist/ChangeLog | 8 ++ src/clients/klist/configure.in | 1 + src/clients/klist/klist.c | 81 ++++++++++------ src/clients/ksu/ChangeLog | 10 ++ src/clients/ksu/ccache.c | 83 ++++++++-------- src/clients/ksu/configure.in | 1 + src/clients/ksu/krb_auth_su.c | 147 +++++++---------------------- src/clients/ksu/ksu.h | 4 +- src/clients/ksu/main.c | 60 ++++++------ src/kadmin.old/server/ChangeLog | 7 ++ src/kadmin.old/server/adm_extern.h | 1 + src/kadmin.old/server/adm_server.c | 85 +++++++++-------- src/kdc/ChangeLog | 6 ++ src/kdc/krb5kdc.M | 4 +- src/kdc/main.c | 6 +- 15 files changed, 247 insertions(+), 257 deletions(-) diff --git a/src/clients/klist/ChangeLog b/src/clients/klist/ChangeLog index 44aa34019..6c6b535f9 100644 --- a/src/clients/klist/ChangeLog +++ b/src/clients/klist/ChangeLog @@ -1,4 +1,12 @@ +Mon Aug 21 16:50:54 EDT 1995 Paul Park (pjpark@mit.edu) + * klist.c - Add logic to figure out width of time string and then use + this width to format the timestamp output. Remove English- + specific months and let timestamp_to_sfstring() handle it. + Replace etype string array with enctype_to_string(). + * configure.in - Add -lkadm. + + Fri Jul 7 15:54:35 EDT 1995 Paul Park (pjpark@mit.edu) * Makefile.in - Remove explicit library handling and LDFLAGS. * configure.in - Add KRB5_LIBRARIES. diff --git a/src/clients/klist/configure.in b/src/clients/klist/configure.in index 7a0e584d6..6b916eb23 100644 --- a/src/clients/klist/configure.in +++ b/src/clients/klist/configure.in @@ -1,6 +1,7 @@ AC_INIT(klist.c) CONFIG_RULES AC_PROG_INSTALL +USE_KADM_LIBRARY KRB5_LIBRARIES V5_USE_SHARED_LIB V5_AC_OUTPUT_MAKEFILE diff --git a/src/clients/klist/klist.c b/src/clients/klist/klist.c index ef3e78809..3da5108f0 100644 --- a/src/clients/klist/klist.c +++ b/src/clients/klist/klist.c @@ -38,6 +38,7 @@ int show_etype = 0; char *defname; char *progname; krb5_int32 now; +int timestamp_width; krb5_context kcontext; @@ -48,6 +49,7 @@ void show_credential KRB5_PROTOTYPE((char *, void do_ccache KRB5_PROTOTYPE((char *)); void do_keytab KRB5_PROTOTYPE((char *)); void printtime KRB5_PROTOTYPE((time_t)); +void fillit KRB5_PROTOTYPE((FILE *, int, int)); #define DEFAULT 0 #define CCACHE 1 @@ -134,6 +136,15 @@ main(argc, argv) com_err(progname, code, "while getting time of day."); exit(1); } + else { + char tmp[BUFSIZ]; + + if (!krb5_timestamp_to_sfstring(now, tmp, 20, (char *) NULL) || + !krb5_timestamp_to_sfstring(now, tmp, sizeof(tmp), (char *) NULL)) + timestamp_width = (int) strlen(tmp); + else + timestamp_width = 15; + } if (mode == DEFAULT || mode == CCACHE) do_ccache(name); @@ -177,8 +188,14 @@ void do_keytab(name) } if (show_time) { - printf("KVNO Timestamp Principal\n"); - printf("---- ------------------ -------------------------------------------------------\n"); + printf("KVNO Timestamp"); + fillit(stdout, timestamp_width - sizeof("Timestamp") + 2, (int) ' '); + printf("Principal\n"); + printf("---- "); + fillit(stdout, timestamp_width, (int) '-'); + printf(" "); + fillit(stdout, 78 - timestamp_width - sizeof("KVNO"), (int) '-'); + printf("\n"); } else { printf("KVNO Principal\n"); printf("---- --------------------------------------------------------------------------\n"); @@ -274,8 +291,13 @@ void do_ccache(name) if (!status_only) { printf("Ticket cache: %s\nDefault principal: %s\n\n", krb5_cc_get_name(kcontext, cache), defname); - fputs(" Valid starting Expires Service principal\n", - stdout); + fputs("Valid starting", stdout); + fillit(stdout, timestamp_width - sizeof("Valid starting") + 3, + (int) ' '); + fputs("Expires", stdout); + fillit(stdout, timestamp_width - sizeof("Expires") + 3, + (int) ' '); + fputs("Service principal\n", stdout); } if ((code = krb5_cc_start_seq_get(kcontext, cache, &cur))) { if (!status_only) @@ -349,35 +371,22 @@ flags_string(cred) return(buf); } -static char *Month_names[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", - "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" }; - void printtime(tv) time_t tv; { - struct tm *stime; - - stime = localtime((time_t *)&tv); - printf("%2d-%s-%2d %02d:%02d:%02d", - stime->tm_mday, - Month_names[stime->tm_mon], - stime->tm_year, - stime->tm_hour, - stime->tm_min, - stime->tm_sec); + char timestring[BUFSIZ]; + char fill; + + fill = ' '; + if (!krb5_timestamp_to_sfstring((krb5_timestamp) tv, + timestring, + timestamp_width+1, + &fill)) { + printf(timestring); + } } -/* Make sure this list matches the ETYPE order in encryption.h */ -#define ETYPE_MAX 6 -char * etype_string[ETYPE_MAX] = { - "ETYPE_NULL", - "ETYPE_DES_CBC_CRC", - "ETYPE_DES_CBC_MD4", - "ETYPE_DES_CBC_MD5", - "ETYPE_RAW_DES_CBC", - NULL }; - void show_credential(progname, kcontext, cred) char * progname; @@ -426,14 +435,16 @@ show_credential(progname, kcontext, cred) if (show_etype) { krb5_enctype etype = cred->keyblock.etype; + char etype_string[BUFSIZ]; if (!first) putchar('\n'); printf("\tEncryption type: "); if (etype != ETYPE_UNKNOWN) { - if ((etype < ETYPE_MAX) && etype_string[etype]) { - printf("%s", etype_string[etype]); + if (!krb5_enctype_to_string(etype, etype_string, + sizeof(etype_string))) { + printf("%s", etype_string); } else { printf("UNRECOGNIZED"); } @@ -461,3 +472,15 @@ show_credential(progname, kcontext, cred) free(sname); } +void +fillit(f, num, c) + FILE *f; + int num; + int c; +{ + int i; + + for (i=0; i * configure.in: Don't link with -lkadm. diff --git a/src/clients/ksu/ccache.c b/src/clients/ksu/ccache.c index 319c5e06e..f0946e23a 100644 --- a/src/clients/ksu/ccache.c +++ b/src/clients/ksu/ccache.c @@ -26,6 +26,7 @@ */ #include "ksu.h" +#include "adm_proto.h" /****************************************************************** krb5_cache_copy @@ -64,7 +65,7 @@ struct stat st_temp; cc_other = (krb5_ccache *) calloc(1, sizeof (krb5_ccache)); - if( retval = krb5_cc_resolve(context, cc_other_tag, cc_other)){ + if ((retval = krb5_cc_resolve(context, cc_other_tag, cc_other))){ com_err (prog_name, retval, "resolving ccache %s", cc_other_tag); return retval; @@ -74,7 +75,7 @@ struct stat st_temp; cc_other_name = krb5_cc_get_name(context, *cc_other); if ( ! stat(cc_def_name, &st_temp)){ - if(retval = krb5_get_nonexp_tkts(context, cc_def, &cc_def_creds_arr)){ + if((retval = krb5_get_nonexp_tkts(context,cc_def,&cc_def_creds_arr))){ return retval; } } @@ -83,7 +84,7 @@ struct stat st_temp; primary_principal); - if (retval = krb5_cc_initialize(context, *cc_other, primary_principal)){ + if ((retval = krb5_cc_initialize(context, *cc_other, primary_principal))){ return retval; } @@ -119,10 +120,8 @@ krb5_error_code krb5_store_all_creds(context, cc, creds_def, creds_other) { int i = 0; -int j = 0; krb5_error_code retval = 0; krb5_creds ** temp_creds= NULL; -krb5_boolean cmp; if ((creds_def == NULL) && (creds_other == NULL)) @@ -137,8 +136,8 @@ krb5_boolean cmp; if (temp_creds){ while(temp_creds[i]){ - if (retval= krb5_cc_store_cred(context, cc, - temp_creds[i])){ + if ((retval= krb5_cc_store_cred(context, cc, + temp_creds[i]))){ return retval; } i++; @@ -222,13 +221,13 @@ int chunk_count = 1; memset((char *) &creds, 0, sizeof(creds)); /* initialize the cursor */ - if (retval = krb5_cc_start_seq_get(context, cc, &cur)) { + if ((retval = krb5_cc_start_seq_get(context, cc, &cur))) { return retval; } while (!(retval = krb5_cc_next_cred(context, cc, &cur, &creds))){ - if(retval = krb5_check_exp(context, creds.times)){ + if ((retval = krb5_check_exp(context, creds.times))){ if (retval != KRB5KRB_AP_ERR_TKT_EXPIRED){ return retval; } @@ -241,8 +240,8 @@ int chunk_count = 1; } else { /* these credentials didn't expire */ - if (retval = krb5_copy_creds(context, &creds, - &temp_creds[count])){ + if ((retval = krb5_copy_creds(context, &creds, + &temp_creds[count]))){ return retval; } count ++; @@ -279,7 +278,7 @@ krb5_error_code krb5_check_exp(context, tkt_time) krb5_error_code retval =0; krb5_timestamp currenttime; - if (retval = krb5_timeofday (context, ¤ttime)){ + if ((retval = krb5_timeofday (context, ¤ttime))){ return retval; } if (auth_debug){ @@ -332,22 +331,20 @@ char *flags_string(cred) return(buf); } -static char *Month_names[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", - "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" }; - void printtime(tv) time_t tv; { struct tm *stime; + char fmtbuf[18]; + char fill; stime = localtime((time_t *)&tv); - printf("%2d-%s-%2d %02d:%02d:%02d", - stime->tm_mday, - Month_names[stime->tm_mon], - stime->tm_year, - stime->tm_hour, - stime->tm_min, - stime->tm_sec); + fill = ' '; + if (!krb5_timestamp_to_sfstring((krb5_timestamp) tv, + fmtbuf, + sizeof(fmtbuf), + &fill)) + printf(fmtbuf); } @@ -409,7 +406,7 @@ krb5_get_login_princ(luser, princ_list) linebuf[BUFSIZ-1] = '\0'; newline = NULL; /* nuke the newline if it exists */ - if (newline = strchr(linebuf, '\n')) + if ((newline = strchr(linebuf, '\n'))) *newline = '\0'; buf_out[count] = linebuf; @@ -463,11 +460,11 @@ show_credential(context, cred, cc) return; } - if (retval = krb5_cc_get_principal(context, cc, &princ)) { + if ((retval = krb5_cc_get_principal(context, cc, &princ))) { com_err(prog_name, retval, "while retrieving principal name"); return; } - if (retval = krb5_unparse_name(context, princ, &defname)) { + if ((retval = krb5_unparse_name(context, princ, &defname))) { com_err(prog_name, retval, "while unparsing principal name"); return; } @@ -535,20 +532,20 @@ struct stat st_temp; cct_name = krb5_cc_get_name(context, cct); if ( ! stat(ccs_name, &st_temp)){ - if(retval = krb5_get_nonexp_tkts(context, ccs, &ccs_creds_arr)){ + if ((retval = krb5_get_nonexp_tkts(context, ccs, &ccs_creds_arr))){ return retval; } } if ( ! stat(cct_name, &st_temp)){ - if (retval = krb5_cc_get_principal(context, cct, &temp_principal)){ + if ((retval = krb5_cc_get_principal(context, cct, &temp_principal))){ return retval; } }else{ temp_principal = primary_principal; } - if (retval = krb5_cc_initialize(context, cct, temp_principal)){ + if ((retval = krb5_cc_initialize(context, cct, temp_principal))){ return retval; } @@ -596,8 +593,8 @@ krb5_boolean temp_stored = FALSE; temp_creds[i]->client, prst)== TRUE) { - if (retval = krb5_cc_store_cred(context, - cc,temp_creds[i])){ + if ((retval = krb5_cc_store_cred(context, + cc,temp_creds[i]))){ return retval; } temp_stored = TRUE; @@ -647,7 +644,7 @@ struct stat st_temp; cc_other = (krb5_ccache *) calloc(1, sizeof (krb5_ccache)); - if( retval = krb5_cc_resolve(context, cc_other_tag, cc_other)){ + if ((retval = krb5_cc_resolve(context, cc_other_tag, cc_other))){ com_err (prog_name, retval, "resolving ccache %s", cc_other_tag); return retval; @@ -657,13 +654,13 @@ struct stat st_temp; cc_other_name = krb5_cc_get_name(context, *cc_other); if ( ! stat(cc_def_name, &st_temp)){ - if(retval = krb5_get_nonexp_tkts(context, cc_def, &cc_def_creds_arr)){ + if((retval = krb5_get_nonexp_tkts(context,cc_def,&cc_def_creds_arr))){ return retval; } } - if (retval = krb5_cc_initialize(context, *cc_other, prst)){ + if ((retval = krb5_cc_initialize(context, *cc_other, prst))){ return retval; } @@ -719,19 +716,19 @@ struct stat st_temp; fprintf(stderr,"Refreshing cache %s\n", cc_name); } - if(retval = krb5_get_nonexp_tkts(context, cc, &cc_creds_arr)){ + if ((retval = krb5_get_nonexp_tkts(context, cc, &cc_creds_arr))){ return retval; } - if (retval = krb5_cc_get_principal(context, cc, &temp_principal)){ + if ((retval = krb5_cc_get_principal(context, cc, &temp_principal))){ return retval; } - if (retval = krb5_cc_initialize(context, cc, temp_principal)){ + if ((retval = krb5_cc_initialize(context, cc, temp_principal))) { return retval; } - if (retval = krb5_store_all_creds(context, cc, cc_creds_arr, NULL)){ + if ((retval = krb5_store_all_creds(context, cc, cc_creds_arr, NULL))){ return retval; } @@ -767,20 +764,20 @@ struct stat st_temp; fprintf(stderr,"puting cache %s through a filter for -z option\n", cc_name); } - if(retval = krb5_get_nonexp_tkts(context, cc, &cc_creds_arr)){ + if ((retval = krb5_get_nonexp_tkts(context, cc, &cc_creds_arr))){ return retval; } - if (retval = krb5_cc_get_principal(context, cc, &temp_principal)){ + if ((retval = krb5_cc_get_principal(context, cc, &temp_principal))){ return retval; } - if (retval = krb5_cc_initialize(context, cc, temp_principal)){ + if ((retval = krb5_cc_initialize(context, cc, temp_principal))){ return retval; } - if (retval = krb5_store_some_creds(context, cc, cc_creds_arr, - NULL, prst, &stored)){ + if ((retval = krb5_store_some_creds(context, cc, cc_creds_arr, + NULL, prst, &stored))){ return retval; } @@ -833,7 +830,7 @@ struct stat st_temp; cc_name = krb5_cc_get_name(context, cc); if ( ! stat(cc_name, &st_temp)){ - if(retval = krb5_get_nonexp_tkts(context, cc, &creds_list)){ + if ((retval = krb5_get_nonexp_tkts(context, cc, &creds_list))){ return retval; } } diff --git a/src/clients/ksu/configure.in b/src/clients/ksu/configure.in index 61ef15fe8..62847f557 100644 --- a/src/clients/ksu/configure.in +++ b/src/clients/ksu/configure.in @@ -5,6 +5,7 @@ AC_CHECK_LIB(ndbm,main) AC_CHECK_LIB(dbm,main) AC_CHECK_HEADERS(stdarg.h) AC_CHECK_FUNCS(getusershell) +USE_KADM_LIBRARY KRB5_LIBRARIES V5_USE_SHARED_LIB V5_AC_OUTPUT_MAKEFILE diff --git a/src/clients/ksu/krb_auth_su.c b/src/clients/ksu/krb_auth_su.c index ea6335f46..792f61bcc 100644 --- a/src/clients/ksu/krb_auth_su.c +++ b/src/clients/ksu/krb_auth_su.c @@ -76,7 +76,7 @@ krb5_boolean zero_password; memset((char *) &in_creds, 0, sizeof(krb5_creds)); - if (retval= krb5_copy_principal(context, client_pname, &client)){ + if ((retval= krb5_copy_principal(context, client_pname, &client))){ com_err(prog_name, retval,"while copying client principal"); return (FALSE) ; } @@ -84,8 +84,8 @@ krb5_boolean zero_password; if (auth_debug) { dump_principal(context, "krb5_auth_check: Client principal name", client); } - if ( retval = krb5_sname_to_principal(context, hostname, NULL, - KRB5_NT_SRV_HST, &server)){ + if ((retval = krb5_sname_to_principal(context, hostname, NULL, + KRB5_NT_SRV_HST, &server))){ com_err(prog_name, retval, "while creating server %s principal name", hostname); krb5_free_principal(context, client); @@ -109,14 +109,14 @@ krb5_boolean zero_password; /* check to see if the local tgt is in the cache */ - if (retval= krb5_copy_principal(context, client, &tgtq.client)){ + if ((retval= krb5_copy_principal(context, client, &tgtq.client))){ com_err(prog_name, retval,"while copying client principal"); return (FALSE) ; } - if (retval = krb5_tgtname(context, krb5_princ_realm (context, client), - krb5_princ_realm(context, client), - &tgtq.server)){ + if ((retval = krb5_tgtname(context, krb5_princ_realm(context, client), + krb5_princ_realm(context, client), + &tgtq.server))){ com_err(prog_name, retval, "while creating tgt for local realm"); krb5_free_principal(context, client); krb5_free_principal(context, server); @@ -162,18 +162,18 @@ krb5_boolean zero_password; } - if (retval= krb5_copy_principal(context, client, &in_creds.client)){ + if ((retval= krb5_copy_principal(context, client, &in_creds.client))){ com_err(prog_name, retval,"while copying client principal"); return (FALSE) ; } - if (retval= krb5_copy_principal(context, server, &in_creds.server)){ + if ((retval= krb5_copy_principal(context, server, &in_creds.server))){ com_err(prog_name, retval,"while copying client principal"); return (FALSE) ; } - if (retval = krb5_get_cred_from_kdc(context, cc, &in_creds, - &out_creds, &tgts)){ + if ((retval = krb5_get_cred_from_kdc(context, cc, &in_creds, + &out_creds, &tgts))){ com_err(prog_name, retval, "while geting credentials from kdc"); return (FALSE); } @@ -192,7 +192,7 @@ krb5_boolean zero_password; fprintf(stderr, "krb5_auth_check: went via multiple realms"); } while (tgts[i]){ - if (retval = krb5_cc_store_cred(context, cc, tgts[i])) { + if ((retval=krb5_cc_store_cred(context,cc,tgts[i]))) { com_err(prog_name, retval, "while storing credentials from cross-realm walk"); return (FALSE); @@ -202,14 +202,14 @@ krb5_boolean zero_password; krb5_free_tgt_creds(context, tgts); } - if (retval = krb5_verify_tkt_def(context, client, server, - &out_creds->keyblock, - &out_creds->ticket, &target_tkt)){ + if ((retval = krb5_verify_tkt_def(context, client, server, + &out_creds->keyblock, + &out_creds->ticket, &target_tkt))){ com_err(prog_name, retval, "while verifing ticket for server"); return (FALSE); } - if (retval = krb5_cc_store_cred(context, cc, out_creds)){ + if ((retval = krb5_cc_store_cred(context, cc, out_creds))){ com_err(prog_name, retval, "While storing credentials"); return (FALSE); @@ -236,26 +236,26 @@ krb5_error_code retval; memset((char *) &tgtq, 0, sizeof(tgtq)); memset((char *) &tgt, 0, sizeof(tgt)); - if (retval= krb5_copy_principal(context, client, &tgtq.client)){ + if ((retval= krb5_copy_principal(context, client, &tgtq.client))){ com_err(prog_name, retval,"while copying client principal"); return (FALSE) ; } - if (retval= krb5_copy_principal(context, server, &tgtq.server)){ + if ((retval= krb5_copy_principal(context, server, &tgtq.server))){ com_err(prog_name, retval,"while copying client principal"); return (FALSE) ; } - if (retval = krb5_cc_retrieve_cred(context, cc, KRB5_TC_MATCH_SRV_NAMEONLY, - &tgtq, &tgt)){ + if ((retval = krb5_cc_retrieve_cred(context, cc, KRB5_TC_MATCH_SRV_NAMEONLY, + &tgtq, &tgt))){ if (auth_debug) com_err(prog_name, retval,"While Retrieving credentials"); return (FALSE) ; } - if (retval = krb5_verify_tkt_def(context, client, server, &tgt.keyblock, - &tgt.ticket, &target_tkt)){ + if ((retval = krb5_verify_tkt_def(context, client, server, &tgt.keyblock, + &tgt.ticket, &target_tkt))){ com_err(prog_name, retval, "while verifing ticket for server"); return (FALSE); } @@ -283,7 +283,7 @@ krb5_ticket * tkt = NULL; krb5_error_code retval =0; krb5_keyblock * tkt_ses_key; - if (retval = decode_krb5_ticket(scr_ticket, &tkt)){ + if ((retval = decode_krb5_ticket(scr_ticket, &tkt))){ return retval; } @@ -298,7 +298,7 @@ krb5_keyblock * tkt_ses_key; } /* get the default keytab */ - if( retval = krb5_kt_default(context, &keytabid)){ + if ((retval = krb5_kt_default(context, &keytabid))){ krb5_free_ticket(context, tkt); return retval; } @@ -306,22 +306,22 @@ krb5_keyblock * tkt_ses_key; /* We have the encryption type get the keytpe. */ keytype = krb5_csarray[tkt->enc_part.etype]->system->proto_keytype; - if (retval = krb5_kt_get_entry(context, keytabid, server, - tkt->enc_part.kvno, keytype, &ktentry)){ + if ((retval = krb5_kt_get_entry(context, keytabid, server, + tkt->enc_part.kvno, keytype, &ktentry))){ krb5_free_ticket(context, tkt); return retval; } krb5_kt_close(context, keytabid); - if ( retval = krb5_copy_keyblock(context, &ktentry.key, &tkt_key)){ + if ((retval = krb5_copy_keyblock(context, &ktentry.key, &tkt_key))){ krb5_free_ticket(context, tkt); krb5_kt_free_entry(context, &ktentry); return retval; } /* decrypt the ticket */ - if (retval = krb5_decrypt_tkt_part(context, tkt_key, tkt)) { + if ((retval = krb5_decrypt_tkt_part(context, tkt_key, tkt))) { krb5_free_ticket(context, tkt); krb5_kt_free_entry(context, &ktentry); krb5_free_keyblock(context, tkt_key); @@ -384,25 +384,24 @@ krb5_boolean krb5_get_tkt_via_passwd (context, ccache, client, server, krb5_creds my_creds; krb5_timestamp now; int pwsize; - int i; char password[255], *client_name, prompt[255]; *zero_password = FALSE; - if (code = krb5_unparse_name(context, client, &client_name)) { + if ((code = krb5_unparse_name(context, client, &client_name))) { com_err (prog_name, code, "when unparsing name"); return (FALSE); } memset((char *)&my_creds, 0, sizeof(my_creds)); - if (code = krb5_copy_principal(context, client, &my_creds.client)){ + if ((code = krb5_copy_principal(context, client, &my_creds.client))){ com_err (prog_name, code, "while copying principal"); return (FALSE); } - if (code = krb5_copy_principal(context, server, &my_creds.server)){ + if ((code = krb5_copy_principal(context, server, &my_creds.server))){ com_err (prog_name, code, "while copying principal"); return (FALSE); } @@ -414,7 +413,7 @@ krb5_boolean krb5_get_tkt_via_passwd (context, ccache, client, server, return (FALSE); } - if (code = krb5_timeofday(context, &now)) { + if ((code = krb5_timeofday(context, &now))) { com_err(prog_name, code, "while getting time of day"); return (FALSE); } @@ -477,7 +476,7 @@ void dump_principal (context, str, p) char * stname; krb5_error_code retval; - if (retval = krb5_unparse_name(context, p, &stname)){ + if ((retval = krb5_unparse_name(context, p, &stname))){ fprintf(stderr," %s while unparsing name \n", error_message(retval)); } @@ -491,89 +490,13 @@ void plain_dump_principal (context, p) char * stname; krb5_error_code retval; - if (retval = krb5_unparse_name(context, p, &stname)){ + if ((retval = krb5_unparse_name(context, p, &stname))){ fprintf(stderr," %s while unparsing name \n", error_message(retval)); } fprintf(stderr, "%s ", stname ); } - -static time_t convtime PROTOTYPE((char *)); - -krb5_error_code -krb5_parse_lifetime (time, len) - char *time; - long *len; -{ - *len = convtime(time); - return 0; -} - - -/* - * this next function was lifted from the source to sendmail, which is: - * - * Copyright (c) 1983 Eric P. Allman - * Copyright (c) 1988 Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms are permitted provided - * that: (1) source distributions retain this entire copyright notice and - * comment, and (2) distributions including binaries display the following - * acknowledgement: ``This product includes software developed by the - * University of California, Berkeley and its contributors'' in the - * documentation or other materials provided with the distribution and in - * all advertising materials mentioning features or use of this software. - * Neither the name of the University nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -#include /* for isdigit */ - -static time_t -convtime(p) - char *p; -{ - register time_t t, r; - register char c; - - r = 0; - while (*p != '\0') - { - t = 0; - while (isdigit(c = *p++)) - t = t * 10 + (c - '0'); - if (c == '\0') - p--; - switch (c) - { - case 'w': /* weeks */ - t *= 7; - - case 'd': /* days */ - t *= 24; - - case 'h': /* hours */ - default: - t *= 60; - - case 'm': /* minutes */ - t *= 60; - - case 's': /* seconds */ - break; - } - r += t; - } - - return (r); -} - #if 0 krb5_error_code get_tgt_via_login_list(context, server, cc, k5login_plist, client, got_it) @@ -671,7 +594,7 @@ int i = 0, nelem; while(plist[i]){ - if (retval = krb5_parse_name(context, plist[i], &temp_client)){ + if ((retval = krb5_parse_name(context, plist[i], &temp_client))){ return retval; } diff --git a/src/clients/ksu/ksu.h b/src/clients/ksu/ksu.h index 5c24b431c..4315ed85e 100644 --- a/src/clients/ksu/ksu.h +++ b/src/clients/ksu/ksu.h @@ -71,8 +71,8 @@ extern char * gb_err; typedef struct opt_info{ int opt; - long lifetime; - long rlife; + krb5_deltat lifetime; + krb5_deltat rlife; int princ; }opt_info; diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c index 319c777c0..d06a669ff 100644 --- a/src/clients/ksu/main.c +++ b/src/clients/ksu/main.c @@ -26,6 +26,7 @@ */ #include "ksu.h" +#include "adm_proto.h" /* globals */ char * prog_name; @@ -63,6 +64,7 @@ void usage (){ #define DEBUG +int main (argc, argv) int argc; char ** argv; @@ -171,7 +173,7 @@ char * dir_of_cc_source; switch (option) { case 'r': options.opt |= KDC_OPT_RENEWABLE; - retval = krb5_parse_lifetime(optarg, &options.rlife); + retval = krb5_string_to_deltat(optarg, &options.rlife); if (retval != 0 || options.rlife == 0) { fprintf(stderr, "Bad lifetime value (%s hours?)\n", optarg); errflg++; @@ -183,7 +185,7 @@ char * dir_of_cc_source; optind --; if (auth_debug){printf("Before get_params optind=%d \n", optind);} - if ( retval = get_params( & optind, pargc, pargv, ¶ms)){ + if ((retval = get_params( & optind, pargc, pargv, ¶ms))){ com_err(prog_name, retval, "when gathering parameters"); errflg++; } @@ -203,14 +205,14 @@ char * dir_of_cc_source; quiet =1; break; case 'l': - retval = krb5_parse_lifetime(optarg, &options.lifetime); + retval = krb5_string_to_deltat(optarg, &options.lifetime); if (retval != 0 || options.lifetime == 0) { fprintf(stderr, "Bad lifetime value (%s hours?)\n", optarg); errflg++; } break; case 'n': - if (retval = krb5_parse_name(ksu_context, optarg, &client)){ + if ((retval = krb5_parse_name(ksu_context, optarg, &client))){ com_err(prog_name, retval, "when parsing name %s", optarg); errflg++; } @@ -298,7 +300,7 @@ char * dir_of_cc_source; case 'e': cmd = strdup(optarg); if(auth_debug){printf("Before get_params optind=%d \n", optind);} - if ( retval = get_params( & optind, pargc, pargv, ¶ms)){ + if ((retval = get_params( & optind, pargc, pargv, ¶ms))){ com_err(prog_name, retval, "when gathering parameters"); errflg++; } @@ -380,7 +382,7 @@ char * dir_of_cc_source; } /* get a handle for the cache */ - if ( retval = krb5_cc_resolve(ksu_context, cc_source_tag, &cc_source)){ + if ((retval = krb5_cc_resolve(ksu_context, cc_source_tag, &cc_source))){ com_err(prog_name, retval,"while getting source cache"); exit(1); } @@ -397,7 +399,7 @@ char * dir_of_cc_source; } - if (retval= krb5_ccache_refresh(ksu_context, cc_source)){ + if ((retval= krb5_ccache_refresh(ksu_context, cc_source))){ com_err(prog_name, retval, "while refreshing %s (source cache)", cc_source_tag); exit(1); @@ -406,9 +408,9 @@ char * dir_of_cc_source; } - if (retval = get_best_princ_for_target(ksu_context, source_uid, + if ((retval = get_best_princ_for_target(ksu_context, source_uid, target_uid, source_user, target_user, cc_source, - &options, cmd, localhostname, &client, &hp)){ + &options, cmd, localhostname, &client, &hp))){ com_err(prog_name,retval, "while selecting the best principal"); exit(1); } @@ -444,8 +446,8 @@ char * dir_of_cc_source; exit(1); } - if (retval = krb5_cc_initialize(ksu_context, cc_source, - client)){ + if ((retval = krb5_cc_initialize(ksu_context, cc_source, + client))){ com_err(prog_name, retval, "while initializing source cache"); exit(1); @@ -501,8 +503,8 @@ char * dir_of_cc_source; if ((source_uid == 0) && (target_uid != 0)) { - if (retval =krb5_ccache_copy_restricted(ksu_context, cc_source, - cc_target_tag,client,&cc_target, &stored)){ + if ((retval =krb5_ccache_copy_restricted(ksu_context, cc_source, + cc_target_tag,client,&cc_target, &stored))){ com_err (prog_name, retval, "while copying cache %s to %s", krb5_cc_get_name(ksu_context, cc_source),cc_target_tag); @@ -510,8 +512,8 @@ char * dir_of_cc_source; } } else{ - if (retval = krb5_ccache_copy(ksu_context, cc_source, cc_target_tag, - client,&cc_target, &stored)){ + if ((retval = krb5_ccache_copy(ksu_context, cc_source, cc_target_tag, + client,&cc_target, &stored))){ com_err (prog_name, retval, "while copying cache %s to %s", krb5_cc_get_name(ksu_context, cc_source), @@ -527,7 +529,7 @@ char * dir_of_cc_source; cc_target_tag = cc_source_tag; cc_target_tag_tmp = cc_source_tag_tmp; - if(retval=krb5_find_princ_in_cache(ksu_context, cc_target,client, &stored)){ + if ((retval=krb5_find_princ_in_cache(ksu_context, cc_target,client, &stored))){ com_err (prog_name, retval, "while searching for client in source ccache"); exit(1); @@ -537,10 +539,10 @@ char * dir_of_cc_source; if ((source_uid == 0) || (target_uid == source_uid)){ #ifdef GET_TGT_VIA_PASSWD if ((!all_rest_copy) && options.princ && (stored == FALSE)){ - if (retval = krb5_tgtname(ksu_context, + if ((retval = krb5_tgtname(ksu_context, krb5_princ_realm (ksu_context, client), krb5_princ_realm(ksu_context, client), - &kdc_server)){ + &kdc_server))){ com_err(prog_name, retval, "while creating tgt for local realm"); sweep_up(ksu_context, use_source_cache, cc_target); @@ -593,8 +595,8 @@ char * dir_of_cc_source; /* cache the tickets if possible in the source cache */ if (!path_passwd && !use_source_cache){ - if (retval = krb5_ccache_overwrite(ksu_context, cc_target, cc_source, - client)){ + if ((retval = krb5_ccache_overwrite(ksu_context, cc_target, cc_source, + client))){ com_err (prog_name, retval, "while copying cache %s to %s", krb5_cc_get_name(ksu_context, cc_target), @@ -610,7 +612,7 @@ char * dir_of_cc_source; } } - if (retval = krb5_unparse_name(ksu_context, client, &client_name)) { + if ((retval = krb5_unparse_name(ksu_context, client, &client_name))) { com_err (prog_name, retval, "When unparsing name"); sweep_up(ksu_context, use_source_cache, cc_target); exit(1); @@ -621,8 +623,8 @@ char * dir_of_cc_source; prog_name,target_user,client_name, source_user,ontty()); - if(retval = krb5_authorization(ksu_context, client,target_user, - local_realm_name, cmd, &authorization_val, &exec_cmd)){ + if ((retval = krb5_authorization(ksu_context, client,target_user, + local_realm_name, cmd, &authorization_val, &exec_cmd))){ com_err(prog_name,retval,"while checking authorization"); sweep_up(ksu_context, use_source_cache, cc_target); exit(1); @@ -676,7 +678,7 @@ char * dir_of_cc_source; } if( some_rest_copy){ - if (retval = krb5_ccache_filter(ksu_context, cc_target, client)){ + if ((retval = krb5_ccache_filter(ksu_context, cc_target, client))){ com_err(prog_name,retval,"while calling cc_filter"); sweep_up(ksu_context, use_source_cache, cc_target); exit(1); @@ -684,7 +686,7 @@ char * dir_of_cc_source; } if (all_rest_copy){ - if (retval = krb5_cc_initialize(ksu_context, cc_target, client)){ + if ((retval = krb5_cc_initialize(ksu_context, cc_target, client))){ com_err(prog_name, retval, "while erasing target cache"); exit(1); @@ -819,7 +821,7 @@ char * dir_of_cc_source; sweep_up(ksu_context, use_source_cache, cc_target); exit(1); }else{ - if (child_pid = fork()){ + if ((child_pid = fork())){ if (auth_debug){ printf(" The childs pid is %d \n", child_pid); printf(" The parents pid is %d \n", getpid()); @@ -868,7 +870,7 @@ char *p, *ttyname(); static char buf[MAXPATHLEN + 4]; buf[0] = 0; - if (p = ttyname(STDERR_FILENO)) + if ((p = ttyname(STDERR_FILENO))) sprintf(buf, " on %s", p); return (buf); } @@ -901,7 +903,7 @@ struct stat st_temp; if (! use_source_cache){ cc_name = krb5_cc_get_name(context, cc); if ( ! stat(cc_name, &st_temp)){ - if (retval = krb5_cc_destroy(context, cc)){ + if ((retval = krb5_cc_destroy(context, cc))){ com_err(prog_name, retval, "while destroying cache"); } @@ -977,7 +979,7 @@ char *get_dir_of_file(path) temp_path = strdup(path); - if (ptr = strrchr( temp_path, '/')) { + if ((ptr = strrchr( temp_path, '/'))) { *ptr = '\0'; } else { free (temp_path); diff --git a/src/kadmin.old/server/ChangeLog b/src/kadmin.old/server/ChangeLog index d47eabc2b..5db374d9c 100644 --- a/src/kadmin.old/server/ChangeLog +++ b/src/kadmin.old/server/ChangeLog @@ -1,4 +1,11 @@ +Mon Aug 21 17:05:18 EDT 1995 Paul Park (pjpark@mit.edu) + * adm_server.c - Change dbm_db_set_name to db_set_name. Interpret -k + and -e arguments as strings instead of string representations + of integers (e.g. des-cbc-md5). Fix gcc -Wall. + * adm_extern.h - Add prototype of closedown_network() for gcc -Wall. + + Tue Aug 15 14:29:26 EDT 1995 Paul Park (pjpark@mit.edu) * adm_{adm_func,fmt_inq,funcs,process,server}.c, adm_extern.h - Replace adm_find_keytype() with krb5_dbe_find_keytype(). diff --git a/src/kadmin.old/server/adm_extern.h b/src/kadmin.old/server/adm_extern.h index b25c20bb4..4a630e90d 100644 --- a/src/kadmin.old/server/adm_extern.h +++ b/src/kadmin.old/server/adm_extern.h @@ -177,6 +177,7 @@ krb5_error_code adm_negotiate_key char const *, char *)); +krb5_error_code closedown_network PROTOTYPE((const char *)); krb5_error_code setup_network PROTOTYPE((krb5_context, const char *)); diff --git a/src/kadmin.old/server/adm_server.c b/src/kadmin.old/server/adm_server.c index 7969ceb70..ae67a8ee1 100644 --- a/src/kadmin.old/server/adm_server.c +++ b/src/kadmin.old/server/adm_server.c @@ -44,6 +44,7 @@ #include "k5-int.h" #include "adm_extern.h" +#include "adm_proto.h" char prog[32]; char *progname = prog; @@ -69,6 +70,7 @@ krb5_db_entry master_entry; krb5_flags NEW_ATTRIBUTES; +int cleanexit(context, val) krb5_context context; int val; @@ -156,7 +158,7 @@ process_args(context, argc, argv) case 'd': /* put code to deal with alt database place */ dbm_db_name = optarg; - if (retval = krb5_dbm_db_set_name(context, dbm_db_name)) { + if ((retval = krb5_db_set_name(context, dbm_db_name))) { fprintf(stderr, "opening database %s: %s", dbm_db_name, error_message(retval)); exit(1); @@ -164,12 +166,17 @@ process_args(context, argc, argv) break; case 'e': - kdc_etype = atoi(optarg); + if (krb5_string_to_enctype(optarg, &kdc_etype)) + fprintf(stderr, "%s: %s is an invalid encryption type\n", + argv[0], optarg); break; case 'k': /* keytype for master key */ - master_keyblock.keytype = atoi(optarg); - keytypedone++; + if (!krb5_string_to_keytype(optarg, &master_keyblock.keytype)) + keytypedone++; + else + fprintf(stderr, "%s: %s is an invalid key type\n", + argv[0], optarg); break; case 'm': /* manual type-in of master key */ @@ -202,7 +209,7 @@ process_args(context, argc, argv) if (!realm) { /* no realm specified, use default realm */ - if (retval = krb5_get_default_realm(context, &local_realm)) { + if ((retval = krb5_get_default_realm(context, &local_realm))) { com_err(argv[0], retval, "while attempting to retrieve default realm"); exit(1); @@ -219,10 +226,10 @@ process_args(context, argc, argv) } /* assemble & parse the master key name */ - if (retval = krb5_db_setup_mkey_name(context, mkey_name, - realm, - (char **) 0, - &master_princ)) { + if ((retval = krb5_db_setup_mkey_name(context, mkey_name, + realm, + (char **) 0, + &master_princ))) { com_err(argv[0], retval, "while setting up master key name"); exit(1); } @@ -234,14 +241,14 @@ process_args(context, argc, argv) } krb5_use_cstype(context, &master_encblock, kdc_etype); - if (retval = krb5_db_fetch_mkey(context, + if ((retval = krb5_db_fetch_mkey(context, master_princ, &master_encblock, manual, FALSE, /* only read it once, if at all */ (char *) NULL, /* No stash file */ 0, /* No salt supplied */ - &master_keyblock)) { + &master_keyblock))) { com_err(argv[0], retval, "while fetching master key"); exit(1); } @@ -249,9 +256,9 @@ process_args(context, argc, argv) /* initialize random key generators */ for (etype = 0; etype <= krb5_max_cryptosystem; etype++) { if (krb5_csarray[etype]) { - if (retval = (*krb5_csarray[etype]->system-> + if ((retval = (*krb5_csarray[etype]->system-> init_random_key)(&master_keyblock, - &krb5_csarray[etype]->random_sequence)) { + &krb5_csarray[etype]->random_sequence))) { com_err(argv[0], retval, "while setting up random key generator for etype %d--etype disabled", etype); @@ -284,18 +291,18 @@ init_db(context, dbname, masterkeyname, masterkeyblock) return(retval); /* initialize database */ - if (retval = krb5_db_init(context)) + if ((retval = krb5_db_init(context))) return(retval); - if (retval = krb5_db_verify_master_key(context, masterkeyname, + if ((retval = krb5_db_verify_master_key(context, masterkeyname, masterkeyblock, - &master_encblock)) { + &master_encblock))) { master_encblock.crypto_entry = 0; return(retval); } /* do any necessary key pre-processing */ - if (retval = krb5_process_key(context, &master_encblock, masterkeyblock)) { + if ((retval = krb5_process_key(context, &master_encblock, masterkeyblock))) { master_encblock.crypto_entry = 0; (void) krb5_db_fini(context); return(retval); @@ -305,8 +312,8 @@ init_db(context, dbname, masterkeyname, masterkeyblock) * fetch the master database entry, and hold on to it. */ number_of_entries = 1; - if (retval = krb5_db_get_principal(context, masterkeyname, &master_entry, - &number_of_entries, &more)) { + if ((retval = krb5_db_get_principal(context, masterkeyname, &master_entry, + &number_of_entries, &more))) { return(retval); } if (number_of_entries != 1) { @@ -333,11 +340,11 @@ init_db(context, dbname, masterkeyname, masterkeyblock) tgs_server->type = KRB5_NT_SRV_INST; number_of_entries = 1; - if (retval = krb5_db_get_principal(context, - tgs_server, - &server_entry, - &number_of_entries, - &more)) { + if ((retval = krb5_db_get_principal(context, + tgs_server, + &server_entry, + &number_of_entries, + &more))) { return(retval); } @@ -359,21 +366,21 @@ init_db(context, dbname, masterkeyname, masterkeyblock) convert server.key into a real key (it may be encrypted in the database) */ - if (retval = krb5_dbe_find_keytype(context, - &server_entry, - KEYTYPE_DES, - -1, - -1, - &kdatap)) { + if ((retval = krb5_dbe_find_keytype(context, + &server_entry, + KEYTYPE_DES, + -1, + -1, + &kdatap))) { krb5_db_free_principal(context, &server_entry, number_of_entries); (void) krb5_finish_key(context, &master_encblock); memset((char *)&master_encblock, 0, sizeof(master_encblock)); (void) krb5_db_fini(context); return(retval); } - if (retval = krb5_dbekd_decrypt_key_data(context,&master_encblock, - kdatap,&tgs_key, - &salt)) { + if ((retval = krb5_dbekd_decrypt_key_data(context,&master_encblock, + kdatap,&tgs_key, + &salt))) { krb5_db_free_principal(context, &server_entry, number_of_entries); (void) krb5_finish_key(context, &master_encblock); memset((char *)&master_encblock, 0, sizeof(master_encblock)); @@ -470,6 +477,7 @@ setup_com_err(context) ** Main does the logical thing, it sets up the database and RPC interface, ** as well as handling the creation and maintenance of the syslog file... */ +int main(argc, argv) /* adm_server main routine */ int argc; char **argv; @@ -499,18 +507,19 @@ char **argv; setup_signal_handlers(); - if (retval = init_db(context, dbm_db_name, master_princ,&master_keyblock)) { + if ((retval = init_db(context, dbm_db_name, master_princ, + &master_keyblock))) { com_err(argv[0], retval, "while initializing database"); exit(1); } - if (retval = setup_network(context, argv[0])) { + if ((retval = setup_network(context, argv[0]))) { exit(1); } syslog(LOG_AUTH | LOG_INFO, "Admin Server Commencing Operation"); - if (retval = adm5_listen_and_process(context, argv[0])){ + if ((retval = adm5_listen_and_process(context, argv[0]))) { krb5_free_principal(context, client_server_info.server); com_err(argv[0], retval, "while processing network requests"); errout++; @@ -519,12 +528,12 @@ char **argv; free(client_server_info.name_of_service); krb5_free_principal(context, client_server_info.server); - if (errout = closedown_network(argv[0])) { + if ((errout = closedown_network(argv[0]))) { com_err(argv[0], retval, "while shutting down network"); retval = retval + errout; } - if (errout = closedown_db(context)) { + if ((errout = closedown_db(context))) { com_err(argv[0], retval, "while closing database"); retval = retval + errout; } diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog index d520a79af..825b30c8b 100644 --- a/src/kdc/ChangeLog +++ b/src/kdc/ChangeLog @@ -1,4 +1,10 @@ +Mon Aug 21 17:03:53 EDT 1995 Paul Park (pjpark@mit.edu) + * main.c - Interpret -k and -e arguments as strings instead of string + representations of integers (e.g. -e des-cbc-md5). + * krb5kdc.M - Remove "ascii representation of a decimal number". + + Thu Aug 17 13:49:14 EDT 1995 Paul Park (pjpark@mit.edu) * do_as_req.c - Close and re-open the database after performing a database update. This is the cleanest way to flush out the diff --git a/src/kdc/krb5kdc.M b/src/kdc/krb5kdc.M index 45af02434..4d797a58b 100644 --- a/src/kdc/krb5kdc.M +++ b/src/kdc/krb5kdc.M @@ -69,8 +69,8 @@ default the database is in DEFAULT_DBM_FILE. The .B \-k .I keytype -option specifies the key type (as an ascii representation of a decimal -number) of the master key in the database; the default is KEYTYPE_DES. +option specifies the key type of the master key in the database; the default +is KEYTYPE_DES. .PP The .B \-M diff --git a/src/kdc/main.c b/src/kdc/main.c index 1e60262ea..beb68583a 100644 --- a/src/kdc/main.c +++ b/src/kdc/main.c @@ -805,7 +805,8 @@ initialize_realms(kcontext, argc, argv) nofork++; /* don't detach from terminal */ break; case 'k': /* keytype for master key */ - mkeytype = atoi(optarg); + if (krb5_string_to_keytype(optarg, &mkeytype)) + com_err(argv[0], 0, "invalid keytype %s", optarg); break; case 'R': rcname = optarg; @@ -817,7 +818,8 @@ initialize_realms(kcontext, argc, argv) sport = atoi(optarg); break; case 'e': - kdc_etype = atoi(optarg); + if (krb5_string_to_enctype(optarg, &kdc_etype)) + com_err(argv[0], 0, "invalid encryption type %s", optarg); break; case '?': default: -- 2.26.2