From b61af2a8c8f563ea61a05af61e7de2981f28be5b Mon Sep 17 00:00:00 2001 From: Alexandra Ellwood Date: Thu, 6 Mar 2003 20:52:43 +0000 Subject: [PATCH] * CCache-glue.c: Added prototypes for deprecated functions. Made internal functions static. Removed unused CoreServices include. Changed TICKET_GRANTING_TICKET to new macro: KRB_TICKET_GRANTING_TICKET. * change_password.c: Added check of inputs to krb_change_password so we don't crash on bad inputs. Call des_string_to_key not mit_password_to_key on all platforms because we don't want to prompt for a password. * FSp-glue.c: Added prototypes for deprecated functions. Changed to use KfM's FSSpecToPOSIXPath which correctly handles FSSpecs where the file does not exist. * g_in_tkt.c: Added explanatory comments. Made TARGET_OS_MAC sections a little smaller and easier to read. * g_pw_in_tkt.c: Only prompt when we are not using the login library. This is so that Darwin builds do prompt but KfM builds don't. * g_svc_in_tkt.c, g_tkt_svc.c: Changed to use KRB_TICKET_GRANTING_TICKET. * kadm_net.c: Use autoconf variable krb5_sigtype instead of sigtype, which doesn't seem to be defined on Mac OS X. * krb4int.h, RealmsConfig-glue.c: Removed krb_get_stk(). * rd_req.c: Added #ifdef KRB4_USE_KEYTAB to avoid unused variable warning when KRB4_USE_KEYTAB is not defined. * sendauth.c: Fixed warnings with casts git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15254 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb4/CCache-glue.c | 21 ++++++--- src/lib/krb4/ChangeLog | 34 ++++++++++++++ src/lib/krb4/FSp-glue.c | 49 ++++++-------------- src/lib/krb4/RealmsConfig-glue.c | 76 -------------------------------- src/lib/krb4/change_password.c | 15 ++++--- src/lib/krb4/g_in_tkt.c | 22 ++++----- src/lib/krb4/g_pw_in_tkt.c | 4 +- src/lib/krb4/g_svc_in_tkt.c | 4 +- src/lib/krb4/g_tkt_svc.c | 2 +- src/lib/krb4/kadm_net.c | 2 +- src/lib/krb4/krb4int.h | 4 +- src/lib/krb4/rd_req.c | 2 + src/lib/krb4/sendauth.c | 4 +- 13 files changed, 94 insertions(+), 145 deletions(-) diff --git a/src/lib/krb4/CCache-glue.c b/src/lib/krb4/CCache-glue.c index 05cb905fa..3a585377f 100644 --- a/src/lib/krb4/CCache-glue.c +++ b/src/lib/krb4/CCache-glue.c @@ -8,10 +8,8 @@ */ -#include #include "krb.h" #include "krb4int.h" -#include "prot.h" #if !defined (USE_CCAPI) || !USE_CCAPI #error "Cannot use CCache glue without the CCAPI!" @@ -25,8 +23,19 @@ #include #include -void -UpdateDefaultCache (void); +/* + * The following functions are part of the KfM ABI. + * They are deprecated, so they only appear here, not in krb.h. + * + * Do not change the ABI of these functions! + */ +int KRB5_CALLCONV krb_get_num_cred(void); +int KRB5_CALLCONV krb_get_nth_cred(char *, char *, char *, int); +int KRB5_CALLCONV krb_delete_cred(char *, char *,char *); +int KRB5_CALLCONV dest_all_tkts(void); + +/* Internal functions */ +static void UpdateDefaultCache (void); /* * The way Kerberos v4 normally works is that at any given point in time there is a @@ -317,7 +326,7 @@ krb_get_cred ( #ifdef USE_LOGIN_LIBRARY // If we are requesting a tgt, prompt for it - if (strncmp (service, TICKET_GRANTING_TICKET, ANAME_SZ) == 0) { + if (strncmp (service, KRB_TICKET_GRANTING_TICKET, ANAME_SZ) == 0) { OSStatus err; char *cacheName; KLPrincipal defaultPrincipal = nil; @@ -450,7 +459,7 @@ tkt_string (void) * Synchronize default cache for this process with system default cache */ -void +static void UpdateDefaultCache (void) { cc_string_t name; diff --git a/src/lib/krb4/ChangeLog b/src/lib/krb4/ChangeLog index 0be239277..9c53ca17b 100644 --- a/src/lib/krb4/ChangeLog +++ b/src/lib/krb4/ChangeLog @@ -1,3 +1,37 @@ +2003-03-06 Alexandra Ellwood + + * CCache-glue.c: Added prototypes for deprecated functions. + Made internal functions static. Removed unused CoreServices + include. Changed TICKET_GRANTING_TICKET to new macro: + KRB_TICKET_GRANTING_TICKET. + + * change_password.c: Added check of inputs to krb_change_password + so we don't crash on bad inputs. Call des_string_to_key not + mit_password_to_key on all platforms because we don't want to + prompt for a password. + + * FSp-glue.c: Added prototypes for deprecated functions. Changed to + use KfM's FSSpecToPOSIXPath which correctly handles FSSpecs where + the file does not exist. + + * g_in_tkt.c: Added explanatory comments. Made TARGET_OS_MAC sections + a little smaller and easier to read. + + * g_pw_in_tkt.c: Only prompt when we are not using the login library. + This is so that Darwin builds do prompt but KfM builds don't. + + * g_svc_in_tkt.c, g_tkt_svc.c: Changed to use KRB_TICKET_GRANTING_TICKET. + + * kadm_net.c: Use autoconf variable krb5_sigtype instead of sigtype, + which doesn't seem to be defined on Mac OS X. + + * krb4int.h, RealmsConfig-glue.c: Removed krb_get_stk(). + + * rd_req.c: Added #ifdef KRB4_USE_KEYTAB to avoid unused variable warning + when KRB4_USE_KEYTAB is not defined. + + * sendauth.c: Fixed warnings with casts. + 2003-03-04 Ken Raeburn * password_to_key.c (mit_passwd_to_key, afs_passwd_to_key): diff --git a/src/lib/krb4/FSp-glue.c b/src/lib/krb4/FSp-glue.c index f8d6be13d..7bf0e7b54 100644 --- a/src/lib/krb4/FSp-glue.c +++ b/src/lib/krb4/FSp-glue.c @@ -31,12 +31,18 @@ #include #include -#if TARGET_OS_MAC && defined(__FILES__) - -#include +#include +/* + * These functions are compiled in for ABI compatibility with older versions of KfM. + * They are deprecated so they do not appear in the KfM headers anymore. + * + * Do not change their ABIs! + */ +int KRB5_CALLCONV FSp_krb_get_svc_in_tkt (char *, char *, char *, char *, char *, int, const FSSpec *); +int KRB5_CALLCONV FSp_put_svc_key (const FSSpec *, char *, char *, char *, int, char *); +int KRB5_CALLCONV FSp_read_service_key (char *, char *, char *, int, const FSSpec*, char *); -static int FSp_srvtab_to_key(char *, char *, char *, char *, C_Block); -static OSStatus FSSpec2Path (FSSpec *spec, char **path, int pathLen); +static int FSp_srvtab_to_key (char *, char *, char *, char *, C_Block); int KRB5_CALLCONV FSp_read_service_key( @@ -50,7 +56,7 @@ FSp_read_service_key( int retval = KFAILURE; char file [MAXPATHLEN]; if (filespec != NULL) { - if (FSSpec2Path (filespec, &file, sizeof(file)) != noErr) { + if (FSSpecToPOSIXPath (filespec, file, sizeof(file)) != noErr) { return retval; } } @@ -74,7 +80,7 @@ FSp_put_svc_key( char sfile[MAXPATHLEN]; if (sfilespec != NULL) { - if (FSSpec2Path (sfilespec, &sfile, sizeof(sfile)) != noErr) { + if (FSSpecToPOSIXPath (sfilespec, sfile, sizeof(sfile)) != noErr) { return retval; } } @@ -104,32 +110,3 @@ static int FSp_srvtab_to_key(char *user, char *instance, char *realm, return FSp_read_service_key(user, instance, realm, 0, (FSSpec *)srvtab, (char *)key); } - -static OSStatus FSSpec2Path (FSSpec *spec, char **path, int pathLen) -{ - OSStatus err = noErr; - FSRef ref; - - /* check parameters */ - if (path == NULL) err = paramErr; - - /* convert the FSSpec to an FSRef */ - if (err == noErr) { - FSRefParam pb; - - pb.ioVRefNum = spec->vRefNum; - pb.ioDirID = spec->parID; - pb.ioNamePtr = (StringPtr) spec->name; - pb.newRef = &ref; - err = PBMakeFSRefSync(&pb); - } - - /* and then convert the FSRef to a path */ - if (err == noErr) { - err = FSRefMakePath (&ref, path, pathLen); - } - - return err; -} - -#endif diff --git a/src/lib/krb4/RealmsConfig-glue.c b/src/lib/krb4/RealmsConfig-glue.c index fe2c01bff..52437ee98 100644 --- a/src/lib/krb4/RealmsConfig-glue.c +++ b/src/lib/krb4/RealmsConfig-glue.c @@ -33,19 +33,12 @@ #include #include #include -#if TARGET_OS_MAC -#include -#endif #include "profile.h" #include "krb.h" #include "krb4int.h" #include "port-sockets.h" -#ifdef USE_CCAPI -#include -#endif - #define KRB5_PRIVATE 1 /* For krb5_get_default_config_files and krb5_free_config_files */ #include "krb5.h" @@ -478,75 +471,6 @@ krb_get_krbhst( return result; } -#ifdef USE_CCAPI -/* - * Realm -> string_to_key mapping - */ -int -krb_get_stk( - KRB_UINT32 *type, - char *realm) -{ - long profErr = 0; - const char *names[] = {REALMS_V4_PROF_REALMS_SECTION, NULL, - REALMS_V4_PROF_STK, NULL}; - profile_t profile = NULL; - void *iter = NULL; - char *name = NULL; - char *value = NULL; - int found = 0; - - names[1] = realm; - - profErr = krb_get_profile(&profile); - if (profErr) { - goto cleanup; - } - - profErr = profile_iterator_create(profile, names, - PROFILE_ITER_RELATIONS_ONLY, &iter); - if (profErr) { - goto cleanup; - } - - profErr = profile_iterator(&iter, &name, &value); - if (profErr) { - goto cleanup; - } - - if (name != NULL) { - if (!strncmp(value, REALMS_V4_MIT_STK, strlen(REALMS_V4_MIT_STK))) { - *type = cc_v4_stk_des; - found = 1; - } else if (!strncmp(value, REALMS_V4_AFS_STK, - strlen(REALMS_V4_AFS_STK))) { - *type = cc_v4_stk_afs; - found = 1; - } else if (!strncmp(value, REALMS_V4_COLUMBIA_STK, - strlen(REALMS_V4_COLUMBIA_STK))) { - *type = cc_v4_stk_columbia_special; - found = 1; - } - } - -cleanup: - if (name != NULL) - profile_release_string(name); - if (value != NULL) - profile_release_string(value); - if (iter != NULL) - profile_iterator_free(&iter); - if (profile != NULL) - profile_abandon(profile); - - /* If this fails, we just rely on autodetecting the realm */ - if (!found) { - *type = cc_v4_stk_unknown; - } - return KSUCCESS; -} -#endif /* USE_CCAPI */ - /* * Hostname -> realm name mapping * diff --git a/src/lib/krb4/change_password.c b/src/lib/krb4/change_password.c index 2dfff2475..a6e4d7b29 100644 --- a/src/lib/krb4/change_password.c +++ b/src/lib/krb4/change_password.c @@ -54,6 +54,13 @@ krb_change_password(char *principal, char *instance, char *realm, u_char *p; err = 0; + + /* Check inputs: */ + if (principal == NULL || instance == NULL || realm == NULL || + oldPassword == NULL || newPassword == NULL) { + return KFAILURE; + } + /* * Get tickets to change the old password and shove them in the * client_parm @@ -64,12 +71,10 @@ krb_change_password(char *principal, char *instance, char *realm, if (err != KSUCCESS) goto cleanup; -#if TARGET_OS_MAC /* Now create the key to send to the server */ - mit_passwd_to_key(principal, instance, realm, newPassword, key); -#else - des_string_to_key(newPassword, key); /* XXX check this! */ -#endif + /* Use this and not mit_password_to_key so that we don't prompt */ + des_string_to_key(newPassword, key); + /* Create the link to the server */ err = kadm_init_link(PWSERV_NAME, KRB_MASTER, realm, &client_parm, 1); if (err != KADM_SUCCESS) diff --git a/src/lib/krb4/g_in_tkt.c b/src/lib/krb4/g_in_tkt.c index a00ee47d9..4d5286a98 100644 --- a/src/lib/krb4/g_in_tkt.c +++ b/src/lib/krb4/g_in_tkt.c @@ -48,8 +48,7 @@ typedef int (*decrypt_tkt_type) (char *, char *, char *, char *, static int decrypt_tkt(char *, char *, char *, char *, key_proc_type, KTEXT *); static int krb_mk_in_tkt_preauth(char *, char *, char *, char *, char *, - int, char *, int, KTEXT, int *, - struct sockaddr_in *); + int, char *, int, KTEXT, int *, struct sockaddr_in *); static int krb_parse_in_tkt_creds(char *, char *, char *, char *, char *, int, KTEXT, int, CREDENTIALS *); @@ -434,8 +433,10 @@ krb_get_in_tkt_preauth_creds(user, instance, realm, service, sinstance, life, service, sinstance, life, cip, byteorder, creds); } while ((keyprocs [++i] != NULL) && (kerror == INTK_BADPW)); - if (laddrp != NULL) - *laddrp = local_addr.sin_addr.s_addr; + /* Fill in the local address if the caller wants it */ + if (laddrp != NULL) { + *laddrp = local_addr.sin_addr.s_addr; + } /* stomp stomp stomp */ memset(cip->dat, 0, (size_t)cip->length); @@ -456,17 +457,16 @@ krb_get_in_tkt_creds(user, instance, realm, service, sinstance, life, char *arg; CREDENTIALS *creds; { -#if TARGET_OS_MAC /* XXX */ - return krb_get_in_tkt_preauth_creds(user, instance, realm, - service, sinstance, life, - key_proc, decrypt_proc, arg, - NULL, 0, creds, &creds.address); +#if TARGET_OS_MAC + KRB_UINT32 *laddrp = &creds->address; #else + KRB_UINT32 *laddrp = NULL; /* Only the Mac stores the address */ +#endif + return krb_get_in_tkt_preauth_creds(user, instance, realm, service, sinstance, life, key_proc, decrypt_proc, arg, - NULL, 0, creds, NULL); -#endif + NULL, 0, creds, laddrp); } int KRB5_CALLCONV diff --git a/src/lib/krb4/g_pw_in_tkt.c b/src/lib/krb4/g_pw_in_tkt.c index 54f97ff72..494a05951 100644 --- a/src/lib/krb4/g_pw_in_tkt.c +++ b/src/lib/krb4/g_pw_in_tkt.c @@ -116,7 +116,7 @@ krb_get_pw_in_tkt(user,instance,realm,service,sinstance,life,password) int life; char *password; { -#if defined(_WIN32) || defined(macintosh) +#if defined(_WIN32) || (defined(USE_LOGIN_LIBRARY) && USE_LOGIN_LIBRARY) /* In spite of the comments above, we don't allow that path here, to simplify coding the non-UNIX clients. The only code that now depends on this behavior is the preauth support, which has a @@ -173,7 +173,7 @@ krb_get_pw_in_tkt_preauth(user,instance,realm,service,sinstance,life,password) key_proc_type *keyprocs = krb_get_keyprocs (NULL); int i = 0; -#if defined(_WIN32) || USE_LOGIN_LIBRARY +#if defined(_WIN32) || (defined(USE_LOGIN_LIBRARY) && USE_LOGIN_LIBRARY) /* On non-Unix systems, we can't handle a null password, because passwd_to_key can't handle prompting for the password. */ if (password == 0) diff --git a/src/lib/krb4/g_svc_in_tkt.c b/src/lib/krb4/g_svc_in_tkt.c index 7b15f62ae..7ed4efd2a 100644 --- a/src/lib/krb4/g_svc_in_tkt.c +++ b/src/lib/krb4/g_svc_in_tkt.c @@ -131,7 +131,7 @@ krb_svc_init(user,instance,realm,lifetime,srvtab_file,tkt_file) krb_set_tkt_string(tkt_file); return krb_get_svc_in_tkt(user,instance,realm, - "krbtgt",realm,lifetime,srvtab_file); + KRB_TICKET_GRANTING_TICKET,realm,lifetime,srvtab_file); } @@ -148,5 +148,5 @@ krb_svc_init_preauth(user,instance,realm,lifetime,srvtab_file,tkt_file) krb_set_tkt_string(tkt_file); return krb_get_svc_in_tkt_preauth(user,instance,realm, - "krbtgt",realm,lifetime,srvtab_file); + KRB_TICKET_GRANTING_TICKET,realm,lifetime,srvtab_file); } diff --git a/src/lib/krb4/g_tkt_svc.c b/src/lib/krb4/g_tkt_svc.c index f62571fb4..a16451776 100644 --- a/src/lib/krb4/g_tkt_svc.c +++ b/src/lib/krb4/g_tkt_svc.c @@ -142,7 +142,7 @@ krb_get_ticket_for_service (serviceName, buf, buflen, checksum, sessionKey, FIXME gnu - I think this is a bug. We should allow direct authentication to the desired realm, regardless of what the "local" realm is. I fixed it. FIXME -- not quite right. */ - err = krb_get_cred ("krbtgt", realm, lrealm, &cr); + err = krb_get_cred (KRB_TICKET_GRANTING_TICKET, realm, lrealm, &cr); if (err) return err; diff --git a/src/lib/krb4/kadm_net.c b/src/lib/krb4/kadm_net.c index 2ea4f371d..189f04f1e 100644 --- a/src/lib/krb4/kadm_net.c +++ b/src/lib/krb4/kadm_net.c @@ -54,7 +54,7 @@ static void clear_secrets(des_cblock sess_key, Key_schedule sess_sched); /* XXX FIXME! */ #ifdef SIGPIPE -static sigtype (*opipe)(); +static krb5_sigtype (*opipe)(); #endif /* diff --git a/src/lib/krb4/krb4int.h b/src/lib/krb4/krb4int.h index 9857b4cae..e513cfeda 100644 --- a/src/lib/krb4/krb4int.h +++ b/src/lib/krb4/krb4int.h @@ -56,8 +56,7 @@ int k_gethostname(char *, int); int krb_get_in_tkt_preauth_creds(char *, char *, char *, char *, char *, int, key_proc_type, decrypt_tkt_type, - char *, char *, int, CREDENTIALS *, - KRB_UINT32 *); + char *, char *, int, CREDENTIALS *, KRB_UINT32 *); /* klog.c */ void kset_logfile(char *); @@ -107,7 +106,6 @@ int krb_set_default_user (char *); /* RealmConfig-glue.c */ int krb_get_kpasswdhst(char *, char *, int); -int krb_get_stk(KRB_UINT32 *type, char *realm); /* err_txt.c */ void krb4int_et_init(void); diff --git a/src/lib/krb4/rd_req.c b/src/lib/krb4/rd_req.c index 1b8de0cf3..92faf0cd9 100644 --- a/src/lib/krb4/rd_req.c +++ b/src/lib/krb4/rd_req.c @@ -466,7 +466,9 @@ krb_rd_req(authent, service, instance, from_addr, ad, fn) unsigned char s_kvno; char realm[REALM_SZ]; unsigned char skey[KKEY_SZ]; +#ifdef KRB4_USE_KEYTAB krb5_keyblock keyblock; +#endif int len; int status; diff --git a/src/lib/krb4/sendauth.c b/src/lib/krb4/sendauth.c index d4ae44ef3..83729442a 100644 --- a/src/lib/krb4/sendauth.c +++ b/src/lib/krb4/sendauth.c @@ -135,7 +135,7 @@ krb_net_rd_sendauth (fd, reply, raw_len) /* get the length of the reply */ reread: - got = krb_net_read(fd, raw_len, sizeof(KRB4_32)); + got = krb_net_read(fd, (char *)raw_len, sizeof(KRB4_32)); if (got != sizeof(KRB4_32)) return KFAILURE; @@ -240,7 +240,7 @@ krb_sendauth(options, fd, ticket, service, inst, realm, checksum, return(cc); /* Get the reply out of the socket. */ - cc = krb_net_rd_sendauth (fd, packet, (char *)&raw_tkt_len); + cc = krb_net_rd_sendauth (fd, packet, &raw_tkt_len); if (cc != KSUCCESS) return cc; -- 2.26.2