From fb1227598fe0dd87d21f1ada456e0132c1dd3326 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Thu, 12 Dec 2002 21:25:51 +0000 Subject: [PATCH] More KfM merge work Create new file FSp-glue.c including KfM functions that had previously been scattered through various other files. Port RealmsConfig-glue.c from KfM, including old Unix-ish krb4 configuration code as fallback. Remove other files containing old realm/config file support. Add KRB5_CALLCONV to krb_get_in_tkt_creds. Fix various functions to take const char* as arguments now that tkt_string() returns const. Assorted minor cleanup. Implement krb_get_err_text in terms of com_err. Implement gross kludge to force krb_err_txt to remain in sync with com_err. ticket: 1189 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15046 dc483132-0cff-0310-8789-dd5450dbe970 --- src/appl/telnet/libtelnet/ChangeLog | 7 + src/appl/telnet/libtelnet/kerberos.c | 6 +- src/appl/telnet/libtelnet/strcasecmp.c | 2 +- src/include/kerberosIV/ChangeLog | 9 + src/include/kerberosIV/des.h | 5 +- src/include/kerberosIV/krb.h | 82 +-- src/kdc/ChangeLog | 5 + src/kdc/kerberos_v4.c | 2 +- src/lib/krb4/ChangeLog | 49 ++ src/lib/krb4/FSp-glue.c | 105 ++++ src/lib/krb4/Makefile.in | 201 ++++---- src/lib/krb4/RealmsConfig-glue.c | 685 +++++++++++++++++++++++++ src/lib/krb4/dest_tkt.c | 2 +- src/lib/krb4/err_txt.c | 341 +++--------- src/lib/krb4/g_admhst.c | 78 --- src/lib/krb4/g_in_tkt.c | 15 +- src/lib/krb4/g_krbhst.c | 97 ---- src/lib/krb4/g_krbrlm.c | 63 --- src/lib/krb4/g_svc_in_tkt.c | 31 +- src/lib/krb4/g_tf_fname.c | 2 +- src/lib/krb4/g_tf_realm.c | 32 +- src/lib/krb4/in_tkt.c | 3 +- src/lib/krb4/krb4int.h | 42 +- src/lib/krb4/krb_err.et | 658 +++++++++++++++++++++--- src/lib/krb4/realmofhost.c | 152 ------ src/lib/krb4/send_to_kdc.c | 27 +- src/lib/krb4/tf_util.c | 2 +- 27 files changed, 1772 insertions(+), 931 deletions(-) create mode 100644 src/lib/krb4/FSp-glue.c create mode 100644 src/lib/krb4/RealmsConfig-glue.c delete mode 100644 src/lib/krb4/g_admhst.c delete mode 100644 src/lib/krb4/g_krbhst.c delete mode 100644 src/lib/krb4/g_krbrlm.c delete mode 100644 src/lib/krb4/realmofhost.c diff --git a/src/appl/telnet/libtelnet/ChangeLog b/src/appl/telnet/libtelnet/ChangeLog index add745afd..17b61b5c5 100644 --- a/src/appl/telnet/libtelnet/ChangeLog +++ b/src/appl/telnet/libtelnet/ChangeLog @@ -1,3 +1,10 @@ +2002-12-12 Tom Yu + + * kerberos.c (kerberos4_send, kerberos4_is): Use + krb_get_err_text() instead of krb_err_txt array. + + * strcasecmp.c: Include sys/types.h rather than sys/cdefs.h. + 2002-11-15 Ezra Peisach * enc-proto.h, enc_des.c, encrypt.c: Unsigned/signed cleanups. diff --git a/src/appl/telnet/libtelnet/kerberos.c b/src/appl/telnet/libtelnet/kerberos.c index 3a722064a..56a073191 100644 --- a/src/appl/telnet/libtelnet/kerberos.c +++ b/src/appl/telnet/libtelnet/kerberos.c @@ -242,11 +242,11 @@ kerberos4_send(ap) return(0); } if ((r = krb_mk_req(&kauth, KRB_SERVICE_NAME, instance, realm, 0))) { - printf("mk_req failed: %s\r\n", krb_err_txt[r]); + printf("mk_req failed: %s\r\n", krb_get_err_text(r)); return(0); } if ((r = krb_get_cred(KRB_SERVICE_NAME, instance, realm, &cred))) { - printf("get_cred failed: %s\r\n", krb_err_txt[r]); + printf("get_cred failed: %s\r\n", krb_get_err_text(r)); return(0); } if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) { @@ -395,7 +395,7 @@ kerberos4_is(ap, data, cnt) instance, 0, &adat, ""))) { if (auth_debug_mode) printf("Kerberos failed him as %s\r\n", name); - Data(ap, KRB_REJECT, (const void *)krb_err_txt[r], -1); + Data(ap, KRB_REJECT, (const void *)krb_get_err_text(r), -1); auth_finished(ap, AUTH_REJECT); return; } diff --git a/src/appl/telnet/libtelnet/strcasecmp.c b/src/appl/telnet/libtelnet/strcasecmp.c index 3c1140b0f..edd9f1415 100644 --- a/src/appl/telnet/libtelnet/strcasecmp.c +++ b/src/appl/telnet/libtelnet/strcasecmp.c @@ -35,7 +35,7 @@ #define const #endif -#include +#include #ifdef HAVE_STRING_H #include #else diff --git a/src/include/kerberosIV/ChangeLog b/src/include/kerberosIV/ChangeLog index 5deb71aee..3c51cea39 100644 --- a/src/include/kerberosIV/ChangeLog +++ b/src/include/kerberosIV/ChangeLog @@ -1,3 +1,12 @@ +2002-12-12 Tom Yu + + * krb.h: Change _WINDOWS->_WIN32. Add symbols for + RealmsConfig-glue.c. Remove explicit errno declaration. Fix some + prototypes of functions in RealmsConfig-glue.c to take const char* + for realm. Update prorotypes of functions that may take a ticket + file name to take const char*. Collect prototypes of FSp-glue.c + functions together. + 2002-12-04 Tom Yu * des.h: Move explicit definition of _WINDOWS to precede diff --git a/src/include/kerberosIV/des.h b/src/include/kerberosIV/des.h index 25826f751..37e934398 100644 --- a/src/include/kerberosIV/des.h +++ b/src/include/kerberosIV/des.h @@ -110,10 +110,7 @@ KRBINT_END_DECLS #ifndef KRB5INT_CRYPTO_DES_INT #define DES_DEFS -#if defined(_WIN32) && !defined(_WINDOWS) -#define _WINDOWS -#endif -#if defined(_WINDOWS) +#if defined(_WIN32) #ifndef KRB4 #define KRB4 1 #endif diff --git a/src/include/kerberosIV/krb.h b/src/include/kerberosIV/krb.h index fe28111c4..9e9a151ce 100644 --- a/src/include/kerberosIV/krb.h +++ b/src/include/kerberosIV/krb.h @@ -43,14 +43,12 @@ /* Need some defs from des.h */ #include - -#include /* XXX FIXME! */ - +#include #include -#ifdef _WINDOWS +#ifdef _WIN32 #include -#endif /* _WINDOWS */ +#endif /* _WIN32 */ #ifdef __cplusplus #ifndef KRBINT_BEGIN_DECLS @@ -75,9 +73,8 @@ KRBINT_BEGIN_DECLS #define KRB_INT32 DES_INT32 #define KRB_UINT32 DES_UINT32 -/* Text describing error codes */ #define MAX_KRB_ERRORS 256 -extern const char *const krb_err_txt[MAX_KRB_ERRORS]; +extern const char * const * const krb_err_txt; /* General definitions */ #define KSUCCESS 0 @@ -212,12 +209,12 @@ typedef struct msg_dat MSG_DAT; /* Location of ticket file for save_cred and get_cred */ -#ifdef _WINDOWS +#ifdef _WIN32 #define TKT_FILE "\\kerberos\\ticket.ses" #else #define TKT_FILE tkt_string() #define TKT_ROOT "/tmp/tkt" -#endif /* PC */ +#endif /* _WIN32 */ /* * Error codes are now defined as offsets from com_err (krb_err.et) @@ -355,7 +352,7 @@ typedef struct msg_dat MSG_DAT; #endif /* ATHENA_COMPAT */ -#ifdef _WINDOWS +#ifdef _WIN32 #define TIME_GMT_UNIXSEC win_time_gmt_unixsec((unsigned KRB4_32 *)0) #define TIME_GMT_UNIXSEC_US(us) win_time_gmt_unixsec((us)) #define CONVERT_TIME_EPOCH win_time_get_epoch() @@ -368,8 +365,22 @@ typedef struct msg_dat MSG_DAT; #define TIME_GMT_UNIXSEC unix_time_gmt_unixsec((unsigned KRB4_32 *)0) #define TIME_GMT_UNIXSEC_US(us) unix_time_gmt_unixsec((us)) #define CONVERT_TIME_EPOCH ((long)0) /* Unix epoch is Krb epoch */ -#endif /*_WINDOWS*/ - +#endif /* _WIN32 */ + +/* Constants for KerberosProfileLib */ +#define REALMS_V4_PROF_REALMS_SECTION "v4 realms" +#define REALMS_V4_PROF_KDC "kdc" +#define REALMS_V4_PROF_ADMIN_KDC "admin_server" +#define REALMS_V4_PROF_KPASSWD_KDC "kpasswd_server" +#define REALMS_V4_PROF_DOMAIN_SECTION "v4 domain_realm" +#define REALMS_V4_PROF_LIBDEFAULTS_SECTION "libdefaults" +#define REALMS_V4_PROF_LOCAL_REALM "default_realm" +#define REALMS_V4_PROF_STK "string_to_key_type" +#define REALMS_V4_MIT_STK "mit_string_to_key" +#define REALMS_V4_AFS_STK "afs_string_to_key" +#define REALMS_V4_COLUMBIA_STK "columbia_string_to_key" +#define REALMS_V4_DEFAULT_REALM "default_realm" +#define REALMS_V4_NO_ADDRESSES "noaddresses" /* ask to disable IP address checking in the library */ extern int krb_ignore_ip_address; @@ -384,14 +395,6 @@ extern int krb_debug; #define DEB(x) /* nothing */ #endif -/* - * Some Unixes don't declare errno in ... - * Move this out to individual c-*.h files if it becomes troublesome. - */ -#if !defined(errno) && !defined(_WINDOWS) -extern int errno; -#endif - /* Define a couple of function types including parameters. These are needed on MS-Windows to convert arguments of the function pointers to the proper types during calls. */ @@ -449,7 +452,7 @@ int KRB5_CALLCONV krb_get_in_tkt_creds(char *, char *, char *, char *, char *, /* g_krbhst.c */ int KRB5_CALLCONV krb_get_krbhst - (char *host, char *realm, int idx); + (char *host, const char *realm, int idx); /* g_krbrlm.c */ int KRB5_CALLCONV krb_get_lrealm (char *realm, int idx); @@ -477,18 +480,13 @@ int KRB5_CALLCONV krb_get_svc_in_tkt (char *k_user, char *instance, char *realm, char *service, char *sinstance, int life, char *srvtab); -#if TARGET_OS_MAC && defined(__FILES__) -int KRB5_CALLCONV -FSp_krb_get_svc_in_tkt(char *, char *, char *, char *, char *, - int, const FSSpec *); -#endif /* g_tf_fname.c */ int KRB5_CALLCONV krb_get_tf_fullname - (char *ticket_file, char *name, char *inst, char *realm); + (const char *ticket_file, char *name, char *inst, char *realm); /* g_tf_realm.c */ int KRB5_CALLCONV krb_get_tf_realm - (char *ticket_file, char *realm); + (const char *ticket_file, char *realm); /* g_tkt_svc.c */ int KRB5_CALLCONV krb_get_ticket_for_service (char *serviceName, @@ -504,7 +502,7 @@ int KRB5_CALLCONV krb_in_tkt int KRB5_CALLCONV kname_parse (char *name, char *inst, char *realm, char *fullname); -/* From KfM XXX to be merged*/ +/* Merged from KfM */ int KRB5_CALLCONV kname_unparse (char *, const char *, const char *, const char *); @@ -587,10 +585,6 @@ int KRB5_CALLCONV put_svc_key (char *sfile, char *name, char *inst, char *realm, int newvno, char *key); -#if TARGET_OS_MAC && defined(__FILES__) -int KRB5_CALLCONV FSp_put_svc_key(const FSSpec *, char *, char *, char *, - int, char *); -#endif /* rd_err.c */ int KRB5_CALLCONV krb_rd_err @@ -626,10 +620,6 @@ int KRB5_CALLCONV read_service_key int KRB5_CALLCONV get_service_key (char *service, char *instance, char *realm, int *kvno, char *file, char *key); -#if TARGET_OS_MAC && defined(__FILES__) -int KRB5_CALLCONV FSp_read_service_key(char *, char *, char *, - int, const FSSpec*, char *); -#endif /* realmofhost.c */ char * KRB5_CALLCONV krb_realmofhost @@ -669,7 +659,7 @@ void KRB5_CALLCONV krb_set_tkt_string (char *); /* tf_util.c */ -int KRB5_CALLCONV tf_init (char *tf_name, int rw); +int KRB5_CALLCONV tf_init (const char *tf_name, int rw); int KRB5_CALLCONV tf_get_pname (char *p); @@ -727,6 +717,16 @@ extern int krb_set_key_krb5(krb5_context ctx, krb5_keyblock *key); #endif +/* FSp-glue.c */ +#if TARGET_OS_MAC && defined(__FILES__) +int KRB5_CALLCONV FSp_krb_get_svc_in_tkt(char *, char *, char *, char *, + char *, int, const FSSpec *); +int KRB5_CALLCONV FSp_put_svc_key(const FSSpec *, char *, char *, char *, + int, char *); +int KRB5_CALLCONV FSp_read_service_key(char *, char *, char *, + int, const FSSpec*, char *); +#endif + #if TARGET_OS_MAC /* * KfM krb.hin had the following, probably inherited from CNS: @@ -756,11 +756,11 @@ dest_all_tkts(void); int KRB5_CALLCONV krb_change_password(char *, char *, char *, char *, char *); /* - * RealmConfig-glue.c from KfM XXX to be merged + * RealmsConfig-glue.c -- merged from KfM */ -extern int KRB5_CALLCONV krb_get_profile(profile_t *profile); +int KRB5_CALLCONV krb_get_profile(profile_t *); -#ifdef _WINDOWS +#ifdef _WIN32 HINSTANCE get_lib_instance(void); unsigned int krb_get_notification_message(void); char * KRB5_CALLCONV krb_get_default_user(void); diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog index 7978904ea..aa5d3446e 100644 --- a/src/kdc/ChangeLog +++ b/src/kdc/ChangeLog @@ -1,3 +1,8 @@ +2002-12-12 Tom Yu + + * kerberos_v4.c (kerberos_v4): Use krb_get_err_text() instead of + krb_err_txt array. + 2002-11-26 Tom Yu * Makefile.in: Update dependencies. diff --git a/src/kdc/kerberos_v4.c b/src/kdc/kerberos_v4.c index d8a7ce452..a27f95a7c 100644 --- a/src/kdc/kerberos_v4.c +++ b/src/kdc/kerberos_v4.c @@ -837,7 +837,7 @@ kerberos_v4(struct sockaddr_in *client, KTEXT pkt) if (kerno) { klog(L_ERR_UNK, "FAILED krb_rd_req from %s: %s", - inet_ntoa(client_host), krb_err_txt[kerno]); + inet_ntoa(client_host), krb_get_err_text(kerno)); req_name_ptr = req_inst_ptr = req_realm_ptr = ""; kerb_err_reply(client, pkt, kerno, "krb_rd_req failed"); return; diff --git a/src/lib/krb4/ChangeLog b/src/lib/krb4/ChangeLog index e105880a0..b5e1fd40e 100644 --- a/src/lib/krb4/ChangeLog +++ b/src/lib/krb4/ChangeLog @@ -1,3 +1,52 @@ +2002-12-12 Tom Yu + + * FSp-glue.c: Extracted and ported from various files from KfM. + Not built on Unix. + + * Makefile.in: Removed srcdir references from various SRCS + variables. Stop building krb_err.o because of gross hack in + err_txt.c. Adjust some dependency generation things. + (REALMDBOBJS): Use RealmsConfig-glue instead of lots of other + files. + (LOCALINCLUDES): Use current directory, so we can pick up + krb_err.c as an include file. + + * RealmsConfig-glue.c: Ported from KfM and cleaned up. Old + REALMDBSRCS inlined here too. + + * g_admhst.c, g_in_tkt.c, g_krbhst.c, g_krbrlm.c, realmofhost.c: + Removed. Functionality is now in RealmsConfig-glue.c. + + * g_in_tkt.c (krb_get_in_tkt_creds): Add KRB5_CALLCONV. + + * dest_tkt.c (dest_tkt): TKT_FILE now assigned to a const char *, + due to change in tkt_string() return type. + + * err_txt.c: Much grossness. Suck in krb_err.c here, so we can + use the static array to initialize the krb_err_txt array. + + * g_in_tkt.c: Call krb4int_send_to_kdc_addr() on MacOS. + + * g_svc_in_tkt.c: Fix up copyright notice; punt gratuitous + definition of NULL. + + * g_tf_fname.c (krb_get_tf_fullname): Takes a const char * for + ticket file name now, due to change in tkt_string() return type. + + * g_tf_realm.c (krb_get_tf_realm): Takes a const char * for ticket + file name now, due to change in tkt_string() return type. + + * in_tkt.c: Include errno.h. + (in_tkt): TKT_FILE now assigned to a const char *, due to change + in tkt_string() return type. + + * krb4int.h: Add prototype for krb_get_in_tkt_preauth_creds(). + Fix _WINDOWS->_WIN32. + + * krb_err.et: Sync somewhat with old contents of err_txt.c. + + * tf_util.c (tf_init): Takes const char *tf_name now. + 2002-12-06 Tom Yu * g_ad_tkt.c (get_ad_tkt): Add KRB5_CALLCONV. diff --git a/src/lib/krb4/FSp-glue.c b/src/lib/krb4/FSp-glue.c new file mode 100644 index 000000000..a3b35dc2b --- /dev/null +++ b/src/lib/krb4/FSp-glue.c @@ -0,0 +1,105 @@ +/* + * lib/krb4/FSp-glue.c + * + * Copyright 1985, 1986, 1987, 1988, 2002 by the Massachusetts + * Institute of Technology. All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * MacOS-specific glue for using FSSpecs to deal with srvtabs. + */ + +#include "krb.h" +#include "krb4int.h" +#include +#include + +#if TARGET_OS_MAC && defined(__FILES__) + +#include + +static int FSp_srvtab_to_key(char *, char *, char *, char *, C_Block); + +int KRB5_CALLCONV +FSp_read_service_key( + char *service, /* Service Name */ + char *instance, /* Instance name or "*" */ + char *realm, /* Realm */ + int kvno, /* Key version number */ + const FSSpec *filespec, /* Filespec */ + char *key) /* Pointer to key to be filled in */ +{ + int retval = KFAILURE; + char *file = NULL; + if (filespec != NULL) { + if (FSpGetFullPOSIXPath (filespec, &file) != noErr) { + return retval; + } + } + retval = read_service_key(service, instance, realm, kvno, file, key); + if (file != NULL) { + free (file); + } + return retval; +} + +int KRB5_CALLCONV +FSp_put_svc_key( + const FSSpec *sfilespec, + char *name, + char *inst, + char *realm, + int newvno, + char *key) +{ + int retval = KFAILURE; + char *sfile = NULL; + if (sfilespec != NULL) { + if (FSpGetFullPOSIXPath (sfilespec, &sfile) != noErr) { + return retval; + } + } + retval = put_svc_key(sfile, name, inst, realm, newvno, key); + if (sfile != NULL) { + free (sfile); + } + return retval; +} + +int KRB5_CALLCONV +FSp_krb_get_svc_in_tkt( + char *user, char *instance, char *realm, + char *service, char *sinstance, int life, + const FSSpec *srvtab) +{ + /* Cast the FSSpec into the password field. It will be pulled out again */ + /* by FSp_srvtab_to_key and used to read the real password */ + return krb_get_in_tkt(user, instance, realm, service, sinstance, + life, FSp_srvtab_to_key, NULL, (char *)srvtab); +} + +static int FSp_srvtab_to_key(char *user, char *instance, char *realm, + char *srvtab, C_Block key) +{ + /* FSp_read_service_key correctly handles a NULL FSSpecPtr */ + return FSp_read_service_key(user, instance, realm, 0, + (FSSpec *)srvtab, (char *)key); +} +#endif diff --git a/src/lib/krb4/Makefile.in b/src/lib/krb4/Makefile.in index 4a5c0063d..f6356a8ed 100644 --- a/src/lib/krb4/Makefile.in +++ b/src/lib/krb4/Makefile.in @@ -2,7 +2,7 @@ thisconfigdir=. myfulldir=lib/krb4 mydir=. BUILDTOP=$(REL)..$(S).. -LOCALINCLUDES = -I$(BUILDTOP)/include/kerberosIV -I$(srcdir)/../../include/kerberosIV +LOCALINCLUDES = -I$(BUILDTOP)/include/kerberosIV -I$(srcdir)/../../include/kerberosIV -I. ##DOS##BUILDTOP = ..\.. ##DOS##LIBNAME=$(OUTPRE)krb4.lib @@ -73,46 +73,46 @@ OBJS = \ $(LIB_KRB_HOSTOBJS) $(SERVER_KRB_OBJS) $(NETIO_OBJS) $(REALMDBOBJS) SRCS = \ - $(srcdir)/change_password.c \ - $(srcdir)/cr_auth_repl.c \ - $(srcdir)/cr_ciph.c \ - $(srcdir)/cr_tkt.c \ - $(srcdir)/debug.c \ - $(srcdir)/decomp_tkt.c \ - $(srcdir)/g_ad_tkt.c \ - $(srcdir)/g_pw_in_tkt.c \ - $(srcdir)/g_phost.c \ - $(srcdir)/g_pw_tkt.c \ - $(srcdir)/g_tkt_svc.c \ - $(srcdir)/getst.c \ - $(srcdir)/gethostname.c \ + change_password.c \ + cr_auth_repl.c \ + cr_ciph.c \ + cr_tkt.c \ + debug.c \ + decomp_tkt.c \ + g_ad_tkt.c \ + g_pw_in_tkt.c \ + g_phost.c \ + g_pw_tkt.c \ + g_tkt_svc.c \ + getst.c \ + gethostname.c \ kadm_err.c \ - $(srcdir)/kadm_net.c \ - $(srcdir)/kadm_stream.c \ - $(srcdir)/kname_parse.c \ - $(srcdir)/err_txt.c \ - $(srcdir)/lifetime.c \ - $(srcdir)/g_in_tkt.c \ - $(srcdir)/mk_auth.c \ - $(srcdir)/mk_err.c \ - $(srcdir)/mk_priv.c \ - $(srcdir)/mk_req.c \ - $(srcdir)/mk_safe.c \ - $(srcdir)/month_sname.c \ - $(srcdir)/pkt_cipher.c \ - $(srcdir)/pkt_clen.c \ - $(srcdir)/prot_client.c \ - $(srcdir)/prot_common.c \ - $(srcdir)/prot_kdc.c \ - $(srcdir)/rd_err.c \ - $(srcdir)/rd_priv.c \ - $(srcdir)/rd_safe.c \ - $(srcdir)/send_to_kdc.c \ - $(srcdir)/stime.c \ - $(srcdir)/strnlen.c \ - $(srcdir)/rd_preauth.c \ - $(srcdir)/mk_preauth.c \ - $(srcdir)/unix_time.c \ + kadm_net.c \ + kadm_stream.c \ + kname_parse.c \ + err_txt.c \ + lifetime.c \ + g_in_tkt.c \ + mk_auth.c \ + mk_err.c \ + mk_priv.c \ + mk_req.c \ + mk_safe.c \ + month_sname.c \ + pkt_cipher.c \ + pkt_clen.c \ + prot_client.c \ + prot_common.c \ + prot_kdc.c \ + rd_err.c \ + rd_priv.c \ + rd_safe.c \ + send_to_kdc.c \ + stime.c \ + strnlen.c \ + rd_preauth.c \ + mk_preauth.c \ + unix_time.c \ $(OSSRCS) $(CACHESRCS) $(SETENVSRCS) $(STRCASESRCS) $(SHMSRCS) \ $(LIB_KRB_HOSTSRCS) $(SERVER_KRB_SRCS) $(NETIO_SRCS) $(REALMDBSRCS) @@ -123,7 +123,7 @@ STOBJLISTS=OBJS.ST # These objects implement the time computation routines. # OSOBJS = $(OUTPRE)unix_time.$(OBJEXT) -OSSRCS = $(srcdir)/unix_time.c +OSSRCS = unix_time.c ##DOS##OSOBJS = $(OUTPRE)win_time.obj @@ -131,10 +131,12 @@ OSSRCS = $(srcdir)/unix_time.c # These objects implement ticket cacheing for Unix. They are # replaced by other files when compiling for Windows or Mac. # -CACHESRCS=$(srcdir)/tf_util.c $(srcdir)/dest_tkt.c $(srcdir)/in_tkt.c \ - $(srcdir)/tkt_string.c $(srcdir)/g_tf_fname.c \ - $(srcdir)/g_tf_realm.c $(srcdir)/g_cred.c $(srcdir)/save_creds.c -CACHEOBJS=$(OUTPRE)tf_util.$(OBJEXT) $(OUTPRE)dest_tkt.$(OBJEXT) $(OUTPRE)in_tkt.$(OBJEXT) \ +CACHESRCS = \ + tf_util.c dest_tkt.c in_tkt.c \ + tkt_string.c g_tf_fname.c g_tf_realm.c \ + g_cred.c save_creds.c +CACHEOBJS = \ + $(OUTPRE)tf_util.$(OBJEXT) $(OUTPRE)dest_tkt.$(OBJEXT) $(OUTPRE)in_tkt.$(OBJEXT) \ $(OUTPRE)tkt_string.$(OBJEXT) $(OUTPRE)g_tf_fname.$(OBJEXT) $(OUTPRE)g_tf_realm.$(OBJEXT) \ $(OUTPRE)g_cred.$(OBJEXT) $(OUTPRE)save_creds.$(OBJEXT) @@ -149,34 +151,33 @@ CACHEOBJS=$(OUTPRE)tf_util.$(OBJEXT) $(OUTPRE)dest_tkt.$(OBJEXT) $(OUTPRE)in_tkt CNFFILE = g_cnffile ##DOS##CNFFILE = win_store -REALMDBSRCS= $(srcdir)/$(CNFFILE).c $(srcdir)/g_krbhst.c $(srcdir)/g_krbrlm.c \ - $(srcdir)/g_admhst.c $(srcdir)/realmofhost.c -REALMDBOBJS= $(OUTPRE)$(CNFFILE).$(OBJEXT) $(OUTPRE)g_krbhst.$(OBJEXT) $(OUTPRE)g_krbrlm.$(OBJEXT) \ - $(OUTPRE)g_admhst.$(OBJEXT) $(OUTPRE)realmofhost.$(OBJEXT) +REALMDBSRCS=$(CNFFILE).c RealmsConfig-glue.c +REALMDBOBJS=$(OUTPRE)$(CNFFILE).$(OBJEXT) $(OUTPRE)RealmsConfig-glue.$(OBJEXT) # # These objects are only used on server or debug implementations of Kerberos, # and they cause some major or minor sort of trouble for some # client-only platform (Mac or Windows). # -SERVER_KRB_SRCS=$(srcdir)/klog.c $(srcdir)/kuserok.c $(srcdir)/log.c \ - $(srcdir)/kntoln.c $(srcdir)/fgetst.c $(srcdir)/rd_svc_key.c \ - $(srcdir)/cr_err_repl.c $(srcdir)/rd_req.c \ - $(srcdir)/g_svc_in_tkt.c $(srcdir)/recvauth.c \ - krb_err.c $(srcdir)/ad_print.c \ - $(srcdir)/cr_death_pkt.c $(srcdir)/kparse.c \ - $(srcdir)/put_svc_key.c $(srcdir)/sendauth.c -SERVER_KRB_OBJS=$(OUTPRE)klog.$(OBJEXT) $(OUTPRE)kuserok.$(OBJEXT) $(OUTPRE)log.$(OBJEXT) \ - $(OUTPRE)kntoln.$(OBJEXT) \ - $(OUTPRE)fgetst.$(OBJEXT) $(OUTPRE)rd_svc_key.$(OBJEXT) $(OUTPRE)cr_err_repl.$(OBJEXT) \ - $(OUTPRE)rd_req.$(OBJEXT) $(OUTPRE)g_svc_in_tkt.$(OBJEXT) $(OUTPRE)recvauth.$(OBJEXT) \ - $(OUTPRE)krb_err.$(OBJEXT) $(OUTPRE)ad_print.$(OBJEXT) $(OUTPRE)cr_death_pkt.$(OBJEXT) \ - $(OUTPRE)kparse.$(OBJEXT) $(OUTPRE)put_svc_key.$(OBJEXT) $(OUTPRE)sendauth.$(OBJEXT) +SERVER_KRB_SRCS = \ + klog.c kuserok.c log.c \ + kntoln.c \ + fgetst.c rd_svc_key.c cr_err_repl.c \ + rd_req.c g_svc_in_tkt.c recvauth.c \ + ad_print.c cr_death_pkt.c \ + kparse.c put_svc_key.c sendauth.c +SERVER_KRB_OBJS = \ + $(OUTPRE)klog.$(OBJEXT) $(OUTPRE)kuserok.$(OBJEXT) $(OUTPRE)log.$(OBJEXT) \ + $(OUTPRE)kntoln.$(OBJEXT) \ + $(OUTPRE)fgetst.$(OBJEXT) $(OUTPRE)rd_svc_key.$(OBJEXT) $(OUTPRE)cr_err_repl.$(OBJEXT) \ + $(OUTPRE)rd_req.$(OBJEXT) $(OUTPRE)g_svc_in_tkt.$(OBJEXT) $(OUTPRE)recvauth.$(OBJEXT) \ + $(OUTPRE)ad_print.$(OBJEXT) $(OUTPRE)cr_death_pkt.$(OBJEXT) \ + $(OUTPRE)kparse.$(OBJEXT) $(OUTPRE)put_svc_key.$(OBJEXT) $(OUTPRE)sendauth.$(OBJEXT) # # These objects are included on Unix and Windows (for kstream and kadm) # but not under Mac (there are no file descriptors). # -NETIO_SRCS=$(srcdir)/netread.c $(srcdir)/netwrite.c +NETIO_SRCS=netread.c netwrite.c NETIO_OBJS=$(OUTPRE)netread.$(OBJEXT) $(OUTPRE)netwrite.$(OBJEXT) # @@ -184,19 +185,17 @@ NETIO_OBJS=$(OUTPRE)netread.$(OBJEXT) $(OUTPRE)netwrite.$(OBJEXT) # (time-of-day access, etc). They are replaced in Mac and Windows # by other _glue.* routines. # -LIB_KRB_HOSTSRCS=$(srcdir)/unix_glue.c +LIB_KRB_HOSTSRCS=unix_glue.c LIB_KRB_HOSTOBJS=$(OUTPRE)unix_glue.$(OBJEXT) ##DOS##LIB_KRB_HOSTOBJS=$(OUTPRE)win_glue.obj ARCHIVEARGS= $@ $(OBJS) -CODE=$(SRCS) Makefile.in krb_err.et - # We want *library* compiler options... DBG=$(DBG_LIB) -all-unix:: krb_err.h kadm_err.h includes all-liblinks +all-unix:: includes all-liblinks ##DOS##LIBOBJS = $(OBJS) @@ -207,8 +206,9 @@ krb_err.c: krb_err.et kadm_err.h: kadm_err.et kadm_err.c: kadm_err.et -depend:: krb_err.h kadm_err.h -depend:: $(CODE) +depend-dependencies: krb_err.h $(EHDRDIR)$(S)krb_err.h \ + kadm_err.h $(EHDRDIR)$(S)kadm_err.h \ + krb_err.c includes: $(EHDRDIR)$(S)krb_err.h $(EHDRDIR)$(S)kadm_err.h @@ -221,8 +221,6 @@ clean-unix:: $(RM) $(EHDRDIR)/krb_err.h $(RM) $(EHDRDIR)/kadm_err.h - - #install-unix:: # $(INSTALL_DATA) krb_err.h $(DESTDIR)$(KRB5_INCDIR)/kerberosIV/krb_err.h @@ -322,10 +320,10 @@ kadm_stream.so kadm_stream.po $(OUTPRE)kadm_stream.$(OBJEXT): kadm_stream.c $(SR kname_parse.so kname_parse.po $(OUTPRE)kname_parse.$(OBJEXT): kname_parse.c $(SRCTOP)/include/kerberosIV/krb.h \ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h -err_txt.so err_txt.po $(OUTPRE)err_txt.$(OBJEXT): err_txt.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ - $(BUILDTOP)/include/profile.h +err_txt.so err_txt.po $(OUTPRE)err_txt.$(OBJEXT): err_txt.c $(SRCTOP)/include/kerberosIV/krb.h \ + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h krb4int.h \ + krb_err.c lifetime.so lifetime.po $(OUTPRE)lifetime.$(OBJEXT): lifetime.c $(SRCTOP)/include/kerberosIV/krb.h \ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h @@ -386,12 +384,14 @@ rd_safe.so rd_safe.po $(OUTPRE)rd_safe.$(OBJEXT): rd_safe.c $(SRCTOP)/include/ke $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \ $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h -send_to_kdc.so send_to_kdc.po $(OUTPRE)send_to_kdc.$(OBJEXT): send_to_kdc.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ - $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/krbports.h \ +send_to_kdc.so send_to_kdc.po $(OUTPRE)send_to_kdc.$(OBJEXT): send_to_kdc.c $(SRCTOP)/include/kerberosIV/krb.h \ + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/krbports.h \ $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \ - $(BUILDTOP)/include/krb5/autoconf.h + $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/fake-addrinfo.h \ + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/k5-int.h \ + $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/kdb.h krb4int.h stime.so stime.po $(OUTPRE)stime.$(OBJEXT): stime.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ @@ -409,9 +409,6 @@ mk_preauth.so mk_preauth.po $(OUTPRE)mk_preauth.$(OBJEXT): mk_preauth.c $(SRCTOP unix_time.so unix_time.po $(OUTPRE)unix_time.$(OBJEXT): unix_time.c $(SRCTOP)/include/kerberosIV/krb.h \ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h -unix_time.so unix_time.po $(OUTPRE)unix_time.$(OBJEXT): unix_time.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ - $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h tf_util.so tf_util.po $(OUTPRE)tf_util.$(OBJEXT): tf_util.c $(SRCTOP)/include/kerberosIV/krb.h \ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/k5-int.h \ @@ -433,10 +430,9 @@ g_tf_fname.so g_tf_fname.po $(OUTPRE)g_tf_fname.$(OBJEXT): g_tf_fname.c $(SRCTOP $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ $(BUILDTOP)/include/profile.h -g_tf_realm.so g_tf_realm.po $(OUTPRE)g_tf_realm.$(OBJEXT): g_tf_realm.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ - $(BUILDTOP)/include/profile.h +g_tf_realm.so g_tf_realm.po $(OUTPRE)g_tf_realm.$(OBJEXT): g_tf_realm.c $(SRCTOP)/include/kerberosIV/krb.h \ + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h g_cred.so g_cred.po $(OUTPRE)g_cred.$(OBJEXT): g_cred.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ @@ -483,17 +479,15 @@ rd_req.so rd_req.po $(OUTPRE)rd_req.$(OBJEXT): rd_req.c $(SRCTOP)/include/kerber $(SRCTOP)/include/kerberosIV/krb.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \ $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/krb54proto.h -g_svc_in_tkt.so g_svc_in_tkt.po $(OUTPRE)g_svc_in_tkt.$(OBJEXT): g_svc_in_tkt.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ - $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \ +g_svc_in_tkt.so g_svc_in_tkt.po $(OUTPRE)g_svc_in_tkt.$(OBJEXT): g_svc_in_tkt.c $(SRCTOP)/include/kerberosIV/krb.h \ + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \ krb4int.h recvauth.so recvauth.po $(OUTPRE)recvauth.$(OBJEXT): recvauth.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ $(BUILDTOP)/include/krb5/autoconf.h -krb_err.so krb_err.po $(OUTPRE)krb_err.$(OBJEXT): krb_err.c $(COM_ERR_DEPS) ad_print.so ad_print.po $(OUTPRE)ad_print.$(OBJEXT): ad_print.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ @@ -531,22 +525,9 @@ g_cnffile.so g_cnffile.po $(OUTPRE)g_cnffile.$(OBJEXT): g_cnffile.c $(SRCTOP)/in $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ krb4int.h -g_krbhst.so g_krbhst.po $(OUTPRE)g_krbhst.$(OBJEXT): g_krbhst.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ - $(BUILDTOP)/include/profile.h krb4int.h $(SRCTOP)/include/port-sockets.h \ - $(BUILDTOP)/include/krb5/autoconf.h -g_krbrlm.so g_krbrlm.po $(OUTPRE)g_krbrlm.$(OBJEXT): g_krbrlm.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ - $(BUILDTOP)/include/profile.h krb4int.h -g_admhst.so g_admhst.po $(OUTPRE)g_admhst.$(OBJEXT): g_admhst.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ - $(BUILDTOP)/include/profile.h krb4int.h -realmofhost.so realmofhost.po $(OUTPRE)realmofhost.$(OBJEXT): realmofhost.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ - $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ - $(BUILDTOP)/include/krb5/autoconf.h krb4int.h +RealmsConfig-glue.so RealmsConfig-glue.po $(OUTPRE)RealmsConfig-glue.$(OBJEXT): RealmsConfig-glue.c \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/krb.h \ + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + krb4int.h $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ + $(BUILDTOP)/include/krb5.h diff --git a/src/lib/krb4/RealmsConfig-glue.c b/src/lib/krb4/RealmsConfig-glue.c new file mode 100644 index 000000000..927c10bc1 --- /dev/null +++ b/src/lib/krb4/RealmsConfig-glue.c @@ -0,0 +1,685 @@ +/* + * lib/krb4/RealmsConfig-glue.c + * + * Copyright 1985-2002 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * These calls implement the layer of Kerberos v4 library which + * accesses realms configuration by calling into the Kerberos Profile + * library. + */ + +#include +#include +#include +#include +#include +#if TARGET_OS_MAC +#include +#endif + +#include "profile.h" +#include "krb.h" +#include "krb4int.h" +#include "port-sockets.h" + +#if USE_CCAPI +#include +#endif + +#define KRB5_PRIVATE 1 +/* For krb5_get_default_config_files and krb5_free_config_files */ +#include "krb5.h" +#undef KRB5_PRIVATE + +/* These two *must* be kept in sync to avoid buffer overflows. */ +#define SCNSCRATCH "%1023s" +#define SCRATCHSZ 1024 +#if SCRATCHSZ < MAXHOSTNAMELEN +#error "SCRATCHSZ must be at least MAXHOSTNAMELEN" +#endif + +/* + * Returns to the caller an initialized profile using the same files + * as Kerberos4Lib would. + */ +int KRB5_CALLCONV +krb_get_profile(profile_t* profile) +{ + int retval = KSUCCESS; + profile_filespec_t *files = NULL; + + /* Use krb5 to get the config files */ + retval = krb5_get_default_config_files(&files); + + if (retval == KSUCCESS) { + retval = profile_init((const_profile_filespec_t *)files, profile); + } + + if (files) { + krb5_free_config_files(files); + } + + if (retval == ENOENT) { + /* No edu.mit.Kerberos file */ + return KFAILURE; + } + + if ((retval == PROF_SECTION_NOTOP) || + (retval == PROF_SECTION_SYNTAX) || + (retval == PROF_RELATION_SYNTAX) || + (retval == PROF_EXTRA_CBRACE) || + (retval == PROF_MISSING_OBRACE)) { + /* Bad config file format */ + return retval; + } + + return retval; +} + +/* Caller must ensure that n >= 1 and that pointers are non-NULL. */ +static int +krb_prof_get_nth( + char *ret, + size_t retlen, + const char *realm, + int n, + const char *sec, + const char *key) +{ + int result; + long profErr; + profile_t profile = NULL; + const char *names[4]; + void *iter = NULL; + char *name = NULL; + char *value = NULL; + int i; + + result = KFAILURE; + + profErr = krb_get_profile(&profile); + if (profErr) { + /* + * Can krb_get_profile() return errors that change PROFILE? + */ + goto cleanup; + } + names[0] = sec; + names[1] = realm; + names[2] = key; + names[3] = NULL; + profErr = profile_iterator_create(profile, names, + PROFILE_ITER_RELATIONS_ONLY, &iter); + if (profErr) + goto cleanup; + + result = KSUCCESS; + for (i = 1; i <= n; i++) { + if (name != NULL) + profile_release_string(name); + if (value != NULL) + profile_release_string(value); + name = value = NULL; + + profErr = profile_iterator(&iter, &name, &value); + if (profErr || (name == NULL)) { + result = KFAILURE; + break; + } + } + if (result == KSUCCESS) { + /* Return error rather than truncating. */ + if (strlen(value) >= retlen) + result = KFAILURE; + else + strncpy(ret, value, retlen); + } +cleanup: + if (name != NULL) + profile_release_string(name); + if (value != NULL) + profile_release_string(value); + if (iter != NULL) + profile_iterator_free(&iter); + if (profile != NULL) + profile_abandon(profile); + return result; +} + +/* + * Index -> realm name mapping + * + * Not really. The original implementation has a cryptic comment + * indicating that the function can only work for n = 1, and always + * returns the default realm. I don't know _why_ that's the case, but + * I have to do it that way... + * + * Old description from g_krbrlm.c: + * + * krb_get_lrealm takes a pointer to a string, and a number, n. It fills + * in the string, r, with the name of the nth realm specified on the + * first line of the kerberos config file (KRB_CONF, defined in "krb.h"). + * It returns 0 (KSUCCESS) on success, and KFAILURE on failure. If the + * config file does not exist, and if n=1, a successful return will occur + * with r = KRB_REALM (also defined in "krb.h"). + * + * NOTE: for archaic & compatibility reasons, this routine will only return + * valid results when n = 1. + * + * For the format of the KRB_CONF file, see comments describing the routine + * krb_get_krbhst(). This will also look in KRB_FB_CONF is + * ATHENA_CONF_FALLBACK is defined. + */ +int KRB5_CALLCONV +krb_get_lrealm( + char *realm, + int n) +{ + long profErr = 0; + char *realmString = NULL; + char *realmStringV4 = NULL; + profile_t profile = NULL; + int result; + FILE *cnffile = NULL; + char scratch[SCRATCHSZ]; + + if (n != 1 || realm == NULL) + return KFAILURE; + + result = KFAILURE; /* Start out with failure. */ + + profErr = krb_get_profile(&profile); + if (profErr) + goto cleanup; + + profErr = profile_get_string(profile, REALMS_V4_PROF_LIBDEFAULTS_SECTION, + REALMS_V4_DEFAULT_REALM, NULL, NULL, + &realmString); + if (profErr || realmString == NULL) + goto cleanup; + + if (strlen(realmString) >= REALM_SZ) + goto cleanup; + strncpy(realm, realmString, REALM_SZ); + /* + * Step 2: the default realm is actually v5 realm, so we have to + * check for the case where v4 and v5 realms are different. + */ + profErr = profile_get_string(profile, "realms", realm, "v4_realm", + NULL, &realmStringV4); + if (profErr || realmStringV4 == NULL) + goto cleanup; + + if (strlen(realmStringV4) >= REALM_SZ) + goto cleanup; + strncpy(realm, realmStringV4, REALM_SZ); + result = KSUCCESS; +cleanup: + if (realmString != NULL) + profile_release_string(realmString); + if (realmStringV4 != NULL) + profile_release_string(realmStringV4); + if (profile != NULL) + profile_abandon(profile); + + if (result == KSUCCESS) + return result; + /* + * Do old-style config file lookup. + */ + do { + cnffile = krb__get_cnffile(); + if (cnffile == NULL) + break; + if (fscanf(cnffile, SCNSCRATCH, scratch) == 1) { + if (strlen(scratch) >= REALM_SZ) + result = KFAILURE; + else { + strncpy(realm, scratch, REALM_SZ); + result = KSUCCESS; + } + } + fclose(cnffile); + } while (0); + if (result == KFAILURE && strlen(KRB_REALM) < REALM_SZ) { + strncpy(realm, KRB_REALM, REALM_SZ); + result = KSUCCESS; + } + return result; +} + +/* + * Realm, index -> admin KDC mapping + * + * Old description from g_admhst.c: + * + * Given a Kerberos realm, find a host on which the Kerberos database + * administration server can be found. + * + * krb_get_admhst takes a pointer to be filled in, a pointer to the name + * of the realm for which a server is desired, and an integer n, and + * returns (in h) the nth administrative host entry from the configuration + * file (KRB_CONF, defined in "krb.h") associated with the specified realm. + * If ATHENA_CONF_FALLBACK is defined, also look in old location. + * + * On error, get_admhst returns KFAILURE. If all goes well, the routine + * returns KSUCCESS. + * + * For the format of the KRB_CONF file, see comments describing the routine + * krb_get_krbhst(). + * + * This is a temporary hack to allow us to find the nearest system running + * a Kerberos admin server. In the long run, this functionality will be + * provided by a nameserver. + */ +int KRB5_CALLCONV +krb_get_admhst( + char *host, + char *realm, + int n) +{ + int result; + int i; + FILE *cnffile; + char linebuf[BUFSIZ]; + char trealm[SCRATCHSZ]; + char thost[SCRATCHSZ]; + char scratch[SCRATCHSZ]; + + if (n < 1 || host == NULL || realm == NULL) + return KFAILURE; + + result = krb_prof_get_nth(host, MAXHOSTNAMELEN, realm, n, + REALMS_V4_PROF_REALMS_SECTION, + REALMS_V4_PROF_ADMIN_KDC); + if (result == KSUCCESS) + return result; + + /* + * Do old-style config file lookup. + */ + cnffile = krb__get_cnffile(); + if (cnffile == NULL) + return KFAILURE; + result = KSUCCESS; + for (i = 0; i < n;) { + if (fgets(linebuf, BUFSIZ, cnffile) == NULL) { + result = KFAILURE; + break; + } + if (!strchr(linebuf, '\n')) { + result = KFAILURE; + break; + } + /* + * Need to scan for a token after 'admin' to make sure that + * admin matched correctly. + */ + if (sscanf(linebuf, SCNSCRATCH " " SCNSCRATCH " admin " SCNSCRATCH, + trealm, thost, scratch) != 3) + continue; + if (!strcmp(trealm, realm)) + i++; + } + fclose(cnffile); + if (result == KSUCCESS && strlen(thost) < MAXHOSTNAMELEN) + strncpy(host, thost, MAXHOSTNAMELEN); + else + result = KFAILURE; + return result; +} + +/* + * Realm, index -> kpasswd KDC mapping + */ +int KRB5_CALLCONV +krb_get_kpasswdhst( + char *host, + char *realm, + int n) +{ + if (n < 1 || host == NULL || realm == NULL) + return KFAILURE; + + return krb_prof_get_nth(host, MAXHOSTNAMELEN, realm, n, + REALMS_V4_PROF_REALMS_SECTION, + REALMS_V4_PROF_KPASSWD_KDC); +} + +static int +get_krbhst_default(h, r, n) + char *h; + char *r; + int n; +{ + if (n != 1) + return KFAILURE; + if (strlen(KRB_HOST) + 1 + strlen(r) >= MAXHOSTNAMELEN) + return KFAILURE; + /* KRB_HOST.REALM (ie. kerberos.CYGNUS.COM) */ + strncpy(h, KRB_HOST, MAXHOSTNAMELEN); + strcat(h, "."); + strcat(h, r); + return KSUCCESS; +} + +/* + * Realm, index -> KDC mapping + * + * Old description from g_krbhst.c: + * + * Given a Kerberos realm, find a host on which the Kerberos authenti- + * cation server can be found. + * + * krb_get_krbhst takes a pointer to be filled in, a pointer to the name + * of the realm for which a server is desired, and an integer, n, and + * returns (in h) the nth entry from the configuration file (KRB_CONF, + * defined in "krb.h") associated with the specified realm. + * + * On end-of-file, krb_get_krbhst returns KFAILURE. If n=1 and the + * configuration file does not exist, krb_get_krbhst will return KRB_HOST + * (also defined in "krb.h"). If all goes well, the routine returnes + * KSUCCESS. + * + * The KRB_CONF file contains the name of the local realm in the first + * line (not used by this routine), followed by lines indicating realm/host + * entries. The words "admin server" following the hostname indicate that + * the host provides an administrative database server. + * This will also look in KRB_FB_CONF if ATHENA_CONF_FALLBACK is defined. + * + * For example: + * + * ATHENA.MIT.EDU + * ATHENA.MIT.EDU kerberos-1.mit.edu admin server + * ATHENA.MIT.EDU kerberos-2.mit.edu + * LCS.MIT.EDU kerberos.lcs.mit.edu admin server + * + * This is a temporary hack to allow us to find the nearest system running + * kerberos. In the long run, this functionality will be provided by a + * nameserver. + */ +int KRB5_CALLCONV +krb_get_krbhst( + char *host, + const char *realm, + int n) +{ + int result; + int i; + FILE *cnffile; + char linebuf[BUFSIZ]; + char tr[SCRATCHSZ]; + char scratch[SCRATCHSZ]; + + if (n < 1 || host == NULL || realm == NULL) + return KFAILURE; + + result = krb_prof_get_nth(host, MAXHOSTNAMELEN, realm, n, + REALMS_V4_PROF_REALMS_SECTION, + REALMS_V4_PROF_KDC); + if (result == KSUCCESS) + return result; + /* + * Do old-style config file lookup. + */ + do { + cnffile = krb__get_cnffile(); + if (cnffile == NULL) + break; + /* Skip default realm name. */ + if (fscanf(cnffile, SCNSCRATCH, tr) == EOF) { + fclose(cnffile); + break; + } + result = KSUCCESS; + for (i = 0; i < n;) { + if (fgets(linebuf, BUFSIZ, cnffile) == NULL) { + result = KFAILURE; + break; + } + if (!strchr(linebuf, '\n')) { + result = KFAILURE; + break; + } + if ((sscanf(linebuf, SCNSCRATCH " " SCNSCRATCH, + tr, scratch) != 2)) + continue; + if (!strcmp(tr, realm)) + i++; + } + fclose(cnffile); + if (result == KSUCCESS && strlen(scratch) < MAXHOSTNAMELEN) + strncpy(host, scratch, MAXHOSTNAMELEN); + else + result = KFAILURE; + } while (0); + if (result == KFAILURE) + result = get_krbhst_default(host, realm, n); + return result; +} + +#if USE_CCAPI +/* + * Realm -> string_to_key mapping + */ +int KRB5_CALLCONV +krb_get_stk( + KRB_UINT32 *type, + char *realm) +{ + long profErr = 0; + const char *names[] = {REALMS_V4_PROF_REALMS_SECTION, NULL, + REALMS_V4_PROF_STK, NULL}; + profile_t profile = NULL; + void *iter = NULL; + char *name = NULL; + char *value = NULL; + int found = 0; + + names[1] = realm; + + profErr = krb_get_profile(&profile); + if (profErr) { + goto cleanup; + } + + profErr = profile_iterator_create(profile, names, + PROFILE_ITER_RELATIONS_ONLY, &iter); + if (profErr) { + goto cleanup; + } + + profErr = profile_iterator(&iter, &name, &value); + if (profErr) { + goto cleanup; + } + + if (name != NULL) { + if (!strncmp(value, REALMS_V4_MIT_STK, strlen(REALMS_V4_MIT_STK))) { + *type = cc_v4_stk_des; + found = 1; + } else if (!strncmp(value, REALMS_V4_AFS_STK, + strlen(REALMS_V4_AFS_STK))) { + *type = cc_v4_stk_afs; + found = 1; + } else if (!strncmp(value, REALMS_V4_COLUMBIA_STK, + strlen(REALMS_V4_COLUMBIA_STK))) { + *type = cc_v4_stk_columbia_special; + found = 1; + } + } + +cleanup: + if (name != NULL) + profile_release_string(name); + if (value != NULL) + profile_release_string(value); + if (iter != NULL) + profile_iterator_free(&iter); + if (profile != NULL) + profile_abandon(profile); + + /* If this fails, we just rely on autodetecting the realm */ + if (!found) { + *type = cc_v4_stk_unknown; + } + return KSUCCESS; +} +#endif /* USE_CCAPI */ + +/* + * Hostname -> realm name mapping + * + * Old description from realmofhost.c: + * + * Given a fully-qualified domain-style primary host name, + * return the name of the Kerberos realm for the host. + * If the hostname contains no discernable domain, or an error occurs, + * return the local realm name, as supplied by get_krbrlm(). + * If the hostname contains a domain, but no translation is found, + * the hostname's domain is converted to upper-case and returned. + * + * The format of each line of the translation file is: + * domain_name kerberos_realm + * -or- + * host_name kerberos_realm + * + * domain_name should be of the form .XXX.YYY (e.g. .LCS.MIT.EDU) + * host names should be in the usual form (e.g. FOO.BAR.BAZ) + */ +char * KRB5_CALLCONV +krb_realmofhost(char *host) +{ + /* Argh! */ + static char realm[REALM_SZ]; + char *lhost; + const char *names[] = {REALMS_V4_PROF_DOMAIN_SECTION, NULL, NULL}; + char **values = NULL; + profile_t profile = NULL; + long profErr; + char hostname[MAXHOSTNAMELEN]; + char *p; + char *domain; + FILE *trans_file = NULL; + int retval; + char thost[SCRATCHSZ]; + char trealm[SCRATCHSZ]; + struct hostent *h; + + /* Return local realm if all else fails */ + krb_get_lrealm(realm, 1); + + /* Forward-resolve in case domain is missing. */ + h = gethostbyname(host); + if (h == NULL) + lhost = host; + else + lhost = h->h_name; + + if (strlen(lhost) >= MAXHOSTNAMELEN) + return realm; + strncpy(hostname, lhost, MAXHOSTNAMELEN); + + /* Remove possible trailing dot. */ + p = strrchr(hostname, '.'); + if (p != NULL && p[1] == '\0') + *p = '\0'; + domain = strchr(hostname, '.'); + /* + * If the hostname is just below the top, e.g., CYGNUS.COM, then + * we special-case it; if someone really wants a realm called COM + * they will just have to specify it properly. + */ + if (domain != NULL) { + domain++; + p = strchr(domain, '.'); + if (p == NULL) + domain = lhost; + if (strlen(domain) < REALM_SZ) { + strncpy(realm, domain, REALM_SZ); + /* Upcase realm name. */ + for (p = hostname; *p != '\0'; p++) { + if (*p > 0 && islower((unsigned char)*p)) + *p = toupper((unsigned char)*p); + } + } + } + /* Downcase hostname. */ + for (p = hostname; *p != '\0'; p++) { + if (*p > 0 && isupper((unsigned char)*p)) + *p = tolower((unsigned char)*p); + } + + profErr = krb_get_profile(&profile); + if (profErr) + goto cleanup; + + for (domain = hostname; domain != NULL && *domain != '\0';) { + names[1] = domain; + values = NULL; + profErr = profile_get_values(profile, names, &values); + if (!profErr && strlen(values[0]) < REALM_SZ) { + /* Found, return it */ + strncpy(realm, values[0], REALM_SZ); + profile_free_list(values); + break; + } else { + /* Skip over leading dot. */ + if (*domain == '.') + domain++; + domain = strchr(domain, '.'); + } + profile_free_list(values); + } +cleanup: + if (profile != NULL) + profile_abandon(profile); + + trans_file = krb__get_realmsfile(); + if (trans_file == NULL) + return realm; + domain = strchr(hostname, '.'); + for (;;) { + retval = fscanf(trans_file, SCNSCRATCH " " SCNSCRATCH, + thost, trealm); + if (retval == EOF) + break; + if (retval != 2 || strlen(trealm) >= REALM_SZ) + continue; /* Ignore malformed lines. */ + /* Attempt to match domain. */ + if (*thost == '.') { + if (domain && !strcasecmp(thost, domain)) { + strncpy(realm, trealm, REALM_SZ); + continue; /* Try again for an exact match. */ + } + } else { + /* Hostname must match exactly. */ + if (!strcasecmp(thost, hostname)) { + strncpy(realm, trealm, REALM_SZ); + break; + } + } + } + fclose(trans_file); + return realm; +} diff --git a/src/lib/krb4/dest_tkt.c b/src/lib/krb4/dest_tkt.c index fd9ae68ac..5fd234443 100644 --- a/src/lib/krb4/dest_tkt.c +++ b/src/lib/krb4/dest_tkt.c @@ -67,7 +67,7 @@ int KRB5_CALLCONV dest_tkt() { - char *file = TKT_FILE; + const char *file = TKT_FILE; int i,fd; extern int errno; int ret; diff --git a/src/lib/krb4/err_txt.c b/src/lib/krb4/err_txt.c index 0a6fdeb49..64663b3d7 100644 --- a/src/lib/krb4/err_txt.c +++ b/src/lib/krb4/err_txt.c @@ -1,294 +1,83 @@ /* - * err_txt.c + * lib/krb4/err_txt.c * - * Copyright 1988 by the Massachusetts Institute of Technology. + * Copyright 1988, 2002 by the Massachusetts Institute of Technology. + * All Rights Reserved. * - * For copying and distribution information, please see the file - * . + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. */ -#include "mit-copyright.h" #include "krb.h" +#include "krb4int.h" /* - * This file contains an array of error text strings. - * The associated error codes (which are defined in "krb.h") - * follow the string in the comments at the end of each line. + * This is gross. We want krb_err_txt to match the contents of the + * com_err error table, but the text is static in krb_err.c. To avoid + * multiple registrations of the error table, we also want to override + * initialize_krb_error_table() in case someone decides to call it. */ +#undef initialize_krb_error_table +#define initialize_krb_error_table krb4int_init_krb_err_tbl +void krb4int_init_krb_err_tbl(void); +#include "krb_err.c" +#undef initialize_krb_error_table -const -/* Some C compilers (like ThinkC when producing a driver) can't grok - initialized multimentional arrays! */ -#ifdef MULTIDIMENSIONAL_ERR_TXT - char krb_err_txt[256][60] = { -#else - char *const krb_err_txt [256] = { -#endif - "OK", /* 000 */ - "Principal expired (kerberos)", /* 001 */ - "Service expired (kerberos)", /* 002 */ - "Authentication expired (kerberos)", /* 003 */ - "Unknown protocol version number (kerberos)", /* 004 */ - "Principal: Incorrect master key version (kerberos)", /* 005 */ - "Service: Incorrect master key version (kerberos)", /* 006 */ - "Bad byte order (kerberos)", /* 007 */ - "Principal unknown (kerberos)", /* 008 */ - "Principal not unique (kerberos)", /* 009 */ - "Principal has null key (kerberos)", /* 010 */ - "Reserved error message 11 (kerberos)", /* 011 */ - "Reserved error message 12 (kerberos)", /* 012 */ - "Reserved error message 13 (kerberos)", /* 013 */ - "Reserved error message 14 (kerberos)", /* 014 */ - "Reserved error message 15 (kerberos)", /* 015 */ - "Reserved error message 16 (kerberos)", /* 016 */ - "Reserved error message 17 (kerberos)", /* 017 */ - "Reserved error message 18 (kerberos)", /* 018 */ - "Reserved error message 19 (kerberos)", /* 019 */ - "Permission Denied (kerberos)", /* 020 */ - "Can't read ticket file (krb_get_cred)", /* 021 */ - "Can't find ticket (krb_get_cred)", /* 022 */ - "Reserved error message 23 (krb_get_cred)", /* 023 */ - "Reserved error message 24 (krb_get_cred)", /* 024 */ - "Reserved error message 25 (krb_get_cred)", /* 025 */ - "Ticket granting ticket expired (krb_mk_req)", /* 026 */ - "Reserved error message 27 (krb_mk_req)", /* 027 */ - "Reserved error message 28 (krb_mk_req)", /* 028 */ - "Reserved error message 29 (krb_mk_req)", /* 029 */ - "Reserved error message 30 (krb_mk_req)", /* 030 */ - "Can't decode authenticator (krb_rd_req)", /* 031 */ - "Ticket expired (krb_rd_req)", /* 032 */ - "Ticket issue date too far in the future (krb_rd_req)",/* 033 */ - "Repeat request (krb_rd_req)", /* 034 */ - "Ticket for wrong server (krb_rd_req)", /* 035 */ - "Request inconsistent (krb_rd_req)", /* 036 */ - "Time is out of bounds (krb_rd_req)", /* 037 */ - "Incorrect network address (krb_rd_req)", /* 038 */ - "Protocol version mismatch (krb_rd_req)", /* 039 */ - "Illegal message type (krb_rd_req)", /* 040 */ - "Message integrity error (krb_rd_req)", /* 041 */ - "Message duplicate or out of order (krb_rd_req)", /* 042 */ - "Unauthorized request (krb_rd_req)", /* 043 */ - "Reserved error message 44 (krb_rd_req)", /* 044 */ - "Reserved error message 45 (krb_rd_req)", /* 045 */ - "Reserved error message 46 (krb_rd_req)", /* 046 */ - "Reserved error message 47 (krb_rd_req)", /* 047 */ - "Reserved error message 48 (krb_rd_req)", /* 048 */ - "Reserved error message 49 (krb_rd_req)", /* 049 */ - "Reserved error message 50 (krb_rd_req)", /* 050 */ - "Current password is NULL (get_pw_tkt)", /* 051 */ - "Current password incorrect (get_pw_tkt)", /* 052 */ - "Protocol error (gt_pw_tkt)", /* 053 */ - "Error returned by KDC (gt_pw_tkt)", /* 054 */ - "Null ticket returned by KDC (gt_pw_tkt)", /* 055 */ - "Retry count exceeded (send_to_kdc)", /* 056 */ - "Can't send request (send_to_kdc)", /* 057 */ - "Reserved error message 58 (send_to_kdc)", /* 058 */ - "Reserved error message 59 (send_to_kdc)", /* 059 */ - "Reserved error message 60 (send_to_kdc)", /* 060 */ - "Warning: Not ALL tickets returned", /* 061 */ - "Password incorrect", /* 062 */ - "Protocol error (get_intkt)", /* 063 */ - "Reserved error message 64 (get_in_tkt)", /* 064 */ - "Reserved error message 65 (get_in_tkt)", /* 065 */ - "Reserved error message 66 (get_in_tkt)", /* 066 */ - "Reserved error message 67 (get_in_tkt)", /* 067 */ - "Reserved error message 68 (get_in_tkt)", /* 068 */ - "Reserved error message 69 (get_in_tkt)", /* 069 */ - "Generic error (get_intkt)", /* 070 */ - "Don't have ticket granting ticket (get_ad_tkt)", /* 071 */ - "Reserved error message 72 (get_ad_tkt)", /* 072 */ - "Reserved error message 73 (get_ad_tkt)", /* 073 */ - "Reserved error message 74 (get_ad_tkt)", /* 074 */ - "Reserved error message 75 (get_ad_tkt)", /* 075 */ - "You have no tickets cached", /* 076 */ - "Can't access ticket file (tf_util)", /* 077 */ - "Can't lock ticket file; try later (tf_util)", /* 078 */ - "Bad ticket file format (tf_util)", /* 079 */ - "Read ticket file before tf_init (tf_util)", /* 080 */ - "Bad Kerberos name format (kname_parse)", /* 081 */ - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "Generic kerberos error (kfailure)", /* 255 */ -}; +void initialize_krb_error_table(void); +/* YUCK -- depends on naming of the static table. */ +const char * const * const krb_err_txt = text; + +static int inited = 0; + +void +krb4int_et_init(void) +{ + if (inited) + return; + add_error_table(&et_krb_error_table); + inited = 1;\ +} + +void +initialize_krb_error_table(void) +{ + krb4int_et_init(); +} + +void +krb4int_et_fini(void) +{ + if (inited) + remove_error_table(&et_krb_error_table); +} const char * KRB5_CALLCONV -krb_get_err_text (code) +krb_get_err_text(code) int code; { - if (code >= 0 && code < (sizeof (krb_err_txt))/(sizeof *krb_err_txt)) - return krb_err_txt[code]; + krb4int_et_init(); + /* + * Shift krb error code into com_err number space. + */ + if (code >= 0 && code < MAX_KRB_ERRORS) + return error_message(ERROR_TABLE_BASE_krb + code); else return "Invalid Kerberos error code"; } diff --git a/src/lib/krb4/g_admhst.c b/src/lib/krb4/g_admhst.c deleted file mode 100644 index 9d844a990..000000000 --- a/src/lib/krb4/g_admhst.c +++ /dev/null @@ -1,78 +0,0 @@ -/* - * g_admhst.c - * - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * - * For copying and distribution information, please see the file - * . - */ - -#include "mit-copyright.h" -#include -#include "krb.h" -#include -#include "krb4int.h" - -/* - * Given a Kerberos realm, find a host on which the Kerberos database - * administration server can be found. - * - * krb_get_admhst takes a pointer to be filled in, a pointer to the name - * of the realm for which a server is desired, and an integer n, and - * returns (in h) the nth administrative host entry from the configuration - * file (KRB_CONF, defined in "krb.h") associated with the specified realm. - * If ATHENA_CONF_FALLBACK is defined, also look in old location. - * - * On error, get_admhst returns KFAILURE. If all goes well, the routine - * returns KSUCCESS. - * - * For the format of the KRB_CONF file, see comments describing the routine - * krb_get_krbhst(). - * - * This is a temporary hack to allow us to find the nearest system running - * a Kerberos admin server. In the long run, this functionality will be - * provided by a nameserver. - */ - -int KRB5_CALLCONV -krb_get_admhst(h, r, n) - char *h; - char *r; - int n; -{ - FILE *cnffile; - char tr[REALM_SZ]; - char linebuf[BUFSIZ]; - char scratch[64]; - register int i; - - cnffile = krb__get_cnffile(); - if (!cnffile) - return(KFAILURE); - if (fgets(linebuf, BUFSIZ, cnffile) == NULL) { - /* error reading */ - (void) fclose(cnffile); - return(KFAILURE); - } - if (!strchr(linebuf, '\n')) { - /* didn't all fit into buffer, punt */ - (void) fclose(cnffile); - return(KFAILURE); - } - for (i = 0; i < n; ) { - /* run through the file, looking for admin host */ - if (fgets(linebuf, BUFSIZ, cnffile) == NULL) { - (void) fclose(cnffile); - return(KFAILURE); - } - /* need to scan for a token after 'admin' to make sure that - admin matched correctly */ - if (sscanf(linebuf, "%s %s admin %s", tr, h, scratch) != 3) - continue; - if (!strcmp(tr,r)) - i++; - } - (void) fclose(cnffile); - return(KSUCCESS); -} diff --git a/src/lib/krb4/g_in_tkt.c b/src/lib/krb4/g_in_tkt.c index 7ad053482..09253daa8 100644 --- a/src/lib/krb4/g_in_tkt.c +++ b/src/lib/krb4/g_in_tkt.c @@ -1,8 +1,8 @@ /* * lib/krb4/g_in_tkt.c * - * Copyright 1986, 1987, 1988, 2000, 2001 by the Massachusetts - * Institute of Technology. All Rights Reserved. + * Copyright 1986-2002 by the Massachusetts Institute of Technology. + * All Rights Reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. @@ -157,6 +157,9 @@ krb_mk_in_tkt_preauth(user, instance, realm, service, sinstance, life, int msg_byte_order; int kerror; +#if TARGET_OS_MAC + socklen_t addrlen; +#endif #if 0 unsigned long exp_date; #endif @@ -213,8 +216,10 @@ krb_mk_in_tkt_preauth(user, instance, realm, service, sinstance, life, /* SEND THE REQUEST AND RECEIVE THE RETURN PACKET */ rpkt->length = 0; -#if 0 /* XXX */ - kerror = send_to_kdc_addr(pkt, rpkt, realm, local_addr); +#if TARGET_OS_MAC + addrlen = sizeof(struct sockaddr_in) + kerror = krb4int_send_to_kdc_addr(pkt, rpkt, realm, + local_addr, &addrlen); #else kerror = send_to_kdc(pkt, rpkt, realm); #endif @@ -443,7 +448,7 @@ krb_get_in_tkt_preauth_creds(user, instance, realm, service, sinstance, life, return kerror; } -int +int KRB5_CALLCONV krb_get_in_tkt_creds(user, instance, realm, service, sinstance, life, key_proc, decrypt_proc, arg, creds) char *user; diff --git a/src/lib/krb4/g_krbhst.c b/src/lib/krb4/g_krbhst.c deleted file mode 100644 index bc9c045e5..000000000 --- a/src/lib/krb4/g_krbhst.c +++ /dev/null @@ -1,97 +0,0 @@ -/* - * g_krbhst.c - * - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * - * For copying and distribution information, please see the file - * . - */ - -#include "mit-copyright.h" -#include -#include "krb.h" -#include -#include "krb4int.h" -#include "port-sockets.h" - -/* - * Given a Kerberos realm, find a host on which the Kerberos authenti- - * cation server can be found. - * - * krb_get_krbhst takes a pointer to be filled in, a pointer to the name - * of the realm for which a server is desired, and an integer, n, and - * returns (in h) the nth entry from the configuration file (KRB_CONF, - * defined in "krb.h") associated with the specified realm. - * - * On end-of-file, krb_get_krbhst returns KFAILURE. If n=1 and the - * configuration file does not exist, krb_get_krbhst will return KRB_HOST - * (also defined in "krb.h"). If all goes well, the routine returnes - * KSUCCESS. - * - * The KRB_CONF file contains the name of the local realm in the first - * line (not used by this routine), followed by lines indicating realm/host - * entries. The words "admin server" following the hostname indicate that - * the host provides an administrative database server. - * This will also look in KRB_FB_CONF if ATHENA_CONF_FALLBACK is defined. - * - * For example: - * - * ATHENA.MIT.EDU - * ATHENA.MIT.EDU kerberos-1.mit.edu admin server - * ATHENA.MIT.EDU kerberos-2.mit.edu - * LCS.MIT.EDU kerberos.lcs.mit.edu admin server - * - * This is a temporary hack to allow us to find the nearest system running - * kerberos. In the long run, this functionality will be provided by a - * nameserver. - */ - -static int -get_krbhst_default(h, r, n) - char *h; - char *r; - int n; -{ - if (n==1) { - (void) strncpy(h,KRB_HOST,MAXHOSTNAMELEN-1); - h[MAXHOSTNAMELEN-1] = '\0'; - (void) strncat(h,".",MAXHOSTNAMELEN-1-strlen(h)); - (void) strncat(h,r,MAXHOSTNAMELEN-1-strlen(h)); - /* KRB_HOST.REALM (ie. kerberos.CYGNUS.COM) */ - return(KSUCCESS); - } - else - return(KFAILURE); -} - -int KRB5_CALLCONV -krb_get_krbhst(h,r,n) - char *h; - char *r; - int n; -{ - FILE *cnffile; - char tr[REALM_SZ]; - char linebuf[BUFSIZ]; - register int i; - - cnffile = krb__get_cnffile(); - if (!cnffile) - return get_krbhst_default(h, r, n); - if (fscanf(cnffile,"%39s",tr) == EOF) /* XXX assumes REALM_SZ == 40 */ - return get_krbhst_default(h, r, n); - /* run through the file, looking for the nth server for this realm */ - for (i = 1; i <= n;) { - if (fgets(linebuf, BUFSIZ, cnffile) == NULL) { - (void) fclose(cnffile); - return get_krbhst_default(h, r, n); - } - if (sscanf(linebuf, "%39s %1023s", tr, h) != 2) /* REALM_SZ == 40 */ - continue; - if (!strcmp(tr,r)) - i++; - } - (void) fclose(cnffile); - return(KSUCCESS); -} diff --git a/src/lib/krb4/g_krbrlm.c b/src/lib/krb4/g_krbrlm.c deleted file mode 100644 index 608e1b884..000000000 --- a/src/lib/krb4/g_krbrlm.c +++ /dev/null @@ -1,63 +0,0 @@ -/* - * g_krbrlm.c - * - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * - * For copying and distribution information, please see the file - * . - */ - -#include "mit-copyright.h" -#include -#include "krb.h" -#include -#include "krb4int.h" - -/* - * krb_get_lrealm takes a pointer to a string, and a number, n. It fills - * in the string, r, with the name of the nth realm specified on the - * first line of the kerberos config file (KRB_CONF, defined in "krb.h"). - * It returns 0 (KSUCCESS) on success, and KFAILURE on failure. If the - * config file does not exist, and if n=1, a successful return will occur - * with r = KRB_REALM (also defined in "krb.h"). - * - * NOTE: for archaic & compatibility reasons, this routine will only return - * valid results when n = 1. - * - * For the format of the KRB_CONF file, see comments describing the routine - * krb_get_krbhst(). This will also look in KRB_FB_CONF is - * ATHENA_CONF_FALLBACK is defined. - */ -int KRB5_CALLCONV -krb_get_lrealm(r,n) - char *r; - int n; -{ - FILE *cnffile; - - if (n > 1) - return(KFAILURE); /* Temporary restriction */ - - cnffile = krb__get_cnffile(); - if (!cnffile) { - if (n == 1) { - (void) strncpy(r, KRB_REALM, REALM_SZ); - r[REALM_SZ - 1] = '\0'; - return(KSUCCESS); - } - else - return(KFAILURE); - } - - /* - * XXX This assumes REALM_SZ == 40, - * and that r is 40 characters long. - */ - if (fscanf(cnffile,"%39s",r) != 1) { - (void) fclose(cnffile); - return(KFAILURE); - } - (void) fclose(cnffile); - return(KSUCCESS); -} diff --git a/src/lib/krb4/g_svc_in_tkt.c b/src/lib/krb4/g_svc_in_tkt.c index b41126dca..7b15f62ae 100644 --- a/src/lib/krb4/g_svc_in_tkt.c +++ b/src/lib/krb4/g_svc_in_tkt.c @@ -1,21 +1,34 @@ /* - * g_svc_in_tkt.c + * lib/krb4/g_svc_in_tkt.c * * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * All Rights Reserved. * - * For copying and distribution information, please see the file - * . + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. */ -#include "mit-copyright.h" +#include +#include #include "krb.h" #include "prot.h" #include "krb4int.h" -#include - -#ifndef NULL -#define NULL 0 -#endif /* * This file contains two routines: srvtab_to_key(), which gets diff --git a/src/lib/krb4/g_tf_fname.c b/src/lib/krb4/g_tf_fname.c index 36a2f8645..e03fe24b1 100644 --- a/src/lib/krb4/g_tf_fname.c +++ b/src/lib/krb4/g_tf_fname.c @@ -28,7 +28,7 @@ int KRB5_CALLCONV krb_get_tf_fullname(ticket_file, name, instance, realm) - char *ticket_file; + const char *ticket_file; char *name; char *instance; char *realm; diff --git a/src/lib/krb4/g_tf_realm.c b/src/lib/krb4/g_tf_realm.c index 92e109996..fe99e61e1 100644 --- a/src/lib/krb4/g_tf_realm.c +++ b/src/lib/krb4/g_tf_realm.c @@ -1,13 +1,29 @@ /* - * g_tf_realm.c + * lib/krb4/g_tf_realm.c * - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * Copyright 1987-2002 by the Massachusetts Institute of Technology. + * All Rights Reserved. * - * For copying and distribution information, please see the file - * . + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. */ -#include "mit-copyright.h" #include "krb.h" /* @@ -22,9 +38,7 @@ */ int KRB5_CALLCONV -krb_get_tf_realm(ticket_file, realm) - char *ticket_file; - char *realm; +krb_get_tf_realm(const char *ticket_file, char *realm) { - return(krb_get_tf_fullname(ticket_file, (char *)0, (char *)0, realm)); + return krb_get_tf_fullname(ticket_file, NULL, NULL, realm); } diff --git a/src/lib/krb4/in_tkt.c b/src/lib/krb4/in_tkt.c index c70c6c55b..b76cd7052 100644 --- a/src/lib/krb4/in_tkt.c +++ b/src/lib/krb4/in_tkt.c @@ -26,6 +26,7 @@ #include #include +#include #include "krb.h" #include #include @@ -72,7 +73,7 @@ in_tkt(pname,pinst) uid_t me, metoo, getuid(), geteuid(); struct stat statpre, statpost; int count; - char *file = TKT_FILE; + const char *file = TKT_FILE; int fd; register int i; char charbuf[BUFSIZ]; diff --git a/src/lib/krb4/krb4int.h b/src/lib/krb4/krb4int.h index 6819653d8..82a66f649 100644 --- a/src/lib/krb4/krb4int.h +++ b/src/lib/krb4/krb4int.h @@ -1,4 +1,29 @@ -/* A series of private prototypes that we are not exporting but should +/* + * lib/krb4/krb4int.h + * + * Copyright 2001-2002 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * A series of private prototypes that we are not exporting but should * be available for self consistancy in the library. */ @@ -25,6 +50,12 @@ int krb_get_svc_in_tkt_preauth(char *, char *, char *, char *, char *, int, char /* gethostname.c */ int k_gethostname(char *, int); +/* g_in_tkt.c */ +int krb_get_in_tkt_preauth_creds(char *, char *, char *, + char *, char *, int, + key_proc_type, decrypt_tkt_type, + char *, char *, int, CREDENTIALS *); + /* klog.c */ void kset_logfile(char *); @@ -55,12 +86,17 @@ int krb_start_session(char *); int krb_end_session(char *); -#ifndef _WINDOWS +#ifndef _WIN32 /* For windows users, these are defined in krb.h */ char *krb_get_default_user (void); int krb_set_default_user (char *); #endif +/* RealmConfig-glue.c */ +int krb_get_kpasswdhst(char *, char *, int); +int krb_get_stk(KRB_UINT32 *type, char *realm); - +/* err_txt.c */ +void krb4int_et_init(void); +void krb4int_et_fini(void); diff --git a/src/lib/krb4/krb_err.et b/src/lib/krb4/krb_err.et index 7ee5dd5f9..c4f225d6c 100644 --- a/src/lib/krb4/krb_err.et +++ b/src/lib/krb4/krb_err.et @@ -19,16 +19,16 @@ "Kerberos auth expired" ec KRBET_KDC_PKT_VER, - "Incorrect kerberos master key version" + "Unknown kerberos protocol version" ec KRBET_KDC_P_MKEY_VER, - "Incorrect kerberos master key version" + "Incorrect kerberos master key version for principal" ec KRBET_KDC_S_MKEY_VER, - "Incorrect kerberos master key version" + "Incorrect kerberos master key version for service" ec KRBET_KDC_BYTE_ORDER, - "Kerberos error: byte order unknown" + "Bad byte order (kerberos)" ec KRBET_KDC_PR_UNKNOWN, "Kerberos principal unknown" @@ -40,31 +40,31 @@ "Kerberos principal has null key" ec KRBET_KRB_RES11, - "Reserved 11" + "Reserved error message 11 (kerberos)" ec KRBET_KRB_RES12, - "Reserved 12" + "Reserved error message 12 (kerberos)" ec KRBET_KRB_RES13, - "Reserved 13" + "Reserved error message 13 (kerberos)" ec KRBET_KRB_RES14, - "Reserved 14" + "Reserved error message 14 (kerberos)" ec KRBET_KRB_RES15, - "Reserved 15" + "Reserved error message 15 (kerberos)" ec KRBET_KRB_RES16, - "Reserved 16" + "Reserved error message 16 (kerberos)" ec KRBET_KRB_RES17, - "Reserved 17" + "Reserved error message 17 (kerberos)" ec KRBET_KRB_RES18, - "Reserved 18" + "Reserved error message 18 (kerberos)" ec KRBET_KRB_RES19, - "Reserved 19" + "Reserved error message 19 (kerberos)" ec KRBET_KDC_GEN_ERR, "Generic error from Kerberos KDC" @@ -76,181 +76,701 @@ "Can't find Kerberos ticket or TGT" ec KRBET_KRB_RES23, - "Reserved 23" + "Reserved error message 23 (krb_get_cred)" ec KRBET_KRB_RES24, - "Reserved 24" + "Reserved error message 24 (krb_get_cred)" ec KRBET_KRB_RES25, - "Reserved 25" + "Reserved error message 25 (krb_get_cred)" ec KRBET_MK_AP_TGTEXP, "Kerberos TGT Expired" ec KRBET_KRB_RES27, - "Reserved 27" + "Reserved error message 27 (krb_mk_req)" ec KRBET_KRB_RES28, - "Reserved 28" + "Reserved error message 28 (krb_mk_req)" ec KRBET_KRB_RES29, - "Reserved 29" + "Reserved error message 29 (krb_mk_req)" ec KRBET_KRB_RES30, - "Reserved 30" + "Reserved error message 30 (krb_mk_req)" ec KRBET_RD_AP_UNDEC, - "Kerberos error: Can't decode authenticator" + "Can't decode authenticator (krb_rd_req)" ec KRBET_RD_AP_EXP, - "Kerberos ticket expired" + "Kerberos ticket expired (krb_rd_req)" ec KRBET_RD_AP_NYV, - "Kerberos ticket not yet valid" + "Kerberos ticket not yet valid (krb_rd_req)" ec KRBET_RD_AP_REPEAT, - "Kerberos error: Repeated request" + "Repeated request (krb_rd_req)" ec KRBET_RD_AP_NOT_US, - "The kerberos ticket isn't for us" + "Kerberos ticket is for wrong server (krb_rd_req)" ec KRBET_RD_AP_INCON, "Kerberos request inconsistent" ec KRBET_RD_AP_TIME, - "Kerberos error: time is out of bounds" + "Time is out of bounds (krb_rd_req)" ec KRBET_RD_AP_BADD, - "Kerberos error: incorrect net address" + "Incorrect net address (krb_rd_req)" ec KRBET_RD_AP_VERSION, - "Kerberos protocol version mismatch" + "Kerberos protocol version mismatch (krb_rd_req)" ec KRBET_RD_AP_MSG_TYPE, - "Kerberos error: invalid msg type" + "Invalid msg type (krb_rd_req)" ec KRBET_RD_AP_MODIFIED, - "Kerberos error: message stream modified" + "Message integrity error (krb_rd_req)" ec KRBET_RD_AP_ORDER, - "Kerberos error: message out of order" + "Message out of order (krb_rd_req)" ec KRBET_RD_AP_UNAUTHOR, - "Kerberos error: unauthorized request" + "Unauthorized request (krb_rd_req)" ec KRBET_KRB_RES44, - "Reserved 44" + "Reserved error message 44 (krb_rd_req)" ec KRBET_KRB_RES45, - "Reserved 45" + "Reserved error message 45 (krb_rd_req)" ec KRBET_KRB_RES46, - "Reserved 46" + "Reserved error message 46 (krb_rd_req)" ec KRBET_KRB_RES47, - "Reserved 47" + "Reserved error message 47 (krb_rd_req)" ec KRBET_KRB_RES48, - "Reserved 48" + "Reserved error message 48 (krb_rd_req)" ec KRBET_KRB_RES49, - "Reserved 49" + "Reserved error message 49 (krb_rd_req)" ec KRBET_KRB_RES50, - "Reserved 50" + "Reserved error message 50 (krb_rd_req)" ec KRBET_GT_PW_NULL, - "Kerberos error: current PW is null" + "Current password is null (get_pw_tkt)" ec KRBET_GT_PW_BADPW, - "Kerberos error: Incorrect current password" + "Incorrect current password (get_pw_tkt)" ec KRBET_GT_PW_PROT, - "Kerberos protocol error" + "Protocol error (get_pw_tkt)" ec KRBET_GT_PW_KDCERR, - "Error returned by Kerberos KDC" + "Error returned by KDC (get_pw_tkt)" ec KRBET_GT_PW_NULLTKT, - "Null Kerberos ticket returned by KDC" + "Null Kerberos ticket returned by KDC (get_pw_tkt)" ec KRBET_SKDC_RETRY, - "Kerberos error: Retry count exceeded" + "Retry count exceeded (send_to_kdc)" ec KRBET_SKDC_CANT, - "Kerberos error: Can't send request" + "Can't send request (send_to_kdc)" ec KRBET_KRB_RES58, - "Reserved 58" + "Reserved error message 58 (send_to_kdc)" ec KRBET_KRB_RES59, - "Reserved 59" + "Reserved error message 59 (send_to_kdc)" ec KRBET_KRB_RES60, - "Reserved 60" + "Reserved error message 60 (send_to_kdc)" ec KRBET_INTK_W_NOTALL, "Kerberos error: not all tickets returned" ec KRBET_INTK_BADPW, - "Kerberos error: incorrect password" + "Incorrect password (get_in_tkt)" ec KRBET_INTK_PROT, - "Kerberos error: Protocol Error" + "Protocol error (get_in_tkt)" ec KRBET_KRB_RES64, - "Reserved 64" + "Reserved error message 64 (get_in_tkt)" ec KRBET_KRB_RES65, - "Reserved 65" + "Reserved error message 65 (get_in_tkt)" ec KRBET_KRB_RES66, - "Reserved 66" + "Reserved error message 66 (get_in_tkt)" ec KRBET_KRB_RES67, - "Reserved 67" + "Reserved error message 67 (get_in_tkt)" ec KRBET_KRB_RES68, - "Reserved 68" + "Reserved error message 68 (get_in_tkt)" ec KRBET_KRB_RES69, - "Reserved 69" + "Reserved error message 69 (get_in_tkt)" ec KRBET_INTK_ERR, - "Other error" + "Other error (get_in_tkt)" ec KRBET_AD_NOTGT, - "Don't have Kerberos ticket-granting ticket" + "Don't have Kerberos ticket-granting ticket (get_ad_tkt)" ec KRBET_KRB_RES72, - "Reserved 72" + "Reserved error message 72 (get_ad_tkt)" ec KRBET_KRB_RES73, - "Reserved 73" + "Reserved error message 73 (get_ad_tkt)" ec KRBET_KRB_RES74, - "Reserved 74" + "Reserved error message 74 (get_ad_tkt)" ec KRBET_KRB_RES75, - "Reserved 75" + "Reserved error message 75 (get_ad_tkt)" ec KRBET_NO_TKT_FIL, "You have no tickets cached" ec KRBET_TKT_FIL_ACC, - "Couldn't access ticket file" + "Couldn't access ticket file (tf_util)" ec KRBET_TKT_FIL_LCK, - "Couldn't lock ticket file" + "Couldn't lock ticket file (tf_util)" ec KRBET_TKT_FIL_FMT, - "Bad ticket file format" + "Bad ticket file format (tf_util)" ec KRBET_TKT_FIL_INI, - "tf_init not called first" + "tf_init not called before reading from ticket file (tf_util)" ec KRBET_KNAME_FMT, - "Bad Kerberos name format" + "Bad Kerberos name format (kname_parse)" - end + ec KRBET_RES82, + "Reserved error message 82" + + ec KRBET_RES83, + "Reserved error message 83" + + ec KRBET_RES84, + "Reserved error message 84" + + ec KRBET_RES85, + "Reserved error message 85" + + ec KRBET_RES86, + "Reserved error message 86" + + ec KRBET_RES87, + "Reserved error message 87" + + ec KRBET_RES88, + "Reserved error message 88" + + ec KRBET_RES89, + "Reserved error message 89" + + ec KRBET_RES90, + "Reserved error message 90" + + ec KRBET_RES91, + "Reserved error message 91" + + ec KRBET_RES92, + "Reserved error message 92" + + ec KRBET_RES93, + "Reserved error message 93" + + ec KRBET_RES94, + "Reserved error message 94" + + ec KRBET_RES95, + "Reserved error message 95" + + ec KRBET_RES96, + "Reserved error message 96" + + ec KRBET_RES97, + "Reserved error message 97" + + ec KRBET_RES98, + "Reserved error message 98" + + ec KRBET_RES99, + "Reserved error message 99" + + ec KRBET_RES100, + "Reserved error message 100" + + ec KRBET_RES101, + "Reserved error message 101" + + ec KRBET_RES102, + "Reserved error message 102" + + ec KRBET_RES103, + "Reserved error message 103" + + ec KRBET_RES104, + "Reserved error message 104" + + ec KRBET_RES105, + "Reserved error message 105" + + ec KRBET_RES106, + "Reserved error message 106" + + ec KRBET_RES107, + "Reserved error message 107" + + ec KRBET_RES108, + "Reserved error message 108" + + ec KRBET_RES109, + "Reserved error message 109" + + ec KRBET_RES110, + "Reserved error message 110" + + ec KRBET_RES111, + "Reserved error message 111" + + ec KRBET_RES112, + "Reserved error message 112" + + ec KRBET_RES113, + "Reserved error message 113" + + ec KRBET_RES114, + "Reserved error message 114" + + ec KRBET_RES115, + "Reserved error message 115" + + ec KRBET_RES116, + "Reserved error message 116" + + ec KRBET_RES117, + "Reserved error message 117" + + ec KRBET_RES118, + "Reserved error message 118" + + ec KRBET_RES119, + "Reserved error message 119" + + ec KRBET_RES120, + "Reserved error message 120" + + ec KRBET_RES121, + "Reserved error message 121" + + ec KRBET_RES122, + "Reserved error message 122" + + ec KRBET_RES123, + "Reserved error message 123" + + ec KRBET_RES124, + "Reserved error message 124" + + ec KRBET_RES125, + "Reserved error message 125" + + ec KRBET_RES126, + "Reserved error message 126" + + ec KRBET_RES127, + "Reserved error message 127" + + ec KRBET_RES128, + "Reserved error message 128" + + ec KRBET_RES129, + "Reserved error message 129" + + ec KRBET_RES130, + "Reserved error message 130" + + ec KRBET_RES131, + "Reserved error message 131" + + ec KRBET_RES132, + "Reserved error message 132" + + ec KRBET_RES133, + "Reserved error message 133" + + ec KRBET_RES134, + "Reserved error message 134" + + ec KRBET_RES135, + "Reserved error message 135" + + ec KRBET_RES136, + "Reserved error message 136" + + ec KRBET_RES137, + "Reserved error message 137" + + ec KRBET_RES138, + "Reserved error message 138" + + ec KRBET_RES139, + "Reserved error message 139" + + ec KRBET_RES140, + "Reserved error message 140" + + ec KRBET_RES141, + "Reserved error message 141" + + ec KRBET_RES142, + "Reserved error message 142" + + ec KRBET_RES143, + "Reserved error message 143" + + ec KRBET_RES144, + "Reserved error message 144" + + ec KRBET_RES145, + "Reserved error message 145" + + ec KRBET_RES146, + "Reserved error message 146" + + ec KRBET_RES147, + "Reserved error message 147" + + ec KRBET_RES148, + "Reserved error message 148" + + ec KRBET_RES149, + "Reserved error message 149" + + ec KRBET_RES150, + "Reserved error message 150" + + ec KRBET_RES151, + "Reserved error message 151" + + ec KRBET_RES152, + "Reserved error message 152" + + ec KRBET_RES153, + "Reserved error message 153" + + ec KRBET_RES154, + "Reserved error message 154" + + ec KRBET_RES155, + "Reserved error message 155" + + ec KRBET_RES156, + "Reserved error message 156" + + ec KRBET_RES157, + "Reserved error message 157" + + ec KRBET_RES158, + "Reserved error message 158" + + ec KRBET_RES159, + "Reserved error message 159" + + ec KRBET_RES160, + "Reserved error message 160" + + ec KRBET_RES161, + "Reserved error message 161" + + ec KRBET_RES162, + "Reserved error message 162" + + ec KRBET_RES163, + "Reserved error message 163" + + ec KRBET_RES164, + "Reserved error message 164" + + ec KRBET_RES165, + "Reserved error message 165" + + ec KRBET_RES166, + "Reserved error message 166" + + ec KRBET_RES167, + "Reserved error message 167" + + ec KRBET_RES168, + "Reserved error message 168" + ec KRBET_RES169, + "Reserved error message 169" + + ec KRBET_RES170, + "Reserved error message 170" + + ec KRBET_RES171, + "Reserved error message 171" + + ec KRBET_RES172, + "Reserved error message 172" + + ec KRBET_RES173, + "Reserved error message 173" + + ec KRBET_RES174, + "Reserved error message 174" + + ec KRBET_RES175, + "Reserved error message 175" + + ec KRBET_RES176, + "Reserved error message 176" + + ec KRBET_RES177, + "Reserved error message 177" + + ec KRBET_RES178, + "Reserved error message 178" + + ec KRBET_RES179, + "Reserved error message 179" + + ec KRBET_RES180, + "Reserved error message 180" + + ec KRBET_RES181, + "Reserved error message 181" + + ec KRBET_RES182, + "Reserved error message 182" + + ec KRBET_RES183, + "Reserved error message 183" + + ec KRBET_RES184, + "Reserved error message 184" + + ec KRBET_RES185, + "Reserved error message 185" + + ec KRBET_RES186, + "Reserved error message 186" + + ec KRBET_RES187, + "Reserved error message 187" + + ec KRBET_RES188, + "Reserved error message 188" + + ec KRBET_RES189, + "Reserved error message 189" + + ec KRBET_RES190, + "Reserved error message 190" + + ec KRBET_RES191, + "Reserved error message 191" + + ec KRBET_RES192, + "Reserved error message 192" + + ec KRBET_RES193, + "Reserved error message 193" + + ec KRBET_RES194, + "Reserved error message 194" + + ec KRBET_RES195, + "Reserved error message 195" + + ec KRBET_RES196, + "Reserved error message 196" + + ec KRBET_RES197, + "Reserved error message 197" + + ec KRBET_RES198, + "Reserved error message 198" + + ec KRBET_RES199, + "Reserved error message 199" + + ec KRBET_RES200, + "Reserved error message 200" + + ec KRBET_RES201, + "Reserved error message 201" + + ec KRBET_RES202, + "Reserved error message 202" + + ec KRBET_RES203, + "Reserved error message 203" + + ec KRBET_RES204, + "Reserved error message 204" + + ec KRBET_RES205, + "Reserved error message 205" + + ec KRBET_RES206, + "Reserved error message 206" + + ec KRBET_RES207, + "Reserved error message 207" + + ec KRBET_RES208, + "Reserved error message 208" + + ec KRBET_RES209, + "Reserved error message 209" + + ec KRBET_RES210, + "Reserved error message 210" + + ec KRBET_RES211, + "Reserved error message 211" + + ec KRBET_RES212, + "Reserved error message 212" + + ec KRBET_RES213, + "Reserved error message 213" + + ec KRBET_RES214, + "Reserved error message 214" + + ec KRBET_RES215, + "Reserved error message 215" + + ec KRBET_RES216, + "Reserved error message 216" + + ec KRBET_RES217, + "Reserved error message 217" + + ec KRBET_RES218, + "Reserved error message 218" + + ec KRBET_RES219, + "Reserved error message 219" + + ec KRBET_RES220, + "Reserved error message 220" + + ec KRBET_RES221, + "Reserved error message 221" + + ec KRBET_RES222, + "Reserved error message 222" + + ec KRBET_RES223, + "Reserved error message 223" + + ec KRBET_RES224, + "Reserved error message 224" + + ec KRBET_RES225, + "Reserved error message 225" + + ec KRBET_RES226, + "Reserved error message 226" + + ec KRBET_RES227, + "Reserved error message 227" + + ec KRBET_RES228, + "Reserved error message 228" + + ec KRBET_RES229, + "Reserved error message 229" + + ec KRBET_RES230, + "Reserved error message 230" + + ec KRBET_RES231, + "Reserved error message 231" + + ec KRBET_RES232, + "Reserved error message 232" + + ec KRBET_RES233, + "Reserved error message 233" + + ec KRBET_RES234, + "Reserved error message 234" + + ec KRBET_RES235, + "Reserved error message 235" + + ec KRBET_RES236, + "Reserved error message 236" + + ec KRBET_RES237, + "Reserved error message 237" + + ec KRBET_RES238, + "Reserved error message 238" + + ec KRBET_RES239, + "Reserved error message 239" + + ec KRBET_RES240, + "Reserved error message 240" + + ec KRBET_RES241, + "Reserved error message 241" + + ec KRBET_RES242, + "Reserved error message 242" + + ec KRBET_RES243, + "Reserved error message 243" + + ec KRBET_RES244, + "Reserved error message 244" + + ec KRBET_RES245, + "Reserved error message 245" + + ec KRBET_RES246, + "Reserved error message 246" + + ec KRBET_RES247, + "Reserved error message 247" + + ec KRBET_RES248, + "Reserved error message 248" + + ec KRBET_RES249, + "Reserved error message 249" + + ec KRBET_RES250, + "Reserved error message 250" + + ec KRBET_RES251, + "Reserved error message 251" + + ec KRBET_RES252, + "Reserved error message 252" + + ec KRBET_RES253, + "Reserved error message 253" + + ec KRBET_RES254, + "Reserved error message 254" + + ec KRBET_KFAILURE, + "Generic kerberos error (kfailure)" + end diff --git a/src/lib/krb4/realmofhost.c b/src/lib/krb4/realmofhost.c deleted file mode 100644 index d818a89a5..000000000 --- a/src/lib/krb4/realmofhost.c +++ /dev/null @@ -1,152 +0,0 @@ -/* - * realmofhost.c - * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - * - * routine to convert hostname into realm name. - */ - -#include "mit-copyright.h" -#include "krb.h" - -#include -#include -#include -#ifdef HAVE_STDLIB_H -#include -#else -extern char *malloc(); -#endif -#include "port-sockets.h" -#include "krb4int.h" - -/* - * krb_realmofhost. - * Given a fully-qualified domain-style primary host name, - * return the name of the Kerberos realm for the host. - * If the hostname contains no discernable domain, or an error occurs, - * return the local realm name, as supplied by get_krbrlm(). - * If the hostname contains a domain, but no translation is found, - * the hostname's domain is converted to upper-case and returned. - * - * The format of each line of the translation file is: - * domain_name kerberos_realm - * -or- - * host_name kerberos_realm - * - * domain_name should be of the form .XXX.YYY (e.g. .LCS.MIT.EDU) - * host names should be in the usual form (e.g. FOO.BAR.BAZ) - */ - -static char ret_realm[REALM_SZ+1]; - -char * KRB5_CALLCONV -krb_realmofhost(host) - char *host; -{ - char *domain; - FILE *trans_file; - /* - * This used to be MAXHOSTNAMELEN, but we don't know how big - * that will necessarily be on all systems, so assume 1024. - */ - char trans_host[1024]; - char trans_realm[REALM_SZ+1]; - int retval; - struct hostent *h; - char *lhost; - - /* First, canonicalize it. This is in case the caller - didn't have a fully qualified domain name. */ - if ((h=gethostbyname(host)) == NULL) - lhost = host; - else { - lhost = h->h_name; -#ifdef DO_REVERSE_RESOLVE - if (h->h_addr_list != NULL && h->h_addr_list[0] != NULL) { - char *rev_addr; int rev_type, rev_len; - - rev_type = h->h_addrtype; - rev_len = h->h_length; - rev_addr = malloc(rev_len); - if (rev_addr != NULL) { - memcpy(rev_addr, h->h_addr_list[0], rev_len); - h = gethostbyaddr(rev_addr, rev_len, rev_type); - free(rev_addr); - if (h == NULL) - lhost = host; - else - lhost = h->h_name; - } - } -#endif - } - - domain = strchr(lhost, '.'); - - /* prepare default */ - if (domain) { - char *cp; - - /* If the domain is just below the top, e.g., CYGNUS.COM, - then we special-case it; if someone really wants a - realm called COM they will just have to specify it - properly. */ - if (((cp = strchr(domain+1, '.')) == (char *) 0) - /* Handle root domain properly (COM.): */ - || (*(cp + 1) == '\0')) - domain = lhost - 1; /* -1 fakes "period" before domain */ - - strncpy(ret_realm, domain+1, REALM_SZ); - ret_realm[REALM_SZ] = '\0'; - /* Upper-case realm */ - for (cp = ret_realm; *cp; cp++) - if (islower((int) (*cp))) - *cp = toupper((int) *cp); - } else { - krb_get_lrealm(ret_realm, 1); - } - - if ((trans_file = krb__get_realmsfile()) == (FILE *) 0) - /* krb_errno = KRB_NO_TRANS */ - return(ret_realm); - - /* loop while not exact match, and more entries to read */ - while (1) { - /* XXX REALM_SZ == 40 */ - if ((retval = fscanf(trans_file, "%1023s %40s", - trans_host, trans_realm)) != 2) { - if (retval == EOF) - break; - continue; /* ignore broken lines */ - } - trans_host[(MAXHOSTNAMELEN <= 1023) ? MAXHOSTNAMELEN : 1023] - = '\0'; - trans_realm[REALM_SZ] = '\0'; - if (trans_host[0] == '.') { - /* want domain match only */ - if (domain && (strlen(trans_host) == strlen(domain)) - && !strcasecmp (trans_host, domain)) { - /* got domain match, save for later */ - (void) strncpy (ret_realm, trans_realm, - sizeof(ret_realm) - 1); - ret_realm[sizeof(ret_realm) - 1] = '\0'; - continue; - } - } else { - /* want exact match of hostname */ - if ((strlen(lhost) == strlen(trans_host)) && - !strcasecmp (trans_host, lhost)) { - (void) strncpy (ret_realm, trans_realm, - sizeof(ret_realm) - 1); - ret_realm[sizeof(ret_realm) - 1] = '\0'; - break; - } - } - } - fclose (trans_file); - return ret_realm; -} diff --git a/src/lib/krb4/send_to_kdc.c b/src/lib/krb4/send_to_kdc.c index ce602105d..b7401650a 100644 --- a/src/lib/krb4/send_to_kdc.c +++ b/src/lib/krb4/send_to_kdc.c @@ -1,14 +1,29 @@ /* - * send_to_kdc.c + * lib/krb4/send_to_kdc.c * - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * Copyright 1987-2002 by the Massachusetts Institute of Technology. + * All Rights Reserved. * - * For copying and distribution information, please see the file - * . + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. */ -#include "mit-copyright.h" - #include "krb.h" #include "krbports.h" #include "prot.h" diff --git a/src/lib/krb4/tf_util.c b/src/lib/krb4/tf_util.c index 473c597ad..7de4b0ac4 100644 --- a/src/lib/krb4/tf_util.c +++ b/src/lib/krb4/tf_util.c @@ -184,7 +184,7 @@ static int tf_gets (char *, int), tf_read (char *, int); */ int KRB5_CALLCONV tf_init(tf_name, rw) - char *tf_name; + const char *tf_name; int rw; { int wflag; -- 2.26.2