+Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu)
+
+ * Added krb5_context to all krb5_routines
+
+ * krsh.c (main): Use htons(debug_port).
+
Wed Jan 11 01:25:09 1995 Mark Eichin <eichin@cygnus.com>
* logutil.c (update_wtmp): declare missing variables if
/* Decode, decrypt and store the forwarded creds in the local ccache. */
krb5_error_code
-rd_and_store_for_creds(inbuf, ticket, lusername)
+rd_and_store_for_creds(context, inbuf, ticket, lusername)
+ krb5_context context;
krb5_data *inbuf;
krb5_ticket *ticket;
char *lusername;
sprintf(ccname, "FILE:/tmp/krb5cc_p%d", getpid());
setenv("KRB5CCNAME", ccname, 0);
- if (retval = krb5_cc_resolve(ccname, &ccache)) {
+ if (retval = krb5_cc_resolve(context, ccname, &ccache)) {
return(retval);
}
- if (retval = krb5_cc_initialize(ccache,
+ if (retval = krb5_cc_initialize(context, ccache,
ticket->enc_part2->client)) {
return(retval);
}
- if (retval = krb5_cc_store_cred(ccache, &creds)) {
+ if (retval = krb5_cc_store_cred(context, ccache, &creds)) {
return(retval);
}
char *default_service = "host";
extern krb5_cksumtype krb5_kdc_req_sumtype;
+extern krb5_context bsd_context;
kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm,
cred, seqno, server_seqno, laddr, faddr, authopts)
fprintf(stderr,"kcmd: no memory\n");
return(-1);
}
- status = krb5_sname_to_principal(host_save,service,KRB5_NT_SRV_HST,
- &ret_cred->server);
+ status = krb5_sname_to_principal(bsd_context, host_save,service,
+ KRB5_NT_SRV_HST, &ret_cred->server);
if (status) {
fprintf(stderr, "kcmd: krb5_sname_to_principal failed: %s\n",
error_message(status));
strcpy(rdata.data, realm);
/* XXX we should free the old realm first */
- krb5_princ_set_realm(ret_cred->server, &rdata);
+ krb5_princ_set_realm(bsd_context, ret_cred->server, &rdata);
}
#ifdef POSIX_SIGNALS
sigemptyset(&urgmask);
sigsetmask(oldmask);
#endif /* POSIX_SIGNALS */
if (tmpstr) krb5_xfree(tmpstr);
- krb5_free_creds(ret_cred);
+ krb5_free_creds(bsd_context, ret_cred);
return (-1);
}
#ifdef HAVE_SETOWN
sigsetmask(oldmask);
#endif /* POSIX_SIGNALS */
if (tmpstr) krb5_xfree(tmpstr);
- krb5_free_creds(ret_cred);
+ krb5_free_creds(bsd_context, ret_cred);
return (-1);
}
lport--;
/* compute checksum, using CRC-32 */
if (!(send_cksum.contents = (krb5_octet *)
- malloc(krb5_checksum_size(CKSUMTYPE_CRC32)))) {
+ malloc(krb5_checksum_size(bsd_context, CKSUMTYPE_CRC32)))) {
status = -1;
goto bad2;
}
/* choose some random stuff to compute checksum from */
sprintf(tmpstr,"%x %x",pid,pid);
- if (status = krb5_calculate_checksum(CKSUMTYPE_CRC32,
+ if (status = krb5_calculate_checksum(bsd_context, CKSUMTYPE_CRC32,
tmpstr,
strlen(tmpstr),
0,
&send_cksum))
goto bad3;
- status = krb5_cc_default(&cc);
+ status = krb5_cc_default(bsd_context, &cc);
if (status) goto bad3;
- status = krb5_cc_get_principal(cc, &ret_cred->client);
+ status = krb5_cc_get_principal(bsd_context, cc, &ret_cred->client);
if (status) goto bad3;
/* Get ticket from credentials cache or kdc */
- status = krb5_get_credentials(0, cc, ret_cred);
+ status = krb5_get_credentials(bsd_context, 0, cc, ret_cred);
if (status) goto bad3;
/* Reset internal flags; these should not be sent. */
/* call Kerberos library routine to obtain an authenticator,
pass it over the socket to the server, and obtain mutual
authentication. */
- status = krb5_sendauth((krb5_pointer) &s,
+ status = krb5_sendauth(bsd_context, (krb5_pointer) &s,
"KCMDV0.1", ret_cred->client, ret_cred->server,
authopts,
&send_cksum,
fprintf(stderr, "Error text sent from server: %s\n",
error->text.data);
}
- krb5_free_error(error);
+ krb5_free_error(bsd_context, error);
error = 0;
}
}
if (status) goto bad3;
if (rep_ret && server_seqno) {
*server_seqno = rep_ret->seq_number;
- krb5_free_ap_rep_enc_part(rep_ret);
+ krb5_free_ap_rep_enc_part(bsd_context, rep_ret);
}
(void) write(s, remuser, strlen(remuser)+1);
(void) write(s, locuser, strlen(locuser)+1);
if (options & OPTS_FORWARD_CREDS) { /* Forward credentials */
- if (status = krb5_get_for_creds(ETYPE_DES_CBC_CRC,
+ if (status = krb5_get_for_creds(bsd_context, ETYPE_DES_CBC_CRC,
krb5_kdc_req_sumtype,
hp->h_name,
ret_cred->client,
}
/* Send forwarded credentials */
- if (status = krb5_write_message((krb5_pointer)&s, &outbuf))
+ if (status = krb5_write_message(bsd_context, (krb5_pointer)&s, &outbuf))
goto bad3;
}
else { /* Dummy write to signal no forwarding */
outbuf.length = 0;
- if (status = krb5_write_message((krb5_pointer)&s, &outbuf))
+ if (status = krb5_write_message(bsd_context, (krb5_pointer)&s, &outbuf))
goto bad3;
}
if (tmpstr) krb5_xfree(tmpstr);
/* pass back credentials if wanted */
- if (cred) krb5_copy_creds(ret_cred,cred);
- krb5_free_creds(ret_cred);
+ if (cred) krb5_copy_creds(bsd_context, ret_cred,cred);
+ krb5_free_creds(bsd_context, ret_cred);
return (0);
bad3:
#endif /* POSIX_SIGNALS */
if (tmpstr) krb5_xfree(tmpstr);
if (ret_cred)
- krb5_free_creds(ret_cred);
+ krb5_free_creds(bsd_context, ret_cred);
return (status);
}
krb5_data desinbuf,desoutbuf;
krb5_encrypt_block eblock; /* eblock for encrypt/decrypt */
krb5_keyblock *session_key; /* static key for session */
+krb5_context bsd_context;
void try_normal();
char **save_argv();
char **orig_argv = save_argv(argc, argv);
sp = getservbyname("kshell", "tcp");
- krb5_init_ets();
+ krb5_init_context(&bsd_context);
+ krb5_init_ets(bsd_context);
desinbuf.data = des_inbuf;
desoutbuf.data = des_outbuf; /* Set up des buffers */
#else
#ifdef POSIX_SIGNALS
struct sigaction sa, isa, qsa;
#else
- register krb5_sigtype (*istat)(), (*qstat)();
+ register krb5_sigtype (bsd_context, *istat)(), (*qstat)();
#endif
if ((pid = vfork()) == 0) {
#endif
#include <krb5/widen.h>
-krb5_error_code tgt_keyproc(DECLARG(krb5_pointer, keyprocarg),
- DECLARG(krb5_principal, principal),
- DECLARG(krb5_kvno, vno),
- DECLARG(krb5_keyblock **, key))
- OLDDECLARG(krb5_pointer, keyprocarg)
- OLDDECLARG(krb5_principal, principal)
- OLDDECLARG(krb5_kvno, vno)
- OLDDECLARG(krb5_keyblock **, key)
+krb5_error_code tgt_keyproc(context, keyprocarg, principal, vno, key)
+ krb5_context context;
+ krb5_pointer keyprocarg;
+ krb5_principal principal;
+ krb5_kvno vno;
+ krb5_keyblock ** key;
#include <krb5/narrow.h>
{
krb5_creds *creds = (krb5_creds *)keyprocarg;
- return krb5_copy_keyblock(&creds->keyblock, key);
+ return krb5_copy_keyblock(context, &creds->keyblock, key);
}
- if (status = krb5_cc_default(&cc)){
+ if (status = krb5_cc_default(bsd_context, &cc)){
fprintf(stderr,"rcp: send_auth failed krb5_cc_default : %s\n",
error_message(status));
exit(1);
memset ((char*)&creds, 0, sizeof(creds));
- if (status = krb5_cc_get_principal(cc, &creds.client)){
+ if (status = krb5_cc_get_principal(bsd_context, cc, &creds.client)){
fprintf(stderr,
"rcp: send_auth failed krb5_cc_get_principal : %s\n",
error_message(status));
- krb5_cc_close(cc);
+ krb5_cc_close(bsd_context, cc);
exit(1);
}
- if (status = krb5_unparse_name(creds.client, &princ)){
+ if (status = krb5_unparse_name(bsd_context, creds.client, &princ)){
fprintf(stderr,"rcp: send_auth failed krb5_parse_name : %s\n",
error_message(status));
- krb5_cc_close(cc);
+ krb5_cc_close(bsd_context, cc);
exit(1);
}
- if (status = krb5_build_principal_ext(&creds.server,
- krb5_princ_realm(creds.client)->length,
- krb5_princ_realm(creds.client)->data,
+ if (status = krb5_build_principal_ext(bsd_context, &creds.server,
+ krb5_princ_realm(bsd_context, creds.client)->length,
+ krb5_princ_realm(bsd_context, creds.client)->data,
6, "krbtgt",
- krb5_princ_realm(creds.client)->length,
- krb5_princ_realm(creds.client)->data,
+ krb5_princ_realm(bsd_context, creds.client)->length,
+ krb5_princ_realm(bsd_context, creds.client)->data,
0)){
fprintf(stderr,
"rcp: send_auth failed krb5_build_principal_ext : %s\n",
error_message(status));
- krb5_cc_close(cc);
+ krb5_cc_close(bsd_context, cc);
exit(1);
}
/* Get TGT from credentials cache */
- if (status = krb5_get_credentials(KRB5_GC_CACHED, cc, &creds)){
+ if (status = krb5_get_credentials(bsd_context, KRB5_GC_CACHED, cc, &creds)){
fprintf(stderr,
"rcp: send_auth failed krb5_get_credentials: %s\n",
error_message(status));
- krb5_cc_close(cc);
+ krb5_cc_close(bsd_context, cc);
exit(1);
}
- krb5_cc_close(cc);
+ krb5_cc_close(bsd_context, cc);
princ_data.data = princ;
princ_data.length = strlen(princ_data.data) + 1; /* include null
terminator for
server's convenience */
- status = krb5_write_message((krb5_pointer) &rem, &princ_data);
+ status = krb5_write_message(bsd_context, (krb5_pointer) &rem, &princ_data);
if (status){
fprintf(stderr,
"rcp: send_auth failed krb5_write_message: %s\n",
exit(1);
}
krb5_xfree(princ);
- status = krb5_write_message((krb5_pointer) &rem, &creds.ticket);
+ status = krb5_write_message(bsd_context, (krb5_pointer)&rem, &creds.ticket);
if (status){
fprintf(stderr,
"rcp: send_auth failed krb5_write_message: %s\n",
exit(1);
}
- status = krb5_read_message((krb5_pointer) &rem, &reply);
+ status = krb5_read_message(bsd_context, (krb5_pointer) &rem, &reply);
if (status){
fprintf(stderr,
"rcp: send_auth failed krb5_read_message: %s\n",
faddr.contents = (krb5_octet *) &foreign.sin_addr;
/* read the ap_req to get the session key */
- status = krb5_rd_req(&reply,
+ status = krb5_rd_req(bsd_context, &reply,
0, /* don't know server's name... */
&faddr,
0, /* no fetchfrom */
exit(1);
}
- krb5_copy_keyblock(authdat->ticket->enc_part2->session,&session_key);
- krb5_free_tkt_authent(authdat);
- krb5_free_cred_contents(&creds);
+ krb5_copy_keyblock(bsd_context, authdat->ticket->enc_part2->session,
+ &session_key);
+ krb5_free_tkt_authent(bsd_context, authdat);
+ krb5_free_cred_contents(bsd_context, &creds);
- krb5_use_keytype(&eblock, session_key->keytype);
- if ( status = krb5_process_key(&eblock,
+ krb5_use_keytype(bsd_context, &eblock, session_key->keytype);
+ if ( status = krb5_process_key(bsd_context, &eblock,
session_key)){
fprintf(stderr, "rcp: send_auth failed krb5_process_key: %s\n",
error_message(status));
memset ((char*)&creds, 0, sizeof(creds));
- if (status = krb5_read_message((krb5_pointer) &rem, &pname_data)) {
+ if (status = krb5_read_message(bsd_context, (krb5_pointer)&rem,
+ &pname_data)) {
exit(1);
}
- if (status = krb5_read_message((krb5_pointer) &rem,
+ if (status = krb5_read_message(bsd_context, (krb5_pointer) &rem,
&creds.second_ticket)) {
exit(1);
}
- if (status = krb5_cc_default(&cc)){
+ if (status = krb5_cc_default(bsd_context, &cc)){
exit(1);
}
- if (status = krb5_cc_get_principal(cc, &creds.client)){
- krb5_cc_destroy(cc);
- krb5_cc_close(cc);
+ if (status = krb5_cc_get_principal(bsd_context, cc, &creds.client)){
+ krb5_cc_destroy(bsd_context, cc);
+ krb5_cc_close(bsd_context, cc);
exit(1);
}
- if (status = krb5_parse_name(pname_data.data, &creds.server)){
- krb5_cc_destroy(cc);
- krb5_cc_close(cc);
+ if (status = krb5_parse_name(bsd_context, pname_data.data, &creds.server)){
+ krb5_cc_destroy(bsd_context, cc);
+ krb5_cc_close(bsd_context, cc);
exit(1);
}
krb5_xfree(pname_data.data);
- if (status = krb5_get_credentials(KRB5_GC_USER_USER, cc, &creds)){
- krb5_cc_destroy(cc);
- krb5_cc_close(cc);
+ if (status = krb5_get_credentials(bsd_context, KRB5_GC_USER_USER, cc, &creds)){
+ krb5_cc_destroy(bsd_context, cc);
+ krb5_cc_close(bsd_context, cc);
exit(1);
}
- if (status = krb5_mk_req_extended(AP_OPTS_USE_SESSION_KEY,
+ if (status = krb5_mk_req_extended(bsd_context, AP_OPTS_USE_SESSION_KEY,
0, /* no application checksum here */
krb5_kdc_default_options,
0,
&creds,
0, /* don't need authenticator copy */
&msg)) {
- krb5_cc_destroy(cc);
- krb5_cc_close(cc);
+ krb5_cc_destroy(bsd_context, cc);
+ krb5_cc_close(bsd_context, cc);
exit(1);
}
- krb5_cc_destroy(cc);
- krb5_cc_close(cc);
- status = krb5_write_message((krb5_pointer) &rem, &msg);
+ krb5_cc_destroy(bsd_context, cc);
+ krb5_cc_close(bsd_context, cc);
+ status = krb5_write_message(bsd_context, (krb5_pointer) &rem, &msg);
krb5_xfree(msg.data);
if (status){
exit(1);
}
/* setup eblock for des_read and write */
- krb5_copy_keyblock(&creds.keyblock,&session_key);
+ krb5_copy_keyblock(bsd_context, &creds.keyblock,&session_key);
/* cleanup */
- krb5_free_cred_contents(&creds);
+ krb5_free_cred_contents(bsd_context, &creds);
/* OK process key */
- krb5_use_keytype(&eblock, session_key->keytype);
- if ( status = krb5_process_key(&eblock,session_key)) {
+ krb5_use_keytype(bsd_context, &eblock, session_key->keytype);
+ if ( status = krb5_process_key(bsd_context, &eblock,session_key)) {
exit(1);
}
nstored = 0;
}
- if ((cc = krb5_net_read(fd, (char *)&len_buf, 4)) != 4) {
+ if ((cc = krb5_net_read(bsd_context, fd, (char *)&len_buf, 4)) != 4) {
/* XXX can't read enough, pipe must have closed */
return(0);
}
errno = E2BIG;
return(-1);
}
- if ((cc = krb5_net_read(fd, desinbuf.data, net_len)) != net_len) {
+ if ((cc = krb5_net_read(bsd_context, fd, desinbuf.data, net_len)) != net_len) {
/* pipe must have closed, return 0 */
error( "rcp: Des_read error: length received %d != expected %d.\n",
cc,net_len);
return(0);
}
/* decrypt info */
- if ((status = krb5_decrypt(desinbuf.data,
+ if ((status = krb5_decrypt(bsd_context, desinbuf.data,
(krb5_pointer) storage,
net_len,
&eblock, 0))) {
if (desoutbuf.length > sizeof(des_outbuf)){
return(-1);
}
- if (( krb5_encrypt((krb5_pointer)buf,
+ if (( krb5_encrypt(bsd_context, (krb5_pointer)buf,
desoutbuf.data,
len,
&eblock,
int fflag = 0, Fflag = 0;
krb5_creds *cred;
struct sockaddr_in local, foreign;
+krb5_context bsd_context;
#ifndef UCB_RLOGIN
#define UCB_RLOGIN "/usr/ucb/rlogin"
exit(1);
}
#ifdef KERBEROS
- krb5_init_ets();
+ krb5_init_context(&bsd_context);
+ krb5_init_ets(bsd_context);
desinbuf.data = des_inbuf;
desoutbuf.data = des_outbuf; /* Set up des buffers */
/*
rem = sock;
/* setup eblock for des_read and write */
- krb5_use_keytype(&eblock,cred->keyblock.keytype);
- if ( status = krb5_process_key(&eblock,&cred->keyblock)) {
+ krb5_use_keytype(bsd_context, &eblock,cred->keyblock.keytype);
+ if ( status = krb5_process_key(bsd_context, &eblock,&cred->keyblock)) {
fprintf(stderr,
"%s: Cannot process session key : %s.\n",
orig_argv[0], error_message(status));
nstored = 0;
}
- if ((cc = krb5_net_read(fd, (char *)&len_buf, 4)) != 4) {
+ if ((cc = krb5_net_read(bsd_context, fd, (char *)&len_buf, 4)) != 4) {
/* XXX can't read enough, pipe must have closed */
return(0);
}
fprintf(stderr,"Read size problem.\n");
return(0);
}
- if ((cc = krb5_net_read(fd, desinbuf.data, net_len)) != net_len) {
+ if ((cc = krb5_net_read(bsd_context, fd, desinbuf.data, net_len)) != net_len) {
/* pipe must have closed, return 0 */
fprintf(stderr,
"Read error: length received %d != expected %d.\n",
return(0);
}
/* decrypt info */
- if ((krb5_decrypt(desinbuf.data,
+ if ((krb5_decrypt(bsd_context, desinbuf.data,
(krb5_pointer) storage,
net_len,
&eblock, 0))) {
fprintf(stderr,"Write size problem.\n");
return(-1);
}
- if (( krb5_encrypt((krb5_pointer)buf,
+ if (( krb5_encrypt(bsd_context, (krb5_pointer)buf,
desoutbuf.data,
len,
&eblock,
len -= nstored;
nstored = 0;
}
- if ((cc = krb5_net_read(fd, len_buf, 4)) != 4) {
+ if ((cc = krb5_net_read(bsd_context, fd, len_buf, 4)) != 4) {
/* XXX can't read enough, pipe must have closed */
return(0);
}
#else
rd_len = roundup(net_len, 8);
#endif
- if ((cc = krb5_net_read(fd, des_inbuf, rd_len)) != rd_len) {
+ if ((cc = krb5_net_read(bsd_context, fd, des_inbuf, rd_len)) != rd_len) {
/* pipe must have closed, return 0 */
return(0);
}
#define min(a,b) ((a < b) ? a : b)
if (len < 8) {
- krb5_random_confounder(8 - len, &garbage_buf);
+ krb5_random_confounder(bsd_context, 8 - len, &garbage_buf);
/* this "right-justifies" the data in the buffer */
(void) memcpy(garbage_buf + 8 - len, buf, len);
}
krb5_authenticator *kdata;
krb5_ticket *ticket = 0;
+krb5_context bsd_context;
#define ARGSTR "rRkKeExXpPD:?"
#else /* !KERBEROS */
#ifdef KERBEROS
if (must_pass_k5 || must_pass_one) {
/* Init error messages and setup des buffers */
- krb5_init_ets();
+ krb5_init_context(&bsd_context);
+ krb5_init_ets(bsd_context);
desinbuf.data = des_inbuf;
desoutbuf.data = des_outbuf; /* Set up des buffers */
}
/* Kerberos V4, or host-based. */
if (status = recvauth()) {
if (ticket)
- krb5_free_ticket(ticket);
+ krb5_free_ticket(bsd_context, ticket);
if (status != 255)
syslog(LOG_ERR,
"Authentication failed from %s: %s\n",
if (must_pass_k5 || must_pass_one) {
#if (defined(ALWAYS_V5_KUSEROK) || !defined(KRB5_KRB4_COMPAT))
/* krb5_kuserok returns 1 if OK */
- if (client && krb5_kuserok(client, lusername))
+ if (client && krb5_kuserok(bsd_context, client, lusername))
passed_krb++;
#else
if (auth_sys == KRB5_RECVAUTH_V4) {
passed_krb++;
} else {
/* krb5_kuserok returns 1 if OK */
- if (client && krb5_kuserok(client, lusername))
+ if (client && krb5_kuserok(bsd_context, client, lusername))
passed_krb++;
}
#endif
return;
if (ticket)
- krb5_free_ticket(ticket);
+ krb5_free_ticket(bsd_context, ticket);
msg_fail = (char *) malloc( strlen(krusername) + strlen(lusername) + 80 );
if (!msg_fail)
nstored = 0;
}
- if ((cc = krb5_net_read(fd, (char *)len_buf, 4)) != 4) {
+ if ((cc = krb5_net_read(bsd_context, fd, (char *)len_buf, 4)) != 4) {
if ((cc < 0) && ((errno == EWOULDBLOCK) || (errno == EAGAIN)))
return(cc);
/* XXX can't read enough, pipe must have closed */
}
retry = 0;
datard:
- if ((cc = krb5_net_read(fd, desinbuf.data, net_len)) != net_len) {
+ if ((cc = krb5_net_read(bsd_context,fd,desinbuf.data,net_len)) != net_len) {
/* XXX can't read enough, pipe must have closed */
if ((cc < 0) && ((errno == EWOULDBLOCK) || (errno == EAGAIN))) {
retry++;
return(0);
}
/* decrypt info */
- if ((krb5_decrypt(desinbuf.data,
+ if ((krb5_decrypt(bsd_context, desinbuf.data,
(krb5_pointer) storage,
net_len,
&eblock, 0))) {
syslog(LOG_ERR,"Write size problem.");
return(-1);
}
- if ((krb5_encrypt((krb5_pointer)buf,
+ if ((krb5_encrypt(bsd_context, (krb5_pointer)buf,
desoutbuf.data,
len,
&eblock,
char *luser;
{
char kuser[10];
- if (!(krb5_aname_to_localname(principal,
+ if (!(krb5_aname_to_localname(bsd_context, principal,
sizeof(kuser), kuser))
&& (strcmp(kuser, luser) == 0)) {
return 1;
int realm_length;
int retval;
- realm_length = krb5_princ_realm(principal)->length;
+ realm_length = krb5_princ_realm(bsd_context, principal)->length;
- if (retval = krb5_get_default_realm(&def_realm)) {
+ if (retval = krb5_get_default_realm(bsd_context, &def_realm)) {
return 0;
}
if ((realm_length != strlen(def_realm)) ||
- (memcmp(def_realm, krb5_princ_realm(principal)->data, realm_length))) {
+ (memcmp(def_realm, krb5_princ_realm(bsd_context, principal)->data, realm_length))) {
free(def_realm);
return 0;
}
peeraddr.length = SIZEOF_INADDR;
peeraddr.contents = (krb5_octet *)&peersin.sin_addr;
- if (status = krb5_sname_to_principal(NULL, "host", KRB5_NT_SRV_HST,
- &server)) {
+ if (status = krb5_sname_to_principal(bsd_context, NULL, "host",
+ KRB5_NT_SRV_HST, &server)) {
syslog(LOG_ERR, "parse server name %s: %s", "host",
error_message(status));
exit(1);
strcpy(v4_instance, "*");
- status = krb5_compat_recvauth(&netf,
+ status = krb5_compat_recvauth(bsd_context, &netf,
"KCMDV0.1",
server, /* Specify daemon principal */
&peeraddr, /* We do want to match */
getstr(netf, rusername, sizeof(rusername), "remuser");
- if (status = krb5_unparse_name(client, &krusername))
+ if (status = krb5_unparse_name(bsd_context, client, &krusername))
return status;
/* Setup up eblock if encrypted login session */
/* otherwise zero out session key */
if (do_encrypt) {
- krb5_use_keytype(&eblock,
+ krb5_use_keytype(bsd_context, &eblock,
ticket->enc_part2->session->keytype);
- if (status = krb5_process_key(&eblock,
+ if (status = krb5_process_key(bsd_context, &eblock,
ticket->enc_part2->session))
fatal(netf, "Permission denied");
}
- if (status = krb5_read_message((krb5_pointer)&netf, &inbuf))
+ if (status = krb5_read_message(bsd_context, (krb5_pointer)&netf, &inbuf))
fatal(netf, "Error reading message");
if (inbuf.length) { /* Forwarding being done, read creds */
- if (status = rd_and_store_for_creds(&inbuf, ticket, lusername))
+ if (status = rd_and_store_for_creds(bsd_context, &inbuf, ticket,
+ lusername))
fatal(netf, "Can't get forwarded credentials");
}
return 0;
char des_outbuf[2*BUFSIZ]; /* needs to be > largest write size */
krb5_data desinbuf,desoutbuf;
krb5_encrypt_block eblock; /* eblock for encrypt/decrypt */
+krb5_context bsd_context;
krb5_creds *cred;
int encrypt_flag = 0;
}
if (debug_port)
- sp->s_port = debug_port;
+ sp->s_port = htons(debug_port);
#ifdef KERBEROS
- krb5_init_ets();
+ krb5_init_context(&bsd_context);
+ krb5_init_ets(bsd_context);
authopts = AP_OPTS_MUTUAL_REQUIRED;
/* Piggy-back forwarding flags on top of authopts; */
/* Setup for des_read and write */
desinbuf.data = des_inbuf;
desoutbuf.data = des_outbuf;
- krb5_use_keytype(&eblock,cred->keyblock.keytype);
- if (status = krb5_process_key(&eblock,&cred->keyblock)) {
+ krb5_use_keytype(bsd_context, &eblock,cred->keyblock.keytype);
+ if (status = krb5_process_key(bsd_context, &eblock,&cred->keyblock)) {
fprintf(stderr, "%s: Cannot process session key : %s.\n",
argv0, error_message(status));
exit(1);
nstored = 0;
}
- if ((cc = krb5_net_read(fd, len_buf, 4)) != 4) {
+ if ((cc = krb5_net_read(bsd_context, fd, len_buf, 4)) != 4) {
/* XXX can't read enough, pipe must have closed */
return(0);
}
fprintf(stderr,"Read size problem.\n");
return(0);
}
- if ((cc = krb5_net_read(fd, desinbuf.data, net_len)) != net_len) {
+ if ((cc = krb5_net_read(bsd_context, fd, desinbuf.data, net_len)) != net_len) {
/* pipe must have closed, return 0 */
fprintf(stderr, "Read error: length received %d != expected %d.\n",
cc, net_len);
return(0);
}
/* decrypt info */
- if (cc = krb5_decrypt(desinbuf.data, (krb5_pointer) storage,
+ if (cc = krb5_decrypt(bsd_context, desinbuf.data, (krb5_pointer) storage,
net_len, &eblock, 0)) {
fprintf(stderr,"Cannot decrypt data from network\n");
return(0);
if (!encrypt_flag)
return(write(fd, buf, len));
- desoutbuf.length = krb5_encrypt_size(len,eblock.crypto_entry);
+ desoutbuf.length = krb5_encrypt_size(len, eblock.crypto_entry);
if (desoutbuf.length > sizeof(des_outbuf)){
fprintf(stderr,"Write size problem.\n");
return(-1);
}
- if (( krb5_encrypt((krb5_pointer)buf,
+ if (( krb5_encrypt(bsd_context, (krb5_pointer)buf,
desoutbuf.data,
len,
&eblock,
krb5_encrypt_block eblock; /* eblock for encrypt/decrypt */
char des_outbuf[2*BUFSIZ]; /* needs to be > largest write size */
krb5_data desinbuf,desoutbuf;
+krb5_context bsd_context;
void fatal();
int v5_des_read();
exit(1);
}
#ifdef KERBEROS
- krb5_init_ets();
+ krb5_init_context(&bsd_context);
+ krb5_init_ets(bsd_context);
netf = f;
desinbuf.data = des_inbuf;
desoutbuf.data = des_outbuf;
#endif
{
/* krb5_kuserok returns 1 if OK */
- if (!krb5_kuserok(client, locuser)){
+ if (!krb5_kuserok(bsd_context, client, locuser)){
syslog(LOG_ERR ,
"Principal %s (%s@%s) for local user %s failed krb5_kuserok.\n",
kremuser, remuser, hostname, locuser);
char *luser;
{
char kuser[10];
- if (!(krb5_aname_to_localname(principal,
+ if (!(krb5_aname_to_localname(bsd_context, principal,
sizeof(kuser), kuser))
&& (strcmp(kuser, luser) == 0)) {
return 1;
int realm_length;
int retval;
- realm_length = krb5_princ_realm(principal)->length;
+ realm_length = krb5_princ_realm(bsd_context, principal)->length;
- if (retval = krb5_get_default_realm(&def_realm)) {
+ if (retval = krb5_get_default_realm(bsd_context, &def_realm)) {
return 0;
}
if ((realm_length != strlen(def_realm)) ||
- (memcmp(def_realm, krb5_princ_realm(principal)->data, realm_length))) {
+ (memcmp(def_realm, krb5_princ_realm(bsd_context, principal)->data,
+ realm_length))) {
free(def_realm);
return 0;
}
#define SIZEOF_INADDR sizeof(struct in_addr)
#endif
- if (status = krb5_sname_to_principal(NULL, "host", KRB5_NT_SRV_HST,
- &server)) {
+ if (status = krb5_sname_to_principal(bsd_context, NULL, "host",
+ KRB5_NT_SRV_HST, &server)) {
syslog(LOG_ERR, "parse server name %s: %s", "host",
error_message(status));
exit(1);
strcpy(v4_instance, "*");
- status = krb5_compat_recvauth(&netf,
+ status = krb5_compat_recvauth(bsd_context, &netf,
"KCMDV0.1",
server, /* Specify daemon principal */
&peeraddr, /* We do want to match */
sprintf(kremuser, "%s/%s@%s", v4_kdata->pname,
v4_kdata->pinst, v4_kdata->prealm);
- if (status = krb5_parse_name(kremuser, &client))
+ if (status = krb5_parse_name(bsd_context, kremuser, &client))
return(status);
return 0;
}
getstr(netf, remuser, sizeof(locuser), "remuser");
- if (status = krb5_unparse_name(client, &kremuser))
+ if (status = krb5_unparse_name(bsd_context, client, &kremuser))
return status;
/* Setup eblock for encrypted sessions. */
- krb5_use_keytype(&eblock, ticket->enc_part2->session->keytype);
- if (status = krb5_process_key(&eblock, ticket->enc_part2->session))
+ krb5_use_keytype(bsd_context, &eblock, ticket->enc_part2->session->keytype);
+ if (status = krb5_process_key(bsd_context, &eblock, ticket->enc_part2->session))
fatal(netf, "Permission denied");
/* Null out the "session" because eblock.key references the session
* key here, and we do not want krb5_free_ticket() to destroy it. */
ticket->enc_part2->session = 0;
- if (status = krb5_read_message((krb5_pointer)&netf, &inbuf)) {
+ if (status = krb5_read_message(bsd_context, (krb5_pointer)&netf, &inbuf)) {
error("Error reading message: %s\n", error_message(status));
exit(1);
}
if (inbuf.length) { /* Forwarding being done, read creds */
- if (status = rd_and_store_for_creds(&inbuf, ticket, locuser)) {
+ if (status = rd_and_store_for_creds(bsd_context, &inbuf, ticket, locuser)) {
error("Can't get forwarded credentials: %s\n",
error_message(status));
exit(1);
}
}
- krb5_free_ticket(ticket);
+ krb5_free_ticket(bsd_context, ticket);
return 0;
}
nstored = 0;
}
- if ((cc = krb5_net_read(fd, (char *)len_buf, 4)) != 4) {
+ if ((cc = krb5_net_read(bsd_context, fd, (char *)len_buf, 4)) != 4) {
if ((cc < 0) && ((errno == EWOULDBLOCK) || (errno == EAGAIN)))
return(cc);
/* XXX can't read enough, pipe must have closed */
}
retry = 0;
datard:
- if ((cc = krb5_net_read(fd, desinbuf.data, net_len)) != net_len) {
+ if ((cc = krb5_net_read(bsd_context, fd, desinbuf.data, net_len)) != net_len) {
/* XXX can't read enough, pipe must have closed */
if ((cc < 0) && ((errno == EWOULDBLOCK) || (errno == EAGAIN))) {
retry++;
}
/* decrypt info */
- if (krb5_decrypt(desinbuf.data, (krb5_pointer) storage, net_len,
+ if (krb5_decrypt(bsd_context, desinbuf.data, (krb5_pointer) storage, net_len,
&eblock, 0)) {
syslog(LOG_ERR,"Read decrypt problem.");
return(0);
return(-1);
}
- if (krb5_encrypt((krb5_pointer)buf, desoutbuf.data, len, &eblock, 0)) {
+ if (krb5_encrypt(bsd_context, (krb5_pointer)buf, desoutbuf.data, len, &eblock, 0)) {
syslog(LOG_ERR,"Write encrypt problem.");
return(-1);
}