summaryrefslogtreecommitdiff
path: root/kerberosIV/kauth
diff options
context:
space:
mode:
authorArtur Grabowski <art@cvs.openbsd.org>1997-12-18 22:28:06 +0000
committerArtur Grabowski <art@cvs.openbsd.org>1997-12-18 22:28:06 +0000
commit9c8e71c5198e4965b9bbce99b57ae5c0a67a686e (patch)
tree4c79477cf0460203dbbef2ce692977c31b65ac80 /kerberosIV/kauth
parent08ee6dc284aa9763275b05c8c8f255bbdacb0208 (diff)
kauth is a nice tool. Gets you kerberos tickets, afs-tokens and other nice
things.
Diffstat (limited to 'kerberosIV/kauth')
-rw-r--r--kerberosIV/kauth/Makefile11
-rw-r--r--kerberosIV/kauth/encdata.c106
-rw-r--r--kerberosIV/kauth/kauth.c326
-rw-r--r--kerberosIV/kauth/kauth.h81
-rw-r--r--kerberosIV/kauth/marshall.c98
-rw-r--r--kerberosIV/kauth/rkinit.c223
6 files changed, 845 insertions, 0 deletions
diff --git a/kerberosIV/kauth/Makefile b/kerberosIV/kauth/Makefile
new file mode 100644
index 00000000000..895ff11123e
--- /dev/null
+++ b/kerberosIV/kauth/Makefile
@@ -0,0 +1,11 @@
+# $OpenBSD: Makefile,v 1.1 1997/12/18 22:28:02 art Exp $
+
+.include <bsd.obj.mk>
+
+SRCS= encdata.c rkinit.c kauth.c marshall.c
+PROG= kauth
+LDADD+= -lkrb -lkafs -ldes
+DPADD+= ${LIBKRB} ${LIBKAFS}
+MAN=
+
+.include <bsd.prog.mk>
diff --git a/kerberosIV/kauth/encdata.c b/kerberosIV/kauth/encdata.c
new file mode 100644
index 00000000000..71e1a998c6e
--- /dev/null
+++ b/kerberosIV/kauth/encdata.c
@@ -0,0 +1,106 @@
+/* $OpenBSD: encdata.c,v 1.1 1997/12/18 22:28:02 art Exp $ */
+/* $KTH: encdata.c,v 1.9 1997/04/01 08:17:30 joda Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kauth.h"
+
+int
+write_encrypted (int fd, void *buf, size_t len, des_key_schedule schedule,
+ des_cblock *session, struct sockaddr_in *me,
+ struct sockaddr_in *him)
+{
+ void *outbuf;
+ int32_t outlen, l;
+ int i;
+ unsigned char tmp[4];
+
+ outbuf = malloc(len + 30);
+ if (outbuf == NULL)
+ return -1;
+
+ outlen = krb_mk_priv (buf, outbuf, len, schedule, session, me, him);
+ if (outlen < 0) {
+ free(outbuf);
+ return -1;
+ }
+
+ l = outlen;
+ for(i = 3; i >= 0; i--, l = l >> 8)
+ tmp[i] = l & 0xff;
+ if (krb_net_write (fd, tmp, 4) != 4 ||
+ krb_net_write (fd, outbuf, outlen) != outlen) {
+ free(outbuf);
+ outbuf = NULL;
+ return -1;
+ }
+
+ free(outbuf);
+ outbuf = NULL;
+ return 0;
+}
+
+
+int
+read_encrypted (int fd, void *buf, size_t len, void **ret,
+ des_key_schedule schedule, des_cblock *session,
+ struct sockaddr_in *him, struct sockaddr_in *me)
+{
+ int status;
+ int32_t l;
+ MSG_DAT msg;
+ unsigned char tmp[4];
+
+ l = krb_net_read (fd, tmp, 4);
+ if (l != 4)
+ return l;
+ l = (tmp[0] << 24) | (tmp[1] << 16) | (tmp[2] << 8) | tmp[3];
+ if (l > len)
+ return -1;
+ if (krb_net_read (fd, buf, l) != l)
+ return -1;
+ status = krb_rd_priv (buf, l, schedule, session, him, me, &msg);
+ if (status != RD_AP_OK) {
+ fprintf (stderr, "read_encrypted: %s\n",
+ krb_get_err_text(status));
+ return -1;
+ }
+ *ret = msg.app_data;
+ return msg.app_length;
+}
diff --git a/kerberosIV/kauth/kauth.c b/kerberosIV/kauth/kauth.c
new file mode 100644
index 00000000000..4126ebdef92
--- /dev/null
+++ b/kerberosIV/kauth/kauth.c
@@ -0,0 +1,326 @@
+/* $OpenBSD: kauth.c,v 1.1 1997/12/18 22:28:03 art Exp $ */
+/* $KTH: kauth.c,v 1.81 1997/12/09 10:36:33 joda Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * Little program that reads an srvtab or password and
+ * creates a suitable ticketfile and associated AFS tokens.
+ *
+ * If an optional command is given the command is executed in a
+ * new PAG and when the command exits the tickets are destroyed.
+ */
+
+#include "kauth.h"
+
+krb_principal princ;
+static char srvtab[MAXPATHLEN + 1];
+static int lifetime = DEFAULT_TKT_LIFE;
+static char remote_tktfile[MAXPATHLEN + 1];
+static char remoteuser[100];
+static char *cell = 0;
+static char progname[] = "kauth";
+
+char *
+strupr(char *str)
+{
+ char *s;
+
+ for(s = str; *s; s++)
+ *s = toupper(*s);
+ return str;
+}
+
+static void
+usage(void)
+{
+ fprintf(stderr,
+ "Usage: %s -n <name> [-r remoteuser] [-t remote ticketfile] "
+ "[-l lifetime (in minutes) ] [-f srvtab ] "
+ "[-c AFS cell name ] [-h hosts... [--]] [command ... ]\n",
+ progname);
+ fprintf(stderr, "\nA fully qualified name can be given user[.instance][@realm]\nRealm is converted to uppercase!\n");
+ exit(1);
+}
+
+static void
+doexec(int argc, char **argv)
+{
+ int status;
+ pid_t ret;
+
+ switch (fork()) {
+ case -1:
+ err (1, "fork");
+ break;
+ case 0:
+ /* in child */
+ execvp(argv[0], argv);
+ err (1, "Can't exec program ``%s''", argv[0]);
+ break;
+ default:
+ /* in parent */
+ do {
+ ret = wait(&status);
+ } while ((ret > 0 && !WIFEXITED(status)) || (ret < 0 && errno == EINTR));
+ if (ret < 0)
+ perror("wait");
+ dest_tkt();
+ if (k_hasafs())
+ k_unlog();
+ break;
+ }
+}
+
+void
+renew(int sig)
+{
+ int code;
+
+ signal(SIGALRM, renew);
+
+ code = krb_get_svc_in_tkt(princ.name, princ.instance, princ.realm,
+ KRB_TICKET_GRANTING_TICKET,
+ princ.realm, lifetime, srvtab);
+ if (code)
+ warnx ("%s", krb_get_err_text(code));
+ else if (k_hasafs())
+ {
+ if ((code = krb_afslog(cell, NULL)) != 0 && code != KDC_PR_UNKNOWN) {
+ warnx ("%s", krb_get_err_text(code));
+ }
+ }
+
+ alarm(krb_life_to_time(0, lifetime)/2 - 60);
+}
+
+static int
+zrefresh(void)
+{
+ switch (fork()) {
+ case -1:
+ err (1, "Warning: Failed to fork zrefresh");
+ return -1;
+ case 0:
+ /* Child */
+ execlp("zrefresh", "zrefresh", 0);
+ execl("/usr/bin/zrefresh", "zrefresh", 0);
+ exit(1);
+ default:
+ /* Parent */
+ break;
+ }
+ return 0;
+}
+
+static int
+key_to_key(char *user, char *instance, char *realm, void *arg,
+ des_cblock *key)
+{
+ memcpy(key, arg, sizeof(des_cblock));
+ return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+ int code, more_args;
+ int ret;
+ int c;
+ char *file;
+ int pflag = 0;
+ char passwd[100];
+ des_cblock key;
+ char **host;
+ int nhost;
+ char tf[MAXPATHLEN];
+
+ if ((file = getenv("KRBTKFILE")) == 0)
+ file = TKT_FILE;
+
+ memset(&princ, 0, sizeof(princ));
+ memset(srvtab, 0, sizeof(srvtab));
+ *remoteuser = '\0';
+ nhost = 0;
+
+ /* Look for kerberos name */
+ if (argc > 1 &&
+ argv[1][0] != '-' &&
+ krb_parse_name(argv[1], &princ) == 0)
+ {
+ argc--; argv++;
+ strupr(princ.realm);
+ }
+
+ while ((c = getopt(argc, argv, "r:t:f:hl:n:c:")) != EOF)
+ switch (c) {
+ case 'f':
+ strncpy(srvtab, optarg, sizeof(srvtab));
+ break;
+ case 't':
+ strncpy(remote_tktfile, optarg, sizeof(remote_tktfile));
+ break;
+ case 'r':
+ strncpy(remoteuser, optarg, sizeof(remoteuser));
+ break;
+ case 'l':
+ lifetime = atoi(optarg);
+ if (lifetime == -1)
+ lifetime = 255;
+ else if (lifetime < 5)
+ lifetime = 1;
+ else
+ lifetime = krb_time_to_life(0, lifetime*60);
+ if (lifetime > 255)
+ lifetime = 255;
+ break;
+ case 'n':
+ if ((code = krb_parse_name(optarg, &princ)) != 0) {
+ warnx ("%s", krb_get_err_text(code));
+ usage();
+ }
+ strupr(princ.realm);
+ pflag = 1;
+ break;
+ case 'c':
+ cell = optarg;
+ break;
+ case 'h':
+ host = argv + optind;
+ for(nhost = 0; optind < argc && *argv[optind] != '-'; ++optind)
+ ++nhost;
+ break;
+ case '?':
+ default:
+ usage();
+ break;
+ }
+
+ if (princ.name[0] == '\0' && krb_get_default_principal (princ.name,
+ princ.instance,
+ princ.realm) < 0)
+ errx (1, "Could not get default principal");
+
+ /* With root tickets assume remote user is root */
+ if (*remoteuser == '\0')
+ if (strcmp(princ.instance, "root") == 0) {
+ strncpy(remoteuser, princ.instance, sizeof(remoteuser) - 1);
+ remoteuser[sizeof(remoteuser) - 1] = '\0';
+ }
+ else {
+ strncpy(remoteuser, princ.name, sizeof(remoteuser) - 1);
+ remoteuser[sizeof(remoteuser) - 1] = '\0';
+ }
+
+ more_args = argc - optind;
+
+ if (princ.realm[0] == '\0')
+ if (krb_get_lrealm(princ.realm, 1) != KSUCCESS) {
+ strncpy(princ.realm, KRB_REALM, REALM_SZ - 1);
+ princ.realm[REALM_SZ - 1] = '\0';
+ }
+
+ if (more_args) {
+ int f;
+
+ do{
+ snprintf(tf, sizeof(tf),
+ TKT_ROOT "%u_%u",
+ (unsigned)getuid(),
+ (unsigned)(getpid()*time(0)));
+ f = open(tf, O_CREAT|O_EXCL|O_RDWR);
+ }while(f < 0);
+ close(f);
+ unlink(tf);
+ setenv("KRBTKFILE", tf, 1);
+ krb_set_tkt_string (tf);
+ }
+
+ if (srvtab[0])
+ {
+ signal(SIGALRM, renew);
+
+ code = read_service_key (princ.name, princ.instance, princ.realm, 0,
+ srvtab, (char *)&key);
+ if (code == KSUCCESS)
+ code = krb_get_in_tkt(princ.name, princ.instance, princ.realm,
+ KRB_TICKET_GRANTING_TICKET,
+ princ.realm, lifetime,
+ key_to_key, NULL, key);
+ alarm(krb_life_to_time(0, lifetime)/2 - 60);
+ }
+ else {
+ char prompt[128];
+
+ snprintf(prompt, sizeof(prompt), "%s's Password: ", krb_unparse_name(&princ));
+ if (des_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0)){
+ memset(passwd, 0, sizeof(passwd));
+ exit(1);
+ }
+ code = krb_get_pw_in_tkt2(princ.name, princ.instance, princ.realm,
+ KRB_TICKET_GRANTING_TICKET, princ.realm,
+ lifetime, passwd, &key);
+
+ memset(passwd, 0, sizeof(passwd));
+ }
+ if (code) {
+ memset (key, 0, sizeof(key));
+ errx (1, "%s", krb_get_err_text(code));
+ }
+
+ if (k_hasafs()) {
+ if (more_args)
+ k_setpag();
+ if ((code = krb_afslog(cell, NULL)) != 0 && code != KDC_PR_UNKNOWN)
+ warnx ("%s", krb_get_err_text(code));
+ }
+
+ for(ret = 0; nhost-- > 0; host++)
+ ret += rkinit(&princ, lifetime, remoteuser, remote_tktfile, &key, *host);
+
+ if (ret)
+ return ret;
+
+ if (more_args)
+ doexec(more_args, &argv[optind]);
+ else
+ zrefresh();
+
+ return 0;
+}
diff --git a/kerberosIV/kauth/kauth.h b/kerberosIV/kauth/kauth.h
new file mode 100644
index 00000000000..85d04a6cc14
--- /dev/null
+++ b/kerberosIV/kauth/kauth.h
@@ -0,0 +1,81 @@
+/* $KTH: kauth.h,v 1.18 1997/05/20 18:40:31 bg Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <string.h>
+#include <signal.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <unistd.h>
+#include <pwd.h>
+#include <grp.h>
+
+#include <sys/time.h>
+#include <time.h>
+#include <sys/resource.h>
+#include <sys/wait.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+
+#include <err.h>
+
+#include <kerberosIV/krb.h>
+#include <kerberosIV/kafs.h>
+
+#define KAUTH_PORT 2120
+
+#define KAUTH_VERSION "RKINIT.0"
+
+int rkinit (krb_principal*, int, char*, char*, des_cblock*, char*);
+
+int write_encrypted (int, void*, size_t, des_key_schedule,
+ des_cblock*, struct sockaddr_in*, struct sockaddr_in*);
+
+int read_encrypted (int, void*, size_t, void **, des_key_schedule,
+ des_cblock*, struct sockaddr_in*, struct sockaddr_in*);
+
+unsigned pack_args (char *, krb_principal*, int, char*, char*);
+
+int unpack_args (char*, krb_principal*, int*, char*, char*);
diff --git a/kerberosIV/kauth/marshall.c b/kerberosIV/kauth/marshall.c
new file mode 100644
index 00000000000..982991509c7
--- /dev/null
+++ b/kerberosIV/kauth/marshall.c
@@ -0,0 +1,98 @@
+/* $OpenBSD: marshall.c,v 1.1 1997/12/18 22:28:04 art Exp $ */
+/* $KTH: marshall.c,v 1.7 1997/04/01 08:17:32 joda Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kauth.h"
+
+unsigned
+pack_args (char *buf, krb_principal *pr, int lifetime,
+ char *locuser, char *tktfile)
+{
+ char *p;
+
+ p = buf;
+ strcpy (p, pr->name);
+ p += strlen (pr->name) + 1;
+ strcpy (p, pr->instance);
+ p += strlen (pr->instance) + 1;
+ strcpy (p, pr->realm);
+ p += strlen (pr->realm) + 1;
+ *p++ = (unsigned char)lifetime;
+ strcpy(p, locuser);
+ p += strlen (locuser) + 1;
+ strcpy(p, tktfile);
+ p += strlen(tktfile) + 1;
+ return p - buf;
+}
+
+int
+unpack_args (char *buf, krb_principal *pr, int *lifetime,
+ char *locuser, char *tktfile)
+{
+ int len;
+
+ len = strlen(buf);
+ if (len > SNAME_SZ)
+ return -1;
+ strncpy(pr->name, buf, len + 1);
+ buf += len + 1;
+ len = strlen (buf);
+ if (len > INST_SZ)
+ return -1;
+ strncpy (pr->instance, buf, len + 1);
+ buf += len + 1;
+ len = strlen (buf);
+ if (len > REALM_SZ)
+ return -1;
+ strncpy (pr->realm, buf, len + 1);
+ buf += len + 1;
+ *lifetime = (unsigned char)*buf++;
+ len = strlen(buf);
+ if (len > SNAME_SZ)
+ return -1;
+ strncpy (locuser, buf, len + 1);
+ buf += len + 1;
+ len = strlen(buf);
+ if (len > MAXPATHLEN)
+ return -1;
+ strncpy (tktfile, buf, len + 1);
+ buf += len + 1;
+ return 0;
+}
diff --git a/kerberosIV/kauth/rkinit.c b/kerberosIV/kauth/rkinit.c
new file mode 100644
index 00000000000..615b6592583
--- /dev/null
+++ b/kerberosIV/kauth/rkinit.c
@@ -0,0 +1,223 @@
+/* $OpenBSD: rkinit.c,v 1.1 1997/12/18 22:28:05 art Exp $ */
+/* $KTH: rkinit.c,v 1.19 1997/04/01 08:17:33 joda Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kauth.h"
+
+static struct in_addr *
+getalladdrs (char *hostname, unsigned *count)
+{
+ struct hostent *hostent;
+ struct in_addr **h;
+ struct in_addr *addr;
+ unsigned naddr;
+ unsigned maxaddr;
+
+ hostent = gethostbyname (hostname);
+ if (hostent == NULL) {
+ warnx ("gethostbyname '%s' failed: %s\n",
+ hostname,
+#ifdef HAVE_H_ERRNO
+ hstrerror(h_errno)
+#else
+ "unknown error"
+#endif
+ );
+ return NULL;
+ }
+ maxaddr = 1;
+ naddr = 0;
+ addr = malloc(sizeof(*addr) * maxaddr);
+ if (addr == NULL) {
+ warnx ("out of memory");
+ return NULL;
+ }
+ for (h = (struct in_addr **)(hostent->h_addr_list);
+ *h != NULL;
+ h++) {
+ if (naddr >= maxaddr) {
+ maxaddr *= 2;
+ addr = realloc (addr, sizeof(*addr) * maxaddr);
+ if (addr == NULL) {
+ warnx ("out of memory");
+ return NULL;
+ }
+ }
+ addr[naddr++] = **h;
+ }
+ addr = realloc (addr, sizeof(*addr) * naddr);
+ if (addr == NULL) {
+ warnx ("out of memory");
+ return NULL;
+ }
+ *count = naddr;
+ return addr;
+}
+
+static int
+doit_host (krb_principal *princ, int lifetime, char *locuser,
+ char *tktfile, des_cblock *key, int s, char *hostname)
+{
+ char buf[BUFSIZ];
+ int inlen;
+ KTEXT_ST text;
+ CREDENTIALS cred;
+ MSG_DAT msg;
+ int status;
+ des_key_schedule schedule;
+ struct sockaddr_in thisaddr, thataddr;
+ int addrlen;
+ void *ret;
+
+ addrlen = sizeof(thisaddr);
+ if (getsockname (s, (struct sockaddr *)&thisaddr, &addrlen) < 0 ||
+ addrlen != sizeof(thisaddr)) {
+ warn ("getsockname(%s)", hostname);
+ return 1;
+ }
+ addrlen = sizeof(thataddr);
+ if (getpeername (s, (struct sockaddr *)&thataddr, &addrlen) < 0 ||
+ addrlen != sizeof(thataddr)) {
+ warn ("getpeername(%s)", hostname);
+ return 1;
+ }
+
+ status = krb_sendauth (KOPT_DO_MUTUAL, s, &text, "rcmd",
+ hostname, krb_realmofhost (hostname),
+ getpid(), &msg, &cred, schedule,
+ &thisaddr, &thataddr, KAUTH_VERSION);
+ if (status != KSUCCESS) {
+ warnx ("%s: %s\n", hostname, krb_get_err_text(status));
+ return 1;
+ }
+ inlen = pack_args (buf, princ, lifetime, locuser, tktfile);
+
+ if (write_encrypted(s, buf, inlen, schedule, &cred.session,
+ &thisaddr, &thataddr) < 0) {
+ warn ("write to %s", hostname);
+ return 1;
+ }
+
+ inlen = read_encrypted (s, buf, sizeof(buf), &ret, schedule,
+ &cred.session, &thataddr, &thisaddr);
+ if (inlen < 0) {
+ warn ("read from %s failed", hostname);
+ return 1;
+ }
+
+ if (strncmp(ret, "ok", inlen) != 0) {
+ warnx ("error from %s: %.*s\n",
+ hostname, inlen, (char *)ret);
+ return 1;
+ }
+
+ inlen = read_encrypted (s, buf, sizeof(buf), &ret, schedule,
+ &cred.session, &thataddr, &thisaddr);
+ if (inlen < 0) {
+ warn ("read from %s", hostname);
+ return 1;
+ }
+
+ {
+ des_key_schedule key_s;
+
+ des_key_sched(key, key_s);
+ des_pcbc_encrypt(ret, ret, inlen, key_s, key, DES_DECRYPT);
+ memset(key_s, 0, sizeof(key_s));
+ }
+ write_encrypted (s, ret, inlen, schedule, &cred.session,
+ &thisaddr, &thataddr);
+
+ inlen = read_encrypted (s, buf, sizeof(buf), &ret, schedule,
+ &cred.session, &thataddr, &thisaddr);
+ if (inlen < 0) {
+ warn ("read from %s", hostname);
+ return 1;
+ }
+
+ if (strncmp(ret, "ok", inlen) != 0) {
+ warnx ("error from %s: %.*s\n",
+ hostname, inlen, (char *)ret);
+ return 1;
+ }
+ return 0;
+}
+
+int
+rkinit (krb_principal *princ, int lifetime, char *locuser,
+ char *tktfile, des_cblock *key, char *hostname)
+{
+ struct in_addr *addr;
+ unsigned naddr;
+ unsigned i;
+ int port;
+ int success;
+
+ addr = getalladdrs (hostname, &naddr);
+ if (addr == NULL)
+ return 1;
+ port = k_getportbyname ("kauth", "tcp", htons(KAUTH_PORT));
+ success = 0;
+ for (i = 0; !success && i < naddr; ++i) {
+ struct sockaddr_in a;
+ int s;
+
+ memset(&a, 0, sizeof(a));
+ a.sin_family = AF_INET;
+ a.sin_port = port;
+ a.sin_addr = addr[i];
+
+ s = socket (AF_INET, SOCK_STREAM, 0);
+ if (s < 0) {
+ warn("socket");
+ return 1;
+ }
+ if (connect(s, (struct sockaddr *)&a, sizeof(a)) < 0) {
+ warn("connect(%s)", hostname);
+ continue;
+ }
+
+ success = success || !doit_host (princ, lifetime,
+ locuser, tktfile, key,
+ s, hostname);
+ close (s);
+ }
+ return !success;
+}