summaryrefslogtreecommitdiff
path: root/kerberosIV
diff options
context:
space:
mode:
Diffstat (limited to 'kerberosIV')
-rw-r--r--kerberosIV/Makefile8
-rw-r--r--kerberosIV/include/kafs_locl.h90
-rw-r--r--kerberosIV/include/kerberosIV/kafs.h90
-rw-r--r--kerberosIV/include/kerberosIV/krb.h211
-rw-r--r--kerberosIV/include/klog.h16
-rw-r--r--kerberosIV/include/krb_log.h83
-rw-r--r--kerberosIV/include/kuser_locl.h54
-rw-r--r--kerberosIV/include/prot.h26
-rw-r--r--kerberosIV/kafs/Makefile5
-rw-r--r--kerberosIV/kafs/afskrb.c112
-rw-r--r--kerberosIV/kafs/afssys.c410
-rw-r--r--kerberosIV/kafs/afssysdefs.h66
-rw-r--r--kerberosIV/kafs/common.c340
-rw-r--r--kerberosIV/kafs/shlib_version2
-rw-r--r--kerberosIV/kdb/kdb_locl.h41
-rw-r--r--kerberosIV/kerberos/Makefile4
-rw-r--r--kerberosIV/kerberos/kerberos.c1046
-rw-r--r--kerberosIV/kinit/kinit.c106
-rw-r--r--kerberosIV/klist/Makefile4
-rw-r--r--kerberosIV/klist/klist.c182
-rw-r--r--kerberosIV/krb/Makefile90
-rw-r--r--kerberosIV/krb/asprintf.c556
-rw-r--r--kerberosIV/krb/base64.c146
-rw-r--r--kerberosIV/krb/check_time.c56
-rw-r--r--kerberosIV/krb/cr_err_reply.c124
-rw-r--r--kerberosIV/krb/create_auth_reply.c139
-rw-r--r--kerberosIV/krb/create_ciph.c136
-rw-r--r--kerberosIV/krb/create_death_packet.c80
-rw-r--r--kerberosIV/krb/create_ticket.c143
-rw-r--r--kerberosIV/krb/debug_decl.c11
-rw-r--r--kerberosIV/krb/decomp_ticket.c206
-rw-r--r--kerberosIV/krb/dest_tkt.c50
-rw-r--r--kerberosIV/krb/encrypt_ktext.c51
-rw-r--r--kerberosIV/krb/et_list.c54
-rw-r--r--kerberosIV/krb/extract_ticket.c71
-rw-r--r--kerberosIV/krb/get_ad_tkt.c288
-rw-r--r--kerberosIV/krb/get_admhst.c100
-rw-r--r--kerberosIV/krb/get_cred.c24
-rw-r--r--kerberosIV/krb/get_default_principal.c89
-rw-r--r--kerberosIV/krb/get_host.c309
-rw-r--r--kerberosIV/krb/get_in_tkt.c318
-rw-r--r--kerberosIV/krb/get_krbhst.c98
-rw-r--r--kerberosIV/krb/get_krbrlm.c103
-rw-r--r--kerberosIV/krb/get_phost.c74
-rw-r--r--kerberosIV/krb/get_pw_tkt.c93
-rw-r--r--kerberosIV/krb/get_request.c66
-rw-r--r--kerberosIV/krb/get_svc_in_tkt.c30
-rw-r--r--kerberosIV/krb/get_tf_fullname.c20
-rw-r--r--kerberosIV/krb/get_tf_realm.c12
-rw-r--r--kerberosIV/krb/getaddrs.c105
-rw-r--r--kerberosIV/krb/getrealm.c222
-rw-r--r--kerberosIV/krb/getst.c15
-rw-r--r--kerberosIV/krb/in_tkt.c147
-rw-r--r--kerberosIV/krb/k_concat.c116
-rw-r--r--kerberosIV/krb/k_flock.c59
-rw-r--r--kerberosIV/krb/k_gethostname.c (renamed from kerberosIV/krb/pkt_cipher.c)30
-rw-r--r--kerberosIV/krb/k_getport.c57
-rw-r--r--kerberosIV/krb/k_getsockinst.c73
-rw-r--r--kerberosIV/krb/k_localtime.c63
-rw-r--r--kerberosIV/krb/kdc_reply.c131
-rw-r--r--kerberosIV/krb/klog.c124
-rw-r--r--kerberosIV/krb/kname_parse.c262
-rw-r--r--kerberosIV/krb/kntoln.c132
-rw-r--r--kerberosIV/krb/kparse.c796
-rw-r--r--kerberosIV/krb/krb_check_auth.c76
-rw-r--r--kerberosIV/krb/krb_equiv.c144
-rw-r--r--kerberosIV/krb/krb_err.et6
-rw-r--r--kerberosIV/krb/krb_err_txt.c27
-rw-r--r--kerberosIV/krb/krb_get_in_tkt.c359
-rw-r--r--kerberosIV/krb/krb_locl.h102
-rw-r--r--kerberosIV/krb/kuserok.c295
-rw-r--r--kerberosIV/krb/lifetime.c58
-rw-r--r--kerberosIV/krb/log.c133
-rw-r--r--kerberosIV/krb/logging.c240
-rw-r--r--kerberosIV/krb/lsb_addr_comp.c105
-rw-r--r--kerberosIV/krb/lsb_addr_comp.h50
-rw-r--r--kerberosIV/krb/mk_auth.c96
-rw-r--r--kerberosIV/krb/mk_err.c39
-rw-r--r--kerberosIV/krb/mk_priv.c220
-rw-r--r--kerberosIV/krb/mk_req.c246
-rw-r--r--kerberosIV/krb/mk_safe.c208
-rw-r--r--kerberosIV/krb/month_sname.c14
-rw-r--r--kerberosIV/krb/name2name.c102
-rw-r--r--kerberosIV/krb/netread.c14
-rw-r--r--kerberosIV/krb/netwrite.c17
-rw-r--r--kerberosIV/krb/one.c8
-rw-r--r--kerberosIV/krb/parse_name.c199
-rw-r--r--kerberosIV/krb/pkt_clen.c68
-rw-r--r--kerberosIV/krb/rd_err.c123
-rw-r--r--kerberosIV/krb/rd_priv.c251
-rw-r--r--kerberosIV/krb/rd_req.c312
-rw-r--r--kerberosIV/krb/rd_safe.c276
-rw-r--r--kerberosIV/krb/read_service_key.c47
-rw-r--r--kerberosIV/krb/realm_parse.c88
-rw-r--r--kerberosIV/krb/recvauth.c255
-rw-r--r--kerberosIV/krb/resolve.c232
-rw-r--r--kerberosIV/krb/resolve.h95
-rw-r--r--kerberosIV/krb/rw.c128
-rw-r--r--kerberosIV/krb/save_credentials.c28
-rw-r--r--kerberosIV/krb/send_to_kdc.c471
-rw-r--r--kerberosIV/krb/sendauth.c232
-rw-r--r--kerberosIV/krb/shlib_version4
-rw-r--r--kerberosIV/krb/stime.c (renamed from kerberosIV/krb/fgetst.c)51
-rw-r--r--kerberosIV/krb/str2key.c68
-rw-r--r--kerberosIV/krb/strtok_r.c61
-rw-r--r--kerberosIV/krb/tf_util.c759
-rw-r--r--kerberosIV/krb/tkt_string.c27
-rw-r--r--kerberosIV/krb/unparse_name.c105
-rw-r--r--kerberosIV/krb/util.c76
-rw-r--r--kerberosIV/krb/verify_user.c111
110 files changed, 8674 insertions, 6717 deletions
diff --git a/kerberosIV/Makefile b/kerberosIV/Makefile
index 730a24d1f5b..2868f4cc819 100644
--- a/kerberosIV/Makefile
+++ b/kerberosIV/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.10 1997/06/29 14:54:18 provos Exp $
+# $OpenBSD: Makefile,v 1.11 1997/11/28 12:48:37 art Exp $
# from @(#)Makefile 5.1 (Berkeley) 6/25/90
SUBDIR=
@@ -9,10 +9,12 @@ SUBDIR+=include
SUBDIR+=acl krb kadm kafs kdb
-SUBDIR+=ext_srvtab kadmin kadmind kdb_destroy kdb_edit kdb_init kdb_util \
- kdestroy kerberos kinit klist kpasswdd kprop kpropd ksrvtgt ksrvutil \
+SUBDIR+=ext_srvtab kadmin kdb_destroy kdb_edit kdb_init kdb_util \
+ kdestroy kerberos kinit klist kprop kpropd ksrvtgt ksrvutil \
kstash make_keypair register registerd
+#removed: kpasswdd kadmind
+
SUBDIR+=man
build:
diff --git a/kerberosIV/include/kafs_locl.h b/kerberosIV/include/kafs_locl.h
new file mode 100644
index 00000000000..0971f359469
--- /dev/null
+++ b/kerberosIV/include/kafs_locl.h
@@ -0,0 +1,90 @@
+/* $KTH: kafs_locl.h,v 1.7 1997/10/14 22:57:11 joda Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef __KAFS_LOCL_H__
+#define __KAFS_LOCL_H__
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <signal.h>
+#include <setjmp.h>
+#include <errno.h>
+
+#include <sys/types.h>
+#include <unistd.h>
+#include <sys/ioctl.h>
+#include <sys/filio.h>
+
+#include <sys/syscall.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+
+#include <netdb.h>
+
+#include <arpa/nameser.h>
+#include <resolv.h>
+
+#include <kerberosIV/krb.h>
+#include <kerberosIV/kafs.h>
+
+#include "afssysdefs.h"
+
+struct kafs_data;
+typedef int (*afslog_uid_func_t)(struct kafs_data*, const char*, uid_t);
+
+typedef int (*get_cred_func_t)(struct kafs_data*, const char*, const char*,
+ const char*, CREDENTIALS*);
+
+typedef char* (*get_realm_func_t)(struct kafs_data*, const char*);
+
+typedef struct kafs_data {
+ afslog_uid_func_t afslog_uid;
+ get_cred_func_t get_cred;
+ get_realm_func_t get_realm;
+ void *data;
+} kafs_data;
+
+int _kafs_afslog_all_local_cells(kafs_data*, uid_t);
+
+int _kafs_get_cred(kafs_data*, const char*, const char*, const char *,
+ CREDENTIALS*);
+
+#endif /* __KAFS_LOCL_H__ */
diff --git a/kerberosIV/include/kerberosIV/kafs.h b/kerberosIV/include/kerberosIV/kafs.h
index d085e8f98ad..d67d0f3b1ea 100644
--- a/kerberosIV/include/kerberosIV/kafs.h
+++ b/kerberosIV/include/kerberosIV/kafs.h
@@ -1,21 +1,63 @@
-/* $Id: kafs.h,v 1.1 1995/12/14 06:52:34 tholo Exp $ */
+/* $KTH: kafs.h,v 1.24 1997/10/14 23:00:16 joda Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
#ifndef __KAFS_H
#define __KAFS_H
+/* XXX must include krb5.h or krb.h */
+
+/* sys/ioctl.h must be included manually before kafs.h */
+
+/*
+ */
#define AFSCALL_PIOCTL 20
#define AFSCALL_SETPAG 21
#ifndef _VICEIOCTL
-#if defined(__STDC__) || defined(sgi)
#define _VICEIOCTL(id) ((unsigned int ) _IOW('V', id, struct ViceIoctl))
-#else
-#define _VICEIOCTL(id) ((unsigned int ) _IOW(V, id, struct ViceIoctl))
-#endif
#endif /* _VICEIOCTL */
-#define VIOCSETTOK _VICEIOCTL(3)
-#define VIOCUNLOG _VICEIOCTL(9)
+#define VIOCSETTOK _VICEIOCTL(3)
+#define VIOCGETTOK _VICEIOCTL(8)
+#define VIOCUNLOG _VICEIOCTL(9)
+#define VIOC_FILE_CELL_NAME _VICEIOCTL(30)
struct ViceIoctl {
caddr_t in, out;
@@ -36,12 +78,44 @@ struct ClearToken {
int k_hasafs __P((void));
-int k_afsklog __P((char *realm));
+int krb_afslog __P((const char *cell, const char *realm));
+int krb_afslog_uid __P((const char *cell, const char *realm, uid_t uid));
+/* compat */
+#define k_afsklog krb_afslog
+#define k_afsklog_uid krb_afslog_uid
+
int k_pioctl __P((char *a_path,
int o_opcode,
struct ViceIoctl *a_paramsP,
int a_followSymlinks));
int k_unlog __P((void));
int k_setpag __P((void));
+int k_afs_cell_of_file __P((const char *path, char *cell, int len));
+
+/* XXX */
+#ifdef KFAILURE
+#define KRB_H_INCLUDED
+#endif
+
+#ifdef KRB5_RECVAUTH_IGNORE_VERSION
+#define KRB5_H_INCLUDED
+#endif
+
+#ifdef KRB_H_INCLUDED
+int kafs_settoken __P((const char*, uid_t, CREDENTIALS*));
+#endif
+
+#ifdef KRB5_H_INCLUDED
+krb5_error_code krb5_afslog_uid __P((krb5_context, krb5_ccache,
+ const char*, krb5_const_realm, uid_t));
+krb5_error_code krb5_afslog __P((krb5_context, krb5_ccache,
+ const char*, krb5_const_realm));
+#endif
+
+
+#define _PATH_VICE "/usr/vice/etc/"
+#define _PATH_THISCELL _PATH_VICE "ThisCell"
+#define _PATH_CELLSERVDB _PATH_VICE "CellServDB"
+#define _PATH_THESECELLS _PATH_VICE "TheseCells"
#endif /* __KAFS_H */
diff --git a/kerberosIV/include/kerberosIV/krb.h b/kerberosIV/include/kerberosIV/krb.h
index 9397884e53d..20ac571badf 100644
--- a/kerberosIV/include/kerberosIV/krb.h
+++ b/kerberosIV/include/kerberosIV/krb.h
@@ -1,6 +1,7 @@
-/* $Id: krb.h,v 1.4 1997/06/29 10:48:36 provos Exp $ */
+/* $Id: krb.h,v 1.5 1997/11/28 12:48:41 art Exp $ */
+/* $KTH: krb.h,v 1.85 1997/10/24 10:18:16 assar Exp $ */
-/*-
+/*
* Copyright 1987, 1988 by the Student Information Processing Board
* of the Massachusetts Institute of Technology
*
@@ -21,13 +22,14 @@
* Include file for the Kerberos library.
*/
-/* Only one time, please */
-#ifndef KRB_DEFS
-#define KRB_DEFS
-
#include <sys/cdefs.h>
#include <sys/types.h>
+#ifndef __KRB_H__
+#define __KRB_H__
+
+__BEGIN_DECLS
+
/* Include site.h file to define paths */
#include <kerberosIV/site.h>
@@ -35,16 +37,19 @@
#include <des.h>
/* Global library variables. */
+extern int krb_ignore_ip_address; /* To turn off IP address comparison */
+extern int krb_no_long_lifetimes; /* To disable AFS compatible lifetimes */
extern int krbONE;
#define HOST_BYTE_ORDER (* (char *) &krbONE)
-extern int private_msg_ver; /* in rd_priv.c */
-extern int req_act_vno; /* this is defined in the kerberos server code */
-
/* Text describing error codes */
#define MAX_KRB_ERRORS 256
extern const char *krb_err_txt[MAX_KRB_ERRORS];
+/* Use this function rather than indexing in krb_err_txt */
+const char *krb_get_err_text __P((int code));
+
+
/* General definitions */
#define KSUCCESS 0
#define KFAILURE 255
@@ -54,33 +59,68 @@ extern const char *krb_err_txt[MAX_KRB_ERRORS];
*
* KRBLOG is the log file for the kerberos master server. KRB_CONF is
* the configuration file where different host machines running master
- * and slave servers can be found.
+ * and slave servers can be found. KRB_MASTER is the name of the
+ * machine with the master database. The admin_server runs on this
+ * machine, and all changes to the db (as opposed to read-only
+ * requests, which can go to slaves) must go to it. KRB_HOST is the
+ * default machine * when looking for a kerberos slave server. Other
+ * possibilities are * in the KRB_CONF file. KRB_REALM is the name of
+ * the realm.
*/
+/* /etc/kerberosIV is only for backwards compatibility, don't use it! */
+#ifndef KRB_CONF
+#define KRB_CONF "/etc/krb.conf"
+#endif
+#ifndef KRB_RLM_TRANS
+#define KRB_RLM_TRANS "/etc/krb.realms"
+#endif
+#ifndef KRB_CNF_FILES
+#define KRB_CNF_FILES { KRB_CONF, "/etc/kerberosIV/krb.conf", 0}
+#endif
+#ifndef KRB_RLM_FILES
+#define KRB_RLM_FILES { KRB_RLM_TRANS, "/etc/kerberosIV/krb.realms", 0}
+#endif
+#ifndef KRB_EQUIV
+#define KRB_EQUIV "/etc/krb.equiv"
+#endif
+#define KRB_MASTER "kerberos"
+#ifndef KRB_REALM
+#define KRB_REALM (krb_get_default_realm())
+#endif
+
/* The maximum sizes for aname, realm, sname, and instance +1 */
#define ANAME_SZ 40
#define REALM_SZ 40
#define SNAME_SZ 40
#define INST_SZ 40
-/* include space for '.' and '@' */
-#define MAX_K_NAME_SZ (ANAME_SZ + INST_SZ + REALM_SZ + 2)
+/* Leave space for quoting */
+#define MAX_K_NAME_SZ (2*ANAME_SZ + 2*INST_SZ + 2*REALM_SZ - 3)
#define KKEY_SZ 100
#define VERSION_SZ 1
#define MSG_TYPE_SZ 1
#define DATE_SZ 26 /* RTI date output */
-#define MAX_HSTNM 100
+#define MAX_HSTNM 100 /* for compatibility */
+
+typedef struct krb_principal{
+ char name[ANAME_SZ];
+ char instance[INST_SZ];
+ char realm[REALM_SZ];
+}krb_principal;
#ifndef DEFAULT_TKT_LIFE /* allow compile-time override */
/* default lifetime for krb_mk_req & co., 10 hrs */
#define DEFAULT_TKT_LIFE 120
#endif
+#define KRB_TICKET_GRANTING_TICKET "krbtgt"
+
/* Definition of text structure used to pass text around */
#define MAX_KTXT_LEN 1250
struct ktext {
- int length; /* Length of the text */
+ unsigned int length; /* Length of the text */
unsigned char dat[MAX_KTXT_LEN]; /* The data itself */
u_int32_t mbz; /* zero to catch runaway strings */
};
@@ -101,6 +141,10 @@ typedef struct ktext KTEXT_ST;
/* Parameters for rd_ap_req */
/* Maximum alloable clock skew in seconds */
#define CLOCK_SKEW 5*60
+/* Filename for readservkey */
+#ifndef KEYFILE
+#define KEYFILE "/etc/srvtab"
+#endif
/* Structure definition for rd_ap_req */
@@ -149,6 +193,16 @@ struct msg_dat {
typedef struct msg_dat MSG_DAT;
+struct krb_host {
+ char *realm;
+ char *host;
+ enum krb_host_proto { PROTO_UDP, PROTO_TCP, PROTO_HTTP } proto;
+ int port;
+ int admin;
+};
+
+struct krb_host *krb_get_host __P((int, char*, int));
+
/* Location of ticket file for save_cred and get_cred */
#define TKT_FILE tkt_string()
@@ -226,6 +280,7 @@ typedef struct msg_dat MSG_DAT;
/* Values returned by get_adtkt */
#define AD_OK 0 /* Ticket Obtained */
#define AD_NOTGT 71 /* Don't have tgt */
+#define AD_INTR_RLM_NOTGT 72 /* Can't get inter-realm tgt */
/* Error codes returned by ticket file utilities */
#define NO_TKT_FIL 76 /* No ticket file found */
@@ -257,7 +312,7 @@ typedef struct msg_dat MSG_DAT;
swab(((char *) x) +10,((char *) _krb_swap_tmp) +4 ,2); \
swab(((char *) x) +12,((char *) _krb_swap_tmp) +2 ,2); \
swab(((char *) x) +14,((char *) _krb_swap_tmp) +0 ,2); \
- bcopy((char *)_krb_swap_tmp,(char *)x,16);\
+ memcpy(x, _krb_swap_tmp, 16);\
}
#define swap_u_12(x) {\
@@ -268,7 +323,7 @@ typedef struct msg_dat MSG_DAT;
swab(((char *) x) +6, ((char *) _krb_swap_tmp) +4 ,2); \
swab(((char *) x) +8, ((char *) _krb_swap_tmp) +2 ,2); \
swab(((char *) x) +10,((char *) _krb_swap_tmp) +0 ,2); \
- bcopy((char *)_krb_swap_tmp,(char *)x,12);\
+ memcpy(x, _krb_swap_tmp, 12);\
}
#define swap_C_Block(x) {\
@@ -277,7 +332,7 @@ typedef struct msg_dat MSG_DAT;
swab(((char *) x) +2,((char *) _krb_swap_tmp) +4 ,2); \
swab(((char *) x) +4,((char *) _krb_swap_tmp) +2 ,2); \
swab(((char *) x) +6,((char *) _krb_swap_tmp) ,2); \
- bcopy((char *)_krb_swap_tmp,(char *)x,8);\
+ memcpy(x, _krb_swap_tmp, 8);\
}
#define swap_u_quad(x) {\
u_int32_t _krb_swap_tmp[4];\
@@ -285,7 +340,7 @@ typedef struct msg_dat MSG_DAT;
swab(((char *) &x) +2,((char *) _krb_swap_tmp) +4 ,2); \
swab(((char *) &x) +4,((char *) _krb_swap_tmp) +2 ,2); \
swab(((char *) &x) +6,((char *) _krb_swap_tmp) ,2); \
- bcopy((char *)_krb_swap_tmp,(char *)&x,8);\
+ memcpy(x, _krb_swap_tmp, 8);\
}
#define swap_u_long(x) {\
@@ -320,17 +375,29 @@ typedef struct msg_dat MSG_DAT;
* a hostname
*/
+#define KOPT_IGNORE_PROTOCOL 0x0008
+
#define KRB_SENDAUTH_VLEN 8 /* length for version strings */
-#ifdef ATHENA_COMPAT
-#define KOPT_DO_OLDSTYLE 0x00000008 /* use the old-style protocol */
-#endif /* ATHENA_COMPAT */
-struct tm;
+/* File locking */
+#define K_LOCK_SH 1 /* Shared lock */
+#define K_LOCK_EX 2 /* Exclusive lock */
+#define K_LOCK_NB 4 /* Don't block when locking */
+#define K_LOCK_UN 8 /* Unlock */
+int k_flock __P((int fd, int operation));
struct tm *k_localtime __P((u_int32_t *));
+int k_getsockinst __P((int fd, char *inst, size_t));
+int k_getportbyname __P((const char *service, const char *proto, int default_port));
+
+extern char *krb4_version;
+
+struct in_addr;
+
+int k_get_all_addrs __P((struct in_addr **l));
-/* --- Random prototypes */
-#include <sys/types.h> /* to get u_char */
+/* Host address comparison */
+int krb_equiv __P((u_int32_t, u_int32_t));
/* Password conversion */
void mit_string_to_key __P((char *str, char *cell, des_cblock *key));
@@ -346,20 +413,25 @@ int krb_atime_to_life __P((char *atime));
int tf_get_cred __P((CREDENTIALS *));
int tf_get_pinst __P((char *));
int tf_get_pname __P((char *));
+int tf_put_pinst __P((char *));
+int tf_put_pname __P((char *));
int tf_init __P((char *, int));
+int tf_create __P((char *));
int tf_save_cred __P((char *, char *, char *, unsigned char *, int , int , KTEXT ticket, u_int32_t));
void tf_close __P((void));
+int tf_setup __P((CREDENTIALS *cred, char *pname, char *pinst));
/* Private communication */
struct sockaddr_in;
-int32_t krb_mk_priv __P((u_char *, u_char *, u_int32_t , struct des_ks_struct *, des_cblock *, struct sockaddr_in *, struct sockaddr_in *));
-int32_t krb_rd_priv __P((u_char *, u_int32_t, struct des_ks_struct *, des_cblock *, struct sockaddr_in *, struct sockaddr_in *, MSG_DAT *));
+
+int32_t krb_mk_priv __P((void *, void *, u_int32_t, struct des_ks_struct *, des_cblock *, struct sockaddr_in *, struct sockaddr_in *));
+int32_t krb_rd_priv __P((void *, u_int32_t, struct des_ks_struct *, des_cblock *, struct sockaddr_in *, struct sockaddr_in *, MSG_DAT *));
/* Misc */
KTEXT create_auth_reply __P((char *, char *, char *, int32_t, int, u_int32_t, int, KTEXT));
-char *krb_get_phost __P((char *));
-char *krb_realmofhost __P((char *));
+char *krb_get_phost __P((const char *));
+char *krb_realmofhost __P((const char *));
char *tkt_string __P((void));
int create_ciph __P((KTEXT, unsigned char *, char *, char *, char *, u_int32_t, int, KTEXT, u_int32_t, des_cblock *));
@@ -368,56 +440,103 @@ int dest_tkt __P((void));
int get_ad_tkt __P((char *, char *, char *, int));
int get_pw_tkt __P((char *, char *, char *, char *));
int get_request __P((KTEXT, int, char **, char **));
-int get_request __P((KTEXT, int, char **, char **));
int in_tkt __P((char *, char *));
+int k_gethostname __P((char *, int ));
int k_isinst __P((char *));
int k_isname __P((char *));
int k_isrealm __P((char *));
int kname_parse __P((char *, char *, char *, char *));
-int krb_create_ticket __P((KTEXT, unsigned char, char *, char *, char *, int32_t, char *, int16_t, int32_t, char *, char *, des_cblock *));
-int krb_get_admhst __P((char *, char *, int));
+int krb_parse_name __P((const char*, krb_principal*));
+char *krb_unparse_name __P((krb_principal*));
+char *krb_unparse_name_r __P((krb_principal*, char*));
+char *krb_unparse_name_long __P((char*, char*, char*));
+char *krb_unparse_name_long_r __P((char *name, char *instance, char *realm, char *fullname));
+int krb_create_ticket __P((KTEXT, unsigned char, char *, char *, char *, int32_t, void *, int16_t, int32_t, char *, char *, des_cblock *));
int krb_get_admhst __P((char *, char *, int));
int krb_get_cred __P((char *, char *, char *, CREDENTIALS *));
-int krb_get_in_tkt __P((char *, char *, char *, char *, char *, int , int (*key_proc) (/* ??? */), int (*decrypt_proc) (/* ??? */), char *));
-int krb_get_krbhst __P((char *, char *, int));
-int krb_get_krbhst __P((char *, char *, int));
+
+typedef int (*key_proc_t) __P((char*, char*, char*, void*, des_cblock*));
+
+typedef int (*decrypt_proc_t) __P((char*, char*, char*, void*,
+ key_proc_t, KTEXT*));
+
+int krb_mk_as_req __P((char*, char*, char*, char*, char*, int, KTEXT));
+int krb_decode_as_rep __P((char*, char*, char*, char*, char*,
+ key_proc_t, decrypt_proc_t, void*,
+ KTEXT, CREDENTIALS*));
+int krb_get_in_tkt __P((char*, char*, char*, char*, char*, int, key_proc_t,
+ decrypt_proc_t, void*));
+
+int srvtab_to_key __P((char *, char *, char *, void *, des_cblock *));
+int passwd_to_key __P((char *, char *, char *, void *, des_cblock *));
+int passwd_to_afskey __P((char *, char *, char *, void *, des_cblock *));
+
int krb_get_krbhst __P((char *, char *, int));
int krb_get_lrealm __P((char *, int));
+char *krb_get_default_realm __P((void));
int krb_get_pw_in_tkt __P((char *, char *, char *, char *, char *, int, char *));
int krb_get_svc_in_tkt __P((char *, char *, char *, char *, char *, int, char *));
int krb_get_tf_fullname __P((char *, char *, char *, char *));
int krb_get_tf_realm __P((char *, char *));
int krb_kntoln __P((AUTH_DAT *, char *));
int krb_mk_req __P((KTEXT , char *, char *, char *, int32_t));
-int krb_net_read __P((int , char *, int));
-int krb_net_write __P((int , char *, int));
+int krb_net_read __P((int , void *, size_t));
+int krb_net_write __P((int , const void *, size_t));
int krb_rd_err __P((u_char *, u_int32_t, int32_t *, MSG_DAT *));
int krb_rd_req __P((KTEXT , char *, char *, int32_t, AUTH_DAT *, char *));
int krb_recvauth __P((int32_t, int, KTEXT, char *, char *, struct sockaddr_in *, struct sockaddr_in *, AUTH_DAT *, char *, struct des_ks_struct *, char *));
int krb_sendauth __P((int32_t, int, KTEXT, char *, char *, char *, u_int32_t, MSG_DAT *, CREDENTIALS *, struct des_ks_struct *, struct sockaddr_in *, struct sockaddr_in *, char *));
-int krb_set_key __P((char *, int));
+int krb_mk_auth __P((int32_t, KTEXT, char *, char *, char *, u_int32_t, char *, KTEXT));
+int krb_check_auth __P((KTEXT, u_int32_t, MSG_DAT *, des_cblock *, struct des_ks_struct *, struct sockaddr_in *, struct sockaddr_in *));
+int krb_set_key __P((void *, int));
int krb_set_lifetime __P((int));
+int krb_kuserok __P((char *, char *, char *, char *));
int kuserok __P((AUTH_DAT *, char *));
int read_service_key __P((char *, char *, char *, int , char *, char *));
int save_credentials __P((char *, char *, char *, unsigned char *, int , int , KTEXT , int32_t));
int send_to_kdc __P((KTEXT , KTEXT , char *));
int32_t krb_mk_err __P((u_char *, int32_t, char *));
-int32_t krb_mk_safe __P((u_char *, u_char *, u_int32_t, des_cblock *, struct sockaddr_in *, struct sockaddr_in *));
-int32_t krb_rd_safe __P((u_char *, u_int32_t, des_cblock *, struct sockaddr_in *, struct sockaddr_in *, MSG_DAT *));
+int32_t krb_mk_safe __P((void *, void *, u_int32_t, des_cblock *, struct sockaddr_in *, struct sockaddr_in *));
+int32_t krb_rd_safe __P((void *, u_int32_t, des_cblock *, struct sockaddr_in *, struct sockaddr_in *, MSG_DAT *));
void ad_print __P((AUTH_DAT *));
void cr_err_reply __P((KTEXT, char *, char *, char *, u_int32_t, u_int32_t, char *));
void extract_ticket __P((KTEXT, int, char *, int *, int *, char *, KTEXT));
-void krb_set_tkt_string __P((char *));
+void krb_set_tkt_string __P((const char *));
-void kset_logfile __P((char *));
-void set_logfile __P((char *));
-
-void log ();
-char *klog ();
+int krb_get_default_principal __P((char *, char *, char *));
+int krb_realm_parse __P((char *, int));
+int krb_verify_user __P((char*, char*, char*, char*, int, char *));
int getst __P((int, char *, int));
+const char *month_sname __P((int));
+const char *krb_stime __P((time_t *));
+struct tm;
+int krb_check_tm __P((struct tm));
+
+int krb_get_int __P((void *from, u_int32_t *to, int size, int lsb));
+int krb_put_int __P((u_int32_t from, void *to, int size));
+int krb_get_address __P((void *from, u_int32_t *to));
+int krb_put_address __P((u_int32_t addr, void *to));
+int krb_put_string __P((char *from, void *to));
+int krb_get_string __P((void *from, char *to));
+int krb_get_nir __P((void *from, char *name, char *instance, char *realm));
+int krb_put_nir __P((char *name, char *instance, char *realm, void *to));
+
+/* XXX - this should really be somewhere else (from libroken)*/
+char *strtok_r __P((char *s1, const char *s2, char **lasts));
+int base64_encode __P((const void *data, int size, char **str));
+int base64_decode __P((const char *str, void *data));
+
+#if !defined(__GNUC__) && !defined(__attribute__)
+#define __attribute__(x)
+#endif
+
+int asprintf (char **ret, const char *format, ...)
+ __attribute__ ((format (printf, 2, 3)));
+
+__END_DECLS
-#endif /* KRB_DEFS */
+#endif /* __KRB_H__ */
diff --git a/kerberosIV/include/klog.h b/kerberosIV/include/klog.h
index 7053d77278e..331ed34bfef 100644
--- a/kerberosIV/include/klog.h
+++ b/kerberosIV/include/klog.h
@@ -1,6 +1,6 @@
-/* $Id: klog.h,v 1.1 1995/12/14 06:52:34 tholo Exp $ */
+/* $KTH: klog.h,v 1.5 1997/05/11 11:05:28 assar Exp $ */
-/*-
+/*
* Copyright 1988 by the Massachusetts Institute of Technology.
*
* For copying and distribution information, please see the file
@@ -13,6 +13,12 @@
#ifndef KLOG_DEFS
#define KLOG_DEFS
+#ifndef KRBLOG
+#define KRBLOG "/var/log/kerberos.log" /* master server */
+#endif
+#ifndef KRBSLAVELOG
+#define KRBSLAVELOG "/var/log/kerberos_slave.log" /* slave server */
+#endif
#define NLOGTYPE 100 /* Maximum number of log msg types */
#define L_NET_ERR 1 /* Error in network code */
@@ -32,6 +38,10 @@
#define L_APPL_REQ 15 /* Application requests (using tgt) */
#define L_KRB_PWARN 16 /* Protocol warning messages */
-char *klog();
+char * klog __P((int type, const char *format, ...))
+#ifdef __GNUC__
+__attribute__ ((format (printf, 2, 3)))
+#endif
+;
#endif /* KLOG_DEFS */
diff --git a/kerberosIV/include/krb_log.h b/kerberosIV/include/krb_log.h
new file mode 100644
index 00000000000..53e846d70f1
--- /dev/null
+++ b/kerberosIV/include/krb_log.h
@@ -0,0 +1,83 @@
+/* $KTH krb_log.h,v 1.2 1997/09/26 17:40:33 joda Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <kerberosIV/krb.h>
+
+#ifndef __KRB_LOG_H__
+#define __KRB_LOG_H__
+
+#if !defined(__GNUC__) && !defined(__attribute__)
+#define __attribute__(X)
+#endif
+
+__BEGIN_DECLS
+
+/* logging.c */
+
+typedef int (*krb_log_func_t) __P((FILE *, const char *, va_list));
+
+typedef krb_log_func_t krb_warnfn_t;
+
+struct krb_log_facility;
+
+int krb_vlogger __P((struct krb_log_facility*, const char *, va_list))
+ __attribute__ ((format (printf, 2, 0)));
+int krb_logger __P((struct krb_log_facility*, const char *, ...))
+ __attribute__ ((format (printf, 2, 3)));
+int krb_openlog __P((struct krb_log_facility*, char*, FILE*, krb_log_func_t));
+
+void krb_set_warnfn __P((krb_warnfn_t));
+krb_warnfn_t krb_get_warnfn __P((void));
+void krb_warning __P((const char*, ...))
+ __attribute__ ((format (printf, 1, 2)));
+
+void kset_logfile __P((char*));
+void krb_log __P((const char*, ...))
+ __attribute__ ((format (printf, 1, 2)));
+char *klog __P((int, const char*, ...))
+ __attribute__ ((format (printf, 2, 3)));
+
+__END_DECLS
+
+#endif /* __KRB_LOG_H__ */
+
+
+
+
diff --git a/kerberosIV/include/kuser_locl.h b/kerberosIV/include/kuser_locl.h
index 15f24c285de..c15ee92591b 100644
--- a/kerberosIV/include/kuser_locl.h
+++ b/kerberosIV/include/kuser_locl.h
@@ -1,6 +1,47 @@
-/* $Id: kuser_locl.h,v 1.1 1995/12/14 06:52:33 tholo Exp $ */
+/* $Id: kuser_locl.h,v 1.2 1997/11/28 12:48:39 art Exp $ */
+/* $KTH: kuser_locl.h,v 1.10 1997/05/20 18:40:43 bg Exp $ */
-#include "kerberosIV/site.h"
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+
+#include <kerberosIV/site.h>
#include <stdio.h>
#include <stdlib.h>
@@ -12,8 +53,17 @@
#include <fcntl.h>
#include <time.h>
#include <sys/file.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
#include <pwd.h>
+#include <err.h>
+
#include <kerberosIV/krb.h>
+#include <kerberosIV/krb_db.h>
+#include <kerberosIV/kadm.h>
#include <prot.h>
+
+
+
diff --git a/kerberosIV/include/prot.h b/kerberosIV/include/prot.h
index 4a0a29ae101..629ea104e2f 100644
--- a/kerberosIV/include/prot.h
+++ b/kerberosIV/include/prot.h
@@ -1,6 +1,6 @@
-/* $Id: prot.h,v 1.1 1995/12/14 06:52:33 tholo Exp $ */
+/* $KTH: prot.h,v 1.7 1997/03/23 03:52:27 joda Exp $ */
-/*-
+/*
* Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
* of Technology.
*
@@ -13,12 +13,12 @@
#ifndef PROT_DEFS
#define PROT_DEFS
+#define KRB_SERVICE "kerberos-iv"
#define KRB_PORT 750 /* PC's don't have
* /etc/services */
#define KRB_PROT_VERSION 4
#define MAX_PKT_LEN 1000
#define MAX_TXT_LEN 1000
-#define TICKET_GRANTING_TICKET "krbtgt"
/* Macro's to obtain various fields from a packet */
@@ -57,8 +57,12 @@
/* Routines to create and read packets may be found in prot.c */
-KTEXT create_auth_reply();
-KTEXT create_death_packet();
+KTEXT create_auth_reply(char *pname, char *pinst, char *prealm,
+ int32_t time_ws, int n, u_int32_t x_date,
+ int kvno, KTEXT cipher);
+#ifdef DEBUG
+KTEXT krb_create_death_packet(char *a_name);
+#endif
/* Message types , always leave lsb for byte order */
@@ -70,6 +74,8 @@ KTEXT create_death_packet();
#define AUTH_MSG_PRIVATE 6<<1
#define AUTH_MSG_SAFE 7<<1
#define AUTH_MSG_APPL_ERR 8<<1
+#define AUTH_MSG_KDC_FORWARD 9<<1
+#define AUTH_MSG_KDC_RENEW 10<<1
#define AUTH_MSG_DIE 63<<1
/* values for kerb error codes */
@@ -85,5 +91,15 @@ KTEXT create_death_packet();
#define KERB_ERR_PRINCIPAL_UNKNOWN 8
#define KERB_ERR_PRINCIPAL_NOT_UNIQUE 9
#define KERB_ERR_NULL_KEY 10
+#define KERB_ERR_TIMEOUT 11
+
+/* sendauth - recvauth */
+
+/*
+ * If the protocol changes, you will need to change the version string
+ * be sure to support old versions of krb_sendauth!
+ */
+
+#define KRB_SENDAUTH_VERS "AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN chars */
#endif /* PROT_DEFS */
diff --git a/kerberosIV/kafs/Makefile b/kerberosIV/kafs/Makefile
index bfe28c1326e..10122fcfe1c 100644
--- a/kerberosIV/kafs/Makefile
+++ b/kerberosIV/kafs/Makefile
@@ -1,6 +1,7 @@
-# $Id: Makefile,v 1.1 1995/12/14 06:52:46 tholo Exp $
+# $Id: Makefile,v 1.2 1997/11/28 12:48:42 art Exp $
LIB= kafs
-SRCS= afssys.c
+CFLAGS+=-I${.CURDIR} -DNO_AFS
+SRCS= afskrb.c afssys.c common.c
.include <bsd.lib.mk>
diff --git a/kerberosIV/kafs/afskrb.c b/kerberosIV/kafs/afskrb.c
new file mode 100644
index 00000000000..d6809e541ed
--- /dev/null
+++ b/kerberosIV/kafs/afskrb.c
@@ -0,0 +1,112 @@
+/* $KTH: afskrb.c,v 1.8 1997/10/14 23:00:39 joda Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kafs_locl.h"
+
+struct krb_kafs_data {
+ const char *realm;
+};
+
+static int
+get_cred(kafs_data *data, const char *name, const char *inst,
+ const char *realm, CREDENTIALS *c)
+{
+ KTEXT_ST tkt;
+ int ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, c);
+
+ if (ret) {
+ ret = krb_mk_req(&tkt, (char*)name, (char*)inst, (char*)realm, 0);
+ if (ret == KSUCCESS)
+ ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, c);
+ }
+ return ret;
+}
+
+static int
+afslog_uid_int(kafs_data *data, const char *cell, uid_t uid)
+{
+ int ret;
+ CREDENTIALS c;
+ struct krb_kafs_data *d = data->data;
+ char realm[REALM_SZ], *lrealm;
+
+ if (cell == 0 || cell[0] == 0)
+ return _kafs_afslog_all_local_cells (data, uid);
+
+ ret = krb_get_lrealm(realm , 0);
+ if(ret == KSUCCESS && (d->realm == NULL || strcmp(d->realm, realm)))
+ lrealm = realm;
+ else
+ lrealm = NULL;
+
+ ret = _kafs_get_cred(data, cell, d->realm, lrealm, &c);
+
+ if(ret == 0)
+ ret = kafs_settoken(cell, uid, &c);
+ return ret;
+}
+
+static char *
+get_realm(kafs_data *data, const char *host)
+{
+ char *r = krb_realmofhost(host);
+ if(r)
+ return strdup(r);
+ return NULL;
+}
+
+int
+krb_afslog_uid(const char *cell, const char *realm, uid_t uid)
+{
+ kafs_data kd;
+ struct krb_kafs_data d;
+ kd.afslog_uid = afslog_uid_int;
+ kd.get_cred = get_cred;
+ kd.get_realm = get_realm;
+ kd.data = &d;
+ d.realm = realm;
+ return afslog_uid_int(&kd, cell, uid);
+}
+
+int
+krb_afslog(const char *cell, const char *realm)
+{
+ return krb_afslog_uid (cell, realm, getuid());
+}
diff --git a/kerberosIV/kafs/afssys.c b/kerberosIV/kafs/afssys.c
index 2c831e41abf..eb849791abc 100644
--- a/kerberosIV/kafs/afssys.c
+++ b/kerberosIV/kafs/afssys.c
@@ -1,302 +1,220 @@
-/* $Id: afssys.c,v 1.2 1996/09/16 03:18:08 tholo Exp $ */
-
-#include <sys/types.h>
-#include <sys/ioctl.h>
-#include <signal.h>
-#include <setjmp.h>
-#include <errno.h>
-#include <string.h>
-#include <unistd.h>
-
-#include <kerberosIV/krb.h>
-#include <kerberosIV/kafs.h>
-
-#include "afssysdefs.h"
-
-#define AUTH_SUPERUSER "afs"
+/* $KTH: afssys.c,v 1.53 1997/05/04 02:30:41 assar Exp $ */
/*
- * Here only ASCII characters are relevant.
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
-#define IsAsciiUpper(c) ('A' <= (c) && (c) <= 'Z')
-
-#define ToAsciiLower(c) ((c) - 'A' + 'a')
-
-static void
-folddown(a, b)
- char *a, *b;
-{
- for (; *b; a++, b++)
- if (IsAsciiUpper(*b))
- *a = ToAsciiLower(*b);
- else
- *a = *b;
- *a = '\0';
-}
-
-#if !defined(linux) /* won't work there -- no SIGSYS, no syscall */
-
-int
-k_afsklog(realm)
- char *realm;
-{
- int k_errno;
- CREDENTIALS c;
- KTEXT_ST ticket;
- char username[256];
- char krealm[REALM_SZ];
-
- if (!k_hasafs())
- return KSUCCESS;
-
- if (realm == 0 || realm[0] == 0)
- {
- k_errno = krb_get_lrealm(krealm, 0);
- if (k_errno != KSUCCESS)
- return k_errno;
- realm = krealm;
- }
-
- k_errno = krb_get_cred(AUTH_SUPERUSER, "", realm, &c);
- if (k_errno != KSUCCESS)
- {
- k_errno = krb_mk_req(&ticket, AUTH_SUPERUSER, "", realm, 0);
- if (k_errno == KSUCCESS)
- k_errno = krb_get_cred(AUTH_SUPERUSER, "", realm, &c);
- }
-
- if (k_errno == KSUCCESS)
- {
- char cell[256];
- struct ViceIoctl parms;
- struct ClearToken ct;
- int32_t sizeof_x;
- char buf[2048], *t;
-
- folddown(cell, realm);
-
- /*
- * Build a struct ClearToken
- */
- ct.AuthHandle = c.kvno;
- bcopy((char *)c.session, ct.HandShakeKey, sizeof(c.session));
- ct.ViceId = getuid(); /* is this always valid? */
- ct.BeginTimestamp = 1 + c.issue_date;
- ct.EndTimestamp = krb_life_to_time(c.issue_date, c.lifetime);
-
- t = buf;
- /*
- * length of secret token followed by secret token
- */
- sizeof_x = c.ticket_st.length;
- bcopy((char *)&sizeof_x, t, sizeof(sizeof_x));
- t += sizeof(sizeof_x);
- bcopy((char *)c.ticket_st.dat, t, sizeof_x);
- t += sizeof_x;
- /*
- * length of clear token followed by clear token
- */
- sizeof_x = sizeof(ct);
- bcopy((char *)&sizeof_x, t, sizeof(sizeof_x));
- t += sizeof(sizeof_x);
- bcopy((char *)&ct, t, sizeof_x);
- t += sizeof_x;
-
- /*
- * do *not* mark as primary cell
- */
- sizeof_x = 0;
- bcopy((char *)&sizeof_x, t, sizeof(sizeof_x));
- t += sizeof(sizeof_x);
- /*
- * follow with cell name
- */
- sizeof_x = strlen(cell) + 1;
- bcopy(cell, t, sizeof_x);
- t += sizeof_x;
-
- /*
- * Build argument block
- */
- parms.in = buf;
- parms.in_size = t - buf;
- parms.out = 0;
- parms.out_size = 0;
- (void) k_pioctl(0, VIOCSETTOK, &parms, 0);
- }
- return k_errno;
-}
+#include "kafs_locl.h"
#define NO_ENTRY_POINT 0
#define SINGLE_ENTRY_POINT 1
#define MULTIPLE_ENTRY_POINT 2
#define SINGLE_ENTRY_POINT2 3
-#define AIX_ENTRY_POINTS 4
-#define UNKNOWN_ENTRY_POINT 5
+#define SINGLE_ENTRY_POINT3 4
+#define AIX_ENTRY_POINTS 5
+#define UNKNOWN_ENTRY_POINT 6
static int afs_entry_point = UNKNOWN_ENTRY_POINT;
+static int afs_syscalls[2];
+
int
-k_pioctl(a_path, o_opcode, a_paramsP, a_followSymlinks)
- char *a_path;
- int o_opcode;
- struct ViceIoctl *a_paramsP;
- int a_followSymlinks;
+k_pioctl(char *a_path,
+ int o_opcode,
+ struct ViceIoctl *a_paramsP,
+ int a_followSymlinks)
{
-#ifdef AFS_SYSCALL
- if (afs_entry_point == SINGLE_ENTRY_POINT)
- return syscall(AFS_SYSCALL, AFSCALL_PIOCTL,
- a_path, o_opcode, a_paramsP, a_followSymlinks);
+#ifndef NO_AFS
+ switch(afs_entry_point){
+#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3)
+ case SINGLE_ENTRY_POINT:
+ case SINGLE_ENTRY_POINT2:
+ case SINGLE_ENTRY_POINT3:
+ return syscall(afs_syscalls[0], AFSCALL_PIOCTL,
+ a_path, o_opcode, a_paramsP, a_followSymlinks);
#endif
-
-#ifdef AFS_PIOCTL
- if (afs_entry_point == MULTIPLE_ENTRY_POINT)
- return syscall(AFS_PIOCTL,
- a_path, o_opcode, a_paramsP, a_followSymlinks);
+#if defined(AFS_PIOCTL)
+ case MULTIPLE_ENTRY_POINT:
+ return syscall(afs_syscalls[0],
+ a_path, o_opcode, a_paramsP, a_followSymlinks);
#endif
-
-#ifdef AFS_SYSCALL2
- if (afs_entry_point == SINGLE_ENTRY_POINT2)
- return syscall(AFS_SYSCALL2, AFSCALL_PIOCTL,
- a_path, o_opcode, a_paramsP, a_followSymlinks);
-#endif
-
-#ifdef _AIX
- if (afs_entry_point == AIX_ENTRY_POINTS)
- return lpioctl(a_path, o_opcode, a_paramsP, a_followSymlinks);
-#endif
-
- errno = ENOSYS;
- kill(getpid(), SIGSYS); /* You loose! */
- return -1;
+ }
+
+ errno = ENOSYS;
+ kill(getpid(), SIGSYS); /* You loose! */
+#endif /* NO_AFS */
+ return -1;
}
int
-k_unlog()
+k_afs_cell_of_file(const char *path, char *cell, int len)
{
- struct ViceIoctl parms;
- bzero((char *)&parms, sizeof(parms));
- return k_pioctl(0, VIOCUNLOG, &parms, 0);
+ struct ViceIoctl parms;
+ parms.in = NULL;
+ parms.in_size = 0;
+ parms.out = cell;
+ parms.out_size = len;
+ return k_pioctl((char*)path, VIOC_FILE_CELL_NAME, &parms, 1);
}
int
-k_setpag()
+k_unlog(void)
{
-#ifdef AFS_SYSCALL
- if (afs_entry_point == SINGLE_ENTRY_POINT)
- return syscall(AFS_SYSCALL, AFSCALL_SETPAG);
-#endif
-
-#ifdef AFS_SETPAG
- if (afs_entry_point == MULTIPLE_ENTRY_POINT)
- return syscall(AFS_SETPAG);
-#endif
+ struct ViceIoctl parms;
+ memset(&parms, 0, sizeof(parms));
+ return k_pioctl(0, VIOCUNLOG, &parms, 0);
+}
-#ifdef AFS_SYSCALL2
- if (afs_entry_point == SINGLE_ENTRY_POINT2)
- return syscall(AFS_SYSCALL2, AFSCALL_SETPAG);
+int
+k_setpag(void)
+{
+#ifndef NO_AFS
+ switch(afs_entry_point){
+#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3)
+ case SINGLE_ENTRY_POINT:
+ case SINGLE_ENTRY_POINT2:
+ case SINGLE_ENTRY_POINT3:
+ return syscall(afs_syscalls[0], AFSCALL_SETPAG);
#endif
-
-#ifdef _AIX
- if (afs_entry_point == AIX_ENTRY_POINTS)
- return lsetpag();
+#if defined(AFS_PIOCTL)
+ case MULTIPLE_ENTRY_POINT:
+ return syscall(afs_syscalls[1]);
#endif
-
- errno = ENOSYS;
- kill(getpid(), SIGSYS); /* You loose! */
- return -1;
+ }
+
+ errno = ENOSYS;
+ kill(getpid(), SIGSYS); /* You loose! */
+#endif /* NO_AFS */
+ return -1;
}
-#endif /* defined(linux) */
+
static jmp_buf catch_SIGSYS;
-static void
-SIGSYS_handler()
+void
+SIGSYS_handler(int sig)
{
- errno = 0;
- longjmp(catch_SIGSYS, 1);
+ errno = 0;
+ longjmp(catch_SIGSYS, 1);
}
int
-k_hasafs()
+k_hasafs(void)
{
- int saved_errno;
- void (*saved_func)();
- struct ViceIoctl parms;
+ int saved_errno;
+ void (*saved_func)();
+ struct ViceIoctl parms;
-#if defined(linux)
- return 0;
-#else
- /*
- * Already checked presence of AFS syscalls?
- */
- if (afs_entry_point != UNKNOWN_ENTRY_POINT)
- return afs_entry_point != NO_ENTRY_POINT;
-
- /*
- * Probe kernel for AFS specific syscalls,
- * they (currently) come in two flavors.
- * If the syscall is absent we recive a SIGSYS.
- */
- afs_entry_point = NO_ENTRY_POINT;
- bzero(&parms, sizeof(parms));
+ /*
+ * Already checked presence of AFS syscalls?
+ */
+ if (afs_entry_point != UNKNOWN_ENTRY_POINT)
+ return afs_entry_point != NO_ENTRY_POINT;
+
+ /*
+ * Probe kernel for AFS specific syscalls,
+ * they (currently) come in two flavors.
+ * If the syscall is absent we recive a SIGSYS.
+ */
+ afs_entry_point = NO_ENTRY_POINT;
+ memset(&parms, 0, sizeof(parms));
- saved_errno = errno;
- saved_func = signal(SIGSYS, SIGSYS_handler);
+ saved_errno = errno;
+#ifndef NO_AFS
+ saved_func = signal(SIGSYS, SIGSYS_handler);
#ifdef AFS_SYSCALL
- if (setjmp(catch_SIGSYS) == 0)
- {
- syscall(AFS_SYSCALL, AFSCALL_PIOCTL,
- 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
- if (errno == EINVAL)
+ if (setjmp(catch_SIGSYS) == 0)
{
- afs_entry_point = SINGLE_ENTRY_POINT;
- goto done;
+ syscall(AFS_SYSCALL, AFSCALL_PIOCTL,
+ 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
+ if (errno == EINVAL)
+ {
+ afs_entry_point = SINGLE_ENTRY_POINT;
+ afs_syscalls[0] = AFS_SYSCALL;
+ goto done;
+ }
}
- }
#endif /* AFS_SYSCALL */
#ifdef AFS_PIOCTL
- if (setjmp(catch_SIGSYS) == 0)
- {
- syscall(AFS_PIOCTL,
- 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
- if (errno == EINVAL)
+ if (setjmp(catch_SIGSYS) == 0)
{
- afs_entry_point = MULTIPLE_ENTRY_POINT;
- goto done;
+ syscall(AFS_PIOCTL,
+ 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
+ if (errno == EINVAL)
+ {
+ afs_entry_point = MULTIPLE_ENTRY_POINT;
+ afs_syscalls[0] = AFS_PIOCTL;
+ afs_syscalls[1] = AFS_SETPAG;
+ goto done;
+ }
}
- }
#endif /* AFS_PIOCTL */
#ifdef AFS_SYSCALL2
- if (setjmp(catch_SIGSYS) == 0)
- {
- syscall(AFS_SYSCALL2, AFSCALL_PIOCTL,
- 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
- if (errno == EINVAL)
+ if (setjmp(catch_SIGSYS) == 0)
{
- afs_entry_point = SINGLE_ENTRY_POINT2;
- goto done;
+ syscall(AFS_SYSCALL2, AFSCALL_PIOCTL,
+ 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
+ if (errno == EINVAL)
+ {
+ afs_entry_point = SINGLE_ENTRY_POINT2;
+ afs_syscalls[0] = AFS_SYSCALL2;
+ goto done;
+ }
}
- }
#endif /* AFS_SYSCALL */
-#ifdef _AIX
- if (setjmp(catch_SIGSYS) == 0)
- {
- lpioctl(0, 0, 0, 0);
- if (errno == EINVAL)
+#ifdef AFS_SYSCALL3
+ if (setjmp(catch_SIGSYS) == 0)
{
- afs_entry_point = AIX_ENTRY_POINTS;
- goto done;
+ syscall(AFS_SYSCALL3, AFSCALL_PIOCTL,
+ 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
+ if (errno == EINVAL)
+ {
+ afs_entry_point = SINGLE_ENTRY_POINT3;
+ afs_syscalls[0] = AFS_SYSCALL3;
+ goto done;
+ }
}
- }
-#endif
+#endif /* AFS_SYSCALL */
- done:
- (void) signal(SIGSYS, saved_func);
- errno = saved_errno;
- return afs_entry_point != NO_ENTRY_POINT;
-#endif /* linux */
+done:
+ signal(SIGSYS, saved_func);
+#endif /* NO_AFS */
+ errno = saved_errno;
+ return afs_entry_point != NO_ENTRY_POINT;
}
diff --git a/kerberosIV/kafs/afssysdefs.h b/kerberosIV/kafs/afssysdefs.h
index 2920141794e..7aa113d6f78 100644
--- a/kerberosIV/kafs/afssysdefs.h
+++ b/kerberosIV/kafs/afssysdefs.h
@@ -1,29 +1,71 @@
-/* $Id: afssysdefs.h,v 1.1 1995/12/14 06:52:46 tholo Exp $ */
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: afssysdefs.h,v 1.2 1997/11/28 12:48:43 art Exp $ */
/*
* This section is for machines using single entry point AFS syscalls!
- * or
+ * and/or
* This section is for machines using multiple entry point AFS syscalls!
+ *
+ * SunOS 4 is an example of single entry point and sgi of multiple
+ * entry point syscalls.
*/
-#if defined(sun) && !defined(__svr4__)
+#if SunOS == 4
#define AFS_SYSCALL 31
#endif
-#if defined(sun) && defined(__svr4__)
+#if SunOS == 5
#define AFS_SYSCALL 105
#endif
-#if defined(hpux)
+#if defined(__hpux)
#define AFS_SYSCALL 50
#define AFS_SYSCALL2 49
+#define AFS_SYSCALL3 48
#endif
#if defined(_AIX)
/* _AIX is too weird */
#endif
-#if defined(sgi)
+#if defined(__sgi)
#define AFS_PIOCTL (64+1000)
#define AFS_SETPAG (65+1000)
#endif
@@ -32,3 +74,15 @@
#define AFS_SYSCALL 232
#define AFS_SYSCALL2 258
#endif
+
+#if defined(__ultrix)
+#define AFS_SYSCALL 31
+#endif
+
+#if defined(__NetBSD__)
+#define AFS_SYSCALL 210
+#endif
+
+#ifdef SYS_afs_syscall
+#define AFS_SYSCALL3 SYS_afs_syscall
+#endif
diff --git a/kerberosIV/kafs/common.c b/kerberosIV/kafs/common.c
new file mode 100644
index 00000000000..c7f2061a4aa
--- /dev/null
+++ b/kerberosIV/kafs/common.c
@@ -0,0 +1,340 @@
+/* $KTH: common.c,v 1.3 1997/11/03 20:35:24 bg Exp $ */
+
+/*
+ * Copyright (c) 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kafs_locl.h"
+
+#define AUTH_SUPERUSER "afs"
+
+/*
+ * Here only ASCII characters are relevant.
+ */
+
+#define IsAsciiLower(c) ('a' <= (c) && (c) <= 'z')
+
+#define ToAsciiUpper(c) ((c) - 'a' + 'A')
+
+static void
+foldup(char *a, const char *b)
+{
+ for (; *b; a++, b++)
+ if (IsAsciiLower(*b))
+ *a = ToAsciiUpper(*b);
+ else
+ *a = *b;
+ *a = '\0';
+}
+
+int
+kafs_settoken(const char *cell, uid_t uid, CREDENTIALS *c)
+{
+ struct ViceIoctl parms;
+ struct ClearToken ct;
+ int32_t sizeof_x;
+ char buf[2048], *t;
+ int ret;
+
+ /*
+ * Build a struct ClearToken
+ */
+ ct.AuthHandle = c->kvno;
+ memcpy (ct.HandShakeKey, c->session, sizeof(c->session));
+ ct.ViceId = uid; /* is this always valid? */
+ ct.BeginTimestamp = 1 + c->issue_date;
+ ct.EndTimestamp = krb_life_to_time(c->issue_date, c->lifetime);
+
+#define ODD(x) ((x) & 1)
+ /* If we don't know the numerical ID lifetime should be even? */
+ if (uid == 0 && ODD(ct.EndTimestamp - ct.BeginTimestamp))
+ ct.BeginTimestamp--;
+
+ t = buf;
+ /*
+ * length of secret token followed by secret token
+ */
+ sizeof_x = c->ticket_st.length;
+ memcpy(t, &sizeof_x, sizeof(sizeof_x));
+ t += sizeof(sizeof_x);
+ memcpy(t, c->ticket_st.dat, sizeof_x);
+ t += sizeof_x;
+ /*
+ * length of clear token followed by clear token
+ */
+ sizeof_x = sizeof(ct);
+ memcpy(t, &sizeof_x, sizeof(sizeof_x));
+ t += sizeof(sizeof_x);
+ memcpy(t, &ct, sizeof_x);
+ t += sizeof_x;
+
+ /*
+ * do *not* mark as primary cell
+ */
+ sizeof_x = 0;
+ memcpy(t, &sizeof_x, sizeof(sizeof_x));
+ t += sizeof(sizeof_x);
+ /*
+ * follow with cell name
+ */
+ sizeof_x = strlen(cell) + 1;
+ memcpy(t, cell, sizeof_x);
+ t += sizeof_x;
+
+ /*
+ * Build argument block
+ */
+ parms.in = buf;
+ parms.in_size = t - buf;
+ parms.out = 0;
+ parms.out_size = 0;
+ ret = k_pioctl(0, VIOCSETTOK, &parms, 0);
+ return ret;
+}
+
+#if 0
+/* Try to get a db-server for an AFS cell from a AFSDB record */
+
+static int
+dns_find_cell(const char *cell, char *dbserver)
+{
+ struct dns_reply *r;
+ int ok = -1;
+ r = dns_lookup(cell, "afsdb");
+ if(r){
+ struct resource_record *rr = r->head;
+ while(rr){
+ if(rr->type == T_AFSDB && rr->u.afsdb->preference == 1){
+ strncpy(dbserver, rr->u.afsdb->domain, MAXHOSTNAMELEN);
+ dbserver[MaxHostNameLen - 1] = 0;
+ ok = 0;
+ break;
+ }
+ rr = rr->next;
+ }
+ dns_free_data(r);
+ }
+ return ok;
+}
+#endif
+
+
+/*
+ * Try to find the cells we should try to klog to in "file".
+ */
+static void
+find_cells(char *file, char ***cells, int *index)
+{
+ FILE *f;
+ char cell[64];
+ int i;
+ f = fopen(file, "r");
+ if (f == NULL)
+ return;
+ while (fgets(cell, sizeof(cell), f)) {
+ char *nl = strchr(cell, '\n');
+ if (nl) *nl = 0;
+ for(i = 0; i < *index; i++)
+ if(strcmp((*cells)[i], cell) == 0)
+ break;
+ if(i == *index){
+ *cells = realloc(*cells, (*index + 1) * sizeof(**cells));
+ (*cells)[(*index)++] = strdup(cell);
+ }
+ }
+ fclose(f);
+}
+
+/*
+ * Get tokens for all cells[]
+ */
+static int
+afslog_cells(kafs_data *data, char **cells, int max, uid_t uid)
+{
+ int ret = 0;
+ int i;
+ for(i = 0; i < max; i++)
+ ret = (*data->afslog_uid)(data, cells[i], uid);
+ return ret;
+}
+
+int
+_kafs_afslog_all_local_cells(kafs_data *data, uid_t uid)
+{
+ int ret;
+ char **cells = NULL;
+ int index = 0;
+
+ char *p;
+
+ if ((p = getenv("HOME"))) {
+ char home[MAXPATHLEN];
+ snprintf(home, sizeof(home), "%s/.TheseCells", p);
+ find_cells(home, &cells, &index);
+ }
+ find_cells(_PATH_THESECELLS, &cells, &index);
+ find_cells(_PATH_THISCELL, &cells, &index);
+
+ ret = afslog_cells(data, cells, index, uid);
+ while(index > 0)
+ free(cells[--index]);
+ free(cells);
+ return ret;
+}
+
+
+/* Find the realm associated with cell. Do this by opening
+ /usr/vice/etc/CellServDB and getting the realm-of-host for the
+ first VL-server for the cell.
+
+ This does not work when the VL-server is living in one realm, but
+ the cell it is serving is living in another realm.
+
+ Return 0 on success, -1 otherwise.
+ */
+
+static int
+realm_of_cell(kafs_data *data, const char *cell, char **realm)
+{
+ FILE *F;
+ char buf[1024];
+ char *p;
+ int ret = -1;
+
+ if ((F = fopen(_PATH_CELLSERVDB, "r")))
+ {
+ while (fgets(buf, sizeof(buf), F))
+ {
+ if (buf[0] != '>')
+ continue; /* Not a cell name line, try next line */
+ if (strncmp(buf + 1, cell, strlen(cell)) == 0)
+ {
+ /*
+ * We found the cell name we're looking for.
+ * Read next line on the form ip-address '#' hostname
+ */
+ if (fgets(buf, sizeof(buf), F) == NULL)
+ break; /* Read failed, give up */
+ p = strchr(buf, '#');
+ if (p == NULL)
+ break; /* No '#', give up */
+ p++;
+ if (buf[strlen(buf) - 1] == '\n')
+ buf[strlen(buf) - 1] = 0;
+ *realm = (*data->get_realm)(data, p);
+ if (*realm && **realm != 0)
+ ret = 0;
+ break; /* Won't try any more */
+ }
+ }
+ fclose(F);
+ }
+#if 0
+ if (realm == NULL) {
+ if (dns_find_cell(cell, buf) == 0)
+ realm = krb_realmofhost(buf);
+ }
+#endif
+ return ret;
+}
+
+int
+_kafs_get_cred(kafs_data *data,
+ const char *cell,
+ const char *krealm,
+ const char *lrealm,
+ CREDENTIALS *c)
+{
+ int ret = -1;
+ char *vl_realm;
+ char CELL[64];
+
+ /* We're about to find the the realm that holds the key for afs in
+ * the specified cell. The problem is that null-instance
+ * afs-principals are common and that hitting the wrong realm might
+ * yield the wrong afs key. The following assumptions were made.
+ *
+ * Any realm passed to us is preferred.
+ *
+ * If there is a realm with the same name as the cell, it is most
+ * likely the correct realm to talk to.
+ *
+ * In most (maybe even all) cases the database servers of the cell
+ * will live in the realm we are looking for.
+ *
+ * Try the local realm, but if the previous cases fail, this is
+ * really a long shot.
+ *
+ */
+
+ /* comments on the ordering of these tests */
+
+ /* If the user passes a realm, she probably knows something we don't
+ * know and we should try afs@krealm (otherwise we're talking with a
+ * blondino and she might as well have it.)
+ */
+
+ if (krealm) {
+ ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, krealm, c);
+ if (ret == 0) return 0;
+ ret = (*data->get_cred)(data, AUTH_SUPERUSER, "", krealm, c);
+ }
+ if (ret == 0) return 0;
+
+ foldup(CELL, cell);
+
+ ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, CELL, c);
+ if (ret == 0) return 0;
+
+ ret = (*data->get_cred)(data, AUTH_SUPERUSER, "", CELL, c);
+ if (ret == 0) return 0;
+
+ /* this might work in some cases */
+ if (realm_of_cell(data, cell, &vl_realm) == 0) {
+ ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, vl_realm, c);
+ if (ret)
+ ret = (*data->get_cred)(data, AUTH_SUPERUSER, "", vl_realm, c);
+ free(vl_realm);
+ if (ret == 0) return 0;
+ }
+
+ if (lrealm)
+ ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, lrealm, c);
+ return ret;
+}
+
+
diff --git a/kerberosIV/kafs/shlib_version b/kerberosIV/kafs/shlib_version
index d9961ea9fef..3066b9771e7 100644
--- a/kerberosIV/kafs/shlib_version
+++ b/kerberosIV/kafs/shlib_version
@@ -1,2 +1,2 @@
-major=4
+major=5
minor=0
diff --git a/kerberosIV/kdb/kdb_locl.h b/kerberosIV/kdb/kdb_locl.h
index 0ea18e9e41b..2aa6670ab75 100644
--- a/kerberosIV/kdb/kdb_locl.h
+++ b/kerberosIV/kdb/kdb_locl.h
@@ -1,4 +1,43 @@
-/* $Id: kdb_locl.h,v 1.1 1995/12/14 06:52:37 tholo Exp $ */
+/* $Id: kdb_locl.h,v 1.2 1997/11/28 12:48:45 art Exp $ */
+/* $KTH: kdb_locl.h,v 1.9 1997/05/02 14:29:08 assar Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
#ifndef __kdb_locl_h
#define __kdb_locl_h
diff --git a/kerberosIV/kerberos/Makefile b/kerberosIV/kerberos/Makefile
index 455fe5ad922..8b16fd72bcc 100644
--- a/kerberosIV/kerberos/Makefile
+++ b/kerberosIV/kerberos/Makefile
@@ -1,9 +1,11 @@
# from @(#)Makefile 8.1 (Berkeley) 6/1/93
-# $Id: Makefile,v 1.1 1995/12/14 06:52:52 tholo Exp $
+# $Id: Makefile,v 1.2 1997/11/28 12:48:46 art Exp $
PROG= kerberos
DPADD= ${LIBKDB} ${LIBKRB} ${LIBDES}
LDADD= -lkdb -lkrb -ldes
MAN= kerberos.8
+CFLAGS+=-I${.CURDIR}
+
.include <bsd.prog.mk>
diff --git a/kerberosIV/kerberos/kerberos.c b/kerberosIV/kerberos/kerberos.c
index 9d0dbe42550..7f66aa55e65 100644
--- a/kerberosIV/kerberos/kerberos.c
+++ b/kerberosIV/kerberos/kerberos.c
@@ -1,103 +1,73 @@
-/* $Id: kerberos.c,v 1.5 1997/06/29 10:32:14 provos Exp $ */
+/* $KTH: kerberos.c,v 1.70 1997/09/26 18:06:38 joda Exp $ */
-/*-
- * Copyright 1987, 1988 by the Student Information Processing Board
- * of the Massachusetts Institute of Technology
+
+/*
+ * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
+ * of Technology.
*
- * Permission to use, copy, modify, and distribute this software
- * and its documentation for any purpose and without fee is
- * hereby granted, provided that the above copyright notice
- * appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation,
- * and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
- * used in advertising or publicity pertaining to distribution
- * of the software without specific, written prior permission.
- * M.I.T. and the M.I.T. S.I.P.B. make no representations about
- * the suitability of this software for any purpose. It is
- * provided "as is" without express or implied warranty.
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
*/
-#include "kerberosIV/site.h"
-
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <sys/types.h>
-
#include <sys/time.h>
#include <time.h>
-
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <sys/ioctl.h>
-
+#include <sys/select.h>
#include <errno.h>
#include <unistd.h>
-
+#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
-#include <sys/socket.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <sys/ioctl.h>
+#include <sys/filio.h>
#include <netdb.h>
+#include <stdarg.h>
+#include <err.h>
#include <des.h>
#include <kerberosIV/krb.h>
#include <kerberosIV/krb_db.h>
-
#include <prot.h>
-#include <klog.h>
-#include <kdc.h>
+#include "klog.h"
-static struct sockaddr_in sina = {AF_INET};
-int f;
-
-/* XXX several files in libkdb know about this */
-char *progname;
+#include "version.h"
+#include "krb_log.h"
+#include "kdc.h"
static des_key_schedule master_key_schedule;
static des_cblock master_key;
static struct timeval kerb_time;
-static Principal a_name_data; /* for requesting user */
-static Principal s_name_data; /* for services requested */
-static des_cblock session_key;
static u_char master_key_version;
static char k_instance[INST_SZ];
static char *lt;
static int more;
static int mflag; /* Are we invoked manually? */
-static int lflag; /* Have we set an alterate log file? */
-static char *log_file; /* name of alt. log file */
+static char *log_file = KRBLOG; /* name of alt. log file */
static int nflag; /* don't check max age */
static int rflag; /* alternate realm specified */
/* fields within the received request packet */
-static u_char req_msg_type;
-static u_char req_version;
static char *req_name_ptr;
static char *req_inst_ptr;
static char *req_realm_ptr;
-static u_long req_time_ws;
-
-int req_act_vno = KRB_PROT_VERSION; /* Temporary for version skew */
+static u_int32_t req_time_ws;
static char local_realm[REALM_SZ];
-/* statistics */
-static int q_bytes; /* current bytes remaining in queue */
-static int q_n; /* how many consecutive non-zero
- * q_bytes */
-static int max_q_bytes;
-static int max_q_n;
-static int n_auth_req;
-static int n_appl_req;
-static int n_packets;
-
+/* options */
static int max_age = -1;
static int pause_int = -1;
+static char progname[]="kerberos";
/*
* Print usage message and exit.
@@ -105,31 +75,31 @@ static int pause_int = -1;
static void
usage(void)
{
- fprintf(stderr, "Usage: %s [-s] [-m] [-n] [-p pause_seconds]%s%s\n", progname,
- " [-a max_age] [-l log_file] [-r realm]"
- ," [database_pathname]"
- );
+ fprintf(stderr, "Usage: %s [-s] [-m] [-n] [-p pause_seconds]"
+ " [-a max_age] [-l log_file] [-i address_to_listen_on]"
+ " [-r realm] [database_pathname]\n",
+ progname);
exit(1);
}
/*
- * kerb_er_reply creates an error reply packet and sends it to the
+ * kerb_err_reply creates an error reply packet and sends it to the
* client.
*/
static void
-kerb_err_reply(struct sockaddr_in *client, KTEXT pkt, long int err, char *string)
+kerb_err_reply(int f, struct sockaddr_in *client, int err, char *string)
{
static KTEXT_ST e_pkt_st;
KTEXT e_pkt = &e_pkt_st;
static char e_msg[128];
- bzero(e_msg, sizeof e_msg);
strcpy(e_msg, "\nKerberos error -- ");
strcat(e_msg, string);
cr_err_reply(e_pkt, req_name_ptr, req_inst_ptr, req_realm_ptr,
req_time_ws, err, e_msg);
- sendto(f, e_pkt->dat, e_pkt->length, 0, (struct sockaddr*)client, S_AD_SZ);
+ sendto(f, (char*)e_pkt->dat, e_pkt->length, 0, (struct sockaddr *)client,
+ sizeof(*client));
}
static void
@@ -141,9 +111,9 @@ hang(void)
pause();
} else {
char buf[256];
- (void) snprintf(buf, sizeof(buf),
- "Kerberos will wait %d seconds before dying so as not to loop init",
- pause_int);
+ snprintf(buf, sizeof(buf),
+ "Kerberos will wait %d seconds before dying so as not to loop init",
+ pause_int);
klog(L_KRB_PERR, buf);
sleep(pause_int);
klog(L_KRB_PERR, "Do svedania....\n");
@@ -151,29 +121,6 @@ hang(void)
}
}
-/*
- * Given a pointer to a long containing the number of seconds
- * since the beginning of time (midnight 1 Jan 1970 GMT), return
- * a string containing the local time in the form:
- *
- * "25-Jan-88 10:17:56"
- */
-
-static char *
-strtime(time_t *t)
-{
- static char st_data[40];
- static char *st = st_data;
- struct tm *tm;
- char *month_sname(int n);
-
- tm = localtime(t);
- (void) snprintf(st, sizeof(st_data), "%2d-%s-%02d %02d:%02d:%02d",
- tm->tm_mday, month_sname(tm->tm_mon + 1), tm->tm_year,
- tm->tm_hour, tm->tm_min, tm->tm_sec);
- return st;
-}
-
static int
check_princ(char *p_name, char *instance, unsigned int lifetime, Principal *p)
{
@@ -181,9 +128,6 @@ check_princ(char *p_name, char *instance, unsigned int lifetime, Principal *p)
static int more;
n = kerb_get_principal(p_name, instance, p, 1, &more);
- klog(L_ALL_REQ,
- "Principal: \"%s\", Instance: \"%s\" Lifetime = %d n = %d",
- p_name, instance, lifetime, n, 0);
if (n < 0) {
lt = klog(L_KRB_PERR, "Database unavailable!");
@@ -197,43 +141,47 @@ check_princ(char *p_name, char *instance, unsigned int lifetime, Principal *p)
*/
if (n == 0) {
/* service unknown, log error, skip to next request */
- lt = klog(L_ERR_UNK, "UNKNOWN \"%s\" \"%s\"", p_name,
- instance, 0);
+ lt = klog(L_ERR_UNK, "UNKNOWN %s.%s", p_name, instance);
return KERB_ERR_PRINCIPAL_UNKNOWN;
}
if (more) {
/* not unique, log error */
- lt = klog(L_ERR_NUN, "Principal NOT UNIQUE \"%s\" \"%s\"",
- p_name, instance, 0);
+ lt = klog(L_ERR_NUN, "Principal not unique %s.%s", p_name, instance);
return KERB_ERR_PRINCIPAL_NOT_UNIQUE;
}
/* If the user's key is null, we want to return an error */
if ((p->key_low == 0) && (p->key_high == 0)) {
/* User has a null key */
- lt = klog(L_ERR_NKY, "Null key \"%s\" \"%s\"", p_name,
- instance, 0);
+ lt = klog(L_ERR_NKY, "Null key %s.%s", p_name, instance);
return KERB_ERR_NULL_KEY;
}
if (master_key_version != p->kdc_key_ver) {
/* log error reply */
lt = klog(L_ERR_MKV,
- "Key vers incorrect, KRB = %d, \"%s\" \"%s\" = %d",
- master_key_version, p->name, p->instance, p->kdc_key_ver,
- 0);
+ "Incorrect master key version for %s.%s: %d (should be %d)",
+ p->name, p->instance, p->kdc_key_ver, master_key_version);
return KERB_ERR_NAME_MAST_KEY_VER;
}
/* make sure the service hasn't expired */
- if ((u_long) p->exp_date < (u_long) kerb_time.tv_sec) {
+ if ((u_int32_t) p->exp_date < (u_int32_t) kerb_time.tv_sec) {
/* service did expire, log it */
+ time_t t = p->exp_date;
lt = klog(L_ERR_SEXP,
- "EXPIRED \"%s\" \"%s\" %s", p->name, p->instance,
- strtime((time_t*)&(p->exp_date)), 0);
+ "Principal %s.%s expired at %s", p->name, p->instance,
+ krb_stime(&t));
return KERB_ERR_NAME_EXP;
}
/* ok is zero */
return 0;
}
+static void
+unseal(des_cblock *key)
+{
+ kdb_encrypt_key(key, key, &master_key, master_key_schedule, DES_DECRYPT);
+}
+
+
/* Set the key for krb_rd_req so we can check tgt */
static int
set_tgtkey(char *r)
@@ -248,315 +196,236 @@ set_tgtkey(char *r)
if (!strcmp(lastrealm, r))
return (KSUCCESS);
- log("Getting key for %s", r);
+ klog(L_ALL_REQ, "Getting key for %s", r);
- n = kerb_get_principal("krbtgt", r, p, 1, &more);
+ n = kerb_get_principal(KRB_TICKET_GRANTING_TICKET, r, p, 1, &more);
if (n == 0)
return (KFAILURE);
/* unseal tgt key from master key */
- bcopy(&p->key_low, key, 4);
- bcopy(&p->key_high, ((long *) key) + 1, 4);
- kdb_encrypt_key(&key, &key, &master_key,
- master_key_schedule, DES_DECRYPT);
+ copy_to_key(&p->key_low, &p->key_high, key);
+ unseal(&key);
krb_set_key(key, 0);
strcpy(lastrealm, r);
return (KSUCCESS);
}
-static void
-kerberos(struct sockaddr_in *client, KTEXT pkt)
-{
- static KTEXT_ST rpkt_st;
- KTEXT rpkt = &rpkt_st;
- static KTEXT_ST ciph_st;
- KTEXT ciph = &ciph_st;
- static KTEXT_ST tk_st;
- KTEXT tk = &tk_st;
- static KTEXT_ST auth_st;
- KTEXT auth = &auth_st;
- AUTH_DAT ad_st;
- AUTH_DAT *ad = &ad_st;
-
-
- static struct in_addr client_host;
- static int msg_byte_order;
- static int swap_bytes;
- static u_char k_flags;
- u_long lifetime;
- int i;
- des_cblock key;
- des_key_schedule key_s;
- char *ptr;
-
-
-
- ciph->length = 0;
- client_host = client->sin_addr;
-
- /* eval macros and correct the byte order and alignment as needed */
- req_version = pkt_version(pkt); /* 1 byte, version */
- req_msg_type = pkt_msg_type(pkt); /* 1 byte, Kerberos msg type */
-
- req_act_vno = req_version;
-
- /* check packet version */
- if (req_version != KRB_PROT_VERSION) {
- lt = klog(L_KRB_PERR,
- "KRB prot version mismatch: KRB =%d request = %d",
- KRB_PROT_VERSION, req_version, 0);
- /* send an error reply */
- kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt);
- return;
- }
- msg_byte_order = req_msg_type & 1;
-
- swap_bytes = 0;
- if (msg_byte_order != HOST_BYTE_ORDER) {
- swap_bytes++;
+static int
+kerberos(unsigned char *buf, int len,
+ char *proto, struct sockaddr_in *client,
+ struct sockaddr_in *server,
+ KTEXT rpkt)
+{
+ int pvno;
+ int msg_type;
+ int lsb;
+ int life;
+ int flags = 0;
+ char name[ANAME_SZ], inst[INST_SZ], realm[REALM_SZ];
+ char service[SNAME_SZ], sinst[INST_SZ];
+ u_int32_t req_time;
+ static KTEXT_ST ticket, cipher, adat;
+ KTEXT tk = &ticket, ciph = &cipher, auth = &adat;
+ AUTH_DAT ad;
+ des_cblock session, key;
+ int err;
+ Principal a_name, s_name;
+
+ char *msg;
+
+
+ unsigned char *p = buf;
+ if(len < 2){
+ strcpy((char*)rpkt->dat, "Packet too short");
+ return KFAILURE;
}
- klog(L_KRB_PINFO,
- "Prot version: %d, Byte order: %d, Message type: %d",
- req_version, msg_byte_order, req_msg_type);
- switch (req_msg_type & ~1) {
+ gettimeofday(&kerb_time, NULL);
+ pvno = *p++;
+ if(pvno != KRB_PROT_VERSION){
+ msg = klog(L_KRB_PERR, "KRB protocol version mismatch (%d)", pvno);
+ strcpy((char*)rpkt->dat, msg);
+ return KERB_ERR_PKT_VER;
+ }
+ msg_type = *p++;
+ lsb = msg_type & 1;
+ msg_type &= ~1;
+ switch(msg_type){
case AUTH_MSG_KDC_REQUEST:
+ /* XXX range check */
+ p += krb_get_nir(p, name, inst, realm);
+ p += krb_get_int(p, &req_time, 4, lsb);
+ life = *p++;
+ p += krb_get_nir(p, service, sinst, NULL);
+ klog(L_INI_REQ,
+ "AS REQ %s.%s@%s for %s.%s from %s (%s/%u)",
+ name, inst, realm, service, sinst,
+ inet_ntoa(client->sin_addr),
+ proto, ntohs(server->sin_port));
+ if((err = check_princ(name, inst, 0, &a_name))){
+ strcpy((char*)rpkt->dat, krb_get_err_text(err));
+ return err;
+ }
+ tk->length = 0;
+ if((err = check_princ(service, sinst, 0, &s_name))){
+ strcpy((char*)rpkt->dat, krb_get_err_text(err));
+ return err;
+ }
+ life = min(life, s_name.max_life);
+ life = min(life, a_name.max_life);
+
+ des_new_random_key(&session);
+ copy_to_key(&s_name.key_low, &s_name.key_high, key);
+ unseal(&key);
+ krb_create_ticket(tk, flags, a_name.name, a_name.instance,
+ local_realm, client->sin_addr.s_addr,
+ session,
+ life, kerb_time.tv_sec,
+ s_name.name, s_name.instance, &key);
+ copy_to_key(&a_name.key_low, &a_name.key_high, key);
+ unseal(&key);
+ create_ciph(ciph, session, s_name.name, s_name.instance,
+ local_realm, life, s_name.key_version, tk,
+ kerb_time.tv_sec, &key);
+ memset(&session, 0, sizeof(session));
+ memset(&key, 0, sizeof(key));
{
- u_long req_life; /* Requested liftime */
- char *service; /* Service name */
- char *instance; /* Service instance */
-
- n_auth_req++;
- tk->length = 0;
- k_flags = 0; /* various kerberos flags */
-
-
- /* set up and correct for byte order and alignment */
- req_name_ptr = (char *) pkt_a_name(pkt);
- req_inst_ptr = (char *) pkt_a_inst(pkt);
- req_realm_ptr = (char *) pkt_a_realm(pkt);
- bcopy(pkt_time_ws(pkt), &req_time_ws, sizeof(req_time_ws));
- /* time has to be diddled */
- if (swap_bytes) {
- swap_u_long(req_time_ws);
- }
- ptr = (char *) pkt_time_ws(pkt) + 4;
-
- req_life = (unsigned char) (*ptr++);
-
- service = ptr;
- instance = ptr + strlen(service) + 1;
-
- rpkt = &rpkt_st;
- klog(L_INI_REQ,
- "Initial ticket request Host: %s User: \"%s\" \"%s\"",
- inet_ntoa(client_host), req_name_ptr, req_inst_ptr, 0);
-
- if ((i = check_princ(req_name_ptr, req_inst_ptr, 0,
- &a_name_data))) {
- kerb_err_reply(client, pkt, i, lt);
- return;
- }
- tk->length = 0; /* init */
- if (strcmp(service, "krbtgt"))
- klog(L_NTGT_INTK,
- "INITIAL request from %s.%s for %s.%s",
- req_name_ptr, req_inst_ptr, service, instance, 0);
- /* this does all the checking */
- if ((i = check_princ(service, instance, 0,
- &s_name_data))) {
- kerb_err_reply(client, pkt, i, lt);
- return;
- }
- /* Bound requested lifetime with service and user */
- lifetime = min(req_life, ((u_long) s_name_data.max_life));
- lifetime = min(lifetime, ((u_long) a_name_data.max_life));
-
-#ifdef NOENCRYPTION
- bzero(session_key, sizeof(des_cblock));
-#else
- des_new_random_key(&session_key);
-#endif
- /* unseal server's key from master key */
- bcopy(&s_name_data.key_low, key, 4);
- bcopy(&s_name_data.key_high, ((long *) key) + 1, 4);
- kdb_encrypt_key(&key, &key, &master_key,
- master_key_schedule, DES_DECRYPT);
- /* construct and seal the ticket */
- krb_create_ticket(tk, k_flags, a_name_data.name,
- a_name_data.instance, local_realm,
- client_host.s_addr, session_key, lifetime, kerb_time.tv_sec,
- s_name_data.name, s_name_data.instance, &key);
- bzero(key, sizeof(key));
- bzero(key_s, sizeof(key_s));
-
- /*
- * get the user's key, unseal it from the server's key, and
- * use it to seal the cipher
- */
-
- /* a_name_data.key_low a_name_data.key_high */
- bcopy(&a_name_data.key_low, key, 4);
- bcopy(&a_name_data.key_high, ((long *) key) + 1, 4);
-
- /* unseal the a_name key from the master key */
- kdb_encrypt_key(&key, &key, &master_key,
- master_key_schedule, DES_DECRYPT);
-
- create_ciph(ciph, session_key, s_name_data.name,
- s_name_data.instance, local_realm, lifetime,
- s_name_data.key_version, tk, kerb_time.tv_sec, &key);
-
- /* clear session key */
- bzero(session_key, sizeof(session_key));
-
- bzero(key, sizeof(key));
-
-
-
- /* always send a reply packet */
- rpkt = create_auth_reply(req_name_ptr, req_inst_ptr,
- req_realm_ptr, req_time_ws, 0, a_name_data.exp_date,
- a_name_data.key_version, ciph);
- sendto(f, rpkt->dat, rpkt->length, 0, (struct sockaddr*)client, S_AD_SZ);
- bzero(&a_name_data, sizeof(a_name_data));
- bzero(&s_name_data, sizeof(s_name_data));
- break;
+ KTEXT r;
+ r = create_auth_reply(name, inst, realm, req_time, 0,
+ a_name.exp_date, a_name.key_version, ciph);
+ memcpy(rpkt, r, sizeof(*rpkt));
}
+ return 0;
case AUTH_MSG_APPL_REQUEST:
- {
- u_long time_ws; /* Workstation time */
- u_long req_life; /* Requested liftime */
- char *service; /* Service name */
- char *instance; /* Service instance */
- int kerno; /* Kerberos error number */
- char tktrlm[REALM_SZ];
-
- n_appl_req++;
- tk->length = 0;
- k_flags = 0; /* various kerberos flags */
-
- auth->length = 4 + strlen((char*)pkt->dat + 3);
- auth->length += (int) *(pkt->dat + auth->length) +
- (int) *(pkt->dat + auth->length + 1) + 2;
-
- bcopy(pkt->dat, auth->dat, auth->length);
-
- strncpy(tktrlm, (char*)(auth->dat + 3), REALM_SZ);
- if (set_tgtkey(tktrlm)) {
- lt = klog(L_ERR_UNK,
- "FAILED realm %s unknown. Host: %s ",
- tktrlm, inet_ntoa(client_host));
- kerb_err_reply(client, pkt, kerno, lt);
- return;
- }
- kerno = krb_rd_req(auth, "ktbtgt", tktrlm, client_host.s_addr,
- ad, 0);
-
- if (kerno) {
- klog(L_ERR_UNK, "FAILED krb_rd_req from %s: %s",
- inet_ntoa(client_host), krb_err_txt[kerno]);
- kerb_err_reply(client, pkt, kerno, "krb_rd_req failed");
- return;
- }
- ptr = (char *) pkt->dat + auth->length;
-
- bcopy(ptr, &time_ws, 4);
- ptr += 4;
-
- req_life = (unsigned char) (*ptr++);
-
- service = ptr;
- instance = ptr + strlen(service) + 1;
+ strcpy(realm, (char*)buf + 3);
+ if((err = set_tgtkey(realm))){
+ msg = klog(L_ERR_UNK,
+ "Unknown realm %s from %s (%s/%u)",
+ realm, inet_ntoa(client->sin_addr),
+ proto, ntohs(server->sin_port));
+ strcpy((char*)rpkt->dat, msg);
+ return err;
+ }
+ p = buf + strlen(realm) + 4;
+ p = p + p[0] + p[1] + 2;
+ auth->length = p - buf;
+ memcpy(auth->dat, buf, auth->length);
+ err = krb_rd_req(auth, KRB_TICKET_GRANTING_TICKET,
+ realm, client->sin_addr.s_addr, &ad, 0);
+ if(err){
+ msg = klog(L_ERR_UNK,
+ "krb_rd_req from %s (%s/%u): %s",
+ inet_ntoa(client->sin_addr),
+ proto,
+ ntohs(server->sin_port),
+ krb_get_err_text(err));
+ strcpy((char*)rpkt->dat, msg);
+ return err;
+ }
+ p += krb_get_int(p, &req_time, 4, lsb);
+ life = *p++;
+ p += krb_get_nir(p, service, sinst, NULL);
+ klog(L_APPL_REQ,
+ "APPL REQ %s.%s@%s for %s.%s from %s (%s/%u)",
+ ad.pname, ad.pinst, ad.prealm,
+ service, sinst,
+ inet_ntoa(client->sin_addr),
+ proto,
+ ntohs(server->sin_port));
+
+ if(strcmp(ad.prealm, realm)){
+ msg = klog(L_ERR_UNK, "Can't hop realms: %s -> %s",
+ realm, ad.prealm);
+ strcpy((char*)rpkt->dat, msg);
+ return KERB_ERR_PRINCIPAL_UNKNOWN;
+ }
- klog(L_APPL_REQ, "APPL Request %s.%s@%s on %s for %s.%s",
- ad->pname, ad->pinst, ad->prealm, inet_ntoa(client_host),
- service, instance, 0);
+ if(!strcmp(service, "changepw")){
+ strcpy((char*)rpkt->dat,
+ "Can't authorize password changed based on TGT");
+ return KERB_ERR_PRINCIPAL_UNKNOWN;
+ }
- if (strcmp(ad->prealm, tktrlm)) {
- kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN,
- "Can't hop realms");
- return;
- }
- if (!strcmp(service, "changepw")) {
- kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN,
- "Can't authorize password changed based on TGT");
- return;
- }
- kerno = check_princ(service, instance, req_life,
- &s_name_data);
- if (kerno) {
- kerb_err_reply(client, pkt, kerno, lt);
- return;
- }
- /* Bound requested lifetime with service and user */
- lifetime = min(req_life,
- krb_time_to_life(kerb_time.tv_sec,krb_life_to_time(ad->time_sec,ad->life)));
- lifetime = min(lifetime, ((u_long) s_name_data.max_life));
-
- /* unseal server's key from master key */
- bcopy(&s_name_data.key_low, key, 4);
- bcopy(&s_name_data.key_high, ((long *) key) + 1, 4);
- kdb_encrypt_key(&key, &key, &master_key,
- master_key_schedule, DES_DECRYPT);
- /* construct and seal the ticket */
-
-#ifdef NOENCRYPTION
- bzero(session_key, sizeof(des_cblock));
-#else
- des_new_random_key(&session_key);
-#endif
-
- krb_create_ticket(tk, k_flags, ad->pname, ad->pinst,
- ad->prealm, client_host.s_addr,
- session_key, lifetime, kerb_time.tv_sec,
- s_name_data.name, s_name_data.instance,
- &key);
- bzero(key, sizeof(key));
- bzero(key_s, sizeof(key_s));
-
- create_ciph(ciph, session_key, service, instance,
- local_realm,
- lifetime, s_name_data.key_version, tk,
- kerb_time.tv_sec, &ad->session);
-
- /* clear session key */
- bzero(session_key, sizeof(session_key));
-
- bzero(ad->session, sizeof(ad->session));
-
- rpkt = create_auth_reply(ad->pname, ad->pinst,
- ad->prealm, time_ws,
- 0, 0, 0, ciph);
- sendto(f, rpkt->dat, rpkt->length, 0, (struct sockaddr*)client, S_AD_SZ);
- bzero(&s_name_data, sizeof(s_name_data));
- break;
+ err = check_princ(service, sinst, life, &s_name);
+ if(err){
+ strcpy((char*)rpkt->dat, krb_get_err_text(err));
+ return err;
}
+ life = min(life,
+ krb_time_to_life(kerb_time.tv_sec,
+ krb_life_to_time(ad.time_sec,
+ ad.life)));
+ life = min(life, s_name.max_life);
+ copy_to_key(&s_name.key_low, &s_name.key_high, key);
+ unseal(&key);
+ des_new_random_key(&session);
+ krb_create_ticket(tk, flags, ad.pname, ad.pinst, ad.prealm,
+ client->sin_addr.s_addr, &session,
+ life, kerb_time.tv_sec,
+ s_name.name, s_name.instance,
+ &key);
+
+ memset(&key, 0, sizeof(key));
+ create_ciph(ciph, session, service, sinst, local_realm,
+ life, s_name.key_version, tk,
+ kerb_time.tv_sec, &ad.session);
-#ifdef notdef_DIE
- case AUTH_MSG_DIE:
+ memset(&session, 0, sizeof(session));
+ memset(ad.session, 0, sizeof(ad.session));
{
- lt = klog(L_DEATH_REQ,
- "Host: %s User: \"%s\" \"%s\" Kerberos killed",
- inet_ntoa(client_host), req_name_ptr, req_inst_ptr, 0);
- exit(0);
+ KTEXT r;
+ r =create_auth_reply(ad.pname, ad.pinst, ad.prealm,
+ req_time, 0, 0, 0, ciph);
+ memcpy(rpkt, r, sizeof(*rpkt));
}
-#endif /* notdef_DIE */
-
+ memset(&s_name, 0, sizeof(s_name));
+ return 0;
+
+ case AUTH_MSG_ERR_REPLY:
+ return -1;
default:
- {
- lt = klog(L_KRB_PERR,
- "Unknown message type: %d from %s port %u",
- req_msg_type, inet_ntoa(client_host),
- ntohs(client->sin_port));
- break;
- }
+ msg = klog(L_KRB_PERR,
+ "Unknown message type: %d from %s (%s/%u)",
+ msg_type,
+ inet_ntoa(client->sin_addr),
+ proto,
+ ntohs(server->sin_port));
+ strcpy((char*)rpkt->dat, msg);
+ return KFAILURE;
+ }
+}
+
+
+static void
+kerberos_wrap(int s, KTEXT data, char *proto, struct sockaddr_in *client,
+ struct sockaddr_in *server)
+{
+ KTEXT_ST pkt;
+ int http_flag = strcmp(proto, "http") == 0;
+ int err = kerberos(data->dat, data->length, proto, client, server, &pkt);
+ if(err == -1)
+ return;
+ if(http_flag){
+ const char *msg =
+ "HTTP/1.1 200 OK\r\n"
+ "Server: KTH-KRB/" VERSION "\r\n"
+ "Content-type: application/octet-stream\r\n"
+ "Content-transfer-encoding: binary\r\n\r\n";
+ sendto(s, msg, strlen(msg), 0, (struct sockaddr *)client,
+ sizeof(*client));
+ }
+ if(err){
+ kerb_err_reply(s, client, err, (char*)pkt.dat);
+ return;
}
+ sendto(s, pkt.dat, pkt.length, 0, (struct sockaddr *)client,
+ sizeof(*client));
}
+
/*
* setup_disc
*
@@ -570,16 +439,16 @@ setup_disc(void)
int s;
for (s = 0; s < 3; s++) {
- (void) close(s);
+ close(s);
}
- (void) open("/dev/null", 0);
- (void) dup2(0, 1);
- (void) dup2(0, 2);
+ open("/dev/null", 0);
+ dup2(0, 1);
+ dup2(0, 2);
setsid();
- (void) chdir("/tmp");
+ chdir("/tmp");
return;
}
@@ -589,7 +458,8 @@ setup_disc(void)
* Exit if it is; we don't want to tell lies.
*/
-static void check_db_age(void)
+static void
+check_db_age(void)
{
long age;
@@ -609,25 +479,159 @@ static void check_db_age(void)
}
}
+struct descr{
+ int s;
+ KTEXT_ST buf;
+ int type;
+ int timeout;
+ struct sockaddr_in addr;
+};
+
+static void
+mksocket(struct descr *d, struct in_addr addr, int type,
+ const char *service, int port)
+{
+ int on = 1;
+ int sock;
+
+ memset(d, 0, sizeof(struct descr));
+ if ((sock = socket(AF_INET, type, 0)) < 0)
+ err (1, "socket");
+ if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on,
+ sizeof(on)) < 0)
+ warn ("setsockopt (SO_REUSEADDR)");
+ memset(&d->addr, 0, sizeof(d->addr));
+ d->addr.sin_family = AF_INET;
+ d->addr.sin_port = port;
+ d->addr.sin_addr = addr;
+ if (bind(sock, (struct sockaddr *)&d->addr, sizeof(d->addr)) < 0)
+ err (1, "bind '%s/%s' (%d)",
+ service, (type == SOCK_DGRAM) ? "udp" : "tcp",
+ ntohs(d->addr.sin_port));
+
+ if(type == SOCK_STREAM)
+ listen(sock, SOMAXCONN);
+ d->s = sock;
+ d->type = type;
+}
+
+
+static void loop(struct descr *fds, int maxfd);
+
+struct port_spec {
+ int port;
+ int type;
+};
+
+static int
+add_port(struct port_spec **ports, int *num_ports, int port, int type)
+{
+ struct port_spec *tmp;
+ tmp = realloc(*ports, (*num_ports + 1) * sizeof(*tmp));
+ if(tmp == NULL)
+ return ENOMEM;
+ *ports = tmp;
+ tmp[*num_ports].port = port;
+ tmp[*num_ports].type = type;
+ (*num_ports)++;
+ return 0;
+}
+
+void make_sockets(char *port_spec, struct in_addr *i_addr,
+ struct descr **fds, int *nfds)
+{
+ int tp;
+ struct in_addr *a;
+ char *p, *q, *pos = NULL;
+ struct servent *sp;
+ struct port_spec *ports = NULL;
+ int num_ports = 0;
+ int i, j;
+
+
+ for(p = strtok_r(port_spec, " \t", &pos);
+ p;
+ p = strtok_r(NULL, " \t", &pos)){
+ if(strcmp(p, "+") == 0){
+ add_port(&ports, &num_ports, 88, SOCK_DGRAM);
+ add_port(&ports, &num_ports, 88, SOCK_STREAM);
+ add_port(&ports, &num_ports, 750, SOCK_DGRAM);
+ add_port(&ports, &num_ports, 750, SOCK_STREAM);
+ }else{
+ q = strchr(p, '/');
+ if(q){
+ *q = 0;
+ q++;
+ }
+ sp = getservbyname(p, q);
+ if(sp)
+ tp = ntohs(sp->s_port);
+ else if(sscanf(p, "%d", &tp) != 1) {
+ warnx("Unknown port: %s%s%s", p, q ? "/" : "", q ? q : "");
+ continue;
+ }
+ if(q){
+ if(strcasecmp(q, "tcp") == 0)
+ add_port(&ports, &num_ports, tp, SOCK_STREAM);
+ else if(strcasecmp(q, "udp") == 0)
+ add_port(&ports, &num_ports, tp, SOCK_DGRAM);
+ else
+ warnx("Unknown protocol type: %s", q);
+ }else{
+ add_port(&ports, &num_ports, tp, SOCK_DGRAM);
+ add_port(&ports, &num_ports, tp, SOCK_STREAM);
+ }
+ }
+ }
+
+ if(num_ports == 0)
+ errx(1, "No valid ports specified!");
+
+ if (i_addr) {
+ *nfds = 1;
+ a = malloc(sizeof(*a) * *nfds);
+ memcpy(a, i_addr, sizeof(struct in_addr));
+ } else
+ *nfds = k_get_all_addrs (&a);
+ if (*nfds < 0) {
+ struct in_addr any;
+
+ any.s_addr = INADDR_ANY;
+
+ warnx ("Could not get local addresses, binding to INADDR_ANY");
+ *nfds = 1;
+ a = malloc(sizeof(*a) * *nfds);
+ memcpy(a, &any, sizeof(struct in_addr));
+ }
+ *fds = malloc(*nfds * num_ports * sizeof(**fds));
+ for (i = 0; i < *nfds; i++) {
+ for(j = 0; j < num_ports; j++) {
+ mksocket(*fds + num_ports * i + j, a[i],
+ ports[j].type, "", htons(ports[j].port));
+ }
+ }
+ *nfds *= num_ports;
+ free(ports);
+ free (a);
+}
+
+
int
main(int argc, char **argv)
{
- struct sockaddr_in from;
- register int n;
- int on = 1;
int child;
- struct servent *sp;
- int fromlen;
- static KTEXT_ST pkt_st;
- KTEXT pkt = &pkt_st;
- int kerror;
int c;
- extern char *optarg;
- extern int optind;
+ struct descr *fds;
+ int nfds;
+ int n;
+ int kerror;
+ int i_flag = 0;
+ struct in_addr i_addr;
+ char *port_spec = "+";
- progname = argv[0];
+ umask(077); /* Create protected files */
- while ((c = getopt(argc, argv, "snmp:a:l:r:")) != -1) {
+ while ((c = getopt(argc, argv, "snmp:P:a:l:r:i:")) != EOF) {
switch(c) {
case 's':
/*
@@ -637,10 +641,6 @@ main(int argc, char **argv)
max_age = ONE_DAY; /* 24 hours */
if (pause_int == -1)
pause_int = FIVE_MINUTES; /* 5 minutes */
- if (lflag == 0) {
- log_file = KRBSLAVELOG;
- lflag++;
- }
break;
case 'n':
max_age = -1; /* don't check max age. */
@@ -659,6 +659,9 @@ main(int argc, char **argv)
usage();
}
break;
+ case 'P':
+ port_spec = optarg;
+ break;
case 'a':
/* Set max age. */
if (!isdigit(optarg[0]))
@@ -671,7 +674,6 @@ main(int argc, char **argv)
break;
case 'l':
/* Set alternate log file */
- lflag++;
log_file = optarg;
break;
case 'r':
@@ -679,12 +681,20 @@ main(int argc, char **argv)
rflag++;
strcpy(local_realm, optarg);
break;
+ case 'i':
+ /* Only listen on this address */
+ if(inet_aton (optarg, &i_addr) == 0) {
+ fprintf (stderr, "Bad address: %s\n", optarg);
+ exit (1);
+ }
+ ++i_flag;
+ break;
default:
usage();
break;
}
}
-
+
if (optind == (argc-1)) {
if (kerb_db_set_name(argv[optind]) != 0) {
fprintf(stderr, "Could not set alternate database name\n");
@@ -707,40 +717,22 @@ main(int argc, char **argv)
if (mflag)
printf("\tMaster key will be entered manually\n");
- printf("\tLog file is %s\n", lflag ? log_file : KRBLOG);
+ printf("\tLog file is %s\n", log_file);
- if (lflag)
- kset_logfile(log_file);
+ kset_logfile(log_file);
/* find our hostname, and use it as the instance */
- if (gethostname(k_instance, INST_SZ)) {
- fprintf(stderr, "%s: gethostname error\n", progname);
- exit(1);
- }
-
- if ((sp = getservbyname("kerberos", "udp")) == 0) {
- fprintf(stderr, "%s: udp/kerberos unknown service\n", progname);
- exit(1);
- }
- sina.sin_port = sp->s_port;
+ if (k_gethostname(k_instance, INST_SZ))
+ err (1, "gethostname");
- if ((f = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
- fprintf(stderr, "%s: Can't open socket\n", progname);
- exit(1);
- }
- if (setsockopt(f, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) < 0)
- fprintf(stderr, "%s: setsockopt (SO_REUSEADDR)\n", progname);
+ make_sockets(port_spec, i_flag ? &i_addr : NULL, &fds, &nfds);
- if (bind(f, (struct sockaddr*)&sina, sizeof(sina)) < 0) {
- fprintf(stderr, "%s: Can't bind socket\n", progname);
- exit(1);
- }
/* do all the database and cache inits */
if ((n = kerb_init())) {
if (mflag) {
printf("Kerberos db and cache init ");
printf("failed = %d ...exiting\n", n);
- exit(-1);
+ exit (1);
} else {
klog(L_KRB_PERR,
"Kerberos db and cache init failed = %d ...exiting", n);
@@ -753,15 +745,15 @@ main(int argc, char **argv)
/* setup master key */
if (kdb_get_master_key (mflag, &master_key, master_key_schedule) != 0) {
- klog (L_KRB_PERR, "kerberos: couldn't get master key.\n");
- exit (-1);
+ klog (L_KRB_PERR, "kerberos: couldn't get master key.");
+ exit (1);
}
kerror = kdb_verify_master_key (&master_key, master_key_schedule, stdout);
if (kerror < 0) {
klog (L_KRB_PERR, "Can't verify master key.");
- bzero (master_key, sizeof (master_key));
- bzero (master_key_schedule, sizeof (master_key_schedule));
- exit (-1);
+ memset(master_key, 0, sizeof (master_key));
+ memset (master_key_schedule, 0, sizeof (master_key_schedule));
+ exit (1);
}
master_key_version = (u_char) kerror;
@@ -790,28 +782,170 @@ main(int argc, char **argv)
}
setup_disc();
}
+
+ klog(L_ALL_REQ, "Starting Kerberos for %s (kvno %d)",
+ local_realm, master_key_version);
+
/* receive loop */
+ loop(fds, nfds);
+ exit(1);
+}
+
+
+void
+read_socket(struct descr *n)
+{
+ int b;
+ struct sockaddr_in from;
+ int fromlen = sizeof(from);
+ b = recvfrom(n->s, n->buf.dat + n->buf.length,
+ MAX_PKT_LEN - n->buf.length, 0,
+ (struct sockaddr *)&from, &fromlen);
+ if(b < 0){
+ if(n->type == SOCK_STREAM){
+ close(n->s);
+ n->s = -1;
+ }
+ n->buf.length = 0;
+ return;
+ }
+ n->buf.length += b;
+ if(n->type == SOCK_STREAM){
+ char *proto = "tcp";
+ if(n->buf.length > 4 &&
+ strncmp(n->buf.dat, "GET ", 4) == 0 &&
+ strncmp(n->buf.dat + n->buf.length - 4,
+ "\r\n\r\n", 4) == 0){
+ char *p;
+ n->buf.dat[n->buf.length - 1] = 0;
+ strtok(n->buf.dat, " \t\r\n");
+ p = strtok(NULL, " \t\r\n");
+ if(p == NULL)
+ p = "";
+ if(*p == '/') p++;
+ p = strdup(p);
+ n->buf.length = base64_decode(p, n->buf.dat);
+ free(p);
+ if(n->buf.length <= 0){
+ const char *msg =
+ "HTTP/1.1 404 Not found\r\n"
+ "Server: KTH-KRB/" VERSION "\r\n"
+ "Content-type: text/html\r\n"
+ "Content-transfer-encoding: 8bit\r\n\r\n"
+ "<TITLE>404 Not found</TITLE>\r\n"
+ "<H1>404 Not found</H1>\r\n"
+ "That page does not exist. Information about "
+ "<A HREF=\"http://www.pdc.kth.se/kth-krb\">KTH-KRB</A> "
+ "is available elsewhere.\r\n";
+ write(n->s, msg, strlen(msg));
+ close(n->s);
+ n->s = -1;
+ n->buf.length = 0;
+ return;
+ }
+ proto = "http";
+ b = 0;
+ }
+ else if(n->buf.length >= 4 && n->buf.dat[0] == 0){
+ /* if this is a new type of packet (with
+ the length attached to the head of the
+ packet), and there is no more data to
+ be read, fake an old packet, so the
+ code below will work */
+ u_int32_t len;
+ krb_get_int(n->buf.dat, &len, 4, 0);
+ if(n->buf.length == len + 4){
+ memmove(n->buf.dat, n->buf.dat + 4, len);
+ b = 0;
+ }
+ }
+ if(b == 0){
+ /* handle request if there are
+ no more bytes to read */
+ fromlen = sizeof(from);
+ getpeername(n->s,(struct sockaddr*)&from, &fromlen);
+ kerberos_wrap(n->s, &n->buf, proto, &from,
+ &n->addr);
+ n->buf.length = 0;
+ close(n->s);
+ n->s = -1;
+ }
+ }else{
+ /* udp packets are atomic */
+ kerberos_wrap(n->s, &n->buf, "udp", &from,
+ &n->addr);
+ n->buf.length = 0;
+ }
+}
+
+static void
+loop(struct descr *fds, int nfds)
+{
for (;;) {
- fromlen = S_AD_SZ;
- n = recvfrom(f, pkt->dat, MAX_PKT_LEN, 0, (struct sockaddr*)&from, &fromlen);
- if (n > 0) {
- pkt->length = n;
- pkt->mbz = 0; /* force zeros to catch runaway strings */
- /* see what is left in the input queue */
- ioctl(f, FIONREAD, &q_bytes);
- gettimeofday(&kerb_time, NULL);
- q_n++;
- max_q_n = max(max_q_n, q_n);
- n_packets++;
- klog(L_NET_INFO,
- "q_byt %d, q_n %d, rd_byt %d, mx_q_b %d, mx_q_n %d, n_pkt %d",
- q_bytes, q_n, n, max_q_bytes, max_q_n, n_packets, 0);
- max_q_bytes = max(max_q_bytes, q_bytes);
- if (!q_bytes)
- q_n = 0; /* reset consecutive packets */
- kerberos(&from, pkt);
- } else
- klog(L_NET_ERR,
- "%s: bad recvfrom n = %d errno = %d", progname, n, errno, 0);
+ int ret;
+ fd_set readfds;
+ struct timeval tv;
+ int maxfd = 0;
+ struct descr *n, *minfree;
+ int accepted; /* accept at most one socket per `round' */
+
+ FD_ZERO(&readfds);
+ gettimeofday(&tv, NULL);
+ maxfd = 0;
+ minfree = NULL;
+ /* Remove expired TCP sockets, and add all other
+ to the set we are selecting on */
+ for(n = fds; n < fds + nfds; n++){
+ if(n->s >= 0 && n->timeout && tv.tv_sec > n->timeout){
+ kerb_err_reply(n->s, NULL, KERB_ERR_TIMEOUT, "Timeout");
+ close(n->s);
+ n->s = -1;
+ }
+ if(n->s < 0){
+ if(minfree == NULL) minfree = n;
+ continue;
+ }
+ FD_SET(n->s, &readfds);
+ maxfd = max(maxfd, n->s);
+ }
+ /* add more space for sockets */
+ if(minfree == NULL){
+ int i = nfds;
+ struct descr *new;
+ nfds *=2;
+ new = realloc(fds, sizeof(struct descr) * nfds);
+ if(new){
+ fds = new;
+ minfree = fds + i;
+ for(; i < nfds; i++) fds[i].s = -1;
+ }
+ }
+ ret = select(maxfd + 1, &readfds, 0, 0, 0);
+ accepted = 0;
+ for (n = fds; n < fds + nfds; n++){
+ if(n->s < 0) continue;
+ if (FD_ISSET(n->s, &readfds)){
+ if(n->type == SOCK_STREAM && n->timeout == 0){
+ /* add accepted socket to list of sockets we are
+ selecting on */
+ int s;
+ if(accepted) continue;
+ accepted = 1;
+ s = accept(n->s, NULL, 0);
+ if(minfree == NULL){
+ kerb_err_reply(s, NULL, KFAILURE, "Out of memory");
+ close(s);
+ }else{
+ minfree->s = s;
+ minfree->type = SOCK_STREAM;
+ gettimeofday(&tv, NULL);
+ minfree->timeout = tv.tv_sec + 4; /* XXX */
+ minfree->buf.length = 0;
+ memcpy(&minfree->addr, &n->addr, sizeof(minfree->addr));
+ }
+ }else
+ read_socket(n);
+ }
+ }
}
}
diff --git a/kerberosIV/kinit/kinit.c b/kerberosIV/kinit/kinit.c
index bd7ca653887..d3aa92b8661 100644
--- a/kerberosIV/kinit/kinit.c
+++ b/kerberosIV/kinit/kinit.c
@@ -1,4 +1,7 @@
-/* $Id: kinit.c,v 1.1 1995/12/14 06:52:51 tholo Exp $ */
+/* $Id: kinit.c,v 1.2 1997/11/28 12:48:47 art Exp $ */
+/* $KTH: kinit.c,v 1.15 1997/03/30 18:58:46 assar Exp $ */
+
+
/*-
* Copyright 1987, 1988 by the Student Information Processing Board
@@ -28,55 +31,50 @@
* -r[realm]
* -v[erbose]
* -l[ifetime]
+ * -p
*/
#include <kuser_locl.h>
#include <sys/param.h>
#define LIFE DEFAULT_TKT_LIFE /* lifetime of ticket in 5-minute units */
+#define CHPASSLIFE 2
-char *progname;
+char progname[] = "kinit";
static void
-get_input(s, size, stream)
-char *s;
-int size;
-FILE *stream;
+get_input(char *s, int size, FILE *stream)
{
- char *p;
+ char *p;
- if (fgets(s, size, stream) == NULL)
- exit(1);
- if ( (p = strchr(s, '\n')) != NULL)
- *p = '\0';
+ if (fgets(s, size, stream) == NULL)
+ exit(1);
+ if ( (p = strchr(s, '\n')) != NULL)
+ *p = '\0';
}
-
static void
-usage()
+usage(void)
{
- fprintf(stderr, "Usage: %s [-irvl] [name]\n", progname);
+ fprintf(stderr, "Usage: %s [-irvlp] [name]\n", progname);
exit(1);
}
int
-main(argc, argv)
- int argc;
- char *argv[];
+main(int argc, char **argv)
{
char aname[ANAME_SZ];
char inst[INST_SZ];
char realm[REALM_SZ];
char buf[MAXHOSTNAMELEN];
+ char name[MAX_K_NAME_SZ];
char *username = NULL;
- int iflag, rflag, vflag, lflag, lifetime, k_errno;
- register char *cp;
- register i;
+ int iflag, rflag, vflag, lflag, pflag, lifetime, k_errno;
+ int i;
*inst = *realm = '\0';
- iflag = rflag = vflag = lflag = 0;
+ iflag = rflag = vflag = lflag = pflag = 0;
lifetime = LIFE;
- progname = (cp = strrchr(*argv, '/')) ? cp + 1 : *argv;
while (--argc) {
if ((*++argv)[0] != '-') {
@@ -99,22 +97,22 @@ main(argc, argv)
case 'l':
++lflag;
continue;
+ case 'p':
+ ++pflag; /* chpass-tickets */
+ lifetime = CHPASSLIFE;
+ break;
default:
usage();
- exit(1);
}
}
if (username &&
- (k_errno = kname_parse(aname, inst, realm, username))
- != KSUCCESS) {
- fprintf(stderr, "%s: %s\n", progname, krb_err_txt[k_errno]);
+ (k_errno = kname_parse(aname, inst, realm, username)) != KSUCCESS) {
+ warnx("%s", krb_get_err_text(k_errno));
iflag = rflag = 1;
username = NULL;
}
- if (gethostname(buf, MAXHOSTNAMELEN)) {
- fprintf(stderr, "%s: gethostname failed\n", progname);
- exit(1);
- }
+ if (k_gethostname(buf, MAXHOSTNAMELEN))
+ errx(1, "k_gethostname failed");
printf("%s (%s)\n", ORGANIZATION, buf);
if (username) {
printf("Kerberos Initialization for \"%s", aname);
@@ -126,33 +124,24 @@ main(argc, argv)
} else {
printf("Kerberos Initialization\n");
printf("Kerberos name: ");
- get_input(aname, sizeof(aname), stdin);
- if (!*aname)
- exit(0);
- if (!k_isname(aname)) {
- fprintf(stderr, "%s: bad Kerberos name format\n",
- progname);
- exit(1);
- }
+ get_input(name, sizeof(name), stdin);
+ if (!*name)
+ return 0;
+ if ((k_errno = kname_parse(aname, inst, realm, name)) != KSUCCESS )
+ errx(1, "%s", krb_get_err_text(k_errno));
}
/* optional instance */
if (iflag) {
printf("Kerberos instance: ");
get_input(inst, sizeof(inst), stdin);
- if (!k_isinst(inst)) {
- fprintf(stderr, "%s: bad Kerberos instance format\n",
- progname);
- exit(1);
- }
+ if (!k_isinst(inst))
+ errx(1, "bad Kerberos instance format");
}
if (rflag) {
printf("Kerberos realm: ");
get_input(realm, sizeof(realm), stdin);
- if (!k_isrealm(realm)) {
- fprintf(stderr, "%s: bad Kerberos realm format\n",
- progname);
- exit(1);
- }
+ if (!k_isrealm(realm))
+ errx(1, "bad Kerberos realm format");
}
if (lflag) {
printf("Kerberos ticket lifetime (minutes): ");
@@ -161,24 +150,23 @@ main(argc, argv)
if (lifetime < 5)
lifetime = 1;
else
- lifetime /= krb_time_to_life(0, lifetime*60);
+ lifetime = krb_time_to_life(0, lifetime*60);
/* This should be changed if the maximum ticket lifetime */
/* changes */
if (lifetime > 255)
lifetime = 255;
}
- if (!*realm && krb_get_lrealm(realm, 1)) {
- fprintf(stderr, "%s: krb_get_lrealm failed\n", progname);
- exit(1);
- }
- k_errno = krb_get_pw_in_tkt(aname, inst, realm, "krbtgt", realm,
+ if (!*realm && krb_get_lrealm(realm, 1))
+ errx(1, "krb_get_lrealm failed");
+ k_errno = krb_get_pw_in_tkt(aname, inst, realm,
+ pflag ? PWSERV_NAME :
+ KRB_TICKET_GRANTING_TICKET,
+ pflag ? KADM_SINST : realm,
lifetime, 0);
if (vflag) {
printf("Kerberos realm %s:\n", realm);
- printf("%s\n", krb_err_txt[k_errno]);
- } else if (k_errno) {
- fprintf(stderr, "%s: %s\n", progname, krb_err_txt[k_errno]);
- exit(1);
- }
+ printf("%s\n", krb_get_err_text(k_errno));
+ } else if (k_errno)
+ errx(1, "%s", krb_get_err_text(k_errno));
exit(0);
}
diff --git a/kerberosIV/klist/Makefile b/kerberosIV/klist/Makefile
index 9f9c2acbe57..c0e03f4818f 100644
--- a/kerberosIV/klist/Makefile
+++ b/kerberosIV/klist/Makefile
@@ -1,9 +1,9 @@
# from @(#)Makefile 8.1 (Berkeley) 6/1/93
-# $Id: Makefile,v 1.1 1995/12/14 06:52:50 tholo Exp $
+# $Id: Makefile,v 1.2 1997/11/28 12:48:48 art Exp $
PROG= klist
DPADD= ${LIBKRB} ${LIBDES}
-LDADD= -lkrb -ldes
+LDADD= -lkrb -ldes -lkafs
BINDIR= /usr/bin
.include <bsd.prog.mk>
diff --git a/kerberosIV/klist/klist.c b/kerberosIV/klist/klist.c
index 90ccd7c91c2..e16b353b37c 100644
--- a/kerberosIV/klist/klist.c
+++ b/kerberosIV/klist/klist.c
@@ -1,51 +1,41 @@
-/* $Id: klist.c,v 1.1 1995/12/14 06:52:50 tholo Exp $ */
-
-/*-
- * Copyright 1987, 1988 by the Student Information Processing Board
- * of the Massachusetts Institute of Technology
- *
- * Permission to use, copy, modify, and distribute this software
- * and its documentation for any purpose and without fee is
- * hereby granted, provided that the above copyright notice
- * appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation,
- * and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
- * used in advertising or publicity pertaining to distribution
- * of the software without specific, written prior permission.
- * M.I.T. and the M.I.T. S.I.P.B. make no representations about
- * the suitability of this software for any purpose. It is
- * provided "as is" without express or implied warranty.
- */
+/* $KTH: klist.c,v 1.28 1997/05/26 17:33:50 bg Exp $ */
/*
+ * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
* Lists your current Kerberos tickets.
* Written by Bill Sommerfeld, MIT Project Athena.
*/
-#include <kuser_locl.h>
+#include "kuser_locl.h"
+
+#include <sys/ioctl.h>
+#include <sys/ioccom.h>
+#include <kerberosIV/kafs.h>
-char *whoami; /* What was I invoked as?? */
+static int option_verbose = 0;
+
+static char progname[]="klist";
static char *
-short_date(dp)
- time_t *dp;
+short_date(int32_t dp)
{
- register char *cp;
+ char *cp;
+ time_t t = (time_t)dp;
- if (*dp == (time_t)(-1L)) return "*** Never *** ";
- cp = ctime(dp) + 4;
+ if (t == (time_t)(-1L)) return "*** Never *** ";
+ cp = ctime(&t) + 4;
cp[15] = '\0';
return (cp);
}
static void
-display_tktfile(file, tgt_test, long_form)
-char *file;
-int tgt_test, long_form;
+display_tktfile(char *file, int tgt_test, int long_form)
{
- char pname[ANAME_SZ];
- char pinst[INST_SZ];
- char prealm[REALM_SZ];
+ krb_principal pr;
char buf1[20], buf2[20];
int k_errno;
CREDENTIALS c;
@@ -70,11 +60,11 @@ int tgt_test, long_form;
/* Open ticket file */
if ((k_errno = tf_init(file, R_TKT_FIL))) {
if (!tgt_test)
- fprintf(stderr, "%s: %s\n", whoami, krb_err_txt[k_errno]);
+ warnx("%s", krb_get_err_text(k_errno));
exit(1);
}
/* Close ticket file */
- (void) tf_close();
+ tf_close();
/*
* We must find the realm of the ticket file here before calling
@@ -82,25 +72,25 @@ int tgt_test, long_form;
* really stored in the principal section of the file, the
* routine we use must itself call tf_init and tf_close.
*/
- if ((k_errno = krb_get_tf_realm(file, prealm)) != KSUCCESS) {
+ if ((k_errno = krb_get_tf_realm(file, pr.realm)) != KSUCCESS) {
if (!tgt_test)
- fprintf(stderr, "%s: can't find realm of ticket file: %s\n",
- whoami, krb_err_txt[k_errno]);
+ warnx("can't find realm of ticket file: %s",
+ krb_get_err_text(k_errno));
exit(1);
}
/* Open ticket file */
if ((k_errno = tf_init(file, R_TKT_FIL))) {
if (!tgt_test)
- fprintf(stderr, "%s: %s\n", whoami, krb_err_txt[k_errno]);
+ warnx("%s", krb_get_err_text(k_errno));
exit(1);
}
/* Get principal name and instance */
- if ((k_errno = tf_get_pname(pname)) ||
- (k_errno = tf_get_pinst(pinst))) {
- if (!tgt_test)
- fprintf(stderr, "%s: %s\n", whoami, krb_err_txt[k_errno]);
- exit(1);
+ if ((k_errno = tf_get_pname(pr.name)) ||
+ (k_errno = tf_get_pinst(pr.instance))) {
+ if (!tgt_test)
+ warnx("%s", krb_get_err_text(k_errno));
+ exit(1);
}
/*
@@ -111,19 +101,18 @@ int tgt_test, long_form;
*/
if (!tgt_test && long_form)
- printf("Principal:\t%s%s%s%s%s\n\n", pname,
- (pinst[0] ? "." : ""), pinst,
- (prealm[0] ? "@" : ""), prealm);
+ printf("Principal:\t%s\n\n", krb_unparse_name(&pr));
while ((k_errno = tf_get_cred(&c)) == KSUCCESS) {
if (!tgt_test && long_form && header) {
- printf("%-15s %-15s %s\n",
- " Issued", " Expires", " Principal");
+ printf("%-15s %-15s %s%s\n",
+ " Issued", " Expires", " Principal",
+ option_verbose ? " (kvno)" : "");
header = 0;
}
if (tgt_test) {
c.issue_date = krb_life_to_time(c.issue_date, c.lifetime);
- if (!strcmp(c.service, TICKET_GRANTING_TICKET) &&
- !strcmp(c.instance, prealm)) {
+ if (!strcmp(c.service, KRB_TICKET_GRANTING_TICKET) &&
+ !strcmp(c.instance, pr.realm)) {
if (time(0) < c.issue_date)
exit(0); /* tgt hasn't expired */
else
@@ -132,17 +121,18 @@ int tgt_test, long_form;
continue; /* not a tgt */
}
if (long_form) {
- (void) strcpy(buf1, short_date(&c.issue_date));
+ strcpy(buf1, short_date(c.issue_date));
c.issue_date = krb_life_to_time(c.issue_date, c.lifetime);
if (time(0) < (unsigned long) c.issue_date)
- (void) strcpy(buf2, short_date(&c.issue_date));
+ strcpy(buf2, short_date(c.issue_date));
else
- (void) strcpy(buf2, ">>> Expired <<< ");
+ strcpy(buf2, ">>> Expired <<<");
printf("%s %s ", buf1, buf2);
}
- printf("%s%s%s%s%s\n",
- c.service, (c.instance[0] ? "." : ""), c.instance,
- (c.realm[0] ? "@" : ""), c.realm);
+ printf("%s", krb_unparse_name_long(c.service, c.instance, c.realm));
+ if(long_form && option_verbose)
+ printf(" (%d)", c.kvno);
+ printf("\n");
}
if (tgt_test)
exit(1); /* no tgt found */
@@ -165,12 +155,9 @@ int tgt_test, long_form;
*/
static int
-ok_getst(fd, s, n)
- int fd;
- register char *s;
- int n;
+ok_getst(int fd, char *s, int n)
{
- register count = n;
+ int count = n;
int err;
while ((err = read(fd, s, 1)) > 0 && --count)
if (*s++ == '\0')
@@ -182,8 +169,40 @@ ok_getst(fd, s, n)
}
static void
-display_srvtab(file)
-char *file;
+display_tokens()
+{
+ u_int32_t i;
+ unsigned char t[128];
+ struct ViceIoctl parms;
+ struct ClearToken ct;
+ int size_secret_tok, size_public_tok;
+
+ parms.in = (void *)&i;
+ parms.in_size = sizeof(i);
+ parms.out = (void *)t;
+ parms.out_size = sizeof(t);
+
+ for (i = 0; k_pioctl(NULL, VIOCGETTOK, &parms, 0) == 0; i++) {
+ char *cell;
+ memcpy(&size_secret_tok, t, 4);
+ memcpy(&size_public_tok, t + 4 + size_secret_tok, 4);
+ memcpy(&ct, t + 4 + size_secret_tok + 4, size_public_tok);
+ cell = t + 4 + size_secret_tok + 4 + size_public_tok + 4;
+
+ printf("%-15s ", short_date(ct.BeginTimestamp));
+ printf("%-15s ", short_date(ct.EndTimestamp));
+ if ((ct.EndTimestamp - ct.BeginTimestamp) & 1)
+ printf("User's (AFS ID %d) tokens for %s", ct.ViceId, cell);
+ else
+ printf("Tokens for %s", cell);
+ if (option_verbose)
+ printf(" (%d)", ct.AuthHandle);
+ putchar('\n');
+ }
+}
+
+static void
+display_srvtab(char *file)
{
int stab;
char serv[SNAME_SZ];
@@ -207,44 +226,44 @@ char *file;
while (((count = ok_getst(stab, serv, SNAME_SZ)) > 0)
&& ((count = ok_getst(stab, inst, INST_SZ)) > 0)
&& ((count = ok_getst(stab, rlm, REALM_SZ)) > 0)) {
- if (((count = read(stab,(char *) &vno,1)) != 1) ||
- ((count = read(stab,(char *) key,8)) != 8)) {
+ if (((count = read(stab, &vno,1)) != 1) ||
+ ((count = read(stab, key,8)) != 8)) {
if (count < 0)
- perror("reading from key file");
+ err(1, "reading from key file");
else
- fprintf(stderr, "key file truncated\n");
- exit(1);
+ errx(1, "key file truncated");
}
printf("%-15s %-15s %-15s %d\n",serv,inst,rlm,vno);
}
if (count < 0)
- perror(file);
- (void) close(stab);
+ warn(file);
+ close(stab);
}
static void
-usage()
+usage(void)
{
fprintf(stderr,
- "Usage: %s [ -s | -t ] [ -file filename ] [ -srvtab ]\n", whoami);
+ "Usage: %s [ -v | -s | -t ] [ -f filename ] [-tokens] [-srvtab ]\n",
+ progname);
exit(1);
}
/* ARGSUSED */
int
-main(argc, argv)
- int argc;
- char **argv;
+main(int argc, char **argv)
{
int long_form = 1;
int tgt_test = 0;
int do_srvtab = 0;
+ int do_tokens = 0;
char *tkt_file = NULL;
- char *cp;
-
- whoami = (cp = strrchr(*argv, '/')) ? cp + 1 : *argv;
while (*(++argv)) {
+ if (!strcmp(*argv, "-v")) {
+ option_verbose = 1;
+ continue;
+ }
if (!strcmp(*argv, "-s")) {
long_form = 0;
continue;
@@ -254,10 +273,15 @@ main(argc, argv)
long_form = 0;
continue;
}
+ if (strcmp(*argv, "-tokens") == 0
+ || strcmp(*argv, "-T") == 0) {
+ do_tokens = k_hasafs();
+ continue;
+ }
if (!strcmp(*argv, "-l")) { /* now default */
continue;
}
- if (!strcmp(*argv, "-file")) {
+ if (!strncmp(*argv, "-f", 2)) {
if (*(++argv)) {
tkt_file = *argv;
continue;
@@ -278,5 +302,7 @@ main(argc, argv)
display_srvtab(tkt_file);
else
display_tktfile(tkt_file, tgt_test, long_form);
+ if (long_form && do_tokens)
+ display_tokens();
exit(0);
}
diff --git a/kerberosIV/krb/Makefile b/kerberosIV/krb/Makefile
index d7bf05e3e05..295aa22d559 100644
--- a/kerberosIV/krb/Makefile
+++ b/kerberosIV/krb/Makefile
@@ -1,19 +1,83 @@
# @(#)Makefile 8.1 (Berkeley) 6/1/93
LIB= krb
-CFLAGS+=-I${.CURDIR}
-SRCS= cr_err_reply.c create_auth_reply.c create_ciph.c \
- create_death_packet.c create_ticket.c debug_decl.c decomp_ticket.c \
- dest_tkt.c extract_ticket.c fgetst.c get_ad_tkt.c get_admhst.c \
- get_cred.c get_in_tkt.c get_krbhst.c get_krbrlm.c get_phost.c \
- get_pw_tkt.c get_request.c get_svc_in_tkt.c get_tf_fullname.c \
- get_tf_realm.c getrealm.c getst.c in_tkt.c k_localtime.c klog.c \
- kname_parse.c kntoln.c kparse.c krb_err.c krb_err_txt.c \
- krb_get_in_tkt.c kuserok.c lifetime.c log.c mk_err.c mk_priv.c \
- mk_req.c mk_safe.c month_sname.c netread.c netwrite.c one.c \
- pkt_cipher.c pkt_clen.c rd_err.c rd_priv.c rd_req.c rd_safe.c \
- read_service_key.c recvauth.c save_credentials.c send_to_kdc.c \
- sendauth.c str2key.c tf_util.c tkt_string.c
+CFLAGS+=-I${.CURDIR} -DPARANOIA
+SRCS= cr_err_reply.c \
+ create_auth_reply.c \
+ create_ciph.c \
+ create_death_packet.c \
+ create_ticket.c \
+ dest_tkt.c \
+ get_in_tkt.c \
+ get_svc_in_tkt.c \
+ getrealm.c \
+ k_localtime.c \
+ krb_err_txt.c \
+ krb_get_in_tkt.c \
+ kuserok.c \
+ parse_name.c \
+ kntoln.c \
+ mk_auth.c \
+ krb_check_auth.c \
+ mk_err.c \
+ mk_safe.c \
+ rd_err.c \
+ rd_safe.c \
+ recvauth.c \
+ mk_priv.c \
+ rd_req.c \
+ decomp_ticket.c \
+ lifetime.c \
+ month_sname.c \
+ stime.c \
+ read_service_key.c \
+ getst.c \
+ sendauth.c \
+ netread.c \
+ netwrite.c \
+ rd_priv.c \
+ krb_equiv.c \
+ str2key.c \
+ get_ad_tkt.c \
+ mk_req.c \
+ get_cred.c \
+ get_tf_realm.c \
+ get_tf_fullname.c \
+ one.c \
+ save_credentials.c \
+ send_to_kdc.c \
+ get_host.c \
+ get_krbrlm.c \
+ k_gethostname.c \
+ tf_util.c \
+ debug_decl.c \
+ k_flock.c \
+ tkt_string.c \
+ getaddrs.c \
+ k_getsockinst.c \
+ k_getport.c \
+ lsb_addr_comp.c \
+ name2name.c \
+ get_default_principal.c \
+ realm_parse.c \
+ verify_user.c \
+ rw.c \
+ kdc_reply.c \
+ encrypt_ktext.c \
+ check_time.c \
+ krb_err.c \
+ et_list.c \
+ resolve.c \
+ unparse_name.c \
+ logging.c \
+ k_concat.c \
+ strtok_r.c \
+ asprintf.c \
+ base64.c
+
+# XXX base64.c, strtok_r.c and asprintf.c should really be somewhere else.
+# (or replaced) (they are from libroken)
+
MAN= kerberos.3 krb_realmofhost.3 krb_sendauth.3 krb_set_tkt_string.3 \
kuserok.3 tf_util.3
MLINKS+=kerberos.3 krb_mk_req.3 kerberos.3 krb_rd_req.3 kerberos.3 krb_kntoln.3 \
diff --git a/kerberosIV/krb/asprintf.c b/kerberosIV/krb/asprintf.c
new file mode 100644
index 00000000000..7a08bd181cb
--- /dev/null
+++ b/kerberosIV/krb/asprintf.c
@@ -0,0 +1,556 @@
+/* $KTH: snprintf.c,v 1.15 1997/08/17 08:51:55 assar Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+
+enum format_flags {
+ minus_flag = 1,
+ plus_flag = 2,
+ space_flag = 4,
+ alternate_flag = 8,
+ zero_flag = 16
+};
+
+/*
+ * Common state
+ */
+
+struct state {
+ char *str;
+ char *s;
+ char *theend;
+ size_t sz;
+ size_t max_sz;
+ int (*append_char)(struct state *, char);
+ int (*reserve)(struct state *, size_t);
+ /* XXX - methods */
+};
+
+static int
+sn_reserve (struct state *state, size_t n)
+{
+ return state->s + n > state->theend;
+}
+
+static int
+sn_append_char (struct state *state, char c)
+{
+ if (sn_reserve (state, 1)) {
+ *state->s++ = '\0';
+ return 1;
+ } else {
+ *state->s++ = c;
+ return 0;
+ }
+}
+
+static int
+as_reserve (struct state *state, size_t n)
+{
+ while (state->s + n > state->theend) {
+ int off = state->s - state->str;
+ char *tmp;
+
+ if (state->max_sz && state->sz >= state->max_sz)
+ return 1;
+
+ if (state->max_sz)
+ state->sz = min(state->max_sz, state->sz*2);
+ else
+ state->sz *= 2;
+ tmp = realloc (state->str, state->sz);
+ if (tmp == NULL)
+ return 1;
+ state->str = tmp;
+ state->s = state->str + off;
+ state->theend = state->str + state->sz - 1;
+ }
+ return 0;
+}
+
+static int
+as_append_char (struct state *state, char c)
+{
+ if(as_reserve (state, 1))
+ return 1;
+ else {
+ *state->s++ = c;
+ return 0;
+ }
+}
+
+static int
+append_number(struct state *state,
+ unsigned long num, unsigned base, char *rep,
+ int width, int prec, int flags, int minusp)
+{
+ int len = 0;
+ int i;
+
+ /* given precision, ignore zero flag */
+ if(prec != -1)
+ flags &= ~zero_flag;
+ else
+ prec = 1;
+ /* zero value with zero precision -> "" */
+ if(prec == 0 && num == 0)
+ return 0;
+ do{
+ if((*state->append_char)(state, rep[num % base]))
+ return 1;
+ len++;
+ num /= base;
+ }while(num);
+ prec -= len;
+ /* pad with prec zeros */
+ while(prec-- > 0){
+ if((*state->append_char)(state, '0'))
+ return 1;
+ len++;
+ }
+ /* add length of alternate prefix (added later) to len */
+ if(flags & alternate_flag && (base == 16 || base == 8))
+ len += base / 8;
+ /* pad with zeros */
+ if(flags & zero_flag){
+ width -= len;
+ if(minusp || (flags & space_flag) || (flags & plus_flag))
+ width--;
+ while(width-- > 0){
+ if((*state->append_char)(state, '0'))
+ return 1;
+ len++;
+ }
+ }
+ /* add alternate prefix */
+ if(flags & alternate_flag && (base == 16 || base == 8)){
+ if(base == 16)
+ if((*state->append_char)(state, rep[10] + 23)) /* XXX */
+ return 1;
+ if((*state->append_char)(state, '0'))
+ return 1;
+ }
+ /* add sign */
+ if(minusp){
+ if((*state->append_char)(state, '-'))
+ return 1;
+ len++;
+ } else if(flags & plus_flag) {
+ if((*state->append_char)(state, '+'))
+ return 1;
+ len++;
+ } else if(flags & space_flag) {
+ if((*state->append_char)(state, ' '))
+ return 1;
+ len++;
+ }
+ if(flags & minus_flag)
+ /* swap before padding with spaces */
+ for(i = 0; i < len / 2; i++){
+ char c = state->s[-i-1];
+ state->s[-i-1] = state->s[-len+i];
+ state->s[-len+i] = c;
+ }
+ width -= len;
+ while(width-- > 0){
+ if((*state->append_char)(state, ' '))
+ return 1;
+ len++;
+ }
+ if(!(flags & minus_flag))
+ /* swap after padding with spaces */
+ for(i = 0; i < len / 2; i++){
+ char c = state->s[-i-1];
+ state->s[-i-1] = state->s[-len+i];
+ state->s[-len+i] = c;
+ }
+
+ return 0;
+}
+
+static int
+append_string (struct state *state,
+ char *arg,
+ int width,
+ int prec,
+ int flags)
+{
+ if(prec != -1)
+ width -= prec;
+ else
+ width -= strlen(arg);
+ if(!(flags & minus_flag))
+ while(width-- > 0)
+ if((*state->append_char) (state, ' '))
+ return 1;
+ if (prec != -1) {
+ while (*arg && prec--)
+ if ((*state->append_char) (state, *arg++))
+ return 1;
+ } else {
+ while (*arg)
+ if ((*state->append_char) (state, *arg++))
+ return 1;
+ }
+ if(flags & minus_flag)
+ while(width-- > 0)
+ if((*state->append_char) (state, ' '))
+ return 1;
+ return 0;
+}
+
+static int
+append_char(struct state *state,
+ char arg,
+ int width,
+ int flags)
+{
+ while(!(flags & minus_flag) && --width > 0)
+ if((*state->append_char) (state, ' '))
+ return 1;
+
+ if((*state->append_char) (state, arg))
+ return 1;
+ while((flags & minus_flag) && --width > 0)
+ if((*state->append_char) (state, ' '))
+ return 1;
+
+ return 0;
+}
+
+/*
+ * This can't be made into a function...
+ */
+
+#define PARSE_INT_FORMAT(res, arg, unsig) \
+if (long_flag) \
+ res = va_arg(arg, unsig long); \
+else if (short_flag) \
+ res = va_arg(arg, unsig short); \
+else \
+ res = va_arg(arg, unsig int)
+
+/*
+ * zyxprintf - return 0 or -1
+ */
+
+static int
+xyzprintf (struct state *state, const char *format, va_list ap)
+{
+ char c;
+
+ while((c = *format++)) {
+ if (c == '%') {
+ int flags = 0;
+ int width = 0;
+ int prec = -1;
+ int long_flag = 0;
+ int short_flag = 0;
+
+ /* flags */
+ while((c = *format++)){
+ if(c == '-')
+ flags |= minus_flag;
+ else if(c == '+')
+ flags |= plus_flag;
+ else if(c == ' ')
+ flags |= space_flag;
+ else if(c == '#')
+ flags |= alternate_flag;
+ else if(c == '0')
+ flags |= zero_flag;
+ else
+ break;
+ }
+
+ if((flags & space_flag) && (flags & plus_flag))
+ flags ^= space_flag;
+
+ if((flags & minus_flag) && (flags & zero_flag))
+ flags ^= zero_flag;
+
+ /* width */
+ if (isdigit(c))
+ do {
+ width = width * 10 + c - '0';
+ c = *format++;
+ } while(isdigit(c));
+ else if(c == '*') {
+ width = va_arg(ap, int);
+ c = *format++;
+ }
+
+ /* precision */
+ if (c == '.') {
+ prec = 0;
+ c = *format++;
+ if (isdigit(c))
+ do {
+ prec = prec * 10 + c - '0';
+ c = *format++;
+ } while(isdigit(c));
+ else if (c == '*') {
+ prec = va_arg(ap, int);
+ c = *format++;
+ }
+ }
+
+ /* size */
+
+ if (c == 'h') {
+ short_flag = 1;
+ c = *format++;
+ } else if (c == 'l') {
+ long_flag = 1;
+ c = *format++;
+ }
+
+ switch (c) {
+ case 'c' :
+ if(append_char(state, va_arg(ap, int), width, flags))
+ return -1;
+ break;
+ case 's' :
+ if (append_string(state,
+ va_arg(ap, char*),
+ width,
+ prec,
+ flags))
+ return -1;
+ break;
+ case 'd' :
+ case 'i' : {
+ long arg;
+ unsigned long num;
+ int minusp = 0;
+
+ PARSE_INT_FORMAT(arg, ap, signed);
+
+ if (arg < 0) {
+ minusp = 1;
+ num = -arg;
+ } else
+ num = arg;
+
+ if (append_number (state, num, 10, "0123456789",
+ width, prec, flags, minusp))
+ return -1;
+ break;
+ }
+ case 'u' : {
+ unsigned long arg;
+
+ PARSE_INT_FORMAT(arg, ap, unsigned);
+
+ if (append_number (state, arg, 10, "0123456789",
+ width, prec, flags, 0))
+ return -1;
+ break;
+ }
+ case 'o' : {
+ unsigned long arg;
+
+ PARSE_INT_FORMAT(arg, ap, unsigned);
+
+ if (append_number (state, arg, 010, "01234567",
+ width, prec, flags, 0))
+ return -1;
+ break;
+ }
+ case 'x' : {
+ unsigned long arg;
+
+ PARSE_INT_FORMAT(arg, ap, unsigned);
+
+ if (append_number (state, arg, 0x10, "0123456789abcdef",
+ width, prec, flags, 0))
+ return -1;
+ break;
+ }
+ case 'X' :{
+ unsigned long arg;
+
+ PARSE_INT_FORMAT(arg, ap, unsigned);
+
+ if (append_number (state, arg, 0x10, "0123456789ABCDEF",
+ width, prec, flags, 0))
+ return -1;
+ break;
+ }
+ case 'p' : {
+ unsigned long arg = (unsigned long)va_arg(ap, void*);
+
+ if (append_number (state, arg, 0x10, "0123456789ABCDEF",
+ width, prec, flags, 0))
+ return -1;
+ break;
+ }
+ case 'n' : {
+ int *arg = va_arg(ap, int*);
+ *arg = state->s - state->str;
+ break;
+ }
+ case '%' :
+ if ((*state->append_char)(state, c))
+ return -1;
+ break;
+ default :
+ if ( (*state->append_char)(state, '%')
+ || (*state->append_char)(state, c))
+ return -1;
+ break;
+ }
+ } else
+ if ((*state->append_char) (state, c))
+ return -1;
+ }
+ return 0;
+}
+
+int
+asprintf (char **ret, const char *format, ...)
+{
+ va_list args;
+ int val;
+
+ va_start(args, format);
+ val = vasprintf (ret, format, args);
+
+#ifdef PARANOIA
+ {
+ int ret2;
+ char *tmp;
+ tmp = malloc (val + 1);
+ if (tmp == NULL)
+ abort ();
+
+ ret2 = vsprintf (tmp, format, args);
+ if (val != ret2 || strcmp(*ret, tmp))
+ abort ();
+ free (tmp);
+ }
+#endif
+
+ va_end(args);
+ return val;
+}
+
+int
+asnprintf (char **ret, size_t max_sz, const char *format, ...)
+{
+ va_list args;
+ int val;
+
+ va_start(args, format);
+ val = vasnprintf (ret, max_sz, format, args);
+
+#ifdef PARANOIA
+ {
+ int ret2;
+ char *tmp;
+ tmp = malloc (val + 1);
+ if (tmp == NULL)
+ abort ();
+
+ ret2 = vsprintf (tmp, format, args);
+ if (val != ret2 || strcmp(*ret, tmp))
+ abort ();
+ free (tmp);
+ }
+#endif
+
+ va_end(args);
+ return val;
+}
+
+int
+vasprintf (char **ret, const char *format, va_list args)
+{
+ return vasnprintf (ret, 0, format, args);
+}
+
+
+int
+vasnprintf (char **ret, size_t max_sz, const char *format, va_list args)
+{
+ int st;
+ size_t len;
+ struct state state;
+
+ state.max_sz = max_sz;
+ if (max_sz)
+ state.sz = min(1, max_sz);
+ else
+ state.sz = 1;
+ state.str = malloc(state.sz);
+ if (state.str == NULL) {
+ *ret = NULL;
+ return -1;
+ }
+ state.s = state.str;
+ state.theend = state.s + state.sz - 1;
+ state.append_char = as_append_char;
+ state.reserve = as_reserve;
+
+ st = xyzprintf (&state, format, args);
+ if (st) {
+ free (state.str);
+ *ret = NULL;
+ return -1;
+ } else {
+ char *tmp;
+
+ *state.s = '\0';
+ len = state.s - state.str;
+ tmp = realloc (state.str, len+1);
+ if (state.str == NULL) {
+ free (state.str);
+ *ret = NULL;
+ return -1;
+ }
+ *ret = tmp;
+ return len;
+ }
+}
diff --git a/kerberosIV/krb/base64.c b/kerberosIV/krb/base64.c
new file mode 100644
index 00000000000..4c67412fc64
--- /dev/null
+++ b/kerberosIV/krb/base64.c
@@ -0,0 +1,146 @@
+/* $KTH: base64.c,v 1.1 1997/08/27 22:41:56 joda Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+static char base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+static int pos(char c)
+{
+ char *p;
+ for(p = base64; *p; p++)
+ if(*p == c)
+ return p - base64;
+ return -1;
+}
+
+int base64_encode(const void *data, int size, char **str)
+{
+ char *s, *p;
+ int i;
+ int c;
+ unsigned char *q;
+
+ p = s = (char*)malloc(size*4/3+4);
+ q = (unsigned char*)data;
+ i=0;
+ for(i = 0; i < size;){
+ c=q[i++];
+ c*=256;
+ if(i < size)
+ c+=q[i];
+ i++;
+ c*=256;
+ if(i < size)
+ c+=q[i];
+ i++;
+ p[0]=base64[(c&0x00fc0000) >> 18];
+ p[1]=base64[(c&0x0003f000) >> 12];
+ p[2]=base64[(c&0x00000fc0) >> 6];
+ p[3]=base64[(c&0x0000003f) >> 0];
+ if(i > size)
+ p[3]='=';
+ if(i > size+1)
+ p[2]='=';
+ p+=4;
+ }
+ *p=0;
+ *str = s;
+ return strlen(s);
+}
+
+int base64_decode(const char *str, void *data)
+{
+ const char *p;
+ unsigned char *q;
+ int c;
+ int x;
+ int done = 0;
+ q=(unsigned char*)data;
+ for(p=str; *p && !done; p+=4){
+ x = pos(p[0]);
+ if(x >= 0)
+ c = x;
+ else{
+ done = 3;
+ break;
+ }
+ c*=64;
+
+ x = pos(p[1]);
+ if(x >= 0)
+ c += x;
+ else
+ return -1;
+ c*=64;
+
+ if(p[2] == '=')
+ done++;
+ else{
+ x = pos(p[2]);
+ if(x >= 0)
+ c += x;
+ else
+ return -1;
+ }
+ c*=64;
+
+ if(p[3] == '=')
+ done++;
+ else{
+ if(done)
+ return -1;
+ x = pos(p[3]);
+ if(x >= 0)
+ c += x;
+ else
+ return -1;
+ }
+ if(done < 3)
+ *q++=(c&0x00ff0000)>>16;
+
+ if(done < 2)
+ *q++=(c&0x0000ff00)>>8;
+ if(done < 1)
+ *q++=(c&0x000000ff)>>0;
+ }
+ return q - (unsigned char*)data;
+}
diff --git a/kerberosIV/krb/check_time.c b/kerberosIV/krb/check_time.c
new file mode 100644
index 00000000000..fb00538256d
--- /dev/null
+++ b/kerberosIV/krb/check_time.c
@@ -0,0 +1,56 @@
+/* $KTH: check_time.c,v 1.4 1997/04/01 08:18:18 joda Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+int
+krb_check_tm (struct tm tm)
+{
+ return tm.tm_mon < 0
+ || tm.tm_mon > 11
+ || tm.tm_hour < 0
+ || tm.tm_hour > 23
+ || tm.tm_min < 0
+ || tm.tm_min > 59
+ || tm.tm_sec < 0
+ || tm.tm_sec > 59
+ || tm.tm_year < 1901
+ || tm.tm_year > 2038;
+}
diff --git a/kerberosIV/krb/cr_err_reply.c b/kerberosIV/krb/cr_err_reply.c
index 8feaa6544e2..e2890e9be0d 100644
--- a/kerberosIV/krb/cr_err_reply.c
+++ b/kerberosIV/krb/cr_err_reply.c
@@ -1,42 +1,46 @@
+/* $KTH: cr_err_reply.c,v 1.9 1997/04/01 08:18:19 joda Exp $ */
+
/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/cr_err_reply.c,v $
- *
- * $Locker: $
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
-/*
- Copyright (C) 1989 by the Massachusetts Institute of Technology
-
- Export of this software from the United States of America is assumed
- to require a specific license from the United States Government.
- It is the responsibility of any person or organization contemplating
- export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. M.I.T. makes no representations about the suitability of
-this software for any purpose. It is provided "as is" without express
-or implied warranty.
-
- */
-
#include "krb_locl.h"
/*
- * req_act_vno used to be defined as an extern ("defined in server").
- * However, that does noone anything good, so we define our own so
- * that the shared libraries do not turn up with an undefined variable!
- */
-static int my_req_act_vno = KRB_PROT_VERSION;
-
-/*
* This routine is used by the Kerberos authentication server to
* create an error reply packet to send back to its client.
*
@@ -71,47 +75,25 @@ static int my_req_act_vno = KRB_PROT_VERSION;
*/
void
-cr_err_reply(pkt, pname, pinst, prealm, time_ws, e, e_string)
- KTEXT pkt;
- char *pname; /* Principal's name */
- char *pinst; /* Principal's instance */
- char *prealm; /* Principal's authentication domain */
- u_int32_t time_ws; /* Workstation time */
- u_int32_t e; /* Error code */
- char *e_string; /* Text of error */
+cr_err_reply(KTEXT pkt, char *pname, char *pinst, char *prealm,
+ u_int32_t time_ws, u_int32_t e, char *e_string)
{
- u_char *v = (u_char *) pkt->dat; /* Prot vers number */
- u_char *t = (u_char *)(pkt->dat+1); /* Prot message type */
+ unsigned char *p = pkt->dat;
+
+ p += krb_put_int(KRB_PROT_VERSION, p, 1);
+ p += krb_put_int(AUTH_MSG_ERR_REPLY, p, 1);
+
+ if (pname == NULL) pname = "";
+ if (pinst == NULL) pinst = "";
+ if (prealm == NULL) prealm = "";
- /* Create fixed part of packet */
- *v = (unsigned char) my_req_act_vno; /* KRB_PROT_VERSION; */
- *t = (unsigned char) AUTH_MSG_ERR_REPLY;
- *t |= HOST_BYTE_ORDER;
+ p += krb_put_nir(pname, pinst, prealm, p);
+
+ p += krb_put_int(time_ws, p, 4);
- if (pname == 0)
- pname = "";
- if (pinst == 0)
- pinst = "";
- if (prealm == 0)
- prealm = "";
+ p += krb_put_int(e, p, 4);
- /* Add the basic info */
- (void) strcpy((char *) (pkt->dat+2),pname);
- pkt->length = 3 + strlen(pname);
- (void) strcpy((char *)(pkt->dat+pkt->length),pinst);
- pkt->length += 1 + strlen(pinst);
- (void) strcpy((char *)(pkt->dat+pkt->length),prealm);
- pkt->length += 1 + strlen(prealm);
- /* ws timestamp */
- bcopy((char *) &time_ws,(char *)(pkt->dat+pkt->length),4);
- pkt->length += 4;
- /* err code */
- bcopy((char *) &e,(char *)(pkt->dat+pkt->length),4);
- pkt->length += 4;
- /* err text */
- (void) strcpy((char *)(pkt->dat+pkt->length),e_string);
- pkt->length += 1 + strlen(e_string);
+ p += krb_put_string(e_string, p);
- /* And return */
- return;
+ pkt->length = p - pkt->dat;
}
diff --git a/kerberosIV/krb/create_auth_reply.c b/kerberosIV/krb/create_auth_reply.c
index 80169848cfe..0c2fc35cb8d 100644
--- a/kerberosIV/krb/create_auth_reply.c
+++ b/kerberosIV/krb/create_auth_reply.c
@@ -1,32 +1,43 @@
+/* $KTH: create_auth_reply.c,v 1.11 1997/04/01 08:18:20 joda Exp $ */
+
/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/create_auth_reply.c,v $
- *
- * $Locker: $
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
-/*
- Copyright (C) 1989 by the Massachusetts Institute of Technology
-
- Export of this software from the United States of America is assumed
- to require a specific license from the United States Government.
- It is the responsibility of any person or organization contemplating
- export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. M.I.T. makes no representations about the suitability of
-this software for any purpose. It is provided "as is" without express
-or implied warranty.
-
- */
-
#include "krb_locl.h"
/*
@@ -74,55 +85,47 @@ or implied warranty.
*/
KTEXT
-create_auth_reply(pname, pinst, prealm, time_ws, n, x_date, kvno, cipher)
- char *pname; /* Principal's name */
- char *pinst; /* Principal's instance */
- char *prealm; /* Principal's authentication domain */
- int32_t time_ws; /* Workstation time */
- int n; /* Number of tickets */
- u_int32_t x_date; /* Principal's expiration date */
- int kvno; /* Principal's key version number */
- KTEXT cipher; /* Cipher text with tickets and
- * session keys */
+create_auth_reply(char *pname, /* Principal's name */
+ char *pinst, /* Principal's instance */
+ char *prealm, /* Principal's authentication domain */
+ int32_t time_ws, /* Workstation time */
+ int n, /* Number of tickets */
+ u_int32_t x_date, /* Principal's expiration date */
+ int kvno, /* Principal's key version number */
+ KTEXT cipher) /* Cipher text with tickets and session keys */
{
static KTEXT_ST pkt_st;
KTEXT pkt = &pkt_st;
- unsigned char *v = pkt->dat; /* Prot vers number */
- unsigned char *t = (pkt->dat+1); /* Prot message type */
- short w_l; /* Cipher length */
+
+ unsigned char *p = pkt->dat;
+
+ p += krb_put_int(KRB_PROT_VERSION, p, 1);
+ p += krb_put_int(AUTH_MSG_KDC_REPLY, p, 1);
+
+ if(n != 0){
+ /* barf on old code */
+ krb_warning("create_auth_reply: don't give me no krb3 crap!"
+ " (n == %d)\n", n);
+ return NULL;
+ }
- /* Create fixed part of packet */
- *v = (unsigned char) KRB_PROT_VERSION;
- *t = (unsigned char) AUTH_MSG_KDC_REPLY;
- *t |= HOST_BYTE_ORDER;
- if (n != 0)
- *v = 3;
+ p += krb_put_nir(pname, pinst, prealm, p);
- /* Add the basic info */
- (void) strcpy((char *) (pkt->dat+2), pname);
- pkt->length = 3 + strlen(pname);
- (void) strcpy((char *) (pkt->dat+pkt->length),pinst);
- pkt->length += 1 + strlen(pinst);
- (void) strcpy((char *) (pkt->dat+pkt->length),prealm);
- pkt->length += 1 + strlen(prealm);
- /* Workstation timestamp */
- bcopy((char *) &time_ws, (char *) (pkt->dat+pkt->length), 4);
- pkt->length += 4;
- *(pkt->dat+(pkt->length)++) = (unsigned char) n;
- /* Expiration date */
- bcopy((char *) &x_date, (char *) (pkt->dat+pkt->length),4);
- pkt->length += 4;
+ p += krb_put_int(time_ws, p, 4);
+
+ p += krb_put_int(n, p, 1);
+
+ p += krb_put_int(x_date, p, 4);
+
+ p += krb_put_int(kvno, p, 1);
+
+ p += krb_put_int(cipher->length, p, 2);
+
+ memcpy(p, cipher->dat, cipher->length);
+ p += cipher->length;
- /* Now send the ciphertext and info to help decode it */
- *(pkt->dat+(pkt->length)++) = (unsigned char) kvno;
- w_l = (short) cipher->length;
- bcopy((char *) &w_l,(char *) (pkt->dat+pkt->length),2);
- pkt->length += 2;
- bcopy((char *) (cipher->dat), (char *) (pkt->dat+pkt->length),
- cipher->length);
- pkt->length += cipher->length;
+ pkt->length = p - pkt->dat;
- /* And return the packet */
return pkt;
}
diff --git a/kerberosIV/krb/create_ciph.c b/kerberosIV/krb/create_ciph.c
index 4bf44f953d9..ab5a41f8232 100644
--- a/kerberosIV/krb/create_ciph.c
+++ b/kerberosIV/krb/create_ciph.c
@@ -1,31 +1,43 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/create_ciph.c,v $
- *
- * $Locker: $
- */
-
-/*
- Copyright (C) 1989 by the Massachusetts Institute of Technology
- Export of this software from the United States of America is assumed
- to require a specific license from the United States Government.
- It is the responsibility of any person or organization contemplating
- export to obtain such a license before exporting.
+/* $KTH: create_ciph.c,v 1.9 1997/04/01 08:18:20 joda Exp $ */
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. M.I.T. makes no representations about the suitability of
-this software for any purpose. It is provided "as is" without express
-or implied warranty.
-
- */
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
#include "krb_locl.h"
@@ -67,56 +79,40 @@ or implied warranty.
*/
int
-create_ciph(c, session, service, instance, realm,
- life, kvno, tkt, kdc_time, key)
- KTEXT c; /* Text block to hold ciphertext */
- unsigned char *session; /* Session key to send to user */
- char *service; /* Service name on ticket */
- char *instance; /* Instance name on ticket */
- char *realm; /* Realm of this KDC */
- u_int32_t life; /* Lifetime of the ticket */
- int kvno; /* Key version number for service */
- KTEXT tkt; /* The ticket for the service */
- u_int32_t kdc_time; /* KDC time */
- des_cblock *key; /* Key to encrypt ciphertext with */
-{
- char *ptr;
- des_key_schedule key_s;
+create_ciph(KTEXT c, /* Text block to hold ciphertext */
+ unsigned char *session, /* Session key to send to user */
+ char *service, /* Service name on ticket */
+ char *instance, /* Instance name on ticket */
+ char *realm, /* Realm of this KDC */
+ u_int32_t life, /* Lifetime of the ticket */
+ int kvno, /* Key version number for service */
+ KTEXT tkt, /* The ticket for the service */
+ u_int32_t kdc_time, /* KDC time */
+ des_cblock *key) /* Key to encrypt ciphertext with */
- ptr = (char *) c->dat;
-
- bcopy((char *) session, ptr, 8);
- ptr += 8;
-
- (void) strcpy(ptr,service);
- ptr += strlen(service) + 1;
-
- (void) strcpy(ptr,instance);
- ptr += strlen(instance) + 1;
-
- (void) strcpy(ptr,realm);
- ptr += strlen(realm) + 1;
+{
+ unsigned char *p = c->dat;
- *(ptr++) = (unsigned char) life;
- *(ptr++) = (unsigned char) kvno;
- *(ptr++) = (unsigned char) tkt->length;
+ memset(c, 0, sizeof(KTEXT_ST));
- bcopy((char *)(tkt->dat),ptr,tkt->length);
- ptr += tkt->length;
+ memcpy(p, session, 8);
+ p += 8;
+
+ p += krb_put_nir(service, instance, realm, p);
+
+ p += krb_put_int(life, p, 1);
+ p += krb_put_int(kvno, p, 1);
- bcopy((char *) &kdc_time,ptr,4);
- ptr += 4;
+ p += krb_put_int(tkt->length, p, 1);
- /* guarantee null padded encrypted data to multiple of 8 bytes */
- bzero(ptr, 7);
+ memcpy(p, tkt->dat, tkt->length);
+ p += tkt->length;
- c->length = (((ptr - (char *) c->dat) + 7) / 8) * 8;
+ p += krb_put_int(kdc_time, p, 4);
-#ifndef NOENCRYPTION
- des_key_sched(key,key_s);
- des_pcbc_encrypt((des_cblock *)c->dat,(des_cblock *)c->dat,(long) c->length,key_s,
- key, DES_ENCRYPT);
-#endif /* NOENCRYPTION */
+ /* multiple of eight bytes */
+ c->length = (p - c->dat + 7) & ~7;
- return(KSUCCESS);
+ encrypt_ktext(c, key, DES_ENCRYPT);
+ return KSUCCESS;
}
diff --git a/kerberosIV/krb/create_death_packet.c b/kerberosIV/krb/create_death_packet.c
index f7333097513..c6fd5ecc60c 100644
--- a/kerberosIV/krb/create_death_packet.c
+++ b/kerberosIV/krb/create_death_packet.c
@@ -1,32 +1,43 @@
+/* $KTH: create_death_packet.c,v 1.8 1997/04/01 08:18:21 joda Exp $ */
+
/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/create_death_packet.c,v $
- *
- * $Locker: $
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
-/*
- Copyright (C) 1989 by the Massachusetts Institute of Technology
-
- Export of this software from the United States of America is assumed
- to require a specific license from the United States Government.
- It is the responsibility of any person or organization contemplating
- export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. M.I.T. makes no representations about the suitability of
-this software for any purpose. It is provided "as is" without express
-or implied warranty.
-
- */
-
#include "krb_locl.h"
/*
@@ -57,19 +68,18 @@ or implied warranty.
#ifdef DEBUG
KTEXT
-krb_create_death_packet(a_name)
- char *a_name;
+krb_create_death_packet(char *a_name)
{
static KTEXT_ST pkt_st;
KTEXT pkt = &pkt_st;
- unsigned char *v = pkt->dat;
- unsigned char *t = (pkt->dat+1);
- *v = (unsigned char) KRB_PROT_VERSION;
- *t = (unsigned char) AUTH_MSG_DIE;
- *t |= HOST_BYTE_ORDER;
- (void) strcpy((char *) (pkt->dat+2),a_name);
- pkt->length = 3 + strlen(a_name);
+ unsigned char *p = pkt->dat;
+
+ p += krb_put_int(KRB_PROT_VERSION, p, 1);
+ p += krb_put_int(AUTH_MSG_DIE, p, 1);
+
+ p += krb_put_string(a_name, p);
+ pkt->length = p - pkt->dat;
return pkt;
}
#endif /* DEBUG */
diff --git a/kerberosIV/krb/create_ticket.c b/kerberosIV/krb/create_ticket.c
index 944007c9e7a..7f355b52589 100644
--- a/kerberosIV/krb/create_ticket.c
+++ b/kerberosIV/krb/create_ticket.c
@@ -1,32 +1,43 @@
+/* $KTH: create_ticket.c,v 1.12 1997/04/01 08:18:21 joda Exp $ */
+
/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/create_ticket.c,v $
- *
- * $Locker: $
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
-/*
- Copyright (C) 1989 by the Massachusetts Institute of Technology
-
- Export of this software from the United States of America is assumed
- to require a specific license from the United States Government.
- It is the responsibility of any person or organization contemplating
- export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. M.I.T. makes no representations about the suitability of
-this software for any purpose. It is provided "as is" without express
-or implied warranty.
-
- */
-
#include "krb_locl.h"
/*
@@ -38,7 +49,6 @@ or implied warranty.
* eight bytes and is in tkt->length.
*
* If the ticket is too long, the ticket will contain nulls.
- * The return value of the routine is undefined.
*
* The corresponding routine to extract information from a ticket it
* decomp_ticket. When changes are made to this routine, the
@@ -79,63 +89,46 @@ or implied warranty.
*/
int
-krb_create_ticket(tkt, flags, pname, pinstance, prealm, paddress,
- session, life, time_sec, sname, sinstance, key)
- KTEXT tkt; /* Gets filled in by the ticket */
- unsigned char flags; /* Various Kerberos flags */
- char *pname; /* Principal's name */
- char *pinstance; /* Principal's instance */
- char *prealm; /* Principal's authentication domain */
- int32_t paddress; /* Net address of requesting entity */
- char *session; /* Session key inserted in ticket */
- int16_t life; /* Lifetime of the ticket */
- int32_t time_sec; /* Issue time and date */
- char *sname; /* Service Name */
- char *sinstance; /* Instance Name */
- des_cblock *key; /* Service's secret key */
+krb_create_ticket(KTEXT tkt, /* Gets filled in by the ticket */
+ unsigned char flags, /* Various Kerberos flags */
+ char *pname, /* Principal's name */
+ char *pinstance, /* Principal's instance */
+ char *prealm, /* Principal's authentication domain */
+ int32_t paddress, /* Net address of requesting entity */
+ void *session, /* Session key inserted in ticket */
+ int16_t life, /* Lifetime of the ticket */
+ int32_t time_sec, /* Issue time and date */
+ char *sname, /* Service Name */
+ char *sinstance, /* Instance Name */
+ des_cblock *key) /* Service's secret key */
{
- des_key_schedule key_s;
- register char *data; /* running index into ticket */
+ unsigned char *p = tkt->dat;
+
+ memset(tkt, 0, sizeof(KTEXT_ST));
+
+ p += krb_put_int(flags, p, 1);
+ p += krb_put_nir(pname, pinstance, prealm, p);
+
+ p += krb_put_address(paddress, p);
+
+ memcpy(p, session, 8);
+ p += 8;
- tkt->length = 0; /* Clear previous data */
- flags |= HOST_BYTE_ORDER; /* ticket byte order */
- bcopy((char *) &flags,(char *) (tkt->dat),sizeof(flags));
- data = ((char *)tkt->dat) + sizeof(flags);
- (void) strcpy(data, pname);
- data += 1 + strlen(pname);
- (void) strcpy(data, pinstance);
- data += 1 + strlen(pinstance);
- (void) strcpy(data, prealm);
- data += 1 + strlen(prealm);
- bcopy((char *) &paddress, data, 4);
- data += 4;
+ p += krb_put_int(life, p, 1);
+ p += krb_put_int(time_sec, p, 4);
- bcopy((char *) session, data, 8);
- data += 8;
- *(data++) = (char) life;
- /* issue time */
- bcopy((char *) &time_sec, data, 4);
- data += 4;
- (void) strcpy(data, sname);
- data += 1 + strlen(sname);
- (void) strcpy(data, sinstance);
- data += 1 + strlen(sinstance);
+ p += krb_put_nir(sname, sinstance, NULL, p);
- /* guarantee null padded ticket to multiple of 8 bytes */
- bzero(data, 7);
- tkt->length = ((data - ((char *)tkt->dat) + 7)/8)*8;
+ /* multiple of eight bytes */
+ tkt->length = (p - tkt->dat + 7) & ~7;
/* Check length of ticket */
if (tkt->length > (sizeof(KTEXT_ST) - 7)) {
- bzero(tkt->dat, tkt->length);
+ memset(tkt->dat, 0, tkt->length);
tkt->length = 0;
return KFAILURE /* XXX */;
}
-#ifndef NOENCRYPTION
- des_key_sched(key,key_s);
- des_pcbc_encrypt((des_cblock *)tkt->dat,(des_cblock *)tkt->dat,(long)tkt->length,
- key_s,key, DES_ENCRYPT);
-#endif
- return 0;
+ encrypt_ktext(tkt, key, DES_ENCRYPT);
+ return KSUCCESS;
}
diff --git a/kerberosIV/krb/debug_decl.c b/kerberosIV/krb/debug_decl.c
index 5489acd99cb..b96afa63baf 100644
--- a/kerberosIV/krb/debug_decl.c
+++ b/kerberosIV/krb/debug_decl.c
@@ -1,10 +1,4 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/debug_decl.c,v $
- *
- * $Locker: $
- */
+/* $KTH: debug_decl.c,v 1.7 1997/10/28 15:44:00 bg Exp $ */
/*
Copyright (C) 1989 by the Massachusetts Institute of Technology
@@ -27,7 +21,10 @@ or implied warranty.
*/
+#include "krb_locl.h"
+
/* Declare global debugging variables. */
int krb_ap_req_debug = 0;
int krb_debug = 0;
+int krb_dns_debug = 0;
diff --git a/kerberosIV/krb/decomp_ticket.c b/kerberosIV/krb/decomp_ticket.c
index a0de714ccbe..d1c3b7a8e18 100644
--- a/kerberosIV/krb/decomp_ticket.c
+++ b/kerberosIV/krb/decomp_ticket.c
@@ -1,32 +1,43 @@
+/* $KTH: decomp_ticket.c,v 1.16 1997/04/01 08:18:22 joda Exp $ */
+
/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/decomp_ticket.c,v $
- *
- * $Locker: $
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
-/*
- Copyright (C) 1989 by the Massachusetts Institute of Technology
-
- Export of this software from the United States of America is assumed
- to require a specific license from the United States Government.
- It is the responsibility of any person or organization contemplating
- export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. M.I.T. makes no representations about the suitability of
-this software for any purpose. It is provided "as is" without express
-or implied warranty.
-
- */
-
#include "krb_locl.h"
/*
@@ -34,15 +45,6 @@ or implied warranty.
* should be filled in based on the information in the ticket. It
* fills in values for its arguments.
*
- * Note: if the client realm field in the ticket is the null string,
- * then the "prealm" variable is filled in with the local realm.
- *
- * If the ticket byte order is different than the host's byte order
- * (as indicated by the byte order bit of the "flags" field), then
- * the KDC timestamp "time_sec" is byte-swapped. The other fields
- * potentially affected by byte order, "paddress" and "session" are
- * not byte-swapped.
- *
* The routine returns KFAILURE if any of the "pname", "pinstance",
* or "prealm" fields is too big, otherwise it returns KSUCCESS.
*
@@ -54,80 +56,64 @@ or implied warranty.
*/
int
-decomp_ticket(tkt, flags, pname, pinstance, prealm, paddress, session,
- life, time_sec, sname, sinstance, key, key_s)
- KTEXT tkt; /* The ticket to be decoded */
- unsigned char *flags; /* Kerberos ticket flags */
- char *pname; /* Authentication name */
- char *pinstance; /* Principal's instance */
- char *prealm; /* Principal's authentication domain */
- u_int32_t *paddress; /* Net address of entity
- * requesting ticket */
- unsigned char *session; /* Session key inserted in ticket */
- int *life; /* Lifetime of the ticket */
- u_int32_t *time_sec; /* Issue time and date */
- char *sname; /* Service name */
- char *sinstance; /* Service instance */
- des_cblock *key; /* Service's secret key
- * (to decrypt the ticket) */
- struct des_ks_struct *key_s; /* The precomputed key schedule */
+decomp_ticket(KTEXT tkt, /* The ticket to be decoded */
+ unsigned char *flags, /* Kerberos ticket flags */
+ char *pname, /* Authentication name */
+ char *pinstance, /* Principal's instance */
+ char *prealm, /* Principal's authentication domain */
+ u_int32_t *paddress,/* Net address of entity requesting ticket */
+ unsigned char *session, /* Session key inserted in ticket */
+ int *life, /* Lifetime of the ticket */
+ u_int32_t *time_sec, /* Issue time and date */
+ char *sname, /* Service name */
+ char *sinstance, /* Service instance */
+ des_cblock *key, /* Service's secret key (to decrypt the ticket) */
+ des_key_schedule schedule) /* The precomputed key schedule */
+
{
- static int tkt_swap_bytes;
- unsigned char *uptr;
- char *ptr = (char *)tkt->dat;
-
-#ifndef NOENCRYPTION
- des_pcbc_encrypt((des_cblock *)tkt->dat,(des_cblock *)tkt->dat,(long)tkt->length,
- key_s,key, DES_DECRYPT);
-#endif /* ! NOENCRYPTION */
-
- *flags = *ptr; /* get flags byte */
- ptr += sizeof(*flags);
- tkt_swap_bytes = 0;
- if (HOST_BYTE_ORDER != ((*flags >> K_FLAG_ORDER)& 1))
- tkt_swap_bytes++;
-
- if (strlen(ptr) > ANAME_SZ)
- return(KFAILURE);
- (void) strcpy(pname,ptr); /* pname */
- ptr += strlen(pname) + 1;
-
- if (strlen(ptr) > INST_SZ)
- return(KFAILURE);
- (void) strcpy(pinstance,ptr); /* instance */
- ptr += strlen(pinstance) + 1;
-
- if (strlen(ptr) > REALM_SZ)
- return(KFAILURE);
- (void) strcpy(prealm,ptr); /* realm */
- ptr += strlen(prealm) + 1;
- /* temporary hack until realms are dealt with properly */
- if (*prealm == 0 && krb_get_lrealm(prealm, 1) != KSUCCESS)
- return(KFAILURE);
-
- bcopy(ptr,(char *)paddress,4); /* net address */
- ptr += 4;
-
- bcopy(ptr,(char *)session,8); /* session key */
- ptr+= 8;
-#ifdef notdef /* DONT SWAP SESSION KEY spm 10/22/86 */
- if (tkt_swap_bytes)
- swap_C_Block(session);
-#endif
-
- /* get lifetime, being certain we don't get negative lifetimes */
- uptr = (unsigned char *) ptr++;
- *life = (int) *uptr;
-
- bcopy(ptr,(char *) time_sec,4); /* issue time */
- ptr += 4;
- if (tkt_swap_bytes)
- swap_u_long(*time_sec);
-
- (void) strcpy(sname,ptr); /* service name */
- ptr += 1 + strlen(sname);
-
- (void) strcpy(sinstance,ptr); /* instance */
- ptr += 1 + strlen(sinstance);
- return(KSUCCESS);
+ unsigned char *p = tkt->dat;
+
+ int little_endian;
+
+ des_pcbc_encrypt((des_cblock *)tkt->dat, (des_cblock *)tkt->dat,
+ tkt->length, schedule, key, DES_DECRYPT);
+
+ tkt->mbz = 0;
+
+ *flags = *p++;
+
+ little_endian = (*flags >> K_FLAG_ORDER) & 1;
+
+ if(strlen((char*)p) > ANAME_SZ)
+ return KFAILURE;
+ p += krb_get_string(p, pname);
+
+ if(strlen((char*)p) > INST_SZ)
+ return KFAILURE;
+ p += krb_get_string(p, pinstance);
+
+ if(strlen((char*)p) > REALM_SZ)
+ return KFAILURE;
+ p += krb_get_string(p, prealm);
+
+ if(tkt->length - (p - tkt->dat) < 8 + 1 + 4)
+ return KFAILURE;
+ p += krb_get_address(p, paddress);
+
+ memcpy(session, p, 8);
+ p += 8;
+
+ *life = *p++;
+
+ p += krb_get_int(p, time_sec, 4, little_endian);
+
+ if(strlen((char*)p) > SNAME_SZ)
+ return KFAILURE;
+ p += krb_get_string(p, sname);
+
+ if(strlen((char*)p) > INST_SZ)
+ return KFAILURE;
+ p += krb_get_string(p, sinstance);
+
+ return KSUCCESS;
}
diff --git a/kerberosIV/krb/dest_tkt.c b/kerberosIV/krb/dest_tkt.c
index 2386a5afdc9..18f2f9a84a4 100644
--- a/kerberosIV/krb/dest_tkt.c
+++ b/kerberosIV/krb/dest_tkt.c
@@ -1,10 +1,4 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/dest_tkt.c,v $
- *
- * $Locker: $
- */
+/* $KTH: dest_tkt.c,v 1.11 1997/05/19 03:03:40 assar Exp $ */
/*
Copyright (C) 1989 by the Massachusetts Institute of Technology
@@ -29,13 +23,6 @@ or implied warranty.
#include "krb_locl.h"
-#include <sys/file.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#ifdef TKT_SHMEM
-#include <sys/param.h>
-#endif
-
/*
* dest_tkt() is used to destroy the ticket store upon logout.
* If the ticket file does not exist, dest_tkt() returns RET_TKFIL.
@@ -46,18 +33,15 @@ or implied warranty.
*/
int
-dest_tkt()
+dest_tkt(void)
{
char *file = TKT_FILE;
int i,fd;
struct stat statb;
char buf[BUFSIZ];
-#ifdef TKT_SHMEM
- char shmidname[MaxPathLen];
-#endif /* TKT_SHMEM */
errno = 0;
- if (lstat(file,&statb) < 0)
+ if (lstat(file, &statb) < 0)
goto out;
if (!(statb.st_mode & S_IFREG)
@@ -70,31 +54,23 @@ dest_tkt()
if ((fd = open(file, O_RDWR, 0)) < 0)
goto out;
- bzero(buf, BUFSIZ);
+ memset(buf, 0, BUFSIZ);
- for (i = 0; i < statb.st_size; i += BUFSIZ)
- if (write(fd, buf, BUFSIZ) != BUFSIZ) {
- (void) fsync(fd);
- (void) close(fd);
+ for (i = 0; i < statb.st_size; i += sizeof(buf))
+ if (write(fd, buf, sizeof(buf)) != sizeof(buf)) {
+ fsync(fd);
+ close(fd);
goto out;
}
+
- (void) fsync(fd);
- (void) close(fd);
-
- (void) unlink(file);
+ fsync(fd);
+ close(fd);
+
+ unlink(file);
out:
if (errno == ENOENT) return RET_TKFIL;
else if (errno != 0) return KFAILURE;
-#ifdef TKT_SHMEM
- /*
- * handle the shared memory case
- */
- (void) strcpy(shmidname, file);
- (void) strcat(shmidname, ".shm");
- if ((i = krb_shm_dest(shmidname)) != KSUCCESS)
- return(i);
-#endif /* TKT_SHMEM */
return(KSUCCESS);
}
diff --git a/kerberosIV/krb/encrypt_ktext.c b/kerberosIV/krb/encrypt_ktext.c
new file mode 100644
index 00000000000..89b78ec455f
--- /dev/null
+++ b/kerberosIV/krb/encrypt_ktext.c
@@ -0,0 +1,51 @@
+/* $KTH: encrypt_ktext.c,v 1.4 1997/04/01 08:18:26 joda Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+void
+encrypt_ktext(KTEXT cip, des_cblock *key, int encrypt)
+{
+ des_key_schedule schedule;
+ des_set_key(key, schedule);
+ des_pcbc_encrypt((des_cblock*)cip->dat, (des_cblock*)cip->dat,
+ cip->length, schedule, key, encrypt);
+ memset(schedule, 0, sizeof(des_key_schedule));
+}
diff --git a/kerberosIV/krb/et_list.c b/kerberosIV/krb/et_list.c
new file mode 100644
index 00000000000..380c1b5d48a
--- /dev/null
+++ b/kerberosIV/krb/et_list.c
@@ -0,0 +1,54 @@
+/* $KTH: et_list.c,v 1.12 1997/05/13 09:45:01 bg Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+struct et_list {
+ struct et_list *next;
+ const struct error_table *table;
+};
+
+#if defined(__GNUC__)
+
+struct et_list * _et_list __attribute__ ((weak)) = 0;
+
+#else /* !__GNUC__ */
+
+struct et_list * _et_list = 0;
+
+#endif /* !__GNUC__ */
diff --git a/kerberosIV/krb/extract_ticket.c b/kerberosIV/krb/extract_ticket.c
deleted file mode 100644
index 7a32e712edf..00000000000
--- a/kerberosIV/krb/extract_ticket.c
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/extract_ticket.c,v $
- *
- * $Locker: $
- */
-
-/*
- Copyright (C) 1989 by the Massachusetts Institute of Technology
-
- Export of this software from the United States of America is assumed
- to require a specific license from the United States Government.
- It is the responsibility of any person or organization contemplating
- export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. M.I.T. makes no representations about the suitability of
-this software for any purpose. It is provided "as is" without express
-or implied warranty.
-
- */
-
-#include "krb_locl.h"
-
-/*
- * This routine is obsolete.
- *
- * This routine accepts the ciphertext returned by kerberos and
- * extracts the nth ticket. It also fills in the variables passed as
- * session, liftime and kvno.
- */
-
-void
-extract_ticket(cipher, n, session, lifetime, kvno, realm, ticket)
- KTEXT cipher; /* The ciphertext */
- int n; /* Which ticket */
- char *session; /* The session key for this tkt */
- int *lifetime; /* The life of this ticket */
- int *kvno; /* The kvno for the service */
- char *realm; /* Realm in which tkt issued */
- KTEXT ticket; /* The ticket itself */
-{
- char *ptr;
- int i;
-
- /* Start after the ticket lengths */
- ptr = (char *) cipher->dat;
- ptr = ptr + 1 + (int) *(cipher->dat);
-
- /* Step through earlier tickets */
- for (i = 1; i < n; i++)
- ptr = ptr + 11 + strlen(ptr+10) + (int) *(cipher->dat+i);
- bcopy(ptr, (char *) session, 8); /* Save the session key */
- ptr += 8;
- *lifetime = (unsigned char) *(ptr++); /* Save the life of the ticket */
- *kvno = *(ptr++); /* Save the kvno */
- (void) strcpy(realm,ptr); /* instance */
- ptr += strlen(realm) + 1;
-
- /* Save the ticket if its length is non zero */
- ticket->length = *(cipher->dat+n);
- if (ticket->length)
- bcopy(ptr, (char *) (ticket->dat), ticket->length);
-}
diff --git a/kerberosIV/krb/get_ad_tkt.c b/kerberosIV/krb/get_ad_tkt.c
index 7250b443fd1..98c9349daf2 100644
--- a/kerberosIV/krb/get_ad_tkt.c
+++ b/kerberosIV/krb/get_ad_tkt.c
@@ -1,76 +1,44 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/get_ad_tkt.c,v $
- *
- * $Locker: $
- */
-
-/*
- Copyright (C) 1989 by the Massachusetts Institute of Technology
-
- Export of this software from the United States of America is assumed
- to require a specific license from the United States Government.
- It is the responsibility of any person or organization contemplating
- export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. M.I.T. makes no representations about the suitability of
-this software for any purpose. It is provided "as is" without express
-or implied warranty.
-
- */
-
-#include "krb_locl.h"
-
-static int swap_bytes;
+/* $KTH: get_ad_tkt.c,v 1.16 1997/05/30 17:43:34 bg Exp $ */
/*
- * Given a pointer to an AUTH_MSG_KDC_REPLY packet, return the length of
- * its ciphertext portion. The external variable "swap_bytes" is assumed
- * to have been set to indicate whether or not the packet is in local
- * byte order. pkt_clen() takes this into account when reading the
- * ciphertext length out of the packet.
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
-static int
-pkt_clen(pkt)
- KTEXT pkt;
-{
- static unsigned short temp,temp2;
- int clen = 0;
-
- /* Start of ticket list */
- unsigned char *ptr = pkt_a_realm(pkt) + 10
- + strlen((char *)pkt_a_realm(pkt));
-
- /* Finally the length */
- bcopy((char *)(++ptr),(char *)&temp,2); /* alignment */
- if (swap_bytes) {
- /* assume a short is 2 bytes?? */
- swab((char *)&temp,(char *)&temp2,2);
- temp = temp2;
- }
-
- clen = (int) temp;
-
- if (krb_debug)
- printf("Clen is %d\n",clen);
- return(clen);
-}
-
-/* use the bsd time.h struct defs for PC too! */
-#include <sys/time.h>
-#include <sys/types.h>
-
-static struct timeval tt_local = { 0, 0 };
-static unsigned long rep_err_code;
+#include "krb_locl.h"
/*
* get_ad_tkt obtains a new service ticket from Kerberos, using
@@ -106,45 +74,33 @@ static unsigned long rep_err_code;
*/
int
-get_ad_tkt(service, sinstance, realm, lifetime)
- char *service;
- char *sinstance;
- char *realm;
- int lifetime;
+get_ad_tkt(char *service, char *sinstance, char *realm, int lifetime)
{
static KTEXT_ST pkt_st;
KTEXT pkt = & pkt_st; /* Packet to KDC */
static KTEXT_ST rpkt_st;
KTEXT rpkt = &rpkt_st; /* Returned packet */
- static KTEXT_ST cip_st;
- KTEXT cip = &cip_st; /* Returned Ciphertext */
- static KTEXT_ST tkt_st;
- KTEXT tkt = &tkt_st; /* Current ticket */
- des_cblock ses; /* Session key for tkt */
+
CREDENTIALS cr;
- int kvno; /* Kvno for session key */
char lrealm[REALM_SZ];
- des_cblock key; /* Key for decrypting cipher */
- des_key_schedule key_s;
- long time_ws = 0;
-
- char s_name[SNAME_SZ];
- char s_instance[INST_SZ];
- int msg_byte_order;
+ u_int32_t time_ws = 0;
int kerror;
- char rlm[REALM_SZ];
- char *ptr;
+ unsigned char *p;
- unsigned long kdc_time; /* KDC time */
+ /*
+ * First check if we have a "real" TGT for the corresponding
+ * realm, if we don't, use ordinary inter-realm authentication.
+ */
- if ((kerror = krb_get_tf_realm(TKT_FILE, lrealm)) != KSUCCESS)
+ kerror = krb_get_cred(KRB_TICKET_GRANTING_TICKET, realm, realm, &cr);
+ if (kerror == KSUCCESS)
+ strncpy(lrealm, realm, REALM_SZ);
+ else
+ kerror = krb_get_tf_realm(TKT_FILE, lrealm);
+
+ if (kerror != KSUCCESS)
return(kerror);
- /* Create skeleton of packet to be sent */
- (void) gettimeofday(&tt_local,(struct timezone *) 0);
-
- pkt->length = 0;
-
/*
* Look for the session key (and other stuff we don't need)
* in the ticket file for krbtgt.realm@lrealm where "realm"
@@ -153,7 +109,8 @@ get_ad_tkt(service, sinstance, realm, lifetime)
* have this, we will try to get it.
*/
- if ((kerror = krb_get_cred("krbtgt",realm,lrealm,&cr)) != KSUCCESS) {
+ if ((kerror = krb_get_cred(KRB_TICKET_GRANTING_TICKET,
+ realm, lrealm, &cr)) != KSUCCESS) {
/*
* If realm == lrealm, we have no hope, so let's not even try.
*/
@@ -161,9 +118,14 @@ get_ad_tkt(service, sinstance, realm, lifetime)
return(AD_NOTGT);
else{
if ((kerror =
- get_ad_tkt("krbtgt",realm,lrealm,lifetime)) != KSUCCESS)
- return(kerror);
- if ((kerror = krb_get_cred("krbtgt",realm,lrealm,&cr)) != KSUCCESS)
+ get_ad_tkt(KRB_TICKET_GRANTING_TICKET,
+ realm, lrealm, lifetime)) != KSUCCESS)
+ if (kerror == KDC_PR_UNKNOWN)
+ return(AD_INTR_RLM_NOTGT);
+ else
+ return(kerror);
+ if ((kerror = krb_get_cred(KRB_TICKET_GRANTING_TICKET,
+ realm, lrealm, &cr)) != KSUCCESS)
return(kerror);
}
}
@@ -174,105 +136,55 @@ get_ad_tkt(service, sinstance, realm, lifetime)
* into "pkt". Then tack other stuff on the end.
*/
- kerror = krb_mk_req(pkt,"krbtgt",realm,lrealm,0L);
+ kerror = krb_mk_req(pkt,
+ KRB_TICKET_GRANTING_TICKET,
+ realm,lrealm,0L);
if (kerror)
return(AD_NOTGT);
- /* timestamp */
- bcopy((char *) &time_ws,(char *) (pkt->dat+pkt->length),4);
- pkt->length += 4;
- *(pkt->dat+(pkt->length)++) = (char) lifetime;
- (void) strcpy((char *) (pkt->dat+pkt->length),service);
- pkt->length += 1 + strlen(service);
- (void) strcpy((char *)(pkt->dat+pkt->length),sinstance);
- pkt->length += 1 + strlen(sinstance);
+ p = pkt->dat + pkt->length;
+ p += krb_put_int(time_ws, p, 4);
+ p += krb_put_int(lifetime, p, 1);
+ p += krb_put_nir(service, sinstance, NULL, p);
+
+ pkt->length = p - pkt->dat;
rpkt->length = 0;
-
+
/* Send the request to the local ticket-granting server */
if ((kerror = send_to_kdc(pkt, rpkt, realm))) return(kerror);
/* check packet version of the returned packet */
- if (pkt_version(rpkt) != KRB_PROT_VERSION )
- return(INTK_PROT);
-
- /* Check byte order */
- msg_byte_order = pkt_msg_type(rpkt) & 1;
- swap_bytes = 0;
- if (msg_byte_order != HOST_BYTE_ORDER)
- swap_bytes++;
-
- switch (pkt_msg_type(rpkt) & ~1) {
- case AUTH_MSG_KDC_REPLY:
- break;
- case AUTH_MSG_ERR_REPLY:
- bcopy(pkt_err_code(rpkt), (char *) &rep_err_code, 4);
- if (swap_bytes)
- swap_u_long(rep_err_code);
- return(rep_err_code);
-
- default:
- return(INTK_PROT);
- }
-
- /* Extract the ciphertext */
- cip->length = pkt_clen(rpkt); /* let clen do the swap */
-
- bcopy((char *) pkt_cipher(rpkt),(char *) (cip->dat),cip->length);
-#ifndef NOENCRYPTION
- /* Attempt to decrypt it */
-
- des_key_sched(&cr.session,key_s);
- if (krb_debug) printf("About to do decryption ...");
- des_pcbc_encrypt((des_cblock *)cip->dat,(des_cblock *)cip->dat,
- (long) cip->length,key_s,&cr.session,0);
-#endif /* !NOENCRYPTION */
- /* Get rid of all traces of key */
- bzero((char *) cr.session, sizeof(key));
- bzero((char *) key_s, sizeof(key_s));
-
- ptr = (char *) cip->dat;
-
- bcopy(ptr,(char *)ses,8);
- ptr += 8;
-
- (void) strcpy(s_name,ptr);
- ptr += strlen(s_name) + 1;
-
- (void) strcpy(s_instance,ptr);
- ptr += strlen(s_instance) + 1;
-
- (void) strcpy(rlm,ptr);
- ptr += strlen(rlm) + 1;
-
- lifetime = (unsigned char) ptr[0];
- kvno = (unsigned long) ptr[1];
- tkt->length = (int) ptr[2];
- ptr += 3;
- bcopy(ptr,(char *)(tkt->dat),tkt->length);
- ptr += tkt->length;
-
- if (strcmp(s_name, service) || strcmp(s_instance, sinstance) ||
- strcmp(rlm, realm)) /* not what we asked for */
- return(INTK_ERR); /* we need a better code here XXX */
-
- /* check KDC time stamp */
- bcopy(ptr,(char *)&kdc_time,4); /* Time (coarse) */
- if (swap_bytes) swap_u_long(kdc_time);
-
- ptr += 4;
+ {
+ KTEXT_ST cip;
+ CREDENTIALS cred;
+ struct timeval tv;
+
+ kerror = kdc_reply_cipher(rpkt, &cip);
+ if(kerror != KSUCCESS)
+ return kerror;
+
+ encrypt_ktext(&cip, &cr.session, DES_DECRYPT);
+
+ kerror = kdc_reply_cred(&cip, &cred);
+ if(kerror != KSUCCESS)
+ return kerror;
+
+ if (strcmp(cred.service, service) || strcmp(cred.instance, sinstance) ||
+ strcmp(cred.realm, realm)) /* not what we asked for */
+ return INTK_ERR; /* we need a better code here XXX */
+
+ gettimeofday(&tv, NULL);
+ if (abs((int)(tv.tv_sec - cred.issue_date)) > CLOCK_SKEW) {
+ return RD_AP_TIME; /* XXX should probably be better code */
+ }
+
- (void) gettimeofday(&tt_local,(struct timezone *) 0);
- if (abs((int)(tt_local.tv_sec - kdc_time)) > CLOCK_SKEW) {
- return(RD_AP_TIME); /* XXX should probably be better
- code */
+ kerror = save_credentials(cred.service, cred.instance, cred.realm,
+ cred.session, cred.lifetime, cred.kvno,
+ &cred.ticket_st, tv.tv_sec);
+ return kerror;
}
-
- if ((kerror = save_credentials(s_name,s_instance,rlm,ses,lifetime,
- kvno,tkt,tt_local.tv_sec)))
- return(kerror);
-
- return(AD_OK);
}
diff --git a/kerberosIV/krb/get_admhst.c b/kerberosIV/krb/get_admhst.c
deleted file mode 100644
index 59d11450829..00000000000
--- a/kerberosIV/krb/get_admhst.c
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/get_admhst.c,v $
- *
- * $Locker: $
- */
-
-/*
- Copyright (C) 1989 by the Massachusetts Institute of Technology
-
- Export of this software from the United States of America is assumed
- to require a specific license from the United States Government.
- It is the responsibility of any person or organization contemplating
- export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. M.I.T. makes no representations about the suitability of
-this software for any purpose. It is provided "as is" without express
-or implied warranty.
-
- */
-
-#include "krb_locl.h"
-
-/*
- * Given a Kerberos realm, find a host on which the Kerberos database
- * administration server can be found.
- *
- * krb_get_admhst takes a pointer to be filled in, a pointer to the name
- * of the realm for which a server is desired, and an integer n, and
- * returns (in h) the nth administrative host entry from the configuration
- * file (KRB_CONF, defined in "krb.h") associated with the specified realm.
- *
- * On error, get_admhst returns KFAILURE. If all goes well, the routine
- * returns KSUCCESS.
- *
- * For the format of the KRB_CONF file, see comments describing the routine
- * krb_get_krbhst().
- *
- * This is a temporary hack to allow us to find the nearest system running
- * a Kerberos admin server. In the long run, this functionality will be
- * provided by a nameserver.
- */
-
-int
-krb_get_admhst(h, r, n)
- char *h;
- char *r;
- int n;
-{
- FILE *cnffile;
- char tr[REALM_SZ];
- char linebuf[BUFSIZ];
- char scratch[64];
- register int i;
-
- if ((cnffile = fopen(KRB_CONF,"r")) == NULL) {
- char tbuf[128];
- char *tdir = NULL;
- if (issetugid() == 0)
- tdir = (char *) getenv("KRBCONFDIR");
- strncpy(tbuf, tdir ? tdir : "/etc", sizeof(tbuf)-1);
- tbuf[sizeof(tbuf)-1] = 0;
- strncat(tbuf, "/krb.conf", sizeof(tbuf)-strlen(tbuf));
- if ((cnffile = fopen(tbuf,"r")) == NULL)
- return(KFAILURE);
- }
- if (fgets(linebuf, BUFSIZ, cnffile) == NULL) {
- /* error reading */
- (void) fclose(cnffile);
- return(KFAILURE);
- }
- if (!strchr(linebuf, '\n')) {
- /* didn't all fit into buffer, punt */
- (void) fclose(cnffile);
- return(KFAILURE);
- }
- for (i = 0; i < n; ) {
- /* run through the file, looking for admin host */
- if (fgets(linebuf, BUFSIZ, cnffile) == NULL) {
- (void) fclose(cnffile);
- return(KFAILURE);
- }
- /* need to scan for a token after 'admin' to make sure that
- admin matched correctly */
- if (sscanf(linebuf, "%s %s admin %s", tr, h, scratch) != 3)
- continue;
- if (!strcmp(tr,r))
- i++;
- }
- (void) fclose(cnffile);
- return(KSUCCESS);
-}
diff --git a/kerberosIV/krb/get_cred.c b/kerberosIV/krb/get_cred.c
index 2882de597ad..03d38bf4fce 100644
--- a/kerberosIV/krb/get_cred.c
+++ b/kerberosIV/krb/get_cred.c
@@ -1,10 +1,4 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/get_cred.c,v $
- *
- * $Locker: $
- */
+/* $KTH: get_cred.c,v 1.6 1997/05/30 17:38:29 bg Exp $ */
/*
Copyright (C) 1989 by the Massachusetts Institute of Technology
@@ -39,13 +33,16 @@ or implied warranty.
*/
int
-krb_get_cred(service, instance, realm, c)
- char *service; /* Service name */
- char *instance; /* Instance */
- char *realm; /* Auth domain */
- CREDENTIALS *c; /* Credentials struct */
+krb_get_cred(char *service, /* Service name */
+ char *instance, /* Instance */
+ char *realm, /* Auth domain */
+ CREDENTIALS *c) /* Credentials struct */
{
int tf_status; /* return value of tf function calls */
+ CREDENTIALS cr;
+
+ if (c == 0)
+ c = &cr;
/* Open ticket file and lock it for shared reading */
if ((tf_status = tf_init(TKT_FILE, R_TKT_FIL)) != KSUCCESS)
@@ -60,13 +57,12 @@ krb_get_cred(service, instance, realm, c)
/* Search for requested service credentials and copy into c */
while ((tf_status = tf_get_cred(c)) == KSUCCESS) {
- /* Is this the right ticket? */
if ((strcmp(c->service,service) == 0) &&
(strcmp(c->instance,instance) == 0) &&
(strcmp(c->realm,realm) == 0))
break;
}
- (void) tf_close();
+ tf_close();
if (tf_status == EOF)
return (GC_NOTKT);
diff --git a/kerberosIV/krb/get_default_principal.c b/kerberosIV/krb/get_default_principal.c
new file mode 100644
index 00000000000..01054df3167
--- /dev/null
+++ b/kerberosIV/krb/get_default_principal.c
@@ -0,0 +1,89 @@
+/* $KTH: get_default_principal.c,v 1.10 1997/04/01 08:18:28 joda Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+int
+krb_get_default_principal(char *name, char *instance, char *realm)
+{
+ char *file;
+ int ret;
+
+ char *p;
+
+ if ((file = getenv("KRBTKFILE")) == NULL)
+ file = TKT_FILE;
+
+ ret = krb_get_tf_fullname(file, name, instance, realm);
+ if(ret == KSUCCESS)
+ return 0;
+
+ p = getenv("KRB4PRINCIPAL");
+ if(p && kname_parse(name, instance, realm, p) == KSUCCESS)
+ return 1;
+
+ {
+ struct passwd *pw;
+ pw = getpwuid(getuid());
+ if(pw == NULL){
+ return -1;
+ }
+
+ strcpy(name, pw->pw_name);
+ strcpy(instance, "");
+ krb_get_lrealm(realm, 1);
+
+ if(strcmp(name, "root") == 0){
+ p = NULL;
+ p = getlogin();
+ if(p == NULL)
+ p = getenv("USER");
+ if(p == NULL)
+ p = getenv("LOGNAME");
+ if(p){
+ strncpy (name, p, ANAME_SZ);
+ name[ANAME_SZ - 1] = '\0';
+ strcpy(instance, "root");
+ }
+ }
+ return 1;
+ }
+ return -1;
+}
diff --git a/kerberosIV/krb/get_host.c b/kerberosIV/krb/get_host.c
new file mode 100644
index 00000000000..8e62ceedf3e
--- /dev/null
+++ b/kerberosIV/krb/get_host.c
@@ -0,0 +1,309 @@
+/* $KTH: get_host.c,v 1.31 1997/09/26 17:42:37 joda Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+static struct host_list {
+ struct krb_host *this;
+ struct host_list *next;
+} *hosts;
+
+static int krb_port = 0;
+
+static void
+free_hosts(struct host_list *h)
+{
+ struct host_list *t;
+ while(h){
+ if(h->this->realm)
+ free(h->this->realm);
+ if(h->this->host)
+ free(h->this->host);
+ t = h;
+ h = h->next;
+ free(t);
+ }
+}
+
+static int
+parse_address(char *address, enum krb_host_proto *proto, char **host, int *port)
+{
+ char *p, *q;
+ int default_port = krb_port;
+ *proto = PROTO_UDP;
+ if(strncmp(address, "http://", 7) == 0){
+ p = address + 7;
+ *proto = PROTO_HTTP;
+ default_port = 80;
+ }else{
+ p = strchr(address, '/');
+ if(p){
+ char prot[32];
+ struct protoent *pp;
+ strncpy(prot, address, p - address);
+ prot[p - address] = 0;
+ if((pp = getprotobyname(prot))){
+ switch(pp->p_proto){
+ case IPPROTO_UDP:
+ *proto = PROTO_UDP;
+ break;
+ case IPPROTO_TCP:
+ *proto = PROTO_TCP;
+ break;
+ default:
+ krb_warning("Unknown protocol `%s', Using default `udp'.\n",
+ prot);
+ }
+ } else
+ krb_warning("Bad protocol name `%s', Using default `udp'.\n",
+ prot);
+ p++;
+ }else
+ p = address;
+ }
+ q = strchr(p, ':');
+ if(q){
+ *host = (char*)malloc(q - p + 1);
+ strncpy(*host, p, q - p);
+ (*host)[q - p] = 0;
+ q++;
+ {
+ struct servent *sp = getservbyname(q, NULL);
+ if(sp)
+ *port = ntohs(sp->s_port);
+ else
+ if(sscanf(q, "%d", port) != 1){
+ krb_warning("Bad port specification `%s', using port %d.",
+ q, krb_port);
+ *port = krb_port;
+ }
+ }
+ }else{
+ *host = strdup(p);
+ *port = default_port;
+ }
+ return 0;
+}
+
+static int
+add_host(char *realm, char *address, int admin, int validate)
+{
+ struct krb_host *host;
+ struct host_list *p, **last = &hosts;
+ host = (struct krb_host*)malloc(sizeof(struct krb_host));
+ parse_address(address, &host->proto, &host->host, &host->port);
+ if(validate && gethostbyname(host->host) == NULL){
+ free(host->host);
+ free(host);
+ return 1;
+ }
+ host->admin = admin;
+ for(p = hosts; p; p = p->next){
+ if(strcmp(realm, p->this->realm) == 0 &&
+ strcmp(host->host, p->this->host) == 0 &&
+ host->proto == p->this->proto &&
+ host->port == p->this->port){
+ free(host->host);
+ free(host);
+ return 1;
+ }
+ last = &p->next;
+ }
+ host->realm = strdup(realm);
+ p = (struct host_list*)malloc(sizeof(struct host_list));
+ p->this = host;
+ p->next = NULL;
+ *last = p;
+ return 0;
+}
+
+
+
+static int
+read_file(const char *filename, const char *r)
+{
+ char line[1024];
+ char realm[1024];
+ char address[1024];
+ char scratch[1024];
+ int n;
+ int nhosts = 0;
+
+ FILE *f = fopen(filename, "r");
+ if(f == NULL)
+ return -1;
+ while(fgets(line, sizeof(line), f)){
+ n = sscanf(line, "%s %s admin %s", realm, address, scratch);
+ if(n == 2 || n == 3){
+ if(strcmp(realm, r))
+ continue;
+ if(add_host(realm, address, n == 3, 0) == 0)
+ nhosts++;
+ }
+ }
+ fclose(f);
+ return nhosts;
+}
+
+static int
+init_hosts(char *realm)
+{
+ static const char *files[] = KRB_CNF_FILES;
+ int i;
+ char *dir = getenv("KRBCONFDIR");
+
+ krb_port = ntohs(k_getportbyname (KRB_SERVICE, NULL, htons(KRB_PORT)));
+ if(dir){
+ char file[MAXPATHLEN];
+ if(k_concat(file, sizeof(file), dir, "/krb.conf", NULL) == 0)
+ read_file(file, realm);
+ }
+ for(i = 0; files[i]; i++)
+ read_file(files[i], realm);
+ return 0;
+}
+
+static void
+srv_find_realm(char *realm, char *proto, char *service)
+{
+ char *domain;
+ struct dns_reply *r;
+ struct resource_record *rr;
+
+ k_mconcat(&domain, 1024, service, ".", proto, ".", realm, ".", NULL);
+
+ if(domain == NULL)
+ return;
+
+ r = dns_lookup(domain, "srv");
+ if(r == NULL)
+ r = dns_lookup(domain, "txt");
+ if(r == NULL){
+ free(domain);
+ return;
+ }
+ for(rr = r->head; rr; rr = rr->next){
+ if(rr->type == T_SRV){
+ char buf[1024];
+
+ if (snprintf (buf,
+ sizeof(buf),
+ "%s/%s:%u",
+ proto,
+ rr->u.srv->target,
+ rr->u.srv->port) < sizeof(buf))
+ add_host(realm, buf, 0, 0);
+ }else if(rr->type == T_TXT)
+ add_host(realm, rr->u.txt, 0, 0);
+ }
+ dns_free_data(r);
+ free(domain);
+}
+
+struct krb_host*
+krb_get_host(int nth, char *realm, int admin)
+{
+ struct host_list *p;
+ static char orealm[REALM_SZ];
+ if(orealm[0] == 0 || strcmp(realm, orealm)){
+ /* quick optimization */
+ if(realm && realm[0]){
+ strncpy(orealm, realm, sizeof(orealm) - 1);
+ orealm[sizeof(orealm) - 1] = 0;
+ }else{
+ int ret = krb_get_lrealm(orealm, 1);
+ if(ret != KSUCCESS)
+ return NULL;
+ }
+
+ if(hosts){
+ free_hosts(hosts);
+ hosts = NULL;
+ }
+
+ init_hosts(orealm);
+
+ srv_find_realm(orealm, "udp", KRB_SERVICE);
+ srv_find_realm(orealm, "tcp", KRB_SERVICE);
+
+ {
+ /* XXX this assumes no one has more than 99999 kerberos
+ servers */
+ char host[REALM_SZ + sizeof("kerberos-XXXXX..")];
+ int i = 0;
+ sprintf(host, "kerberos.%s.", orealm);
+ add_host(orealm, host, 1, 1);
+ do{
+ i++;
+ sprintf(host, "kerberos-%d.%s.", i, orealm);
+ }while(i < 100000 && add_host(orealm, host, 0, 1) == 0);
+ }
+ }
+
+ for(p = hosts; p; p = p->next){
+ if(strcmp(orealm, p->this->realm) == 0 &&
+ (!admin || p->this->admin))
+ if(nth == 1)
+ return p->this;
+ else
+ nth--;
+ }
+ return NULL;
+}
+
+int
+krb_get_krbhst(char *host, char *realm, int nth)
+{
+ struct krb_host *p = krb_get_host(nth, realm, 0);
+ if(p == NULL)
+ return KFAILURE;
+ strcpy(host, p->host);
+ return KSUCCESS;
+}
+
+int
+krb_get_admhst(char *host, char *realm, int nth)
+{
+ struct krb_host *p = krb_get_host(nth, realm, 1);
+ if(p == NULL)
+ return KFAILURE;
+ strcpy(host, p->host);
+ return KSUCCESS;
+}
diff --git a/kerberosIV/krb/get_in_tkt.c b/kerberosIV/krb/get_in_tkt.c
index f894640af3e..393f25b8ab5 100644
--- a/kerberosIV/krb/get_in_tkt.c
+++ b/kerberosIV/krb/get_in_tkt.c
@@ -1,10 +1,4 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/get_in_tkt.c,v $
- *
- * $Locker: $
- */
+/* $KTH: get_in_tkt.c,v 1.19 1997/10/03 21:51:42 joda Exp $ */
/*
Copyright (C) 1989 by the Massachusetts Institute of Technology
@@ -30,67 +24,49 @@ or implied warranty.
#include "krb_locl.h"
/*
- * This file contains two routines: passwd_to_key() converts
- * a password into a DES key (prompting for the password if
- * not supplied), and krb_get_pw_in_tkt() gets an initial ticket for
- * a user.
+ * This file contains three routines: passwd_to_key() and
+ * passwd_to_afskey() converts a password into a DES key, using the
+ * normal strinttokey and the AFS one, respectively, and
+ * krb_get_pw_in_tkt() gets an initial ticket for a user.
*/
/*
- * passwd_to_key(): given a password, return a DES key.
- * There are extra arguments here which (used to be?)
- * used by srvtab_to_key().
- *
- * If the "passwd" argument is not null, generate a DES
- * key from it, using string_to_key().
- *
- * If the "passwd" argument is null, call des_read_password()
- * to prompt for a password and then convert it into a DES key.
- *
- * In either case, the resulting key is put in the "key" argument,
- * and 0 is returned.
+ * passwd_to_key() and passwd_to_afskey: given a password, return a DES key.
*/
-/*ARGSUSED */
-static int
-passwd_to_key(user, instance, realm, passwd, key)
- char *user;
- char *instance;
- char *realm;
- char *passwd;
- des_cblock *key;
+int
+passwd_to_key(char *user, char *instance, char *realm, void *passwd,
+ des_cblock *key)
{
-#ifdef NOENCRYPTION
- if (!passwd)
- placebo_read_password(key, "Kerberos Password: ", 0);
-#else
- if (passwd)
- des_string_to_key(passwd,key);
- else
- des_read_password(key,"Kerberos Password: ",0);
+#ifndef NOENCRYPTION
+ des_string_to_key((char *)passwd, key);
#endif
- return (0);
+ return 0;
}
-/*ARGSUSED */
-static int
-afs_passwd_to_key(user, instance, realm, passwd, key)
- char *user;
- char *instance;
- char *realm;
- char *passwd;
- des_cblock *key;
+int
+passwd_to_5key(char *user, char *instance, char *realm, void *passwd,
+ des_cblock *key)
{
-#ifdef NOENCRYPTION
- if (!passwd)
- placebo_read_password(key, "Kerberos Password: ", 0);
-#else /* Do encyryption */
- if (passwd)
- afs_string_to_key(passwd, realm, key);
- else {
- des_read_password(key, "Kerberos Password: ", 0);
- }
-#endif /* NOENCRYPTION */
+ char *p;
+ size_t len;
+ len = k_mconcat (&p, 512, passwd, realm, user, instance, NULL);
+ if(len == 0)
+ return -1;
+ des_string_to_key(p, key);
+ memset(p, 0, len);
+ free(p);
+ return 0;
+}
+
+
+int
+passwd_to_afskey(char *user, char *instance, char *realm, void *passwd,
+ des_cblock *key)
+{
+#ifndef NOENCRYPTION
+ afs_string_to_key((char *)passwd, realm, key);
+#endif
return (0);
}
@@ -112,208 +88,50 @@ afs_passwd_to_key(user, instance, realm, passwd, key)
*/
int
-krb_get_pw_in_tkt(user, instance, realm, service, sinstance, life, password)
- char *user;
- char *instance;
- char *realm;
- char *service;
- char *sinstance;
- int life;
- char *password;
+krb_get_pw_in_tkt(char *user, char *instance, char *realm, char *service,
+ char *sinstance, int life, char *password)
{
char pword[100]; /* storage for the password */
int code;
/* Only request password once! */
if (!password) {
- if (des_read_pw_string(pword, sizeof(pword)-1, "Kerberos Password: ", 0))
- pword[0] = '\0'; /* something wrong */
+ if (des_read_pw_string(pword, sizeof(pword)-1, "Password: ", 0)){
+ memset(pword, 0, sizeof(pword));
+ return INTK_BADPW;
+ }
password = pword;
}
- code = krb_get_in_tkt(user,instance,realm,service,sinstance,life,
- passwd_to_key, NULL, password);
- if (code != INTK_BADPW)
- goto done;
-
- code = krb_get_in_tkt(user,instance,realm,service,sinstance,life,
- afs_passwd_to_key, NULL, password);
- if (code != INTK_BADPW)
- goto done;
+ {
+ KTEXT_ST as_rep;
+ CREDENTIALS cred;
+ int ret = 0;
+ key_proc_t key_procs[] = { passwd_to_key, passwd_to_afskey,
+ passwd_to_5key, NULL };
+ key_proc_t *kp;
+
+ code = krb_mk_as_req(user, instance, realm,
+ service, sinstance, life, &as_rep);
+ if(code)
+ return code;
+ for(kp = key_procs; *kp; kp++){
+ KTEXT_ST tmp;
+ memcpy(&tmp, &as_rep, sizeof(as_rep));
+ code = krb_decode_as_rep(user, instance, realm, service, sinstance,
+ *kp, NULL, password, &tmp, &cred);
+ if(code == 0)
+ break;
+ if(code != INTK_BADPW)
+ ret = code; /* this is probably a better code than
+ what code gets after this loop */
+ }
+ if(code)
+ return ret ? ret : code;
- done:
+ code = tf_setup(&cred, user, instance);
+ }
if (password == pword)
- bzero(pword, sizeof(pword));
+ memset(pword, 0, sizeof(pword));
return(code);
}
-
-#ifdef NOENCRYPTION
-/*
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/get_in_tkt.c,v $
- * $Author: millert $
- *
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- * This routine prints the supplied string to standard
- * output as a prompt, and reads a password string without
- * echoing.
- */
-
-#ifndef lint
-static char rcsid_read_password_c[] =
-"Bones$Header: /cvs/OpenBSD/src/kerberosIV/krb/Attic/get_in_tkt.c,v 1.4 1997/08/18 03:11:21 millert Exp $";
-#endif /* lint */
-
-#include <des.h>
-#include "conf.h"
-
-#include <stdio.h>
-#include <string.h>
-#include <sys/ioctl.h>
-#include <signal.h>
-#include <setjmp.h>
-
-static jmp_buf env;
-
-static void sig_restore();
-static push_signals(), pop_signals();
-int placebo_read_pw_string();
-
-/*** Routines ****************************************************** */
-int
-placebo_read_password(k,prompt,verify)
- des_cblock *k;
- char *prompt;
- int verify;
-{
- int ok;
- char key_string[BUFSIZ];
-
- if (setjmp(env)) {
- ok = -1;
- goto lose;
- }
-
- ok = placebo_read_pw_string(key_string, BUFSIZ, prompt, verify);
- if (ok == 0)
- bzero(k, sizeof(C_Block));
-
-lose:
- bzero(key_string, sizeof (key_string));
- return ok;
-}
-
-/*
- * This version just returns the string, doesn't map to key.
- *
- * Returns 0 on success, non-zero on failure.
- */
-
-int
-placebo_read_pw_string(s,max,prompt,verify)
- char *s;
- int max;
- char *prompt;
- int verify;
-{
- int ok = 0;
- char *ptr;
-
- jmp_buf old_env;
- struct sgttyb tty_state;
- char key_string[BUFSIZ];
-
- if (max > BUFSIZ) {
- return -1;
- }
-
- bcopy(old_env, env, sizeof(env));
- if (setjmp(env))
- goto lose;
-
- /* save terminal state*/
- if (ioctl(0,TIOCGETP,&tty_state) == -1)
- return -1;
-
- push_signals();
- /* Turn off echo */
- tty_state.sg_flags &= ~ECHO;
- if (ioctl(0,TIOCSETP,&tty_state) == -1)
- return -1;
- while (!ok) {
- printf(prompt);
- fflush(stdout);
- if (!fgets(s, max, stdin)) {
- clearerr(stdin);
- continue;
- }
- if ((ptr = strchr(s, '\n')))
- *ptr = '\0';
- if (verify) {
- printf("\nVerifying, please re-enter %s",prompt);
- fflush(stdout);
- if (!fgets(key_string, sizeof(key_string), stdin)) {
- clearerr(stdin);
- continue;
- }
- if ((ptr = strchr(key_string, '\n')))
- *ptr = '\0';
- if (strcmp(s,key_string)) {
- printf("\n\07\07Mismatch - try again\n");
- fflush(stdout);
- continue;
- }
- }
- ok = 1;
- }
-
-lose:
- if (!ok)
- bzero(s, max);
- printf("\n");
- /* turn echo back on */
- tty_state.sg_flags |= ECHO;
- if (ioctl(0,TIOCSETP,&tty_state))
- ok = 0;
- pop_signals();
- bcopy(env, old_env, sizeof(env));
- if (verify)
- bzero(key_string, sizeof (key_string));
- s[max-1] = 0; /* force termination */
- return !ok; /* return nonzero if not okay */
-}
-
-/*
- * this can be static since we should never have more than
- * one set saved....
- */
-static RETSIGTYPE (*old_sigfunc[NSIG])();
-
-static
-push_signals()
-{
- register i;
- for (i = 0; i < NSIG; i++)
- old_sigfunc[i] = signal(i,sig_restore);
-}
-
-static
-pop_signals()
-{
- register i;
- for (i = 0; i < NSIG; i++)
- signal(i,old_sigfunc[i]);
-}
-
-static void
-sig_restore(sig,code,scp)
- int sig,code;
- struct sigcontext *scp;
-{
- longjmp(env,1);
-}
-#endif /* NOENCRYPTION */
diff --git a/kerberosIV/krb/get_krbhst.c b/kerberosIV/krb/get_krbhst.c
deleted file mode 100644
index 0dd0eb96ba1..00000000000
--- a/kerberosIV/krb/get_krbhst.c
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/get_krbhst.c,v $
- *
- * $Locker: $
- */
-
-/*
- Copyright (C) 1989 by the Massachusetts Institute of Technology
-
- Export of this software from the United States of America is assumed
- to require a specific license from the United States Government.
- It is the responsibility of any person or organization contemplating
- export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. M.I.T. makes no representations about the suitability of
-this software for any purpose. It is provided "as is" without express
-or implied warranty.
-
- */
-
-#include "krb_locl.h"
-
-/*
- * Given a Kerberos realm, find a host on which the Kerberos authenti-
- * cation server can be found.
- *
- * krb_get_krbhst takes a pointer to be filled in, a pointer to the name
- * of the realm for which a server is desired, and an integer, n, and
- * returns (in h) the nth entry from the configuration file (KRB_CONF,
- * defined in "krb.h") associated with the specified realm.
- *
- * On end-of-file, krb_get_krbhst returns KFAILURE. If all goes well,
- * the routine returns KSUCCESS.
- *
- * The KRB_CONF file contains the name of the local realm in the first
- * line (not used by this routine), followed by lines indicating realm/host
- * entries. The words "admin server" following the hostname indicate that
- * the host provides an administrative database server.
- *
- * For example:
- *
- * ATHENA.MIT.EDU
- * ATHENA.MIT.EDU kerberos-1.mit.edu admin server
- * ATHENA.MIT.EDU kerberos-2.mit.edu
- * LCS.MIT.EDU kerberos.lcs.mit.edu admin server
- *
- * This is a temporary hack to allow us to find the nearest system running
- * kerberos. In the long run, this functionality will be provided by a
- * nameserver.
- */
-
-int
-krb_get_krbhst(h, r, n)
- char *h;
- char *r;
- int n;
-{
- FILE *cnffile;
- char tr[REALM_SZ];
- char linebuf[BUFSIZ];
- register int i;
-
- if ((cnffile = fopen(KRB_CONF,"r")) == NULL) {
- char tbuf[128];
- char *tdir = NULL;
- if (issetugid() == 0)
- tdir = (char *) getenv("KRBCONFDIR");
- strncpy(tbuf, tdir ? tdir : "/etc", sizeof(tbuf)-1);
- tbuf[sizeof(tbuf)-1] = 0;
- strncat(tbuf, "/krb.conf", sizeof(tbuf)-strlen(tbuf));
- if ((cnffile = fopen(tbuf,"r")) == NULL)
- return(KFAILURE);
- }
- if (fscanf(cnffile,"%s",tr) == EOF)
- return(KFAILURE);
- /* run through the file, looking for the nth server for this realm */
- for (i = 1; i <= n;) {
- if (fgets(linebuf, BUFSIZ, cnffile) == NULL) {
- (void) fclose(cnffile);
- return(KFAILURE);
- }
- if (sscanf(linebuf, "%s %s", tr, h) != 2)
- continue;
- if (!strcmp(tr,r))
- i++;
- }
- (void) fclose(cnffile);
- return(KSUCCESS);
-}
diff --git a/kerberosIV/krb/get_krbrlm.c b/kerberosIV/krb/get_krbrlm.c
index ff9f0ebc532..24dfd680b4b 100644
--- a/kerberosIV/krb/get_krbrlm.c
+++ b/kerberosIV/krb/get_krbrlm.c
@@ -1,10 +1,4 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/get_krbrlm.c,v $
- *
- * $Locker: $
- */
+/* $KTH: get_krbrlm.c,v 1.16 1997/05/02 01:26:22 assar Exp $ */
/*
Copyright (C) 1989 by the Massachusetts Institute of Technology
@@ -33,7 +27,9 @@ or implied warranty.
* krb_get_lrealm takes a pointer to a string, and a number, n. It fills
* in the string, r, with the name of the nth realm specified on the
* first line of the kerberos config file (KRB_CONF, defined in "krb.h").
- * It returns 0 (KSUCCESS) on success, and KFAILURE on failure.
+ * It returns 0 (KSUCCESS) on success, and KFAILURE on failure. If the
+ * config file does not exist, and if n=1, a successful return will occur
+ * with r = KRB_REALM (also defined in "krb.h").
*
* NOTE: for archaic & compatibility reasons, this routine will only return
* valid results when n = 1.
@@ -42,32 +38,79 @@ or implied warranty.
* krb_get_krbhst().
*/
+static int
+krb_get_lrealm_f(char *r, int n, const char *fname)
+{
+ FILE *f;
+ int ret = KFAILURE;
+ f = fopen(fname, "r");
+ if(f){
+ char buf[REALM_SZ];
+ if(fgets(buf, sizeof(buf), f)){
+ char *p = buf + strspn(buf, " \t");
+ p[strcspn(p, " \t\r\n")] = 0;
+ p[REALM_SZ - 1] = 0;
+ strcpy(r, p);
+ ret = KSUCCESS;
+ }
+ fclose(f);
+ }
+ return ret;
+}
+
int
-krb_get_lrealm(r, n)
- char *r;
- int n;
+krb_get_lrealm(char *r, int n)
{
- FILE *cnffile;
+ static const char *const files[] = KRB_CNF_FILES;
+ int i;
+
+ const char *dir = getenv("KRBCONFDIR");
- if (n > 1)
- return(KFAILURE); /* Temporary restriction */
+ if (n > 1)
+ return(KFAILURE); /* Temporary restriction */
- if ((cnffile = fopen(KRB_CONF, "r")) == NULL) {
- char tbuf[128];
- char *tdir = NULL;
- if (issetugid() == 0)
- tdir = (char *) getenv("KRBCONFDIR");
- strncpy(tbuf, tdir ? tdir : "/etc", sizeof(tbuf)-1);
- tbuf[sizeof(tbuf)-1] = 0;
- strncat(tbuf, "/krb.conf", sizeof(tbuf)-strlen(tbuf));
- if ((cnffile = fopen(tbuf,"r")) == NULL)
- return(KFAILURE);
- }
+ /* First try user specified file */
+ if (dir != 0) {
+ char fname[MAXPATHLEN];
+ if(k_concat(fname, sizeof(fname), dir, "/krb.conf", NULL) == 0)
+ if (krb_get_lrealm_f(r, n, fname) == KSUCCESS)
+ return KSUCCESS;
+ }
+
+ for (i = 0; files[i] != 0; i++)
+ if (krb_get_lrealm_f(r, n, files[i]) == KSUCCESS)
+ return KSUCCESS;
+
+ /* If nothing else works try LOCALDOMAIN, if it exists */
+ if (n == 1)
+ {
+ char *t, hostname[MAXHOSTNAMELEN];
+ k_gethostname(hostname, sizeof(hostname));
+ t = krb_realmofhost(hostname);
+ if (t) {
+ strcpy (r, t);
+ return KSUCCESS;
+ }
+ t = strchr(hostname, '.');
+ if (t == 0)
+ return KFAILURE; /* No domain part, you loose */
- if (fscanf(cnffile,"%s",r) != 1) {
- (void) fclose(cnffile);
- return(KFAILURE);
+ t++; /* Skip leading dot and upcase the rest */
+ for (; *t; t++, r++)
+ *r = toupper(*t);
+ *r = 0;
+ return(KSUCCESS);
}
- (void) fclose(cnffile);
- return(*r == '#' ? KFAILURE : KSUCCESS);
+ else
+ return(KFAILURE);
+}
+
+/* For SunOS5 compat. */
+char *
+krb_get_default_realm(void)
+{
+ static char local_realm[REALM_SZ]; /* local kerberos realm */
+ if (krb_get_lrealm(local_realm, 1) != KSUCCESS)
+ strcpy(local_realm, "NO.DEFAULT.REALM");
+ return local_realm;
}
diff --git a/kerberosIV/krb/get_phost.c b/kerberosIV/krb/get_phost.c
deleted file mode 100644
index 8c6c6caef9a..00000000000
--- a/kerberosIV/krb/get_phost.c
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/get_phost.c,v $
- *
- * $Locker: $
- */
-
-/*
- Copyright (C) 1989 by the Massachusetts Institute of Technology
-
- Export of this software from the United States of America is assumed
- to require a specific license from the United States Government.
- It is the responsibility of any person or organization contemplating
- export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. M.I.T. makes no representations about the suitability of
-this software for any purpose. It is provided "as is" without express
-or implied warranty.
-
- */
-
-#include "krb_locl.h"
-
-#define USE_FULL_HOST_NAME 0
-
-#include <ctype.h>
-#include <netdb.h>
-
-/*
- * This routine takes an alias for a host name and returns the first
- * field, lower case, of its domain name. For example, if "menel" is
- * an alias for host officially named "menelaus" (in /etc/hosts), for
- * the host whose official name is "MENELAUS.MIT.EDU", the name "menelaus"
- * is returned.
- *
- * This is done for historical Athena reasons: the Kerberos name of
- * rcmd servers (rlogin, rsh, rcp) is of the form "rcmd.host@realm"
- * where "host"is the lowercase for of the host name ("menelaus").
- * This should go away: the instance should be the domain name
- * (MENELAUS.MIT.EDU). But for now we need this routine...
- *
- * A pointer to the name is returned, if found, otherwise a pointer
- * to the original "alias" argument is returned.
- */
-
-char *
-krb_get_phost(alias)
- char *alias;
-{
- struct hostent *h;
- char *phost = alias;
- if ((h=gethostbyname(alias)) != (struct hostent *)NULL ) {
-#if USE_FULL_HOST_NAME
- char *p;
-#else /* USE_FULL_HOST_NAME */
- char *p = strchr( h->h_name, '.' );
- if (p)
- *p = 0;
-#endif /* USE_FULL_HOST_NAME */
- p = phost = h->h_name;
- do {
- if (isupper(*p)) *p=tolower(*p);
- } while (*p++);
- }
- return(phost);
-}
diff --git a/kerberosIV/krb/get_pw_tkt.c b/kerberosIV/krb/get_pw_tkt.c
deleted file mode 100644
index d2dbf5ee2e1..00000000000
--- a/kerberosIV/krb/get_pw_tkt.c
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/get_pw_tkt.c,v $
- *
- * $Locker: $
- */
-
-/*
- Copyright (C) 1989 by the Massachusetts Institute of Technology
-
- Export of this software from the United States of America is assumed
- to require a specific license from the United States Government.
- It is the responsibility of any person or organization contemplating
- export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. M.I.T. makes no representations about the suitability of
-this software for any purpose. It is provided "as is" without express
-or implied warranty.
-
- */
-
-#include "krb_locl.h"
-#include <sys/param.h>
-
-/*
- * Get a ticket for the password-changing server ("changepw.KRB_MASTER").
- *
- * Given the name, instance, realm, and current password of the
- * principal for which the user wants a password-changing-ticket,
- * return either:
- *
- * GT_PW_BADPW if current password was wrong,
- * GT_PW_NULL if principal had a NULL password,
- * or the result of the krb_get_pw_in_tkt() call.
- *
- * First, try to get a ticket for "user.instance@realm" to use the
- * "changepw.KRB_MASTER" server (KRB_MASTER is defined in "krb.h").
- * The requested lifetime for the ticket is "1", and the current
- * password is the "cpw" argument given.
- *
- * If the password was bad, give up.
- *
- * If the principal had a NULL password in the Kerberos database
- * (indicating that the principal is known to Kerberos, but hasn't
- * got a password yet), try instead to get a ticket for the principal
- * "default.changepw@realm" to use the "changepw.KRB_MASTER" server.
- * Use the password "changepwkrb" instead of "cpw". Return GT_PW_NULL
- * if all goes well, otherwise the error.
- *
- * If this routine succeeds, a ticket and session key for either the
- * principal "user.instance@realm" or "default.changepw@realm" to use
- * the password-changing server will be in the user's ticket file.
- */
-
-int
-get_pw_tkt(user, instance, realm, cpw)
- char *user;
- char *instance;
- char *realm;
- char *cpw;
-{
- char *dot, admin[MAXHOSTNAMELEN];
- int kerror;
-
- if ((kerror = krb_get_admhst(admin, realm, 1)) != KSUCCESS)
- return(GT_PW_BADPW);
- if ((dot = strchr(admin, '.')) != NULL)
- *dot = '\0';
-
- kerror = krb_get_pw_in_tkt(user, instance, realm, "changepw",
- admin, 1, cpw);
-
- if (kerror == INTK_BADPW)
- return(GT_PW_BADPW);
-
- if (kerror == KDC_NULL_KEY) {
- kerror = krb_get_pw_in_tkt("default","changepw",realm,"changepw",
- admin,1,"changepwkrb");
- if (kerror)
- return(kerror);
- return(GT_PW_NULL);
- }
-
- return(kerror);
-}
diff --git a/kerberosIV/krb/get_request.c b/kerberosIV/krb/get_request.c
deleted file mode 100644
index ba0e0daaa67..00000000000
--- a/kerberosIV/krb/get_request.c
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/get_request.c,v $
- *
- * $Locker: $
- */
-
-/*
- Copyright (C) 1989 by the Massachusetts Institute of Technology
-
- Export of this software from the United States of America is assumed
- to require a specific license from the United States Government.
- It is the responsibility of any person or organization contemplating
- export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. M.I.T. makes no representations about the suitability of
-this software for any purpose. It is provided "as is" without express
-or implied warranty.
-
- */
-
-#include "krb_locl.h"
-
-/*
- * This procedure is obsolete. It is used in the kerberos_slave
- * code for Version 3 tickets.
- *
- * This procedure sets s_name, and instance to point to
- * the corresponding fields from tne nth request in the packet.
- * it returns the lifetime requested. Garbage will be returned
- * if there are less than n requests in the packet.
- */
-
-int
-get_request(pkt, n, s_name, instance)
- KTEXT pkt; /* The packet itself */
- int n; /* Which request do we want */
- char **s_name; /* Service name to be filled in */
- char **instance; /* Instance name to be filled in */
-{
- /* Go to the beginning of the request list */
- char *ptr = (char *) pkt_a_realm(pkt) + 6 +
- strlen((char *)pkt_a_realm(pkt));
-
- /* Read requests until we hit the right one */
- while (n-- > 1) {
- ptr++;
- ptr += 1 + strlen(ptr);
- ptr += 1 + strlen(ptr);
- }
-
- /* Set the arguments to point to the right place */
- *s_name = 1 + ptr;
- *instance = 2 + ptr + strlen(*s_name);
-
- /* Return the requested lifetime */
- return((int) *ptr);
-}
diff --git a/kerberosIV/krb/get_svc_in_tkt.c b/kerberosIV/krb/get_svc_in_tkt.c
index 57f1942cbb9..13171952f42 100644
--- a/kerberosIV/krb/get_svc_in_tkt.c
+++ b/kerberosIV/krb/get_svc_in_tkt.c
@@ -1,10 +1,4 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/get_svc_in_tkt.c,v $
- *
- * $Locker: $
- */
+/* $KTH: get_svc_in_tkt.c,v 1.8 1997/03/23 03:53:09 joda Exp $ */
/*
Copyright (C) 1989 by the Massachusetts Institute of Technology
@@ -52,18 +46,14 @@ or implied warranty.
* The service key is placed in "key".
*/
-static int
-srvtab_to_key(user, instance, realm, srvtab, key)
- char *user;
- char *instance;
- char *realm;
- char *srvtab;
- unsigned char *key;
+int
+srvtab_to_key(char *user, char *instance, char *realm, void *srvtab,
+ des_cblock *key)
{
if (!srvtab)
srvtab = KEYFILE;
- return(read_service_key(user, instance, realm, 0, srvtab,
+ return(read_service_key(user, instance, realm, 0, (char *)srvtab,
(char *)key));
}
@@ -78,14 +68,8 @@ srvtab_to_key(user, instance, realm, srvtab, key)
*/
int
-krb_get_svc_in_tkt(user, instance, realm, service, sinstance, life, srvtab)
- char *user;
- char *instance;
- char *realm;
- char *service;
- char *sinstance;
- int life;
- char *srvtab;
+krb_get_svc_in_tkt(char *user, char *instance, char *realm, char *service,
+ char *sinstance, int life, char *srvtab)
{
return(krb_get_in_tkt(user, instance, realm, service, sinstance,
life, srvtab_to_key, NULL, srvtab));
diff --git a/kerberosIV/krb/get_tf_fullname.c b/kerberosIV/krb/get_tf_fullname.c
index 40ec5986eb7..893f49506c8 100644
--- a/kerberosIV/krb/get_tf_fullname.c
+++ b/kerberosIV/krb/get_tf_fullname.c
@@ -1,10 +1,4 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/get_tf_fullname.c,v $
- *
- * $Locker: $
- */
+/* $KTH: get_tf_fullname.c,v 1.6 1997/03/23 03:53:10 joda Exp $ */
/*
Copyright (C) 1989 by the Massachusetts Institute of Technology
@@ -38,17 +32,13 @@ or implied warranty.
* krb_get_tf_fullname() takes four arguments: the name of the
* ticket file, and variables for name, instance, and realm to be
* returned in. Since the realm of a ticket file is not really fully
- * supported, the realm used will be that of the first ticket in the
- * file as this is the one that was obtained with a password by
+ * supported, the realm used will be that of the the first ticket in
+ * the file as this is the one that was obtained with a password by
* krb_get_in_tkt().
*/
int
-krb_get_tf_fullname(ticket_file, name, instance, realm)
- char *ticket_file;
- char *name;
- char *instance;
- char *realm;
+krb_get_tf_fullname(char *ticket_file, char *name, char *instance, char *realm)
{
int tf_status;
CREDENTIALS c;
@@ -74,7 +64,7 @@ krb_get_tf_fullname(ticket_file, name, instance, realm)
else
return(tf_status);
}
- (void) tf_close();
+ tf_close();
return(tf_status);
}
diff --git a/kerberosIV/krb/get_tf_realm.c b/kerberosIV/krb/get_tf_realm.c
index 04b19894ac2..fb02f775085 100644
--- a/kerberosIV/krb/get_tf_realm.c
+++ b/kerberosIV/krb/get_tf_realm.c
@@ -1,10 +1,4 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/get_tf_realm.c,v $
- *
- * $Locker: $
- */
+/* $KTH: get_tf_realm.c,v 1.5 1997/03/23 03:53:10 joda Exp $ */
/*
Copyright (C) 1989 by the Massachusetts Institute of Technology
@@ -41,9 +35,7 @@ or implied warranty.
*/
int
-krb_get_tf_realm(ticket_file, realm)
- char *ticket_file;
- char *realm;
+krb_get_tf_realm(char *ticket_file, char *realm)
{
return(krb_get_tf_fullname(ticket_file, 0, 0, realm));
}
diff --git a/kerberosIV/krb/getaddrs.c b/kerberosIV/krb/getaddrs.c
new file mode 100644
index 00000000000..9a45422b090
--- /dev/null
+++ b/kerberosIV/krb/getaddrs.c
@@ -0,0 +1,105 @@
+/* $KTH: getaddrs.c,v 1.20 1997/11/09 06:13:32 assar Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+#include <sys/ioctl.h>
+#include <net/if.h>
+#include <sys/sockio.h>
+
+/*
+ * Return number and list of all local adresses.
+ */
+
+int
+k_get_all_addrs (struct in_addr **l)
+{
+ int fd;
+ char buf[BUFSIZ];
+ struct ifreq ifreq;
+ struct ifconf ifconf;
+ int num, j;
+ char *p;
+
+ fd = socket(AF_INET, SOCK_DGRAM, 0);
+ if (fd < 0)
+ return -1;
+
+ ifconf.ifc_len = sizeof(buf);
+ ifconf.ifc_buf = buf;
+ if(ioctl(fd, SIOCGIFCONF, &ifconf) < 0)
+ return -1;
+ num = ifconf.ifc_len / sizeof(struct ifreq);
+ *l = malloc(num * sizeof(struct in_addr));
+ if(*l == NULL) {
+ close (fd);
+ return -1;
+ }
+
+ j = 0;
+ ifreq.ifr_name[0] = '\0';
+ for (p = ifconf.ifc_buf; p < ifconf.ifc_buf + ifconf.ifc_len;) {
+ struct ifreq *ifr = (struct ifreq *)p;
+ size_t sz = sizeof(*ifr);
+ sz = max(sz, sizeof(ifr->ifr_name) + ifr->ifr_addr.sa_len);
+
+ if(strncmp(ifreq.ifr_name, ifr->ifr_name, sizeof(ifr->ifr_name))) {
+ if(ioctl(fd, SIOCGIFFLAGS, ifr) < 0) {
+ close (fd);
+ free (*l);
+ return -1;
+ }
+ if (ifr->ifr_flags & IFF_UP) {
+ if(ioctl(fd, SIOCGIFADDR, ifr) < 0) {
+ close (fd);
+ free (*l);
+ return -1;
+ }
+ (*l)[j++] = ((struct sockaddr_in *)&ifr->ifr_addr)->sin_addr;
+ }
+ ifreq = *ifr;
+ }
+ p = p + sz;
+ }
+ if (j != num)
+ *l = realloc (*l, j * sizeof(struct in_addr));
+ close (fd);
+ return j;
+}
diff --git a/kerberosIV/krb/getrealm.c b/kerberosIV/krb/getrealm.c
index 7d303287d60..91878e8817a 100644
--- a/kerberosIV/krb/getrealm.c
+++ b/kerberosIV/krb/getrealm.c
@@ -1,10 +1,4 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/getrealm.c,v $
- *
- * $Locker: $
- */
+/* $KTH: getrealm.c,v 1.26 1997/10/08 22:51:13 joda Exp $ */
/*
Copyright (C) 1989 by the Massachusetts Institute of Technology
@@ -28,15 +22,9 @@ or implied warranty.
*/
#include "krb_locl.h"
-#include <netdb.h>
#define MATCH_SUBDOMAINS 0
-/* for Ultrix and friends ... */
-#ifndef MAXHOSTNAMELEN
-#define MAXHOSTNAMELEN 64
-#endif
-
/*
* krb_realmofhost.
* Given a fully-qualified domain-style primary host name,
@@ -55,78 +43,152 @@ or implied warranty.
* host names should be in the usual form (e.g. FOO.BAR.BAZ)
*/
-static char ret_realm[REALM_SZ+1];
+/* To automagically find the correct realm of a host (without
+ * krb.realms) add a text record for your domain with the name of your
+ * realm, like this:
+ *
+ * krb4-realm IN TXT FOO.SE
+ *
+ * The search is recursive, so you can also add entries for specific
+ * hosts. To find the realm of host a.b.c, it first tries
+ * krb4-realm.a.b.c, then krb4-realm.b.c and so on.
+ */
-char *
-krb_realmofhost(host)
- char *host;
+static int
+dns_find_realm(char *hostname, char *realm)
{
- char *domain;
- FILE *trans_file;
- char trans_host[MAXHOSTNAMELEN+1];
- char trans_realm[REALM_SZ+1];
- struct hostent *hp;
- int retval;
-
- if ((hp = gethostbyname(host)) != NULL)
- host = hp->h_name;
-
- domain = strchr(host, '.');
-
- /* prepare default */
- if (domain) {
- ret_realm[0] = '\0';
- } else {
- krb_get_lrealm(ret_realm, 1);
+ char domain[MAXHOSTNAMELEN + sizeof("krb4-realm..")];
+ char *p;
+ int level = 0;
+ struct dns_reply *r;
+
+ p = hostname;
+
+ while(1){
+ snprintf(domain, sizeof(domain), "krb4-realm.%s.", p);
+ p = strchr(p, '.');
+ if(p == NULL)
+ break;
+ p++;
+ r = dns_lookup(domain, "TXT");
+ if(r){
+ struct resource_record *rr = r->head;
+ while(rr){
+ if(rr->type == T_TXT){
+ strncpy(realm, rr->u.txt, REALM_SZ);
+ realm[REALM_SZ - 1] = 0;
+ dns_free_data(r);
+ return level;
+ }
+ rr = rr->next;
+ }
+ dns_free_data(r);
}
+ level++;
+ }
+ return -1;
+}
+
+
+static FILE *
+open_krb_realms(void)
+{
+ static const char *const files[] = KRB_RLM_FILES;
+ FILE *res;
+ int i;
+
+ const char *dir = getenv("KRBCONFDIR");
- if ((trans_file = fopen(KRB_RLM_TRANS, "r")) == (FILE *) 0) {
- char tbuf[128];
- char *tdir = NULL;
- if (issetugid() == 0)
- tdir = (char *) getenv("KRBCONFDIR");
- strncpy(tbuf, tdir ? tdir : "/etc", sizeof(tbuf)-1);
- tbuf[sizeof(tbuf)-1] = '\0';
- strncat(tbuf, "/krb.realms", sizeof(tbuf) - strlen(tbuf));
- if ((trans_file = fopen(tbuf,"r")) == NULL)
- return(ret_realm[0] ? ret_realm : NULL); /* krb_errno = KRB_NO_TRANS */
+ /* First try user specified file */
+ if (dir != 0) {
+ char fname[MAXPATHLEN];
+
+ if(k_concat(fname, sizeof(fname), dir, "/krb.realms", NULL) == 0)
+ if ((res = fopen(fname, "r")) != NULL)
+ return res;
+ }
+
+ for (i = 0; files[i] != 0; i++)
+ if ((res = fopen(files[i], "r")) != NULL)
+ return res;
+
+ return NULL;
+}
+
+static int
+file_find_realm(const char *phost, const char *domain, char *ret_realm)
+{
+ FILE *trans_file;
+ char buf[1024];
+ char trans_host[MAXHOSTNAMELEN];
+ char trans_realm[REALM_SZ];
+ int ret = -1;
+
+ if ((trans_file = open_krb_realms()) == NULL)
+ return -1;
+
+ while (fgets(buf, sizeof(buf), trans_file)) {
+ char *save = NULL;
+ char *tok = strtok_r(buf, " \t\r\n", &save);
+ if(tok == NULL)
+ continue;
+ strncpy(trans_host, tok, MAXHOSTNAMELEN);
+ trans_host[MAXHOSTNAMELEN - 1] = 0;
+ tok = strtok_r(NULL, " \t\r\n", &save);
+ if(tok == NULL)
+ continue;
+ strcpy(trans_realm, tok);
+ trans_realm[REALM_SZ - 1] = 0;
+ if (!strcasecmp(trans_host, phost)) {
+ /* exact match of hostname, so return the realm */
+ strcpy(ret_realm, trans_realm);
+ ret = 0;
+ break;
}
- while (1) {
- if ((retval = fscanf(trans_file, "%s %s",
- trans_host, trans_realm)) != 2) {
- if (retval == EOF) {
- fclose(trans_file);
- return(ret_realm[0] ? ret_realm : NULL);
- }
- continue; /* ignore broken lines */
- }
- trans_host[MAXHOSTNAMELEN] = '\0';
- trans_realm[REALM_SZ] = '\0';
- if (!strcasecmp(trans_host, host)) {
- /* exact match of hostname, so return the realm */
- (void) strcpy(ret_realm, trans_realm);
- fclose(trans_file);
- return(ret_realm[0] ? ret_realm : NULL);
- }
- if ((trans_host[0] == '.') && domain) {
-#if MATCH_SUBDOMAINS
- char *cp;
- for (cp = domain; cp != NULL; cp = strchr(cp+1, '.')) {
- /* this is a domain match */
- if (!strcasecmp(trans_host, cp)) {
- /* domain match, save for later */
- (void) strcpy(ret_realm, trans_realm);
- continue;
- }
- }
-#else /* MATCH_SUBDOMAINS */
- /* this is a domain match */
- if (!strcasecmp(trans_host, domain)) {
- /* domain match, save for later */
- (void) strcpy(ret_realm, trans_realm);
- continue;
- }
-#endif /* MATCH_SUBDOMAINS */
+ if ((trans_host[0] == '.') && domain) {
+ const char *cp = domain;
+ do {
+ if(strcasecmp(trans_host, domain) == 0){
+ /* domain match, save for later */
+ strcpy(ret_realm, trans_realm);
+ ret = 0;
+ break;
}
+ cp = strchr(cp + 1, '.');
+ } while(MATCH_SUBDOMAINS && cp);
}
+ }
+ fclose(trans_file);
+ return ret;
+}
+
+char *
+krb_realmofhost(const char *host)
+{
+ static char ret_realm[REALM_SZ];
+ char *domain;
+ char phost[MAXHOSTNAMELEN];
+
+ krb_name_to_name(host, phost, sizeof(phost));
+
+ domain = strchr(phost, '.');
+
+ if(file_find_realm(phost, domain, ret_realm) == 0)
+ return ret_realm;
+
+ if(dns_find_realm(phost, ret_realm) >= 0)
+ return ret_realm;
+
+ if (domain) {
+ char *cp;
+
+ strncpy(ret_realm, &domain[1], REALM_SZ);
+ ret_realm[REALM_SZ - 1] = 0;
+ /* Upper-case realm */
+ for (cp = ret_realm; *cp; cp++)
+ *cp = toupper(*cp);
+ } else {
+ krb_get_lrealm(ret_realm, 1);
+ }
+ return ret_realm;
}
diff --git a/kerberosIV/krb/getst.c b/kerberosIV/krb/getst.c
index a7b73af0947..a7c5a031b19 100644
--- a/kerberosIV/krb/getst.c
+++ b/kerberosIV/krb/getst.c
@@ -1,10 +1,4 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/getst.c,v $
- *
- * $Locker: $
- */
+/* $KTH: getst.c,v 1.6 1997/03/23 03:53:11 joda Exp $ */
/*
Copyright (C) 1989 by the Massachusetts Institute of Technology
@@ -40,12 +34,9 @@ or implied warranty.
*/
int
-getst(fd, s, n)
- int fd;
- register char *s;
- int n;
+getst(int fd, char *s, int n)
{
- register count = n;
+ int count = n;
while (read(fd, s, 1) > 0 && --count)
if (*s++ == '\0')
return (n - count);
diff --git a/kerberosIV/krb/in_tkt.c b/kerberosIV/krb/in_tkt.c
deleted file mode 100644
index 9eb958d6b90..00000000000
--- a/kerberosIV/krb/in_tkt.c
+++ /dev/null
@@ -1,147 +0,0 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/in_tkt.c,v $
- *
- * $Locker: $
- */
-
-/*
- Copyright (C) 1989 by the Massachusetts Institute of Technology
-
- Export of this software from the United States of America is assumed
- to require a specific license from the United States Government.
- It is the responsibility of any person or organization contemplating
- export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. M.I.T. makes no representations about the suitability of
-this software for any purpose. It is provided "as is" without express
-or implied warranty.
-
- */
-
-#include "krb_locl.h"
-
-#include <sys/file.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#ifdef TKT_SHMEM
-#include <sys/param.h>
-#endif
-
-/*
- * in_tkt() is used to initialize the ticket store. It creates the
- * file to contain the tickets and writes the given user's name "pname"
- * and instance "pinst" in the file. in_tkt() returns KSUCCESS on
- * success, or KFAILURE if something goes wrong.
- */
-
-int
-in_tkt(pname, pinst)
- char *pname;
- char *pinst;
-{
- int tktfile;
- uid_t me, metoo;
- struct stat buf;
- int count;
- char *file = TKT_FILE;
- int fd;
- register int i;
- char charbuf[BUFSIZ];
-#ifdef TKT_SHMEM
- char shmidname[MaxPathLen];
-#endif /* TKT_SHMEM */
-
- me = getuid ();
- metoo = geteuid();
- if (lstat(file,&buf) == 0) {
- if (buf.st_uid != me || !(buf.st_mode & S_IFREG) ||
- buf.st_mode & 077 || buf.st_nlink != 1) {
- if (krb_debug)
- fprintf(stderr,"Error initializing %s",file);
- return(KFAILURE);
- }
- /* file already exists, and permissions appear ok, so nuke it */
- if ((fd = open(file, O_RDWR, 0)) < 0)
- goto out; /* can't zero it, but we can still try truncating it */
-
- bzero(charbuf, sizeof(charbuf));
-
- for (i = 0; i < buf.st_size; i += sizeof(charbuf))
- if (write(fd, charbuf, sizeof(charbuf)) != sizeof(charbuf))
- break;
-
- (void) fsync(fd);
- (void) close(fd);
- (void) unlink (file);
- }
- out:
- /* arrange so the file is owned by the ruid
- (swap real & effective uid if necessary).
- This isn't a security problem, since the ticket file, if it already
- exists, has the right uid (== ruid) and mode. */
- if (me != metoo) {
- if (seteuid(me) < 0) {
- /* can't switch??? barf! */
- if (krb_debug)
- perror("in_tkt: seteuid");
- return(KFAILURE);
- } else
- if (krb_debug)
- printf("swapped UID's %d and %d\n",(int)metoo,(int)me);
- }
- if ((tktfile = open (file,O_CREAT|O_EXCL|O_WRONLY,0600)) < 0) {
- if (krb_debug)
- fprintf(stderr,"Error initializing %s",TKT_FILE);
- return(KFAILURE);
- }
- if (me != metoo) {
- if (seteuid(metoo) < 0) {
- /* can't switch??? barf! */
- if (krb_debug)
- perror("in_tkt: seteuid2");
- return(KFAILURE);
- } else
- if (krb_debug)
- printf("swapped UID's %d and %d\n",(int)me,(int)metoo);
- }
- if (lstat(file,&buf) < 0) {
- if (krb_debug)
- fprintf(stderr,"Error initializing %s",TKT_FILE);
- return(KFAILURE);
- }
-
- if (buf.st_uid != me || !(buf.st_mode & S_IFREG) ||
- buf.st_mode & 077) {
- if (krb_debug)
- fprintf(stderr,"Error initializing %s",TKT_FILE);
- return(KFAILURE);
- }
-
- count = strlen(pname)+1;
- if (write(tktfile,pname,count) != count) {
- (void) close(tktfile);
- return(KFAILURE);
- }
- count = strlen(pinst)+1;
- if (write(tktfile,pinst,count) != count) {
- (void) close(tktfile);
- return(KFAILURE);
- }
- (void) close(tktfile);
-#ifdef TKT_SHMEM
- (void) strcpy(shmidname, file);
- (void) strcat(shmidname, ".shm");
- return(krb_shm_create(shmidname));
-#else /* !TKT_SHMEM */
- return(KSUCCESS);
-#endif /* TKT_SHMEM */
-}
diff --git a/kerberosIV/krb/k_concat.c b/kerberosIV/krb/k_concat.c
new file mode 100644
index 00000000000..354c8ddcb49
--- /dev/null
+++ b/kerberosIV/krb/k_concat.c
@@ -0,0 +1,116 @@
+/* $KTH: k_concat.c,v 1.5 1997/05/02 08:56:39 joda Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+int
+k_concat (char *s, size_t len, ...)
+{
+ int ret;
+ va_list args;
+
+ va_start(args, len);
+ ret = k_vconcat (s, len, args);
+ va_end(args);
+ return ret;
+}
+
+int
+k_vconcat (char *s, size_t len, va_list args)
+{
+ const char *a;
+
+ while ((a = va_arg(args, const char*))) {
+ size_t n = strlen (a);
+
+ if (n >= len)
+ return -1;
+ strncpy (s, a, n);
+ s += n;
+ len -= n;
+ }
+ *s = '\0';
+ return 0;
+}
+
+size_t
+k_vmconcat (char **s, size_t max_len, va_list args)
+{
+ const char *a;
+ char *p, *q;
+ size_t len = 0;
+ *s = NULL;
+ p = malloc(1);
+ if(p == NULL)
+ return 0;
+ *p = 0;
+ len = 1;
+ while ((a = va_arg(args, const char*))) {
+ size_t n = strlen (a);
+
+ if(max_len && len + n > max_len){
+ free(p);
+ return 0;
+ }
+ q = realloc(p, len + n);
+ if(q == NULL){
+ free(p);
+ return 0;
+ }
+ p = q;
+ len += n;
+ strcat(p, a);
+ }
+ *s = p;
+ return len;
+}
+
+size_t
+k_mconcat (char **s, size_t max_len, ...)
+{
+ int ret;
+ va_list args;
+
+ va_start(args, max_len);
+ ret = k_vmconcat (s, max_len, args);
+ va_end(args);
+ return ret;
+}
+
diff --git a/kerberosIV/krb/k_flock.c b/kerberosIV/krb/k_flock.c
new file mode 100644
index 00000000000..6891dbc3845
--- /dev/null
+++ b/kerberosIV/krb/k_flock.c
@@ -0,0 +1,59 @@
+/* $KTH: k_flock.c,v 1.8 1997/04/01 08:18:30 joda Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+#define K_OP_MASK (K_LOCK_SH | K_LOCK_EX | K_LOCK_UN)
+
+int
+k_flock(int fd, int operation)
+{
+ int op = 0;
+ if (operation & K_LOCK_SH)
+ op |= LOCK_SH;
+ if (operation & K_LOCK_EX)
+ op |= LOCK_EX;
+ if (operation & K_LOCK_UN)
+ op |= LOCK_UN;
+ if (operation & K_LOCK_NB)
+ op |= LOCK_NB;
+
+ return flock(fd, op);
+}
diff --git a/kerberosIV/krb/pkt_cipher.c b/kerberosIV/krb/k_gethostname.c
index 2beb0f6a53f..78e64acdd22 100644
--- a/kerberosIV/krb/pkt_cipher.c
+++ b/kerberosIV/krb/k_gethostname.c
@@ -1,10 +1,4 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/pkt_cipher.c,v $
- *
- * $Locker: $
- */
+/* $KTH: k_gethostname.c,v 1.10 1997/03/23 03:53:12 joda Exp $ */
/*
Copyright (C) 1989 by the Massachusetts Institute of Technology
@@ -29,22 +23,18 @@ or implied warranty.
#include "krb_locl.h"
+#include <sys/utsname.h>
+
/*
- * This routine takes a reply packet from the Kerberos ticket-granting
- * service and returns a pointer to the beginning of the ciphertext in it.
- *
- * See "prot.h" for packet format.
+ * Return the local host's name in "name", up to "namelen" characters.
+ * "name" will be null-terminated if "namelen" is big enough.
+ * The return code is 0 on success, -1 on failure. (The calling
+ * interface is identical to gethostname(2).)
*/
-char *
-pkt_cipher(packet)
- KTEXT packet;
+int
+k_gethostname(char *name, int namelen)
{
- unsigned char *ptr = pkt_a_realm(packet) + 6
- + strlen((char *)pkt_a_realm(packet));
- /* Skip a few more fields */
- ptr += 3 + 4; /* add 4 for exp_date */
+ return gethostname(name, namelen);
- /* And return the pointer */
- return((char*)ptr);
}
diff --git a/kerberosIV/krb/k_getport.c b/kerberosIV/krb/k_getport.c
new file mode 100644
index 00000000000..be4c2f534f1
--- /dev/null
+++ b/kerberosIV/krb/k_getport.c
@@ -0,0 +1,57 @@
+/* $KTH: k_getport.c,v 1.10 1997/04/01 08:18:30 joda Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+int
+k_getportbyname (const char *service, const char *proto, int default_port)
+{
+ struct servent *sp;
+
+ sp = getservbyname(service, proto);
+ if(sp != NULL)
+ return sp->s_port;
+
+ krb_warning ("%s/%s unknown service, using default port %d\n",
+ service, proto ? proto : "*", ntohs(default_port));
+ return default_port;
+}
+
+
diff --git a/kerberosIV/krb/k_getsockinst.c b/kerberosIV/krb/k_getsockinst.c
new file mode 100644
index 00000000000..89468812dec
--- /dev/null
+++ b/kerberosIV/krb/k_getsockinst.c
@@ -0,0 +1,73 @@
+/* $KTH: k_getsockinst.c,v 1.10 1997/05/02 14:29:17 assar Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+/*
+ * Return in inst the name of the local interface bound to socket
+ * fd. On Failure return the 'wildcard' instance "*".
+ */
+
+int
+k_getsockinst(int fd, char *inst, size_t inst_size)
+{
+ struct sockaddr_in addr;
+ int len = sizeof(addr);
+ struct hostent *hnam;
+
+ if (getsockname(fd, (struct sockaddr *)&addr, &len) < 0)
+ goto fail;
+
+ hnam = gethostbyaddr((char *)&addr.sin_addr,
+ sizeof(addr.sin_addr),
+ addr.sin_family);
+ if (hnam == 0)
+ goto fail;
+
+ strncpy (inst, hnam->h_name, inst_size);
+ inst[inst_size - 1] = '\0';
+ k_ricercar(inst); /* Canonicalize name */
+ return 0; /* Success */
+
+ fail:
+ inst[0] = '*';
+ inst[1] = 0;
+ return -1;
+}
diff --git a/kerberosIV/krb/k_localtime.c b/kerberosIV/krb/k_localtime.c
index db54f81f681..09fb165c158 100644
--- a/kerberosIV/krb/k_localtime.c
+++ b/kerberosIV/krb/k_localtime.c
@@ -1,33 +1,46 @@
-/*
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/k_localtime.c,v $
- *
- * $Locker: $
- */
+/* $KTH: k_localtime.c,v 1.7 1997/04/01 08:18:31 joda Exp $ */
/*
- * Copyright 1987, 1988 by the Student Information Processing Board
- * of the Massachusetts Institute of Technology
- *
- * Permission to use, copy, modify, and distribute this software
- * and its documentation for any purpose and without fee is
- * hereby granted, provided that the above copyright notice
- * appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation,
- * and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
- * used in advertising or publicity pertaining to distribution
- * of the software without specific, written prior permission.
- * M.I.T. and the M.I.T. S.I.P.B. make no representations about
- * the suitability of this software for any purpose. It is
- * provided "as is" without express or implied warranty.
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
-#include <kerberosIV/krb.h>
-
-#include <time.h>
+#include "krb_locl.h"
-struct tm *
-k_localtime(tp)
- u_int32_t *tp;
+struct tm *k_localtime(u_int32_t *tp)
{
time_t t;
t = *tp;
diff --git a/kerberosIV/krb/kdc_reply.c b/kerberosIV/krb/kdc_reply.c
new file mode 100644
index 00000000000..3561955847f
--- /dev/null
+++ b/kerberosIV/krb/kdc_reply.c
@@ -0,0 +1,131 @@
+/* $KTH: kdc_reply.c,v 1.9 1997/04/15 21:52:14 assar Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+static int little_endian; /* XXX ugly */
+
+int
+kdc_reply_cred(KTEXT cip, CREDENTIALS *cred)
+{
+ unsigned char *p = cip->dat;
+
+ memcpy(cred->session, p, 8);
+ p += 8;
+
+ if(p + strlen((char*)p) > cip->dat + cip->length)
+ return INTK_BADPW;
+ p += krb_get_string(p, cred->service);
+
+ if(p + strlen((char*)p) > cip->dat + cip->length)
+ return INTK_BADPW;
+ p += krb_get_string(p, cred->instance);
+
+ if(p + strlen((char*)p) > cip->dat + cip->length)
+ return INTK_BADPW;
+ p += krb_get_string(p, cred->realm);
+
+ if(p + 3 > cip->dat + cip->length)
+ return INTK_BADPW;
+ cred->lifetime = *p++;
+ cred->kvno = *p++;
+ cred->ticket_st.length = *p++;
+
+ if(p + cred->ticket_st.length + 4 > cip->dat + cip->length)
+ return INTK_BADPW;
+ memcpy(cred->ticket_st.dat, p, cred->ticket_st.length);
+ p += cred->ticket_st.length;
+
+ p += krb_get_int(p, (u_int32_t *)&cred->issue_date, 4, little_endian);
+
+ return KSUCCESS;
+}
+
+int
+kdc_reply_cipher(KTEXT reply, KTEXT cip)
+{
+ unsigned char *p;
+ unsigned char pvno;
+ unsigned char type;
+
+ char aname[ANAME_SZ];
+ char inst[INST_SZ];
+ char realm[REALM_SZ];
+
+ u_int32_t kdc_time;
+ u_int32_t exp_date;
+ u_int32_t clen;
+
+ p = reply->dat;
+
+ pvno = *p++;
+
+ if (pvno != KRB_PROT_VERSION )
+ return INTK_PROT;
+
+ type = *p++;
+ little_endian = type & 1;
+
+ type &= ~1;
+
+ if(type == AUTH_MSG_ERR_REPLY){
+ u_int32_t code;
+ p += strlen((char*)p) + 1; /* name */
+ p += strlen((char*)p) + 1; /* instance */
+ p += strlen((char*)p) + 1; /* realm */
+ p += 4; /* time */
+ p += krb_get_int(p, &code, 4, little_endian);
+ return code;
+ }
+ if(type != AUTH_MSG_KDC_REPLY)
+ return INTK_PROT;
+
+ p += krb_get_nir(p, aname, inst, realm);
+ p += krb_get_int(p, &kdc_time, 4, little_endian);
+ p++; /* number of tickets */
+ p += krb_get_int(p, &exp_date, 4, little_endian);
+ p++; /* master key version number */
+ p += krb_get_int(p, &clen, 2, little_endian);
+ cip->length = clen;
+ memcpy(cip->dat, p, clen);
+ p += clen;
+
+ return KSUCCESS;
+}
diff --git a/kerberosIV/krb/klog.c b/kerberosIV/krb/klog.c
deleted file mode 100644
index 5e2768f279d..00000000000
--- a/kerberosIV/krb/klog.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/klog.c,v $
- *
- * $Locker: $
- */
-
-/*
- Copyright (C) 1989 by the Massachusetts Institute of Technology
-
- Export of this software from the United States of America is assumed
- to require a specific license from the United States Government.
- It is the responsibility of any person or organization contemplating
- export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. M.I.T. makes no representations about the suitability of
-this software for any purpose. It is provided "as is" without express
-or implied warranty.
-
- */
-
-#include "krb_locl.h"
-
-#include <sys/time.h>
-
-#include <klog.h>
-
-static char *log_name = KRBLOG;
-static int is_open;
-static char logtxt[1000];
-
-/*
- * This file contains two logging routines: kset_logfile()
- * to determine the file to which log entries should be written;
- * and klog() to write log entries to the file.
- */
-
-/*
- * klog() is used to add entries to the logfile (see kset_logfile()
- * below). Note that it is probably not portable since it makes
- * assumptions about what the compiler will do when it is called
- * with less than the correct number of arguments which is the
- * way it is usually called.
- *
- * The log entry consists of a timestamp and the given arguments
- * printed according to the given "format" string.
- *
- * The log file is opened and closed for each log entry.
- *
- * If the given log type "type" is unknown, or if the log file
- * cannot be opened, no entry is made to the log file.
- *
- * The return value is always a pointer to the formatted log
- * text string "logtxt".
- */
-
-char *
-klog(type, format, a1, a2, a3, a4, a5, a6, a7, a8, a9, a0)
- int type;
- char *format;
- int a1, a2, a3, a4, a5, a6, a7, a8, a9, a0;
-{
- FILE *logfile;
- time_t now;
- char *month_sname(int n);
- struct tm *tm;
- static int logtype_array[NLOGTYPE] = {0,0};
- static int array_initialized;
-
- if (!(array_initialized++)) {
- logtype_array[L_NET_ERR] = 1;
- logtype_array[L_KRB_PERR] = 1;
- logtype_array[L_KRB_PWARN] = 1;
- logtype_array[L_APPL_REQ] = 1;
- logtype_array[L_INI_REQ] = 1;
- logtype_array[L_DEATH_REQ] = 1;
- logtype_array[L_NTGT_INTK] = 1;
- logtype_array[L_ERR_SEXP] = 1;
- logtype_array[L_ERR_MKV] = 1;
- logtype_array[L_ERR_NKY] = 1;
- logtype_array[L_ERR_NUN] = 1;
- logtype_array[L_ERR_UNK] = 1;
- }
-
- (void) snprintf(logtxt,sizeof(logtxt),format,a1,a2,a3,a4,a5,a6,a7,a8,a9,a0);
-
- if (!logtype_array[type])
- return(logtxt);
-
- if ((logfile = fopen(log_name,"a")) == NULL)
- return(logtxt);
-
- (void) time(&now);
- tm = localtime(&now);
-
- fprintf(logfile,"%2d-%s-%02d %02d:%02d:%02d ",tm->tm_mday,
- month_sname(tm->tm_mon + 1),tm->tm_year,
- tm->tm_hour, tm->tm_min, tm->tm_sec);
- fprintf(logfile,"%s\n",logtxt);
- (void) fclose(logfile);
- return(logtxt);
-}
-
-/*
- * kset_logfile() changes the name of the file to which
- * messages are logged. If kset_logfile() is not called,
- * the logfile defaults to KRBLOG, defined in "krb.h".
- */
-
-void
-kset_logfile(filename)
- char *filename;
-{
- log_name = filename;
- is_open = 0;
-}
diff --git a/kerberosIV/krb/kname_parse.c b/kerberosIV/krb/kname_parse.c
deleted file mode 100644
index 3acdcce0a24..00000000000
--- a/kerberosIV/krb/kname_parse.c
+++ /dev/null
@@ -1,262 +0,0 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/kname_parse.c,v $
- *
- * $Locker: $
- */
-
-/*
- Copyright (C) 1989 by the Massachusetts Institute of Technology
-
- Export of this software from the United States of America is assumed
- to require a specific license from the United States Government.
- It is the responsibility of any person or organization contemplating
- export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. M.I.T. makes no representations about the suitability of
-this software for any purpose. It is provided "as is" without express
-or implied warranty.
-
- */
-
-#include "krb_locl.h"
-
-#define INSTANCE_DOTS_OK 0
-
-/* max size of full name */
-#define FULL_SZ (ANAME_SZ + INST_SZ + REALM_SZ)
-
-#define NAME 0 /* which field are we in? */
-#define INST 1
-#define REALM 2
-
-/*
- * This file contains four routines for handling Kerberos names.
- *
- * kname_parse() breaks a Kerberos name into its name, instance,
- * and realm components.
- *
- * k_isname(), k_isinst(), and k_isrealm() check a given string to see if
- * it's a syntactically legitimate respective part of a Kerberos name,
- * returning 1 if it is, 0 if it isn't.
- *
- * Definition of "syntactically legitimate" names is according to
- * the Project Athena Technical Plan Section E.2.1, page 7 "Specifying
- * names", version dated 21 Dec 1987.
- */
-
-/*
- * kname_parse() takes a Kerberos name "fullname" of the form:
- *
- * username[.instance][@realm]
- *
- * and returns the three components ("name", "instance", and "realm"
- * in the example above) in the given arguments "np", "ip", and "rp".
- *
- * If successful, it returns KSUCCESS. If there was an error,
- * KNAME_FMT is returned.
- */
-
-int
-kname_parse(np, ip, rp, fullname)
- char *np;
- char *ip;
- char *rp;
- char *fullname;
-{
- static char buf[FULL_SZ];
- char *rnext, *wnext; /* next char to read, write */
- register char c;
- int backslash;
- int field;
-
- backslash = 0;
- rnext = buf;
- wnext = np;
- field = NAME;
-
- if (strlen(fullname) > FULL_SZ)
- return KNAME_FMT;
- (void) strcpy(buf, fullname);
-
- while ((c = *rnext++)) {
- if (backslash) {
- *wnext++ = c;
- backslash = 0;
- continue;
- }
- switch (c) {
- case '\\':
- backslash++;
- break;
- case '.':
- switch (field) {
- case NAME:
- if (wnext == np)
- return KNAME_FMT;
- *wnext = '\0';
- field = INST;
- wnext = ip;
- break;
- case INST:
-#if INSTANCE_DOTS_OK
- *wnext++ = c;
- break;
-#else /* INSTANCE_DOTS_OK */
- return KNAME_FMT;
-#endif /* INSTANCE_DOTS_OK */
- /* break; */
- case REALM:
- *wnext++ = c;
- break;
- default:
- fprintf(stderr, "unknown field value\n");
- exit(1);
- }
- break;
- case '@':
- switch (field) {
- case NAME:
- if (wnext == np)
- return KNAME_FMT;
- *ip = '\0';
- /* fall through */
- case INST:
- *wnext = '\0';
- field = REALM;
- wnext = rp;
- break;
- case REALM:
- return KNAME_FMT;
- default:
- fprintf(stderr, "unknown field value\n");
- exit(1);
- }
- break;
- default:
- *wnext++ = c;
- }
- }
- *wnext = '\0';
- if ((strlen(np) > ANAME_SZ - 1) ||
- (strlen(ip) > INST_SZ - 1) ||
- (strlen(rp) > REALM_SZ - 1))
- return KNAME_FMT;
- return KSUCCESS;
-}
-
-/*
- * k_isname() returns 1 if the given name is a syntactically legitimate
- * Kerberos name; returns 0 if it's not.
- */
-
-int
-k_isname(s)
- char *s;
-{
- register char c;
- int backslash = 0;
-
- if (!*s)
- return 0;
- if (strlen(s) > ANAME_SZ - 1)
- return 0;
- while ((c = *s++)) {
- if (backslash) {
- backslash = 0;
- continue;
- }
- switch(c) {
- case '\\':
- backslash = 1;
- break;
- case '.':
- return 0;
- /* break; */
- case '@':
- return 0;
- /* break; */
- }
- }
- return 1;
-}
-
-
-/*
- * k_isinst() returns 1 if the given name is a syntactically legitimate
- * Kerberos instance; returns 0 if it's not.
- */
-
-int
-k_isinst(s)
- char *s;
-{
- register char c;
- int backslash = 0;
-
- if (strlen(s) > INST_SZ - 1)
- return 0;
- while ((c = *s++)) {
- if (backslash) {
- backslash = 0;
- continue;
- }
- switch(c) {
- case '\\':
- backslash = 1;
- break;
- case '.':
-#if INSTANCE_DOTS_OK
- break;
-#else /* INSTANCE_DOTS_OK */
- return 0;
-#endif /* INSTANCE_DOTS_OK */
- /* break; */
- case '@':
- return 0;
- /* break; */
- }
- }
- return 1;
-}
-
-/*
- * k_isrealm() returns 1 if the given name is a syntactically legitimate
- * Kerberos realm; returns 0 if it's not.
- */
-
-int
-k_isrealm(s)
- char *s;
-{
- register char c;
- int backslash = 0;
-
- if (!*s)
- return 0;
- if (strlen(s) > REALM_SZ - 1)
- return 0;
- while ((c = *s++)) {
- if (backslash) {
- backslash = 0;
- continue;
- }
- switch(c) {
- case '\\':
- backslash = 1;
- break;
- case '@':
- return 0;
- /* break; */
- }
- }
- return 1;
-}
diff --git a/kerberosIV/krb/kntoln.c b/kerberosIV/krb/kntoln.c
index 3f4239e2703..8d63ac7f1d9 100644
--- a/kerberosIV/krb/kntoln.c
+++ b/kerberosIV/krb/kntoln.c
@@ -1,10 +1,4 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/kntoln.c,v $
- *
- * $Locker: $
- */
+/* $KTH: kntoln.c,v 1.7 1997/03/23 03:53:12 joda Exp $ */
/*
Copyright (C) 1989 by the Massachusetts Institute of Technology
@@ -56,19 +50,131 @@ or implied warranty.
#include "krb_locl.h"
int
-krb_kntoln(ad, lname)
- AUTH_DAT *ad;
- char *lname;
+krb_kntoln(AUTH_DAT *ad, char *lname)
{
static char lrealm[REALM_SZ] = "";
if (!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE))
return(KFAILURE);
- if (strcmp(ad->pinst,""))
+ if (strcmp(ad->pinst, ""))
return(KFAILURE);
- if (strcmp(ad->prealm,lrealm))
+ if (strcmp(ad->prealm, lrealm))
return(KFAILURE);
- (void) strcpy(lname,ad->pname);
+ strcpy(lname, ad->pname);
return(KSUCCESS);
}
+
+#if 0
+/* Posted to usenet by "Derrick J. Brashear" <shadow+@andrew.cmu.edu> */
+
+#include <krb.h>
+#include <ndbm.h>
+#include <stdio.h>
+#include <sys/file.h>
+#include <strings.h>
+#include <sys/syslog.h>
+#include <sys/errno.h>
+
+extern int errno;
+/*
+ * antoln converts an authentication name into a local name by looking up
+ * the authentication name in the /etc/aname dbm database.
+ *
+ * If the /etc/aname file can not be opened it will set the
+ * local name to the principal name. Thus, in this case it performs as
+ * the identity function.
+ *
+ * The name instance and realm are passed to antoln through
+ * the AUTH_DAT structure (ad).
+ */
+
+static char lrealm[REALM_SZ] = "";
+
+an_to_ln(ad,lname)
+AUTH_DAT *ad;
+char *lname;
+{
+ static DBM *aname = NULL;
+ char keyname[ANAME_SZ+INST_SZ+REALM_SZ+2];
+
+ if(!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE))
+ return(KFAILURE);
+
+ if((strcmp(ad->pinst,"") && strcmp(ad->pinst,"root")) ||
+strcmp(ad->prealm,lrealm)) {
+ datum val;
+ datum key;
+ /*
+ * Non-local name (or) non-null and non-root instance.
+ * Look up in dbm file.
+ */
+ if (!aname) {
+ if ((aname = dbm_open("/etc/aname", O_RDONLY, 0))
+ == NULL) return (KFAILURE);
+ }
+ /* Construct dbm lookup key. */
+ an_to_a(ad, keyname);
+ key.dptr = keyname;
+ key.dsize = strlen(keyname)+1;
+ flock(dbm_dirfno(aname), LOCK_SH);
+ val = dbm_fetch(aname, key);
+ flock(dbm_dirfno(aname), LOCK_UN);
+ if (!val.dptr) {
+ dbm_close(aname);
+ return(KFAILURE);
+ }
+ /* Got it! */
+ strcpy(lname,val.dptr);
+ return(KSUCCESS);
+ } else strcpy(lname,ad->pname);
+ return(KSUCCESS);
+}
+
+an_to_a(ad, str)
+ AUTH_DAT *ad;
+ char *str;
+{
+ strcpy(str, ad->pname);
+ if(*ad->pinst) {
+ strcat(str, ".");
+ strcat(str, ad->pinst);
+ }
+ strcat(str, "@");
+ strcat(str, ad->prealm);
+}
+
+/*
+ * Parse a string of the form "user[.instance][@realm]"
+ * into a struct AUTH_DAT.
+ */
+
+a_to_an(str, ad)
+ AUTH_DAT *ad;
+ char *str;
+{
+ char *buf = (char *)malloc(strlen(str)+1);
+ char *rlm, *inst, *princ;
+
+ if(!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE)) {
+ free(buf);
+ return(KFAILURE);
+ }
+ /* destructive string hacking is more fun.. */
+ strcpy(buf, str);
+
+ if (rlm = index(buf, '@')) {
+ *rlm++ = '\0';
+ }
+ if (inst = index(buf, '.')) {
+ *inst++ = '\0';
+ }
+ strcpy(ad->pname, buf);
+ if(inst) strcpy(ad->pinst, inst);
+ else *ad->pinst = '\0';
+ if (rlm) strcpy(ad->prealm, rlm);
+ else strcpy(ad->prealm, lrealm);
+ free(buf);
+ return(KSUCCESS);
+}
+#endif
diff --git a/kerberosIV/krb/kparse.c b/kerberosIV/krb/kparse.c
deleted file mode 100644
index 1f029177c1e..00000000000
--- a/kerberosIV/krb/kparse.c
+++ /dev/null
@@ -1,796 +0,0 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/kparse.c,v $
- *
- * $Locker: $
- */
-
-/*
- Copyright (C) 1989 by the Massachusetts Institute of Technology
-
- Export of this software from the United States of America is assumed
- to require a specific license from the United States Government.
- It is the responsibility of any person or organization contemplating
- export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. M.I.T. makes no representations about the suitability of
-this software for any purpose. It is provided "as is" without express
-or implied warranty.
-
- */
-
-/*
- * Purpose:
- * This module was developed to parse the "~/.klogin" files for
- * Kerberos-authenticated rlogin/rcp/rsh services. However, it is
- * general purpose and can be used to parse any such parameter file.
- *
- * The parameter file should consist of one or more entries, with each
- * entry on a separate line and consisting of zero or more
- * "keyword=value" combinations. The keyword is case insensitive, but
- * the value is not. Any string may be enclosed in quotes, and
- * c-style "\" literals are supported. A comma may be used to
- * separate the k/v combinations, and multiple commas are ignored.
- * Whitespace (blank or tab) may be used freely and is ignored.
- *
- * Full error processing is available. When PS_BAD_KEYWORD or
- * PS_SYNTAX is returned from fGetParameterSet(), the string ErrorMsg
- * contains a meaningful error message.
- *
- * Keywords and their default values are programmed by an external
- * table.
- *
- * Routines:
- * fGetParameterSet() parse one line of the parameter file
- * fGetKeywordValue() parse one "keyword=value" combo
- * fGetToken() parse one token
- *
- * " <- emacs fix
- */
-
-#include "krb_locl.h"
-
-#include <kerberosIV/kparse.h>
-
-#ifndef FALSE
-#define FALSE 0
-#define TRUE 1
-#endif
-
-#define MAXKEY 80
-#define MAXVALUE 80
-
-int LineNbr=1; /* current line nbr in parameter file */
-char ErrorMsg[80]; /* meaningful only when KV_SYNTAX, PS_SYNTAX,
- * or PS_BAD_KEYWORD is returned by
- * fGetKeywordValue or fGetParameterSet */
-
-int
-fGetParameterSet(fp, parm, parmcount)
- FILE *fp;
- parmtable *parm;
- int parmcount;
-{
- int rc,i;
- char keyword[MAXKEY];
- char value[MAXVALUE];
-
- while (TRUE) {
- rc=fGetKeywordValue(fp,keyword,MAXKEY,value,MAXVALUE);
-
- switch (rc) {
-
- case KV_EOF:
- return(PS_EOF);
-
- case KV_EOL:
- return(PS_OKAY);
-
- case KV_SYNTAX:
- return(PS_SYNTAX);
-
- case KV_OKAY:
- /*
- * got a reasonable keyword/value pair. Search the
- * parameter table to see if we recognize the keyword; if
- * not, return an error. If we DO recognize it, make sure
- * it has not already been given. If not already given,
- * save the value.
- */
- for (i=0; i<parmcount; i++) {
- if (strcmp(strutol(keyword),parm[i].keyword)==0) {
- if (parm[i].value) {
- snprintf(ErrorMsg, sizeof(ErrorMsg),
- "duplicate keyword \"%s\" found", keyword);
- return(PS_BAD_KEYWORD);
- }
- parm[i].value = strsave( value );
- break;
- }
- }
- if (i >= parmcount) {
- snprintf(ErrorMsg, sizeof(ErrorMsg),
- "unrecognized keyword \"%s\" found", keyword);
- return(PS_BAD_KEYWORD);
- }
- break;
-
- default:
- snprintf(ErrorMsg, sizeof(ErrorMsg),
- "panic: bad return (%d) from fGetToken()",rc);
- break;
- }
- }
-}
-
-/*
- * Routine: ParmCompare
- *
- * Purpose:
- * ParmCompare checks a specified value for a particular keyword.
- * fails if keyword not found or keyword found but the value was
- * different. Like strcmp, ParmCompare returns 0 for a match found, -1
- * otherwise
- */
-int
-ParmCompare(parm, parmcount, keyword, value)
- parmtable *parm;
- int parmcount;
- char *keyword;
- char *value;
-{
- int i;
-
- for (i=0; i<parmcount; i++) {
- if (strcmp(parm[i].keyword,keyword)==0) {
- if (parm[i].value) {
- return(strcmp(parm[i].value,value));
- } else {
- return(strcmp(parm[i].defvalue,value));
- }
- }
- }
- return(-1);
-}
-
-void
-FreeParameterSet(parm, parmcount)
- parmtable *parm;
- int parmcount;
-{
- int i;
-
- for (i=0; i<parmcount; i++) {
- if (parm[i].value) {
- free(parm[i].value);
- parm[i].value = (char *)NULL;
- }
- }
-}
-
-int
-fGetKeywordValue(fp, keyword, klen, value, vlen)
- FILE *fp;
- char *keyword;
- int klen;
- char *value;
- int vlen;
-{
- int rc;
- int gotit;
-
- *keyword = *value = '\0'; /* preset strings to NULL */
-
- /*
- * Looking for a keyword.
- * return an exception for EOF or BAD_QSTRING
- * ignore leading WHITEspace
- * ignore any number of leading commas
- * newline means we have all the parms for this
- * statement; give an indication that there is
- * nothing more on this line.
- * stop looking if we find QSTRING, STRING, or NUMBER
- * return syntax error for any other PUNKtuation
- */
- gotit = FALSE;
- do {
- rc = fGetToken(fp,keyword,klen);
-
- switch (rc) {
-
- case GTOK_WHITE:
- break;
-
- case GTOK_EOF:
- return(KV_EOF);
-
- case GTOK_BAD_QSTRING:
- snprintf(ErrorMsg, sizeof(ErrorMsg),
- "unterminated string \"%s found",keyword);
- return(KV_SYNTAX);
-
- case GTOK_PUNK:
- if (strcmp("\n",keyword)==0) {
- return(KV_EOL);
- } else if (strcmp(",",keyword)!=0) {
- snprintf(ErrorMsg, sizeof(ErrorMsg),
- "expecting rvalue, found \'%s\'", keyword);
- }
- break;
-
- case GTOK_STRING:
- case GTOK_QSTRING:
- case GTOK_NUMBER:
- gotit = TRUE;
- break;
-
- default:
- snprintf(ErrorMsg, sizeof(ErrorMsg),
- "panic: bad return (%d) from fGetToken()", rc);
- return(KV_SYNTAX);
- }
-
- } while (!gotit);
-
- /*
- * now we expect an equal sign.
- * skip any whitespace
- * stop looking if we find an equal sign
- * anything else causes a syntax error
- */
- gotit = FALSE;
- do {
- rc = fGetToken(fp,value,vlen);
-
- switch (rc) {
-
- case GTOK_WHITE:
- break;
-
- case GTOK_BAD_QSTRING:
- snprintf(ErrorMsg, sizeof(ErrorMsg),
- "expecting \'=\', found unterminated string \"%s",
- value);
- return(KV_SYNTAX);
-
- case GTOK_PUNK:
- if (strcmp("=",value)==0) {
- gotit = TRUE;
- } else {
- if (strcmp("\n",value)==0) {
- snprintf(ErrorMsg, sizeof(ErrorMsg),
- "expecting \"=\", found newline");
- fUngetChar('\n',fp);
- } else {
- snprintf(ErrorMsg, sizeof(ErrorMsg),
- "expecting rvalue, found \'%s\'",keyword);
- }
- return(KV_SYNTAX);
- }
- break;
-
- case GTOK_STRING:
- case GTOK_QSTRING:
- case GTOK_NUMBER:
- snprintf(ErrorMsg, sizeof(ErrorMsg),
- "expecting \'=\', found \"%s\"", value);
- return(KV_SYNTAX);
-
- case GTOK_EOF:
- snprintf(ErrorMsg, sizeof(ErrorMsg), "expecting \'=\', found EOF");
- return(KV_SYNTAX);
-
- default:
- snprintf(ErrorMsg, sizeof(ErrorMsg),
- "panic: bad return (%d) from fGetToken()",rc);
- return(KV_SYNTAX);
- }
-
- } while ( !gotit );
-
- /*
- * got the keyword and equal sign, now get a value.
- * ignore any whitespace
- * any punctuation is a syntax error
- */
- gotit = FALSE;
- do {
- rc = fGetToken(fp,value,vlen);
-
- switch (rc) {
-
- case GTOK_WHITE:
- break;
-
- case GTOK_EOF:
- snprintf(ErrorMsg, sizeof(ErrorMsg), "expecting rvalue, found EOF");
- return(KV_SYNTAX);
-
- case GTOK_BAD_QSTRING:
- snprintf(ErrorMsg, sizeof(ErrorMsg),
- "unterminated quoted string \"%s", value);
- return(KV_SYNTAX);
-
- case GTOK_PUNK:
- if (strcmp("\n",value)==0) {
- snprintf(ErrorMsg, sizeof(ErrorMsg),
- "expecting rvalue, found newline");
- fUngetChar('\n',fp);
- } else {
- snprintf(ErrorMsg, sizeof(ErrorMsg),
- "expecting rvalue, found \'%s\'",value);
- }
- return(KV_SYNTAX);
- break;
-
- case GTOK_STRING:
- case GTOK_QSTRING:
- case GTOK_NUMBER:
- gotit = TRUE;
- return(KV_OKAY);
-
- default:
- snprintf(ErrorMsg, sizeof(ErrorMsg),
- "panic: bad return (%d) from fGetToken()",rc);
- return(KV_SYNTAX);
- }
-
- } while ( !gotit );
- /*NOTREACHED*/
- return(KV_SYNTAX);
-}
-
-/*
- * Routine Name: fGetToken
- *
- * Function: read the next token from the specified file.
- * A token is defined as a group of characters
- * terminated by a white space char (SPACE, CR,
- * LF, FF, TAB). The token returned is stripped of
- * both leading and trailing white space, and is
- * terminated by a NULL terminator. An alternate
- * definition of a token is a string enclosed in
- * single or double quotes.
- *
- * Explicit Parameters:
- * fp pointer to the input FILE
- * dest pointer to destination buffer
- * maxlen length of the destination buffer. The buffer
- * length INCLUDES the NULL terminator.
- *
- * Implicit Parameters: stderr where the "token too long" message goes
- *
- * External Procedures: fgetc
- *
- * Side Effects: None
- *
- * Return Value: A token classification value, as
- * defined in kparse.h. Note that the
- * classification for end of file is
- * always zero.
- */
-int
-fGetToken(fp, dest, maxlen)
- FILE *fp;
- char *dest;
- int maxlen;
-{
- int ch='\0';
- int len=0;
- char *p = dest;
- int digits;
-
- ch=fGetChar(fp);
-
- /*
- * check for a quoted string. If found, take all characters
- * that fit until a closing quote is found. Note that this
- * algorithm will not behave well for a string which is too long.
- */
- if (ISQUOTE(ch)) {
- int done = FALSE;
- do {
- ch = fGetChar(fp);
- done = ((maxlen<++len)||ISLINEFEED(ch)||(ch==EOF)
- ||ISQUOTE(ch));
- if (ch=='\\')
- ch = fGetLiteral(fp);
- if (!done)
- *p++ = ch;
- else if ((ch!=EOF) && !ISQUOTE(ch))
- fUngetChar(ch,fp);
- } while (!done);
- *p = '\0';
- if (ISLINEFEED(ch)) return(GTOK_BAD_QSTRING);
- return(GTOK_QSTRING);
- }
-
- /*
- * Not a quoted string. If its a token character (rules are
- * defined via the ISTOKENCHAR macro, in kparse.h) take it and all
- * token chars following it until we run out of space.
- */
- digits=TRUE;
- if (ISTOKENCHAR(ch)) {
- while ( (ISTOKENCHAR(ch)) && len<maxlen-1 ) {
- if (!isdigit(ch)) digits=FALSE;
- *p++ = ch;
- len++;
- ch = fGetChar(fp);
- };
- *p = '\0';
-
- if (ch!=EOF) {
- fUngetChar(ch,fp);
- }
- if (digits) {
- return(GTOK_NUMBER);
- } else {
- return(GTOK_STRING);
- }
- }
-
- /*
- * Neither a quoted string nor a token character. Return a string
- * with just that one character in it.
- */
- if (ch==EOF) {
- return(GTOK_EOF);
- }
- if (!ISWHITESPACE(ch)) {
- *p++ = ch;
- *p='\0';
- } else {
- *p++ = ' '; /* white space is always the
- * blank character */
- *p='\0';
- /*
- * The character is a white space. Flush all additional white
- * space.
- */
- while (ISWHITESPACE(ch) && ((ch=fGetChar(fp)) != EOF))
- ;
- if (ch!=EOF) {
- fUngetChar(ch,fp);
- }
- return(GTOK_WHITE);
- }
- return(GTOK_PUNK);
-}
-
-/*
- * fGetLiteral is called after we find a '\' in the input stream. A
- * string of numbers following the backslash are converted to the
- * appropriate value; hex (0xn), octal (0n), and decimal (otherwise)
- * are all supported. If the char after the \ is not a number, we
- * special case certain values (\n, \f, \r, \b) or return a literal
- * otherwise (useful for \", for example).
- *
- * " <- emacs fix
- */
-
-int
-fGetLiteral(fp)
- FILE *fp;
-{
- int ch;
- int n=0;
- int base;
-
- ch = fGetChar(fp);
-
- if (!isdigit(ch)) {
- switch (ch) {
- case 'n': return('\n');
- case 'f': return('\f');
- case 'r': return('\r');
- case 'b': return('\b');
- default: return(ch);
- }
- }
-
- /*
- * got a number. might be decimal (no prefix), octal (prefix 0),
- * or hexadecimal (prefix 0x). Set the base appropriately.
- */
- if (ch!='0') {
- base=10; /* its a decimal number */
- } else {
- /*
- * found a zero, its either hex or octal
- */
- ch = fGetChar(fp);
- if ((ch!='x') && (ch!='X')) {
- base=010;
- } else {
- ch = fGetChar(fp);
- base=0x10;
- }
- }
-
- switch (base) {
-
- case 010: /* octal */
- while (ISOCTAL(ch)) {
- n = (n*base) + ch - '0';
- ch = fGetChar(fp);
- }
- break;
-
- case 10: /* decimal */
- while (isdigit(ch)) {
- n = (n*base) + ch - '0';
- ch = fGetChar(fp);
- }
- break;
- case 0x10: /* hexadecimal */
- while (isxdigit(ch)) {
- if (isdigit(ch)) {
- n = (n*base) + ch - '0';
- } else {
- n = (n*base) + toupper(ch) - 'A' + 0xA ;
- }
- ch = fGetChar(fp);
- }
- break;
- default:
- fprintf(stderr,"fGetLiteral() died real bad. Fix gettoken.c.");
- exit(1);
- break;
- }
- fUngetChar(ch,fp);
- return(n);
-}
-
-/*
- * exactly the same as ungetc(3) except that the line number of the
- * input file is maintained.
- */
-int
-fUngetChar(ch, fp)
- int ch;
- FILE *fp;
-{
- if (ch=='\n') LineNbr--;
- return(ungetc(ch,fp));
-}
-
-/*
- * exactly the same as fgetc(3) except that the line number of the
- * input file is maintained.
- */
-int
-fGetChar(fp)
- FILE *fp;
-{
- int ch = fgetc(fp);
- if (ch=='\n') LineNbr++;
- return(ch);
-}
-
-
-/*
- * Routine Name: strsave
- *
- * Function: return a pointer to a saved copy of the
- * input string. the copy will be allocated
- * as large as necessary.
- *
- * Explicit Parameters: pointer to string to save
- *
- * Implicit Parameters: None
- *
- * External Procedures: malloc,strcpy,strlen
- *
- * Side Effects: None
- *
- * Return Value: pointer to copied string
- *
- */
-char *
-strsave(p)
- char *p;
-{
- return(strcpy(malloc(strlen(p)+1),p));
-}
-
-
-/*
- * strutol changes all characters in a string to lower case, in place.
- * the pointer to the beginning of the string is returned.
- */
-
-char *
-strutol(start)
- char *start;
-{
- char *q;
- for (q=start; *q; q++)
- if (isupper(*q))
- *q=tolower(*q);
- return(start);
-}
-
-#ifdef GTOK_TEST /* mainline test routine for fGetToken() */
-
-#define MAXTOKEN 100
-
-char *pgm = "gettoken";
-
-main(argc,argv)
- int argc;
- char **argv;
-{
- char *p;
- int type;
- FILE *fp;
-
- if (--argc) {
- fp = fopen(*++argv,"ra");
- if (fp == (FILE *)NULL) {
- fprintf(stderr,"can\'t open \"%s\"\n",*argv);
- }
- } else
- fp = stdin;
-
- p = malloc(MAXTOKEN);
- while (type = fGetToken(fp,p,MAXTOKEN)) {
- switch(type) {
- case GTOK_BAD_QSTRING:
- printf("BAD QSTRING!\t");
- break;
- case GTOK_EOF:
- printf("EOF!\t");
- break;
- case GTOK_QSTRING:
- printf("QSTRING\t");
- break;
- case GTOK_STRING:
- printf("STRING\t");
- break;
- case GTOK_NUMBER:
- printf("NUMBER\t");
- break;
- case GTOK_PUNK:
- printf("PUNK\t");
- break;
- case GTOK_WHITE:
- printf("WHITE\t");
- break;
- default:
- printf("HUH?\t");
- break;
- }
- if (*p=='\n')
- printf("\\n\n");
- else
- printf("%s\n",p);
- }
- exit(0);
-}
-#endif
-
-#ifdef KVTEST
-
-main(argc,argv)
- int argc;
- char **argv;
-{
- int rc,ch;
- FILE *fp;
- char key[MAXKEY],valu[MAXVALUE];
- char *filename;
-
- if (argc != 2) {
- fprintf(stderr,"usage: test <filename>\n");
- exit(1);
- }
-
- if (!(fp=fopen(*++argv,"r"))) {
- fprintf(stderr,"can\'t open input file \"%s\"\n",filename);
- exit(1);
- }
- filename = *argv;
-
- while ((rc=fGetKeywordValue(fp,key,MAXKEY,valu,MAXVALUE))!=KV_EOF){
-
- switch (rc) {
-
- case KV_EOL:
- printf("%s, line %d: nada mas.\n",filename,LineNbr-1);
- break;
-
- case KV_SYNTAX:
- printf("%s, line %d: syntax error: %s\n",
- filename,LineNbr,ErrorMsg);
- while ( ((ch=fGetChar(fp))!=EOF) && (ch!='\n') );
- break;
-
- case KV_OKAY:
- printf("%s, line %d: okay, %s=\"%s\"\n",
- filename,LineNbr,key,valu);
- break;
-
- default:
- printf("panic: bad return (%d) from fGetKeywordValue\n",rc);
- break;
- }
- }
- printf("EOF");
- fclose(fp);
- exit(0);
-}
-#endif
-
-#ifdef PSTEST
-
-parmtable kparm[] = {
- /* keyword, default, found value */
- { "user", "", (char *)NULL },
- { "realm", "Athena", (char *)NULL },
- { "instance", "", (char *)NULL }
-};
-
-main(argc,argv)
- int argc;
- char **argv;
-{
- int rc,i,ch;
- FILE *fp;
- char *filename;
-
- if (argc != 2) {
- fprintf(stderr,"usage: test <filename>\n");
- exit(1);
- }
-
- if (!(fp=fopen(*++argv,"r"))) {
- fprintf(stderr,"can\'t open input file \"%s\"\n",filename);
- exit(1);
- }
- filename = *argv;
-
- while ((rc=fGetParameterSet(fp,kparm,PARMCOUNT(kparm))) != PS_EOF) {
-
- switch (rc) {
-
- case PS_BAD_KEYWORD:
- printf("%s, line %d: %s\n",filename,LineNbr,ErrorMsg);
- while ( ((ch=fGetChar(fp))!=EOF) && (ch!='\n') );
- break;
-
- case PS_SYNTAX:
- printf("%s, line %d: syntax error: %s\n",
- filename,LineNbr,ErrorMsg);
- while ( ((ch=fGetChar(fp))!=EOF) && (ch!='\n') );
- break;
-
- case PS_OKAY:
- printf("%s, line %d: valid parameter set found:\n",
- filename,LineNbr-1);
- for (i=0; i<PARMCOUNT(kparm); i++) {
- printf("\t%s = \"%s\"\n",kparm[i].keyword,
- (kparm[i].value ? kparm[i].value
- : kparm[i].defvalue));
- }
- break;
-
- default:
- printf("panic: bad return (%d) from fGetParameterSet\n",rc);
- break;
- }
- FreeParameterSet(kparm,PARMCOUNT(kparm));
- }
- printf("EOF");
- fclose(fp);
- exit(0);
-}
-#endif
diff --git a/kerberosIV/krb/krb_check_auth.c b/kerberosIV/krb/krb_check_auth.c
new file mode 100644
index 00000000000..ddb52d6a9f0
--- /dev/null
+++ b/kerberosIV/krb/krb_check_auth.c
@@ -0,0 +1,76 @@
+/* $KTH: krb_check_auth.c,v 1.4 1997/04/01 08:18:33 joda Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+/*
+ *
+ * Receive an mutual-authenticator for a server in `packet', with
+ * `checksum', `session', and `schedule' having the appropriate values
+ * and return the data in `msg_data'.
+ *
+ * Return KSUCCESS if the received checksum is correct.
+ *
+ */
+
+int
+krb_check_auth(KTEXT packet,
+ u_int32_t checksum,
+ MSG_DAT *msg_data,
+ des_cblock *session,
+ struct des_ks_struct *schedule,
+ struct sockaddr_in *laddr,
+ struct sockaddr_in *faddr)
+{
+ int ret;
+ u_int32_t checksum2;
+
+ ret = krb_rd_priv (packet->dat, packet->length, schedule, session, faddr,
+ laddr, msg_data);
+ if (ret != RD_AP_OK)
+ return ret;
+ if (msg_data->app_length != 4)
+ return KFAILURE;
+ krb_get_int (msg_data->app_data, &checksum2, 4, 0);
+ if (checksum2 == checksum + 1)
+ return KSUCCESS;
+ else
+ return KFAILURE;
+}
diff --git a/kerberosIV/krb/krb_equiv.c b/kerberosIV/krb/krb_equiv.c
new file mode 100644
index 00000000000..8dcc7184853
--- /dev/null
+++ b/kerberosIV/krb/krb_equiv.c
@@ -0,0 +1,144 @@
+/* $KTH: krb_equiv.c,v 1.13 1997/04/01 08:18:33 joda Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * int krb_equiv(u_int32_t ipaddr_a, u_int32_t ipaddr_b);
+ *
+ * Given two IP adresses return true if they match
+ * or are considered to belong to the same host.
+ *
+ * For example if /etc/krb.equiv looks like
+ *
+ * 130.237.223.3 192.16.126.3 # alv alv1
+ * 130.237.223.4 192.16.126.4 # byse byse1
+ * 130.237.228.152 192.16.126.9 # topsy topsy1
+ *
+ * krb_equiv(alv, alv1) would return true but
+ * krb_equiv(alv, byse1) would not.
+ *
+ * A comment starts with an '#' and ends with '\n'.
+ *
+ */
+#include "krb_locl.h"
+
+int krb_ignore_ip_address = 0;
+
+int
+krb_equiv(u_int32_t a, u_int32_t b)
+{
+ FILE *fil;
+ char line[256];
+ int hit_a, hit_b;
+ int iscomment;
+
+ if (a == b) /* trivial match, also the common case */
+ return 1;
+
+ if (krb_ignore_ip_address)
+ return 1; /* if we have decided not to compare */
+
+ a = ntohl(a);
+ b = ntohl(b);
+
+ fil = fopen(KRB_EQUIV, "r");
+ if (fil == NULL) /* open failed */
+ return 0;
+
+ hit_a = hit_b = 0;
+ iscomment = 0;
+ while (fgets(line, sizeof(line)-1, fil) != NULL) /* for each line */
+ {
+ char *t = line;
+ int len = strlen(t);
+
+ /* for each item on this line */
+ while (*t != 0) /* more addresses on this line? */
+ if (*t == '\n') {
+ iscomment = hit_a = hit_b = 0;
+ break;
+ } else if (iscomment)
+ t = line + len - 1;
+ else if (*t == '#') { /* rest is comment */
+ iscomment = 1;
+ ++t;
+ } else if (*t == '\\' ) /* continuation */
+ break;
+ else if (isspace(*t)) /* skip space */
+ t++;
+ else if (isdigit(*t)) /* an address? */
+ {
+ u_int32_t tmp;
+ u_int32_t tmpa, tmpb, tmpc, tmpd;
+
+ sscanf(t, "%d.%d.%d.%d", &tmpa, &tmpb, &tmpc, &tmpd);
+ tmp = (tmpa << 24) | (tmpb << 16) | (tmpc << 8) | tmpd;
+
+ while (*t == '.' || isdigit(*t)) /* done with this address */
+ t++;
+
+ if (tmp != -1) { /* an address (and not broadcast) */
+ u_int32_t mask = (u_int32_t)~0;
+
+ if (*t == '/') {
+ ++t;
+ mask <<= 32 - atoi(t);
+
+ while(isdigit(*t))
+ ++t;
+ }
+
+ if ((tmp & mask) == (a & mask))
+ hit_a = 1;
+ if ((tmp & mask) == (b & mask))
+ hit_b = 1;
+ if (hit_a && hit_b) {
+ fclose(fil);
+ return 1;
+ }
+ }
+ }
+ else
+ ++t; /* garbage on this line, skip it */
+
+ }
+
+ fclose(fil);
+ return 0;
+}
diff --git a/kerberosIV/krb/krb_err.et b/kerberosIV/krb/krb_err.et
index 6c7d37df89e..172e61f12ba 100644
--- a/kerberosIV/krb/krb_err.et
+++ b/kerberosIV/krb/krb_err.et
@@ -3,9 +3,7 @@
# For copying and distribution information, see the file
# "mit-copyright.h".
#
-# $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/krb_err.et,v $
-# $Author: tholo $
-# $Header: /cvs/OpenBSD/src/kerberosIV/krb/Attic/krb_err.et,v 1.1 1995/12/14 06:52:37 tholo Exp $
+# $KTH: krb_err.et,v 1.4 1996/10/27 13:30:28 bg Exp $
#
error_table krb
@@ -226,7 +224,7 @@
"Don't have Kerberos ticket-granting ticket"
ec KRBET_KRB_RES72,
- "Reserved 72"
+ "Can't get Kerberos inter-realm ticket-granting ticket"
ec KRBET_KRB_RES73,
"Reserved 73"
diff --git a/kerberosIV/krb/krb_err_txt.c b/kerberosIV/krb/krb_err_txt.c
index 8423d20e81a..18eb61bba8c 100644
--- a/kerberosIV/krb/krb_err_txt.c
+++ b/kerberosIV/krb/krb_err_txt.c
@@ -1,10 +1,4 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/krb_err_txt.c,v $
- *
- * $Locker: $
- */
+/* $KTH: krb_err_txt.c,v 1.12 1997/04/02 05:37:10 joda Exp $ */
/*
Copyright (C) 1989 by the Massachusetts Institute of Technology
@@ -29,6 +23,7 @@ or implied warranty.
#include "krb_locl.h"
+
/*
* This file contains an array of error text strings.
* The associated error codes (which are defined in "krb.h")
@@ -47,7 +42,7 @@ const char *krb_err_txt[256] = {
"Principal unknown (kerberos)", /* 008 */
"Principal not unique (kerberos)", /* 009 */
"Principal has null key (kerberos)", /* 010 */
- "Reserved error message 11 (kerberos)", /* 011 */
+ "Timeout in request (kerberos)", /* 011 */
"Reserved error message 12 (kerberos)", /* 012 */
"Reserved error message 13 (kerberos)", /* 013 */
"Reserved error message 14 (kerberos)", /* 014 */
@@ -99,16 +94,16 @@ const char *krb_err_txt[256] = {
"Reserved error message 60 (send_to_kdc)", /* 060 */
"Warning: Not ALL tickets returned", /* 061 */
"Password incorrect", /* 062 */
- "Protocol error (get_intkt)", /* 063 */
+ "Protocol error (get_in_tkt)", /* 063 */
"Reserved error message 64 (get_in_tkt)", /* 064 */
"Reserved error message 65 (get_in_tkt)", /* 065 */
"Reserved error message 66 (get_in_tkt)", /* 066 */
"Reserved error message 67 (get_in_tkt)", /* 067 */
"Reserved error message 68 (get_in_tkt)", /* 068 */
"Reserved error message 69 (get_in_tkt)", /* 069 */
- "Generic error (get_intkt)", /* 070 */
+ "Generic error (get_in_tkt)(can't write ticket file)", /* 070 */
"Don't have ticket granting ticket (get_ad_tkt)", /* 071 */
- "Reserved error message 72 (get_ad_tkt)", /* 072 */
+ "Can't get inter-realm ticket granting ticket (get_ad_tkt)", /* 072 */
"Reserved error message 73 (get_ad_tkt)", /* 073 */
"Reserved error message 74 (get_ad_tkt)", /* 074 */
"Reserved error message 75 (get_ad_tkt)", /* 075 */
@@ -293,3 +288,13 @@ const char *krb_err_txt[256] = {
"(reserved)",
"Generic kerberos error (kfailure)", /* 255 */
};
+
+static const char err_failure[] = "Illegal error code passed (krb_get_err_text)";
+
+const char *
+krb_get_err_text(int code)
+{
+ if(code < 0 || code >= MAX_KRB_ERRORS)
+ return err_failure;
+ return krb_err_txt[code];
+}
diff --git a/kerberosIV/krb/krb_get_in_tkt.c b/kerberosIV/krb/krb_get_in_tkt.c
index 1ce8c9926b7..4910e1fe052 100644
--- a/kerberosIV/krb/krb_get_in_tkt.c
+++ b/kerberosIV/krb/krb_get_in_tkt.c
@@ -1,64 +1,45 @@
+/* $KTH: krb_get_in_tkt.c,v 1.22 1997/08/23 15:49:11 joda Exp $ */
+
/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/krb_get_in_tkt.c,v $
- *
- * $Locker: $
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
-/*
- Copyright (C) 1989 by the Massachusetts Institute of Technology
-
- Export of this software from the United States of America is assumed
- to require a specific license from the United States Government.
- It is the responsibility of any person or organization contemplating
- export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. M.I.T. makes no representations about the suitability of
-this software for any purpose. It is provided "as is" without express
-or implied warranty.
-
- */
-
#include "krb_locl.h"
-#include <sys/time.h>
-
-int swap_bytes;
-
-static int
-pkt_clen(pkt)
- KTEXT pkt;
-{
- static unsigned short temp,temp2;
- int clen = 0;
-
- /* Start of ticket list */
- unsigned char *ptr = pkt_a_realm(pkt) + 10
- + strlen((char *)pkt_a_realm(pkt));
-
- /* Finally the length */
- bcopy((char *)(++ptr),(char *)&temp,2); /* alignment */
- if (swap_bytes) {
- /* assume a short is 2 bytes?? */
- swab((char *)&temp,(char *)&temp2,2);
- temp = temp2;
- }
-
- clen = (int) temp;
-
- if (krb_debug)
- printf("Clen is %d\n",clen);
- return(clen);
-}
-
/*
* decrypt_tkt(): Given user, instance, realm, passwd, key_proc
* and the cipher text sent from the KDC, decrypt the cipher text
@@ -66,41 +47,20 @@ pkt_clen(pkt)
*/
static int
-decrypt_tkt(user, instance, realm, arg, key_proc, cipp)
- char *user;
- char *instance;
- char *realm;
- char *arg;
- int (*key_proc)();
- KTEXT *cipp;
+decrypt_tkt(char *user, char *instance, char *realm,
+ void *arg, key_proc_t key_proc, KTEXT *cip)
{
- KTEXT cip = *cipp;
des_cblock key; /* Key for decrypting cipher */
- des_key_schedule key_s;
+ int ret;
-#ifndef NOENCRYPTION
- /* Attempt to decrypt it */
-#endif
-
- /* generate a key */
-
- {
- register int rc;
- rc = (*key_proc)(user,instance,realm,arg,key);
- if (rc)
- return(rc);
- }
+ ret = key_proc(user, instance, realm, arg, &key);
+ if (ret != 0)
+ return ret;
-#ifndef NOENCRYPTION
- des_key_sched(&key,key_s);
- des_pcbc_encrypt((des_cblock *)cip->dat,(des_cblock *)cip->dat,
- (long) cip->length,key_s,&key,DES_DECRYPT);
-#endif /* !NOENCRYPTION */
- /* Get rid of all traces of key */
- bzero((char *)key,sizeof(key));
- bzero((char *)key_s,sizeof(key_s));
+ encrypt_ktext(*cip, &key, DES_DECRYPT);
- return(0);
+ memset(&key, 0, sizeof(key));
+ return 0;
}
/*
@@ -145,187 +105,92 @@ decrypt_tkt(user, instance, realm, arg, key_proc, cipp)
*/
int
-krb_get_in_tkt(user, instance, realm, service, sinstance, life,
- key_proc, decrypt_proc, arg)
- char *user;
- char *instance;
- char *realm;
- char *service;
- char *sinstance;
- int life;
- int (*key_proc)();
- int (*decrypt_proc)();
- char *arg;
+krb_mk_as_req(char *user, char *instance, char *realm,
+ char *service, char *sinstance, int life, KTEXT cip)
{
KTEXT_ST pkt_st;
KTEXT pkt = &pkt_st; /* Packet to KDC */
KTEXT_ST rpkt_st;
- KTEXT rpkt = &rpkt_st; /* Returned packet */
- KTEXT_ST cip_st;
- KTEXT cip = &cip_st; /* Returned Ciphertext */
- KTEXT_ST tkt_st;
- KTEXT tkt = &tkt_st; /* Current ticket */
- des_cblock ses; /* Session key for tkt */
- int kvno; /* Kvno for session key */
- unsigned char *v = pkt->dat; /* Prot vers no */
- unsigned char *t = (pkt->dat+1); /* Prot msg type */
-
- char s_name[SNAME_SZ];
- char s_instance[INST_SZ];
- char rlm[REALM_SZ];
- int lifetime;
- int msg_byte_order;
+ KTEXT rpkt = &rpkt_st; /* Reply from KDC */
+
int kerror;
- unsigned long exp_date;
- char *ptr;
-
- struct timeval t_local;
-
- unsigned long rep_err_code;
-
- unsigned long kdc_time; /* KDC time */
+ struct timeval tv;
/* BUILD REQUEST PACKET */
- /* Set up the fixed part of the packet */
- *v = (unsigned char) KRB_PROT_VERSION;
- *t = (unsigned char) AUTH_MSG_KDC_REQUEST;
- *t |= HOST_BYTE_ORDER;
+ unsigned char *p = pkt->dat;
+
+ p += krb_put_int(KRB_PROT_VERSION, p, 1);
+ p += krb_put_int(AUTH_MSG_KDC_REQUEST, p, 1);
+
+ p += krb_put_nir(user, instance, realm, p);
- /* Now for the variable info */
- (void) strcpy((char *)(pkt->dat+2),user); /* aname */
- pkt->length = 3 + strlen(user);
- (void) strcpy((char *)(pkt->dat+pkt->length),
- instance); /* instance */
- pkt->length += 1 + strlen(instance);
- (void) strcpy((char *)(pkt->dat+pkt->length),realm); /* realm */
- pkt->length += 1 + strlen(realm);
+ gettimeofday(&tv, NULL);
+ p += krb_put_int(tv.tv_sec, p, 4);
+ p += krb_put_int(life, p, 1);
- (void) gettimeofday(&t_local,(struct timezone *) 0);
- /* timestamp */
- bcopy((char *)&(t_local.tv_sec),(char *)(pkt->dat+pkt->length), 4);
- pkt->length += 4;
+ p += krb_put_nir(service, sinstance, NULL, p);
- *(pkt->dat+(pkt->length)++) = (char) life;
- (void) strcpy((char *)(pkt->dat+pkt->length),service);
- pkt->length += 1 + strlen(service);
- (void) strcpy((char *)(pkt->dat+pkt->length),sinstance);
- pkt->length += 1 + strlen(sinstance);
+ pkt->length = p - pkt->dat;
rpkt->length = 0;
/* SEND THE REQUEST AND RECEIVE THE RETURN PACKET */
- if ((kerror = send_to_kdc(pkt, rpkt, realm))) return(kerror);
-
- /* check packet version of the returned packet */
- if (pkt_version(rpkt) != KRB_PROT_VERSION)
- return(INTK_PROT);
-
- /* Check byte order */
- msg_byte_order = pkt_msg_type(rpkt) & 1;
- swap_bytes = 0;
- if (msg_byte_order != HOST_BYTE_ORDER) {
- swap_bytes++;
- }
-
- switch (pkt_msg_type(rpkt) & ~1) {
- case AUTH_MSG_KDC_REPLY:
- break;
- case AUTH_MSG_ERR_REPLY:
- bcopy(pkt_err_code(rpkt),(char *) &rep_err_code,4);
- if (swap_bytes) swap_u_long(rep_err_code);
- return((int)rep_err_code);
- default:
- return(INTK_PROT);
- }
-
- /* EXTRACT INFORMATION FROM RETURN PACKET */
-
- /* get the principal's expiration date */
- bcopy(pkt_x_date(rpkt),(char *) &exp_date,sizeof(exp_date));
- if (swap_bytes) swap_u_long(exp_date);
-
- /* Extract the ciphertext */
- cip->length = pkt_clen(rpkt); /* let clen do the swap */
-
- if ((cip->length < 0) || (cip->length > sizeof(cip->dat)))
- return(INTK_ERR); /* no appropriate error code
- currently defined for INTK_ */
- /* copy information from return packet into "cip" */
- bcopy((char *) pkt_cipher(rpkt),(char *)(cip->dat),cip->length);
+ kerror = send_to_kdc(pkt, rpkt, realm);
+ if(kerror) return kerror;
+ kerror = kdc_reply_cipher(rpkt, cip);
+ return kerror;
+}
- /* Attempt to decrypt the reply. */
+int
+krb_decode_as_rep(char *user, char *instance, char *realm,
+ char *service, char *sinstance,
+ key_proc_t key_proc, decrypt_proc_t decrypt_proc, void *arg,
+ KTEXT as_rep, CREDENTIALS *cred)
+{
+ int kerror;
+ unsigned char *p;
+ time_t now;
+
if (decrypt_proc == NULL)
decrypt_proc = decrypt_tkt;
- (*decrypt_proc)(user, instance, realm, arg, key_proc, &cip);
-
- ptr = (char *) cip->dat;
-
- /* extract session key */
- bcopy(ptr,(char *)ses,8);
- ptr += 8;
-
- if ((strlen(ptr) + (ptr - (char *) cip->dat)) > cip->length)
- return(INTK_BADPW);
-
- /* extract server's name */
- (void) strcpy(s_name,ptr);
- ptr += strlen(s_name) + 1;
-
- if ((strlen(ptr) + (ptr - (char *) cip->dat)) > cip->length)
- return(INTK_BADPW);
-
- /* extract server's instance */
- (void) strcpy(s_instance,ptr);
- ptr += strlen(s_instance) + 1;
-
- if ((strlen(ptr) + (ptr - (char *) cip->dat)) > cip->length)
- return(INTK_BADPW);
-
- /* extract server's realm */
- (void) strcpy(rlm,ptr);
- ptr += strlen(rlm) + 1;
-
- /* extract ticket lifetime, server key version, ticket length */
- /* be sure to avoid sign extension on lifetime! */
- lifetime = (unsigned char) ptr[0];
- kvno = (unsigned char) ptr[1];
- tkt->length = (unsigned char) ptr[2];
- ptr += 3;
-
- if ((tkt->length < 0) ||
- ((tkt->length + (ptr - (char *) cip->dat)) > cip->length))
- return(INTK_BADPW);
-
- /* extract ticket itself */
- bcopy(ptr,(char *)(tkt->dat),tkt->length);
- ptr += tkt->length;
-
- if (strcmp(s_name, service) || strcmp(s_instance, sinstance) ||
- strcmp(rlm, realm)) /* not what we asked for */
- return(INTK_ERR); /* we need a better code here XXX */
-
- /* check KDC time stamp */
- bcopy(ptr,(char *)&kdc_time,4); /* Time (coarse) */
- if (swap_bytes) swap_u_long(kdc_time);
-
- ptr += 4;
-
- (void) gettimeofday(&t_local,(struct timezone *) 0);
- if (abs((int)(t_local.tv_sec - kdc_time)) > CLOCK_SKEW) {
- return(RD_AP_TIME); /* XXX should probably be better
- code */
+ (*decrypt_proc)(user, instance, realm, arg, key_proc, &as_rep);
+
+ kerror = kdc_reply_cred(as_rep, cred);
+ if(kerror != KSUCCESS)
+ return kerror;
+
+ if (strcmp(cred->service, service) ||
+ strcmp(cred->instance, sinstance) ||
+ strcmp(cred->realm, realm)) /* not what we asked for */
+ return INTK_ERR; /* we need a better code here XXX */
+
+ now = time(NULL);
+ if (abs((int)(now - cred->issue_date)) > CLOCK_SKEW) {
+ return RD_AP_TIME; /* XXX should probably be better code */
}
- /* initialize ticket cache */
- if (in_tkt(user,instance) != KSUCCESS)
- return(INTK_ERR);
-
- /* stash ticket, session key, etc. for future use */
- if ((kerror = save_credentials(s_name, s_instance, rlm, ses,
- lifetime, kvno, tkt, t_local.tv_sec)))
- return(kerror);
+ return 0;
+}
- return(INTK_OK);
+int
+krb_get_in_tkt(char *user, char *instance, char *realm,
+ char *service, char *sinstance, int life,
+ key_proc_t key_proc, decrypt_proc_t decrypt_proc, void *arg)
+{
+ KTEXT_ST as_rep;
+ CREDENTIALS cred;
+ int ret;
+
+ ret = krb_mk_as_req(user, instance, realm,
+ service, sinstance, life, &as_rep);
+ if(ret)
+ return ret;
+ ret = krb_decode_as_rep(user, instance, realm, service, sinstance,
+ key_proc, decrypt_proc, arg, &as_rep, &cred);
+ if(ret)
+ return ret;
+
+ return tf_setup(&cred, user, instance);
}
diff --git a/kerberosIV/krb/krb_locl.h b/kerberosIV/krb/krb_locl.h
index 45f46bbf991..75b668a5170 100644
--- a/kerberosIV/krb/krb_locl.h
+++ b/kerberosIV/krb/krb_locl.h
@@ -1,40 +1,128 @@
-/* $Id: krb_locl.h,v 1.1 1995/12/14 06:52:38 tholo Exp $ */
+/* $KTH: krb_locl.h,v 1.44 1997/10/28 15:37:40 bg Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
#ifndef __krb_locl_h
#define __krb_locl_h
#include <sys/cdefs.h>
-#include "kerberosIV/site.h"
+#include <kerberosIV/site.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
+#include <assert.h>
+#include <stdarg.h>
+
+#include <errno.h>
+#include <pwd.h>
#include <unistd.h>
#include <sys/types.h>
+#include <sys/time.h>
#include <time.h>
+#include <sys/time.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <sys/file.h>
+#include <sys/select.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+#include <arpa/nameser.h>
+#include <resolv.h>
#include <errno.h>
#include <kerberosIV/krb.h>
#include <prot.h>
+#include "resolve.h"
+#include "krb_log.h"
+
/* --- */
/* Globals! */
extern int krb_debug;
extern int krb_ap_req_debug;
+extern int krb_dns_debug;
+
+/* Temporary fixes for krb_{rd,mk}_safe */
+#define DES_QUAD_GUESS 0
+#define DES_QUAD_NEW 1
+#define DES_QUAD_OLD 2
+
+/* Set this to one of the constants above to specify default checksum
+ type to emit */
+#define DES_QUAD_DEFAULT DES_QUAD_GUESS
/* Utils */
-char *pkt_cipher __P((KTEXT));
+int krb_name_to_name(const char *, char *, size_t);
+
+void encrypt_ktext(KTEXT cip, des_cblock *key, int encrypt);
+int kdc_reply_cred(KTEXT cip, CREDENTIALS *cred);
+int kdc_reply_cipher(KTEXT reply, KTEXT cip);
+
+void k_ricercar(char*);
+
+/* safe multiple strcat */
+int k_concat(char*, size_t, ...);
+int k_vconcat(char*, size_t, va_list);
+
+/* mallocing versions of the above */
+size_t k_vmconcat (char**, size_t, va_list);
+size_t k_mconcat (char**, size_t, ...);
+
+/* used in rd_safe.c and mk_safe.c */
+
+void fixup_quad_cksum(void *start, size_t len, des_cblock *key,
+ void *new_checksum, void *old_checksum, int little);
+
+/* stuff from libroken*/
-int new_log __P((time_t, char *));
-char *klog ();
+#ifndef TRUE
+#define TRUE 1
+#endif
-char *month_sname __P((int));
-int fgetst __P((FILE *, char *, int));
+#ifndef FALSE
+#define FALSE 0
+#endif
#endif /* __krb_locl_h */
diff --git a/kerberosIV/krb/kuserok.c b/kerberosIV/krb/kuserok.c
index 7cc7e4af413..6908354e5fe 100644
--- a/kerberosIV/krb/kuserok.c
+++ b/kerberosIV/krb/kuserok.c
@@ -1,55 +1,68 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/kuserok.c,v $
- *
- * $Locker: $
- */
-
-/*
- Copyright (C) 1989 by the Massachusetts Institute of Technology
-
- Export of this software from the United States of America is assumed
- to require a specific license from the United States Government.
- It is the responsibility of any person or organization contemplating
- export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. M.I.T. makes no representations about the suitability of
-this software for any purpose. It is provided "as is" without express
-or implied warranty.
-
- */
+/* $KTH: kuserok.c,v 1.21 1997/04/01 08:18:35 joda Exp $ */
/*
- * kuserok: check if a kerberos principal has
- * access to a local account
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
#include "krb_locl.h"
-#include <pwd.h>
-#include <sys/param.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <sys/file.h>
-
#define OK 0
#define NOTOK 1
#define MAX_USERNAME 10
-/*
- * Given a Kerberos principal "kdata", and a local username "luser",
- * determine whether user is authorized to login according to the
- * authorization file ("~luser/.klogin" by default). Returns OK
- * if authorized, NOTOK if not authorized.
+/*
+ * Given a Kerberos principal and a local username, determine whether
+ * user is authorized to login according to the authorization file
+ * ("~luser/.klogin" by default). Returns OK if authorized, NOTOK if
+ * not authorized.
+ *
+ * IMPORTANT CHANGE: To eliminate the need of making a distinction
+ * between the 3 cases:
+ *
+ * 1. We can't verify that a .klogin file doesn't exist (no home dir).
+ * 2. It's there but we aren't allowed to read it.
+ * 3. We can read it and ~luser@LOCALREALM is (not) included.
+ *
+ * We instead make the assumption that luser@LOCALREALM is *always*
+ * included. Thus it is impossible to have an empty .klogin file and
+ * also to exclude luser@LOCALREALM from it. Root is treated differently
+ * since it's home should always be available.
*
+ * OLD STRATEGY:
* If there is no account for "luser" on the local machine, returns
* NOTOK. If there is no authorization file, and the given Kerberos
* name "kdata" translates to the same name as "luser" (using
@@ -64,148 +77,80 @@ or implied warranty.
*
* one entry per line.
*
- * The ATHENA_COMPAT code supports old-style Athena ~luser/.klogin
- * file entries. See the file "kparse.c".
*/
-#ifdef ATHENA_COMPAT
-
-#include <kparse.h>
-
-/*
- * The parmtable defines the keywords we will recognize with their
- * default values, and keeps a pointer to the found value. The found
- * value should be filled in with strsave(), since FreeParameterSet()
- * will release memory for all non-NULL found strings.
- *
-*** NOTE WELL! ***
- *
- * The table below is very nice, but we cannot hard-code a default for the
- * realm: we have to get the realm via krb_get_lrealm(). Even though the
- * default shows as "from krb_get_lrealm, below", it gets changed in
- * kuserok to whatever krb_get_lrealm() tells us. That code assumes that
- * the realm will be the entry number in the table below, so if you
- * change the order of the entries below, you have to change the
- * #definition of REALM_SCRIPT to reflect it.
- */
-#define REALM_SUBSCRIPT 1
-parmtable kparm[] = {
-
-/* keyword default found value */
-{"user", "", (char *) NULL},
-{"realm", "see krb_get_lrealm, below", (char *) NULL},
-{"instance", "", (char *) NULL},
-};
-#define KPARMS kparm,PARMCOUNT(kparm)
-#endif /* ATHENA_COMPAT */
-
int
-kuserok(kdata, luser)
- AUTH_DAT *kdata;
- char *luser;
+krb_kuserok(char *name, char *instance, char *realm, char *luser)
{
- struct stat sbuf;
struct passwd *pwd;
- char pbuf[MAXPATHLEN];
- int isok = NOTOK, rc;
- FILE *fp;
- char kuser[MAX_USERNAME];
- char principal[ANAME_SZ], inst[INST_SZ], realm[REALM_SZ];
- char linebuf[BUFSIZ];
- char *newline;
- int gobble;
-#ifdef ATHENA_COMPAT
- char local_realm[REALM_SZ];
-#endif /* ATHENA_COMPAT */
-
- /* no account => no access */
- if ((pwd = getpwnam(luser)) == NULL) {
- return(NOTOK);
+ char lrealm[REALM_SZ];
+ FILE *f;
+ char line[1024];
+ char file[MAXPATHLEN];
+ struct stat st;
+
+ pwd = getpwnam(luser);
+ if(pwd == NULL)
+ return NOTOK;
+ if(krb_get_lrealm(lrealm, 1))
+ return NOTOK;
+ if(pwd->pw_uid != 0 &&
+ strcmp(name, luser) == 0 &&
+ strcmp(instance, "") == 0 &&
+ strcmp(realm, lrealm) == 0)
+ return OK;
+ strcpy(file, pwd->pw_dir);
+ strcat(file, "/.klogin");
+
+ f = fopen(file, "r");
+ if(f == NULL)
+ return NOTOK;
+
+ /* this is not a working test in filesystems like AFS and DFS */
+ if(fstat(fileno(f), &st) < 0){
+ fclose(f);
+ return NOTOK;
}
- snprintf(pbuf, sizeof pbuf, "%s/.klogin", pwd->pw_dir);
-
- if (access(pbuf, F_OK)) { /* not accessible */
- /*
- * if he's trying to log in as himself, and there is no .klogin file,
- * let him. To find out, call
- * krb_kntoln to convert the triple in kdata to a name which we can
- * string compare.
- */
- if (!krb_kntoln(kdata, kuser) && (strcmp(kuser, luser) == 0)) {
- return(OK);
- }
- }
- /* open ~/.klogin */
- if ((fp = fopen(pbuf, "r")) == NULL) {
- return(NOTOK);
+
+ if(st.st_uid != pwd->pw_uid){
+ fclose(f);
+ return NOTOK;
}
- /*
- * security: if the user does not own his own .klogin file,
- * do not grant access
- */
- if (fstat(fileno(fp), &sbuf)) {
- fclose(fp);
- return(NOTOK);
+
+ while(fgets(line, sizeof(line), f)){
+ char fname[ANAME_SZ], finst[INST_SZ], frealm[REALM_SZ];
+ if(line[strlen(line) - 1] != '\n')
+ /* read till end of line */
+ while(1){
+ int c = fgetc(f);
+ if(c == '\n' || c == EOF)
+ break;
+ }
+ else
+ line[strlen(line) - 1] = 0;
+
+ if(kname_parse(fname, finst, frealm, line))
+ continue;
+ if(strcmp(name, fname))
+ continue;
+ if(strcmp(instance, finst))
+ continue;
+ if(frealm[0] == 0)
+ strcpy(frealm, lrealm);
+ if(strcmp(realm, frealm))
+ continue;
+ fclose(f);
+ return OK;
}
- if (sbuf.st_uid != pwd->pw_uid) {
- fclose(fp);
- return(NOTOK);
- }
-
-#ifdef ATHENA_COMPAT
- /* Accept old-style .klogin files */
-
- /*
- * change the default realm from the hard-coded value to the
- * accepted realm that Kerberos specifies.
- */
- rc = krb_get_lrealm(local_realm, 1);
- if (rc == KSUCCESS)
- kparm[REALM_SUBSCRIPT].defvalue = local_realm;
- else
- return (rc);
-
- /* check each line */
- while ((isok != OK) && (rc = fGetParameterSet(fp, KPARMS)) != PS_EOF) {
- switch (rc) {
- case PS_BAD_KEYWORD:
- case PS_SYNTAX:
- while (((gobble = fGetChar(fp)) != EOF) && (gobble != '\n'));
- break;
-
- case PS_OKAY:
- isok = (ParmCompare(KPARMS, "user", kdata->pname) ||
- ParmCompare(KPARMS, "instance", kdata->pinst) ||
- ParmCompare(KPARMS, "realm", kdata->prealm));
- break;
+ fclose(f);
+ return NOTOK;
+}
- default:
- break;
- }
- FreeParameterSet(kparm, PARMCOUNT(kparm));
- }
- /* reset the stream for parsing new-style names, if necessary */
- rewind(fp);
-#endif /* ATHENA_COMPAT */
+/* compatibility interface */
- /* check each line */
- while ((isok != OK) && (fgets(linebuf, BUFSIZ, fp) != NULL)) {
- /* null-terminate the input string */
- linebuf[BUFSIZ-1] = '\0';
- newline = NULL;
- /* nuke the newline if it exists */
- if ((newline = strchr(linebuf, '\n')))
- *newline = '\0';
- rc = kname_parse(principal, inst, realm, linebuf);
- if (rc == KSUCCESS) {
- isok = (strncmp(kdata->pname, principal, ANAME_SZ) ||
- strncmp(kdata->pinst, inst, INST_SZ) ||
- strncmp(kdata->prealm, realm, REALM_SZ));
- }
- /* clean up the rest of the line if necessary */
- if (!newline)
- while (((gobble = getc(fp)) != EOF) && gobble != '\n');
- }
- fclose(fp);
- return(isok);
+int
+kuserok(AUTH_DAT *auth, char *luser)
+{
+ return krb_kuserok(auth->pname, auth->pinst, auth->prealm, luser);
}
+
diff --git a/kerberosIV/krb/lifetime.c b/kerberosIV/krb/lifetime.c
index 9b04bd0ba4d..1795bade304 100644
--- a/kerberosIV/krb/lifetime.c
+++ b/kerberosIV/krb/lifetime.c
@@ -1,25 +1,4 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/lifetime.c,v $
- *
- * $Locker: $
- */
-
-/***************************************************************************
- * PRE-HISTORY
- *
- * Revision 2.1.2.2 91/11/08 00:35:25 mja
- * Lower NEVERDATE to a positive value since time values are not
- * handled properly by most of the rest of the system when
- * negative; add krb_life_to_atime() and krb_atime_to_life().
- * [91/11/07 22:52:50 mja]
- *
- * Revision 2.1.2.1 91/07/09 22:50:42 mja
- * Created.
- * [91/01/30 jm36@ANDREW.CMU.EDU]
- *
- ***************************************************************************/
+/* $KTH: lifetime.c,v 1.9 1997/05/02 14:29:18 assar Exp $ */
/*
* Ticket lifetime. This defines the table used to lookup lifetime
@@ -36,6 +15,9 @@
#include "krb_locl.h"
+/* If you want to disable this feature */
+int krb_no_long_lifetimes = 0;
+
#define TKTLIFENUMFIXED 64
#define TKTLIFEMINFIXED 0x80
#define TKTLIFEMAXFIXED 0xBF
@@ -125,11 +107,12 @@ static const int tkt_lifetimes[TKTLIFENUMFIXED] = {
* in seconds, which is added to start to produce the end time.
*/
u_int32_t
-krb_life_to_time(start, life)
- u_int32_t start;
- int life;
+krb_life_to_time(u_int32_t start, int life_)
{
- life = (unsigned char) life;
+ unsigned char life = (unsigned char) life_;
+
+ if (krb_no_long_lifetimes) return start + life*5*60;
+
if (life == TKTLIFENOEXPIRE) return NEVERDATE;
if (life < TKTLIFEMINFIXED) return start + life*5*60;
if (life > TKTLIFEMAXFIXED) return start + MAXTKTLIFETIME;
@@ -148,16 +131,14 @@ krb_life_to_time(start, life)
* the table for the smallest entry *greater than or equal* to the
* requested entry.
*/
-int
-krb_time_to_life(start, end)
- u_int32_t start;
- u_int32_t end;
+int krb_time_to_life(u_int32_t start, u_int32_t end)
{
- long lifetime;
int i;
+ long lifetime = end - start;
+
+ if (krb_no_long_lifetimes) return (lifetime + 5*60 - 1)/(5*60);
if (end >= NEVERDATE) return TKTLIFENOEXPIRE;
- lifetime = end - start;
if (lifetime > MAXTKTLIFETIME || lifetime <= 0) return 0;
if (lifetime < tkt_lifetimes[0]) return (lifetime + 5*60 - 1)/(5*60);
for (i=0; i<TKTLIFENUMFIXED; i++) {
@@ -169,14 +150,13 @@ krb_time_to_life(start, end)
}
char *
-krb_life_to_atime(life)
- int life;
+krb_life_to_atime(int life)
{
static char atime[11+1+2+1+2+1+2+1];
unsigned long when;
int secs, mins, hours;
- if (life == TKTLIFENOEXPIRE)
+ if (life == TKTLIFENOEXPIRE && !krb_no_long_lifetimes)
return("Forever");
when = krb_life_to_time(0, life);
secs = when%60;
@@ -185,17 +165,15 @@ krb_life_to_atime(life)
when /= 60;
hours = when%24;
when /= 24;
- snprintf(atime, sizeof(atime), "%d+%02d:%02d:%02d", (int)when, hours,
- mins, secs);
+ snprintf(atime, sizeof(atime), "%d+%02d:%02d:%02d", (int)when, hours, mins, secs);
return(atime);
}
int
-krb_atime_to_life(atime)
- char *atime;
+krb_atime_to_life(char *atime)
{
unsigned long when = 0;
- register char *cp;
+ char *cp;
int colon = 0, plus = 0;
int n = 0;
diff --git a/kerberosIV/krb/log.c b/kerberosIV/krb/log.c
deleted file mode 100644
index 5cea8483276..00000000000
--- a/kerberosIV/krb/log.c
+++ /dev/null
@@ -1,133 +0,0 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/log.c,v $
- *
- * $Locker: $
- */
-
-/*
- Copyright (C) 1989 by the Massachusetts Institute of Technology
-
- Export of this software from the United States of America is assumed
- to require a specific license from the United States Government.
- It is the responsibility of any person or organization contemplating
- export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. M.I.T. makes no representations about the suitability of
-this software for any purpose. It is provided "as is" without express
-or implied warranty.
-
- */
-
-#include "krb_locl.h"
-
-#include <sys/time.h>
-
-#include <klog.h>
-
-static char *log_name = KRBLOG;
-static is_open;
-
-/*
- * This file contains three logging routines: set_logfile()
- * to determine the file that log entries should be written to;
- * and log() and new_log() to write log entries to the file.
- */
-
-/*
- * log() is used to add entries to the logfile (see set_logfile()
- * below). Note that it is probably not portable since it makes
- * assumptions about what the compiler will do when it is called
- * with less than the correct number of arguments which is the
- * way it is usually called.
- *
- * The log entry consists of a timestamp and the given arguments
- * printed according to the given "format".
- *
- * The log file is opened and closed for each log entry.
- *
- * The return value is undefined.
- */
-
-/*VARARGS1 */
-void
-log(format, a1, a2, a3, a4, a5, a6, a7, a8, a9, a0)
- char *format;
- int a1, a2, a3, a4, a5, a6, a7, a8, a9, a0;
-{
- FILE *logfile;
- time_t now;
- struct tm *tm;
-
- if ((logfile = fopen(log_name,"a")) == NULL)
- return;
-
- (void) time(&now);
- tm = localtime(&now);
-
- fprintf(logfile,"%2d-%s-%02d %02d:%02d:%02d ",tm->tm_mday,
- month_sname(tm->tm_mon + 1),tm->tm_year,
- tm->tm_hour, tm->tm_min, tm->tm_sec);
- fprintf(logfile,format,a1,a2,a3,a4,a5,a6,a7,a8,a9,a0);
- fprintf(logfile,"\n");
- (void) fclose(logfile);
- return;
-}
-
-/*
- * set_logfile() changes the name of the file to which
- * messages are logged. If set_logfile() is not called,
- * the logfile defaults to KRBLOG, defined in "krb.h".
- */
-
-void
-set_logfile(filename)
- char *filename;
-{
- log_name = filename;
- is_open = 0;
-}
-
-/*
- * new_log() appends a log entry containing the give time "t" and the
- * string "string" to the logfile (see set_logfile() above). The file
- * is opened once and left open. The routine returns 1 on failure, 0
- * on success.
- */
-
-int
-new_log(t, string)
- time_t t;
- char *string;
-{
- static FILE *logfile;
-
- struct tm *tm;
-
- if (!is_open) {
- if ((logfile = fopen(log_name,"a")) == NULL) return(1);
- is_open = 1;
- }
-
- if (t) {
- tm = localtime(&t);
-
- fprintf(logfile,"\n%2d-%s-%02d %02d:%02d:%02d %s",tm->tm_mday,
- month_sname(tm->tm_mon + 1),tm->tm_year,
- tm->tm_hour, tm->tm_min, tm->tm_sec, string);
- }
- else {
- fprintf(logfile,"\n%20s%s","",string);
- }
-
- (void) fflush(logfile);
- return(0);
-}
diff --git a/kerberosIV/krb/logging.c b/kerberosIV/krb/logging.c
new file mode 100644
index 00000000000..46c7ba2c998
--- /dev/null
+++ b/kerberosIV/krb/logging.c
@@ -0,0 +1,240 @@
+/* $KTH: logging.c,v 1.14 1997/05/11 09:01:40 assar Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+#include <klog.h>
+
+struct krb_log_facility {
+ char filename[MAXPATHLEN];
+ FILE *file;
+ krb_log_func_t func;
+};
+
+int
+krb_vlogger(struct krb_log_facility *f, const char *format, va_list args)
+{
+ FILE *file = NULL;
+ int ret;
+
+ if (f->file != NULL)
+ file = f->file;
+ else if (f->filename && f->filename[0])
+ file = fopen(f->filename, "a");
+
+ ret = f->func(file, format, args);
+
+ if (file != f->file)
+ fclose(file);
+ return ret;
+}
+
+int
+krb_logger(struct krb_log_facility *f, const char *format, ...)
+{
+ va_list args;
+ int ret;
+ va_start(args, format);
+ ret = krb_vlogger(f, format, args);
+ va_end(args);
+ return ret;
+}
+
+/*
+ * If FILE * is given log to it, otherwise, log to filename. When
+ * given a file name the file is opened and closed for each log
+ * record.
+ */
+int
+krb_openlog(struct krb_log_facility *f,
+ char *filename,
+ FILE *file,
+ krb_log_func_t func)
+{
+ strcpy(f->filename, filename);
+ f->file = file;
+ f->func = func;
+ return KSUCCESS;
+}
+
+/* ------------------------------------------------------------
+ Compatibility functions from warning.c
+ ------------------------------------------------------------ */
+
+static int
+log_tty(FILE *f, const char *format, va_list args)
+{
+ if (f != NULL && isatty(fileno(f)))
+ vfprintf(f, format, args);
+ return KSUCCESS;
+}
+
+/* stderr */
+static struct krb_log_facility std_log = { "/dev/tty", NULL, log_tty };
+
+static void
+init_std_log ()
+{
+ static int done = 0;
+
+ if (!done) {
+ std_log.file = stderr;
+ done = 1;
+ }
+}
+
+/*
+ *
+ */
+void
+krb_set_warnfn (krb_warnfn_t newfunc)
+{
+ init_std_log ();
+ std_log.func = newfunc;
+}
+
+/*
+ *
+ */
+krb_warnfn_t
+krb_get_warnfn (void)
+{
+ init_std_log ();
+ return std_log.func;
+}
+
+/*
+ * Log warnings to stderr if it's a tty.
+ */
+void
+krb_warning (const char *format, ...)
+{
+ va_list args;
+
+ init_std_log ();
+ va_start(args, format);
+ krb_vlogger(&std_log, format, args);
+ va_end(args);
+}
+
+/* ------------------------------------------------------------
+ Compatibility functions from klog.c and log.c
+ ------------------------------------------------------------ */
+
+/*
+ * Used by kerberos and kadmind daemons and in libkrb (rd_req.c).
+ *
+ * By default they log to the kerberos server log-file (KRBLOG) to be
+ * backwards compatible.
+ */
+
+static int
+log_with_timestamp_and_nl(FILE *file, const char *format, va_list args)
+{
+ time_t now;
+ if(file == NULL)
+ return KFAILURE;
+ time(&now);
+ fputs(krb_stime(&now), file);
+ fputs(": ", file);
+ vfprintf(file, format, args);
+ fputs("\n", file);
+ fflush(file);
+ return KSUCCESS;
+}
+
+static struct krb_log_facility
+file_log = { KRBLOG, NULL, log_with_timestamp_and_nl };
+
+/*
+ * kset_logfile() changes the name of the file to which
+ * messages are logged. If kset_logfile() is not called,
+ * the logfile defaults to KRBLOG, defined in "krb.h".
+ */
+
+void
+kset_logfile(char *filename)
+{
+ krb_openlog(&file_log, filename, NULL, log_with_timestamp_and_nl);
+}
+
+/*
+ * krb_log() and klog() is used to add entries to the logfile.
+ *
+ * The log entry consists of a timestamp and the given arguments
+ * printed according to the given "format" string.
+ *
+ * The log file is opened and closed for each log entry.
+ *
+ * If the given log type "type" is unknown, or if the log file
+ * cannot be opened, no entry is made to the log file.
+ *
+ * CHANGE: the type is always ignored
+ *
+ * The return value of klog() is always a pointer to the formatted log
+ * text string "logtxt".
+ */
+
+/* Used in kerberos.c only. */
+char *
+klog(int type, const char *format, ...)
+{
+ static char logtxt[1024];
+
+ va_list ap;
+
+ va_start(ap, format);
+ vsnprintf(logtxt, sizeof(logtxt), format, ap);
+ va_end(ap);
+
+ krb_logger(&file_log, "%s", logtxt);
+
+ return logtxt;
+}
+
+/* Used in kadmind and rd_req.c */
+void
+krb_log(const char *format, ...)
+{
+ va_list args;
+
+ va_start(args, format);
+ krb_vlogger(&file_log, format, args);
+ va_end(args);
+}
diff --git a/kerberosIV/krb/lsb_addr_comp.c b/kerberosIV/krb/lsb_addr_comp.c
new file mode 100644
index 00000000000..6e1c11fed0b
--- /dev/null
+++ b/kerberosIV/krb/lsb_addr_comp.c
@@ -0,0 +1,105 @@
+/* $KTH: lsb_addr_comp.c,v 1.9 1997/04/01 08:18:37 joda Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+#include "lsb_addr_comp.h"
+
+int
+krb_lsb_antinet_ulong_cmp(u_int32_t x, u_int32_t y)
+{
+ int i;
+ u_int32_t a = 0, b = 0;
+ u_int8_t *p = (u_int8_t*) &x;
+ u_int8_t *q = (u_int8_t*) &y;
+
+ for(i = sizeof(u_int32_t) - 1; i >= 0; i--){
+ a = (a << 8) | p[i];
+ b = (b << 8) | q[i];
+ }
+ if(a > b)
+ return 1;
+ if(a < b)
+ return -1;
+ return 0;
+}
+
+int
+krb_lsb_antinet_ushort_cmp(u_int16_t x, u_int16_t y)
+{
+ int i;
+ u_int16_t a = 0, b = 0;
+ u_int8_t *p = (u_int8_t*) &x;
+ u_int8_t *q = (u_int8_t*) &y;
+
+ for(i = sizeof(u_int16_t) - 1; i >= 0; i--){
+ a = (a << 8) | p[i];
+ b = (b << 8) | q[i];
+ }
+ if(a > b)
+ return 1;
+ if(a < b)
+ return -1;
+ return 0;
+}
+
+u_int32_t
+lsb_time(time_t t, struct sockaddr_in *src, struct sockaddr_in *dst)
+{
+ /*
+ * direction bit is the sign bit of the timestamp. Ok until
+ * 2038??
+ */
+ /* For compatibility with broken old code, compares are done in VAX
+ byte order (LSBFIRST) */
+ if (krb_lsb_antinet_ulong_less(src->sin_addr.s_addr, /* src < recv */
+ dst->sin_addr.s_addr) < 0)
+ t = -t;
+ else if (krb_lsb_antinet_ulong_less(src->sin_addr.s_addr,
+ dst->sin_addr.s_addr)==0)
+ if (krb_lsb_antinet_ushort_less(src->sin_port, dst->sin_port) < 0)
+ t = -t;
+ /*
+ * all that for one tiny bit! Heaven help those that talk to
+ * themselves.
+ */
+ t = t & 0xffffffff;
+ return t;
+}
diff --git a/kerberosIV/krb/lsb_addr_comp.h b/kerberosIV/krb/lsb_addr_comp.h
index 75a517de9cb..6fc76946816 100644
--- a/kerberosIV/krb/lsb_addr_comp.h
+++ b/kerberosIV/krb/lsb_addr_comp.h
@@ -1,25 +1,11 @@
-/*
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/lsb_addr_comp.h,v $
- */
+/* $KTH: lsb_addr_comp.h,v 1.6 1996/10/05 00:18:02 joda Exp $ */
/*
- * Copyright 1987, 1988 by the Student Information Processing Board
- * of the Massachusetts Institute of Technology
+ * Copyright 1988 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
*
- * Permission to use, copy, modify, and distribute this software
- * and its documentation for any purpose and without fee is
- * hereby granted, provided that the above copyright notice
- * appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation,
- * and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
- * used in advertising or publicity pertaining to distribution
- * of the software without specific, written prior permission.
- * M.I.T. and the M.I.T. S.I.P.B. make no representations about
- * the suitability of this software for any purpose. It is
- * provided "as is" without express or implied warranty.
- */
-
-/*
* Comparison macros to emulate LSBFIRST comparison results of network
* byte-order quantities
*/
@@ -27,28 +13,14 @@
#ifndef LSB_ADDR_COMP_DEFS
#define LSB_ADDR_COMP_DEFS
-#if BYTE_ORDER == BIG_ENDIAN
-
-#define u_char_comp(x,y) \
- (((x)>(y))?(1):(((x)==(y))?(0):(-1)))
-/* This is gross, but... */
-#define lsb_net_ulong_less(x, y) long_less_than((u_char *)&x, (u_char *)&y)
-#define lsb_net_ushort_less(x, y) short_less_than((u_char *)&x, (u_char *)&y)
-
-#define long_less_than(x,y) \
- (u_char_comp((x)[3],(y)[3])?u_char_comp((x)[3],(y)[3]): \
- (u_char_comp((x)[2],(y)[2])?u_char_comp((x)[2],(y)[2]): \
- (u_char_comp((x)[1],(y)[1])?u_char_comp((x)[1],(y)[1]): \
- (u_char_comp((x)[0],(y)[0])))))
-#define short_less_than(x,y) \
- (u_char_comp((x)[1],(y)[1])?u_char_comp((x)[1],(y)[1]): \
- (u_char_comp((x)[0],(y)[0])))
+/* Compare x and y in VAX byte order, result is -1, 0 or 1. */
-#else /* !WORDS_BIGENDIAN */
+#define krb_lsb_antinet_ulong_less(x, y) (((x) == (y)) ? 0 : krb_lsb_antinet_ulong_cmp(x, y))
-#define lsb_net_ulong_less(x,y) ((x < y) ? -1 : ((x > y) ? 1 : 0))
-#define lsb_net_ushort_less(x,y) ((x < y) ? -1 : ((x > y) ? 1 : 0))
+#define krb_lsb_antinet_ushort_less(x, y) (((x) == (y)) ? 0 : krb_lsb_antinet_ushort_cmp(x, y))
-#endif /* !WORDS_BIGENDIAN */
+int krb_lsb_antinet_ulong_cmp(u_int32_t x, u_int32_t y);
+int krb_lsb_antinet_ushort_cmp(u_int16_t x, u_int16_t y);
+u_int32_t lsb_time(time_t t, struct sockaddr_in *src, struct sockaddr_in *dst);
#endif /* LSB_ADDR_COMP_DEFS */
diff --git a/kerberosIV/krb/mk_auth.c b/kerberosIV/krb/mk_auth.c
new file mode 100644
index 00000000000..343f05acc80
--- /dev/null
+++ b/kerberosIV/krb/mk_auth.c
@@ -0,0 +1,96 @@
+/* $KTH: mk_auth.c,v 1.4 1997/04/01 08:18:35 joda Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+/*
+ * Generate an authenticator for service.instance@realm.
+ * instance is canonicalized by `krb_get_phost'
+ * realm is set to the local realm if realm == NULL
+ * The ticket acquired by `krb_mk_req' is returned in `ticket' and the
+ * authenticator in `buf'.
+ * Options control the behaviour (see krb_sendauth).
+ */
+
+int
+krb_mk_auth(int32_t options,
+ KTEXT ticket,
+ char *service,
+ char *instance,
+ char *realm,
+ u_int32_t checksum,
+ char *version,
+ KTEXT buf)
+{
+ char realinst[INST_SZ];
+ char realrealm[REALM_SZ];
+ int ret;
+ unsigned char *p;
+
+ if (options & KOPT_DONT_CANON)
+ strncpy(realinst, instance, sizeof(realinst));
+ else
+ strncpy(realinst, krb_get_phost (instance), sizeof(realinst));
+
+ if (realm == NULL) {
+ ret = krb_get_lrealm (realrealm, 1);
+ if (ret != KSUCCESS)
+ return ret;
+ realm = realrealm;
+ }
+
+ if(!(options & KOPT_DONT_MK_REQ)) {
+ ret = krb_mk_req (ticket, service, realinst, realm, checksum);
+ if (ret != KSUCCESS)
+ return ret;
+ }
+
+ p = buf->dat;
+
+ memcpy (p, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN);
+ p += KRB_SENDAUTH_VLEN;
+ memcpy (p, version, KRB_SENDAUTH_VLEN);
+ p += KRB_SENDAUTH_VLEN;
+ p += krb_put_int(ticket->length, p, 4);
+ memcpy(p, ticket->dat, ticket->length);
+ p += ticket->length;
+ buf->length = p - buf->dat;
+ return KSUCCESS;
+}
diff --git a/kerberosIV/krb/mk_err.c b/kerberosIV/krb/mk_err.c
index 4c37a83430a..1a28e4d178a 100644
--- a/kerberosIV/krb/mk_err.c
+++ b/kerberosIV/krb/mk_err.c
@@ -1,10 +1,4 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/mk_err.c,v $
- *
- * $Locker: $
- */
+/* $KTH: mk_err.c,v 1.6 1997/03/23 03:53:14 joda Exp $ */
/*
Copyright (C) 1989 by the Massachusetts Institute of Technology
@@ -29,8 +23,6 @@ or implied warranty.
#include "krb_locl.h"
-#include <sys/types.h>
-
/*
* This routine creates a general purpose error reply message. It
* doesn't use KTEXT because application protocol may have long
@@ -52,26 +44,13 @@ or implied warranty.
*/
int32_t
-krb_mk_err(p, e, e_string)
- u_char *p; /* Where to build error packet */
- int32_t e; /* Error code */
- char *e_string; /* Text of error */
+krb_mk_err(u_char *p, int32_t e, char *e_string)
{
- u_char *start;
-
- start = p;
-
- /* Create fixed part of packet */
- *p++ = (unsigned char) KRB_PROT_VERSION;
- *p = (unsigned char) AUTH_MSG_APPL_ERR;
- *p++ |= HOST_BYTE_ORDER;
-
- /* Add the basic info */
- bcopy((char *)&e,(char *)p,4); /* err code */
- p += sizeof(e);
- (void) strcpy((char *)p,e_string); /* err text */
- p += strlen(e_string);
-
- /* And return the length */
- return p-start;
+ unsigned char *start = p;
+ p += krb_put_int(KRB_PROT_VERSION, p, 1);
+ p += krb_put_int(AUTH_MSG_APPL_ERR, p, 1);
+
+ p += krb_put_int(e, p, 4);
+ p += krb_put_string(e_string, p);
+ return p - start;
}
diff --git a/kerberosIV/krb/mk_priv.c b/kerberosIV/krb/mk_priv.c
index b591bc6f59a..6075f361b1f 100644
--- a/kerberosIV/krb/mk_priv.c
+++ b/kerberosIV/krb/mk_priv.c
@@ -1,76 +1,61 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/mk_priv.c,v $
- *
- * $Locker: $
- */
-
-/*
- Copyright (C) 1989 by the Massachusetts Institute of Technology
-
- Export of this software from the United States of America is assumed
- to require a specific license from the United States Government.
- It is the responsibility of any person or organization contemplating
- export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. M.I.T. makes no representations about the suitability of
-this software for any purpose. It is provided "as is" without express
-or implied warranty.
-
- */
+/* $KTH: mk_priv.c,v 1.18 1997/04/01 08:18:37 joda Exp $ */
/*
- * This routine constructs a Kerberos 'private msg', i.e.
- * cryptographically sealed with a private session key.
- *
- * Note-- bcopy is used to avoid alignment problems on IBM RT.
- *
- * Note-- It's too bad that it did a long int compare on the RT before.
- *
- * Returns either < 0 ===> error, or resulting size of message
- *
- * Steve Miller Project Athena MIT/DEC
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
#include "krb_locl.h"
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <sys/time.h>
-
/* application include files */
#include "lsb_addr_comp.h"
-/* static storage */
-static u_int32_t c_length;
-static struct timeval msg_time;
-static u_char msg_time_5ms;
-static int32_t msg_time_sec;
-
/*
* krb_mk_priv() constructs an AUTH_MSG_PRIVATE message. It takes
* some user data "in" of "length" bytes and creates a packet in "out"
* consisting of the user data, a timestamp, and the sender's network
* address.
-#ifndef NOENCRYTION
* The packet is encrypted by pcbc_encrypt(), using the given
* "key" and "schedule".
-#endif
* The length of the resulting packet "out" is
* returned.
*
* It is similar to krb_mk_safe() except for the additional key
* schedule argument "schedule" and the fact that the data is encrypted
- * rather than appended with a checksum. Also, the protocol version
- * number is "private_msg_ver", defined in krb_rd_priv.c, rather than
+ * rather than appended with a checksum. The protocol version is
* KRB_PROT_VERSION, defined in "krb.h".
*
* The "out" packet consists of:
@@ -78,14 +63,12 @@ static int32_t msg_time_sec;
* Size Variable Field
* ---- -------- -----
*
- * 1 byte private_msg_ver protocol version number
+ * 1 byte KRB_PROT_VERSION protocol version number
* 1 byte AUTH_MSG_PRIVATE | message type plus local
* HOST_BYTE_ORDER byte order in low bit
*
* 4 bytes c_length length of data
-#ifndef NOENCRYPT
* we encrypt from here with pcbc_encrypt
-#endif
*
* 4 bytes length length of user data
* length in user data
@@ -99,111 +82,44 @@ static int32_t msg_time_sec;
*/
int32_t
-krb_mk_priv(in, out, length, schedule, key, sender, receiver)
- u_char *in; /* application data */
- u_char *out; /* put msg here, leave room for
- * header! breaks if in and out
- * (header stuff) overlap */
- u_int32_t length; /* of in data */
- struct des_ks_struct *schedule; /* precomputed key schedule */
- des_cblock *key; /* encryption key for seed and ivec */
- struct sockaddr_in *sender; /* sender address */
- struct sockaddr_in *receiver; /* receiver address */
+krb_mk_priv(void *in, void *out, u_int32_t length,
+ struct des_ks_struct *schedule, des_cblock *key,
+ struct sockaddr_in *sender, struct sockaddr_in *receiver)
{
- register u_char *p,*q;
- static u_char *c_length_ptr;
-
- /*
- * get the current time to use instead of a sequence #, since
- * process lifetime may be shorter than the lifetime of a session
- * key.
- */
- if (gettimeofday(&msg_time,(struct timezone *)0)) {
- return -1;
- }
- msg_time_sec = (int32_t) msg_time.tv_sec;
- msg_time_5ms = msg_time.tv_usec/5000; /* 5ms quanta */
+ unsigned char *p = (unsigned char*)out;
+ unsigned char *cipher;
- p = out;
+ struct timeval tv;
+ u_int32_t src_addr;
+ u_int32_t len;
- *p++ = private_msg_ver;
- *p++ = AUTH_MSG_PRIVATE | HOST_BYTE_ORDER;
+ p += krb_put_int(KRB_PROT_VERSION, p, 1);
+ p += krb_put_int(AUTH_MSG_PRIVATE, p, 1);
- /* calculate cipher length */
- c_length_ptr = p;
- p += sizeof(c_length);
+ len = 4 + length + 1 + 4 + 4;
+ len = (len + 7) & ~7;
+ p += krb_put_int(len, p, 4);
+
+ cipher = p;
- q = p;
-
- /* stuff input length */
- bcopy((char *)&length,(char *)p,sizeof(length));
- p += sizeof(length);
-
-#ifdef NOENCRYPTION
- /* make all the stuff contiguous for checksum */
-#else
- /* make all the stuff contiguous for checksum and encryption */
-#endif
- bcopy((char *)in,(char *)p,(int) length);
+ p += krb_put_int(length, p, 4);
+
+ memcpy(p, in, length);
p += length;
+
+ gettimeofday(&tv, NULL);
- /* stuff time 5ms */
- bcopy((char *)&msg_time_5ms,(char *)p,sizeof(msg_time_5ms));
- p += sizeof(msg_time_5ms);
-
- /* stuff source address */
- bcopy((char *)&sender->sin_addr.s_addr,(char *)p,
- sizeof(sender->sin_addr.s_addr));
- p += sizeof(sender->sin_addr.s_addr);
-
- /*
- * direction bit is the sign bit of the timestamp. Ok
- * until 2038??
- */
- /* For compatibility with broken old code, compares are done in VAX
- byte order (LSBFIRST) */
- if (lsb_net_ulong_less(sender->sin_addr.s_addr, /* src < recv */
- receiver->sin_addr.s_addr)==-1)
- msg_time_sec = -msg_time_sec;
- else if (lsb_net_ulong_less(sender->sin_addr.s_addr,
- receiver->sin_addr.s_addr)==0)
- if (lsb_net_ushort_less(sender->sin_port,receiver->sin_port) == -1)
- msg_time_sec = -msg_time_sec;
- /* stuff time sec */
- bcopy((char *)&msg_time_sec,(char *)p,sizeof(msg_time_sec));
- p += sizeof(msg_time_sec);
-
- /*
- * All that for one tiny bit! Heaven help those that talk to
- * themselves.
- */
-
-#ifdef notdef
- /*
- * calculate the checksum of the length, address, sequence, and
- * inp data
- */
- cksum = des_quad_cksum(q,NULL,p-q,0,key);
- if (krb_debug)
- printf("\ncksum = %u",cksum);
- /* stuff checksum */
- bcopy((char *) &cksum,(char *) p,sizeof(cksum));
- p += sizeof(cksum);
-#endif
-
- /*
- * All the data have been assembled, compute length
- */
+ *p++ =tv.tv_usec / 5000;
+
+ src_addr = sender->sin_addr.s_addr;
+ p += krb_put_address(src_addr, p);
- c_length = p - q;
- c_length = ((c_length + sizeof(des_cblock) -1)/sizeof(des_cblock)) *
- sizeof(des_cblock);
- /* stuff the length */
- bcopy((char *) &c_length,(char *)c_length_ptr,sizeof(c_length));
+ p += krb_put_int(lsb_time(tv.tv_sec, sender, receiver), p, 4);
+
+ memset(p, 0, 7);
-#ifndef NOENCRYPTION
- des_pcbc_encrypt((des_cblock *)q,(des_cblock *)q,(long)(p-q),schedule,key, DES_ENCRYPT);
-#endif /* NOENCRYPTION */
+ des_pcbc_encrypt((des_cblock *)cipher, (des_cblock *)cipher,
+ len, schedule, key, DES_ENCRYPT);
- return (q - out + c_length); /* resulting size */
+ return (cipher - (unsigned char*)out) + len;
}
diff --git a/kerberosIV/krb/mk_req.c b/kerberosIV/krb/mk_req.c
index f8c4afe38fd..7219fa957ff 100644
--- a/kerberosIV/krb/mk_req.c
+++ b/kerberosIV/krb/mk_req.c
@@ -1,39 +1,72 @@
+/* $KTH: mk_req.c,v 1.17 1997/05/30 17:42:38 bg Exp $ */
+
/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/mk_req.c,v $
- *
- * $Locker: $
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
-/*
- Copyright (C) 1989 by the Massachusetts Institute of Technology
-
- Export of this software from the United States of America is assumed
- to require a specific license from the United States Government.
- It is the responsibility of any person or organization contemplating
- export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. M.I.T. makes no representations about the suitability of
-this software for any purpose. It is provided "as is" without express
-or implied warranty.
-
- */
-
#include "krb_locl.h"
-#include <sys/time.h>
-
-static struct timeval tv_local = { 0, 0 };
static int lifetime = 255; /* But no longer than TGT says. */
+
+static void
+build_request(KTEXT req, char *name, char *inst, char *realm,
+ u_int32_t checksum)
+{
+ struct timeval tv;
+ unsigned char *p = req->dat;
+
+ p += krb_put_nir(name, inst, realm, p);
+
+ p += krb_put_int(checksum, p, 4);
+
+
+ /* Fill in the times on the request id */
+ gettimeofday(&tv, NULL);
+
+ *p++ = tv.tv_usec / 5000; /* 5ms */
+
+ p += krb_put_int(tv.tv_sec, p, 4);
+
+ /* Fill to a multiple of 8 bytes for DES */
+ req->length = ((p - req->dat + 7)/8) * 8;
+}
+
+
/*
* krb_mk_req takes a text structure in which an authenticator is to
* be built, the name of a service, an instance, a realm,
@@ -79,114 +112,90 @@ static int lifetime = 255; /* But no longer than TGT says. */
*/
int
-krb_mk_req(authent, service, instance, realm, checksum)
- register KTEXT authent; /* Place to build the authenticator */
- char *service; /* Name of the service */
- char *instance; /* Service instance */
- char *realm; /* Authentication domain of service */
- int32_t checksum; /* Checksum of data (optional) */
+krb_mk_req(KTEXT authent, char *service, char *instance, char *realm,
+ int32_t checksum)
{
- static KTEXT_ST req_st; /* Temp storage for req id */
- register KTEXT req_id = &req_st;
- unsigned char *v = authent->dat; /* Prot version number */
- unsigned char *t = (authent->dat+1); /* Message type */
- unsigned char *kv = (authent->dat+2); /* Key version no */
- unsigned char *tl = (authent->dat+4+strlen(realm)); /* Tkt len */
- unsigned char *idl = (authent->dat+5+strlen(realm)); /* Reqid len */
+ KTEXT_ST req_st;
+ KTEXT req_id = &req_st;
+
CREDENTIALS cr; /* Credentials used by retr */
- register KTEXT ticket = &(cr.ticket_st); /* Pointer to tkt_st */
+ KTEXT ticket = &(cr.ticket_st); /* Pointer to tkt_st */
int retval; /* Returned by krb_get_cred */
- static des_key_schedule key_s;
+
char myrealm[REALM_SZ];
- /* The fixed parts of the authenticator */
- *v = (unsigned char) KRB_PROT_VERSION;
- *t = (unsigned char) AUTH_MSG_APPL_REQUEST;
- *t |= HOST_BYTE_ORDER;
+ unsigned char *p = authent->dat;
+ p += krb_put_int(KRB_PROT_VERSION, p, 1);
+
+ p += krb_put_int(AUTH_MSG_APPL_REQUEST, p, 1);
+
/* Get the ticket and move it into the authenticator */
if (krb_ap_req_debug)
- printf("Realm: %s\n",realm);
- /*
- * Determine realm of these tickets. We will send this to the
- * KDC from which we are requesting tickets so it knows what to
- * with our session key.
- */
- if ((retval = krb_get_tf_realm(TKT_FILE, myrealm)) != KSUCCESS)
- return(retval);
-
+ krb_warning("Realm: %s\n", realm);
+
retval = krb_get_cred(service,instance,realm,&cr);
if (retval == RET_NOTKT) {
- if ((retval = get_ad_tkt(service,instance,realm,lifetime)))
- return(retval);
- if ((retval = krb_get_cred(service,instance,realm,&cr)))
- return(retval);
+ retval = get_ad_tkt(service, instance, realm, lifetime);
+ if (retval == KSUCCESS)
+ retval = krb_get_cred(service, instance, realm, &cr);
}
- if (retval != KSUCCESS) return (retval);
+ if (retval != KSUCCESS)
+ return retval;
+
+ /*
+ * With multi realm ticket files either find a matching TGT or
+ * else use the first TGT for inter-realm authentication.
+ *
+ * In myrealm hold the realm of the principal "owning" the
+ * corresponding ticket-granting-ticket.
+ */
+
+ retval = krb_get_cred(KRB_TICKET_GRANTING_TICKET, realm, realm, 0);
+ if (retval == KSUCCESS)
+ strncpy(myrealm, realm, REALM_SZ);
+ else
+ retval = krb_get_tf_realm(TKT_FILE, myrealm);
+
+ if (retval != KSUCCESS)
+ return retval;
+
if (krb_ap_req_debug)
- printf("%s %s %s %s %s\n", service, instance, realm,
- cr.pname, cr.pinst);
- *kv = (unsigned char) cr.kvno;
- (void) strcpy((char *)(authent->dat+3),realm);
- *tl = (unsigned char) ticket->length;
- bcopy((char *)(ticket->dat),(char *)(authent->dat+6+strlen(realm)),
- ticket->length);
- authent->length = 6 + strlen(realm) + ticket->length;
- if (krb_ap_req_debug)
- printf("Ticket->length = %d\n",ticket->length);
- if (krb_ap_req_debug)
- printf("Issue date: %d\n",cr.issue_date);
-
- /* Build request id */
- (void) strcpy((char *)(req_id->dat),cr.pname); /* Auth name */
- req_id->length = strlen(cr.pname)+1;
- /* Principal's instance */
- (void) strcpy((char *)(req_id->dat+req_id->length),cr.pinst);
- req_id->length += strlen(cr.pinst)+1;
- /* Authentication domain */
- (void) strcpy((char *)(req_id->dat+req_id->length),myrealm);
- req_id->length += strlen(myrealm)+1;
- /* Checksum */
- bcopy((char *)&checksum,(char *)(req_id->dat+req_id->length),4);
- req_id->length += 4;
+ krb_warning("serv=%s.%s@%s princ=%s.%s@%s\n", service, instance, realm,
+ cr.pname, cr.pinst, myrealm);
- /* Fill in the times on the request id */
- (void) gettimeofday(&tv_local,(struct timezone *) 0);
- *(req_id->dat+(req_id->length)++) =
- (unsigned char) tv_local.tv_usec;
- /* Time (coarse) */
- bcopy((char *)&(tv_local.tv_sec),
- (char *)(req_id->dat+req_id->length), 4);
- req_id->length += 4;
+ p += krb_put_int(cr.kvno, p, 1);
- /* Fill to a multiple of 8 bytes for DES */
- req_id->length = ((req_id->length+7)/8)*8;
-
-#ifndef NOENCRYPTION
- des_key_sched(&cr.session,key_s);
- des_pcbc_encrypt((des_cblock *)req_id->dat,(des_cblock *)req_id->dat,
- (long)req_id->length,key_s,&cr.session, DES_ENCRYPT);
- bzero((char *) key_s, sizeof(key_s));
-#endif /* NOENCRYPTION */
-
- /* Copy it into the authenticator */
- bcopy((char *)(req_id->dat),(char *)(authent->dat+authent->length),
- req_id->length);
- authent->length += req_id->length;
- /* And set the id length */
- *idl = (unsigned char) req_id->length;
- /* clean up */
- bzero((char *)req_id, sizeof(*req_id));
+ p += krb_put_string(realm, p);
+
+ p += krb_put_int(ticket->length, p, 1);
+
+ build_request(req_id, cr.pname, cr.pinst, myrealm, checksum);
+
+ encrypt_ktext(req_id, &cr.session, DES_ENCRYPT);
+
+ p += krb_put_int(req_id->length, p, 1);
+
+ memcpy(p, ticket->dat, ticket->length);
+
+ p += ticket->length;
+
+ memcpy(p, req_id->dat, req_id->length);
+
+ p += req_id->length;
+
+ authent->length = p - authent->dat;
+
+ memset(&cr, 0, sizeof(cr));
+ memset(&req_st, 0, sizeof(req_st));
if (krb_ap_req_debug)
- printf("Authent->length = %d\n",authent->length);
- if (krb_ap_req_debug)
- printf("idl = %d, tl = %d\n",(int) *idl, (int) *tl);
+ krb_warning("Authent->length = %d\n", authent->length);
- return(KSUCCESS);
+ return KSUCCESS;
}
/*
@@ -197,8 +206,7 @@ krb_mk_req(authent, service, instance, realm, checksum)
*/
int
-krb_set_lifetime(newval)
- int newval;
+krb_set_lifetime(int newval)
{
int olife = lifetime;
diff --git a/kerberosIV/krb/mk_safe.c b/kerberosIV/krb/mk_safe.c
index 3ee06da4930..1f2abc91244 100644
--- a/kerberosIV/krb/mk_safe.c
+++ b/kerberosIV/krb/mk_safe.c
@@ -1,60 +1,52 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/mk_safe.c,v $
- *
- * $Locker: $
- */
-
-/*
- Copyright (C) 1989 by the Massachusetts Institute of Technology
-
- Export of this software from the United States of America is assumed
- to require a specific license from the United States Government.
- It is the responsibility of any person or organization contemplating
- export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. M.I.T. makes no representations about the suitability of
-this software for any purpose. It is provided "as is" without express
-or implied warranty.
-
- */
+/* $KTH: mk_safe.c,v 1.21 1997/04/19 23:18:03 joda Exp $ */
/*
- * This routine constructs a Kerberos 'safe msg', i.e. authenticated
- * using a private session key to seed a checksum. Msg is NOT
- * encrypted.
- *
- * Note-- bcopy is used to avoid alignment problems on IBM RT
- *
- * Returns either <0 ===> error, or resulting size of message
- *
- * Steve Miller Project Athena MIT/DEC
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
#include "krb_locl.h"
-/* system include files */
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <sys/time.h>
-
/* application include files */
#include "lsb_addr_comp.h"
-/* static storage */
-static u_int32_t cksum;
-static des_cblock big_cksum[2];
-static struct timeval msg_time;
-static u_char msg_time_5ms;
-static int32_t msg_time_sec;
+
+/* from rd_safe.c */
+extern int dqc_type;
+void fixup_quad_cksum(void*, size_t, des_cblock*, void*, void*, int);
/*
* krb_mk_safe() constructs an AUTH_MSG_SAFE message. It takes some
@@ -89,89 +81,51 @@ static int32_t msg_time_sec;
*/
int32_t
-krb_mk_safe(in, out, length, key, sender, receiver)
- u_char *in; /* application data */
- u_char *out; /*
- * put msg here, leave room for header!
- * breaks if in and out (header stuff)
- * overlap
- */
- u_int32_t length; /* of in data */
- des_cblock *key; /* encryption key for seed and ivec */
- struct sockaddr_in *sender; /* sender address */
- struct sockaddr_in *receiver; /* receiver address */
+krb_mk_safe(void *in, void *out, u_int32_t length, des_cblock *key,
+ struct sockaddr_in *sender, struct sockaddr_in *receiver)
{
- register u_char *p,*q;
+ unsigned char * p = (unsigned char*)out;
+ struct timeval tv;
+ unsigned char *start;
+ u_int32_t src_addr;
- /*
- * get the current time to use instead of a sequence #, since
- * process lifetime may be shorter than the lifetime of a session
- * key.
- */
- if (gettimeofday(&msg_time,(struct timezone *)0)) {
- return -1;
- }
- msg_time_sec = (int32_t) msg_time.tv_sec;
- msg_time_5ms = msg_time.tv_usec/5000; /* 5ms quanta */
-
- p = out;
+ p += krb_put_int(KRB_PROT_VERSION, p, 1);
+ p += krb_put_int(AUTH_MSG_SAFE, p, 1);
+
+ start = p;
- *p++ = KRB_PROT_VERSION;
- *p++ = AUTH_MSG_SAFE | HOST_BYTE_ORDER;
+ p += krb_put_int(length, p, 4);
- q = p; /* start for checksum stuff */
- /* stuff input length */
- bcopy((char *)&length,(char *)p,sizeof(length));
- p += sizeof(length);
-
- /* make all the stuff contiguous for checksum */
- bcopy((char *)in,(char *)p,(int) length);
+ memcpy(p, in, length);
p += length;
+
+ gettimeofday(&tv, NULL);
+
+ *p++ = tv.tv_usec/5000; /* 5ms */
+
+ src_addr = sender->sin_addr.s_addr;
+ p += krb_put_address(src_addr, p);
+
+ p += krb_put_int(lsb_time(tv.tv_sec, sender, receiver), p, 4);
+
+ {
+ /* We are faking big endian mode, so we need to fix the
+ * checksum (that is byte order dependent). We always send a
+ * checksum of the new type, unless we know that we are
+ * talking to an old client (this requires a call to
+ * krb_rd_safe first).
+ */
+ unsigned char new_checksum[16];
+ unsigned char old_checksum[16];
+ fixup_quad_cksum(start, p - start, key, new_checksum, old_checksum, 0);
+
+ if((dqc_type == DES_QUAD_GUESS && DES_QUAD_DEFAULT == DES_QUAD_OLD) ||
+ dqc_type == DES_QUAD_OLD)
+ memcpy(p, old_checksum, 16);
+ else
+ memcpy(p, new_checksum, 16);
+ }
+ p += 16;
- /* stuff time 5ms */
- bcopy((char *)&msg_time_5ms,(char *)p,sizeof(msg_time_5ms));
- p += sizeof(msg_time_5ms);
-
- /* stuff source address */
- bcopy((char *) &sender->sin_addr.s_addr,(char *)p,
- sizeof(sender->sin_addr.s_addr));
- p += sizeof(sender->sin_addr.s_addr);
-
- /*
- * direction bit is the sign bit of the timestamp. Ok until
- * 2038??
- */
- /* For compatibility with broken old code, compares are done in VAX
- byte order (LSBFIRST) */
- if (lsb_net_ulong_less(sender->sin_addr.s_addr, /* src < recv */
- receiver->sin_addr.s_addr)==-1)
- msg_time_sec = -msg_time_sec;
- else if (lsb_net_ulong_less(sender->sin_addr.s_addr,
- receiver->sin_addr.s_addr)==0)
- if (lsb_net_ushort_less(sender->sin_port,receiver->sin_port) == -1)
- msg_time_sec = -msg_time_sec;
- /*
- * all that for one tiny bit! Heaven help those that talk to
- * themselves.
- */
-
- /* stuff time sec */
- bcopy((char *)&msg_time_sec,(char *)p,sizeof(msg_time_sec));
- p += sizeof(msg_time_sec);
-
-#ifdef NOENCRYPTION
- cksum = 0;
- bzero(big_cksum, sizeof(big_cksum));
-#else
- cksum = des_quad_cksum((des_cblock *)q,big_cksum,p-q,2,key);
-#endif
- if (krb_debug)
- printf("\ncksum = %u",(u_int) cksum);
-
- /* stuff checksum */
- bcopy((char *)big_cksum,(char *)p,sizeof(big_cksum));
- p += sizeof(big_cksum);
-
- return ((int32_t)(p - out)); /* resulting size */
-
+ return p - (unsigned char*)out;
}
diff --git a/kerberosIV/krb/month_sname.c b/kerberosIV/krb/month_sname.c
index 885809a6603..32542c27501 100644
--- a/kerberosIV/krb/month_sname.c
+++ b/kerberosIV/krb/month_sname.c
@@ -1,10 +1,4 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/month_sname.c,v $
- *
- * $Locker: $
- */
+/* $KTH: month_sname.c,v 1.5 1997/03/23 03:53:14 joda Exp $ */
/*
Copyright (C) 1989 by the Massachusetts Institute of Technology
@@ -35,11 +29,9 @@ or implied warranty.
* month. Returns 0 if the argument is out of range.
*/
-char *
-month_sname(n)
- int n;
+const char *month_sname(int n)
{
- static char *name[] = {
+ static const char *name[] = {
"Jan","Feb","Mar","Apr","May","Jun",
"Jul","Aug","Sep","Oct","Nov","Dec"
};
diff --git a/kerberosIV/krb/name2name.c b/kerberosIV/krb/name2name.c
new file mode 100644
index 00000000000..aa847057353
--- /dev/null
+++ b/kerberosIV/krb/name2name.c
@@ -0,0 +1,102 @@
+/* $KTH: name2name.c,v 1.15 1997/04/30 04:30:36 assar Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+/* convert host to a more fully qualified domain name, returns 0 if
+ * phost is the same as host, 1 otherwise. phost should be
+ * phost_size bytes long.
+ */
+
+int
+krb_name_to_name(const char *host, char *phost, size_t phost_size)
+{
+ struct hostent *hp;
+ struct in_addr adr;
+ const char *tmp;
+
+ adr.s_addr = inet_addr(host);
+ hp = gethostbyname(host);
+ if (hp == NULL && adr.s_addr != INADDR_NONE)
+ hp = gethostbyaddr((char *)&adr, sizeof(adr), AF_INET);
+ if (hp == NULL)
+ tmp = host;
+ else
+ tmp = hp->h_name;
+ strncpy (phost, tmp, phost_size);
+ phost[phost_size - 1] = '\0';
+
+ if (strcmp(phost, host) == 0)
+ return 0;
+ else
+ return 1;
+}
+
+/* lowercase and truncate */
+
+void
+k_ricercar(char *name)
+{
+ char *p = name;
+ while(*p && *p != '.'){
+ if(isupper(*p))
+ *p = tolower(*p);
+ p++;
+ }
+ if(*p == '.')
+ *p = 0;
+}
+
+/*
+ * This routine takes an alias for a host name and returns the first
+ * field, in lower case, of its domain name.
+ *
+ * Example: "fOo.BAR.com" -> "foo"
+ */
+
+char *
+krb_get_phost(const char *alias)
+{
+ static char phost[MAXHOSTNAMELEN];
+
+ krb_name_to_name(alias, phost, sizeof(phost));
+ k_ricercar(phost);
+ return phost;
+}
diff --git a/kerberosIV/krb/netread.c b/kerberosIV/krb/netread.c
index e223b7915ac..0149aba2635 100644
--- a/kerberosIV/krb/netread.c
+++ b/kerberosIV/krb/netread.c
@@ -1,10 +1,4 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/netread.c,v $
- *
- * $Locker: $
- */
+/* $KTH: netread.c,v 1.7 1997/06/19 23:56:44 assar Exp $ */
/*
Copyright (C) 1989 by the Massachusetts Institute of Technology
@@ -40,12 +34,10 @@ or implied warranty.
*/
int
-krb_net_read(fd, buf, len)
- int fd;
- register char *buf;
- register int len;
+krb_net_read (int fd, void *v, size_t len)
{
int cc, len2 = 0;
+ char *buf = v;
do {
cc = read(fd, buf, len);
diff --git a/kerberosIV/krb/netwrite.c b/kerberosIV/krb/netwrite.c
index c95033c0bf2..edd2d80b476 100644
--- a/kerberosIV/krb/netwrite.c
+++ b/kerberosIV/krb/netwrite.c
@@ -1,10 +1,4 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/netwrite.c,v $
- *
- * $Locker: $
- */
+/* $KTH: netwrite.c,v 1.8 1997/06/19 23:56:25 assar Exp $ */
/*
Copyright (C) 1989 by the Massachusetts Institute of Technology
@@ -39,13 +33,12 @@ or implied warranty.
*/
int
-krb_net_write(fd, buf, len)
- int fd;
- register char *buf;
- int len;
+krb_net_write(int fd, const void *v, size_t len)
{
int cc;
- register int wrlen = len;
+ int wrlen = len;
+ const char *buf = (const char*)v;
+
do {
cc = write(fd, buf, wrlen);
if (cc < 0)
diff --git a/kerberosIV/krb/one.c b/kerberosIV/krb/one.c
index 316d80465f7..d43b2840e08 100644
--- a/kerberosIV/krb/one.c
+++ b/kerberosIV/krb/one.c
@@ -1,11 +1,3 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/one.c,v $
- *
- * $Locker: $
- */
-
/*
Copyright (C) 1989 by the Massachusetts Institute of Technology
diff --git a/kerberosIV/krb/parse_name.c b/kerberosIV/krb/parse_name.c
new file mode 100644
index 00000000000..281a3389391
--- /dev/null
+++ b/kerberosIV/krb/parse_name.c
@@ -0,0 +1,199 @@
+/* $KTH: parse_name.c,v 1.4 1997/04/01 08:18:39 joda Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+int
+krb_parse_name(const char *fullname, krb_principal *principal)
+{
+ const char *p;
+ char *ns, *np;
+ enum {n, i, r} pos = n;
+ int quote = 0;
+ ns = np = principal->name;
+
+ principal->name[0] = 0;
+ principal->instance[0] = 0;
+ principal->realm[0] = 0;
+
+ for(p = fullname; *p; p++){
+ if(np - ns == ANAME_SZ - 1) /* XXX they have the same size */
+ return KNAME_FMT;
+ if(quote){
+ *np++ = *p;
+ quote = 0;
+ continue;
+ }
+ if(*p == '\\')
+ quote = 1;
+ else if(*p == '.' && pos == n){
+ *np = 0;
+ ns = np = principal->instance;
+ pos = i;
+ }else if(*p == '@' && (pos == n || pos == i)){
+ *np = 0;
+ ns = np = principal->realm;
+ pos = r;
+ }else
+ *np++ = *p;
+ }
+ *np = 0;
+ if(quote || principal->name[0] == 0)
+ return KNAME_FMT;
+ return KSUCCESS;
+}
+
+int
+kname_parse(char *np, char *ip, char *rp, char *fullname)
+{
+ krb_principal p;
+ int ret;
+ if((ret = krb_parse_name(fullname, &p)) == 0){
+ strcpy(np, p.name);
+ strcpy(ip, p.instance);
+ if(p.realm[0])
+ strcpy(rp, p.realm);
+ }
+ return ret;
+}
+/*
+ * k_isname() returns 1 if the given name is a syntactically legitimate
+ * Kerberos name; returns 0 if it's not.
+ */
+
+int
+k_isname(char *s)
+{
+ char c;
+ int backslash = 0;
+
+ if (!*s)
+ return 0;
+ if (strlen(s) > ANAME_SZ - 1)
+ return 0;
+ while ((c = *s++)) {
+ if (backslash) {
+ backslash = 0;
+ continue;
+ }
+ switch(c) {
+ case '\\':
+ backslash = 1;
+ break;
+ case '.':
+ return 0;
+ /* break; */
+ case '@':
+ return 0;
+ /* break; */
+ }
+ }
+ return 1;
+}
+
+
+/*
+ * k_isinst() returns 1 if the given name is a syntactically legitimate
+ * Kerberos instance; returns 0 if it's not.
+ */
+
+int
+k_isinst(char *s)
+{
+ char c;
+ int backslash = 0;
+
+ if (strlen(s) > INST_SZ - 1)
+ return 0;
+ while ((c = *s++)) {
+ if (backslash) {
+ backslash = 0;
+ continue;
+ }
+ switch(c) {
+ case '\\':
+ backslash = 1;
+ break;
+ case '.':
+#if INSTANCE_DOTS_OK
+ break;
+#else /* INSTANCE_DOTS_OK */
+ return 0;
+#endif /* INSTANCE_DOTS_OK */
+ /* break; */
+ case '@':
+ return 0;
+ /* break; */
+ }
+ }
+ return 1;
+}
+
+/*
+ * k_isrealm() returns 1 if the given name is a syntactically legitimate
+ * Kerberos realm; returns 0 if it's not.
+ */
+
+int
+k_isrealm(char *s)
+{
+ char c;
+ int backslash = 0;
+
+ if (!*s)
+ return 0;
+ if (strlen(s) > REALM_SZ - 1)
+ return 0;
+ while ((c = *s++)) {
+ if (backslash) {
+ backslash = 0;
+ continue;
+ }
+ switch(c) {
+ case '\\':
+ backslash = 1;
+ break;
+ case '@':
+ return 0;
+ /* break; */
+ }
+ }
+ return 1;
+}
diff --git a/kerberosIV/krb/pkt_clen.c b/kerberosIV/krb/pkt_clen.c
deleted file mode 100644
index af9d2a12cfa..00000000000
--- a/kerberosIV/krb/pkt_clen.c
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/pkt_clen.c,v $
- *
- * $Locker: $
- */
-
-/*
- Copyright (C) 1989 by the Massachusetts Institute of Technology
-
- Export of this software from the United States of America is assumed
- to require a specific license from the United States Government.
- It is the responsibility of any person or organization contemplating
- export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. M.I.T. makes no representations about the suitability of
-this software for any purpose. It is provided "as is" without express
-or implied warranty.
-
- */
-
-#if defined(horrible_function_using_global_variable_had_to_be_inlined)
-
-#include "krb_locl.h"
-
-/*
- * Given a pointer to an AUTH_MSG_KDC_REPLY packet, return the length of
- * its ciphertext portion. The external variable "swap_bytes" is assumed
- * to have been set to indicate whether or not the packet is in local
- * byte order. pkt_clen() takes this into account when reading the
- * ciphertext length out of the packet.
- */
-
-int
-pkt_clen(pkt)
- KTEXT pkt;
-{
- static unsigned short temp,temp2;
- int clen = 0;
-
- /* Start of ticket list */
- unsigned char *ptr = pkt_a_realm(pkt) + 10
- + strlen((char *)pkt_a_realm(pkt));
-
- /* Finally the length */
- bcopy((char *)(++ptr),(char *)&temp,2); /* alignment */
- if (swap_bytes) {
- /* assume a short is 2 bytes?? */
- swab((char *)&temp,(char *)&temp2,2);
- temp = temp2;
- }
-
- clen = (int) temp;
-
- if (krb_debug)
- printf("Clen is %d\n",clen);
- return(clen);
-}
-
-#endif /* defined(horrible_function_using_global_variable_had_to_be_inlined) */
diff --git a/kerberosIV/krb/rd_err.c b/kerberosIV/krb/rd_err.c
index 8b3a26fe8d7..c1024ace9e3 100644
--- a/kerberosIV/krb/rd_err.c
+++ b/kerberosIV/krb/rd_err.c
@@ -1,49 +1,45 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/rd_err.c,v $
- *
- * $Locker: $
- */
-
-/*
- Copyright (C) 1989 by the Massachusetts Institute of Technology
-
- Export of this software from the United States of America is assumed
- to require a specific license from the United States Government.
- It is the responsibility of any person or organization contemplating
- export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. M.I.T. makes no representations about the suitability of
-this software for any purpose. It is provided "as is" without express
-or implied warranty.
-
- */
+/* $KTH: rd_err.c,v 1.8 1997/04/01 08:18:40 joda Exp $ */
/*
- * This routine dissects a a Kerberos 'safe msg',
- * checking its integrity, and returning a pointer to the application
- * data contained and its length.
- *
- * Returns 0 (RD_AP_OK) for success or an error code (RD_AP_...)
- *
- * Steve Miller Project Athena MIT/DEC
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
#include "krb_locl.h"
-/* system include files */
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <sys/time.h>
-
/*
* Given an AUTH_MSG_APPL_ERR message, "in" and its length "in_length",
* return the error code from the message in "code" and the text in
@@ -60,32 +56,27 @@ or implied warranty.
*/
int
-krb_rd_err(in, in_length, code, m_data)
- u_char *in; /* pointer to the msg received */
- u_int32_t in_length; /* of in msg */
- int32_t *code; /* received error code */
- MSG_DAT *m_data;
+krb_rd_err(u_char *in, u_int32_t in_length, int32_t *code, MSG_DAT *m_data)
{
- register u_char *p;
- int swap_bytes = 0;
- p = in; /* beginning of message */
-
- if (*p++ != KRB_PROT_VERSION)
- return(RD_AP_VERSION);
- if (((*p) & ~1) != AUTH_MSG_APPL_ERR)
- return(RD_AP_MSG_TYPE);
- if ((*p++ & 1) != HOST_BYTE_ORDER)
- swap_bytes++;
-
- /* safely get code */
- bcopy((char *)p,(char *)code,sizeof(*code));
- if (swap_bytes)
- swap_u_long(*code);
- p += sizeof(*code); /* skip over */
-
- m_data->app_data = p; /* we're now at the error text
- * message */
- m_data->app_length = in_length;
+ unsigned char *p = (unsigned char*)in;
+
+ unsigned char pvno, type;
+ int little_endian;
- return(RD_AP_OK); /* OK == 0 */
+ pvno = *p++;
+ if(pvno != KRB_PROT_VERSION)
+ return RD_AP_VERSION;
+
+ type = *p++;
+ little_endian = type & 1;
+ type &= ~1;
+
+ if(type != AUTH_MSG_APPL_ERR)
+ return RD_AP_MSG_TYPE;
+
+ p += krb_get_int(p, (u_int32_t *)&code, 4, little_endian);
+
+ m_data->app_data = p;
+ m_data->app_length = in_length; /* XXX is this correct? */
+ return KSUCCESS;
}
diff --git a/kerberosIV/krb/rd_priv.c b/kerberosIV/krb/rd_priv.c
index be52843cb95..9c8c6327dcf 100644
--- a/kerberosIV/krb/rd_priv.c
+++ b/kerberosIV/krb/rd_priv.c
@@ -1,69 +1,50 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/rd_priv.c,v $
- *
- * $Locker: $
- */
-
-/*
- Copyright (C) 1989 by the Massachusetts Institute of Technology
-
- Export of this software from the United States of America is assumed
- to require a specific license from the United States Government.
- It is the responsibility of any person or organization contemplating
- export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. M.I.T. makes no representations about the suitability of
-this software for any purpose. It is provided "as is" without express
-or implied warranty.
-
- */
+/* $KTH: rd_priv.c,v 1.24 1997/05/14 17:53:29 joda Exp $ */
/*
- * This routine dissects a a Kerberos 'private msg', decrypting it,
- * checking its integrity, and returning a pointer to the application
- * data contained and its length.
- *
- * Returns 0 (RD_AP_OK) for success or an error code (RD_AP_...). If
- * the return value is RD_AP_TIME, then either the times are too far
- * out of synch, OR the packet was modified.
- *
- * Steve Miller Project Athena MIT/DEC
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
#include "krb_locl.h"
-/* system include files */
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <sys/time.h>
-
/* application include files */
#include "lsb_addr_comp.h"
-/* static storage */
-static u_int32_t c_length;
-static int swap_bytes;
-static struct timeval local_time;
-static long delta_t;
-
-/* Global! */
-int private_msg_ver = KRB_PROT_VERSION;
-
/*
-#ifdef NOENCRPYTION
- * krb_rd_priv() checks the integrity of an
-#else
* krb_rd_priv() decrypts and checks the integrity of an
-#endif
* AUTH_MSG_PRIVATE message. Given the message received, "in",
* the length of that message, "in_length", the key "schedule"
* and "key", and the network addresses of the
@@ -80,111 +61,62 @@ int private_msg_ver = KRB_PROT_VERSION;
*/
int32_t
-krb_rd_priv(in, in_length, schedule, key, sender, receiver, m_data)
- u_char *in; /* pointer to the msg received */
- u_int32_t in_length; /* length of "in" msg */
- struct des_ks_struct *schedule; /* precomputed key schedule */
- des_cblock *key; /* encryption key for seed and ivec */
- struct sockaddr_in *sender;
- struct sockaddr_in *receiver;
- MSG_DAT *m_data; /*various input/output data from msg */
+krb_rd_priv(void *in, u_int32_t in_length,
+ struct des_ks_struct *schedule, des_cblock *key,
+ struct sockaddr_in *sender, struct sockaddr_in *receiver,
+ MSG_DAT *m_data)
{
- register u_char *p,*q;
- static u_int32_t src_addr; /* Can't send structs since no
- * guarantees on size */
-
- if (gettimeofday(&local_time,(struct timezone *)0))
- return -1;
-
- p = in; /* beginning of message */
- swap_bytes = 0;
-
- if (*p++ != KRB_PROT_VERSION && *(p-1) != 3)
- return RD_AP_VERSION;
- private_msg_ver = *(p-1);
- if (((*p) & ~1) != AUTH_MSG_PRIVATE)
- return RD_AP_MSG_TYPE;
- if ((*p++ & 1) != HOST_BYTE_ORDER)
- swap_bytes++;
-
- /* get cipher length */
- bcopy((char *)p,(char *)&c_length,sizeof(c_length));
- if (swap_bytes)
- swap_u_long(c_length);
- p += sizeof(c_length);
- /* check for rational length so we don't go comatose */
- if (VERSION_SZ + MSG_TYPE_SZ + c_length > in_length)
- return RD_AP_MODIFIED;
-
-
- q = p; /* mark start of encrypted stuff */
-
-#ifndef NOENCRYPTION
- des_pcbc_encrypt((des_cblock *)q,(des_cblock *)q,(long)c_length,schedule,key,DES_DECRYPT);
-#endif
-
- /* safely get application data length */
- bcopy((char *) p,(char *)&(m_data->app_length),
- sizeof(m_data->app_length));
- if (swap_bytes)
- swap_u_long(m_data->app_length);
- p += sizeof(m_data->app_length); /* skip over */
-
- if (m_data->app_length + sizeof(c_length) + sizeof(in_length) +
- sizeof(m_data->time_sec) + sizeof(m_data->time_5ms) +
- sizeof(src_addr) + VERSION_SZ + MSG_TYPE_SZ
- > in_length)
- return RD_AP_MODIFIED;
-
-#ifndef NOENCRYPTION
- /* we're now at the decrypted application data */
-#endif
- m_data->app_data = p;
+ unsigned char *p = (unsigned char*)in;
+ int little_endian;
+ u_int32_t clen;
+ struct timeval tv;
+ u_int32_t src_addr;
+ int delta_t;
+
+ unsigned char pvno, type;
+
+ pvno = *p++;
+ if(pvno != KRB_PROT_VERSION)
+ return RD_AP_VERSION;
+
+ type = *p++;
+ little_endian = type & 1;
+ type &= ~1;
+
+ p += krb_get_int(p, &clen, 4, little_endian);
+
+ if(clen + 2 > in_length)
+ return RD_AP_MODIFIED;
+
+ des_pcbc_encrypt((des_cblock*)p, (des_cblock*)p, clen,
+ schedule, key, DES_DECRYPT);
+
+ p += krb_get_int(p, &m_data->app_length, 4, little_endian);
+ if(m_data->app_length + 17 > in_length)
+ return RD_AP_MODIFIED;
+ m_data->app_data = p;
p += m_data->app_length;
+
+ m_data->time_5ms = *p++;
- /* safely get time_5ms */
- bcopy((char *) p, (char *)&(m_data->time_5ms),
- sizeof(m_data->time_5ms));
- /* don't need to swap-- one byte for now */
- p += sizeof(m_data->time_5ms);
-
- /* safely get src address */
- bcopy((char *) p,(char *)&src_addr,sizeof(src_addr));
- /* don't swap, net order always */
- p += sizeof(src_addr);
-
- /* safely get time_sec */
- bcopy((char *) p, (char *)&(m_data->time_sec),
- sizeof(m_data->time_sec));
- if (swap_bytes) swap_u_long(m_data->time_sec);
-
- p += sizeof(m_data->time_sec);
-
- /* check direction bit is the sign bit */
- /* For compatibility with broken old code, compares are done in VAX
- byte order (LSBFIRST) */
- if (lsb_net_ulong_less(sender->sin_addr.s_addr,
- receiver->sin_addr.s_addr)==-1)
- /* src < recv */
- m_data->time_sec = - m_data->time_sec;
- else if (lsb_net_ulong_less(sender->sin_addr.s_addr,
- receiver->sin_addr.s_addr)==0)
- if (lsb_net_ushort_less(sender->sin_port,receiver->sin_port)==-1)
- /* src < recv */
- m_data->time_sec = - m_data->time_sec;
- /*
- * all that for one tiny bit!
- * Heaven help those that talk to themselves.
- */
+ p += krb_get_address(p, &src_addr);
+
+ if (!krb_equiv(src_addr, sender->sin_addr.s_addr))
+ return RD_AP_BADD;
+
+ p += krb_get_int(p, (u_int32_t *)&m_data->time_sec, 4, little_endian);
+
+ m_data->time_sec = lsb_time(m_data->time_sec, sender, receiver);
+
+ gettimeofday(&tv, NULL);
/* check the time integrity of the msg */
- delta_t = abs((int)((long) local_time.tv_sec
- - m_data->time_sec));
+ delta_t = abs((int)((long) tv.tv_sec - m_data->time_sec));
if (delta_t > CLOCK_SKEW)
return RD_AP_TIME;
if (krb_debug)
- printf("\ndelta_t = %d", (int) delta_t);
+ krb_warning("\ndelta_t = %d", (int) delta_t);
/*
* caller must check timestamps for proper order and
@@ -193,20 +125,5 @@ krb_rd_priv(in, in_length, schedule, key, sender, receiver, m_data)
* tightly synchronized clocks.
*/
-#ifdef notdef
- bcopy((char *) p,(char *)&cksum,sizeof(cksum));
- if (swap_bytes) swap_u_long(cksum)
- /*
- * calculate the checksum of the length, sequence,
- * and input data, on the sending byte order!!
- */
- calc_cksum = des_quad_cksum(q,NULL,p-q,0,key);
-
- if (krb_debug)
- printf("\ncalc_cksum = %u, received cksum = %u",
- calc_cksum, cksum);
- if (cksum != calc_cksum)
- return RD_AP_MODIFIED;
-#endif
- return RD_AP_OK; /* OK == 0 */
+ return KSUCCESS;
}
diff --git a/kerberosIV/krb/rd_req.c b/kerberosIV/krb/rd_req.c
index 61a5f9dcc90..adcbabe8937 100644
--- a/kerberosIV/krb/rd_req.c
+++ b/kerberosIV/krb/rd_req.c
@@ -1,36 +1,45 @@
+/* $KTH: rd_req.c,v 1.24 1997/05/11 11:05:28 assar Exp $ */
+
/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/rd_req.c,v $
- *
- * $Locker: $
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
-/*
- Copyright (C) 1989 by the Massachusetts Institute of Technology
-
- Export of this software from the United States of America is assumed
- to require a specific license from the United States Government.
- It is the responsibility of any person or organization contemplating
- export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. M.I.T. makes no representations about the suitability of
-this software for any purpose. It is provided "as is" without express
-or implied warranty.
-
- */
-
#include "krb_locl.h"
-#include <sys/time.h>
-
static struct timeval t_local = { 0, 0 };
/*
@@ -75,19 +84,17 @@ static char st_inst[INST_SZ]; /* server's instance */
*/
int
-krb_set_key(key, cvt)
- char *key;
- int cvt;
+krb_set_key(void *key, int cvt)
{
#ifdef NOENCRYPTION
- bzero(ky, sizeof(ky));
+ memset(ky, 0, sizeof(ky));
return KSUCCESS;
#else /* Encrypt */
if (cvt)
- des_string_to_key(key,&ky);
+ des_string_to_key((char*)key, &ky);
else
- bcopy(key,(char *)ky,8);
- return(des_key_sched(&ky,serv_key));
+ memcpy((char*)ky, key, 8);
+ return(des_key_sched(&ky, serv_key));
#endif /* NOENCRYPTION */
}
@@ -134,75 +141,64 @@ krb_set_key(key, cvt)
*/
int
-krb_rd_req(authent, service, instance, from_addr, ad, fn)
- register KTEXT authent; /* The received message */
- char *service; /* Service name */
- char *instance; /* Service instance */
- int32_t from_addr; /* Net address of originating host */
- AUTH_DAT *ad; /* Structure to be filled in */
- char *fn; /* Filename to get keys from */
+krb_rd_req(KTEXT authent, /* The received message */
+ char *service, /* Service name */
+ char *instance, /* Service instance */
+ int32_t from_addr, /* Net address of originating host */
+ AUTH_DAT *ad, /* Structure to be filled in */
+ char *fn) /* Filename to get keys from */
{
static KTEXT_ST ticket; /* Temp storage for ticket */
static KTEXT tkt = &ticket;
static KTEXT_ST req_id_st; /* Temp storage for authenticator */
- register KTEXT req_id = &req_id_st;
+ KTEXT req_id = &req_id_st;
char realm[REALM_SZ]; /* Realm of issuing kerberos */
- static des_key_schedule seskey_sched; /* Key sched for session key */
+
unsigned char skey[KKEY_SZ]; /* Session key from ticket */
char sname[SNAME_SZ]; /* Service name from ticket */
char iname[INST_SZ]; /* Instance name from ticket */
char r_aname[ANAME_SZ]; /* Client name from authenticator */
char r_inst[INST_SZ]; /* Client instance from authenticator */
char r_realm[REALM_SZ]; /* Client realm from authenticator */
- unsigned int r_time_ms; /* Fine time from authenticator */
- unsigned long r_time_sec; /* Coarse time from authenticator */
- register char *ptr; /* For stepping through */
+ u_int32_t r_time_sec; /* Coarse time from authenticator */
unsigned long delta_t; /* Time in authenticator - local time */
long tkt_age; /* Age of ticket */
- static int swap_bytes; /* Need to swap bytes? */
- static int mutual; /* Mutual authentication requested? */
static unsigned char s_kvno;/* Version number of the server's key
* Kerberos used to encrypt ticket */
+
+ struct timeval tv;
int status;
+ int pvno;
+ int type;
+ int little_endian;
+
+ unsigned char *p;
+
if (authent->length <= 0)
return(RD_AP_MODIFIED);
- ptr = (char *) authent->dat;
+ p = authent->dat;
/* get msg version, type and byte order, and server key version */
- /* check version */
- if (KRB_PROT_VERSION != (unsigned int) *ptr++)
- return(RD_AP_VERSION);
-
- /* byte order */
- swap_bytes = 0;
- if ((*ptr & 1) != HOST_BYTE_ORDER)
- swap_bytes++;
-
- /* check msg type */
- mutual = 0;
- switch (*ptr++ & ~1) {
- case AUTH_MSG_APPL_REQUEST:
- break;
- case AUTH_MSG_APPL_REQUEST_MUTUAL:
- mutual++;
- break;
- default:
- return(RD_AP_MSG_TYPE);
- }
+ pvno = *p++;
+
+ if(pvno != KRB_PROT_VERSION)
+ return RD_AP_VERSION;
+
+ type = *p++;
+
+ little_endian = type & 1;
+ type &= ~1;
+
+ if(type != AUTH_MSG_APPL_REQUEST && type != AUTH_MSG_APPL_REQUEST_MUTUAL)
+ return RD_AP_MSG_TYPE;
-#ifdef lint
- /* XXX mutual is set but not used; why??? */
- /* this is a crock to get lint to shut up */
- if (mutual)
- mutual = 0;
-#endif /* lint */
- s_kvno = *ptr++; /* get server key version */
- (void) strncpy(realm,ptr, REALM_SZ); /* And the realm of the issuing KDC */
- ptr += strlen(ptr) + 1; /* skip the realm "hint" */
+ s_kvno = *p++;
+
+ p += krb_get_string(p, realm);
/*
* If "fn" is NULL, key info should already be set; don't
@@ -216,124 +212,110 @@ krb_rd_req(authent, service, instance, from_addr, ad, fn)
strcmp(st_rlm,realm) || (st_kvno != s_kvno))) {
if (*fn == 0) fn = KEYFILE;
st_kvno = s_kvno;
-#ifndef NOENCRYPTION
- if (read_service_key(service,instance,realm,(int) s_kvno,
- fn,(char *)skey))
+ if (read_service_key(service, instance, realm, s_kvno,
+ fn, (char *)skey))
return(RD_AP_UNDEC);
- if ((status = krb_set_key((char *)skey,0)))
+ if ((status = krb_set_key((char*)skey, 0)))
return(status);
-#endif /* !NOENCRYPTION */
- (void) strcpy(st_rlm,realm);
- (void) strcpy(st_nam,service);
- (void) strcpy(st_inst,instance);
+ strcpy(st_rlm, realm);
+ strcpy(st_nam, service);
+ strcpy(st_inst, instance);
}
- /* Get ticket from authenticator */
- tkt->length = (int) *ptr++;
- if ((tkt->length + (ptr+1 - (char *) authent->dat)) > authent->length)
- return(RD_AP_MODIFIED);
- bcopy(ptr+1,(char *)(tkt->dat),tkt->length);
+ tkt->length = *p++;
- if (krb_ap_req_debug)
- log("ticket->length: %d",tkt->length);
+ req_id->length = *p++;
-#ifndef NOENCRYPTION
- /* Decrypt and take apart ticket */
-#endif
+ if(tkt->length + (p - authent->dat) > authent->length)
+ return RD_AP_MODIFIED;
- if (decomp_ticket(tkt,&ad->k_flags,ad->pname,ad->pinst,ad->prealm,
- &(ad->address),ad->session, &(ad->life),
- &(ad->time_sec),sname,iname,&ky,serv_key))
- return(RD_AP_UNDEC);
+ memcpy(tkt->dat, p, tkt->length);
+ p += tkt->length;
+ if (krb_ap_req_debug)
+ krb_log("ticket->length: %d",tkt->length);
+
+ /* Decrypt and take apart ticket */
+ if (decomp_ticket(tkt, &ad->k_flags, ad->pname, ad->pinst, ad->prealm,
+ &ad->address, ad->session, &ad->life,
+ &ad->time_sec, sname, iname, &ky, serv_key))
+ return RD_AP_UNDEC;
+
if (krb_ap_req_debug) {
- log("Ticket Contents.");
- log(" Aname: %s.%s",ad->pname,
- ((int)*(ad->prealm) ? ad->prealm : "Athena"));
- log(" Service: %s%s%s",sname,((int)*iname ? "." : ""),iname);
+ krb_log("Ticket Contents.");
+ krb_log(" Aname: %s.%s",ad->pname, ad->prealm);
+ krb_log(" Service: %s", krb_unparse_name_long(sname, iname, NULL));
}
/* Extract the authenticator */
- req_id->length = (int) *(ptr++);
- if ((req_id->length + (ptr + tkt->length - (char *) authent->dat)) >
- authent->length)
- return(RD_AP_MODIFIED);
- bcopy(ptr + tkt->length, (char *)(req_id->dat),req_id->length);
+
+ if(req_id->length + (p - authent->dat) > authent->length)
+ return RD_AP_MODIFIED;
+ memcpy(req_id->dat, p, req_id->length);
+ p = req_id->dat;
+
#ifndef NOENCRYPTION
/* And decrypt it with the session key from the ticket */
- if (krb_ap_req_debug) log("About to decrypt authenticator");
- des_key_sched(&ad->session,seskey_sched);
- des_pcbc_encrypt((des_cblock *)req_id->dat,(des_cblock *)req_id->dat,
- (long) req_id->length, seskey_sched,&ad->session,DES_DECRYPT);
- if (krb_ap_req_debug) log("Done.");
+ if (krb_ap_req_debug) krb_log("About to decrypt authenticator");
+
+ encrypt_ktext(req_id, &ad->session, DES_DECRYPT);
+
+ if (krb_ap_req_debug) krb_log("Done.");
#endif /* NOENCRYPTION */
+ /* cast req_id->length to int? */
#define check_ptr() if ((ptr - (char *) req_id->dat) > req_id->length) return(RD_AP_MODIFIED);
- ptr = (char *) req_id->dat;
- (void) strcpy(r_aname,ptr); /* Authentication name */
- ptr += strlen(r_aname)+1;
- check_ptr();
- (void) strcpy(r_inst,ptr); /* Authentication instance */
- ptr += strlen(r_inst)+1;
- check_ptr();
- (void) strcpy(r_realm,ptr); /* Authentication name */
- ptr += strlen(r_realm)+1;
- check_ptr();
- bcopy(ptr,(char *)&ad->checksum,4); /* Checksum */
- ptr += 4;
- check_ptr();
- if (swap_bytes) swap_u_long(ad->checksum);
- r_time_ms = *(ptr++); /* Time (fine) */
-#ifdef lint
- /* XXX r_time_ms is set but not used. why??? */
- /* this is a crock to get lint to shut up */
- if (r_time_ms)
- r_time_ms = 0;
-#endif /* lint */
- check_ptr();
- /* assume sizeof(r_time_sec) == 4 ?? */
- bcopy(ptr,(char *)&r_time_sec,4); /* Time (coarse) */
- if (swap_bytes) swap_u_long(r_time_sec);
+ p += krb_get_nir(p, r_aname, r_inst, r_realm); /* XXX no rangecheck */
+
+ p += krb_get_int(p, &ad->checksum, 4, little_endian);
+
+ p++; /* time_5ms is not used */
+
+ p += krb_get_int(p, &r_time_sec, 4, little_endian);
/* Check for authenticity of the request */
if (krb_ap_req_debug)
- log("Pname: %s %s",ad->pname,r_aname);
- if (strcmp(ad->pname,r_aname) != 0)
- return(RD_AP_INCON);
- if (strcmp(ad->pinst,r_inst) != 0)
- return(RD_AP_INCON);
+ krb_log("Principal: %s.%s@%s / %s.%s@%s",ad->pname,ad->pinst, ad->prealm,
+ r_aname, r_inst, r_realm);
+ if (strcmp(ad->pname, r_aname) != 0 ||
+ strcmp(ad->pinst, r_inst) != 0 ||
+ strcmp(ad->prealm, r_realm) != 0)
+ return RD_AP_INCON;
+
if (krb_ap_req_debug)
- log("Realm: %s %s",ad->prealm,r_realm);
- if ((strcmp(ad->prealm,r_realm) != 0))
- return(RD_AP_INCON);
+ krb_log("Address: %x %x", ad->address, from_addr);
- if (krb_ap_req_debug)
- log("Address: %d %d",ad->address,from_addr);
+ if (from_addr && (!krb_equiv(ad->address, from_addr)))
+ return RD_AP_BADD;
- (void) gettimeofday(&t_local,(struct timezone *) 0);
- delta_t = abs((int)(t_local.tv_sec - r_time_sec));
+ gettimeofday(&tv, NULL);
+ delta_t = abs((int)(tv.tv_sec - r_time_sec));
if (delta_t > CLOCK_SKEW) {
if (krb_ap_req_debug)
- log("Time out of range: %d - %d = %d",
- t_local.tv_sec,r_time_sec,delta_t);
- return(RD_AP_TIME);
+ krb_log("Time out of range: %lu - %lu = %lu",
+ (unsigned long)t_local.tv_sec,
+ (unsigned long)r_time_sec,
+ (unsigned long)delta_t);
+ return RD_AP_TIME;
}
/* Now check for expiration of ticket */
- tkt_age = t_local.tv_sec - ad->time_sec;
+ tkt_age = tv.tv_sec - ad->time_sec;
if (krb_ap_req_debug)
- log("Time: %d Issue Date: %d Diff: %d Life %x",
- t_local.tv_sec,ad->time_sec,tkt_age,ad->life);
-
- if (t_local.tv_sec < ad->time_sec) {
- if ((ad->time_sec - t_local.tv_sec) > CLOCK_SKEW)
- return(RD_AP_NYV);
- }
- else if (t_local.tv_sec > krb_life_to_time(ad->time_sec, ad->life))
- return(RD_AP_EXP);
+ krb_log("Time: %ld Issue Date: %lu Diff: %ld Life %x",
+ (long)tv.tv_sec,
+ (unsigned long)ad->time_sec,
+ tkt_age,
+ ad->life);
+
+ if ((tkt_age < 0) && (-tkt_age > CLOCK_SKEW))
+ return RD_AP_NYV;
+
+ if (tv.tv_sec > krb_life_to_time(ad->time_sec, ad->life))
+ return RD_AP_EXP;
/* All seems OK */
ad->reply.length = 0;
diff --git a/kerberosIV/krb/rd_safe.c b/kerberosIV/krb/rd_safe.c
index 5d868fa1459..90d97b06365 100644
--- a/kerberosIV/krb/rd_safe.c
+++ b/kerberosIV/krb/rd_safe.c
@@ -1,58 +1,91 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/rd_safe.c,v $
- *
- * $Locker: $
- */
-
-/*
- Copyright (C) 1989 by the Massachusetts Institute of Technology
-
- Export of this software from the United States of America is assumed
- to require a specific license from the United States Government.
- It is the responsibility of any person or organization contemplating
- export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. M.I.T. makes no representations about the suitability of
-this software for any purpose. It is provided "as is" without express
-or implied warranty.
-
- */
+/* $KTH: rd_safe.c,v 1.24 1997/04/19 23:18:20 joda Exp $ */
/*
- * This routine dissects a a Kerberos 'safe msg', checking its
- * integrity, and returning a pointer to the application data
- * contained and its length.
- *
- * Returns 0 (RD_AP_OK) for success or an error code (RD_AP_...)
- *
- * Steve Miller Project Athena MIT/DEC
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
#include "krb_locl.h"
-/* system include files */
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <sys/time.h>
-
/* application include files */
#include "lsb_addr_comp.h"
-/* static storage */
-static des_cblock calc_cksum[2];
-static des_cblock big_cksum[2];
-static int swap_bytes;
-static struct timeval local_time;
-static u_int32_t delta_t;
+/* Generate two checksums in the given byteorder of the data, one
+ * new-form and one old-form. It has to be done this way to be
+ * compatible with the old version of des_quad_cksum.
+ */
+
+/* des_quad_chsum-type; 0 == unknown, 1 == new PL10++, 2 == old */
+int dqc_type = DES_QUAD_DEFAULT;
+
+void
+fixup_quad_cksum(void *start, size_t len, des_cblock *key,
+ void *new_checksum, void *old_checksum, int little)
+{
+ des_quad_cksum((des_cblock*)start, (des_cblock*)new_checksum, len, 2, key);
+ if(HOST_BYTE_ORDER){
+ if(little){
+ memcpy(old_checksum, new_checksum, 16);
+ }else{
+ u_int32_t *tmp = (u_int32_t*)new_checksum;
+ memcpy(old_checksum, new_checksum, 16);
+ swap_u_16(old_checksum);
+ swap_u_long(tmp[0]);
+ swap_u_long(tmp[1]);
+ swap_u_long(tmp[2]);
+ swap_u_long(tmp[3]);
+ }
+ }else{
+ if(little){
+ u_int32_t *tmp = (u_int32_t*)new_checksum;
+ swap_u_long(tmp[0]);
+ swap_u_long(tmp[1]);
+ swap_u_long(tmp[2]);
+ swap_u_long(tmp[3]);
+ memcpy(old_checksum, new_checksum, 16);
+ }else{
+ u_int32_t tmp[4];
+ tmp[0] = ((u_int32_t*)new_checksum)[3];
+ tmp[1] = ((u_int32_t*)new_checksum)[2];
+ tmp[2] = ((u_int32_t*)new_checksum)[1];
+ tmp[3] = ((u_int32_t*)new_checksum)[0];
+ memcpy(old_checksum, tmp, 16);
+ }
+ }
+}
/*
* krb_rd_safe() checks the integrity of an AUTH_MSG_SAFE message.
@@ -72,93 +105,53 @@ static u_int32_t delta_t;
*/
int32_t
-krb_rd_safe(in, in_length, key, sender, receiver, m_data)
- u_char *in; /* pointer to the msg received */
- u_int32_t in_length; /* length of "in" msg */
- des_cblock *key; /* encryption key for seed and ivec */
- struct sockaddr_in *sender; /* sender's address */
- struct sockaddr_in *receiver; /* receiver's address -- me */
- MSG_DAT *m_data; /* where to put message information */
+krb_rd_safe(void *in, u_int32_t in_length, des_cblock *key,
+ struct sockaddr_in *sender, struct sockaddr_in *receiver,
+ MSG_DAT *m_data)
{
- register u_char *p,*q;
- static u_int32_t src_addr; /* Can't send structs since no
- * guarantees on size */
- /* Be very conservative */
- if (sizeof(src_addr) != sizeof(struct in_addr)) {
- fprintf(stderr,"\n\
-krb_rd_safe protocol err sizeof(src_addr) != sizeof(struct in_addr)");
- exit(-1);
- }
-
- if (gettimeofday(&local_time,(struct timezone *)0))
- return -1;
-
- p = in; /* beginning of message */
- swap_bytes = 0;
+ unsigned char *p = (unsigned char*)in, *start;
+
+ unsigned char pvno, type;
+ int little_endian;
+ struct timeval tv;
+ u_int32_t src_addr;
+ int delta_t;
+
+
+ pvno = *p++;
+ if(pvno != KRB_PROT_VERSION)
+ return RD_AP_VERSION;
+
+ type = *p++;
+ little_endian = type & 1;
+ type &= ~1;
+ if(type != AUTH_MSG_SAFE)
+ return RD_AP_MSG_TYPE;
+
+ start = p;
+
+ p += krb_get_int(p, &m_data->app_length, 4, little_endian);
+
+ if(m_data->app_length + 31 > in_length)
+ return RD_AP_MODIFIED;
+
+ m_data->app_data = p;
- if (*p++ != KRB_PROT_VERSION) return RD_AP_VERSION;
- if (((*p) & ~1) != AUTH_MSG_SAFE) return RD_AP_MSG_TYPE;
- if ((*p++ & 1) != HOST_BYTE_ORDER) swap_bytes++;
-
- q = p; /* mark start of cksum stuff */
-
- /* safely get length */
- bcopy((char *)p,(char *)&(m_data->app_length),
- sizeof(m_data->app_length));
- if (swap_bytes) swap_u_long(m_data->app_length);
- p += sizeof(m_data->app_length); /* skip over */
+ p += m_data->app_length;
- if (m_data->app_length + sizeof(in_length)
- + sizeof(m_data->time_sec) + sizeof(m_data->time_5ms)
- + sizeof(big_cksum) + sizeof(src_addr)
- + VERSION_SZ + MSG_TYPE_SZ > in_length)
- return(RD_AP_MODIFIED);
+ m_data->time_5ms = *p++;
- m_data->app_data = p; /* we're now at the application data */
+ p += krb_get_address(p, &src_addr);
- /* skip app data */
- p += m_data->app_length;
+ if (!krb_equiv(src_addr, sender->sin_addr.s_addr))
+ return RD_AP_BADD;
- /* safely get time_5ms */
- bcopy((char *)p, (char *)&(m_data->time_5ms),
- sizeof(m_data->time_5ms));
-
- /* don't need to swap-- one byte for now */
- p += sizeof(m_data->time_5ms);
-
- /* safely get src address */
- bcopy((char *)p,(char *)&src_addr,sizeof(src_addr));
-
- /* don't swap, net order always */
- p += sizeof(src_addr);
-
- /* safely get time_sec */
- bcopy((char *)p, (char *)&(m_data->time_sec),
- sizeof(m_data->time_sec));
- if (swap_bytes)
- swap_u_long(m_data->time_sec);
- p += sizeof(m_data->time_sec);
-
- /* check direction bit is the sign bit */
- /* For compatibility with broken old code, compares are done in VAX
- byte order (LSBFIRST) */
- if (lsb_net_ulong_less(sender->sin_addr.s_addr,
- receiver->sin_addr.s_addr)==-1)
- /* src < recv */
- m_data->time_sec = - m_data->time_sec;
- else if (lsb_net_ulong_less(sender->sin_addr.s_addr,
- receiver->sin_addr.s_addr)==0)
- if (lsb_net_ushort_less(sender->sin_port,receiver->sin_port)==-1)
- /* src < recv */
- m_data->time_sec = - m_data->time_sec;
+ p += krb_get_int(p, (u_int32_t *)&m_data->time_sec, 4, little_endian);
+ m_data->time_sec = lsb_time(m_data->time_sec, sender, receiver);
+
+ gettimeofday(&tv, NULL);
- /*
- * All that for one tiny bit! Heaven help those that talk to
- * themselves.
- */
-
- /* check the time integrity of the msg */
- delta_t = abs((int)((long) local_time.tv_sec - m_data->time_sec));
+ delta_t = abs((int)((long) tv.tv_sec - m_data->time_sec));
if (delta_t > CLOCK_SKEW) return RD_AP_TIME;
/*
@@ -167,20 +160,19 @@ krb_rd_safe protocol err sizeof(src_addr) != sizeof(struct in_addr)");
* and we don't assume tightly synchronized clocks.
*/
- bcopy((char *)p,(char *)big_cksum,sizeof(big_cksum));
- if (swap_bytes) swap_u_16(big_cksum);
-
-#ifdef NOENCRYPTION
- bzero(calc_cksum, sizeof(calc_cksum));
-#else
- des_quad_cksum((des_cblock *)q,calc_cksum,p-q,2,key);
-#endif
-
- if (krb_debug)
- printf("\ncalc_cksum = %u, received cksum = %u",
- (u_int) calc_cksum[0], (u_int) big_cksum[0]);
- if (bcmp((char *)big_cksum,(char *)calc_cksum,sizeof(big_cksum)))
- return(RD_AP_MODIFIED);
-
- return(RD_AP_OK); /* OK == 0 */
+ {
+ unsigned char new_checksum[16];
+ unsigned char old_checksum[16];
+ fixup_quad_cksum(start, p - start, key,
+ new_checksum, old_checksum, little_endian);
+ if((dqc_type == DES_QUAD_GUESS || dqc_type == DES_QUAD_NEW) &&
+ memcmp(new_checksum, p, 16) == 0)
+ dqc_type = DES_QUAD_NEW;
+ else if((dqc_type == DES_QUAD_GUESS || dqc_type == DES_QUAD_OLD) &&
+ memcmp(old_checksum, p, 16) == 0)
+ dqc_type = DES_QUAD_OLD;
+ else
+ return RD_AP_MODIFIED;
+ }
+ return KSUCCESS;
}
diff --git a/kerberosIV/krb/read_service_key.c b/kerberosIV/krb/read_service_key.c
index 31ba2e84ee0..5bee36177f2 100644
--- a/kerberosIV/krb/read_service_key.c
+++ b/kerberosIV/krb/read_service_key.c
@@ -1,10 +1,4 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/read_service_key.c,v $
- *
- * $Locker: $
- */
+/* $KTH: read_service_key.c,v 1.8 1997/03/23 03:53:16 joda Exp $ */
/*
Copyright (C) 1989 by the Massachusetts Institute of Technology
@@ -62,15 +56,13 @@ or implied warranty.
*/
-/*ARGSUSED */
int
-read_service_key(service, instance, realm, kvno, file, key)
- char *service; /* Service Name */
- char *instance; /* Instance name or "*" */
- char *realm; /* Realm */
- int kvno; /* Key version number */
- char *file; /* Filename */
- char *key; /* Pointer to key to be filled in */
+read_service_key(char *service, /* Service Name */
+ char *instance, /* Instance name or "*" */
+ char *realm, /* Realm */
+ int kvno, /* Key version number */
+ char *file, /* Filename */
+ char *key) /* Pointer to key to be filled in */
{
char serv[SNAME_SZ];
char inst[INST_SZ];
@@ -78,18 +70,18 @@ read_service_key(service, instance, realm, kvno, file, key)
unsigned char vno; /* Key version number */
int wcard;
- int stab, open(const char *, int, ...);
+ int stab;
- if ((stab = open(file, 0, 0)) < 0)
+ if ((stab = open(file, O_RDONLY, 0)) < 0)
return(KFAILURE);
wcard = (instance[0] == '*') && (instance[1] == '\0');
while (getst(stab,serv,SNAME_SZ) > 0) { /* Read sname */
- (void) getst(stab,inst,INST_SZ); /* Instance */
- (void) getst(stab,rlm,REALM_SZ); /* Realm */
+ getst(stab,inst,INST_SZ); /* Instance */
+ getst(stab,rlm,REALM_SZ); /* Realm */
/* Vers number */
- if (read(stab,(char *)&vno,1) != 1) {
+ if (read(stab, &vno, 1) != 1) {
close(stab);
return(KFAILURE);
}
@@ -105,29 +97,20 @@ read_service_key(service, instance, realm, kvno, file, key)
if (!wcard && strcmp(inst,instance))
continue;
if (wcard)
- (void) strncpy(instance,inst,INST_SZ);
+ strncpy(instance,inst,INST_SZ);
/* Is this the right realm */
-#ifdef ATHENA_COMPAT
- /* XXX For backward compatibility: if keyfile says "Athena"
- and caller wants "ATHENA.MIT.EDU", call it a match */
- if (strcmp(rlm,realm) &&
- (strcmp(rlm,"Athena") ||
- strcmp(realm,"ATHENA.MIT.EDU")))
- continue;
-#else /* ! ATHENA_COMPAT */
if (strcmp(rlm,realm))
continue;
-#endif /* ATHENA_COMPAT */
/* How about the key version number */
if (kvno && kvno != (int) vno)
continue;
- (void) close(stab);
+ close(stab);
return(KSUCCESS);
}
/* Can't find the requested service */
- (void) close(stab);
+ close(stab);
return(KFAILURE);
}
diff --git a/kerberosIV/krb/realm_parse.c b/kerberosIV/krb/realm_parse.c
new file mode 100644
index 00000000000..8ce892c1835
--- /dev/null
+++ b/kerberosIV/krb/realm_parse.c
@@ -0,0 +1,88 @@
+/* $KTH: realm_parse.c,v 1.10 1997/06/01 03:14:50 assar Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+static int
+realm_parse(char *realm, int length, const char *file)
+{
+ FILE *F;
+ char tr[128];
+ char *p;
+
+ if ((F = fopen(file,"r")) == NULL)
+ return -1;
+
+ while(fgets(tr, sizeof(tr), F)){
+ char *unused = NULL;
+ p = strtok_r(tr, " \t\n\r", &unused);
+ if(p && strcasecmp(p, realm) == 0){
+ fclose(F);
+ strncpy(realm, p, length);
+ return 0;
+ }
+ }
+ fclose(F);
+ return -1;
+}
+
+static const char *const files[] = KRB_CNF_FILES;
+
+int
+krb_realm_parse(char *realm, int length)
+{
+ int i;
+
+ const char *dir = getenv("KRBCONFDIR");
+
+ /* First try user specified file */
+ if (dir != 0) {
+ char fname[MAXPATHLEN];
+
+ if(k_concat(fname, sizeof(fname), dir, "/krb.conf", NULL) == 0)
+ if (realm_parse(realm, length, fname) == 0)
+ return 0;
+ }
+
+ for (i = 0; files[i] != NULL; i++)
+ if (realm_parse(realm, length, files[i]) == 0)
+ return 0;
+ return -1;
+}
diff --git a/kerberosIV/krb/recvauth.c b/kerberosIV/krb/recvauth.c
index d5706120d42..f1286ebe3f6 100644
--- a/kerberosIV/krb/recvauth.c
+++ b/kerberosIV/krb/recvauth.c
@@ -1,10 +1,4 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/recvauth.c,v $
- *
- * $Locker: $
- */
+/* $KTH: recvauth.c,v 1.18 1997/07/05 01:35:15 assar Exp $ */
/*
Copyright (C) 1989 by the Massachusetts Institute of Technology
@@ -29,18 +23,6 @@ or implied warranty.
#include "krb_locl.h"
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <syslog.h>
-
-/*
- * If the protocol changes, you will need to change the version string
- * and make appropriate changes in krb_sendauth.c
- * be sure to support old versions of krb_sendauth!
- */
-#define KRB_SENDAUTH_VERS "AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN
- chars */
-
/*
* krb_recvauth() reads (and optionally responds to) a message sent
* using krb_sendauth(). The "options" argument is a bit-field of
@@ -73,21 +55,6 @@ or implied warranty.
*
* See krb_sendauth() for the format of the received client message.
*
- * This routine supports another client format, for backward
- * compatibility, consisting of:
- *
- * Size Variable Field
- * ---- -------- -----
- *
- * string tmp_buf, tkt_len length of ticket, in
- * ascii
- *
- * char ' ' (space char) separator
- *
- * tkt_len ticket->dat the ticket
- *
- * This old-style version does not support mutual authentication.
- *
* krb_recvauth() first reads the protocol version string from the
* given file descriptor. If it doesn't match the current protocol
* version (KRB_SENDAUTH_VERS), the old-style format is assumed. In
@@ -122,174 +89,104 @@ or implied warranty.
* other error code is returned.
*/
-#ifndef max
-#define max(a,b) (((a) > (b)) ? (a) : (b))
-#endif /* max */
+static int
+send_error_reply(int fd)
+{
+ unsigned char tmp[4] = { 255, 255, 255, 255 };
+ if(krb_net_write(fd, tmp, sizeof(tmp)) != sizeof(tmp))
+ return -1;
+ return 0;
+}
int
-krb_recvauth(options, fd, ticket, service, instance, faddr, laddr, kdata,
- filename, schedule, version)
- int32_t options; /* bit-pattern of options */
- int fd; /* file descr. to read from */
- KTEXT ticket; /* storage for client's ticket */
- char *service; /* service expected */
- char *instance; /* inst expected (may be filled in) */
- struct sockaddr_in *faddr; /* address of foreign host on fd */
- struct sockaddr_in *laddr; /* local address */
- AUTH_DAT *kdata; /* kerberos data (returned) */
- char *filename; /* name of file with service keys */
- struct des_ks_struct *schedule; /* key schedule (return) */
- char *version; /* version string (filled in) */
+krb_recvauth(int32_t options, /* bit-pattern of options */
+ int fd, /* file descr. to read from */
+ KTEXT ticket, /* storage for client's ticket */
+ char *service, /* service expected */
+ char *instance, /* inst expected (may be filled in) */
+ struct sockaddr_in *faddr, /* address of foreign host on fd */
+ struct sockaddr_in *laddr, /* local address */
+ AUTH_DAT *kdata, /* kerberos data (returned) */
+ char *filename, /* name of file with service keys */
+ struct des_ks_struct *schedule, /* key schedule (return) */
+ char *version) /* version string (filled in) */
{
-
- int i, cc, old_vers = 0;
+ int cc;
char krb_vers[KRB_SENDAUTH_VLEN + 1]; /* + 1 for the null terminator */
- char *cp;
int rem;
- long tkt_len, priv_len;
- u_int32_t cksum;
+ int32_t priv_len;
u_char tmp_buf[MAX_KTXT_LEN+max(KRB_SENDAUTH_VLEN+1,21)];
- /* read the protocol version number */
- if (krb_net_read(fd, krb_vers, KRB_SENDAUTH_VLEN) !=
- KRB_SENDAUTH_VLEN)
+ if (!(options & KOPT_IGNORE_PROTOCOL)) {
+ /* read the protocol version number */
+ if (krb_net_read(fd, krb_vers, KRB_SENDAUTH_VLEN) != KRB_SENDAUTH_VLEN)
return(errno);
- krb_vers[KRB_SENDAUTH_VLEN] = '\0';
-
- /* check version string */
- if (strcmp(krb_vers,KRB_SENDAUTH_VERS)) {
- /* Assume the old version of sendkerberosdata: send ascii
- length, ' ', and ticket. */
- if (options & KOPT_DO_MUTUAL)
- return(KFAILURE); /* XXX can't do old style with mutual auth */
- old_vers = 1;
-
- /* copy what we have read into tmp_buf */
- (void) bcopy(krb_vers, (char *) tmp_buf, KRB_SENDAUTH_VLEN);
-
- /* search for space, and make it a null */
- for (i = 0; i < KRB_SENDAUTH_VLEN; i++)
- if (tmp_buf[i]== ' ') {
- tmp_buf[i] = '\0';
- /* point cp to the beginning of the real ticket */
- cp = (char *) &tmp_buf[i+1];
- break;
- }
-
- if (i == KRB_SENDAUTH_VLEN)
- /* didn't find the space, keep reading to find it */
- for (; i<20; i++) {
- if (read(fd, (char *)&tmp_buf[i], 1) != 1) {
- return(KFAILURE);
- }
- if (tmp_buf[i] == ' ') {
- tmp_buf[i] = '\0';
- /* point cp to the beginning of the real ticket */
- cp = (char *) &tmp_buf[i+1];
- break;
- }
- }
-
- tkt_len = (long) atoi((char *) tmp_buf);
-
- /* sanity check the length */
- if ((i==20)||(tkt_len<=0)||(tkt_len>MAX_KTXT_LEN))
- return(KFAILURE);
-
- if (i < KRB_SENDAUTH_VLEN) {
- /* since we already got the space, and part of the ticket,
- we read fewer bytes to get the rest of the ticket */
- if (krb_net_read(fd, (char *)(tmp_buf+KRB_SENDAUTH_VLEN),
- (int) (tkt_len - KRB_SENDAUTH_VLEN + 1 + i))
- != (int)(tkt_len - KRB_SENDAUTH_VLEN + 1 + i))
- return(errno);
- } else {
- if (krb_net_read(fd, (char *)(tmp_buf+i), (int)tkt_len) !=
- (int) tkt_len)
- return(errno);
- }
- ticket->length = tkt_len;
- /* copy the ticket into the struct */
- (void) bcopy(cp, (char *) ticket->dat, ticket->length);
-
- } else {
- /* read the application version string */
- if (krb_net_read(fd, version, KRB_SENDAUTH_VLEN) !=
- KRB_SENDAUTH_VLEN)
- return(errno);
- version[KRB_SENDAUTH_VLEN] = '\0';
+ krb_vers[KRB_SENDAUTH_VLEN] = '\0';
+ }
- /* get the length of the ticket */
- if (krb_net_read(fd, (char *)&tkt_len, sizeof(tkt_len)) !=
- sizeof(tkt_len))
- return(errno);
+ /* read the application version string */
+ if (krb_net_read(fd, version, KRB_SENDAUTH_VLEN) != KRB_SENDAUTH_VLEN)
+ return(errno);
+ version[KRB_SENDAUTH_VLEN] = '\0';
+
+ /* get the length of the ticket */
+ {
+ char tmp[4];
+ if (krb_net_read(fd, tmp, 4) != 4)
+ return -1;
+ krb_get_int(tmp, &ticket->length, 4, 0);
+ }
- /* sanity check */
- ticket->length = ntohl((unsigned long)tkt_len);
- if ((ticket->length <= 0) || (ticket->length > MAX_KTXT_LEN)) {
- if (options & KOPT_DO_MUTUAL) {
- rem = KFAILURE;
- goto mutual_fail;
- } else
- return(KFAILURE); /* XXX there may still be junk on the fd? */
- }
-
- /* read the ticket */
- if (krb_net_read(fd, (char *) ticket->dat, ticket->length)
- != ticket->length)
- return(errno);
+ /* sanity check */
+ if (ticket->length <= 0 || ticket->length > MAX_KTXT_LEN) {
+ if (options & KOPT_DO_MUTUAL) {
+ if(send_error_reply(fd))
+ return -1;
+ return KFAILURE;
+ } else
+ return KFAILURE; /* XXX there may still be junk on the fd? */
}
+
+ /* read the ticket */
+ if (krb_net_read(fd, ticket->dat, ticket->length) != ticket->length)
+ return -1;
/*
* now have the ticket. decrypt it to get the authenticated
* data.
*/
- rem = krb_rd_req(ticket,service,instance,faddr->sin_addr.s_addr,
- kdata,filename);
-
- if (old_vers) return(rem); /* XXX can't do mutual with old client */
+ rem = krb_rd_req(ticket, service, instance, faddr->sin_addr.s_addr,
+ kdata, filename);
/* if we are doing mutual auth, compose a response */
if (options & KOPT_DO_MUTUAL) {
- if (rem != KSUCCESS)
+ if (rem != KSUCCESS){
/* the krb_rd_req failed */
- goto mutual_fail;
-
+ if(send_error_reply(fd))
+ return -1;
+ return rem;
+ }
+
/* add one to the (formerly) sealed checksum, and re-seal it
for return to the client */
- cksum = kdata->checksum + 1;
- cksum = htonl(cksum);
+ {
+ unsigned char cs[4];
+ krb_put_int(kdata->checksum + 1, cs, 4);
#ifndef NOENCRYPTION
- des_key_sched(&kdata->session,schedule);
+ des_key_sched(&kdata->session,schedule);
#endif
- priv_len = krb_mk_priv((unsigned char *)&cksum,
- tmp_buf,
- (unsigned long) sizeof(cksum),
- schedule,
- &kdata->session,
- laddr,
- faddr);
- if (priv_len < 0) {
- /* re-sealing failed; notify the client */
- rem = KFAILURE; /* XXX */
-mutual_fail:
- priv_len = -1;
- tkt_len = htonl((unsigned long) priv_len);
- /* a length of -1 is interpreted as an authentication
- failure by the client */
- if ((cc = krb_net_write(fd, (char *)&tkt_len, sizeof(tkt_len)))
- != sizeof(tkt_len))
- return(cc);
- return(rem);
- } else {
- /* re-sealing succeeded, send the private message */
- tkt_len = htonl((unsigned long)priv_len);
- if ((cc = krb_net_write(fd, (char *)&tkt_len, sizeof(tkt_len)))
- != sizeof(tkt_len))
- return(cc);
- if ((cc = krb_net_write(fd, (char *)tmp_buf, (int) priv_len))
- != (int) priv_len)
- return(cc);
+ priv_len = krb_mk_priv(cs,
+ tmp_buf+4,
+ 4,
+ schedule,
+ &kdata->session,
+ laddr,
+ faddr);
}
+ /* mk_priv will never fail */
+ priv_len += krb_put_int(priv_len, tmp_buf, 4);
+
+ if((cc = krb_net_write(fd, tmp_buf, priv_len)) != priv_len)
+ return -1;
}
- return(rem);
+ return rem;
}
diff --git a/kerberosIV/krb/resolve.c b/kerberosIV/krb/resolve.c
new file mode 100644
index 00000000000..2fe607d13af
--- /dev/null
+++ b/kerberosIV/krb/resolve.c
@@ -0,0 +1,232 @@
+/* $KTH: resolve.c,v 1.12 1997/10/28 15:37:39 bg Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+#include "resolve.h"
+
+#define DECL(X) {#X, T_##X}
+
+static struct stot{
+ char *name;
+ int type;
+}stot[] = {
+ DECL(A),
+ DECL(NS),
+ DECL(CNAME),
+ DECL(PTR),
+ DECL(MX),
+ DECL(TXT),
+ DECL(AFSDB),
+ DECL(SRV),
+ {NULL, 0}
+};
+
+static int
+string_to_type(const char *name)
+{
+ struct stot *p = stot;
+ for(p = stot; p->name; p++)
+ if(strcasecmp(name, p->name) == 0)
+ return p->type;
+ return -1;
+}
+
+#if 0
+static char *
+type_to_string(int type)
+{
+ struct stot *p = stot;
+ for(p = stot; p->name; p++)
+ if(type == p->type)
+ return p->name;
+ return NULL;
+}
+#endif
+
+void
+dns_free_data(struct dns_reply *r)
+{
+ struct resource_record *rr;
+ if(r->q.domain)
+ free(r->q.domain);
+ for(rr = r->head; rr;){
+ struct resource_record *tmp = rr;
+ if(rr->domain)
+ free(rr->domain);
+ if(rr->u.data)
+ free(rr->u.data);
+ rr = rr->next;
+ free(tmp);
+ }
+ free (r);
+}
+
+static struct dns_reply*
+parse_reply(unsigned char *data, int len)
+{
+ unsigned char *p;
+ char host[128];
+ int status;
+
+ struct dns_reply *r;
+ struct resource_record **rr;
+
+ r = (struct dns_reply*)malloc(sizeof(struct dns_reply));
+ memset(r, 0, sizeof(struct dns_reply));
+
+ p = data;
+ memcpy(&r->h, p, sizeof(HEADER));
+ p += sizeof(HEADER);
+ status = dn_expand(data, data + len, p, host, sizeof(host));
+ if(status < 0){
+ dns_free_data(r);
+ return NULL;
+ }
+ r->q.domain = strdup(host);
+ p += status;
+ r->q.type = (p[0] << 8 | p[1]);
+ p += 2;
+ r->q.class = (p[0] << 8 | p[1]);
+ p += 2;
+ rr = &r->head;
+ while(p < data + len){
+ int type, class, ttl, size;
+ status = dn_expand(data, data + len, p, host, sizeof(host));
+ if(status < 0){
+ dns_free_data(r);
+ return NULL;
+ }
+ p += status;
+ type = (p[0] << 8) | p[1];
+ p += 2;
+ class = (p[0] << 8) | p[1];
+ p += 2;
+ ttl = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
+ p += 4;
+ size = (p[0] << 8) | p[1];
+ p += 2;
+ *rr = (struct resource_record*)calloc(1,
+ sizeof(struct resource_record));
+ (*rr)->domain = strdup(host);
+ (*rr)->type = type;
+ (*rr)->class = class;
+ (*rr)->ttl = ttl;
+ (*rr)->size = size;
+ switch(type){
+ case T_NS:
+ case T_CNAME:
+ case T_PTR:
+ status = dn_expand(data, data + len, p, host, sizeof(host));
+ if(status < 0){
+ dns_free_data(r);
+ return NULL;
+ }
+ (*rr)->u.txt = strdup(host);
+ break;
+ case T_MX:
+ case T_AFSDB:{
+ status = dn_expand(data, data + len, p + 2, host, sizeof(host));
+ if(status < 0){
+ dns_free_data(r);
+ return NULL;
+ }
+ (*rr)->u.mx = (struct mx_record*)malloc(sizeof(struct mx_record) +
+ strlen(host));
+ (*rr)->u.mx->preference = (p[0] << 8) | p[1];
+ strcpy((*rr)->u.mx->domain, host);
+ break;
+ }
+ case T_SRV:{
+ status = dn_expand(data, data + len, p + 6, host, sizeof(host));
+ if(status < 0){
+ dns_free_data(r);
+ return NULL;
+ }
+ (*rr)->u.srv =
+ (struct srv_record*)malloc(sizeof(struct srv_record) +
+ strlen(host));
+ (*rr)->u.srv->priority = (p[0] << 8) | p[1];
+ (*rr)->u.srv->weight = (p[2] << 8) | p[3];
+ (*rr)->u.srv->port = (p[4] << 8) | p[5];
+ strcpy((*rr)->u.srv->target, host);
+ break;
+ }
+ case T_TXT:{
+ (*rr)->u.txt = (char*)malloc(size + 1);
+ strncpy((*rr)->u.txt, (char*)p + 1, *p);
+ (*rr)->u.txt[*p] = 0;
+ break;
+ }
+
+ default:
+ (*rr)->u.data = (unsigned char*)malloc(size);
+ memcpy((*rr)->u.data, p, size);
+ }
+ p += size;
+ rr = &(*rr)->next;
+ }
+ *rr = NULL;
+ return r;
+}
+
+struct dns_reply *
+dns_lookup(const char *domain, const char *type_name)
+{
+ unsigned char reply[1024];
+ int len;
+ int type;
+ struct dns_reply *r = NULL;
+ u_long old_options;
+
+ type = string_to_type(type_name);
+ if (krb_dns_debug) {
+ old_options = _res.options;
+ _res.options |= RES_DEBUG;
+ krb_warning("dns_lookup(%s, %s)\n", domain, type_name);
+ }
+ len = res_search(domain, C_IN, type, reply, sizeof(reply));
+ if (krb_dns_debug) {
+ _res.options = old_options;
+ krb_warning("dns_lookup(%s, %s) --> %d\n", domain, type_name, len);
+ }
+ if (len >= 0)
+ r = parse_reply(reply, len);
+ return r;
+}
diff --git a/kerberosIV/krb/resolve.h b/kerberosIV/krb/resolve.h
new file mode 100644
index 00000000000..30c2a1fc629
--- /dev/null
+++ b/kerberosIV/krb/resolve.h
@@ -0,0 +1,95 @@
+/* $KTH: resolve.h,v 1.5 1997/05/14 17:41:25 joda Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* THIS IS NOT (yet) A PUBLIC INTERFACE */
+
+
+#ifndef __RESOLVE_H__
+#define __RESOLVE_H__
+
+/* We use these, but they are not always present in <arpa/nameser.h> */
+
+struct dns_query{
+ char *domain;
+ unsigned type;
+ unsigned class;
+};
+
+struct mx_record{
+ unsigned preference;
+ char domain[1];
+};
+
+struct srv_record{
+ unsigned priority;
+ unsigned weight;
+ unsigned port;
+ char target[1];
+};
+
+struct resource_record{
+ char *domain;
+ unsigned type;
+ unsigned class;
+ unsigned ttl;
+ unsigned size;
+ union {
+ void *data;
+ struct mx_record *mx;
+ struct mx_record *afsdb; /* mx and afsdb are identical */
+ struct srv_record *srv;
+ struct in_addr *a;
+ char *txt;
+ }u;
+ struct resource_record *next;
+};
+
+struct dns_reply{
+ HEADER h;
+ struct dns_query q;
+ struct resource_record *head;
+};
+
+
+struct dns_reply* dns_lookup(const char *, const char *);
+
+void dns_free_data(struct dns_reply *r);
+
+#endif /* __RESOLVE_H__ */
diff --git a/kerberosIV/krb/rw.c b/kerberosIV/krb/rw.c
new file mode 100644
index 00000000000..7ee546050a2
--- /dev/null
+++ b/kerberosIV/krb/rw.c
@@ -0,0 +1,128 @@
+/* $KTH: rw.c,v 1.8 1997/04/01 08:18:44 joda Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* Almost all programs use these routines (implicitly) so it's a good
+ * place to put the version string. */
+
+#include "version.h"
+
+#include "krb_locl.h"
+
+int
+krb_get_int(void *f, u_int32_t *to, int size, int lsb)
+{
+ int i;
+ unsigned char *from = (unsigned char *)f;
+
+ *to = 0;
+ if(lsb){
+ for(i = size-1; i >= 0; i--)
+ *to = (*to << 8) | from[i];
+ }else{
+ for(i = 0; i < size; i++)
+ *to = (*to << 8) | from[i];
+ }
+ return size;
+}
+
+int
+krb_put_int(u_int32_t from, void *to, int size)
+{
+ int i;
+ unsigned char *p = (unsigned char *)to;
+ for(i = size - 1; i >= 0; i--){
+ p[i] = from & 0xff;
+ from >>= 8;
+ }
+ return size;
+}
+
+
+/* addresses are always sent in network byte order */
+
+int
+krb_get_address(void *from, u_int32_t *to)
+{
+ unsigned char *p = (unsigned char*)from;
+ *to = htonl((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]);
+ return 4;
+}
+
+int
+krb_put_address(u_int32_t addr, void *to)
+{
+ return krb_put_int(ntohl(addr), to, 4);
+}
+
+int
+krb_put_string(char *from, void *to)
+{
+ strcpy((char *)to, from);
+ return strlen(from) + 1;
+}
+
+int
+krb_get_string(void *from, char *to)
+{
+ return krb_put_string(from, to);
+}
+
+int
+krb_get_nir(void *from, char *name, char *instance, char *realm)
+{
+ char *p = (char *)from;
+
+ p += krb_get_string(p, name);
+ p += krb_get_string(p, instance);
+ if(realm)
+ p += krb_get_string(p, realm);
+ return p - (char *)from;
+}
+
+int
+krb_put_nir(char *name, char *instance, char *realm, void *to)
+{
+ char *p = (char *)to;
+ p += krb_put_string(name, p);
+ p += krb_put_string(instance, p);
+ if(realm)
+ p += krb_put_string(realm, p);
+ return p - (char *)to;
+}
diff --git a/kerberosIV/krb/save_credentials.c b/kerberosIV/krb/save_credentials.c
index b9b58d48704..d9ef94b449d 100644
--- a/kerberosIV/krb/save_credentials.c
+++ b/kerberosIV/krb/save_credentials.c
@@ -1,10 +1,4 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/save_credentials.c,v $
- *
- * $Locker: $
- */
+/* $KTH: save_credentials.c,v 1.5 1997/03/23 03:53:17 joda Exp $ */
/*
Copyright (C) 1989 by the Massachusetts Institute of Technology
@@ -42,16 +36,14 @@ or implied warranty.
*/
int
-save_credentials(service, instance, realm, session, lifetime, kvno,
- ticket, issue_date)
- char *service; /* Service name */
- char *instance; /* Instance */
- char *realm; /* Auth domain */
- unsigned char *session; /* Session key */
- int lifetime; /* Lifetime */
- int kvno; /* Key version number */
- KTEXT ticket; /* The ticket itself */
- int32_t issue_date; /* The issue time */
+save_credentials(char *service, /* Service name */
+ char *instance, /* Instance */
+ char *realm, /* Auth domain */
+ unsigned char *session, /* Session key */
+ int lifetime, /* Lifetime */
+ int kvno, /* Key version number */
+ KTEXT ticket, /* The ticket itself */
+ int32_t issue_date) /* The issue time */
{
int tf_status; /* return values of the tf_util calls */
@@ -62,6 +54,6 @@ save_credentials(service, instance, realm, session, lifetime, kvno,
/* Save credentials by appending to the ticket file */
tf_status = tf_save_cred(service, instance, realm, session,
lifetime, kvno, ticket, issue_date);
- (void) tf_close();
+ tf_close();
return (tf_status);
}
diff --git a/kerberosIV/krb/send_to_kdc.c b/kerberosIV/krb/send_to_kdc.c
index aa19c4065cb..f7a5865ad93 100644
--- a/kerberosIV/krb/send_to_kdc.c
+++ b/kerberosIV/krb/send_to_kdc.c
@@ -1,10 +1,4 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/send_to_kdc.c,v $
- *
- * $Locker: $
- */
+/* $KTH: send_to_kdc.c,v 1.47 1997/11/07 17:31:38 bg Exp $ */
/*
Copyright (C) 1989 by the Massachusetts Institute of Technology
@@ -29,28 +23,15 @@ or implied warranty.
#include "krb_locl.h"
-#include <sys/time.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <netdb.h>
-
-#define S_AD_SZ sizeof(struct sockaddr_in)
+struct host {
+ struct sockaddr_in addr;
+ enum krb_host_proto proto;
+};
-static int krb_udp_port = 0;
-
-/* CLIENT_KRB_TIMEOUT indicates the time to wait before
- * retrying a server. It's defined in "krb.h".
- */
-static struct timeval timeout = { CLIENT_KRB_TIMEOUT, 0};
-static char *prog = "send_to_kdc";
-static send_recv(KTEXT pkt, KTEXT rpkt, int f, struct sockaddr_in *_to, struct hostent *addrs);
-
-/*
- * This file contains two routines, send_to_kdc() and send_recv().
- * send_recv() is a static routine used by send_to_kdc().
- */
+static const char *prog = "send_to_kdc";
+static send_recv(KTEXT pkt, KTEXT rpkt, int f,
+ struct sockaddr_in *adr, struct host *addrs,
+ int h_hosts);
/*
* send_to_kdc() sends a message to the Kerberos authentication
@@ -79,246 +60,300 @@ static send_recv(KTEXT pkt, KTEXT rpkt, int f, struct sockaddr_in *_to, struct h
* after several retries
*/
+/* always use the admin server */
+static int krb_use_admin_server_flag = 0;
+
int
-send_to_kdc(pkt, rpkt, realm)
- KTEXT pkt;
- KTEXT rpkt;
- char *realm;
+krb_use_admin_server(int flag)
{
- int i, f;
+ int old = krb_use_admin_server_flag;
+ krb_use_admin_server_flag = flag;
+ return old;
+}
+
+int
+send_to_kdc(KTEXT pkt, KTEXT rpkt, char *realm)
+{
+ int i;
int no_host; /* was a kerberos host found? */
int retry;
int n_hosts;
int retval;
- struct sockaddr_in to;
- struct hostent *host, *hostlist;
- char *cp;
- char krbhst[MAX_HSTNM];
+ struct hostent *host;
char lrealm[REALM_SZ];
+ struct krb_host *k_host;
+ struct host *hosts = malloc(sizeof(*hosts));
+
+ if (hosts == NULL)
+ return SKDC_CANT;
/*
* If "realm" is non-null, use that, otherwise get the
* local realm.
*/
if (realm)
- (void) strcpy(lrealm, realm);
+ strcpy(lrealm, realm);
else
if (krb_get_lrealm(lrealm,1)) {
if (krb_debug)
- fprintf(stderr, "%s: can't get local realm\n", prog);
+ krb_warning("%s: can't get local realm\n", prog);
return(SKDC_CANT);
}
if (krb_debug)
- printf("lrealm is %s\n", lrealm);
- if (krb_udp_port == 0) {
- register struct servent *sp;
- if ((sp = getservbyname("kerberos","udp")) == 0) {
- if (krb_debug)
- fprintf(stderr, "%s: Can't get kerberos/udp service\n",
- prog);
- krb_udp_port = 750; /* Was return(SKDC_CANT); */
- }
- else
- krb_udp_port = sp->s_port;
- if (krb_debug)
- printf("krb_udp_port is %d\n", krb_udp_port);
- }
- bzero((char *)&to, S_AD_SZ);
- hostlist = (struct hostent *) malloc(sizeof(struct hostent));
- if (!hostlist)
- return (/*errno */SKDC_CANT);
- if ((f = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
- if (krb_debug)
- fprintf(stderr,"%s: Can't open socket\n", prog);
- return(SKDC_CANT);
- }
- /* from now on, exit through rtn label for cleanup */
+ krb_warning("lrealm is %s\n", lrealm);
no_host = 1;
/* get an initial allocation */
n_hosts = 0;
- bzero((char *)&hostlist[n_hosts], sizeof(struct hostent));
- for (i = 1; krb_get_krbhst(krbhst, lrealm, i) == KSUCCESS; ++i) {
- if (krb_debug) {
- printf("Getting host entry for %s...",krbhst);
- (void) fflush(stdout);
- }
- host = gethostbyname(krbhst);
+ for (i = 1; (k_host = krb_get_host(i, lrealm, krb_use_admin_server_flag));
+ ++i) {
+ char *p;
+
+ if (krb_debug)
+ krb_warning("Getting host entry for %s...", k_host->host);
+ host = gethostbyname(k_host->host);
if (krb_debug) {
- printf("%s.\n",
- host ? "Got it" : "Didn't get it");
- (void) fflush(stdout);
+ krb_warning("%s.\n",
+ host ? "Got it" : "Didn't get it");
}
if (!host)
continue;
no_host = 0; /* found at least one */
- n_hosts++;
- /* preserve host network address to check later
- * (would be better to preserve *all* addresses,
- * take care of that later)
- */
- hostlist = (struct hostent *)
- realloc((char *)hostlist,
- (unsigned)
- sizeof(struct hostent)*(n_hosts+1));
- if (!hostlist)
- return /*errno */SKDC_CANT;
- bcopy((char *)host, (char *)&hostlist[n_hosts-1],
- sizeof(struct hostent));
- host = &hostlist[n_hosts-1];
- cp = malloc((unsigned)host->h_length);
- if (!cp) {
- retval = /*errno */SKDC_CANT;
- goto rtn;
- }
- bcopy((char *)host->h_addr, cp, host->h_length);
-/* At least Sun OS version 3.2 (or worse) and Ultrix version 2.2
- (or worse) only return one name ... */
-#if defined(h_addr)
- host->h_addr_list = (char **)malloc(2*sizeof(char *));
- if (!host->h_addr_list) {
- retval = /*errno */SKDC_CANT;
- goto rtn;
- }
- host->h_addr_list[1] = NULL;
-#endif /* defined(h_addr) */
- host->h_addr = cp;
- bzero((char *)&hostlist[n_hosts],
- sizeof(struct hostent));
- to.sin_family = host->h_addrtype;
- bcopy(host->h_addr, (char *)&to.sin_addr,
- host->h_length);
- to.sin_port = krb_udp_port;
- if (send_recv(pkt, rpkt, f, &to, hostlist)) {
- retval = KSUCCESS;
- goto rtn;
- }
- if (krb_debug) {
- printf("Timeout, error, or wrong descriptor\n");
- (void) fflush(stdout);
- }
+ while ((p = *(host->h_addr_list)++)) {
+ hosts = realloc(hosts, sizeof(*hosts) * (n_hosts + 1));
+ if (hosts == NULL)
+ return SKDC_CANT;
+ memset (&hosts[n_hosts].addr, 0, sizeof(hosts[n_hosts].addr));
+ hosts[n_hosts].addr.sin_family = host->h_addrtype;
+ hosts[n_hosts].addr.sin_port = htons(k_host->port);
+ hosts[n_hosts].proto = k_host->proto;
+ memcpy(&hosts[n_hosts].addr.sin_addr, p,
+ sizeof(hosts[n_hosts].addr.sin_addr));
+ ++n_hosts;
+ if (send_recv(pkt, rpkt, hosts[n_hosts-1].proto,
+ &hosts[n_hosts-1].addr, hosts, n_hosts)) {
+ retval = KSUCCESS;
+ goto rtn;
+ }
+ if (krb_debug) {
+ krb_warning("Timeout, error, or wrong descriptor\n");
+ }
+ }
}
if (no_host) {
if (krb_debug)
- fprintf(stderr, "%s: can't find any Kerberos host.\n",
- prog);
+ krb_warning("%s: can't find any Kerberos host.\n",
+ prog);
retval = SKDC_CANT;
goto rtn;
}
/* retry each host in sequence */
for (retry = 0; retry < CLIENT_KRB_RETRY; ++retry) {
- for (host = hostlist; host->h_name != (char *)NULL; host++) {
- to.sin_family = host->h_addrtype;
- bcopy(host->h_addr, (char *)&to.sin_addr,
- host->h_length);
- if (send_recv(pkt, rpkt, f, &to, hostlist)) {
- retval = KSUCCESS;
- goto rtn;
- }
+ for (i = 0; i < n_hosts; ++i) {
+ if (send_recv(pkt, rpkt,
+ hosts[i].proto,
+ &hosts[i].addr,
+ hosts,
+ n_hosts)) {
+ retval = KSUCCESS;
+ goto rtn;
+ }
}
}
retval = SKDC_RETRY;
rtn:
- (void) close(f);
- if (hostlist) {
- register struct hostent *hp;
- for (hp = hostlist; hp->h_name; hp++)
-#if defined(h_addr)
- if (hp->h_addr_list) {
-#endif /* defined(h_addr) */
- if (hp->h_addr)
- free(hp->h_addr);
-#if defined(h_addr)
- free((char *)hp->h_addr_list);
- }
-#endif /* defined(h_addr) */
- free((char *)hostlist);
- }
+ free(hosts);
return(retval);
}
-/*
- * try to send out and receive message.
- * return 1 on success, 0 on failure
- */
+static int udp_socket(void)
+{
+ return socket(AF_INET, SOCK_DGRAM, 0);
+}
-static int
-send_recv(pkt, rpkt, f, _to, addrs)
- KTEXT pkt;
- KTEXT rpkt;
- int f;
- struct sockaddr_in *_to;
- struct hostent *addrs;
+static int udp_connect(int s, struct sockaddr_in *adr)
+{
+ return connect(s, (struct sockaddr*)adr, sizeof(*adr));
+}
+
+static int udp_send(int s, struct sockaddr_in* adr, KTEXT pkt)
{
- fd_set readfds;
- register struct hostent *hp;
- struct sockaddr_in from;
- int sin_size;
- int numsent;
+ return send(s, pkt->dat, pkt->length, 0);
+}
- if (krb_debug) {
- if (_to->sin_family == AF_INET)
- printf("Sending message to %s...",
- inet_ntoa(_to->sin_addr));
- else
- printf("Sending message...");
- (void) fflush(stdout);
- }
- if ((numsent = sendto(f,(char *)(pkt->dat), pkt->length, 0,
- (struct sockaddr *)_to,
- S_AD_SZ)) != pkt->length) {
- if (krb_debug)
- printf("sent only %d/%d\n",numsent, pkt->length);
- return 0;
+static int tcp_socket(void)
+{
+ return socket(AF_INET, SOCK_STREAM, 0);
+}
+
+static int tcp_connect(int s, struct sockaddr_in *adr)
+{
+ return connect(s, (struct sockaddr*)adr, sizeof(*adr));
+}
+
+static int tcp_send(int s, struct sockaddr_in* adr, KTEXT pkt)
+{
+ unsigned char len[4];
+ krb_put_int(pkt->length, len, 4);
+ if(send(s, len, sizeof(len), 0) != sizeof(len))
+ return -1;
+ return send(s, pkt->dat, pkt->length, 0);
+}
+
+static int udptcp_recv(void *buf, size_t len, KTEXT rpkt)
+{
+ memcpy(rpkt->dat, buf, len);
+ rpkt->length = len;
+ return 0;
+}
+
+static int url_parse(const char *url, char *host, size_t len, short *port)
+{
+ const char *p;
+ if(strncmp(url, "http://", 7))
+ return -1;
+ url += 7;
+ strncpy(host, url, len);
+ p = strchr(url, ':');
+ if(p){
+ *port = atoi(p+1);
+ if(p - url >= len)
+ return -1;
+ host[p - url] = 0;
+ }else{
+ *port = 80;
+ host[len - 1] = 0;
}
- if (krb_debug) {
- printf("Sent\nWaiting for reply...");
- (void) fflush(stdout);
+ return 0;
+}
+
+#define PROXY_VAR "krb4_proxy"
+
+static int http_connect(int s, struct sockaddr_in *adr)
+{
+ char *proxy = getenv(PROXY_VAR);
+ char host[MAXHOSTNAMELEN + 1];
+ short port;
+ struct hostent *hp;
+ struct sockaddr_in sin;
+ if(proxy == NULL)
+ return tcp_connect(s, adr);
+ if(url_parse(proxy, host, sizeof(host), &port) < 0)
+ return -1;
+ hp = gethostbyname(host);
+ if(hp == NULL)
+ return -1;
+ memset(&sin, 0, sizeof(sin));
+ sin.sin_family = AF_INET;
+ memcpy(&sin.sin_addr, hp->h_addr, sizeof(sin.sin_addr));
+ sin.sin_port = htons(port);
+ return connect(s, (struct sockaddr*)&sin, sizeof(sin));
+}
+
+static int http_send(int s, struct sockaddr_in* adr, KTEXT pkt)
+{
+ char *str;
+ char *msg;
+
+ base64_encode(pkt->dat, pkt->length, &str);
+ if(getenv(PROXY_VAR)){
+ asprintf(&msg, "GET http://%s:%d/%s HTTP/1.0\r\n\r\n",
+ inet_ntoa(adr->sin_addr),
+ ntohs(adr->sin_port),
+ str);
+ }else
+ asprintf(&msg, "GET %s HTTP/1.0\r\n\r\n", str);
+ free(str);
+
+ if(send(s, msg, strlen(msg), 0) != strlen(msg)){
+ free(msg);
+ return -1;
}
- FD_ZERO(&readfds);
- FD_SET(f, &readfds);
- errno = 0;
- /* select - either recv is ready, or timeout */
- /* see if timeout or error or wrong descriptor */
- if (select(f + 1, &readfds, (fd_set *)0, (fd_set *)0, &timeout) < 1
- || !FD_ISSET(f, &readfds)) {
- if (krb_debug) {
- long rfds;
- bcopy(&readfds, &rfds, sizeof(rfds));
- fprintf(stderr, "select failed: readfds=%lx",
- rfds);
- perror("");
- }
- return 0;
+ free(msg);
+ return 0;
+}
+
+static int http_recv(void *buf, size_t len, KTEXT rpkt)
+{
+ char *p;
+ char *tmp = malloc(len + 1);
+ memcpy(tmp, buf, len);
+ tmp[len] = 0;
+ p = strstr(tmp, "\r\n\r\n");
+ if(p == NULL){
+ free(tmp);
+ return -1;
}
- sin_size = sizeof(from);
- if (recvfrom(f, (char *)(rpkt->dat), sizeof(rpkt->dat), 0,
- (struct sockaddr *)&from, &sin_size)
- < 0) {
- if (krb_debug)
- perror("recvfrom");
- return 0;
+ p += 4;
+ memcpy(rpkt->dat, p, (tmp + len) - p);
+ rpkt->length = (tmp + len) - p;
+ free(tmp);
+ return 0;
+}
+
+static struct proto_descr {
+ int proto;
+ int stream_flag;
+ int (*socket)(void);
+ int (*connect)(int, struct sockaddr_in*);
+ int (*send)(int, struct sockaddr_in*, KTEXT);
+ int (*recv)(void*, size_t, KTEXT);
+} protos[] = {
+ { PROTO_UDP, 0, udp_socket, udp_connect, udp_send, udptcp_recv },
+ { PROTO_TCP, 1, tcp_socket, tcp_connect, tcp_send, udptcp_recv },
+ { PROTO_HTTP, 1, tcp_socket, http_connect, http_send, http_recv }
+};
+
+static int
+send_recv(KTEXT pkt, KTEXT rpkt, int proto, struct sockaddr_in *adr,
+ struct host *addrs, int n_hosts)
+{
+ int i;
+ int s;
+ unsigned char buf[2048];
+ int offset = 0;
+
+ for(i = 0; i < sizeof(protos) / sizeof(protos[0]); i++){
+ if(protos[i].proto == proto)
+ break;
}
- if (krb_debug) {
- printf("received packet from %s\n", inet_ntoa(from.sin_addr));
- fflush(stdout);
+ if(i == sizeof(protos) / sizeof(protos[0]))
+ return FALSE;
+ if((s = (*protos[i].socket)()) < 0)
+ return FALSE;
+ if((*protos[i].connect)(s, adr) < 0){
+ close(s);
+ return FALSE;
}
- for (hp = addrs; hp->h_name != (char *)NULL; hp++) {
- if (!bcmp(hp->h_addr, (char *)&from.sin_addr.s_addr,
- hp->h_length)) {
- if (krb_debug) {
- printf("Received it\n");
- (void) fflush(stdout);
- }
- return 1;
- }
- if (krb_debug)
- fprintf(stderr,
- "packet not from %lx\n",
- from.sin_addr.s_addr);
+ if((*protos[i].send)(s, adr, pkt) < 0){
+ close(s);
+ return FALSE;
}
- if (krb_debug)
- fprintf(stderr, "%s: received packet from wrong host! (%x)\n",
- "send_to_kdc(send_rcv)", (int)from.sin_addr.s_addr);
- return 0;
+ do{
+ fd_set readfds;
+ struct timeval timeout;
+ int len;
+ timeout.tv_sec = CLIENT_KRB_TIMEOUT;
+ timeout.tv_usec = 0;
+ FD_ZERO(&readfds);
+ FD_SET(s, &readfds);
+
+ /* select - either recv is ready, or timeout */
+ /* see if timeout or error or wrong descriptor */
+ if(select(s + 1, &readfds, 0, 0, &timeout) < 1
+ || !FD_ISSET(s, &readfds)) {
+ if (krb_debug)
+ krb_warning("select failed: errno = %d\n", errno);
+ close(s);
+ return FALSE;
+ }
+ len = recv(s, buf + offset, sizeof(buf) - offset, 0);
+ if(len <= 0)
+ break;
+ offset += len;
+ }while(protos[i].stream_flag);
+ close(s);
+ if((*protos[i].recv)(buf, offset, rpkt) < 0)
+ return FALSE;
+ return TRUE;
}
diff --git a/kerberosIV/krb/sendauth.c b/kerberosIV/krb/sendauth.c
index 14637548597..96ff7c30ba5 100644
--- a/kerberosIV/krb/sendauth.c
+++ b/kerberosIV/krb/sendauth.c
@@ -1,10 +1,4 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/sendauth.c,v $
- *
- * $Locker: $
- */
+/* $KTH: sendauth.c,v 1.15 1997/04/18 14:11:36 joda Exp $ */
/*
Copyright (C) 1989 by the Massachusetts Institute of Technology
@@ -29,25 +23,10 @@ or implied warranty.
#include "krb_locl.h"
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <syslog.h>
-
/*
- * If the protocol changes, you will need to change the version string
- * and make appropriate changes in krb_recvauth.c
- */
-#define KRB_SENDAUTH_VERS "AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN chars */
-
-
-/*
- * This file contains two routines: krb_sendauth() and krb_sendsrv().
- *
* krb_sendauth() transmits a ticket over a file descriptor for a
* desired service, instance, and realm, doing mutual authentication
* with the server if desired.
- *
- * krb_sendsvc() sends a service name to a remote knetd server.
*/
/*
@@ -113,157 +92,72 @@ or implied warranty.
* ticket->length ticket->dat ticket itself
*/
-/*
- * XXX: Note that krb_rd_priv() is coded in such a way that
- * "msg_data->app_data" will be pointing into "priv_buf", which
- * will disappear when krb_sendauth() returns.
- */
-
int
-krb_sendauth(options, fd, ticket, service, inst, realm, checksum,
- msg_data, cred, schedule, laddr, faddr, version)
- int32_t options; /* bit-pattern of options */
- int fd; /* file descriptor to write onto */
- KTEXT ticket; /* where to put ticket (return); or
+krb_sendauth(int32_t options, /* bit-pattern of options */
+ int fd, /* file descriptor to write onto */
+ KTEXT ticket, /* where to put ticket (return); or
* supplied in case of KOPT_DONT_MK_REQ */
- char *service; /* service name, instance, realm */
- char *inst; /* checksum to include in request */
- char *realm; /* mutual auth MSG_DAT (return) */
- u_int32_t checksum; /* credentials (return) */
- MSG_DAT *msg_data; /* key schedule (return) */
- CREDENTIALS *cred; /* local address */
- struct des_ks_struct *schedule;
- struct sockaddr_in *faddr; /* address of foreign host on fd */
- struct sockaddr_in *laddr;
- char *version; /* version string */
+ char *service, /* service name, instance, realm */
+ char *instance,
+ char *realm,
+ u_int32_t checksum, /* checksum to include in request */
+ MSG_DAT *msg_data, /* mutual auth MSG_DAT (return) */
+ CREDENTIALS *cred, /* credentials (return) */
+ struct des_ks_struct *schedule, /* key schedule (return) */
+ struct sockaddr_in *laddr, /* local address */
+ struct sockaddr_in *faddr, /* address of foreign host on fd */
+ char *version) /* version string */
{
- int rem, i, cc;
- char srv_inst[INST_SZ];
- char krb_realm[REALM_SZ];
- char buf[BUFSIZ];
- u_int32_t tkt_len;
- u_char priv_buf[1024];
- u_int32_t cksum;
-
- rem=KSUCCESS;
-
- /* get current realm if not passed in */
- if (!realm) {
- rem = krb_get_lrealm(krb_realm,1);
- if (rem != KSUCCESS)
- return(rem);
- realm = krb_realm;
- }
-
- /* copy instance into local storage, canonicalizing if desired */
- if (options & KOPT_DONT_CANON)
- (void) strncpy(srv_inst, inst, INST_SZ);
- else
- (void) strncpy(srv_inst, krb_get_phost(inst), INST_SZ);
-
- /* get the ticket if desired */
- if (!(options & KOPT_DONT_MK_REQ)) {
- rem = krb_mk_req(ticket, service, srv_inst, realm, checksum);
- if (rem != KSUCCESS)
- return(rem);
- }
-
-#ifdef ATHENA_COMPAT
- /* this is only for compatibility with old servers */
- if (options & KOPT_DO_OLDSTYLE) {
- (void) snprintf(buf, sizeof(buf), "%d ", ticket->length);
- (void) write(fd, buf, strlen(buf));
- (void) write(fd, (char *) ticket->dat, ticket->length);
- return(rem);
+ int ret;
+ KTEXT_ST buf;
+ char realrealm[REALM_SZ];
+
+ if (realm == NULL) {
+ ret = krb_get_lrealm (realrealm, 1);
+ if (ret != KSUCCESS)
+ return ret;
+ realm = realrealm;
}
-#endif /* ATHENA_COMPAT */
- /* if mutual auth, get credentials so we have service session
- keys for decryption below */
- if (options & KOPT_DO_MUTUAL)
- if ((cc = krb_get_cred(service, srv_inst, realm, cred)))
- return(cc);
-
- /* zero the buffer */
- (void) bzero(buf, BUFSIZ);
-
- /* insert version strings */
- (void) strncpy(buf, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN);
- (void) strncpy(buf+KRB_SENDAUTH_VLEN, version, KRB_SENDAUTH_VLEN);
-
- /* increment past vers strings */
- i = 2*KRB_SENDAUTH_VLEN;
-
- /* put ticket length into buffer */
- tkt_len = htonl(ticket->length);
- (void) bcopy((char *) &tkt_len, buf+i, sizeof(tkt_len));
- i += sizeof(tkt_len);
-
- /* put ticket into buffer */
- (void) bcopy((char *) ticket->dat, buf+i, ticket->length);
- i += ticket->length;
-
- /* write the request to the server */
- if ((cc = krb_net_write(fd, buf, i)) != i)
- return(cc);
-
- /* mutual authentication, if desired */
+ ret = krb_mk_auth (options, ticket, service, instance, realm, checksum,
+ version, &buf);
+ if (ret != KSUCCESS)
+ return ret;
+ ret = krb_net_write(fd, buf.dat, buf.length);
+ if(ret < 0)
+ return -1;
+
if (options & KOPT_DO_MUTUAL) {
- /* get the length of the reply */
- if (krb_net_read(fd, (char *) &tkt_len, sizeof(tkt_len)) !=
- sizeof(tkt_len))
- return(errno);
- tkt_len = ntohl(tkt_len);
-
- /* if the length is negative, the server failed to recognize us. */
- if ((tkt_len < 0) || (tkt_len > sizeof(priv_buf)))
- return(KFAILURE); /* XXX */
- /* read the reply... */
- if (krb_net_read(fd, (char *)priv_buf, (int) tkt_len) != (int) tkt_len)
- return(errno);
-
- /* ...and decrypt it */
-#ifndef NOENCRYPTION
- des_key_sched(&cred->session,schedule);
-#endif
- if ((cc = krb_rd_priv(priv_buf, tkt_len, schedule,
- &cred->session, faddr, laddr, msg_data)))
- return(cc);
-
- /* fetch the (modified) checksum */
- (void) bcopy((char *)msg_data->app_data, (char *)&cksum,
- sizeof(cksum));
- cksum = ntohl(cksum);
-
- /* if it doesn't match, fail */
- if (cksum != checksum + 1)
- return(KFAILURE); /* XXX */
+ char tmp[4];
+ u_int32_t len;
+ char inst[INST_SZ];
+
+ ret = krb_net_read (fd, tmp, 4);
+ if (ret < 0)
+ return -1;
+
+ krb_get_int (tmp, &len, 4, 0);
+ if (len == 0xFFFFFFFF || len > sizeof(buf.dat))
+ return KFAILURE;
+ buf.length = len;
+ ret = krb_net_read (fd, buf.dat, len);
+ if (ret < 0)
+ return -1;
+
+ if (options & KOPT_DONT_CANON)
+ strncpy (inst, instance, sizeof(inst));
+ else
+ strncpy (inst, krb_get_phost(instance), sizeof(inst));
+
+ ret = krb_get_cred (service, inst, realm, cred);
+ if (ret != KSUCCESS)
+ return ret;
+
+ des_key_sched(&cred->session, schedule);
+
+ ret = krb_check_auth (&buf, checksum, msg_data, &cred->session,
+ schedule, laddr, faddr);
+ if (ret != KSUCCESS)
+ return ret;
}
- return(KSUCCESS);
-}
-
-#ifdef ATHENA_COMPAT
-/*
- * krb_sendsvc
- */
-
-int
-krb_sendsvc(fd, service)
- int fd;
- char *service;
-{
- /* write the service name length and then the service name to
- the fd */
- u_int32_t serv_length;
- int cc;
-
- serv_length = htonl(strlen(service));
- if ((cc = krb_net_write(fd, (char *) &serv_length,
- sizeof(serv_length)))
- != sizeof(serv_length))
- return(cc);
- if ((cc = krb_net_write(fd, service, strlen(service)))
- != strlen(service))
- return(cc);
- return(KSUCCESS);
+ return KSUCCESS;
}
-#endif /* ATHENA_COMPAT */
diff --git a/kerberosIV/krb/shlib_version b/kerberosIV/krb/shlib_version
index 890c57389b5..3066b9771e7 100644
--- a/kerberosIV/krb/shlib_version
+++ b/kerberosIV/krb/shlib_version
@@ -1,2 +1,2 @@
-major=4
-minor=1
+major=5
+minor=0
diff --git a/kerberosIV/krb/fgetst.c b/kerberosIV/krb/stime.c
index dfc268fb3f2..b3f5ce270ec 100644
--- a/kerberosIV/krb/fgetst.c
+++ b/kerberosIV/krb/stime.c
@@ -1,14 +1,8 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/fgetst.c,v $
- *
- * $Locker: $
- */
-
-/*
- Copyright (C) 1989 by the Massachusetts Institute of Technology
+/* $KTH: stime.c,v 1.6 1997/05/02 14:29:20 assar Exp $ */
+/*
+ Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute of Technology.
+
Export of this software from the United States of America is assumed
to require a specific license from the United States Government.
It is the responsibility of any person or organization contemplating
@@ -25,31 +19,28 @@ permission. M.I.T. makes no representations about the suitability of
this software for any purpose. It is provided "as is" without express
or implied warranty.
- */
+ */
#include "krb_locl.h"
/*
- * fgetst takes a file descriptor, a character pointer, and a count.
- * It reads from the file it has either read "count" characters, or
- * until it reads a null byte. When finished, what has been read exists
- * in "s". If "count" characters were actually read, the last is changed
- * to a null, so the returned string is always null-terminated. fgetst
- * returns the number of characters read, including the null terminator.
+ * Given a pointer to a long containing the number of seconds
+ * since the beginning of time (midnight 1 Jan 1970 GMT), return
+ * a string containing the local time in the form:
+ *
+ * "25-Jan-1988 10:17:56"
*/
-int
-fgetst(f, s, n)
- FILE *f;
- register char *s;
- int n;
+const char *
+krb_stime(time_t *t)
{
- register count = n;
- int ch; /* NOT char; otherwise you don't see EOF */
-
- while ((ch = getc(f)) != EOF && ch && --count) {
- *s++ = ch;
- }
- *s = '\0';
- return (n - count);
+ static char st[40];
+ struct tm *tm;
+
+ tm = localtime(t);
+ snprintf(st, sizeof(st),
+ "%2d-%s-%04d %02d:%02d:%02d",tm->tm_mday,
+ month_sname(tm->tm_mon + 1),tm->tm_year + 1900,
+ tm->tm_hour, tm->tm_min, tm->tm_sec);
+ return st;
}
diff --git a/kerberosIV/krb/str2key.c b/kerberosIV/krb/str2key.c
index 681f4bfee57..8e967a63610 100644
--- a/kerberosIV/krb/str2key.c
+++ b/kerberosIV/krb/str2key.c
@@ -1,13 +1,6 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/str2key.c,v $
- *
- * $Locker: $
- */
+/* $KTH: str2key.c,v 1.10 1997/03/23 03:53:19 joda Exp $ */
-/*
- * This defines the Andrew string_to_key function. It accepts a password
+/* This defines the Andrew string_to_key function. It accepts a password
* string as input and converts its via a one-way encryption algorithm to a DES
* encryption key. It is compatible with the original Andrew authentication
* service password database.
@@ -15,13 +8,8 @@
#include "krb_locl.h"
-/*
-EXPORT void afs_string_to_key(char *passwd, char *cell, des_cblock *key);
-*/
-
static void
-mklower(s)
- char *s;
+mklower(char *s)
{
for (; *s; s++)
if ('A' <= *s && *s <= 'Z')
@@ -32,17 +20,14 @@ mklower(s)
* Short passwords, i.e 8 characters or less.
*/
static void
-afs_cmu_StringToKey (str, cell, key)
- char *str;
- char *cell;
- des_cblock *key;
+afs_cmu_StringToKey (char *str, char *cell, des_cblock *key)
{
char password[8+1]; /* crypt is limited to 8 chars anyway */
int i;
int passlen;
- bzero (key, sizeof(key));
- bzero(password, sizeof(password));
+ memset (key, 0, sizeof(key));
+ memset(password, 0, sizeof(password));
strncpy (password, cell, 8);
passlen = strlen (str);
@@ -56,7 +41,7 @@ afs_cmu_StringToKey (str, cell, key)
/* crypt only considers the first 8 characters of password but for some
reason returns eleven characters of result (plus the two salt chars). */
- strncpy((void *)key, (char *)des_crypt(password, "#~") + 2, sizeof(des_cblock));
+ strncpy((char *)key, (char *)crypt(password, "#~") + 2, sizeof(des_cblock));
/* parity is inserted into the LSB so leftshift each byte up one bit. This
allows ascii characters with a zero MSB to retain as much significance
@@ -72,38 +57,30 @@ afs_cmu_StringToKey (str, cell, key)
des_fixup_key_parity (key);
}
-#undef BUFSIZ
-#define BUFSIZ 512
-
/*
* Long passwords, i.e 9 characters or more.
-*/
+ */
static void
-afs_transarc_StringToKey (str, cell, key)
- char *str;
- char *cell;
- des_cblock *key;
+afs_transarc_StringToKey (char *str, char *cell, des_cblock *key)
{
des_key_schedule schedule;
des_cblock temp_key;
des_cblock ivec;
- char password[BUFSIZ];
+ char password[512];
int passlen;
- strncpy (password, str, sizeof(password)-1);
- password[sizeof(password)-1] = '\0';
+ strncpy (password, str, sizeof(password));
if ((passlen = strlen (password)) < sizeof(password)-1)
strncat (password, cell, sizeof(password)-passlen);
- if ((passlen = strlen(password)) > sizeof(password))
- passlen = sizeof(password);
+ if ((passlen = strlen(password)) > sizeof(password)) passlen = sizeof(password);
- bcopy ("kerberos", &ivec, 8);
- bcopy ("kerberos", &temp_key, 8);
+ memcpy(&ivec, "kerberos", 8);
+ memcpy(&temp_key, "kerberos", 8);
des_fixup_key_parity (&temp_key);
des_key_sched (&temp_key, schedule);
des_cbc_cksum ((des_cblock *)password, &ivec, passlen, schedule, &ivec);
- bcopy (&ivec, &temp_key, 8);
+ memcpy(&temp_key, &ivec, 8);
des_fixup_key_parity (&temp_key);
des_key_sched (&temp_key, schedule);
des_cbc_cksum ((des_cblock *)password, key, passlen, schedule, &ivec);
@@ -111,18 +88,13 @@ afs_transarc_StringToKey (str, cell, key)
des_fixup_key_parity (key);
}
-#undef REALM_SZ
-#define REALM_SZ 41
-
void
-afs_string_to_key(str, cell, key)
- char *str;
- char *cell;
- des_cblock *key;
+afs_string_to_key(char *str, char *cell, des_cblock *key)
{
- char realm[REALM_SZ];
- (void)strcpy(realm, cell);
- (void)mklower(realm);
+ char realm[REALM_SZ+1];
+ strncpy(realm, cell, REALM_SZ);
+ realm[REALM_SZ] = 0;
+ mklower(realm);
if (strlen(str) > 8)
afs_transarc_StringToKey (str, realm, key);
diff --git a/kerberosIV/krb/strtok_r.c b/kerberosIV/krb/strtok_r.c
new file mode 100644
index 00000000000..30c4874d469
--- /dev/null
+++ b/kerberosIV/krb/strtok_r.c
@@ -0,0 +1,61 @@
+/* $KTH: strtok_r.c,v 1.4 1997/05/19 03:05:47 assar Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <string.h>
+
+char *
+strtok_r(char *s1, const char *s2, char **lasts)
+{
+ char *ret;
+
+ if (s1 == NULL)
+ s1 = *lasts;
+ while(*s1 && strchr(s2, *s1))
+ ++s1;
+ if(*s1 == '\0')
+ return NULL;
+ ret = s1;
+ while(*s1 && !strchr(s2, *s1))
+ ++s1;
+ if(*s1)
+ *s1++ = '\0';
+ *lasts = s1;
+ return ret;
+}
diff --git a/kerberosIV/krb/tf_util.c b/kerberosIV/krb/tf_util.c
index 37254df1cc1..f37c2f242d6 100644
--- a/kerberosIV/krb/tf_util.c
+++ b/kerberosIV/krb/tf_util.c
@@ -1,10 +1,4 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/tf_util.c,v $
- *
- * $Locker: $
- */
+/* $KTH: tf_util.c,v 1.25 1997/11/04 09:44:28 bg Exp $ */
/*
Copyright (C) 1989 by the Massachusetts Institute of Technology
@@ -26,29 +20,18 @@ this software for any purpose. It is provided "as is" without express
or implied warranty.
*/
-
+
#include "krb_locl.h"
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/file.h>
-
-#ifdef TKT_SHMEM
-#include <sys/param.h>
-#include <sys/ipc.h>
-#include <sys/shm.h>
-#endif /* TKT_SHMEM */
-
#define TOO_BIG -1
#define TF_LCK_RETRY ((unsigned)2) /* seconds to sleep before
* retry if ticket file is
* locked */
+#define TF_LCK_RETRY_COUNT (50) /* number of retries */
-#ifdef TKT_SHMEM
-static char *krb_shm_addr = 0;
-static char *tmp_shm_addr = 0;
-static char krb_dummy_skey[8] = {0,0,0,0,0,0,0,0};
-#endif /* TKT_SHMEM */
+#ifndef O_BINARY
+#define O_BINARY 0
+#endif
/*
* fd must be initialized to something that won't ever occur as a real
@@ -63,12 +46,13 @@ static char krb_dummy_skey[8] = {0,0,0,0,0,0,0,0};
* c. In tf_close, be sure it gets reinitialized to a negative
* number.
*/
-static fd = -1;
-static curpos; /* Position in tfbfr */
-static lastpos; /* End of tfbfr */
+static int fd = -1;
+static int curpos; /* Position in tfbfr */
+static int lastpos; /* End of tfbfr */
static char tfbfr[BUFSIZ]; /* Buffer for ticket data */
-static tf_gets(register char *s, int n), tf_read(register char *s, register int n);
+static int tf_gets(char *s, int n);
+static int tf_read(void *s, int n);
/*
* This file contains routines for manipulating the ticket cache file.
@@ -101,8 +85,12 @@ static tf_gets(register char *s, int n), tf_read(register char *s, register int
*
* tf_get_pname() returns the principal's name.
*
+ * tf_put_pname() writes the principal's name to the ticket file.
+ *
* tf_get_pinst() returns the principal's instance (may be null).
*
+ * tf_put_pinst() writes the instance.
+ *
* tf_get_cred() returns the next CREDENTIALS record.
*
* tf_save_cred() appends a new CREDENTIAL record to the ticket file.
@@ -133,133 +121,148 @@ static tf_gets(register char *s, int n), tf_read(register char *s, register int
*/
int
-tf_init(tf_name, rw)
- char *tf_name;
- int rw;
+tf_init(char *tf_name, int rw)
{
- int wflag;
- uid_t me, getuid(void);
- struct stat stat_buf;
-#ifdef TKT_SHMEM
- char shmidname[MaxPathLen];
- FILE *sfp;
- int shmid;
-#endif
-
- switch (rw) {
- case R_TKT_FIL:
- wflag = 0;
- break;
- case W_TKT_FIL:
- wflag = 1;
- break;
+ /* Unix implementation */
+ int wflag;
+ struct stat stat_buf;
+ int i_retry;
+
+ switch (rw) {
+ case R_TKT_FIL:
+ wflag = 0;
+ break;
+ case W_TKT_FIL:
+ wflag = 1;
+ break;
+ default:
+ if (krb_debug)
+ krb_warning("tf_init: illegal parameter\n");
+ return TKT_FIL_ACC;
+ }
+ if (lstat(tf_name, &stat_buf) < 0)
+ switch (errno) {
+ case ENOENT:
+ return NO_TKT_FIL;
default:
- if (krb_debug) fprintf(stderr, "tf_init: illegal parameter\n");
- return TKT_FIL_ACC;
+ return TKT_FIL_ACC;
}
- if (lstat(tf_name, &stat_buf) < 0)
- switch (errno) {
- case ENOENT:
- return NO_TKT_FIL;
- default:
- return TKT_FIL_ACC;
- }
- me = getuid();
- if ((stat_buf.st_uid != me && me != 0) ||
- ((stat_buf.st_mode & S_IFMT) != S_IFREG))
- return TKT_FIL_ACC;
-#ifdef TKT_SHMEM
- (void) strcpy(shmidname, tf_name);
- (void) strcat(shmidname, ".shm");
- if (stat(shmidname,&stat_buf) < 0)
- return(TKT_FIL_ACC);
- if ((stat_buf.st_uid != me && me != 0) ||
- ((stat_buf.st_mode & S_IFMT) != S_IFREG))
- return TKT_FIL_ACC;
-#endif /* TKT_SHMEM */
-
- /*
- * If "wflag" is set, open the ticket file in append-writeonly mode
- * and lock the ticket file in exclusive mode. If unable to lock
- * the file, sleep and try again. If we fail again, return with the
- * proper error message.
- */
-
- curpos = sizeof(tfbfr);
-
-#ifdef TKT_SHMEM
- sfp = fopen(shmidname, "r"); /* only need read/write on the
- actual tickets */
- if (sfp == 0)
- return TKT_FIL_ACC;
- shmid = -1;
- {
- char buf[BUFSIZ];
- int val; /* useful for debugging fscanf */
- /* We provide our own buffer here since some STDIO libraries
- barf on unbuffered input with fscanf() */
-
- setbuf(sfp, buf);
- if ((val = fscanf(sfp,"%d",&shmid)) != 1) {
- (void) fclose(sfp);
- return TKT_FIL_ACC;
- }
- if (shmid < 0) {
- (void) fclose(sfp);
- return TKT_FIL_ACC;
- }
- (void) fclose(sfp);
+ if (!S_ISREG(stat_buf.st_mode))
+ return TKT_FIL_ACC;
+
+ /* The code tries to guess when the calling program is running
+ * set-uid and prevent unauthorized access.
+ *
+ * All library functions now assume that the right set of userids
+ * are set upon entry, therefore it's not strictly necessary to
+ * perform these test for programs adhering to these assumptions.
+ */
+ {
+ uid_t me = getuid();
+ if (stat_buf.st_uid != me && me != 0)
+ return TKT_FIL_ACC;
+ }
+
+ /*
+ * If "wflag" is set, open the ticket file in append-writeonly mode
+ * and lock the ticket file in exclusive mode. If unable to lock
+ * the file, sleep and try again. If we fail again, return with the
+ * proper error message.
+ */
+
+ curpos = sizeof(tfbfr);
+
+
+ if (wflag) {
+ fd = open(tf_name, O_RDWR | O_BINARY, 0600);
+ if (fd < 0) {
+ return TKT_FIL_ACC;
}
- /*
- * global krb_shm_addr is initialized to 0. Ultrix bombs when you try and
- * attach the same segment twice so we need this check.
- */
- if (!krb_shm_addr) {
- if ((krb_shm_addr = shmat(shmid,0,0)) == -1){
- if (krb_debug)
- fprintf(stderr,
- "cannot attach shared memory for segment %d\n",
- shmid);
- krb_shm_addr = 0; /* reset so we catch further errors */
- return TKT_FIL_ACC;
- }
+ for (i_retry = 0; i_retry < TF_LCK_RETRY_COUNT; i_retry++) {
+ if (k_flock(fd, K_LOCK_EX | K_LOCK_NB) < 0) {
+ if (krb_debug)
+ krb_warning("tf_init: retry %d of write lock of `%s'.\n",
+ i_retry, tf_name);
+ sleep (TF_LCK_RETRY);
+ } else {
+ return KSUCCESS; /* all done */
+ }
}
- tmp_shm_addr = krb_shm_addr;
-#endif /* TKT_SHMEM */
-
- if (wflag) {
- fd = open(tf_name, O_RDWR, 0600);
- if (fd < 0) {
- return TKT_FIL_ACC;
- }
- if (flock(fd, LOCK_EX | LOCK_NB) < 0) {
- sleep(TF_LCK_RETRY);
- if (flock(fd, LOCK_EX | LOCK_NB) < 0) {
- (void) close(fd);
- fd = -1;
- return TKT_FIL_LCK;
- }
- }
- return KSUCCESS;
+ close (fd);
+ fd = -1;
+ return TKT_FIL_LCK;
+ }
+ /*
+ * Otherwise "wflag" is not set and the ticket file should be opened
+ * for read-only operations and locked for shared access.
+ */
+
+ fd = open(tf_name, O_RDONLY | O_BINARY, 0600);
+ if (fd < 0) {
+ return TKT_FIL_ACC;
+ }
+
+ for (i_retry = 0; i_retry < TF_LCK_RETRY_COUNT; i_retry++) {
+ if (k_flock(fd, K_LOCK_SH | K_LOCK_NB) < 0) {
+ if (krb_debug)
+ krb_warning("tf_init: retry %d of read lock of `%s'.\n",
+ i_retry, tf_name);
+ sleep (TF_LCK_RETRY);
+ } else {
+ return KSUCCESS; /* all done */
}
- /*
- * Otherwise "wflag" is not set and the ticket file should be opened
- * for read-only operations and locked for shared access.
- */
+ }
+ /* failure */
+ close(fd);
+ fd = -1;
+ return TKT_FIL_LCK;
+}
- fd = open(tf_name, O_RDONLY, 0600);
- if (fd < 0) {
- return TKT_FIL_ACC;
+/*
+ * tf_create() should be called when creating a new ticket file.
+ * The only argument is the name of the ticket file.
+ * After calling this, it should be possible to use other tf_* functions.
+ *
+ * New algoritm for creating ticket file:
+ * 1. try to erase contents of existing file.
+ * 2. try to remove old file.
+ * 3. try to open with O_CREAT and O_EXCL
+ * 4. if this fails, someone has created a file in between 1 and 2 and
+ * we should fail. Otherwise, all is wonderful.
+ */
+
+int
+tf_create(char *tf_name)
+{
+ struct stat statbuf;
+ char garbage[BUFSIZ];
+
+ fd = open(tf_name, O_RDWR | O_BINARY, 0);
+ if (fd >= 0) {
+ if (fstat (fd, &statbuf) == 0) {
+ int i;
+
+ for (i = 0; i < statbuf.st_size; i += sizeof(garbage))
+ write (fd, garbage, sizeof(garbage));
}
- if (flock(fd, LOCK_SH | LOCK_NB) < 0) {
- sleep(TF_LCK_RETRY);
- if (flock(fd, LOCK_SH | LOCK_NB) < 0) {
- (void) close(fd);
- fd = -1;
- return TKT_FIL_LCK;
- }
+ close (fd);
+ }
+
+ if (unlink (tf_name) && errno != ENOENT)
+ return TKT_FIL_ACC;
+
+ fd = open(tf_name, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600);
+ if (fd < 0)
+ return TKT_FIL_ACC;
+ if (k_flock(fd, K_LOCK_EX | K_LOCK_NB) < 0) {
+ sleep(TF_LCK_RETRY);
+ if (k_flock(fd, K_LOCK_EX | K_LOCK_NB) < 0) {
+ close(fd);
+ fd = -1;
+ return TKT_FIL_LCK;
}
- return KSUCCESS;
+ }
+ return KSUCCESS;
}
/*
@@ -272,17 +275,41 @@ tf_init(tf_name, rw)
*/
int
-tf_get_pname(p)
- char *p;
+tf_get_pname(char *p)
{
- if (fd < 0) {
- if (krb_debug)
- fprintf(stderr, "tf_get_pname called before tf_init.\n");
- return TKT_FIL_INI;
+ if (fd < 0) {
+ if (krb_debug)
+ krb_warning("tf_get_pname called before tf_init.\n");
+ return TKT_FIL_INI;
+ }
+ if (tf_gets(p, ANAME_SZ) < 2) /* can't be just a null */
+ {
+ if (krb_debug)
+ krb_warning ("tf_get_pname: pname < 2.\n");
+ return TKT_FIL_FMT;
}
- if (tf_gets(p, ANAME_SZ) < 2) /* can't be just a null */
- return TKT_FIL_FMT;
- return KSUCCESS;
+ return KSUCCESS;
+}
+
+/*
+ * tf_put_pname() sets the principal's name in the ticket file. Call
+ * after tf_create().
+ */
+
+int
+tf_put_pname(char *p)
+{
+ unsigned count;
+
+ if (fd < 0) {
+ if (krb_debug)
+ krb_warning("tf_put_pname called before tf_create.\n");
+ return TKT_FIL_INI;
+ }
+ count = strlen(p)+1;
+ if (write(fd,p,count) != count)
+ return(KFAILURE);
+ return KSUCCESS;
}
/*
@@ -296,17 +323,41 @@ tf_get_pname(p)
*/
int
-tf_get_pinst(inst)
- char *inst;
+tf_get_pinst(char *inst)
{
- if (fd < 0) {
- if (krb_debug)
- fprintf(stderr, "tf_get_pinst called before tf_init.\n");
- return TKT_FIL_INI;
+ if (fd < 0) {
+ if (krb_debug)
+ krb_warning("tf_get_pinst called before tf_init.\n");
+ return TKT_FIL_INI;
+ }
+ if (tf_gets(inst, INST_SZ) < 1)
+ {
+ if (krb_debug)
+ krb_warning("tf_get_pinst: inst_sz < 1.\n");
+ return TKT_FIL_FMT;
}
- if (tf_gets(inst, INST_SZ) < 1)
- return TKT_FIL_FMT;
- return KSUCCESS;
+ return KSUCCESS;
+}
+
+/*
+ * tf_put_pinst writes the principal's instance to the ticket file.
+ * Call after tf_create.
+ */
+
+int
+tf_put_pinst(char *inst)
+{
+ unsigned count;
+
+ if (fd < 0) {
+ if (krb_debug)
+ krb_warning("tf_put_pinst called before tf_create.\n");
+ return TKT_FIL_INI;
+ }
+ count = strlen(inst)+1;
+ if (write(fd,inst,count) != count)
+ return(KFAILURE);
+ return KSUCCESS;
}
/*
@@ -321,61 +372,68 @@ tf_get_pinst(inst)
*/
int
-tf_get_cred(c)
- CREDENTIALS *c;
+tf_get_cred(CREDENTIALS *c)
{
- KTEXT ticket = &c->ticket_st; /* pointer to ticket */
- int k_errno;
-
- if (fd < 0) {
- if (krb_debug)
- fprintf(stderr, "tf_get_cred called before tf_init.\n");
- return TKT_FIL_INI;
+ KTEXT ticket = &c->ticket_st; /* pointer to ticket */
+ int k_errno;
+
+ if (fd < 0) {
+ if (krb_debug)
+ krb_warning ("tf_get_cred called before tf_init.\n");
+ return TKT_FIL_INI;
+ }
+ if ((k_errno = tf_gets(c->service, SNAME_SZ)) < 2)
+ switch (k_errno) {
+ case TOO_BIG:
+ if (krb_debug)
+ krb_warning("tf_get_cred: too big service cred.\n");
+ case 1: /* can't be just a null */
+ tf_close();
+ if (krb_debug)
+ krb_warning("tf_get_cred: null service cred.\n");
+ return TKT_FIL_FMT;
+ case 0:
+ return EOF;
}
- if ((k_errno = tf_gets(c->service, SNAME_SZ)) < 2)
- switch (k_errno) {
- case TOO_BIG:
- case 1: /* can't be just a null */
- tf_close();
- return TKT_FIL_FMT;
- case 0:
- return EOF;
- }
- if ((k_errno = tf_gets(c->instance, INST_SZ)) < 1)
- switch (k_errno) {
- case TOO_BIG:
- return TKT_FIL_FMT;
- case 0:
- return EOF;
- }
- if ((k_errno = tf_gets(c->realm, REALM_SZ)) < 2)
- switch (k_errno) {
- case TOO_BIG:
- case 1: /* can't be just a null */
- tf_close();
- return TKT_FIL_FMT;
- case 0:
- return EOF;
- }
- if (
- tf_read((char *) (c->session), DES_KEY_SZ) < 1 ||
- tf_read((char *) &(c->lifetime), sizeof(c->lifetime)) < 1 ||
- tf_read((char *) &(c->kvno), sizeof(c->kvno)) < 1 ||
- tf_read((char *) &(ticket->length), sizeof(ticket->length))
- < 1 ||
- /* don't try to read a silly amount into ticket->dat */
- ticket->length > MAX_KTXT_LEN ||
- tf_read((char *) (ticket->dat), ticket->length) < 1 ||
- tf_read((char *) &(c->issue_date), sizeof(c->issue_date)) < 1
- ) {
- tf_close();
- return TKT_FIL_FMT;
+ if ((k_errno = tf_gets(c->instance, INST_SZ)) < 1)
+ switch (k_errno) {
+ case TOO_BIG:
+ if (krb_debug)
+ krb_warning ("tf_get_cred: too big instance cred.\n");
+ return TKT_FIL_FMT;
+ case 0:
+ return EOF;
}
-#ifdef TKT_SHMEM
- bcopy(tmp_shm_addr,c->session,KEY_SZ);
- tmp_shm_addr += KEY_SZ;
-#endif /* TKT_SHMEM */
- return KSUCCESS;
+ if ((k_errno = tf_gets(c->realm, REALM_SZ)) < 2)
+ switch (k_errno) {
+ case TOO_BIG:
+ if (krb_debug)
+ krb_warning ("tf_get_cred: too big realm cred.\n");
+ case 1: /* can't be just a null */
+ tf_close();
+ if (krb_debug)
+ krb_warning ("tf_get_cred: null realm cred.\n");
+ return TKT_FIL_FMT;
+ case 0:
+ return EOF;
+ }
+ if (
+ tf_read((c->session), DES_KEY_SZ) < 1 ||
+ tf_read(&(c->lifetime), sizeof(c->lifetime)) < 1 ||
+ tf_read(&(c->kvno), sizeof(c->kvno)) < 1 ||
+ tf_read(&(ticket->length), sizeof(ticket->length))
+ < 1 ||
+ /* don't try to read a silly amount into ticket->dat */
+ ticket->length > MAX_KTXT_LEN ||
+ tf_read((ticket->dat), ticket->length) < 1 ||
+ tf_read(&(c->issue_date), sizeof(c->issue_date)) < 1
+ ) {
+ tf_close();
+ if (krb_debug)
+ krb_warning ("tf_get_cred: failed tf_read.\n");
+ return TKT_FIL_FMT;
+ }
+ return KSUCCESS;
}
/*
@@ -387,23 +445,14 @@ tf_get_cred(c)
*/
void
-tf_close()
+tf_close(void)
{
- if (!(fd < 0)) {
-#ifdef TKT_SHMEM
- if (shmdt(krb_shm_addr)) {
- /* what kind of error? */
- if (krb_debug)
- fprintf(stderr, "shmdt 0x%x: errno %d",krb_shm_addr, errno);
- } else {
- krb_shm_addr = 0;
- }
-#endif /* TKT_SHMEM */
- (void) flock(fd, LOCK_UN);
- (void) close(fd);
- fd = -1; /* see declaration of fd above */
- }
- bzero(tfbfr, sizeof(tfbfr));
+ if (!(fd < 0)) {
+ k_flock(fd, K_LOCK_UN);
+ close(fd);
+ fd = -1; /* see declaration of fd above */
+ }
+ memset(tfbfr, 0, sizeof(tfbfr));
}
/*
@@ -425,32 +474,30 @@ tf_close()
*/
static int
-tf_gets(s, n)
- register char *s;
- int n;
+tf_gets(char *s, int n)
{
- register count;
-
- if (fd < 0) {
- if (krb_debug)
- fprintf(stderr, "tf_gets called before tf_init.\n");
- return TKT_FIL_INI;
+ int count;
+
+ if (fd < 0) {
+ if (krb_debug)
+ krb_warning ("tf_gets called before tf_init.\n");
+ return TKT_FIL_INI;
+ }
+ for (count = n - 1; count > 0; --count) {
+ if (curpos >= sizeof(tfbfr)) {
+ lastpos = read(fd, tfbfr, sizeof(tfbfr));
+ curpos = 0;
}
- for (count = n - 1; count > 0; --count) {
- if (curpos >= sizeof(tfbfr)) {
- lastpos = read(fd, tfbfr, sizeof(tfbfr));
- curpos = 0;
- }
- if (curpos == lastpos) {
- tf_close();
- return 0;
- }
- *s = tfbfr[curpos++];
- if (*s++ == '\0')
- return (n - count);
+ if (curpos == lastpos) {
+ tf_close();
+ return 0;
}
- tf_close();
- return TOO_BIG;
+ *s = tfbfr[curpos++];
+ if (*s++ == '\0')
+ return (n - count);
+ }
+ tf_close();
+ return TOO_BIG;
}
/*
@@ -467,28 +514,25 @@ tf_gets(s, n)
*/
static int
-tf_read(s, n)
- register char *s;
- register int n;
+tf_read(void *v, int n)
{
- register count;
+ char *s = (char *)v;
+ int count;
- for (count = n; count > 0; --count) {
- if (curpos >= sizeof(tfbfr)) {
- lastpos = read(fd, tfbfr, sizeof(tfbfr));
- curpos = 0;
- }
- if (curpos == lastpos) {
- tf_close();
- return 0;
- }
- *s++ = tfbfr[curpos++];
+ for (count = n; count > 0; --count) {
+ if (curpos >= sizeof(tfbfr)) {
+ lastpos = read(fd, tfbfr, sizeof(tfbfr));
+ curpos = 0;
+ }
+ if (curpos == lastpos) {
+ tf_close();
+ return 0;
}
- return n;
+ *s++ = tfbfr[curpos++];
+ }
+ return n;
}
-char *tkt_string(void);
-
/*
* tf_save_cred() appends an incoming ticket to the end of the ticket
* file. You must call tf_init() before calling tf_save_cred().
@@ -502,89 +546,102 @@ char *tkt_string(void);
* Returns KSUCCESS if all goes well, TKT_FIL_INI if tf_init() wasn't
* called previously, and KFAILURE for anything else that went wrong.
*/
-
+
+int
+tf_save_cred(char *service, /* Service name */
+ char *instance, /* Instance */
+ char *realm, /* Auth domain */
+ unsigned char *session, /* Session key */
+ int lifetime, /* Lifetime */
+ int kvno, /* Key version number */
+ KTEXT ticket, /* The ticket itself */
+ u_int32_t issue_date) /* The issue time */
+{
+ int count; /* count for write */
+
+ if (fd < 0) { /* fd is ticket file as set by tf_init */
+ if (krb_debug)
+ krb_warning ("tf_save_cred called before tf_init.\n");
+ return TKT_FIL_INI;
+ }
+ /* Find the end of the ticket file */
+ lseek(fd, 0L, SEEK_END);
+
+ /* Write the ticket and associated data */
+ /* Service */
+ count = strlen(service) + 1;
+ if (write(fd, service, count) != count)
+ goto bad;
+ /* Instance */
+ count = strlen(instance) + 1;
+ if (write(fd, instance, count) != count)
+ goto bad;
+ /* Realm */
+ count = strlen(realm) + 1;
+ if (write(fd, realm, count) != count)
+ goto bad;
+ /* Session key */
+ if (write(fd, session, 8) != 8)
+ goto bad;
+ /* Lifetime */
+ if (write(fd, &lifetime, sizeof(int)) != sizeof(int))
+ goto bad;
+ /* Key vno */
+ if (write(fd, &kvno, sizeof(int)) != sizeof(int))
+ goto bad;
+ /* Tkt length */
+ if (write(fd, &(ticket->length), sizeof(int)) !=
+ sizeof(int))
+ goto bad;
+ /* Ticket */
+ count = ticket->length;
+ if (write(fd, ticket->dat, count) != count)
+ goto bad;
+ /* Issue date */
+ if (write(fd, &issue_date, sizeof(issue_date)) != sizeof(issue_date))
+ goto bad;
+
+ return (KSUCCESS);
+bad:
+ return (KFAILURE);
+}
+
int
-tf_save_cred(service, instance, realm, session,
- lifetime, kvno, ticket, issue_date)
- char *service; /* Service name */
- char *instance; /* Instance */
- char *realm; /* Auth domain */
- unsigned char *session; /* Session key */
- int lifetime; /* Lifetime */
- int kvno; /* Key version number */
- KTEXT ticket; /* The ticket itself */
- u_int32_t issue_date; /* The issue time */
+tf_setup(CREDENTIALS *cred, char *pname, char *pinst)
{
+ int ret;
+ ret = tf_create(tkt_string());
+ if (ret != KSUCCESS)
+ return ret;
+
+ if (tf_put_pname(pname) != KSUCCESS ||
+ tf_put_pinst(pinst) != KSUCCESS) {
+ tf_close();
+ return INTK_ERR;
+ }
- off_t lseek(int, off_t, int);
- int count; /* count for write */
-#ifdef TKT_SHMEM
- int *skey_check;
-#endif /* TKT_SHMEM */
+ ret = tf_save_cred(cred->service, cred->instance, cred->realm,
+ cred->session, cred->lifetime, cred->kvno,
+ &cred->ticket_st, cred->issue_date);
+ tf_close();
+ return ret;
+}
- if (fd < 0) { /* fd is ticket file as set by tf_init */
- if (krb_debug)
- fprintf(stderr, "tf_save_cred called before tf_init.\n");
- return TKT_FIL_INI;
+int
+in_tkt(char *pname, char *pinst)
+{
+ int ret;
+
+ ret = tf_create (tkt_string());
+ if (ret != KSUCCESS)
+ return ret;
+
+ if (tf_put_pname(pname) != KSUCCESS ||
+ tf_put_pinst(pinst) != KSUCCESS) {
+ tf_close();
+ return INTK_ERR;
}
- /* Find the end of the ticket file */
- (void) lseek(fd, 0L, 2);
-#ifdef TKT_SHMEM
- /* scan to end of existing keys: pick first 'empty' slot.
- we assume that no real keys will be completely zero (it's a weak
- key under DES) */
-
- skey_check = (int *) krb_shm_addr;
-
- while (*skey_check && *(skey_check+1))
- skey_check += 2;
- tmp_shm_addr = (char *)skey_check;
-#endif /* TKT_SHMEM */
-
- /* Write the ticket and associated data */
- /* Service */
- count = strlen(service) + 1;
- if (write(fd, service, count) != count)
- goto bad;
- /* Instance */
- count = strlen(instance) + 1;
- if (write(fd, instance, count) != count)
- goto bad;
- /* Realm */
- count = strlen(realm) + 1;
- if (write(fd, realm, count) != count)
- goto bad;
- /* Session key */
-#ifdef TKT_SHMEM
- bcopy(session,tmp_shm_addr,8);
- tmp_shm_addr+=8;
- if (write(fd,krb_dummy_skey,8) != 8)
- goto bad;
-#else /* ! TKT_SHMEM */
- if (write(fd, (char *) session, 8) != 8)
- goto bad;
-#endif /* TKT_SHMEM */
- /* Lifetime */
- if (write(fd, (char *) &lifetime, sizeof(int)) != sizeof(int))
- goto bad;
- /* Key vno */
- if (write(fd, (char *) &kvno, sizeof(int)) != sizeof(int))
- goto bad;
- /* Tkt length */
- if (write(fd, (char *) &(ticket->length), sizeof(int)) !=
- sizeof(int))
- goto bad;
- /* Ticket */
- count = ticket->length;
- if (write(fd, (char *) (ticket->dat), count) != count)
- goto bad;
- /* Issue date */
- if (write(fd, (char *) &issue_date, sizeof(issue_date))
- != sizeof(issue_date))
- goto bad;
-
- /* Actually, we should check each write for success */
- return (KSUCCESS);
-bad:
- return (KFAILURE);
+
+ tf_close();
+ return KSUCCESS;
}
diff --git a/kerberosIV/krb/tkt_string.c b/kerberosIV/krb/tkt_string.c
index 1c63f0346e8..5bc67e2562c 100644
--- a/kerberosIV/krb/tkt_string.c
+++ b/kerberosIV/krb/tkt_string.c
@@ -1,10 +1,4 @@
-/*
- * This software may now be redistributed outside the US.
- *
- * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/tkt_string.c,v $
- *
- * $Locker: $
- */
+/* $KTH: tkt_string.c,v 1.11 1997/10/24 10:18:07 assar Exp $ */
/*
Copyright (C) 1989 by the Massachusetts Institute of Technology
@@ -29,9 +23,6 @@ or implied warranty.
#include "krb_locl.h"
-#include <sys/param.h>
-#include <sys/types.h>
-
/*
* This routine is used to generate the name of the file that holds
* the user's cache of server tickets and associated session keys.
@@ -49,21 +40,18 @@ or implied warranty.
static char krb_ticket_string[MAXPATHLEN] = "";
char *
-tkt_string()
+tkt_string(void)
{
char *env;
- uid_t getuid(void);
if (!*krb_ticket_string) {
if ((env = getenv("KRBTKFILE"))) {
- (void) strncpy(krb_ticket_string, env,
+ strncpy(krb_ticket_string, env,
sizeof(krb_ticket_string)-1);
krb_ticket_string[sizeof(krb_ticket_string)-1] = '\0';
} else {
- /* 32 bits of signed integer will always fit in 11 characters
- (including the sign), so no need to worry about overflow */
- (void) snprintf(krb_ticket_string, sizeof(krb_ticket_string),
- "%s%u", TKT_ROOT, getuid());
+ snprintf(krb_ticket_string, sizeof(krb_ticket_string),
+ "%s%u",TKT_ROOT,(unsigned)getuid());
}
}
return krb_ticket_string;
@@ -81,11 +69,10 @@ tkt_string()
*/
void
-krb_set_tkt_string(val)
- char *val;
+krb_set_tkt_string(const char *val)
{
- (void) strncpy(krb_ticket_string, val, sizeof(krb_ticket_string)-1);
+ strncpy(krb_ticket_string, val, sizeof(krb_ticket_string)-1);
krb_ticket_string[sizeof(krb_ticket_string)-1] = '\0';
return;
diff --git a/kerberosIV/krb/unparse_name.c b/kerberosIV/krb/unparse_name.c
new file mode 100644
index 00000000000..e7cde58fda7
--- /dev/null
+++ b/kerberosIV/krb/unparse_name.c
@@ -0,0 +1,105 @@
+/* $KTH: unparse_name.c,v 1.7 1997/04/01 08:18:46 joda Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+static void
+quote_string(char *quote, char *from, char *to)
+{
+ while(*from){
+ if(strchr(quote, *from))
+ *to++ = '\\';
+ *to++ = *from++;
+ }
+ *to = 0;
+}
+
+/* To be compatible with old functions, we quote differently in each
+ part of the principal*/
+
+char *
+krb_unparse_name_r(krb_principal *pr, char *fullname)
+{
+ quote_string("'@\\", pr->name, fullname);
+ if(pr->instance[0]){
+ strcat(fullname, ".");
+ quote_string("@\\", pr->instance, fullname + strlen(fullname));
+ }
+ if(pr->realm[0]){
+ strcat(fullname, "@");
+ quote_string("\\", pr->realm, fullname + strlen(fullname));
+ }
+ return fullname;
+}
+
+char *
+krb_unparse_name_long_r(char *name, char *instance, char *realm,
+ char *fullname)
+{
+ krb_principal pr;
+ memset(&pr, 0, sizeof(pr));
+ strcpy(pr.name, name);
+ if(instance)
+ strcpy(pr.instance, instance);
+ if(realm)
+ strcpy(pr.realm, realm);
+ return krb_unparse_name_r(&pr, fullname);
+}
+
+char *
+krb_unparse_name(krb_principal *pr)
+{
+ static char principal[MAX_K_NAME_SZ];
+ krb_unparse_name_r(pr, principal);
+ return principal;
+}
+
+char *
+krb_unparse_name_long(char *name, char *instance, char *realm)
+{
+ krb_principal pr;
+ memset(&pr, 0, sizeof(pr));
+ strcpy(pr.name, name);
+ if(instance)
+ strcpy(pr.instance, instance);
+ if(realm)
+ strcpy(pr.realm, realm);
+ return krb_unparse_name(&pr);
+}
diff --git a/kerberosIV/krb/util.c b/kerberosIV/krb/util.c
new file mode 100644
index 00000000000..b187276ffd7
--- /dev/null
+++ b/kerberosIV/krb/util.c
@@ -0,0 +1,76 @@
+/* $KTH: util.c,v 1.6 1996/10/05 00:18:34 joda Exp $ */
+
+/*
+ Copyright 1988 by the Massachusetts Institute of Technology.
+
+ Export of this software from the United States of America is assumed
+ to require a specific license from the United States Government.
+ It is the responsibility of any person or organization contemplating
+ export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ Miscellaneous debug printing utilities
+ */
+
+#include "krb_locl.h"
+
+/*
+ * Print some of the contents of the given authenticator structure
+ * (AUTH_DAT defined in "krb.h"). Fields printed are:
+ *
+ * pname, pinst, prealm, netaddr, flags, cksum, timestamp, session
+ */
+
+void
+ad_print(AUTH_DAT *x)
+{
+ /*
+ * Print the contents of an auth_dat struct.
+ */
+ struct in_addr address;
+ address.s_addr = x->address;
+ printf("\n%s %s %s %s flags %u cksum 0x%X\n\ttkt_tm 0x%X sess_key",
+ x->pname, x->pinst, x->prealm,
+ inet_ntoa(address), x->k_flags,
+ x->checksum, x->time_sec);
+ printf("[8] =");
+#ifdef NOENCRYPTION
+ placebo_cblock_print(x->session);
+#else
+ des_cblock_print_file(&x->session,stdout);
+#endif
+ /* skip reply for now */
+}
+
+/*
+ * Print in hex the 8 bytes of the given session key.
+ *
+ * Printed format is: " 0x { x, x, x, x, x, x, x, x }"
+ */
+
+#ifdef NOENCRYPTION
+placebo_cblock_print(x)
+ des_cblock x;
+{
+ unsigned char *y = (unsigned char *) x;
+ int i = 0;
+
+ printf(" 0x { ");
+
+ while (i++ <8) {
+ printf("%x",*y++);
+ if (i<8) printf(", ");
+ }
+ printf(" }");
+}
+#endif
diff --git a/kerberosIV/krb/verify_user.c b/kerberosIV/krb/verify_user.c
new file mode 100644
index 00000000000..0058a00a64f
--- /dev/null
+++ b/kerberosIV/krb/verify_user.c
@@ -0,0 +1,111 @@
+/* $KTH: verify_user.c,v 1.8 1997/04/01 08:18:46 joda Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+/* Verify user with password. If secure, also verify against local
+ * service key, this can (usually) only be done by root.
+ *
+ * As a side effect, fresh tickets are obtained.
+ *
+ * Returns zero if ok, a positive kerberos error or -1 for system
+ * errors.
+ */
+
+int
+krb_verify_user(char *name, char *instance, char *realm, char *password,
+ int secure, char *linstance)
+{
+ int ret;
+ ret = krb_get_pw_in_tkt(name, instance, realm,
+ KRB_TICKET_GRANTING_TICKET,
+ realm,
+ DEFAULT_TKT_LIFE, password);
+ if(ret != KSUCCESS)
+ return ret;
+
+ if(secure){
+ struct hostent *hp;
+ int32_t addr;
+
+ KTEXT_ST ticket;
+ AUTH_DAT auth;
+
+ char lrealm[REALM_SZ];
+ char hostname[MAXHOSTNAMELEN];
+ char *phost;
+
+ if (k_gethostname(hostname, sizeof(hostname)) == -1) {
+ dest_tkt();
+ return -1;
+ }
+
+ hp = gethostbyname(hostname);
+ if(hp == NULL){
+ dest_tkt();
+ return -1;
+ }
+ memcpy(&addr, hp->h_addr, sizeof(addr));
+
+ ret = krb_get_lrealm(lrealm, 1);
+ if(ret != KSUCCESS){
+ dest_tkt();
+ return ret;
+ }
+ phost = krb_get_phost(hostname);
+
+ if (linstance == NULL)
+ linstance = "rcmd";
+
+ ret = krb_mk_req(&ticket, linstance, phost, lrealm, 33);
+ if(ret != KSUCCESS){
+ dest_tkt();
+ return ret;
+ }
+
+ ret = krb_rd_req(&ticket, linstance, phost, addr, &auth, "");
+ if(ret != KSUCCESS){
+ dest_tkt();
+ return ret;
+ }
+ }
+ return 0;
+}
+