diff options
| author | Tom Yu <tlyu@mit.edu> | 2002-11-27 03:09:35 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2002-11-27 03:09:35 +0000 |
| commit | a6949b28c7db5fa6cf7e6d0e455e83d92627196e (patch) | |
| tree | 99dc6626e0ed3f693aeeffb884cf86d607f2bead /src/lib/krb4 | |
| parent | 3469b3937fde8a5b4b3484c4b4324f06c2bd52dd (diff) | |
| download | krb5-a6949b28c7db5fa6cf7e6d0e455e83d92627196e.tar.gz krb5-a6949b28c7db5fa6cf7e6d0e455e83d92627196e.tar.xz krb5-a6949b28c7db5fa6cf7e6d0e455e83d92627196e.zip | |
Merge more KfM krb4 things
Implement *_in_tkt_creds, mk_req_creds, and rd_req_int functions.
Implement KfM krb4 kadm password changing, mostly by pulling in the
client side of the kadm library into the krb4 library.
Do some more header file cleanup of des.h and krb.h.
Remove some ancient krb4 dead weight.
Some Mac-specific functionality still needs to be merged.
ticket: 1189
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15014 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb4')
| -rw-r--r-- | src/lib/krb4/ChangeLog | 58 | ||||
| -rw-r--r-- | src/lib/krb4/Makefile.in | 333 | ||||
| -rw-r--r-- | src/lib/krb4/change_password.c | 138 | ||||
| -rw-r--r-- | src/lib/krb4/configure.in | 28 | ||||
| -rw-r--r-- | src/lib/krb4/g_in_tkt.c | 146 | ||||
| -rw-r--r-- | src/lib/krb4/g_pw_in_tkt.c | 12 | ||||
| -rw-r--r-- | src/lib/krb4/kadm_err.et | 58 | ||||
| -rw-r--r-- | src/lib/krb4/kadm_net.c | 383 | ||||
| -rw-r--r-- | src/lib/krb4/kadm_stream.c | 319 | ||||
| -rw-r--r-- | src/lib/krb4/mk_req.c | 137 | ||||
| -rw-r--r-- | src/lib/krb4/one.c | 15 | ||||
| -rw-r--r-- | src/lib/krb4/password_to_key.c | 146 | ||||
| -rw-r--r-- | src/lib/krb4/prot_client.c | 4 | ||||
| -rw-r--r-- | src/lib/krb4/prot_kdc.c | 6 | ||||
| -rw-r--r-- | src/lib/krb4/rd_req.c | 162 | ||||
| -rw-r--r-- | src/lib/krb4/tf_util.c | 2 | ||||
| -rw-r--r-- | src/lib/krb4/tkt_string.c | 27 |
17 files changed, 1658 insertions, 316 deletions
diff --git a/src/lib/krb4/ChangeLog b/src/lib/krb4/ChangeLog index ecaba3b349..2287b6d9a2 100644 --- a/src/lib/krb4/ChangeLog +++ b/src/lib/krb4/ChangeLog @@ -1,3 +1,61 @@ +2002-11-26 Tom Yu <tlyu@mit.edu> + + * Makefile.in (OBJS, SRCS): Add change_password.c, kadm_err.c, + kadm_net.c, kadm_stream.c. Remove one.c. + Also, add com_err support for kadm_err.et. Update dependencies. + + * change_password.c: New file. + + * configure.in: Remove checks for BITS16, BITS32, MSBFIRST, and + LSBFIRST. + + * g_in_tkt.c (krb_mk_in_tkt_preauth): Update to optionally return + local address -- not yet fully implemented. + (krb_parse_in_tkt_creds): Renamed from krb_parse_in_tkt(). Now + fills in a CREDENTIALS instead of storing into a ticket file. + (krb_get_in_tkt_preauth_creds): Renamed from + krb_get_in_tkt_preauth(). Now fills in a CREDENTIALS instead of + storing into a ticket file. + (krb_get_in_tkt_creds): Port from KfM. + (krb_get_in_tkt_preauth): Reimplement in terms of + krb_get_in_tkt_creds_preauth(). + + * g_pw_in_tkt.c (krb_get_pw_in_tkt_creds): Port from KfM. + + * kadm_err.et: + * kadm_net.c: + * kadm_stream.c: New files to implement password changing, ported + from KfM. + + * mk_req.c (krb_mk_req_creds_prealm): New internal function -- + similar to krb_mk_req_creds() but takes the client's realm, since + it's needed for forming a correct request but is not present in a + CREDENTIALS. + (krb_mk_req): Reimplement in terms of krb_mk_req_creds_prealm(). + Move the logic for acquiring credentials and determining client's + realm here. + (krb_mk_req_creds): Port from KfM. + (krb_set_lifetime): Make KRB5_CALLCONV now. + + * one.c: Remove. + + * password_to_key.c: New file, ported from KfM. Will eventually + implement some string-to-key stuff. + + * prot_client.c: Eliminate references to {LSB,MSB}_FIRST. + + * prot_kdc.c: Eliminate references to {LSB,MSB}_FIRST. + + * rd_req.c (krb_rd_req_with_key): New internal function -- can + take a key schedule or a krb5_keyblock and use one of those to + decrypt the ticket. + (krb_rd_req_int): Ported from KfM. Calls into + krb_rd_req_with_key(). + (krb_rd_req): Reimplement in terms of krb_rd_req_with_key(). Copy + some of the realm and kvno reading logic here. + + * tkt_string.c: Returns pointer to const now. + 2002-08-29 Ken Raeburn <raeburn@mit.edu> * Makefile.in: Revert $(S)=>/ change, for Windows support. diff --git a/src/lib/krb4/Makefile.in b/src/lib/krb4/Makefile.in index 98da61abbe..26870a9faf 100644 --- a/src/lib/krb4/Makefile.in +++ b/src/lib/krb4/Makefile.in @@ -30,6 +30,7 @@ SHLIB_RDIRS=$(KRB5_LIBDIR) EHDRDIR=$(BUILDTOP)$(S)include$(S)kerberosIV OBJS = \ + $(OUTPRE)change_password.$(OBJEXT) \ $(OUTPRE)cr_auth_repl.$(OBJEXT) \ $(OUTPRE)cr_ciph.$(OBJEXT) \ $(OUTPRE)cr_tkt.$(OBJEXT) \ @@ -44,6 +45,9 @@ OBJS = \ $(OUTPRE)g_tkt_svc.$(OBJEXT) \ $(OUTPRE)gethostname.$(OBJEXT) \ $(OUTPRE)getst.$(OBJEXT) \ + $(OUTPRE)kadm_err.$(OBJEXT) \ + $(OUTPRE)kadm_net.$(OBJEXT) \ + $(OUTPRE)kadm_stream.$(OBJEXT) \ $(OUTPRE)kname_parse.$(OBJEXT) \ $(OUTPRE)lifetime.$(OBJEXT) \ $(OUTPRE)mk_auth.$(OBJEXT) \ @@ -52,7 +56,6 @@ OBJS = \ $(OUTPRE)mk_req.$(OBJEXT) \ $(OUTPRE)mk_safe.$(OBJEXT) \ $(OUTPRE)month_sname.$(OBJEXT) \ - $(OUTPRE)one.$(OBJEXT) \ $(OUTPRE)prot_client.$(OBJEXT) \ $(OUTPRE)prot_common.$(OBJEXT) \ $(OUTPRE)prot_kdc.$(OBJEXT) \ @@ -70,6 +73,7 @@ OBJS = \ $(LIB_KRB_HOSTOBJS) $(SERVER_KRB_OBJS) $(NETIO_OBJS) $(REALMDBOBJS) SRCS = \ + $(srcdir)/change_password.c \ $(srcdir)/cr_auth_repl.c \ $(srcdir)/cr_ciph.c \ $(srcdir)/cr_tkt.c \ @@ -82,6 +86,8 @@ SRCS = \ $(srcdir)/g_tkt_svc.c \ $(srcdir)/getst.c \ $(srcdir)/gethostname.c \ + $(srcdir)/kadm_net.c \ + $(srcdir)/kadm_stream.c \ $(srcdir)/kname_parse.c \ $(srcdir)/err_txt.c \ $(srcdir)/lifetime.c \ @@ -92,7 +98,6 @@ SRCS = \ $(srcdir)/mk_req.c \ $(srcdir)/mk_safe.c \ $(srcdir)/month_sname.c \ - $(srcdir)/one.c \ $(srcdir)/pkt_cipher.c \ $(srcdir)/pkt_clen.c \ $(srcdir)/prot_client.c \ @@ -190,7 +195,7 @@ CODE=$(SRCS) Makefile.in krb_err.et # We want *library* compiler options... DBG=$(DBG_LIB) -all-unix:: krb_err.h includes all-liblinks +all-unix:: krb_err.h kadm_err.h includes all-liblinks ##DOS##LIBOBJS = $(OBJS) @@ -198,7 +203,10 @@ all-unix:: krb_err.h includes all-liblinks krb_err.h:: krb_err.et krb_err.c: krb_err.et -depend:: krb_err.h +kadm_err.h: kadm_err.et +kadm_err.c: kadm_err.et + +depend:: krb_err.h kadm_err.h depend:: $(CODE) includes:: krb_err.h @@ -208,8 +216,16 @@ includes:: krb_err.h $(CP) krb_err.h $(EHDRDIR)/krb_err.h) ; \ fi +includes:: kadm_err.h + if cmp kadm_err.h $(EHDRDIR)/kadm_err.h >/dev/null 2>&1; then :; \ + else \ + (set -x; $(RM) $(EHDRDIR)/kadm_err.h; \ + $(CP) kadm_err.h $(EHDRDIR)/kadm_err.h) ; \ + fi + clean-unix:: $(RM) $(EHDRDIR)/krb_err.h + $(RM) $(EHDRDIR)/kadm_err.h @@ -227,7 +243,10 @@ clean-:: clean-unix clean-unix:: -$(RM) krb_err.c -$(RM) krb_err.h + -$(RM) kadm_err.c + -$(RM) kadm_err.h -$(RM) ../../include/kerberosIV/krb_err.h + -$(RM) ../../include/kerberosIV/kadm_err.h clean-unix:: clean-liblinks clean-libs clean-libobjs @@ -243,222 +262,294 @@ install-unix:: install-libs # Makefile dependencies follow. This must be the last section in # the Makefile.in file # +change_password.so change_password.po $(OUTPRE)change_password.$(OBJEXT): change_password.c \ + $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h krb4int.h $(SRCTOP)/include/kerberosIV/kadm.h \ + $(SRCTOP)/include/kerberosIV/prot.h cr_auth_repl.so cr_auth_repl.po $(OUTPRE)cr_auth_repl.$(OBJEXT): cr_auth_repl.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h cr_ciph.so cr_ciph.po $(OUTPRE)cr_ciph.$(OBJEXT): cr_ciph.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h cr_tkt.so cr_tkt.po $(OUTPRE)cr_tkt.$(OBJEXT): cr_tkt.c $(BUILDTOP)/include/krb5.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h $(SRCTOP)/include/port-sockets.h \ - $(BUILDTOP)/include/krb5/autoconf.h + $(SRCTOP)/include/kerberosIV/krb.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \ + $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h debug.so debug.po $(OUTPRE)debug.$(OBJEXT): debug.c $(SRCTOP)/include/kerberosIV/mit-copyright.h decomp_tkt.so decomp_tkt.po $(OUTPRE)decomp_tkt.$(OBJEXT): decomp_tkt.c $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h $(BUILDTOP)/include/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/krb54proto.h $(SRCTOP)/include/port-sockets.h \ - $(BUILDTOP)/include/krb5/autoconf.h + $(SRCTOP)/include/kerberosIV/krb.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \ + $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/krb54proto.h \ + $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h g_ad_tkt.so g_ad_tkt.po $(OUTPRE)g_ad_tkt.$(OBJEXT): g_ad_tkt.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h g_pw_in_tkt.so g_pw_in_tkt.po $(OUTPRE)g_pw_in_tkt.$(OBJEXT): g_pw_in_tkt.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/krb.h \ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/kerberosIV/krb_conf.h + $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h g_phost.so g_phost.po $(OUTPRE)g_phost.$(OBJEXT): g_phost.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ $(BUILDTOP)/include/krb5/autoconf.h g_pw_tkt.so g_pw_tkt.po $(OUTPRE)g_pw_tkt.$(OBJEXT): g_pw_tkt.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h + $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h g_tkt_svc.so g_tkt_svc.po $(OUTPRE)g_tkt_svc.$(OBJEXT): g_tkt_svc.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ $(BUILDTOP)/include/krb5/autoconf.h getst.so getst.po $(OUTPRE)getst.$(OBJEXT): getst.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - krb4int.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h krb4int.h gethostname.so gethostname.po $(OUTPRE)gethostname.$(OBJEXT): gethostname.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - krb4int.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h krb4int.h +kadm_net.so kadm_net.po $(OUTPRE)kadm_net.$(OBJEXT): kadm_net.c $(SRCTOP)/include/port-sockets.h \ + $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/kerberosIV/krb.h \ + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/krbports.h \ + $(SRCTOP)/include/kerberosIV/kadm.h $(BUILDTOP)/include/kerberosIV/kadm_err.h \ + $(SRCTOP)/include/kerberosIV/prot.h +kadm_stream.so kadm_stream.po $(OUTPRE)kadm_stream.$(OBJEXT): kadm_stream.c $(SRCTOP)/include/kerberosIV/kadm.h \ + $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h $(BUILDTOP)/include/kerberosIV/kadm_err.h \ + $(SRCTOP)/include/kerberosIV/prot.h kname_parse.so kname_parse.po $(OUTPRE)kname_parse.$(OBJEXT): kname_parse.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h err_txt.so err_txt.po $(OUTPRE)err_txt.$(OBJEXT): err_txt.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h + $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h lifetime.so lifetime.po $(OUTPRE)lifetime.$(OBJEXT): lifetime.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h g_in_tkt.so g_in_tkt.po $(OUTPRE)g_in_tkt.$(OBJEXT): g_in_tkt.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h mk_auth.so mk_auth.po $(OUTPRE)mk_auth.$(OBJEXT): mk_auth.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h mk_err.so mk_err.po $(OUTPRE)mk_err.$(OBJEXT): mk_err.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h mk_priv.so mk_priv.po $(OUTPRE)mk_priv.$(OBJEXT): mk_priv.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h \ - $(SRCTOP)/include/kerberosIV/mit-copyright.h $(SRCTOP)/include/port-sockets.h \ - $(BUILDTOP)/include/krb5/autoconf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \ + $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \ + $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h mk_req.so mk_req.po $(OUTPRE)mk_req.$(OBJEXT): mk_req.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h krb4int.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \ + krb4int.h mk_safe.so mk_safe.po $(OUTPRE)mk_safe.$(OBJEXT): mk_safe.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h \ - $(SRCTOP)/include/kerberosIV/mit-copyright.h $(SRCTOP)/include/port-sockets.h \ - $(BUILDTOP)/include/krb5/autoconf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \ + $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \ + $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h month_sname.so month_sname.po $(OUTPRE)month_sname.$(OBJEXT): month_sname.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h krb4int.h -one.so one.po $(OUTPRE)one.$(OBJEXT): one.c + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h krb4int.h pkt_cipher.so pkt_cipher.po $(OUTPRE)pkt_cipher.$(OBJEXT): pkt_cipher.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/kerberosIV/krb_conf.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h pkt_clen.so pkt_clen.po $(OUTPRE)pkt_clen.$(OBJEXT): pkt_clen.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/kerberosIV/krb_conf.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h prot_client.so prot_client.po $(OUTPRE)prot_client.$(OBJEXT): prot_client.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h prot_common.so prot_common.po $(OUTPRE)prot_common.$(OBJEXT): prot_common.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h prot_kdc.so prot_kdc.po $(OUTPRE)prot_kdc.$(OBJEXT): prot_kdc.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h $(SRCTOP)/include/port-sockets.h \ - $(BUILDTOP)/include/krb5/autoconf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \ + $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h rd_err.so rd_err.po $(OUTPRE)rd_err.$(OBJEXT): rd_err.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h rd_priv.so rd_priv.po $(OUTPRE)rd_priv.$(OBJEXT): rd_priv.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h \ - $(SRCTOP)/include/kerberosIV/mit-copyright.h $(SRCTOP)/include/port-sockets.h \ - $(BUILDTOP)/include/krb5/autoconf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \ + $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \ + $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h rd_safe.so rd_safe.po $(OUTPRE)rd_safe.$(OBJEXT): rd_safe.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h \ - $(SRCTOP)/include/kerberosIV/mit-copyright.h $(SRCTOP)/include/port-sockets.h \ - $(BUILDTOP)/include/krb5/autoconf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \ + $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \ + $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h send_to_kdc.so send_to_kdc.po $(OUTPRE)send_to_kdc.$(OBJEXT): send_to_kdc.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krbports.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h $(SRCTOP)/include/port-sockets.h \ + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/krbports.h \ + $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \ $(BUILDTOP)/include/krb5/autoconf.h stime.so stime.po $(OUTPRE)stime.$(OBJEXT): stime.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - krb4int.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h krb4int.h strnlen.so strnlen.po $(OUTPRE)strnlen.$(OBJEXT): strnlen.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h rd_preauth.so rd_preauth.po $(OUTPRE)rd_preauth.$(OBJEXT): rd_preauth.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb_db.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/kerberosIV/krb_conf.h \ - krb4int.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/krb_db.h \ + $(SRCTOP)/include/kerberosIV/prot.h krb4int.h mk_preauth.so mk_preauth.po $(OUTPRE)mk_preauth.$(OBJEXT): mk_preauth.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h unix_time.so unix_time.po $(OUTPRE)unix_time.$(OBJEXT): unix_time.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h unix_time.so unix_time.po $(OUTPRE)unix_time.$(OBJEXT): unix_time.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h tf_util.so tf_util.po $(OUTPRE)tf_util.$(OBJEXT): tf_util.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/k5-int.h \ $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \ - $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \ + $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ - $(BUILDTOP)/include/profile.h krb4int.h + krb4int.h dest_tkt.so dest_tkt.po $(OUTPRE)dest_tkt.$(OBJEXT): dest_tkt.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h in_tkt.so in_tkt.po $(OUTPRE)in_tkt.$(OBJEXT): in_tkt.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h -tkt_string.so tkt_string.po $(OUTPRE)tkt_string.$(OBJEXT): tkt_string.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h +tkt_string.so tkt_string.po $(OUTPRE)tkt_string.$(OBJEXT): tkt_string.c $(SRCTOP)/include/kerberosIV/krb.h \ + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ + $(BUILDTOP)/include/krb5/autoconf.h g_tf_fname.so g_tf_fname.po $(OUTPRE)g_tf_fname.$(OBJEXT): g_tf_fname.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h + $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h g_tf_realm.so g_tf_realm.po $(OUTPRE)g_tf_realm.$(OBJEXT): g_tf_realm.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h + $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h g_cred.so g_cred.po $(OUTPRE)g_cred.$(OBJEXT): g_cred.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h + $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h save_creds.so save_creds.po $(OUTPRE)save_creds.$(OBJEXT): save_creds.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - krb4int.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h krb4int.h unix_glue.so unix_glue.po $(OUTPRE)unix_glue.$(OBJEXT): unix_glue.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h krb4int.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h krb4int.h klog.so klog.po $(OUTPRE)klog.$(OBJEXT): klog.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - krb4int.h $(SRCTOP)/include/kerberosIV/klog.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h krb4int.h $(SRCTOP)/include/kerberosIV/klog.h kuserok.so kuserok.po $(OUTPRE)kuserok.$(OBJEXT): kuserok.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h + $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h log.so log.po $(OUTPRE)log.$(OBJEXT): log.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - krb4int.h $(SRCTOP)/include/kerberosIV/klog.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h krb4int.h $(SRCTOP)/include/kerberosIV/klog.h kntoln.so kntoln.po $(OUTPRE)kntoln.$(OBJEXT): kntoln.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h + $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h fgetst.so fgetst.po $(OUTPRE)fgetst.$(OBJEXT): fgetst.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - krb4int.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h krb4int.h rd_svc_key.so rd_svc_key.po $(OUTPRE)rd_svc_key.$(OBJEXT): rd_svc_key.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - krb4int.h $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ - $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \ - $(SRCTOP)/include/krb54proto.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h krb4int.h $(SRCTOP)/include/k5-int.h \ + $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \ + $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ + $(SRCTOP)/include/krb54proto.h $(SRCTOP)/include/kerberosIV/prot.h cr_err_repl.so cr_err_repl.po $(OUTPRE)cr_err_repl.$(OBJEXT): cr_err_repl.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h rd_req.so rd_req.po $(OUTPRE)rd_req.$(OBJEXT): rd_req.c $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h $(BUILDTOP)/include/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/krb54proto.h + $(SRCTOP)/include/kerberosIV/krb.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \ + $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/krb54proto.h g_svc_in_tkt.so g_svc_in_tkt.po $(OUTPRE)g_svc_in_tkt.$(OBJEXT): g_svc_in_tkt.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/kerberosIV/krb_conf.h \ + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \ krb4int.h recvauth.so recvauth.po $(OUTPRE)recvauth.$(OBJEXT): recvauth.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ + $(BUILDTOP)/include/krb5/autoconf.h krb_err.so krb_err.po $(OUTPRE)krb_err.$(OBJEXT): krb_err.c $(COM_ERR_DEPS) ad_print.so ad_print.po $(OUTPRE)ad_print.$(OBJEXT): ad_print.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - krb4int.h $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h krb4int.h $(SRCTOP)/include/port-sockets.h \ + $(BUILDTOP)/include/krb5/autoconf.h cr_death_pkt.so cr_death_pkt.po $(OUTPRE)cr_death_pkt.$(OBJEXT): cr_death_pkt.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h kparse.so kparse.po $(OUTPRE)kparse.$(OBJEXT): kparse.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/kparse.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/kparse.h put_svc_key.so put_svc_key.po $(OUTPRE)put_svc_key.$(OBJEXT): put_svc_key.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h krb4int.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h krb4int.h sendauth.so sendauth.po $(OUTPRE)sendauth.$(OBJEXT): sendauth.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - krb4int.h $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h krb4int.h $(SRCTOP)/include/port-sockets.h \ + $(BUILDTOP)/include/krb5/autoconf.h netread.so netread.po $(OUTPRE)netread.$(OBJEXT): netread.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ + $(BUILDTOP)/include/krb5/autoconf.h netwrite.so netwrite.po $(OUTPRE)netwrite.$(OBJEXT): netwrite.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ + $(BUILDTOP)/include/krb5/autoconf.h g_cnffile.so g_cnffile.po $(OUTPRE)g_cnffile.$(OBJEXT): g_cnffile.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/k5-int.h \ $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \ - $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \ + $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ - $(BUILDTOP)/include/profile.h krb4int.h + krb4int.h g_krbhst.so g_krbhst.po $(OUTPRE)g_krbhst.$(OBJEXT): g_krbhst.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - krb4int.h $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h krb4int.h $(SRCTOP)/include/port-sockets.h \ + $(BUILDTOP)/include/krb5/autoconf.h g_krbrlm.so g_krbrlm.po $(OUTPRE)g_krbrlm.$(OBJEXT): g_krbrlm.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - krb4int.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h krb4int.h g_admhst.so g_admhst.po $(OUTPRE)g_admhst.$(OBJEXT): g_admhst.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - krb4int.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h krb4int.h realmofhost.so realmofhost.po $(OUTPRE)realmofhost.$(OBJEXT): realmofhost.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ - krb4int.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ + $(BUILDTOP)/include/krb5/autoconf.h krb4int.h diff --git a/src/lib/krb4/change_password.c b/src/lib/krb4/change_password.c new file mode 100644 index 0000000000..8bceec28d5 --- /dev/null +++ b/src/lib/krb4/change_password.c @@ -0,0 +1,138 @@ +/* + * g_pw_in_tkt.c + * + * Copyright 1987, 1988, 2002 by the Massachusetts Institute of + * Technology. All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +#include <string.h> +#include <stdlib.h> +#include <netdb.h> + +#if TARGET_OS_MAC /* XXX */ +#include <Kerberos/CredentialsCache.h> +#endif +#include "krb.h" +#include "krb4int.h" +#include "kadm.h" +#include "prot.h" + +/* + * krb_change_password(): This disgusting function handles changing passwords + * in a krb4-only environment. + * -1783126240 + * THIS IS NOT A NORMAL KRB4 API FUNCTION! DON'T USE IN PORTABLE CODE! + */ + +int KRB5_CALLCONV +krb_change_password(char *principal, char *instance, char *realm, + char *oldPassword, char *newPassword) +{ + KRB_INT32 err; + des_cblock key; + KRB_UINT32 tempKey; + size_t sendSize; + u_char *sendStream; + size_t receiveSize; + u_char *receiveStream; + Kadm_Client client_parm; + u_char *p; + + err = 0; + /* + * Get tickets to change the old password and shove them in the + * client_parm + */ + err = krb_get_pw_in_tkt_creds(principal, instance, realm, + PWSERV_NAME, KADM_SINST, 1, + oldPassword, &client_parm.creds); + if (err != KSUCCESS) + goto cleanup; + +#if TARGET_OS_MAC + /* Now create the key to send to the server */ + switch (client_parm.creds.stk_type) { + case cc_v4_stk_des: + mit_passwd_to_key(principal, instance, realm, newPassword, key); + break; + case cc_v4_stk_afs: + afs_passwd_to_key(principal, instance, realm, newPassword, key); + break; + case cc_v4_stk_krb5: + krb5_passwd_to_key(principal, instance, realm, newPassword, key); + break; + default: + /* + * Okay, actually afs_string_to_key sites can't use this + * protocol to change passwords + */ + mit_passwd_to_key(principal, instance, realm, newPassword, key); + break; + } +#else + des_string_to_key(newPassword, key); /* XXX check this! */ +#endif + /* Create the link to the server */ + err = kadm_init_link(PWSERV_NAME, KRB_MASTER, realm, &client_parm, 1); + if (err != KADM_SUCCESS) + goto cleanup; + + /* Connect to the KDC */ + err = kadm_cli_conn(&client_parm); + if (err != KADM_SUCCESS) + goto cleanup; + + /* possible problem with vts_long on a non-multiple of four boundary */ + sendSize = 0; /* start of our output packet */ + sendStream = malloc(1); /* to make it reallocable */ + sendStream[sendSize++] = CHANGE_PW; + + /* change key to stream */ + /* This looks backwards but gets inverted on the server side. */ + p = key + 4; + KRB4_GET32BE(tempKey, p); + sendSize += vts_long(tempKey, &sendStream, (int)sendSize); + p = key; + KRB4_GET32BE(tempKey, p); + sendSize += vts_long(tempKey, &sendStream, (int)sendSize); + + if (newPassword) { + sendSize += vts_string(newPassword, &sendStream, (int)sendSize); + } + + /* send the data to the kdc */ + err = kadm_cli_send(&client_parm, sendStream, sendSize, + &receiveStream, &receiveSize); + free(sendStream); + if (receiveSize > 0) + /* If there is a string from the kdc, free it - we don't care */ + free(receiveStream); + if (err != KADM_SUCCESS) + goto disconnect; + +disconnect: + /* Disconnect */ + kadm_cli_disconn(&client_parm); + +cleanup: + return err; +} diff --git a/src/lib/krb4/configure.in b/src/lib/krb4/configure.in index 874555ddf7..0512949a53 100644 --- a/src/lib/krb4/configure.in +++ b/src/lib/krb4/configure.in @@ -10,33 +10,6 @@ dnl Could check for full stdc environment, but will only test dnl for stdlib.h AC_CHECK_HEADERS(stdlib.h) -AC_C_CROSS dnl pretty up output, eval this before AC_TRY_RUN -dnl need MSBFIRST, LSBFIRST, BITS16, BITS32 -AC_MSG_CHECKING([if system is msbfirst]) -AC_CACHE_VAL(krb5_cv_is_msbfirst, -[AC_TRY_RUN( -[#include <stdio.h> -int main() -{ - int one = 1; - exit (*(char*) &one); /* MSBFIRST iff 1 */ -}], -krb5_cv_is_msbfirst=yes, krb5_cv_is_msbfirst=no -)])dnl fail on cross for now -AC_MSG_RESULT($krb5_cv_is_msbfirst) -if test $krb5_cv_is_msbfirst = yes; then - AC_DEFINE(MSBFIRST) -else - AC_DEFINE(LSBFIRST) -fi -dnl -dnl check int, set bits16/bits32 based on it -AC_CHECK_SIZEOF(int) -if test $ac_cv_sizeof_int = 2; then - AC_DEFINE(BITS16) -else - AC_DEFINE(BITS32) -fi AC_TYPE_MODE_T AC_TYPE_UID_T AC_DEFINE(KRB4_USE_KEYTAB) @@ -45,4 +18,3 @@ AC_PROG_AWK KRB5_BUILD_LIBOBJS KRB5_BUILD_LIBRARY_WITH_DEPS V5_AC_OUTPUT_MAKEFILE - diff --git a/src/lib/krb4/g_in_tkt.c b/src/lib/krb4/g_in_tkt.c index 16b19660d3..43997a6982 100644 --- a/src/lib/krb4/g_in_tkt.c +++ b/src/lib/krb4/g_in_tkt.c @@ -44,13 +44,12 @@ typedef int (*decrypt_tkt_type) (char *, char *, char *, char *, key_proc_type, KTEXT *); #endif -static int -krb_mk_in_tkt_preauth(char *, char *, char *, char *, char *, - int, char *, int, KTEXT, int *); - -static int -krb_parse_in_tkt(char *, char *, char *, char *, char *, - int, KTEXT, int); +static int decrypt_tkt(char *, char *, char *, char *, key_proc_type, KTEXT *); +static int krb_mk_in_tkt_preauth(char *, char *, char *, char *, char *, + int, char *, int, KTEXT, int *, + struct sockaddr_in *); +static int krb_parse_in_tkt_creds(char *, char *, char *, char *, char *, + int, KTEXT, int, CREDENTIALS *); /* * decrypt_tkt(): Given user, instance, realm, passwd, key_proc @@ -135,7 +134,7 @@ decrypt_tkt(user, instance, realm, arg, key_proc, cipp) static int krb_mk_in_tkt_preauth(user, instance, realm, service, sinstance, life, - preauth_p, preauth_len, cip, byteorder) + preauth_p, preauth_len, cip, byteorder, local_addr) char *user; char *instance; char *realm; @@ -146,6 +145,7 @@ krb_mk_in_tkt_preauth(user, instance, realm, service, sinstance, life, int preauth_len; KTEXT cip; int *byteorder; + struct sockaddr_in *local_addr; { KTEXT_ST pkt_st; KTEXT pkt = &pkt_st; /* Packet to KDC */ @@ -213,7 +213,11 @@ krb_mk_in_tkt_preauth(user, instance, realm, service, sinstance, life, /* SEND THE REQUEST AND RECEIVE THE RETURN PACKET */ rpkt->length = 0; +#if 0 /* XXX */ + kerror = send_to_kdc_addr(pkt, rpkt, realm, local_addr); +#else kerror = send_to_kdc(pkt, rpkt, realm); +#endif if (kerror) return kerror; @@ -281,8 +285,8 @@ krb_mk_in_tkt_preauth(user, instance, realm, service, sinstance, life, } static int -krb_parse_in_tkt(user, instance, realm, service, sinstance, life, cip, - byteorder) +krb_parse_in_tkt_creds(user, instance, realm, service, sinstance, life, cip, + byteorder, creds) char *user; char *instance; char *realm; @@ -291,9 +295,9 @@ krb_parse_in_tkt(user, instance, realm, service, sinstance, life, cip, int life; KTEXT cip; int byteorder; + CREDENTIALS *creds; { unsigned char *ptr; - C_Block ses; /* Session key for tkt */ int len; int kvno; /* Kvno for session key */ char s_name[SNAME_SZ]; @@ -304,7 +308,6 @@ krb_parse_in_tkt(user, instance, realm, service, sinstance, life, cip, unsigned long kdc_time; /* KDC time */ unsigned KRB4_32 t_local; /* Must be 4 bytes long for memcpy below! */ KRB4_32 t_diff; /* Difference between timestamps */ - int kerror; int lifetime; ptr = cip->dat; @@ -368,24 +371,26 @@ krb_parse_in_tkt(user, instance, realm, service, sinstance, life, cip, return RD_AP_TIME; /* XXX should probably be better code */ } - /* initialize ticket cache */ - if (in_tkt(user,instance) != KSUCCESS) - return INTK_ERR; /* stash ticket, session key, etc. for future use */ - memcpy(ses, cip->dat, 8); - kerror = krb_save_credentials(s_name, s_instance, rlm, ses, - lifetime, kvno, - tkt, (KRB4_32)t_local); - memset(ses, 0, 8); - if (kerror) - return kerror; + strncpy(creds->service, s_name, sizeof(creds->service)); + strncpy(creds->instance, s_instance, sizeof(creds->instance)); + strncpy(creds->realm, rlm, sizeof(creds->realm)); + memmove(creds->session, cip->dat, sizeof(C_Block)); + creds->lifetime = lifetime; + creds->kvno = kvno; + creds->ticket_st.length = tkt->length; + memmove(creds->ticket_st.dat, tkt->dat, (size_t)tkt->length); + creds->issue_date = t_local; + strncpy(creds->pname, user, sizeof(creds->pname)); + strncpy(creds->pinst, instance, sizeof(creds->pinst)); return INTK_OK; } int -krb_get_in_tkt_preauth(user, instance, realm, service, sinstance, life, - key_proc, decrypt_proc, arg, preauth_p, preauth_len) +krb_get_in_tkt_preauth_creds(user, instance, realm, service, sinstance, life, + key_proc, decrypt_proc, + arg, preauth_p, preauth_len, creds) char *user; char *instance; char *realm; @@ -397,16 +402,27 @@ krb_get_in_tkt_preauth(user, instance, realm, service, sinstance, life, char *arg; char *preauth_p; int preauth_len; + CREDENTIALS *creds; { KTEXT_ST cip_st; KTEXT cip = &cip_st; /* Returned Ciphertext */ int kerror; int byteorder; +#if TARGET_OS_MAC + struct sockaddr_in local_addr; +#endif +#if TARGET_OS_MAC kerror = krb_mk_in_tkt_preauth(user, instance, realm, service, sinstance, life, preauth_p, preauth_len, - cip, &byteorder); + cip, &byteorder, &local_addr); +#else + kerror = krb_mk_in_tkt_preauth(user, instance, realm, + service, sinstance, + life, preauth_p, preauth_len, + cip, &byteorder, NULL); +#endif if (kerror) return kerror; /* Attempt to decrypt the reply. */ @@ -415,15 +431,87 @@ krb_get_in_tkt_preauth(user, instance, realm, service, sinstance, life, else (*decrypt_proc)(user, instance, realm, arg, key_proc, &cip); - kerror = krb_parse_in_tkt(user, instance, realm, - service, sinstance, - life, cip, byteorder); + kerror = krb_parse_in_tkt_creds(user, instance, realm, + service, sinstance, + life, cip, byteorder, creds); +#if TARGET_OS_MAC + /* Do this here to avoid OS dependency in parse_in_tkt prototype. */ + creds->address = local_addr->sin_addr.s_addr; +#endif /* stomp stomp stomp */ memset(cip->dat, 0, (size_t)cip->length); return kerror; } int +krb_get_in_tkt_creds(user, instance, realm, service, sinstance, life, + key_proc, decrypt_proc, arg, creds) + char *user; + char *instance; + char *realm; + char *service; + char *sinstance; + int life; + key_proc_type key_proc; + decrypt_tkt_type decrypt_proc; + char *arg; + CREDENTIALS *creds; +{ + return krb_get_in_tkt_preauth_creds(user, instance, realm, + service, sinstance, life, + key_proc, decrypt_proc, arg, + NULL, 0, creds); +} + +int +krb_get_in_tkt_preauth(user, instance, realm, service, sinstance, life, + key_proc, decrypt_proc, + arg, preauth_p, preauth_len) + char *user; + char *instance; + char *realm; + char *service; + char *sinstance; + int life; + key_proc_type key_proc; + decrypt_tkt_type decrypt_proc; + char *arg; + char *preauth_p; + int preauth_len; +{ + int retval; + CREDENTIALS creds; + + do { + retval = krb_get_in_tkt_preauth_creds(user, instance, realm, + service, sinstance, life, + key_proc, decrypt_proc, + arg, preauth_p, preauth_len, + &creds); + if (retval != KSUCCESS) break; + if (in_tkt(user, instance) != KSUCCESS) { + retval = INTK_ERR; + break; + } +#if TARGET_OS_MAC /* XXX */ + retval = krb_save_credentials_addr(creds.service, creds.instance, + creds.realm, creds.session, + creds.lifetime, creds.kvno, + &creds.ticket_st, creds.issue_date, + creds.address, creds.stk_type); +#else + retval = krb_save_credentials(creds.service, creds.instance, + creds.realm, creds.session, + creds.lifetime, creds.kvno, + &creds.ticket_st, creds.issue_date); +#endif + if (retval != KSUCCESS) break; + } while (0); + memset(&creds, 0, sizeof(creds)); + return retval; +} + +int krb_get_in_tkt(user, instance, realm, service, sinstance, life, key_proc, decrypt_proc, arg) char *user; @@ -439,5 +527,5 @@ krb_get_in_tkt(user, instance, realm, service, sinstance, life, return krb_get_in_tkt_preauth(user, instance, realm, service, sinstance, life, key_proc, decrypt_proc, arg, - (char *)NULL, 0); + NULL, 0); } diff --git a/src/lib/krb4/g_pw_in_tkt.c b/src/lib/krb4/g_pw_in_tkt.c index f878b77bdd..3396fcbd9d 100644 --- a/src/lib/krb4/g_pw_in_tkt.c +++ b/src/lib/krb4/g_pw_in_tkt.c @@ -115,6 +115,18 @@ krb_get_pw_in_tkt(user,instance,realm,service,sinstance,life,password) (decrypt_tkt_type)NULL, password)); } +int KRB5_CALLCONV +krb_get_pw_in_tkt_creds( + char *user, char *instance, char *realm, char *service, char *sinstance, + int life, char *password, CREDENTIALS *creds) +{ + return krb_get_in_tkt_creds(user, instance, realm, + service, sinstance, life, + (key_proc_type)passwd_to_key, + NULL, password, creds); +} + + /* * krb_get_pw_in_tkt_preauth() gets handed the password or key explicitly, * since the whole point of "pre" authentication is to prove that we've diff --git a/src/lib/krb4/kadm_err.et b/src/lib/krb4/kadm_err.et new file mode 100644 index 0000000000..07ab9da4b2 --- /dev/null +++ b/src/lib/krb4/kadm_err.et @@ -0,0 +1,58 @@ +# kadmin.v4/server/kadm_err.et +# +# Copyright 1988 by the Massachusetts Institute of Technology. +# +# For copying and distribution information, please see the file +# <mit-copyright.h>. +# +# Kerberos administration server error table +# + et kadm + +# KADM_SUCCESS, as all success codes should be, is zero + +ec KADM_RCSID, "$Header$" +# /* Building and unbuilding the packet errors */ +ec KADM_NO_REALM, "Cannot fetch local realm" +ec KADM_NO_CRED, "Unable to fetch credentials" +ec KADM_BAD_KEY, "Bad key supplied" +ec KADM_NO_ENCRYPT, "Can't encrypt data" +ec KADM_NO_AUTH, "Cannot encode/decode authentication info" +ec KADM_WRONG_REALM, "Principal attemping change is in wrong realm" +ec KADM_NO_ROOM, "Packet is too large" +ec KADM_BAD_VER, "Version number is incorrect" +ec KADM_BAD_CHK, "Checksum does not match" +ec KADM_NO_READ, "Unsealing private data failed" +ec KADM_NO_OPCODE, "Unsupported operation" +ec KADM_NO_HOST, "Could not find administrating host" +ec KADM_UNK_HOST, "Administrating host name is unknown" +ec KADM_NO_SERV, "Could not find service name in services database" +ec KADM_NO_SOCK, "Could not create socket" +ec KADM_NO_CONN, "Could not connect to server" +ec KADM_NO_HERE, "Could not fetch local socket address" +ec KADM_NO_MAST, "Could not fetch master key" +ec KADM_NO_VERI, "Could not verify master key" + +# /* From the server side routines */ +ec KADM_INUSE, "Entry already exists in database" +ec KADM_UK_SERROR, "Database store error" +ec KADM_UK_RERROR, "Database read error" +ec KADM_UNAUTH, "Insufficient access to perform requested operation" +# KADM_DATA isn't really an error, but... +ec KADM_DATA, "Data is available for return to client" +ec KADM_NOENTRY, "No such entry in the database" + +ec KADM_NOMEM, "Memory exhausted" +ec KADM_NO_HOSTNAME, "Could not fetch system hostname" +ec KADM_NO_BIND, "Could not bind port" +ec KADM_LENGTH_ERROR, "Length mismatch problem" +ec KADM_ILL_WILDCARD, "Illegal use of wildcard" + +ec KADM_DB_INUSE, "Database locked or in use" + +ec KADM_INSECURE_PW, "Insecure password rejected" +ec KADM_PW_MISMATCH, "Cleartext password and DES key did not match" + +ec KADM_NOT_SERV_PRINC, "Invalid principal for change srvtab request" +ec KADM_REALM_TOO_LONG, "Realm name too long" +end diff --git a/src/lib/krb4/kadm_net.c b/src/lib/krb4/kadm_net.c new file mode 100644 index 0000000000..37a660319a --- /dev/null +++ b/src/lib/krb4/kadm_net.c @@ -0,0 +1,383 @@ +/* + * kadm_net.c + * + * Copyright 1988, 2002 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * Kerberos administration server client-side network access routines + * These routines do actual network traffic, in a machine dependent manner. + */ + +#include <errno.h> +#include <signal.h> +#include <string.h> +#include <stdlib.h> +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif + +#define DEFINE_SOCKADDR /* Ask krb.h for struct sockaddr, etc */ +#include "port-sockets.h" +#include "krb.h" +#include "krbports.h" +#include "kadm.h" +#include "kadm_err.h" +#include "prot.h" + +/* XXX FIXME! */ +#if defined(_WINDOWS) || defined(macintosh) + #define SIGNAL(s, f) 0 +#else + #define SIGNAL(s, f) signal(s, f) + extern int errno; +#endif + +static void clear_secrets(des_cblock sess_key, Key_schedule sess_sched); +/* XXX FIXME! */ +static sigtype (*opipe)(); + + +/* + * kadm_init_link + * receives : principal, instance, realm + * + * initializes client parm, the Kadm_Client structure which holds the + * data about the connection between the server and client, the services + * used, the locations and other fun things + */ +int +kadm_init_link(char *principal, char *instance, char *realm, + Kadm_Client *client_parm, int changepw) +{ + struct servent *sep; /* service we will talk to */ + u_short sep_port; + struct hostent *hop; /* host we will talk to */ + char adm_hostname[MAXHOSTNAMELEN]; + char *scol = 0; + + (void) strcpy(client_parm->sname, principal); + (void) strcpy(client_parm->sinst, instance); + (void) strcpy(client_parm->krbrlm, realm); + client_parm->admin_fd = -1; + client_parm->default_port = 1; + + /* + * set up the admin_addr - fetch name of admin or kpasswd host + * (usually the admin host is the kpasswd host unless you have + * some sort of realm on crack) + */ + if (changepw) { +#if 0 /* XXX */ + if (krb_get_kpasswdhst(adm_hostname, client_parm->krbrlm, 1) != KSUCCESS) +#endif + if (krb_get_admhst(adm_hostname, client_parm->krbrlm, 1) != KSUCCESS) + return KADM_NO_HOST; + } else { + if (krb_get_admhst(adm_hostname, client_parm->krbrlm, 1) != KSUCCESS) + return KADM_NO_HOST; + } + scol = strchr(adm_hostname,':'); + if (scol) *scol = 0; + if ((hop = gethostbyname(adm_hostname)) == NULL) + /* + * couldn't find the admin servers address + */ + return KADM_UNK_HOST; + if (scol) { + sep_port = htons(atoi(scol+1)); + client_parm->default_port = 0; + } else if ((sep = getservbyname(KADM_SNAME, "tcp")) != NULL) + sep_port = sep->s_port; + else + sep_port = htons(KADM_PORT); /* KADM_SNAME = kerberos_master/tcp */ + memset(&client_parm->admin_addr, 0, sizeof(client_parm->admin_addr)); + client_parm->admin_addr.sin_family = hop->h_addrtype; + memcpy(&client_parm->admin_addr.sin_addr, hop->h_addr, hop->h_length); + client_parm->admin_addr.sin_port = sep_port; + + return KADM_SUCCESS; +} + +/* + * kadm_cli_send + * recieves : opcode, packet, packet length, serv_name, serv_inst + * returns : return code from the packet build, the server, or + * something else + * + * It assembles a packet as follows: + * 8 bytes : VERSION STRING + * 4 bytes : LENGTH OF MESSAGE DATA and OPCODE + * : KTEXT + * : OPCODE \ + * : DATA > Encrypted (with make priv) + * : ...... / + * + * If it builds the packet and it is small enough, then it attempts to open the + * connection to the admin server. If the connection is succesfully open + * then it sends the data and waits for a reply. + */ +int +kadm_cli_send(Kadm_Client *client_parm, + u_char *st_dat, /* the actual data */ + size_t st_siz, /* length of said data */ + u_char **ret_dat, /* to give return info */ + size_t *ret_siz) /* length of returned info */ +{ +/* Macros for use in returning data... used in kadm_cli_send */ +#define RET_N_FREE(r) {clear_secrets(sess_key, sess_sched); free((char *)act_st); free((char *)priv_pak); return r;} +#define RET_N_FREE2(r) {free((char *)*ret_dat); *ret_dat = 0; *ret_siz = 0; clear_secrets(sess_key, sess_sched); return(r);} + + int act_len; /* current offset into packet, return */ + KRB_INT32 retdat; /* data */ + KTEXT_ST authent; /* the authenticator we will build */ + u_char *act_st; /* the pointer to the complete packet */ + u_char *priv_pak; /* private version of the packet */ + long priv_len; /* length of private packet */ + u_long cksum; /* checksum of the packet */ + MSG_DAT mdat; + u_char *return_dat; + u_char *p; + KRB_UINT32 uretdat; + + /* Keys for use in the transactions */ + des_cblock sess_key; /* to be filled in by kadm_cli_keyd */ + Key_schedule sess_sched; + + act_st = malloc(KADM_VERSIZE); /* verstr stored first */ + strncpy((char *)act_st, KADM_VERSTR, KADM_VERSIZE); + act_len = KADM_VERSIZE; + + if ((retdat = kadm_cli_keyd(client_parm, sess_key, sess_sched)) != KADM_SUCCESS) { + free(act_st); + return retdat; /* couldnt get key working */ + } + priv_pak = malloc(st_siz + 200); + /* 200 bytes for extra info case */ + /* XXX Check mk_priv return type */ + if ((priv_len = krb_mk_priv(st_dat, priv_pak, (u_long)st_siz, + sess_sched, (C_Block *)sess_key, + &client_parm->my_addr, + &client_parm->admin_addr)) < 0) + RET_N_FREE(KADM_NO_ENCRYPT); /* whoops... we got a lose here */ + /* + * here is the length of priv data. receiver calcs size of + * authenticator by subtracting vno size, priv size, and + * sizeof(u_long) (for the size indication) from total size + */ + act_len += vts_long((KRB_UINT32)priv_len, &act_st, (int)act_len); +#ifdef NOENCRYPTION + cksum = 0; +#else + cksum = quad_cksum(priv_pak, NULL, priv_len, 0, &sess_key); +#endif + /* XXX cast unsigned->signed */ + if ((retdat = krb_mk_req_creds(&authent, &client_parm->creds, (long)cksum)) != NULL) { + /* authenticator? */ + RET_N_FREE(retdat); + } + + act_st = realloc(act_st, (unsigned) (act_len + authent.length + + priv_len)); + if (!act_st) { + clear_secrets(sess_key, sess_sched); + free(priv_pak); + return KADM_NOMEM; + } + memcpy(act_st + act_len, authent.dat, authent.length); + memcpy(act_st + act_len + authent.length, priv_pak, priv_len); + free(priv_pak); + if ((retdat = kadm_cli_out(client_parm, act_st, + act_len + authent.length + priv_len, + ret_dat, ret_siz)) != KADM_SUCCESS) + RET_N_FREE(retdat); + free(act_st); + + /* first see if it's a YOULOSE */ + if ((*ret_siz >= KADM_VERSIZE) && + !strncmp(KADM_ULOSE, (char *)*ret_dat, KADM_VERSIZE)) + { + /* it's a youlose packet */ + if (*ret_siz < KADM_VERSIZE + 4) + RET_N_FREE2(KADM_BAD_VER); + p = *ret_dat + KADM_VERSIZE; + KRB4_GET32BE(uretdat, p); + /* XXX unsigned->signed */ + retdat = (KRB_INT32)uretdat; + RET_N_FREE2(retdat); + } + /* need to decode the ret_dat */ + if ((retdat = krb_rd_priv(*ret_dat, (u_long)*ret_siz, sess_sched, + (C_Block *)sess_key, &client_parm->admin_addr, + &client_parm->my_addr, &mdat)) != NULL) + RET_N_FREE2(retdat); + if (mdat.app_length < KADM_VERSIZE + 4) + /* too short! */ + RET_N_FREE2(KADM_BAD_VER); + if (strncmp((char *)mdat.app_data, KADM_VERSTR, KADM_VERSIZE)) + /* bad version */ + RET_N_FREE2(KADM_BAD_VER); + p = mdat.app_data + KADM_VERSIZE; + KRB4_GET32BE(uretdat, p); + /* XXX unsigned->signed */ + retdat = (KRB_INT32)uretdat; + if ((mdat.app_length - KADM_VERSIZE - 4) != 0) { + if (!(return_dat = + malloc((unsigned)(mdat.app_length - KADM_VERSIZE - 4)))) + RET_N_FREE2(KADM_NOMEM); + memcpy(return_dat, p, mdat.app_length - KADM_VERSIZE - 4); + } else { + /* If it's zero length, still need to malloc a 1 byte string; */ + /* malloc's of zero will return NULL on AIX & A/UX */ + if (!(return_dat = malloc((unsigned) 1))) + RET_N_FREE2(KADM_NOMEM); + *return_dat = '\0'; + } + free(*ret_dat); + clear_secrets(sess_key, sess_sched); + *ret_dat = return_dat; + *ret_siz = mdat.app_length - KADM_VERSIZE - 4; + return retdat; +} + +int kadm_cli_conn(Kadm_Client *client_parm) +{ /* this connects and sets my_addr */ +#if 0 + int on = 1; +#endif + if ((client_parm->admin_fd = + socket(client_parm->admin_addr.sin_family, SOCK_STREAM,0)) < 0) + return KADM_NO_SOCK; /* couldnt create the socket */ + if (SOCKET_CONNECT(client_parm->admin_fd, + (struct sockaddr *) & client_parm->admin_addr, + sizeof(client_parm->admin_addr))) { + (void) SOCKET_CLOSE(client_parm->admin_fd); + client_parm->admin_fd = -1; + + /* The V4 kadmind port number is 751. The RFC assigned + number, for V5, is 749. Sometimes the entry in + /etc/services on a client machine will say 749, but the + server may be listening on port 751. We try to partially + cope by automatically falling back to try port 751 if we + don't get a reply on port we are using. */ + if (client_parm->admin_addr.sin_port != htons(KADM_PORT) + && client_parm->default_port) { + client_parm->admin_addr.sin_port = htons(KADM_PORT); + return kadm_cli_conn(client_parm); + } + + return KADM_NO_CONN; /* couldnt get the connect */ + } + opipe = SIGNAL(SIGPIPE, SIG_IGN); + client_parm->my_addr_len = sizeof(client_parm->my_addr); + if (SOCKET_GETSOCKNAME(client_parm->admin_fd, + (struct sockaddr *) & client_parm->my_addr, + &client_parm->my_addr_len) < 0) { + (void) SOCKET_CLOSE(client_parm->admin_fd); + client_parm->admin_fd = -1; + (void) SIGNAL(SIGPIPE, opipe); + return KADM_NO_HERE; /* couldnt find out who we are */ + } +#if 0 + if (setsockopt(client_parm.admin_fd, SOL_SOCKET, SO_KEEPALIVE, (char *)&on, + sizeof(on)) < 0) { + (void) closesocket(client_parm.admin_fd); + client_parm.admin_fd = -1; + (void) SIGNAL(SIGPIPE, opipe); + return KADM_NO_CONN; /* XXX */ + } +#endif + return KADM_SUCCESS; +} + +void kadm_cli_disconn(Kadm_Client *client_parm) +{ + (void) SOCKET_CLOSE(client_parm->admin_fd); + (void) SIGNAL(SIGPIPE, opipe); + return; +} + +int kadm_cli_out(Kadm_Client *client_parm, u_char *dat, int dat_len, + u_char **ret_dat, size_t *ret_siz) +{ + u_short dlen; + int retval; + unsigned char buf[2], *p; + + dlen = (u_short)dat_len; + if (dlen > 0x7fff) /* XXX krb_net_write signedness */ + return KADM_NO_ROOM; + + p = buf; + KRB4_PUT16BE(p, dlen); + if (krb_net_write(client_parm->admin_fd, (char *)buf, 2) < 0) + return SOCKET_ERRNO; /* XXX */ + + if (krb_net_write(client_parm->admin_fd, (char *)dat, (int)dat_len) < 0) + return SOCKET_ERRNO; /* XXX */ + + retval = krb_net_read(client_parm->admin_fd, (char *)buf, 2); + if (retval != 2) { + if (retval < 0) + return SOCKET_ERRNO; /* XXX */ + else + return EPIPE; /* short read ! */ + } + + p = buf; + KRB4_GET16BE(dlen, p); + if (dlen > INT_MAX) /* XXX krb_net_read signedness */ + return KADM_NO_ROOM; + *ret_dat = malloc(dlen); + if (!*ret_dat) + return KADM_NOMEM; + + retval = krb_net_read(client_parm->admin_fd, (char *)*ret_dat, (int)dlen); + if (retval != dlen) { + if (retval < 0) + return SOCKET_ERRNO; /* XXX */ + else + return EPIPE; /* short read ! */ + } + *ret_siz = dlen; + return KADM_SUCCESS; +} + +static void +clear_secrets(des_cblock sess_key, Key_schedule sess_sched) +{ + memset(sess_key, 0, sizeof(sess_key)); + memset(sess_sched, 0, sizeof(sess_sched)); + return; +} + +/* takes in the sess_key and key_schedule and sets them appropriately */ +int kadm_cli_keyd(Kadm_Client *client_parm, + des_cblock s_k, des_key_schedule s_s) +{ + int stat; + + memcpy(s_k, client_parm->creds.session, sizeof(des_cblock)); + stat = key_sched(s_k, s_s); + if (stat) + return stat; + return KADM_SUCCESS; +} /* This code "works" */ diff --git a/src/lib/krb4/kadm_stream.c b/src/lib/krb4/kadm_stream.c new file mode 100644 index 0000000000..3a9861eda4 --- /dev/null +++ b/src/lib/krb4/kadm_stream.c @@ -0,0 +1,319 @@ +/* + * kadm_stream.c + * + * Copyright 1988, 2002 by the Massachusetts Institute of Technology. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * Stream conversion functions for Kerberos administration server + */ + +/* + kadm_stream.c + this holds the stream support routines for the kerberos administration server + + vals_to_stream: converts a vals struct to a stream for transmission + internals build_field_header, vts_[string, char, long, short] + stream_to_vals: converts a stream to a vals struct + internals check_field_header, stv_[string, char, long, short] + error: prints out a kadm error message, returns + fatal: prints out a kadm fatal error message, exits +*/ + +#include <string.h> +#include <stdlib.h> + +#include "kadm.h" +#include "kadm_err.h" +#include "prot.h" + +#define min(a,b) (((a) < (b)) ? (a) : (b)) + +/* +vals_to_stream + recieves : kadm_vals *, u_char * + returns : a realloced and filled in u_char * + +this function creates a byte-stream representation of the kadm_vals structure +*/ +int +vals_to_stream(Kadm_vals *dt_in, u_char **dt_out) +{ + int vsloop, stsize; /* loop counter, stream size */ + + stsize = build_field_header(dt_in->fields, dt_out); + for (vsloop = 31; vsloop >= 0; vsloop--) + if (IS_FIELD(vsloop, dt_in->fields)) { + switch (vsloop) { + case KADM_NAME: + stsize += vts_string(dt_in->name, dt_out, stsize); + break; + case KADM_INST: + stsize += vts_string(dt_in->instance, dt_out, stsize); + break; + case KADM_EXPDATE: + stsize += vts_long((KRB_UINT32)dt_in->exp_date, + dt_out, stsize); + break; + case KADM_ATTR: + stsize += vts_short(dt_in->attributes, dt_out, stsize); + break; + case KADM_MAXLIFE: + stsize += vts_char(dt_in->max_life, dt_out, stsize); + break; + case KADM_DESKEY: + stsize += vts_long(dt_in->key_high, dt_out, stsize); + stsize += vts_long(dt_in->key_low, dt_out, stsize); + break; + default: + break; + } + } + return stsize; +} + +int +build_field_header( + u_char *cont, /* container for fields data */ + u_char **st) /* stream */ +{ + *st = malloc(4); + if (*st == NULL) + return -1; + memcpy(*st, cont, 4); + return 4; /* return pointer to current stream location */ +} + +int +vts_string(char *dat, u_char **st, int loc) +{ + size_t len; + unsigned char *p; + + if (loc < 0) + return -1; + len = strlen(dat) + 1; + p = realloc(*st, (size_t)loc + len); + if (p == NULL) + return -1; + memcpy(p + loc, dat, len); + *st = p; + return len; +} + +int +vts_short(KRB_UINT32 dat, u_char **st, int loc) +{ + unsigned char *p; + + if (loc < 0) + return -1; + p = realloc(*st, (size_t)loc + 2); + if (p == NULL) + return -1; + + KRB4_PUT16BE(p, dat); + *st = p; + return 2; +} + +int +vts_long(KRB_UINT32 dat, u_char **st, int loc) +{ + unsigned char *p; + + if (loc < 0) + return -1; + p = realloc(*st, (size_t)loc + 4); + if (p == NULL) + return -1; + + KRB4_PUT32BE(p, dat); + *st = p; + return 4; +} + +int +vts_char(KRB_UINT32 dat, u_char **st, int loc) +{ + unsigned char *p; + + if (loc < 0) + return -1; + p = realloc(*st, (size_t)loc + 1); + if (p == NULL) + return -1; + p[loc] = dat & 0xff; + *st = p; + return 1; +} + +/* +stream_to_vals + recieves : u_char *, kadm_vals * + returns : a kadm_vals filled in according to u_char * + +this decodes a byte stream represntation of a vals struct into kadm_vals +*/ +int +stream_to_vals( + u_char *dt_in, + Kadm_vals *dt_out, + int maxlen) /* max length to use */ +{ + register int vsloop, stsize; /* loop counter, stream size */ + register int status; + + memset(dt_out, 0, sizeof(*dt_out)); + + stsize = check_field_header(dt_in, dt_out->fields, maxlen); + if (stsize < 0) + return -1; + for (vsloop = 31; vsloop >= 0; vsloop--) + if (IS_FIELD(vsloop, dt_out->fields)) + switch (vsloop) { + case KADM_NAME: + status = stv_string(dt_in, dt_out->name, stsize, + sizeof(dt_out->name), maxlen); + if (status < 0) + return -1; + stsize += status; + break; + case KADM_INST: + status = stv_string(dt_in, dt_out->instance, stsize, + sizeof(dt_out->instance), maxlen); + if (status < 0) + return -1; + stsize += status; + break; + case KADM_EXPDATE: + { + KRB_UINT32 exp_date; + + status = stv_long(dt_in, &exp_date, stsize, maxlen); + if (status < 0) + return -1; + dt_out->exp_date = exp_date; + stsize += status; + } + break; + case KADM_ATTR: + status = stv_short(dt_in, &dt_out->attributes, stsize, + maxlen); + if (status < 0) + return -1; + stsize += status; + break; + case KADM_MAXLIFE: + status = stv_char(dt_in, &dt_out->max_life, stsize, + maxlen); + if (status < 0) + return -1; + stsize += status; + break; + case KADM_DESKEY: + status = stv_long(dt_in, &dt_out->key_high, stsize, + maxlen); + if (status < 0) + return -1; + stsize += status; + status = stv_long(dt_in, &dt_out->key_low, stsize, + maxlen); + if (status < 0) + return -1; + stsize += status; + break; + default: + break; + } + return stsize; +} + +int +check_field_header( + u_char *st, /* stream */ + u_char *cont, /* container for fields data */ + int maxlen) +{ + if (4 > maxlen) + return -1; + memcpy(cont, st, 4); + return 4; /* return pointer to current stream location */ +} + +int +stv_string( + register u_char *st, /* base pointer to the stream */ + char *dat, /* a string to read from the stream */ + register int loc, /* offset into the stream for current data */ + int stlen, /* max length of string to copy in */ + int maxlen) /* max length of input stream */ +{ + int maxcount; /* max count of chars to copy */ + + if (loc < 0) + return -1; + maxcount = min(maxlen - loc, stlen); + if (maxcount <= 0) /* No strings left in the input stream */ + return -1; + + (void) strncpy(dat, (char *)st + loc, (size_t)maxcount); + + if (dat[maxcount - 1]) /* not null-term --> not enuf room */ + return -1; + return strlen(dat) + 1; +} + +int +stv_short(u_char *st, u_short *dat, int loc, int maxlen) +{ + u_short temp; + unsigned char *p; + + if (loc < 0 || loc + 2 > maxlen) + return -1; + p = st + loc; + KRB4_GET16BE(temp, p); + *dat = temp; + return 2; +} + +int +stv_long(u_char *st, KRB_UINT32 *dat, int loc, int maxlen) +{ + KRB_UINT32 temp; + unsigned char *p; + + if (loc < 0 || loc + 4 > maxlen) + return -1; + p = st + loc; + KRB4_GET32BE(temp, p); + *dat = temp; + return 4; +} + +int +stv_char(u_char *st, u_char *dat, int loc, int maxlen) +{ + if (loc < 0 || loc + 1 > maxlen) + return -1; + *dat = *(st + loc); + return 1; +} diff --git a/src/lib/krb4/mk_req.c b/src/lib/krb4/mk_req.c index b5f02529be..698d2c2ad7 100644 --- a/src/lib/krb4/mk_req.c +++ b/src/lib/krb4/mk_req.c @@ -1,7 +1,7 @@ /* * lib/krb4/mk_req.c * - * Copyright 1985, 1986, 1987, 1988, 2000 by the Massachusetts + * Copyright 1985, 1986, 1987, 1988, 2000, 2002 by the Massachusetts * Institute of Technology. All Rights Reserved. * * Export of this software from the United States of America may @@ -33,6 +33,8 @@ extern int krb_ap_req_debug; static int lifetime = 255; /* Default based on the TGT */ +static int krb_mk_req_creds_prealm(KTEXT, CREDENTIALS *, KRB4_32, char *); + /* * krb_mk_req takes a text structure in which an authenticator is to * be built, the name of a service, an instance, a realm, @@ -83,83 +85,51 @@ static int lifetime = 255; /* Default based on the TGT */ * all rounded up to multiple of 8. */ -int KRB5_CALLCONV -krb_mk_req(authent, service, instance, realm, checksum) +static int +krb_mk_req_creds_prealm(authent, creds, checksum, myrealm) register KTEXT authent; /* Place to build the authenticator */ - char *service; /* Name of the service */ - char *instance; /* Service instance */ - char *realm; /* Authentication domain of service */ + CREDENTIALS *creds; KRB4_32 checksum; /* Checksum of data (optional) */ + char *myrealm; /* Client's realm */ { KTEXT_ST req_st; /* Temp storage for req id */ KTEXT req_id = &req_st; unsigned char *p, *q, *reqid_lenp; int tl; /* Tkt len */ int idl; /* Reqid len */ - CREDENTIALS cr; /* Credentials used by retr */ - register KTEXT ticket = &(cr.ticket_st); /* Pointer to tkt_st */ - int retval; /* Returned by krb_get_cred */ + register KTEXT ticket; /* Pointer to tkt_st */ Key_schedule key_s; - char krb_realm[REALM_SZ]; /* Our local realm, if not specified */ - char myrealm[REALM_SZ]; /* Realm of our TGT */ size_t realmlen, pnamelen, pinstlen, myrealmlen; unsigned KRB4_32 time_secs; unsigned KRB4_32 time_usecs; - /* get current realm if not passed in */ - if (realm == NULL) { - retval = krb_get_lrealm(krb_realm, 1); - if (retval != KSUCCESS) - return retval; - realm = krb_realm; - } - + ticket = &creds->ticket_st; /* Get the ticket and move it into the authenticator */ if (krb_ap_req_debug) - DEB (("Realm: %s\n",realm)); - /* - * Determine realm of these tickets. We will send this to the - * KDC from which we are requesting tickets so it knows what to - * with our session key. - */ - retval = krb_get_tf_realm(TKT_FILE, myrealm); - if (retval != KSUCCESS) - return retval; + DEB (("Realm: %s\n", creds->realm)); - retval = krb_get_cred(service, instance, realm, &cr); - if (retval == RET_NOTKT) { - retval = get_ad_tkt(service, instance, realm, lifetime); - if (retval) - return retval; - retval = krb_get_cred(service, instance, realm, &cr); - if (retval) - return retval; - } - if (retval != KSUCCESS) - return retval; - - realmlen = strlen(realm) + 1; + realmlen = strlen(creds->realm) + 1; if (sizeof(authent->dat) < (1 + 1 + 1 + realmlen + 1 + 1 + ticket->length) || ticket->length < 0 || ticket->length > 255) { authent->length = 0; - memset(cr.session, 0, sizeof(cr.session)); + memset(creds->session, 0, sizeof(creds->session)); return KFAILURE; } if (krb_ap_req_debug) - DEB (("%s %s %s %s %s\n", service, instance, realm, - cr.pname, cr.pinst)); + DEB (("%s %s %s %s %s\n", creds->service, creds->instance, + creds->realm, creds->pname, creds->pinst)); p = authent->dat; /* The fixed parts of the authenticator */ *p++ = KRB_PROT_VERSION; *p++ = AUTH_MSG_APPL_REQUEST; - *p++ = cr.kvno; + *p++ = creds->kvno; - memcpy(p, realm, realmlen); + memcpy(p, creds->realm, realmlen); p += realmlen; tl = ticket->length; @@ -173,14 +143,14 @@ krb_mk_req(authent, service, instance, realm, checksum) if (krb_ap_req_debug) DEB (("Ticket->length = %d\n",ticket->length)); if (krb_ap_req_debug) - DEB (("Issue date: %d\n",cr.issue_date)); + DEB (("Issue date: %d\n",creds->issue_date)); - pnamelen = strlen(cr.pname) + 1; - pinstlen = strlen(cr.pinst) + 1; + pnamelen = strlen(creds->pname) + 1; + pinstlen = strlen(creds->pinst) + 1; myrealmlen = strlen(myrealm) + 1; if (sizeof(req_id->dat) / 8 < (pnamelen + pinstlen + myrealmlen + 4 + 1 + 4 + 7) / 8) { - memset(cr.session, 0, sizeof(cr.session)); + memset(creds->session, 0, sizeof(creds->session)); return KFAILURE; } @@ -188,10 +158,10 @@ krb_mk_req(authent, service, instance, realm, checksum) /* Build request id */ /* Auth name */ - memcpy(q, cr.pname, pnamelen); + memcpy(q, creds->pname, pnamelen); q += pnamelen; /* Principal's instance */ - memcpy(q, cr.pinst, pinstlen); + memcpy(q, creds->pinst, pinstlen); q += pinstlen; /* Authentication domain */ memcpy(q, myrealm, myrealmlen); @@ -210,12 +180,12 @@ krb_mk_req(authent, service, instance, realm, checksum) #ifndef NOENCRYPTION /* Encrypt the request ID using the session key */ - key_sched(cr.session, key_s); + key_sched(creds->session, key_s); pcbc_encrypt((C_Block *)req_id->dat, (C_Block *)req_id->dat, - (long)req_id->length, key_s, &cr.session, 1); + (long)req_id->length, key_s, &creds->session, 1); /* clean up */ memset(key_s, 0, sizeof(key_s)); - memset(cr.session, 0, sizeof(cr.session)); + memset(creds->session, 0, sizeof(creds->session)); #endif /* NOENCRYPTION */ /* Copy it into the authenticator */ @@ -239,6 +209,61 @@ krb_mk_req(authent, service, instance, realm, checksum) return KSUCCESS; } +int KRB5_CALLCONV +krb_mk_req(authent, service, instance, realm, checksum) + register KTEXT authent; /* Place to build the authenticator */ + char *service; /* Name of the service */ + char *instance; /* Service instance */ + char *realm; /* Authentication domain of service */ + KRB4_32 checksum; /* Checksum of data (optional) */ +{ + char krb_realm[REALM_SZ]; /* Our local realm, if not specified */ + char myrealm[REALM_SZ]; /* Realm of initial TGT. */ + int retval; + CREDENTIALS creds; + + /* get current realm if not passed in */ + if (realm == NULL) { + retval = krb_get_lrealm(krb_realm, 1); + if (retval != KSUCCESS) + return retval; + realm = krb_realm; + } + /* + * Determine realm of these tickets. We will send this to the + * KDC from which we are requesting tickets so it knows what to + * with our session key. + */ + retval = krb_get_tf_realm(TKT_FILE, myrealm); + if (retval != KSUCCESS) + retval = krb_get_lrealm(myrealm, 1); + if (retval != KSUCCESS) + return retval; + + retval = krb_get_cred(service, instance, realm, &creds); + if (retval == RET_NOTKT) { + retval = get_ad_tkt(service, instance, realm, lifetime); + if (retval) + return retval; + retval = krb_get_cred(service, instance, realm, &creds); + if (retval) + return retval; + } + if (retval != KSUCCESS) + return retval; + + return krb_mk_req_creds_prealm(authent, &creds, checksum, myrealm); +} + +int KRB5_CALLCONV +krb_mk_req_creds(authent, creds, checksum) + register KTEXT authent; /* Place to build the authenticator */ + CREDENTIALS *creds; + KRB4_32 checksum; /* Checksum of data (optional) */ +{ + return krb_mk_req_creds_prealm(authent, creds, checksum, creds->realm); +} + /* * krb_set_lifetime sets the default lifetime for additional tickets * obtained via krb_mk_req(). @@ -246,7 +271,7 @@ krb_mk_req(authent, service, instance, realm, checksum) * It returns the previous value of the default lifetime. */ -int +int KRB5_CALLCONV krb_set_lifetime(newval) int newval; { diff --git a/src/lib/krb4/one.c b/src/lib/krb4/one.c deleted file mode 100644 index 47a16e27fd..0000000000 --- a/src/lib/krb4/one.c +++ /dev/null @@ -1,15 +0,0 @@ -/* - * one.c - * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * <mit-copyright.h>. - */ - -/* - * definition of variable set to 1. - * used in krb_conf.h to determine host byte order. - */ - -const int krbONE = 1; diff --git a/src/lib/krb4/password_to_key.c b/src/lib/krb4/password_to_key.c new file mode 100644 index 0000000000..be307a42d0 --- /dev/null +++ b/src/lib/krb4/password_to_key.c @@ -0,0 +1,146 @@ +/* + * password_to_key.c -- password_to_key functions merged from KfM + * + * Copyright 1999, 2002 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +#include <string.h> +#include <stdlib.h> + +#if TARGET_OS_MAC +#include <Kerberos/CredentialsCache.h> +#endif +#include "krb.h" +#include "krb4int.h" + +/* + * passwd_to_key(): given a password, return a DES key. + * There are extra arguments here which (used to be?) + * used by srvtab_to_key(). + * + * If the "passwd" argument is not null, generate a DES + * key from it, using string_to_key(). + * + * If the "passwd" argument is null, then on a Unix system we call + * des_read_password() to prompt for a password and then convert it + * into a DES key. But "prompting" the user is harder in a Windows or + * Macintosh environment, so we rely on our caller to explicitly do + * that now. + * + * In either case, the resulting key is put in the "key" argument, + * and 0 is returned. + */ + +#if TARGET_OS_MAC +/*ARGSUSED */ +int +krb_get_keyprocs(KRB_UINT32 stkType, + key_proc_array kps, key_proc_type_array sts) +{ + /* generates the list of key procs */ + /* always try them all, but try the specified one first */ + switch (stkType) { + case cc_v4_stk_afs: + kps[0] = afs_passwd_to_key; + sts[0] = cc_v4_stk_afs; + + kps[1] = mit_passwd_to_key; + sts[1] = cc_v4_stk_des; + + kps[2] = krb5_passwd_to_key; + sts[2] = cc_v4_stk_krb5; + + kps[3] = NULL; + break; + case cc_v4_stk_des: + case cc_v4_stk_unknown: + default: + kps[0] = mit_passwd_to_key; + sts[0] = cc_v4_stk_des; + + kps[1] = afs_passwd_to_key; + sts[1] = cc_v4_stk_afs; + + kps[2] = krb5_passwd_to_key; + sts[2] = cc_v4_stk_krb5; + + kps[3] = NULL; + break; + } + return KSUCCESS; +} +#endif + +int +mit_passwd_to_key(char *user, char *instance, char *realm, + char *passwd, C_Block key) +{ +#pragma unused(user) +#pragma unused(instance) +#pragma unused(realm) + + if (passwd) + mit_string_to_key(passwd, key); +#if !(defined(_WINDOWS) || defined(macintosh)) + else { + des_read_password((C_Block *)key, "Password: ", 0); + } +#endif /* unix */ + return (0); +} + +/* So we can use a v4 kinit against a v5 kdc with no krb4 salted key */ +int +krb5_passwd_to_key(char *user, char *instance, char *realm, + char *passwd, C_Block key) +{ + if (user && instance && realm && passwd) { + unsigned int len = MAX_K_NAME_SZ + strlen(passwd) + 1; + char *p = malloc (len); + if (p != NULL) { + snprintf (p, len, "%s%s%s%s", passwd, realm, user, instance); + p[len - 1] = '\0'; + mit_string_to_key (p, key); + free (p); + return 0; + } + } + return -1; +} + +int +afs_passwd_to_key(char *user, char *instance, char *realm, + char *passwd, C_Block key) +{ +#pragma unused(user) +#pragma unused(instance) + + if (passwd) + afs_string_to_key(passwd, realm, key); +#if !(defined(_WINDOWS) || defined(macintosh)) + else { + des_read_password((C_Block *)key, "Password: ", 0); + } +#endif /* unix */ + return (0); +} diff --git a/src/lib/krb4/prot_client.c b/src/lib/krb4/prot_client.c index d254e89493..315f7f08a4 100644 --- a/src/lib/krb4/prot_client.c +++ b/src/lib/krb4/prot_client.c @@ -64,7 +64,7 @@ krb4prot_encode_kdc_request(char *pname, char *pinst, char *prealm, p = pkt->dat; *p++ = KRB_PROT_VERSION; - *p++ = AUTH_MSG_KDC_REQUEST | (le ? LSB_FIRST : MSB_FIRST); + *p++ = AUTH_MSG_KDC_REQUEST | !!le; ret = krb4prot_encode_naminstrlm(pname, pinst, prealm, chklen, pkt, &p); @@ -235,7 +235,7 @@ krb4prot_encode_apreq(int kvno, char *realm, p = pkt->dat; /* Assume >= 3 bytes in a KTEXT. */ *p++ = KRB_PROT_VERSION; - *p++ = AUTH_MSG_APPL_REQUEST | (le ? LSB_FIRST : MSB_FIRST); + *p++ = AUTH_MSG_APPL_REQUEST | !!le; *p++ = kvno; diff --git a/src/lib/krb4/prot_kdc.c b/src/lib/krb4/prot_kdc.c index d733c25891..aaaa9d00c4 100644 --- a/src/lib/krb4/prot_kdc.c +++ b/src/lib/krb4/prot_kdc.c @@ -91,7 +91,7 @@ krb4prot_encode_kdc_reply(char *pname, char *pinst, char *prealm, else *p++ = KRB_PROT_VERSION; /* little-endianness based on input, usually big-endian, though. */ - *p++ = AUTH_MSG_KDC_REPLY | (le ? LSB_FIRST : MSB_FIRST); + *p++ = AUTH_MSG_KDC_REPLY | !!le; ret = krb4prot_encode_naminstrlm(pname, pinst, prealm, chklen, outbuf, &p); @@ -281,7 +281,7 @@ krb4prot_encode_tkt(unsigned int flags, * Assume at least one byte in a KTEXT. If not, we have bigger * problems. Also, bitwise-OR in the little-endian flag. */ - *p++ = flags | (le ? LSB_FIRST : MSB_FIRST); + *p++ = flags | !!le; if (krb4prot_encode_naminstrlm(pname, pinst, prealm, chklen, tkt, &p)) @@ -369,7 +369,7 @@ krb4prot_encode_err_reply(char *pname, char *pinst, char *prealm, p = pkt->dat; /* Assume >= 2 bytes in KTEXT. */ *p++ = KRB_PROT_VERSION; - *p++ = AUTH_MSG_ERR_REPLY | (le ? LSB_FIRST : MSB_FIRST); + *p++ = AUTH_MSG_ERR_REPLY | !!le; if (krb4prot_encode_naminstrlm(pname, pinst, prealm, chklen, pkt, &p)) diff --git a/src/lib/krb4/rd_req.c b/src/lib/krb4/rd_req.c index b97bdbe0a4..1b8de0cf3a 100644 --- a/src/lib/krb4/rd_req.c +++ b/src/lib/krb4/rd_req.c @@ -1,8 +1,8 @@ /* * lib/krb4/rd_req.c * - * Copyright 1985, 1986, 1987, 1988, 2000, 2001 by the Massachusetts - * Institute of Technology. All Rights Reserved. + * Copyright 1985, 1986, 1987, 1988, 2000, 2001, 2002 by the + * Massachusetts Institute of Technology. All Rights Reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. @@ -33,6 +33,10 @@ extern int krb_ap_req_debug; +static int +krb_rd_req_with_key(KTEXT, char *, char *, KRB_UINT32, AUTH_DAT *, + Key_schedule, krb5_keyblock *); + /* declared in krb.h */ int krb_ignore_ip_address = 0; @@ -162,14 +166,15 @@ krb_clear_key_krb5(ctx) * Mutual authentication is not implemented. */ -int KRB5_CALLCONV -krb_rd_req(authent, service, instance, from_addr, ad, fn) +static int +krb_rd_req_with_key(authent, service, instance, from_addr, ad, ks, k5key) register KTEXT authent; /* The received message */ char *service; /* Service name */ char *instance; /* Service instance */ unsigned KRB4_32 from_addr; /* Net address of originating host */ AUTH_DAT *ad; /* Structure to be filled in */ - char *fn; /* Filename to get keys from */ + Key_schedule ks; + krb5_keyblock *k5key; { KTEXT_ST ticket; /* Temp storage for ticket */ KTEXT tkt = &ticket; @@ -178,7 +183,6 @@ krb_rd_req(authent, service, instance, from_addr, ad, fn) char realm[REALM_SZ]; /* Realm of issuing kerberos */ Key_schedule seskey_sched; /* Key sched for session key */ - unsigned char skey[KKEY_SZ]; /* Session key from ticket */ char sname[SNAME_SZ]; /* Service name from ticket */ char iname[INST_SZ]; /* Instance name from ticket */ char r_aname[ANAME_SZ]; /* Client name from authenticator */ @@ -199,8 +203,6 @@ krb_rd_req(authent, service, instance, from_addr, ad, fn) Kerberos used to encrypt ticket */ int ret; int len; - krb5_keyblock keyblock; - int status; tkt->mbz = req_id->mbz = 0; @@ -248,49 +250,6 @@ krb_rd_req(authent, service, instance, from_addr, ad, fn) (void)memcpy(realm, ptr, (size_t)len); ptr += len; /* skip the realm "hint" */ - /* - * If "fn" is NULL, key info should already be set; don't - * bother with ticket file. Otherwise, check to see if we - * already have key info for the given server and key version - * (saved in the static st_* variables). If not, go get it - * from the ticket file. If "fn" is the null string, use the - * default ticket file. - */ - if (fn && (strcmp(st_nam,service) || strcmp(st_inst,instance) - || strcmp(st_rlm,realm) || (st_kvno != s_kvno))) { - if (*fn == 0) - fn = KEYFILE; - st_kvno = s_kvno; -#ifndef NOENCRYPTION - if (read_service_key(service,instance,realm, (int)s_kvno, - fn, (char *)skey) == 0) { - if ((status = krb_set_key((char *)skey,0))) - return(status); -#ifdef KRB4_USE_KEYTAB - } else if (krb54_get_service_keyblock(service, instance, - realm, (int)s_kvno, - fn, &keyblock) == 0) { - krb_set_key_krb5(krb5__krb4_context, &keyblock); - krb5_free_keyblock_contents(krb5__krb4_context, &keyblock); -#endif - } else - return RD_AP_UNDEC; -#endif /* !NOENCRYPTION */ - - len = krb4int_strnlen(realm, sizeof(st_rlm)) + 1; - if (len <= 0) - return KFAILURE; - memcpy(st_rlm, realm, (size_t)len); - len = krb4int_strnlen(service, sizeof(st_nam)) + 1; - if (len <= 0) - return KFAILURE; - memcpy(st_nam, service, (size_t)len); - len = krb4int_strnlen(instance, sizeof(st_inst)) + 1; - if (len <= 0) - return KFAILURE; - memcpy(st_inst, instance, (size_t)len); - } - /* Get ticket length */ tkt->length = *ptr++; /* Get authenticator length while we're at it. */ @@ -312,10 +271,10 @@ krb_rd_req(authent, service, instance, from_addr, ad, fn) /* Decrypt and take apart ticket */ #endif - if (!krb5_key) { + if (k5key == NULL) { if (decomp_ticket(tkt,&ad->k_flags,ad->pname,ad->pinst,ad->prealm, &(ad->address),ad->session, &(ad->life), - &(ad->time_sec),sname,iname,ky,serv_key)) { + &(ad->time_sec),sname,iname,ky,ks)) { #ifdef KRB_CRYPT_DEBUG log("Can't decode ticket"); #endif @@ -325,7 +284,7 @@ krb_rd_req(authent, service, instance, from_addr, ad, fn) if (decomp_tkt_krb5(tkt, &ad->k_flags, ad->pname, ad->pinst, ad->prealm, &ad->address, ad->session, &ad->life, &ad->time_sec, sname, iname, - &srv_k5key)) { + k5key)) { return RD_AP_UNDEC; } } @@ -471,3 +430,98 @@ cleanup: return RD_AP_OK; } + +int KRB5_CALLCONV +krb_rd_req_int(authent, service, instance, from_addr, ad, key) + KTEXT authent; /* The received message */ + char *service; /* Service name */ + char *instance; /* Service instance */ + KRB_UINT32 from_addr; /* Net address of originating host */ + AUTH_DAT *ad; /* Structure to be filled in */ + C_Block key; /* Key to decrypt ticket with */ +{ + Key_schedule ks; + int ret; + + do { + ret = des_key_sched(key, ks); + if (ret) break; + ret = krb_rd_req_with_key(authent, service, instance, + from_addr, ad, ks, NULL); + } while (0); + memset(ks, 0, sizeof(ks)); + return ret; +} + +int KRB5_CALLCONV +krb_rd_req(authent, service, instance, from_addr, ad, fn) + register KTEXT authent; /* The received message */ + char *service; /* Service name */ + char *instance; /* Service instance */ + unsigned KRB4_32 from_addr; /* Net address of originating host */ + AUTH_DAT *ad; /* Structure to be filled in */ + char *fn; /* Filename to get keys from */ +{ + unsigned char *ptr; + unsigned char s_kvno; + char realm[REALM_SZ]; + unsigned char skey[KKEY_SZ]; + krb5_keyblock keyblock; + int len; + int status; + +#define AUTHENT_REMAIN (authent->length - (ptr - authent->dat)) + if (authent->length < 3) + return RD_AP_MODIFIED; + ptr = authent->dat + 2; + s_kvno = *ptr++; /* get server key version */ + len = krb4int_strnlen((char *)ptr, AUTHENT_REMAIN) + 1; + if (len <= 0 || len > sizeof(realm)) + return RD_AP_MODIFIED; + (void)memcpy(realm, ptr, (size_t)len); +#undef AUTHENT_REMAIN + /* + * If "fn" is NULL, key info should already be set; don't + * bother with ticket file. Otherwise, check to see if we + * already have key info for the given server and key version + * (saved in the static st_* variables). If not, go get it + * from the ticket file. If "fn" is the null string, use the + * default ticket file. + */ + if (fn && (strcmp(st_nam,service) || strcmp(st_inst,instance) + || strcmp(st_rlm,realm) || (st_kvno != s_kvno))) { + if (*fn == 0) + fn = KEYFILE; + st_kvno = s_kvno; + if (read_service_key(service,instance,realm, (int)s_kvno, + fn, (char *)skey) == 0) { + if ((status = krb_set_key((char *)skey,0))) + return(status); +#ifdef KRB4_USE_KEYTAB + } else if (krb54_get_service_keyblock(service, instance, + realm, (int)s_kvno, + fn, &keyblock) == 0) { + krb_set_key_krb5(krb5__krb4_context, &keyblock); + krb5_free_keyblock_contents(krb5__krb4_context, &keyblock); +#endif + } else + return RD_AP_UNDEC; + + len = krb4int_strnlen(realm, sizeof(st_rlm)) + 1; + if (len <= 0) + return KFAILURE; + memcpy(st_rlm, realm, (size_t)len); + len = krb4int_strnlen(service, sizeof(st_nam)) + 1; + if (len <= 0) + return KFAILURE; + memcpy(st_nam, service, (size_t)len); + len = krb4int_strnlen(instance, sizeof(st_inst)) + 1; + if (len <= 0) + return KFAILURE; + memcpy(st_inst, instance, (size_t)len); + } + return krb_rd_req_with_key(authent, service, instance, + from_addr, ad, + krb5_key ? NULL : serv_key, + krb5_key ? &srv_k5key : NULL); +} diff --git a/src/lib/krb4/tf_util.c b/src/lib/krb4/tf_util.c index 5ceee51c2d..473c597ad3 100644 --- a/src/lib/krb4/tf_util.c +++ b/src/lib/krb4/tf_util.c @@ -689,8 +689,6 @@ tf_read(s, n) return n; } -char *tkt_string(); - /* * tf_save_cred() appends an incoming ticket to the end of the ticket * file. You must call tf_init() before calling tf_save_cred(). diff --git a/src/lib/krb4/tkt_string.c b/src/lib/krb4/tkt_string.c index 68ef84365e..36625fc0b1 100644 --- a/src/lib/krb4/tkt_string.c +++ b/src/lib/krb4/tkt_string.c @@ -1,14 +1,29 @@ /* * tkt_string.c * - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. + * Copyright 1985, 1986, 1987, 1988, 2002 by the Massachusetts + * Institute of Technology. All Rights Reserved. * - * For copying and distribution information, please see the file - * <mit-copyright.h>. + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. */ -#include "mit-copyright.h" #include "krb.h" #include <stdio.h> #include <string.h> @@ -44,7 +59,7 @@ uid_t getuid(void) { return 0; } static char krb_ticket_string[MAXPATHLEN]; -char *tkt_string() +const char *tkt_string() { char *env; uid_t getuid(); |