diff options
Diffstat (limited to 'src/krb524')
| -rw-r--r-- | src/krb524/.cvsignore | 1 | ||||
| -rw-r--r-- | src/krb524/ChangeLog | 8 | ||||
| -rw-r--r-- | src/krb524/Makefile.in | 70 | ||||
| -rw-r--r-- | src/krb524/cnv_tkt_skey.c | 31 | ||||
| -rw-r--r-- | src/krb524/configure.in | 15 | ||||
| -rw-r--r-- | src/krb524/conv_creds.c | 42 | ||||
| -rw-r--r-- | src/krb524/conv_princ.c | 21 | ||||
| -rw-r--r-- | src/krb524/conv_tkt.c | 12 | ||||
| -rw-r--r-- | src/krb524/encode.c | 25 | ||||
| -rw-r--r-- | src/krb524/getcred.c | 10 | ||||
| -rw-r--r-- | src/krb524/k524init.c | 68 | ||||
| -rw-r--r-- | src/krb524/krb524.h | 47 | ||||
| -rw-r--r-- | src/krb524/krb524d.c | 137 | ||||
| -rw-r--r-- | src/krb524/misc.c | 13 | ||||
| -rw-r--r-- | src/krb524/sendmsg.c | 20 | ||||
| -rw-r--r-- | src/krb524/test.c | 97 |
16 files changed, 436 insertions, 181 deletions
diff --git a/src/krb524/.cvsignore b/src/krb524/.cvsignore new file mode 100644 index 0000000000..e8c05a6b13 --- /dev/null +++ b/src/krb524/.cvsignore @@ -0,0 +1 @@ +configure diff --git a/src/krb524/ChangeLog b/src/krb524/ChangeLog index 2049b02aac..b5ffd7dfcf 100644 --- a/src/krb524/ChangeLog +++ b/src/krb524/ChangeLog @@ -1,3 +1,11 @@ +Mon Jun 5 22:25:33 1995 Theodore Y. Ts'o <tytso@dcl> + + * Makefile.in, cnv_tkt_skey.c, conv_creds.c, conv_princ.c, + conv_tkt.c, encode.c, getcred.c, k524init.c, krb524.h, + krb524d.c, misc.c, sendmsg.c, test.c, configure.in: + Updated to use autoconf, and to use the new Kerberos + library API. + Wed Mar 27 21:15:00 1995 Keith Vetter (keithv@fusion.com) * renamed conv_tkt_skey.c to cnv_tkt_skey.c for DOS 8.3 diff --git a/src/krb524/Makefile.in b/src/krb524/Makefile.in new file mode 100644 index 0000000000..f2a77f37f1 --- /dev/null +++ b/src/krb524/Makefile.in @@ -0,0 +1,70 @@ +# Copyright 1994 by OpenVision Technologies, Inc. +# +# Permission to use, copy, modify, distribute, and sell this software +# and its documentation for any purpose is hereby granted without fee, +# provided that the above copyright notice appears in all copies and +# that both that copyright notice and this permission notice appear in +# supporting documentation, and that the name of OpenVision not be used +# in advertising or publicity pertaining to distribution of the software +# without specific, written prior permission. OpenVision makes no +# representations about the suitability of this software for any +# purpose. It is provided "as is" without express or implied warranty. +# +# OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, +# INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO +# EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR +# CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF +# USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR +# OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. +# +# $Id$ + +CFLAGS = $(CCOPTS) -DUSE_MASTER $(DEFS) $(LOCALINCLUDE) +LDFLAGS = -g + +COMERRLIB=$(BUILDTOP)/util/et/libcom_err.a +DBMLIB= + +all:: + +KRB4_LIB = @KRB4_LIB@ + +KDBLIB=$(TOPLIBD)/libkdb5.a +KDBDEPLIB=$(TOPLIBD)/libkdb5.a + +KLIB = libkrb524.a $(TOPLIBD)/libkrb5.a $(KRB4_LIB) $(TOPLIBD)/libcrypto.a \ + $(COMERRLIB) $(DBMLIB) +DEPKLIB = libkrb524.a $(TOPLIBD)/libkrb5.a $(TOPLIBD)/libcrypto.a \ + $(COMERRLIB) $(DBMLIB) + +LOCALINCLUDE= -I$(SRCTOP)/include/kerberosIV -I$(BUILDTOP)/include/kerberosIV \ + -I. -I$(srcdir) + +# Library sources +SRCS = conv_creds.c conv_princ.c conv_tkt.c cnv_tkt_skey.c \ + encode.c misc.c globals.c sendmsg.c krb524_err.et +OBJS = conv_creds.o conv_princ.o conv_tkt.o cnv_tkt_skey.o \ + encode.o misc.o globals.o sendmsg.o krb524_err.o + +GENS = krb524_err.c krb524_err.h + +all:: $(GENS) libkrb524.a krb524d test k524init + +libkrb524.a: $(OBJS) + $(ARCHIVE) $@ $(OBJS) + $(RANLIB) $@ + +test: libkrb524.a test.o $(DEPKDBLIB) $(DEPKLIB) + $(CC) -o test $(LDFLAGS) test.o $(KDBLIB) $(KLIB) $(LIBS) + +krb524d: libkrb524.a krb524d.o $(DEPKDBLIB) $(DEPKLIB) + $(CC) -o krb524d krb524d.o $(LDFLAGS) $(KDBLIB) $(KLIB) $(LIBS) + +k524init: libkrb524.a k524init.o $(DEPKLIB) + $(CC) -o k524init $(LDFLAGS) k524init.o $(KLIB) $(LIBS) + +clean:: + -rm -f libkrb524.a $(OBJS) $(GENS) core *~ *.bak #* + -rm -f test krb524d k524init test.o krb524d.o k524init.o + diff --git a/src/krb524/cnv_tkt_skey.c b/src/krb524/cnv_tkt_skey.c index a91aa4cc1a..ea8d964b6e 100644 --- a/src/krb524/cnv_tkt_skey.c +++ b/src/krb524/cnv_tkt_skey.c @@ -20,35 +20,42 @@ * PERFORMANCE OF THIS SOFTWARE. */ -#include <stdio.h> #include "krb5.h" +#include <stdio.h> +#include <sys/types.h> +#include <sys/time.h> +#include <sys/socket.h> +#include <netinet/in.h> #include <krb.h> +#include <krb4-proto.h> #include "krb524.h" /* * Convert a v5 ticket for server to a v4 ticket, using service key * skey for both. */ -int krb524_convert_tkt_skey(krb5_ticket *v5tkt, KTEXT_ST *v4tkt, - krb5_keyblock *skey) +int krb524_convert_tkt_skey(context, v5tkt, v4tkt, skey) + krb5_context context; + krb5_ticket *v5tkt; + KTEXT_ST *v4tkt; + krb5_keyblock *skey; { char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ]; char sname[ANAME_SZ], sinst[INST_SZ]; krb5_enc_tkt_part *v5etkt; - krb5_data *comp; int ret, lifetime; v5tkt->enc_part2 = NULL; - if (ret = krb5_decrypt_tkt_part(skey, v5tkt)) { - krb5_free_ticket(v5tkt); + if ((ret = krb5_decrypt_tkt_part(context, skey, v5tkt))) { + krb5_free_ticket(context, v5tkt); return ret; } v5etkt = v5tkt->enc_part2; - if (ret = krb524_convert_princs(v5etkt->client, v5tkt->server, + if ((ret = krb524_convert_princs(context, v5etkt->client, v5tkt->server, pname, pinst, prealm, sname, - sinst)) { - krb5_free_enc_tkt_part(v5etkt); + sinst))) { + krb5_free_enc_tkt_part(context, v5etkt); v5tkt->enc_part2 = NULL; return ret; } @@ -60,7 +67,7 @@ int krb524_convert_tkt_skey(krb5_ticket *v5tkt, KTEXT_ST *v4tkt, "C_Block size %d\n", v5etkt->session->keytype, v5etkt->session->length, sizeof(C_Block)); - krb5_free_enc_tkt_part(v5etkt); + krb5_free_enc_tkt_part(context, v5etkt); v5tkt->enc_part2 = NULL; return KRB524_BADKEY; } @@ -79,7 +86,7 @@ int krb524_convert_tkt_skey(krb5_ticket *v5tkt, KTEXT_ST *v4tkt, v5etkt->caddrs[0]->addrtype != ADDRTYPE_INET) { if (krb524_debug) fprintf(stderr, "Invalid v5creds address information.\n"); - krb5_free_enc_tkt_part(v5etkt); + krb5_free_enc_tkt_part(context, v5etkt); v5tkt->enc_part2 = NULL; return KRB524_BADADDR; } @@ -105,7 +112,7 @@ int krb524_convert_tkt_skey(krb5_ticket *v5tkt, KTEXT_ST *v4tkt, sinst, skey->contents); - krb5_free_enc_tkt_part(v5etkt); + krb5_free_enc_tkt_part(context, v5etkt); v5tkt->enc_part2 = NULL; if (ret == KSUCCESS) return 0; diff --git a/src/krb524/configure.in b/src/krb524/configure.in new file mode 100644 index 0000000000..ad67949d7a --- /dev/null +++ b/src/krb524/configure.in @@ -0,0 +1,15 @@ +AC_INIT(krb524d.c) +WITH_CCOPTS +CONFIG_RULES +AC_SET_BUILDTOP +AC_PROG_ARCHIVE +AC_PROG_ARCHIVE_ADD +AC_PROG_RANLIB +AC_PROG_INSTALL +AC_TYPE_SIGNAL +WITH_NETLIB +WITH_KRB4 +KRB_INCLUDE +ET_RULES +WITH_KRB5ROOT +V5_AC_OUTPUT_MAKEFILE diff --git a/src/krb524/conv_creds.c b/src/krb524/conv_creds.c index ecb5a1bf67..9997dd2a02 100644 --- a/src/krb524/conv_creds.c +++ b/src/krb524/conv_creds.c @@ -20,21 +20,30 @@ * PERFORMANCE OF THIS SOFTWARE. */ +#include "krb5.h" #include <stdio.h> +#include <string.h> #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> -#include "krb5.h" #include <krb.h> #include "krb524.h" -int krb524_convert_creds_addr(krb5_creds *v5creds, CREDENTIALS *v4creds, - struct sockaddr *saddr) +int krb524_convert_creds_plain + PROTOTYPE((krb5_context context, krb5_creds *v5creds, + CREDENTIALS *v4creds)); + + +int krb524_convert_creds_addr(context, v5creds, v4creds, saddr) + krb5_context context; + krb5_creds *v5creds; + CREDENTIALS *v4creds; + struct sockaddr *saddr; { int ret; - if (ret = krb524_convert_creds_plain(v5creds, v4creds)) + if ((ret = krb524_convert_creds_plain(context, v5creds, v4creds))) return ret; return krb524_convert_tkt(v5creds->server, &v5creds->ticket, @@ -43,18 +52,22 @@ int krb524_convert_creds_addr(krb5_creds *v5creds, CREDENTIALS *v4creds, saddr); } -int krb524_convert_creds_kdc(krb5_creds *v5creds, CREDENTIALS *v4creds) +int krb524_convert_creds_kdc(context, v5creds, v4creds) + krb5_context context; + krb5_creds *v5creds; + CREDENTIALS *v4creds; { struct sockaddr_in *addrs; int ret, naddrs; - if (ret = krb5_locate_kdc(&v5creds->server->realm, &addrs, &naddrs)) + if ((ret = krb5_locate_kdc(context, &v5creds->server->realm, &addrs, + &naddrs))) return ret; if (naddrs == 0) ret = KRB5_KDC_UNREACH; else { addrs[0].sin_port = 0; /* use krb524 default port */ - ret = krb524_convert_creds_addr(v5creds, v4creds, + ret = krb524_convert_creds_addr(context, v5creds, v4creds, (struct sockaddr *) &addrs[0]); } @@ -62,18 +75,21 @@ int krb524_convert_creds_kdc(krb5_creds *v5creds, CREDENTIALS *v4creds) return ret; } -int krb524_convert_creds_plain(krb5_creds *v5creds, CREDENTIALS *v4creds) +int krb524_convert_creds_plain(context, v5creds, v4creds) + krb5_context context; + krb5_creds *v5creds; + CREDENTIALS *v4creds; { unsigned long addr; - krb5_data *comp; int ret; memset((char *) v4creds, 0, sizeof(CREDENTIALS)); - if (ret = krb524_convert_princs(v5creds->client, v5creds->server, - v4creds->pname, v4creds->pinst, - v4creds->realm, v4creds->service, - v4creds->instance)) + if ((ret = krb524_convert_princs(context, v5creds->client, + v5creds->server, + v4creds->pname, v4creds->pinst, + v4creds->realm, v4creds->service, + v4creds->instance))) return ret; /* Check keytype too */ diff --git a/src/krb524/conv_princ.c b/src/krb524/conv_princ.c index 62a47b36ee..eea4fa09e9 100644 --- a/src/krb524/conv_princ.c +++ b/src/krb524/conv_princ.c @@ -20,21 +20,30 @@ * PERFORMANCE OF THIS SOFTWARE. */ -#include <stdio.h> #include "krb5.h" +#include <stdio.h> +#include <sys/types.h> +#include <sys/time.h> +#include <sys/socket.h> +#include <sys/signal.h> +#include <netinet/in.h> + #include <krb.h> #include "krb524.h" -int krb524_convert_princs(krb5_principal client, krb5_principal - server, char *pname, char *pinst, char - *prealm, char *sname, char *sinst) +int krb524_convert_princs(context, client, server, pname, pinst, prealm, + sname, sinst) + krb5_context context; + krb5_principal client, server; + char *pname, *pinst, *prealm, *sname, *sinst; { char dummy[REALM_SZ]; int ret; - if (ret = krb5_524_conv_principal(client, pname, pinst, prealm)) + if ((ret = krb5_524_conv_principal(context, client, pname, pinst, + prealm))) return ret; - return krb5_524_conv_principal(server, sname, sinst, dummy); + return krb5_524_conv_principal(context, server, sname, sinst, dummy); } diff --git a/src/krb524/conv_tkt.c b/src/krb524/conv_tkt.c index f84ee3558b..be0d055f7d 100644 --- a/src/krb524/conv_tkt.c +++ b/src/krb524/conv_tkt.c @@ -34,10 +34,12 @@ * krb524_convert_tkt. Open a network connection to krb524d, send it * the V5 ticket, receive the V4 ticket in response. */ -int krb524_convert_tkt(krb5_principal server, krb5_data *v5tkt, - KTEXT_ST *v4tkt, - int *kvno, - struct sockaddr_in *saddr) +int krb524_convert_tkt(server, v5tkt, v4tkt, kvno, saddr) + krb5_principal server; + krb5_data *v5tkt; + KTEXT_ST *v4tkt; + int *kvno; + struct sockaddr_in *saddr; { char *p; krb5_data reply; @@ -54,7 +56,7 @@ int krb524_convert_tkt(krb5_principal server, krb5_data *v5tkt, saddr->sin_port = htons(KRB524_PORT); } - if (ret = krb524_send_message(saddr, v5tkt, &reply)) + if ((ret = krb524_send_message((struct sockaddr *) saddr, v5tkt, &reply))) goto fail; p = reply.data; diff --git a/src/krb524/encode.c b/src/krb524/encode.c index 243f2e1b56..871cf9f053 100644 --- a/src/krb524/encode.c +++ b/src/krb524/encode.c @@ -20,8 +20,16 @@ * PERFORMANCE OF THIS SOFTWARE. */ -#include <stdio.h> #include "krb5.h" +#include <stdio.h> +#include <string.h> +#include <signal.h> +#include <sys/types.h> +#include <sys/time.h> +#include <sys/socket.h> +#include <sys/signal.h> +#include <netinet/in.h> + #include <krb.h> #include "krb524.h" @@ -52,7 +60,6 @@ int encode_bytes(char **out, int *outlen, char *in, int len) int encode_int32(char **out, int *outlen, krb5_int32 *v) { - int ret; int nv; nv = htonl(*v); @@ -65,11 +72,11 @@ int encode_v4tkt(KTEXT_ST *v4tkt, char *buf, int *encoded_len) buflen = *encoded_len; - if (ret = encode_int32(&buf, &buflen, &v4tkt->length)) + if ((ret = encode_int32(&buf, &buflen, &v4tkt->length))) return ret; - if (ret = encode_bytes(&buf, &buflen, v4tkt->dat, MAX_KTXT_LEN)) + if ((ret = encode_bytes(&buf, &buflen, v4tkt->dat, MAX_KTXT_LEN))) return ret; - if (ret = encode_int32(&buf, &buflen, &v4tkt->mbz)) + if ((ret = encode_int32(&buf, &buflen, &v4tkt->mbz))) return ret; *encoded_len -= buflen; @@ -93,7 +100,7 @@ int decode_int32(char **out, int *outlen, krb5_int32 *v) int ret; int nv; - if (ret = decode_bytes(out, outlen, (char *) &nv, sizeof(nv))) + if ((ret = decode_bytes(out, outlen, (char *) &nv, sizeof(nv)))) return ret; *v = ntohl(nv); return 0; @@ -104,11 +111,11 @@ int decode_v4tkt(KTEXT_ST *v4tkt, char *buf, int *encoded_len) int buflen, ret; buflen = *encoded_len; - if (ret = decode_int32(&buf, &buflen, &v4tkt->length)) + if ((ret = decode_int32(&buf, &buflen, &v4tkt->length))) return ret; - if (ret = decode_bytes(&buf, &buflen, v4tkt->dat, MAX_KTXT_LEN)) + if ((ret = decode_bytes(&buf, &buflen, v4tkt->dat, MAX_KTXT_LEN))) return ret; - if (ret = decode_int32(&buf, &buflen, &v4tkt->mbz)) + if ((ret = decode_int32(&buf, &buflen, &v4tkt->mbz))) return ret; *encoded_len -= buflen; return 0; diff --git a/src/krb524/getcred.c b/src/krb524/getcred.c index 4cdef1af0b..a896381e87 100644 --- a/src/krb524/getcred.c +++ b/src/krb524/getcred.c @@ -31,8 +31,10 @@ main(int argc, char **argv) krb5_creds v5creds; CREDENTIALS v4creds; int i, ret; - - krb524_init_ets(); + krb5_context context; + + krb5_init_context(&context); + krb524_init_ets(context); if (ret = krb5_parse_name(argv[1], &client)) { com_err("getcred", ret, "parsing client name"); @@ -52,12 +54,12 @@ main(int argc, char **argv) v5creds.server = server; v5creds.times.endtime = 0; v5creds.keyblock.keytype = KEYTYPE_DES; - if (ret = krb5_get_credentials(0, cc, &v5creds)) { + if (ret = krb5_get_credentials(context, 0, cc, &v5creds)) { com_err("getcred", ret, "getting V5 credentials"); exit(1); } - if (ret = krb524_convert_creds_kdc(&v5creds, &v4creds)) { + if (ret = krb524_convert_creds_kdc(context, &v5creds, &v4creds)) { com_err("getcred", ret, "converting to V4 credentials"); exit(1); } diff --git a/src/krb524/k524init.c b/src/krb524/k524init.c index 44c50fac46..86d08b9801 100644 --- a/src/krb524/k524init.c +++ b/src/krb524/k524init.c @@ -20,26 +20,41 @@ * PERFORMANCE OF THIS SOFTWARE. */ -#include <stdio.h> #include "krb5.h" +#include "com_err.h" + +#include <stdio.h> +#include <string.h> +#include <signal.h> +#include <sys/types.h> +#include <sys/time.h> +#include <sys/socket.h> +#include <sys/signal.h> +#include <netinet/in.h> + #include <krb.h> +#include <krb4-proto.h> +#include "krb524.h" extern int optind; extern char *optarg; -main(int argc, char **argv) +int main(int argc, char **argv) { krb5_principal client, server; krb5_ccache cc; - krb5_creds v5creds; + krb5_creds increds, *v5creds; CREDENTIALS v4creds; int code; int option; char *princ = NULL; int nodelete = 0; int lose = 0; + krb5_context context; + + krb5_init_context(&context); - while((option = getopt(argc, argv, "p:n")) != EOF) { + while(((option = getopt(argc, argv, "p:n")) != EOF)) { switch(option) { case 'p': princ = optarg; @@ -58,46 +73,46 @@ main(int argc, char **argv) exit(1); } - krb524_init_ets(); + krb524_init_ets(context); - if (code = krb5_cc_default(&cc)) { + if ((code = krb5_cc_default(context, &cc))) { com_err("k524init", code, "opening default credentials cache"); exit(1); } - if (code = krb5_cc_get_principal(cc, &client)) { + if ((code = krb5_cc_get_principal(context, cc, &client))) { com_err("k524init", code, "while retrieving user principal name"); exit(1); } if (princ) { - if (code = krb5_parse_name(princ, &server)) { + if ((code = krb5_parse_name(context, princ, &server))) { com_err("k524init", code, "while parsing service principal name"); exit(1); } } else { - if (code = krb5_build_principal(&server, - krb5_princ_realm(client)->length, - krb5_princ_realm(client)->data, - "krbtgt", - krb5_princ_realm(client)->data, - NULL)) { + if ((code = krb5_build_principal(context, &server, + krb5_princ_realm(context, client)->length, + krb5_princ_realm(context, client)->data, + "krbtgt", + krb5_princ_realm(context, client)->data, + NULL))) { com_err("k524init", code, "while creating service principal name"); exit(1); } } - memset((char *) &v5creds, 0, sizeof(v5creds)); - v5creds.client = client; - v5creds.server = server; - v5creds.times.endtime = 0; - v5creds.keyblock.keytype = KEYTYPE_DES; - if (code = krb5_get_credentials(0, cc, &v5creds)) { + memset((char *) &increds, 0, sizeof(increds)); + increds.client = client; + increds.server = server; + increds.times.endtime = 0; + increds.keyblock.keytype = KEYTYPE_DES; + if ((code = krb5_get_credentials(context, 0, cc, &increds, &v5creds))) { com_err("k524init", code, "getting V5 credentials"); exit(1); } - if (code = krb524_convert_creds_kdc(&v5creds, &v4creds)) { + if ((code = krb524_convert_creds_kdc(context, v5creds, &v4creds))) { com_err("k524init", code, "converting to V4 credentials"); exit(1); } @@ -106,17 +121,18 @@ main(int argc, char **argv) if (!nodelete) { /* initialize ticket cache */ - if (code = in_tkt(v4creds.pname,v4creds.pinst) != KSUCCESS) { + if ((code = in_tkt(v4creds.pname,v4creds.pinst) != KSUCCESS)) { com_err("k524init", code, "trying to create the V4 ticket file"); exit(1); } } /* stash ticket, session key, etc. for future use */ - if (code = save_credentials(v4creds.service, v4creds.instance, - v4creds.realm, v4creds.session, - v4creds.lifetime, v4creds.kvno, - &(v4creds.ticket_st), v4creds.issue_date)) { + if ((code = krb_save_credentials(v4creds.service, v4creds.instance, + v4creds.realm, v4creds.session, + v4creds.lifetime, v4creds.kvno, + &(v4creds.ticket_st), + v4creds.issue_date))) { com_err("k524init", code, "trying to save the V4 ticket"); exit(1); } diff --git a/src/krb524/krb524.h b/src/krb524/krb524.h index d4c214089a..8eee85cec0 100644 --- a/src/krb524/krb524.h +++ b/src/krb524/krb524.h @@ -30,4 +30,51 @@ extern int krb524_debug; +int krb524_convert_tkt_skey + PROTOTYPE((krb5_context context, krb5_ticket *v5tkt, KTEXT_ST *v4tkt, + krb5_keyblock *skey)); + +/* conv_princ.c */ + +int krb524_convert_princs + PROTOTYPE((krb5_context context, krb5_principal client, + krb5_principal server, char *pname, + char *pinst, char *prealm, char *sname, char *sinst)); + +/* conv_creds.c */ + +int krb524_convert_creds_addr + PROTOTYPE((krb5_context context, krb5_creds *v5creds, + CREDENTIALS *v4creds, struct sockaddr *saddr)); + +int krb524_convert_creds_kdc + PROTOTYPE((krb5_context context, krb5_creds *v5creds, + CREDENTIALS *v4creds)); + +/* conv_tkt.c */ + +int krb524_convert_tkt + PROTOTYPE((krb5_principal server, krb5_data *v5tkt, KTEXT_ST *v4tkt, + int *kvno, struct sockaddr_in *saddr)); + +/* encode.c */ + +int encode_v4tkt + PROTOTYPE((KTEXT_ST *v4tkt, char *buf, int *encoded_len)); + +int decode_v4tkt + PROTOTYPE((KTEXT_ST *v4tkt, char *buf, int *encoded_len)); + + +/* misc.c */ + +void krb524_init_ets + PROTOTYPE((krb5_context context)); + +/* sendmsg.c */ + +int krb524_send_message + PROTOTYPE((const struct sockaddr * addr, const krb5_data * message, + krb5_data * reply)); + #endif /* __KRB524_H__ */ diff --git a/src/krb524/krb524d.c b/src/krb524/krb524d.c index cdf368b079..4d411f5c1c 100644 --- a/src/krb524/krb524d.c +++ b/src/krb524/krb524d.c @@ -20,8 +20,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ +#include "k5-int.h" +#include "com_err.h" + #include <stdio.h> #include <string.h> +#include <signal.h> #include <sys/types.h> #include <sys/time.h> #include <sys/socket.h> @@ -29,7 +33,7 @@ #include <netinet/in.h> #include <netdb.h> -#include "k5-int.h" +#include "adm.h" #include <krb.h> #include "krb524.h" @@ -50,36 +54,38 @@ krb5_principal master_princ; krb5_encrypt_block master_encblock; krb5_keyblock master_keyblock; -void init_keytab(), init_master(); +void init_keytab(), init_master(), cleanup_and_exit(); krb5_error_code do_connection(), lookup_service_key(), kdc_get_server_key(); void usage() { fprintf(stderr, "Usage: %s [-m[aster]] [-k[eytab]]\n", whoami); - cleanup_and_exit(1); + cleanup_and_exit(1, NULL); } -int request_exit() +RETSIGTYPE request_exit() { signalled = 1; } -int krb5_free_keyblock_contents(krb5_keyblock *key) +int krb5_free_keyblock_contents(krb5_context context, krb5_keyblock *key) { memset(key->contents, 0, key->length); krb5_xfree(key->contents); return 0; } -main(int argc, char **argv) +int main(int argc, char **argv) { struct servent *serv; struct sockaddr_in saddr; struct timeval timeout; - int ret, s, conn; + int ret, s; fd_set rfds; + krb5_context context; - krb5_init_ets(); + krb5_init_context(&context); + krb524_init_ets(context); whoami = ((whoami = strrchr(argv[0], '/')) ? whoami + 1 : argv[0]); @@ -103,9 +109,9 @@ main(int argc, char **argv) signal(SIGTERM, request_exit); if (use_keytab) - init_keytab(); + init_keytab(context); if (use_master) - init_master(); + init_master(context); memset((char *) &saddr, 0, sizeof(struct sockaddr_in)); saddr.sin_family = AF_INET; @@ -119,12 +125,12 @@ main(int argc, char **argv) if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { com_err(whoami, errno, "creating main socket"); - cleanup_and_exit(1); + cleanup_and_exit(1, context); } if ((ret = bind(s, (struct sockaddr *) &saddr, sizeof(struct sockaddr_in))) < 0) { com_err(whoami, errno, "binding main socket"); - cleanup_and_exit(1); + cleanup_and_exit(1, context); } timeout.tv_sec = TIMEOUT; @@ -135,100 +141,107 @@ main(int argc, char **argv) ret = select(s+1, &rfds, NULL, NULL, &timeout); if (signalled) - cleanup_and_exit(0); + cleanup_and_exit(0, context); else if (ret == 0) { if (use_master) { - ret = krb5_dbm_db_fini(); + ret = krb5_db_fini(context); if (ret && ret != KRB5_KDB_DBNOTINITED) { com_err(whoami, ret, "closing kerberos database"); - cleanup_and_exit(1); + cleanup_and_exit(1, context); } } } else if (ret < 0 && errno != EINTR) { com_err(whoami, errno, "in select"); - cleanup_and_exit(1); + cleanup_and_exit(1, context); } else if (FD_ISSET(s, &rfds)) { if (debug) printf("received packet\n"); - if (ret = do_connection(s)) { + if ((ret = do_connection(s, context))) { com_err(whoami, ret, "handling packet"); } } else com_err(whoami, 0, "impossible situation occurred!"); } - return cleanup_and_exit(0); + cleanup_and_exit(0, context); } -int cleanup_and_exit(int ret) +void cleanup_and_exit(ret, context) + int ret; + krb5_context context; { if (use_master) { - krb5_finish_key(&master_encblock); + krb5_finish_key(context, &master_encblock); memset((char *)&master_encblock, 0, sizeof(master_encblock)); - (void) krb5_db_fini(); + (void) krb5_db_fini(context); } exit(ret); } -void init_keytab() +void init_keytab(context) + krb5_context context; { int ret; if (keytab == NULL) { - if (ret = krb5_kt_default(&kt)) { + if ((ret = krb5_kt_default(context, &kt))) { com_err(whoami, ret, "while opening default keytab"); - cleanup_and_exit(1); + cleanup_and_exit(1, context); } } else { - if (ret = krb5_kt_resolve(keytab, &kt)) { + if ((ret = krb5_kt_resolve(context, keytab, &kt))) { com_err(whoami, ret, "while resolving keytab %s", keytab); - cleanup_and_exit(1); + cleanup_and_exit(1, context); } } } -void init_master() +void init_master(context) + krb5_context context; { int ret; char *realm; - if (ret = krb5_get_default_realm(&realm)) { + if ((ret = krb5_get_default_realm(context, &realm))) { com_err(whoami, ret, "getting default realm"); - cleanup_and_exit(1); + cleanup_and_exit(1, context); } - if (ret = krb5_db_setup_mkey_name(NULL, realm, (char **) 0, - &master_princ)) { + if ((ret = krb5_db_setup_mkey_name(context, NULL, realm, (char **) 0, + &master_princ))) { com_err(whoami, ret, "while setting up master key name"); - cleanup_and_exit(1); + cleanup_and_exit(1, context); } #ifdef PROVIDE_DES_CBC_CRC - master_encblock.crypto_entry = &mit_des_cryptosystem_entry; + krb5_use_cstype(context, &master_encblock, ETYPE_DES_CBC_CRC); #else error(You gotta figure out what cryptosystem to use in the KDC); #endif master_keyblock.keytype = KEYTYPE_DES; - if (ret = krb5_db_fetch_mkey(master_princ, &master_encblock, + if ((ret = krb5_db_fetch_mkey(context, master_princ, &master_encblock, FALSE, /* non-manual type-in */ FALSE, /* irrelevant, given prev. arg */ - 0, &master_keyblock)) { + 0, &master_keyblock))) { com_err(whoami, ret, "while fetching master key"); - cleanup_and_exit(1); + cleanup_and_exit(1, context); } - if (ret = krb5_db_init()) { + if ((ret = krb5_db_init(context))) { com_err(whoami, ret, "while initializing master database"); - cleanup_and_exit(1); + cleanup_and_exit(1, context); } - if (ret = krb5_process_key(&master_encblock, &master_keyblock)) { - krb5_db_fini(); + if ((ret = krb5_process_key(context, &master_encblock, + &master_keyblock))) { + krb5_db_fini(context); com_err(whoami, ret, "while processing master key"); - cleanup_and_exit(1); + cleanup_and_exit(1, context); } } -krb5_error_code do_connection(int s) +krb5_error_code do_connection(s, context) + int s; + krb5_context context; { struct sockaddr saddr; krb5_ticket *v5tkt; @@ -250,21 +263,24 @@ krb5_error_code do_connection(int s) if (debug) printf("message received\n"); - if (ret = decode_krb5_ticket(&msgdata, &v5tkt)) + if ((ret = decode_krb5_ticket(&msgdata, &v5tkt))) goto error; if (debug) printf("V5 ticket decoded\n"); - if (ret = lookup_service_key(v5tkt->server, &service_key)) + /* XXX KEYTYPE_DES shouldn't be hardcoded here. Should be + derived from the ticket. */ + if ((ret = lookup_service_key(context, v5tkt->server, KEYTYPE_DES, + &service_key))) goto error; if (debug) printf("service key retrieved\n"); - ret = krb524_convert_tkt_skey(v5tkt, &v4tkt, &service_key); + ret = krb524_convert_tkt_skey(context, v5tkt, &v4tkt, &service_key); if (ret) goto error; - krb5_free_keyblock_contents(&service_key); - krb5_free_ticket(v5tkt); + krb5_free_keyblock_contents(context, &service_key); + krb5_free_ticket(context, v5tkt); if (debug) printf("credentials converted\n"); @@ -310,25 +326,31 @@ write_msg: return ret; } -krb5_error_code lookup_service_key(krb5_principal p, krb5_keyblock *key) +krb5_error_code lookup_service_key(context, p, ktype, key) + krb5_context context; + krb5_principal p; + krb5_keytype ktype; + krb5_keyblock *key; { int ret; krb5_keytab_entry entry; if (use_keytab) { - if (ret = krb5_kt_get_entry(kt, p, 0, &entry)) + if ((ret = krb5_kt_get_entry(context, kt, p, 0, ktype, &entry))) return ret; memcpy(key, (char *) &entry.key, sizeof(krb5_keyblock)); return 0; } else if (use_master) { - if (ret = krb5_dbm_db_init()) + if ((ret = krb5_db_init(context))) return ret; - return kdc_get_server_key(p, key, NULL); + return kdc_get_server_key(context, p, key, NULL); } + return 0; } /* taken from kdc/kdc_util.c, and modified somewhat */ -krb5_error_code kdc_get_server_key(service, key, kvno) +krb5_error_code kdc_get_server_key(context, service, key, kvno) + krb5_context context; krb5_principal service; krb5_keyblock *key; krb5_kvno *kvno; @@ -339,14 +361,14 @@ krb5_error_code kdc_get_server_key(service, key, kvno) krb5_boolean more; nprincs = 1; - if (ret = krb5_db_get_principal(service, &server, &nprincs, &more)) + if ((ret = krb5_db_get_principal(context, service, &server, &nprincs, &more))) return(ret); if (more) { - krb5_db_free_principal(&server, nprincs); + krb5_db_free_principal(context, &server, nprincs); return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE); } else if (nprincs != 1) { - krb5_db_free_principal(&server, nprincs); + krb5_db_free_principal(context, &server, nprincs); return(KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN); } @@ -354,9 +376,10 @@ krb5_error_code kdc_get_server_key(service, key, kvno) * convert server.key into a real key (it is encrypted in the * database) */ - ret = KDB_CONVERT_KEY_OUTOF_DB(&server.key, key); + ret = KDB_CONVERT_KEY_OUTOF_DB(context, &server.key, key); if (kvno) *kvno = server.kvno; - krb5_db_free_principal(&server, nprincs); + krb5_db_free_principal(context, &server, nprincs); return ret; } + diff --git a/src/krb524/misc.c b/src/krb524/misc.c index ec1b60c3e6..ad69cf683a 100644 --- a/src/krb524/misc.c +++ b/src/krb524/misc.c @@ -20,11 +20,20 @@ * PERFORMANCE OF THIS SOFTWARE. */ +#include <krb5.h> #include <stdio.h> +#include <sys/types.h> +#include <sys/time.h> +#include <sys/socket.h> +#include <sys/signal.h> +#include <netinet/in.h> + +#include <krb.h> #include "krb524.h" -void krb524_init_ets() +void krb524_init_ets(context) + krb5_context context; { - krb5_init_ets(); + krb5_init_ets(context); initialize_k524_error_table(); } diff --git a/src/krb524/sendmsg.c b/src/krb524/sendmsg.c index b8b380d578..d313674e9b 100644 --- a/src/krb524/sendmsg.c +++ b/src/krb524/sendmsg.c @@ -24,14 +24,19 @@ #include "krb5.h" +#include <unistd.h> +#include <stdlib.h> +#include <string.h> #include <sys/types.h> #include <sys/socket.h> #include <sys/time.h> +#include <netinet/in.h> #ifdef _AIX #include <sys/select.h> #endif +#include <krb.h> #include "krb524.h" /* @@ -50,12 +55,15 @@ extern int krb5_max_skdc_timeout; extern int krb5_skdc_timeout_shift; extern int krb5_skdc_timeout_1; -int krb524_send_message (DECLARG(const struct sock addr *, addr), - DECLARG(const krb5_data *, message), - DECLARG(krb5_data *, reply)) - OLDDECLARG(const struct sockaddr *, addr) - OLDDECLARG(const krb5_data *, message) - OLDDECLARG(krb5_data *, reply) +int krb524_send_message + PROTOTYPE((const struct sockaddr * addr, const krb5_data * message, + krb5_data * reply)); + + +int krb524_send_message (addr, message, reply) + const struct sockaddr * addr; + const krb5_data * message; + krb5_data * reply; { register int timeout; int nready, received; diff --git a/src/krb524/test.c b/src/krb524/test.c index 702037e489..e6d8744c57 100644 --- a/src/krb524/test.c +++ b/src/krb524/test.c @@ -20,6 +20,8 @@ * PERFORMANCE OF THIS SOFTWARE. */ +#include "k5-int.h" + #include <stdio.h> #include <time.h> #include <sys/types.h> @@ -29,8 +31,9 @@ #include <des.h> #include <krb.h> -#include "k5-int.h" +#include <krb4-proto.h> #include "krb524.h" +#include "com_err.h" #define KEYSIZE 8 #define CRED_BUFSIZ 2048 @@ -38,7 +41,7 @@ #define krb5_print_addrs void do_local(krb5_creds *, krb5_keyblock *), - do_remote(krb5_creds *, char *, krb5_keyblock *); + do_remote(krb5_context, krb5_creds *, char *, krb5_keyblock *); void print_key(char *msg, char *key) { @@ -49,15 +52,19 @@ void print_key(char *msg, char *key) void print_time(char *msg, int t) { - printf("%s: %d, %s", msg, t, ctime(&t)); + printf("%s: %d, %s", msg, t, ctime((time_t *) &t)); } void krb5_print_times(char *msg, krb5_ticket_times *t) { - printf("%s: Start: %d, %s", msg, t->starttime, ctime(&t->starttime)); - printf("%s: End: %d, %s", msg, t->endtime, ctime(&t->endtime)); - printf("%s: Auth: %d, %s", msg, t->authtime, ctime(&t->authtime)); - printf("%s: Renew: %d, %s", msg, t->renew_till, ctime(&t->renew_till)); + printf("%s: Start: %d, %s", msg, t->starttime, + ctime((time_t *) &t->starttime)); + printf("%s: End: %d, %s", msg, t->endtime, + ctime((time_t *) &t->endtime)); + printf("%s: Auth: %d, %s", msg, t->authtime, + ctime((time_t *) &t->authtime)); + printf("%s: Renew: %d, %s", msg, t->renew_till, + ctime((time_t *) &t->renew_till)); } void krb5_print_keyblock(char *msg, krb5_keyblock *key) @@ -69,22 +76,23 @@ void krb5_print_keyblock(char *msg, krb5_keyblock *key) printf("\n"); } -void krb5_print_ticket(krb5_data *ticket_data, krb5_keyblock *key) +void krb5_print_ticket(krb5_context context, krb5_data *ticket_data, + krb5_keyblock *key) { char *p; krb5_ticket *tkt; int ret; - if (ret = decode_krb5_ticket(ticket_data, &tkt)) { + if ((ret = decode_krb5_ticket(ticket_data, &tkt))) { com_err("test", ret, "decoding ticket"); exit(1); } - if (ret = krb5_decrypt_tkt_part(key, tkt)) { + if ((ret = krb5_decrypt_tkt_part(context, key, tkt))) { com_err("test", ret, "decrypting V5 ticket for print"); exit(1); } - krb5_unparse_name(tkt->server, &p); + krb5_unparse_name(context, tkt->server, &p); printf("Ticket: Server: %s\n", p); free(p); printf("Ticket: EType: %d\n", tkt->enc_part.etype); @@ -92,24 +100,25 @@ void krb5_print_ticket(krb5_data *ticket_data, krb5_keyblock *key) printf("Ticket: Flags: 0x%08x\n", tkt->enc_part2->flags); krb5_print_keyblock("Ticket: Session Keyblock", tkt->enc_part2->session); - krb5_unparse_name(tkt->enc_part2->client, &p); + krb5_unparse_name(context, tkt->enc_part2->client, &p); printf("Ticket: Client: %s\n", p); free(p); krb5_print_times("Ticket: Times", &tkt->enc_part2->times); - printf("Ticket: Address 0: %08x\n", + printf("Ticket: Address 0: %08lx\n", *((unsigned long *) tkt->enc_part2->caddrs[0]->contents)); - krb5_free_ticket(tkt); + krb5_free_ticket(context, tkt); } -void krb5_print_creds(krb5_creds *creds, krb5_keyblock *secret_key) +void krb5_print_creds(krb5_context context, krb5_creds *creds, + krb5_keyblock *secret_key) { - char *p, buf[BUFSIZ]; + char *p; - krb5_unparse_name(creds->client, &p); + krb5_unparse_name(context, creds->client, &p); printf("Client: %s\n", p); free(p); - krb5_unparse_name(creds->server, &p); + krb5_unparse_name(context, creds->server, &p); printf("Server: %s\n", p); free(p); krb5_print_keyblock("Session key", &creds->keyblock); @@ -117,8 +126,8 @@ void krb5_print_creds(krb5_creds *creds, krb5_keyblock *secret_key) printf("is_skey: %s\n", creds->is_skey ? "True" : "False"); printf("Flags: 0x%08x\n", creds->ticket_flags); krb5_print_addrs(creds->addresses); - krb5_print_ticket(&creds->ticket, secret_key); - /* krb5_print_ticket(&creds->second_ticket, secret_key); */ + krb5_print_ticket(context, &creds->ticket, secret_key); + /* krb5_print_ticket(context, &creds->second_ticket, secret_key); */ } void krb4_print_ticket(KTEXT ticket, krb5_keyblock *secret_key) @@ -146,11 +155,11 @@ void krb4_print_ticket(KTEXT ticket, krb5_keyblock *secret_key) exit(1); } printf("Ticket: Client: %s.%s@%s\n", pname, pinst, prealm); - printf("Ticket: Service: %s.%s%\n", sname, sinst); - printf("Ticket: Address: %08x\n", addr); + printf("Ticket: Service: %s.%s\n", sname, sinst); + printf("Ticket: Address: %08lx\n", addr); print_key("Ticket: Session Key", session_key); printf("Ticket: Lifetime: %d\n", life); - printf("Ticket: Issue Date: %d, %s", issue_time, ctime(&issue_time)); + printf("Ticket: Issue Date: %ld, %s", issue_time, ctime(&issue_time)); } void krb4_print_creds(CREDENTIALS *creds, krb5_keyblock *secret_key) @@ -166,25 +175,28 @@ void krb4_print_creds(CREDENTIALS *creds, krb5_keyblock *secret_key) krb4_print_ticket(&creds->ticket_st, secret_key); } -usage() +void usage() { fprintf(stderr, "Usage: test [-remote server] client service\n"); exit(1); } -main(int argc, char **argv) +int main(int argc, char **argv) { krb5_principal client, server; krb5_ccache cc; - krb5_creds v5creds; + krb5_creds increds, *v5creds; krb5_keyblock key; char keybuf[KEYSIZE], buf[BUFSIZ]; int i, ret, local; char *remote; + krb5_context context; krb524_debug = 1; - krb524_init_ets(); + krb5_init_context(&context); + + krb524_init_ets(context); local = 0; remote = NULL; @@ -205,25 +217,25 @@ main(int argc, char **argv) if (argc != 2) usage(); - if (ret = krb5_parse_name(argv[0], &client)) { + if ((ret = krb5_parse_name(context, argv[0], &client))) { com_err("test", ret, "parsing client name"); exit(1); } - if (ret = krb5_parse_name(argv[1], &server)) { + if ((ret = krb5_parse_name(context, argv[1], &server))) { com_err("test", ret, "parsing server name"); exit(1); } - if (ret = krb5_cc_default(&cc)) { + if ((ret = krb5_cc_default(context, &cc))) { com_err("test", ret, "opening default credentials cache"); exit(1); } - memset((char *) &v5creds, 0, sizeof(v5creds)); - v5creds.client = client; - v5creds.server = server; - v5creds.times.endtime = 0; - v5creds.keyblock.keytype = KEYTYPE_DES; - if (ret = krb5_get_credentials(0, cc, &v5creds)) { + memset((char *) &increds, 0, sizeof(increds)); + increds.client = client; + increds.server = server; + increds.times.endtime = 0; + increds.keyblock.keytype = KEYTYPE_DES; + if ((ret = krb5_get_credentials(context, 0, cc, &increds, &v5creds))) { com_err("test", ret, "getting V5 credentials"); exit(1); } @@ -253,10 +265,12 @@ main(int argc, char **argv) key.length = KEYSIZE; /* presumably */ key.contents = keybuf; - do_remote(&v5creds, remote, &key); + do_remote(context, v5creds, remote, &key); + exit(0); } -void do_remote(krb5_creds *v5creds, char *server, krb5_keyblock *key) +void do_remote(krb5_context context, krb5_creds *v5creds, char *server, + krb5_keyblock *key) { struct sockaddr_in saddr; struct hostent *hp; @@ -264,7 +278,7 @@ void do_remote(krb5_creds *v5creds, char *server, krb5_keyblock *key) int ret; printf("\nV5 credentials:\n"); - krb5_print_creds(v5creds, key); + krb5_print_creds(context, v5creds, key); if (strcmp(server, "kdc") != 0) { hp = gethostbyname(server); @@ -277,13 +291,14 @@ void do_remote(krb5_creds *v5creds, char *server, krb5_keyblock *key) memcpy((char *) &saddr.sin_addr.s_addr, hp->h_addr, sizeof(struct in_addr)); - if (ret = krb524_convert_creds_addr(v5creds, &v4creds, &saddr)) { + if ((ret = krb524_convert_creds_addr(context, v5creds, &v4creds, + &saddr))) { com_err("test", ret, "converting credentials on %s", server); exit(1); } } else { - if (ret = krb524_convert_creds_kdc(v5creds, &v4creds)) { + if ((ret = krb524_convert_creds_kdc(context, v5creds, &v4creds))) { com_err("test", ret, "converting credentials via kdc"); exit(1); } |