diff options
Diffstat (limited to 'src/lib/krb5/os')
| -rw-r--r-- | src/lib/krb5/os/.Sanitize | 1 | ||||
| -rw-r--r-- | src/lib/krb5/os/ChangeLog | 10 | ||||
| -rw-r--r-- | src/lib/krb5/os/Makefile.in | 9 | ||||
| -rw-r--r-- | src/lib/krb5/os/accessor.c | 15 | ||||
| -rw-r--r-- | src/lib/krb5/os/send524.c | 111 |
5 files changed, 140 insertions, 6 deletions
diff --git a/src/lib/krb5/os/.Sanitize b/src/lib/krb5/os/.Sanitize index cf13ff1d44..e17c876b9d 100644 --- a/src/lib/krb5/os/.Sanitize +++ b/src/lib/krb5/os/.Sanitize @@ -61,6 +61,7 @@ read_msg.c read_pwd.c realm_dom.c ref_std_conf.out +send524.c sendto_kdc.c sn2princ.c timeofday.c diff --git a/src/lib/krb5/os/ChangeLog b/src/lib/krb5/os/ChangeLog index be62ff39e0..a99de43e1b 100644 --- a/src/lib/krb5/os/ChangeLog +++ b/src/lib/krb5/os/ChangeLog @@ -1,4 +1,14 @@ +2003-05-24 Ken Raeburn <raeburn@mit.edu> + + * send524.c: New file, moved from krb524/sendmsg.c. Rename + function to have krb5int_ prefix. If KRB5_KRB4_COMPAT not + defined, return an error. + * accessor.c (krb5int_accessor): Update for deleted and added + fields. If KRB5_KRB4_COMPAT is not defined, just use null + pointers for the new fields. + 2003-05-06 Alexandra Ellwood <lxs@mit.edu> + * init_os_ctx.c: Added support for KLL's __KLAllowHomeDirectoryAccess() function so that krb4, krb5 and gssapi will not access the user's homedir if the application forbids it. diff --git a/src/lib/krb5/os/Makefile.in b/src/lib/krb5/os/Makefile.in index 8e0f8a7d22..72024190f9 100644 --- a/src/lib/krb5/os/Makefile.in +++ b/src/lib/krb5/os/Makefile.in @@ -46,6 +46,7 @@ STLIBOBJS= \ read_pwd.o \ realm_dom.o \ realm_iter.o \ + send524.o \ sendto_kdc.o \ sn2princ.o \ timeofday.o \ @@ -89,6 +90,7 @@ OBJS= \ $(OUTPRE)read_pwd.$(OBJEXT) \ $(OUTPRE)realm_dom.$(OBJEXT) \ $(OUTPRE)realm_iter.$(OBJEXT) \ + $(OUTPRE)send524.$(OBJEXT) \ $(OUTPRE)sendto_kdc.$(OBJEXT) \ $(OUTPRE)sn2princ.$(OBJEXT) \ $(OUTPRE)timeofday.$(OBJEXT) \ @@ -132,6 +134,7 @@ SRCS= \ $(srcdir)/realm_dom.c \ $(srcdir)/realm_iter.c \ $(srcdir)/port2ip.c \ + $(srcdir)/send524.c \ $(srcdir)/sendto_kdc.c \ $(srcdir)/sn2princ.c \ $(srcdir)/timeofday.c \ @@ -405,6 +408,12 @@ port2ip.so port2ip.po $(OUTPRE)port2ip.$(OBJEXT): port2ip.c $(SRCTOP)/include/k5 $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ $(SRCTOP)/include/krb5/kdb.h os-proto.h +send524.so send524.po $(OUTPRE)send524.$(OBJEXT): send524.c $(SRCTOP)/include/fake-addrinfo.h \ + $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/k5-int.h \ + $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/krb5/kdb.h \ + os-proto.h sendto_kdc.so sendto_kdc.po $(OUTPRE)sendto_kdc.$(OBJEXT): sendto_kdc.c $(SRCTOP)/include/fake-addrinfo.h \ $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/k5-int.h \ diff --git a/src/lib/krb5/os/accessor.c b/src/lib/krb5/os/accessor.c index 509d317fa3..afdd023cac 100644 --- a/src/lib/krb5/os/accessor.c +++ b/src/lib/krb5/os/accessor.c @@ -35,18 +35,21 @@ krb5int_accessor(krb5int_access *internals, krb5_int32 version) if (version == KRB5INT_ACCESS_VERSION) { krb5int_access internals_temp; - internals_temp.krb5_locate_server = krb5int_locate_server; - internals_temp.krb5_locate_kdc = krb5_locate_kdc; internals_temp.free_addrlist = krb5int_free_addrlist; - internals_temp.krb5_max_skdc_timeout = krb5_max_skdc_timeout; - internals_temp.krb5_skdc_timeout_shift = krb5_skdc_timeout_shift; - internals_temp.krb5_skdc_timeout_1 = krb5_skdc_timeout_1; - internals_temp.krb5_max_dgram_size = krb5_max_dgram_size; internals_temp.krb5_hmac = krb5_hmac; internals_temp.md5_hash_provider = &krb5int_hash_md5; internals_temp.arcfour_enc_provider = &krb5int_enc_arcfour; internals_temp.sendto_udp = &krb5int_sendto; internals_temp.add_host_to_list = krb5int_add_host_to_list; +#ifdef KRB5_KRB4_COMPAT + internals_temp.krb_life_to_time = krb5int_krb_life_to_time; + internals_temp.krb_time_to_life = krb5int_krb_time_to_life; + internals_temp.krb524_encode_v4tkt = krb5int_encode_v4tkt; +#else + internals_temp.krb_life_to_time = 0; + internals_temp.krb_time_to_life = 0; + internals_temp.krb524_encode_v4tkt = 0; +#endif *internals = internals_temp; return 0; } diff --git a/src/lib/krb5/os/send524.c b/src/lib/krb5/os/send524.c new file mode 100644 index 0000000000..f126555522 --- /dev/null +++ b/src/lib/krb5/os/send524.c @@ -0,0 +1,111 @@ +/* + * Copyright 1990,1991,1997 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * Send a packet to a service and await a reply, using an exponential + * backoff retry algorithm. This is based on krb5_sendto_kdc. + */ + +/* Grab socket stuff. This might want to go away later. */ +#define NEED_SOCKETS +#define NEED_LOWLEVEL_IO +#include "fake-addrinfo.h" /* for custom addrinfo if needed */ +#include "k5-int.h" + +#ifndef _WIN32 +#include <unistd.h> +#include <sys/time.h> +#endif + +#include <stdlib.h> +#include <string.h> + +#include "os-proto.h" + +/* + * krb524_sendto_kdc: + * + * A slightly modified version of krb5_sendto_kdc. + * + * send the formatted request 'message' to a KDC for realm 'realm' and + * return the response (if any) in 'reply'. + * + * If the message is sent and a response is received, 0 is returned, + * otherwise an error code is returned. + * + * The storage for 'reply' is allocated and should be freed by the caller + * when finished. + */ + +krb5_error_code +krb5int_524_sendto_kdc (context, message, realm, reply, addr, addrlen) + krb5_context context; + const krb5_data * message; + const krb5_data * realm; + krb5_data * reply; + struct sockaddr *addr; + socklen_t *addrlen; +{ +#ifdef KRB5_KRB4_COMPAT + int i; + struct addrlist al = ADDRLIST_INIT; + struct servent *serv; + krb5_error_code retval; + int port; + + /* + * find KDC location(s) for realm + */ + + serv = getservbyname(KRB524_SERVICE, "udp"); + port = serv ? serv->s_port : htons (KRB524_PORT); + + retval = krb5int_locate_server(context, realm, &al, 0, + "krb524_server", "_krb524", + SOCK_DGRAM, port, + 0, PF_INET); + if (retval == KRB5_REALM_CANT_RESOLVE || retval == KRB5_REALM_UNKNOWN) { + /* Fallback heuristic: Assume krb524 port on every KDC might + work. */ + retval = krb5_locate_kdc(context, realm, &al, 0, SOCK_DGRAM, PF_INET); + /* + * Bash the ports numbers. + */ + if (retval == 0) + for (i = 0; i < al.naddrs; i++) { + al.addrs[i]->ai_socktype = SOCK_DGRAM; + if (al.addrs[i]->ai_family == AF_INET) + sa2sin (al.addrs[i]->ai_addr)->sin_port = port; + } + } + if (retval) + return retval; + if (al.naddrs == 0) + return KRB5_REALM_UNKNOWN; + + retval = krb5int_sendto (context, message, &al, reply, addr, addrlen); + krb5int_free_addrlist (&al); + return retval; +#else + return KRB524_KRB4_DISABLED; +#endif +} |