From ef4a40eef2b466b34a015a9419dccee2a9fd5ee4 Mon Sep 17 00:00:00 2001 From: Chris Provenzano Date: Fri, 13 Jan 1995 21:50:24 +0000 Subject: Removed all references to DECLARG and OLDDECLARG. Added krb5_context to all krb5_*() routines. Fixed krlogin to use htons(debug_port). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4814 dc483132-0cff-0310-8789-dd5450dbe970 --- src/appl/bsd/ChangeLog | 6 +++ src/appl/bsd/forward.c | 9 ++-- src/appl/bsd/kcmd.c | 39 ++++++++-------- src/appl/bsd/krcp.c | 122 ++++++++++++++++++++++++------------------------ src/appl/bsd/krlogin.c | 22 +++++---- src/appl/bsd/krlogind.c | 45 +++++++++--------- src/appl/bsd/krsh.c | 20 ++++---- src/appl/bsd/krshd.c | 43 +++++++++-------- 8 files changed, 163 insertions(+), 143 deletions(-) (limited to 'src/appl/bsd') diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog index 924f2e87ad..d758ed45e0 100644 --- a/src/appl/bsd/ChangeLog +++ b/src/appl/bsd/ChangeLog @@ -1,3 +1,9 @@ +Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) + + * Added krb5_context to all krb5_routines + + * krsh.c (main): Use htons(debug_port). + Wed Jan 11 01:25:09 1995 Mark Eichin * logutil.c (update_wtmp): declare missing variables if diff --git a/src/appl/bsd/forward.c b/src/appl/bsd/forward.c index 7a0b96fd4a..8e5b9da016 100644 --- a/src/appl/bsd/forward.c +++ b/src/appl/bsd/forward.c @@ -35,7 +35,8 @@ /* Decode, decrypt and store the forwarded creds in the local ccache. */ krb5_error_code -rd_and_store_for_creds(inbuf, ticket, lusername) +rd_and_store_for_creds(context, inbuf, ticket, lusername) + krb5_context context; krb5_data *inbuf; krb5_ticket *ticket; char *lusername; @@ -64,16 +65,16 @@ rd_and_store_for_creds(inbuf, ticket, lusername) sprintf(ccname, "FILE:/tmp/krb5cc_p%d", getpid()); setenv("KRB5CCNAME", ccname, 0); - if (retval = krb5_cc_resolve(ccname, &ccache)) { + if (retval = krb5_cc_resolve(context, ccname, &ccache)) { return(retval); } - if (retval = krb5_cc_initialize(ccache, + if (retval = krb5_cc_initialize(context, ccache, ticket->enc_part2->client)) { return(retval); } - if (retval = krb5_cc_store_cred(ccache, &creds)) { + if (retval = krb5_cc_store_cred(context, ccache, &creds)) { return(retval); } diff --git a/src/appl/bsd/kcmd.c b/src/appl/bsd/kcmd.c index 31c448d45b..999b0a9692 100644 --- a/src/appl/bsd/kcmd.c +++ b/src/appl/bsd/kcmd.c @@ -66,6 +66,7 @@ extern errno; char *default_service = "host"; extern krb5_cksumtype krb5_kdc_req_sumtype; +extern krb5_context bsd_context; kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, cred, seqno, server_seqno, laddr, faddr, authopts) @@ -139,8 +140,8 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, fprintf(stderr,"kcmd: no memory\n"); return(-1); } - status = krb5_sname_to_principal(host_save,service,KRB5_NT_SRV_HST, - &ret_cred->server); + status = krb5_sname_to_principal(bsd_context, host_save,service, + KRB5_NT_SRV_HST, &ret_cred->server); if (status) { fprintf(stderr, "kcmd: krb5_sname_to_principal failed: %s\n", error_message(status)); @@ -156,7 +157,7 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, strcpy(rdata.data, realm); /* XXX we should free the old realm first */ - krb5_princ_set_realm(ret_cred->server, &rdata); + krb5_princ_set_realm(bsd_context, ret_cred->server, &rdata); } #ifdef POSIX_SIGNALS sigemptyset(&urgmask); @@ -179,7 +180,7 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, sigsetmask(oldmask); #endif /* POSIX_SIGNALS */ if (tmpstr) krb5_xfree(tmpstr); - krb5_free_creds(ret_cred); + krb5_free_creds(bsd_context, ret_cred); return (-1); } #ifdef HAVE_SETOWN @@ -226,7 +227,7 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, sigsetmask(oldmask); #endif /* POSIX_SIGNALS */ if (tmpstr) krb5_xfree(tmpstr); - krb5_free_creds(ret_cred); + krb5_free_creds(bsd_context, ret_cred); return (-1); } lport--; @@ -282,13 +283,13 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, /* compute checksum, using CRC-32 */ if (!(send_cksum.contents = (krb5_octet *) - malloc(krb5_checksum_size(CKSUMTYPE_CRC32)))) { + malloc(krb5_checksum_size(bsd_context, CKSUMTYPE_CRC32)))) { status = -1; goto bad2; } /* choose some random stuff to compute checksum from */ sprintf(tmpstr,"%x %x",pid,pid); - if (status = krb5_calculate_checksum(CKSUMTYPE_CRC32, + if (status = krb5_calculate_checksum(bsd_context, CKSUMTYPE_CRC32, tmpstr, strlen(tmpstr), 0, @@ -297,14 +298,14 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, &send_cksum)) goto bad3; - status = krb5_cc_default(&cc); + status = krb5_cc_default(bsd_context, &cc); if (status) goto bad3; - status = krb5_cc_get_principal(cc, &ret_cred->client); + status = krb5_cc_get_principal(bsd_context, cc, &ret_cred->client); if (status) goto bad3; /* Get ticket from credentials cache or kdc */ - status = krb5_get_credentials(0, cc, ret_cred); + status = krb5_get_credentials(bsd_context, 0, cc, ret_cred); if (status) goto bad3; /* Reset internal flags; these should not be sent. */ @@ -314,7 +315,7 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, /* call Kerberos library routine to obtain an authenticator, pass it over the socket to the server, and obtain mutual authentication. */ - status = krb5_sendauth((krb5_pointer) &s, + status = krb5_sendauth(bsd_context, (krb5_pointer) &s, "KCMDV0.1", ret_cred->client, ret_cred->server, authopts, &send_cksum, @@ -333,14 +334,14 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, fprintf(stderr, "Error text sent from server: %s\n", error->text.data); } - krb5_free_error(error); + krb5_free_error(bsd_context, error); error = 0; } } if (status) goto bad3; if (rep_ret && server_seqno) { *server_seqno = rep_ret->seq_number; - krb5_free_ap_rep_enc_part(rep_ret); + krb5_free_ap_rep_enc_part(bsd_context, rep_ret); } (void) write(s, remuser, strlen(remuser)+1); @@ -348,7 +349,7 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, (void) write(s, locuser, strlen(locuser)+1); if (options & OPTS_FORWARD_CREDS) { /* Forward credentials */ - if (status = krb5_get_for_creds(ETYPE_DES_CBC_CRC, + if (status = krb5_get_for_creds(bsd_context, ETYPE_DES_CBC_CRC, krb5_kdc_req_sumtype, hp->h_name, ret_cred->client, @@ -361,12 +362,12 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, } /* Send forwarded credentials */ - if (status = krb5_write_message((krb5_pointer)&s, &outbuf)) + if (status = krb5_write_message(bsd_context, (krb5_pointer)&s, &outbuf)) goto bad3; } else { /* Dummy write to signal no forwarding */ outbuf.length = 0; - if (status = krb5_write_message((krb5_pointer)&s, &outbuf)) + if (status = krb5_write_message(bsd_context, (krb5_pointer)&s, &outbuf)) goto bad3; } @@ -397,8 +398,8 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, if (tmpstr) krb5_xfree(tmpstr); /* pass back credentials if wanted */ - if (cred) krb5_copy_creds(ret_cred,cred); - krb5_free_creds(ret_cred); + if (cred) krb5_copy_creds(bsd_context, ret_cred,cred); + krb5_free_creds(bsd_context, ret_cred); return (0); bad3: @@ -415,7 +416,7 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, #endif /* POSIX_SIGNALS */ if (tmpstr) krb5_xfree(tmpstr); if (ret_cred) - krb5_free_creds(ret_cred); + krb5_free_creds(bsd_context, ret_cred); return (status); } diff --git a/src/appl/bsd/krcp.c b/src/appl/bsd/krcp.c index 5101d5f726..d8bf15dcd1 100644 --- a/src/appl/bsd/krcp.c +++ b/src/appl/bsd/krcp.c @@ -85,6 +85,7 @@ char des_outbuf[2*BUFSIZ]; /* needs to be > largest write size */ krb5_data desinbuf,desoutbuf; krb5_encrypt_block eblock; /* eblock for encrypt/decrypt */ krb5_keyblock *session_key; /* static key for session */ +krb5_context bsd_context; void try_normal(); char **save_argv(); @@ -149,7 +150,8 @@ main(argc, argv) char **orig_argv = save_argv(argc, argv); sp = getservbyname("kshell", "tcp"); - krb5_init_ets(); + krb5_init_context(&bsd_context); + krb5_init_ets(bsd_context); desinbuf.data = des_inbuf; desoutbuf.data = des_outbuf; /* Set up des buffers */ #else @@ -556,7 +558,7 @@ susystem(s) #ifdef POSIX_SIGNALS struct sigaction sa, isa, qsa; #else - register krb5_sigtype (*istat)(), (*qstat)(); + register krb5_sigtype (bsd_context, *istat)(), (*qstat)(); #endif if ((pid = vfork()) == 0) { @@ -1143,19 +1145,17 @@ char **save_argv(argc, argv) #endif #include -krb5_error_code tgt_keyproc(DECLARG(krb5_pointer, keyprocarg), - DECLARG(krb5_principal, principal), - DECLARG(krb5_kvno, vno), - DECLARG(krb5_keyblock **, key)) - OLDDECLARG(krb5_pointer, keyprocarg) - OLDDECLARG(krb5_principal, principal) - OLDDECLARG(krb5_kvno, vno) - OLDDECLARG(krb5_keyblock **, key) +krb5_error_code tgt_keyproc(context, keyprocarg, principal, vno, key) + krb5_context context; + krb5_pointer keyprocarg; + krb5_principal principal; + krb5_kvno vno; + krb5_keyblock ** key; #include { krb5_creds *creds = (krb5_creds *)keyprocarg; - return krb5_copy_keyblock(&creds->keyblock, key); + return krb5_copy_keyblock(context, &creds->keyblock, key); } @@ -1173,7 +1173,7 @@ void send_auth() - if (status = krb5_cc_default(&cc)){ + if (status = krb5_cc_default(bsd_context, &cc)){ fprintf(stderr,"rcp: send_auth failed krb5_cc_default : %s\n", error_message(status)); exit(1); @@ -1181,49 +1181,49 @@ void send_auth() memset ((char*)&creds, 0, sizeof(creds)); - if (status = krb5_cc_get_principal(cc, &creds.client)){ + if (status = krb5_cc_get_principal(bsd_context, cc, &creds.client)){ fprintf(stderr, "rcp: send_auth failed krb5_cc_get_principal : %s\n", error_message(status)); - krb5_cc_close(cc); + krb5_cc_close(bsd_context, cc); exit(1); } - if (status = krb5_unparse_name(creds.client, &princ)){ + if (status = krb5_unparse_name(bsd_context, creds.client, &princ)){ fprintf(stderr,"rcp: send_auth failed krb5_parse_name : %s\n", error_message(status)); - krb5_cc_close(cc); + krb5_cc_close(bsd_context, cc); exit(1); } - if (status = krb5_build_principal_ext(&creds.server, - krb5_princ_realm(creds.client)->length, - krb5_princ_realm(creds.client)->data, + if (status = krb5_build_principal_ext(bsd_context, &creds.server, + krb5_princ_realm(bsd_context, creds.client)->length, + krb5_princ_realm(bsd_context, creds.client)->data, 6, "krbtgt", - krb5_princ_realm(creds.client)->length, - krb5_princ_realm(creds.client)->data, + krb5_princ_realm(bsd_context, creds.client)->length, + krb5_princ_realm(bsd_context, creds.client)->data, 0)){ fprintf(stderr, "rcp: send_auth failed krb5_build_principal_ext : %s\n", error_message(status)); - krb5_cc_close(cc); + krb5_cc_close(bsd_context, cc); exit(1); } /* Get TGT from credentials cache */ - if (status = krb5_get_credentials(KRB5_GC_CACHED, cc, &creds)){ + if (status = krb5_get_credentials(bsd_context, KRB5_GC_CACHED, cc, &creds)){ fprintf(stderr, "rcp: send_auth failed krb5_get_credentials: %s\n", error_message(status)); - krb5_cc_close(cc); + krb5_cc_close(bsd_context, cc); exit(1); } - krb5_cc_close(cc); + krb5_cc_close(bsd_context, cc); princ_data.data = princ; princ_data.length = strlen(princ_data.data) + 1; /* include null terminator for server's convenience */ - status = krb5_write_message((krb5_pointer) &rem, &princ_data); + status = krb5_write_message(bsd_context, (krb5_pointer) &rem, &princ_data); if (status){ fprintf(stderr, "rcp: send_auth failed krb5_write_message: %s\n", @@ -1231,7 +1231,7 @@ void send_auth() exit(1); } krb5_xfree(princ); - status = krb5_write_message((krb5_pointer) &rem, &creds.ticket); + status = krb5_write_message(bsd_context, (krb5_pointer)&rem, &creds.ticket); if (status){ fprintf(stderr, "rcp: send_auth failed krb5_write_message: %s\n", @@ -1239,7 +1239,7 @@ void send_auth() exit(1); } - status = krb5_read_message((krb5_pointer) &rem, &reply); + status = krb5_read_message(bsd_context, (krb5_pointer) &rem, &reply); if (status){ fprintf(stderr, "rcp: send_auth failed krb5_read_message: %s\n", @@ -1253,7 +1253,7 @@ void send_auth() faddr.contents = (krb5_octet *) &foreign.sin_addr; /* read the ap_req to get the session key */ - status = krb5_rd_req(&reply, + status = krb5_rd_req(bsd_context, &reply, 0, /* don't know server's name... */ &faddr, 0, /* no fetchfrom */ @@ -1269,12 +1269,13 @@ void send_auth() exit(1); } - krb5_copy_keyblock(authdat->ticket->enc_part2->session,&session_key); - krb5_free_tkt_authent(authdat); - krb5_free_cred_contents(&creds); + krb5_copy_keyblock(bsd_context, authdat->ticket->enc_part2->session, + &session_key); + krb5_free_tkt_authent(bsd_context, authdat); + krb5_free_cred_contents(bsd_context, &creds); - krb5_use_keytype(&eblock, session_key->keytype); - if ( status = krb5_process_key(&eblock, + krb5_use_keytype(bsd_context, &eblock, session_key->keytype); + if ( status = krb5_process_key(bsd_context, &eblock, session_key)){ fprintf(stderr, "rcp: send_auth failed krb5_process_key: %s\n", error_message(status)); @@ -1297,39 +1298,40 @@ void memset ((char*)&creds, 0, sizeof(creds)); - if (status = krb5_read_message((krb5_pointer) &rem, &pname_data)) { + if (status = krb5_read_message(bsd_context, (krb5_pointer)&rem, + &pname_data)) { exit(1); } - if (status = krb5_read_message((krb5_pointer) &rem, + if (status = krb5_read_message(bsd_context, (krb5_pointer) &rem, &creds.second_ticket)) { exit(1); } - if (status = krb5_cc_default(&cc)){ + if (status = krb5_cc_default(bsd_context, &cc)){ exit(1); } - if (status = krb5_cc_get_principal(cc, &creds.client)){ - krb5_cc_destroy(cc); - krb5_cc_close(cc); + if (status = krb5_cc_get_principal(bsd_context, cc, &creds.client)){ + krb5_cc_destroy(bsd_context, cc); + krb5_cc_close(bsd_context, cc); exit(1); } - if (status = krb5_parse_name(pname_data.data, &creds.server)){ - krb5_cc_destroy(cc); - krb5_cc_close(cc); + if (status = krb5_parse_name(bsd_context, pname_data.data, &creds.server)){ + krb5_cc_destroy(bsd_context, cc); + krb5_cc_close(bsd_context, cc); exit(1); } krb5_xfree(pname_data.data); - if (status = krb5_get_credentials(KRB5_GC_USER_USER, cc, &creds)){ - krb5_cc_destroy(cc); - krb5_cc_close(cc); + if (status = krb5_get_credentials(bsd_context, KRB5_GC_USER_USER, cc, &creds)){ + krb5_cc_destroy(bsd_context, cc); + krb5_cc_close(bsd_context, cc); exit(1); } - if (status = krb5_mk_req_extended(AP_OPTS_USE_SESSION_KEY, + if (status = krb5_mk_req_extended(bsd_context, AP_OPTS_USE_SESSION_KEY, 0, /* no application checksum here */ krb5_kdc_default_options, 0, @@ -1338,27 +1340,27 @@ void &creds, 0, /* don't need authenticator copy */ &msg)) { - krb5_cc_destroy(cc); - krb5_cc_close(cc); + krb5_cc_destroy(bsd_context, cc); + krb5_cc_close(bsd_context, cc); exit(1); } - krb5_cc_destroy(cc); - krb5_cc_close(cc); - status = krb5_write_message((krb5_pointer) &rem, &msg); + krb5_cc_destroy(bsd_context, cc); + krb5_cc_close(bsd_context, cc); + status = krb5_write_message(bsd_context, (krb5_pointer) &rem, &msg); krb5_xfree(msg.data); if (status){ exit(1); } /* setup eblock for des_read and write */ - krb5_copy_keyblock(&creds.keyblock,&session_key); + krb5_copy_keyblock(bsd_context, &creds.keyblock,&session_key); /* cleanup */ - krb5_free_cred_contents(&creds); + krb5_free_cred_contents(bsd_context, &creds); /* OK process key */ - krb5_use_keytype(&eblock, session_key->keytype); - if ( status = krb5_process_key(&eblock,session_key)) { + krb5_use_keytype(bsd_context, &eblock, session_key->keytype); + if ( status = krb5_process_key(bsd_context, &eblock,session_key)) { exit(1); } @@ -1398,7 +1400,7 @@ int des_read(fd, buf, len) nstored = 0; } - if ((cc = krb5_net_read(fd, (char *)&len_buf, 4)) != 4) { + if ((cc = krb5_net_read(bsd_context, fd, (char *)&len_buf, 4)) != 4) { /* XXX can't read enough, pipe must have closed */ return(0); } @@ -1413,14 +1415,14 @@ int des_read(fd, buf, len) errno = E2BIG; return(-1); } - if ((cc = krb5_net_read(fd, desinbuf.data, net_len)) != net_len) { + if ((cc = krb5_net_read(bsd_context, fd, desinbuf.data, net_len)) != net_len) { /* pipe must have closed, return 0 */ error( "rcp: Des_read error: length received %d != expected %d.\n", cc,net_len); return(0); } /* decrypt info */ - if ((status = krb5_decrypt(desinbuf.data, + if ((status = krb5_decrypt(bsd_context, desinbuf.data, (krb5_pointer) storage, net_len, &eblock, 0))) { @@ -1460,7 +1462,7 @@ int des_write(fd, buf, len) if (desoutbuf.length > sizeof(des_outbuf)){ return(-1); } - if (( krb5_encrypt((krb5_pointer)buf, + if (( krb5_encrypt(bsd_context, (krb5_pointer)buf, desoutbuf.data, len, &eblock, diff --git a/src/appl/bsd/krlogin.c b/src/appl/bsd/krlogin.c index b601b5f4fc..90f5b9ec31 100644 --- a/src/appl/bsd/krlogin.c +++ b/src/appl/bsd/krlogin.c @@ -149,6 +149,7 @@ int encrypt_flag = 0; int fflag = 0, Fflag = 0; krb5_creds *cred; struct sockaddr_in local, foreign; +krb5_context bsd_context; #ifndef UCB_RLOGIN #define UCB_RLOGIN "/usr/ucb/rlogin" @@ -455,7 +456,8 @@ main(argc, argv) exit(1); } #ifdef KERBEROS - krb5_init_ets(); + krb5_init_context(&bsd_context); + krb5_init_ets(bsd_context); desinbuf.data = des_inbuf; desoutbuf.data = des_outbuf; /* Set up des buffers */ /* @@ -578,8 +580,8 @@ main(argc, argv) rem = sock; /* setup eblock for des_read and write */ - krb5_use_keytype(&eblock,cred->keyblock.keytype); - if ( status = krb5_process_key(&eblock,&cred->keyblock)) { + krb5_use_keytype(bsd_context, &eblock,cred->keyblock.keytype); + if ( status = krb5_process_key(bsd_context, &eblock,&cred->keyblock)) { fprintf(stderr, "%s: Cannot process session key : %s.\n", orig_argv[0], error_message(status)); @@ -1681,7 +1683,7 @@ int des_read(fd, buf, len) nstored = 0; } - if ((cc = krb5_net_read(fd, (char *)&len_buf, 4)) != 4) { + if ((cc = krb5_net_read(bsd_context, fd, (char *)&len_buf, 4)) != 4) { /* XXX can't read enough, pipe must have closed */ return(0); } @@ -1694,7 +1696,7 @@ int des_read(fd, buf, len) fprintf(stderr,"Read size problem.\n"); return(0); } - if ((cc = krb5_net_read(fd, desinbuf.data, net_len)) != net_len) { + if ((cc = krb5_net_read(bsd_context, fd, desinbuf.data, net_len)) != net_len) { /* pipe must have closed, return 0 */ fprintf(stderr, "Read error: length received %d != expected %d.\n", @@ -1702,7 +1704,7 @@ int des_read(fd, buf, len) return(0); } /* decrypt info */ - if ((krb5_decrypt(desinbuf.data, + if ((krb5_decrypt(bsd_context, desinbuf.data, (krb5_pointer) storage, net_len, &eblock, 0))) { @@ -1742,7 +1744,7 @@ int des_write(fd, buf, len) fprintf(stderr,"Write size problem.\n"); return(-1); } - if (( krb5_encrypt((krb5_pointer)buf, + if (( krb5_encrypt(bsd_context, (krb5_pointer)buf, desoutbuf.data, len, &eblock, @@ -1799,7 +1801,7 @@ int des_read(fd, buf, len) len -= nstored; nstored = 0; } - if ((cc = krb5_net_read(fd, len_buf, 4)) != 4) { + if ((cc = krb5_net_read(bsd_context, fd, len_buf, 4)) != 4) { /* XXX can't read enough, pipe must have closed */ return(0); } @@ -1817,7 +1819,7 @@ int des_read(fd, buf, len) #else rd_len = roundup(net_len, 8); #endif - if ((cc = krb5_net_read(fd, des_inbuf, rd_len)) != rd_len) { + if ((cc = krb5_net_read(bsd_context, fd, des_inbuf, rd_len)) != rd_len) { /* pipe must have closed, return 0 */ return(0); } @@ -1866,7 +1868,7 @@ int des_write(fd, buf, len) #define min(a,b) ((a < b) ? a : b) if (len < 8) { - krb5_random_confounder(8 - len, &garbage_buf); + krb5_random_confounder(bsd_context, 8 - len, &garbage_buf); /* this "right-justifies" the data in the buffer */ (void) memcpy(garbage_buf + 8 - len, buf, len); } diff --git a/src/appl/bsd/krlogind.c b/src/appl/bsd/krlogind.c index 493d8381aa..88bbc8cc6b 100644 --- a/src/appl/bsd/krlogind.c +++ b/src/appl/bsd/krlogind.c @@ -244,6 +244,7 @@ krb5_encrypt_block eblock; /* eblock for encrypt/decrypt */ krb5_authenticator *kdata; krb5_ticket *ticket = 0; +krb5_context bsd_context; #define ARGSTR "rRkKeExXpPD:?" #else /* !KERBEROS */ @@ -518,7 +519,8 @@ void doit(f, fromp) #ifdef KERBEROS if (must_pass_k5 || must_pass_one) { /* Init error messages and setup des buffers */ - krb5_init_ets(); + krb5_init_context(&bsd_context); + krb5_init_ets(bsd_context); desinbuf.data = des_inbuf; desoutbuf.data = des_outbuf; /* Set up des buffers */ } @@ -1110,7 +1112,7 @@ do_krb_login(host) /* Kerberos V4, or host-based. */ if (status = recvauth()) { if (ticket) - krb5_free_ticket(ticket); + krb5_free_ticket(bsd_context, ticket); if (status != 255) syslog(LOG_ERR, "Authentication failed from %s: %s\n", @@ -1131,7 +1133,7 @@ do_krb_login(host) if (must_pass_k5 || must_pass_one) { #if (defined(ALWAYS_V5_KUSEROK) || !defined(KRB5_KRB4_COMPAT)) /* krb5_kuserok returns 1 if OK */ - if (client && krb5_kuserok(client, lusername)) + if (client && krb5_kuserok(bsd_context, client, lusername)) passed_krb++; #else if (auth_sys == KRB5_RECVAUTH_V4) { @@ -1140,7 +1142,7 @@ do_krb_login(host) passed_krb++; } else { /* krb5_kuserok returns 1 if OK */ - if (client && krb5_kuserok(client, lusername)) + if (client && krb5_kuserok(bsd_context, client, lusername)) passed_krb++; } #endif @@ -1167,7 +1169,7 @@ do_krb_login(host) return; if (ticket) - krb5_free_ticket(ticket); + krb5_free_ticket(bsd_context, ticket); msg_fail = (char *) malloc( strlen(krusername) + strlen(lusername) + 80 ); if (!msg_fail) @@ -1234,7 +1236,7 @@ v5_des_read(fd, buf, len) nstored = 0; } - if ((cc = krb5_net_read(fd, (char *)len_buf, 4)) != 4) { + if ((cc = krb5_net_read(bsd_context, fd, (char *)len_buf, 4)) != 4) { if ((cc < 0) && ((errno == EWOULDBLOCK) || (errno == EAGAIN))) return(cc); /* XXX can't read enough, pipe must have closed */ @@ -1254,7 +1256,7 @@ v5_des_read(fd, buf, len) } retry = 0; datard: - if ((cc = krb5_net_read(fd, desinbuf.data, net_len)) != net_len) { + if ((cc = krb5_net_read(bsd_context,fd,desinbuf.data,net_len)) != net_len) { /* XXX can't read enough, pipe must have closed */ if ((cc < 0) && ((errno == EWOULDBLOCK) || (errno == EAGAIN))) { retry++; @@ -1273,7 +1275,7 @@ v5_des_read(fd, buf, len) return(0); } /* decrypt info */ - if ((krb5_decrypt(desinbuf.data, + if ((krb5_decrypt(bsd_context, desinbuf.data, (krb5_pointer) storage, net_len, &eblock, 0))) { @@ -1313,7 +1315,7 @@ v5_des_write(fd, buf, len) syslog(LOG_ERR,"Write size problem."); return(-1); } - if ((krb5_encrypt((krb5_pointer)buf, + if ((krb5_encrypt(bsd_context, (krb5_pointer)buf, desoutbuf.data, len, &eblock, @@ -1417,7 +1419,7 @@ int princ_maps_to_lname(principal, luser) char *luser; { char kuser[10]; - if (!(krb5_aname_to_localname(principal, + if (!(krb5_aname_to_localname(bsd_context, principal, sizeof(kuser), kuser)) && (strcmp(kuser, luser) == 0)) { return 1; @@ -1432,14 +1434,14 @@ int default_realm(principal) int realm_length; int retval; - realm_length = krb5_princ_realm(principal)->length; + realm_length = krb5_princ_realm(bsd_context, principal)->length; - if (retval = krb5_get_default_realm(&def_realm)) { + if (retval = krb5_get_default_realm(bsd_context, &def_realm)) { return 0; } if ((realm_length != strlen(def_realm)) || - (memcmp(def_realm, krb5_princ_realm(principal)->data, realm_length))) { + (memcmp(def_realm, krb5_princ_realm(bsd_context, principal)->data, realm_length))) { free(def_realm); return 0; } @@ -1489,8 +1491,8 @@ recvauth() peeraddr.length = SIZEOF_INADDR; peeraddr.contents = (krb5_octet *)&peersin.sin_addr; - if (status = krb5_sname_to_principal(NULL, "host", KRB5_NT_SRV_HST, - &server)) { + if (status = krb5_sname_to_principal(bsd_context, NULL, "host", + KRB5_NT_SRV_HST, &server)) { syslog(LOG_ERR, "parse server name %s: %s", "host", error_message(status)); exit(1); @@ -1498,7 +1500,7 @@ recvauth() strcpy(v4_instance, "*"); - status = krb5_compat_recvauth(&netf, + status = krb5_compat_recvauth(bsd_context, &netf, "KCMDV0.1", server, /* Specify daemon principal */ &peeraddr, /* We do want to match */ @@ -1570,24 +1572,25 @@ recvauth() getstr(netf, rusername, sizeof(rusername), "remuser"); - if (status = krb5_unparse_name(client, &krusername)) + if (status = krb5_unparse_name(bsd_context, client, &krusername)) return status; /* Setup up eblock if encrypted login session */ /* otherwise zero out session key */ if (do_encrypt) { - krb5_use_keytype(&eblock, + krb5_use_keytype(bsd_context, &eblock, ticket->enc_part2->session->keytype); - if (status = krb5_process_key(&eblock, + if (status = krb5_process_key(bsd_context, &eblock, ticket->enc_part2->session)) fatal(netf, "Permission denied"); } - if (status = krb5_read_message((krb5_pointer)&netf, &inbuf)) + if (status = krb5_read_message(bsd_context, (krb5_pointer)&netf, &inbuf)) fatal(netf, "Error reading message"); if (inbuf.length) { /* Forwarding being done, read creds */ - if (status = rd_and_store_for_creds(&inbuf, ticket, lusername)) + if (status = rd_and_store_for_creds(bsd_context, &inbuf, ticket, + lusername)) fatal(netf, "Can't get forwarded credentials"); } return 0; diff --git a/src/appl/bsd/krsh.c b/src/appl/bsd/krsh.c index fc3b037a89..f23ff4ac71 100644 --- a/src/appl/bsd/krsh.c +++ b/src/appl/bsd/krsh.c @@ -89,6 +89,7 @@ char des_inbuf[2*BUFSIZ]; /* needs to be > largest read size */ char des_outbuf[2*BUFSIZ]; /* needs to be > largest write size */ krb5_data desinbuf,desoutbuf; krb5_encrypt_block eblock; /* eblock for encrypt/decrypt */ +krb5_context bsd_context; krb5_creds *cred; int encrypt_flag = 0; @@ -318,10 +319,11 @@ main(argc, argv0) } if (debug_port) - sp->s_port = debug_port; + sp->s_port = htons(debug_port); #ifdef KERBEROS - krb5_init_ets(); + krb5_init_context(&bsd_context); + krb5_init_ets(bsd_context); authopts = AP_OPTS_MUTUAL_REQUIRED; /* Piggy-back forwarding flags on top of authopts; */ @@ -352,8 +354,8 @@ main(argc, argv0) /* Setup for des_read and write */ desinbuf.data = des_inbuf; desoutbuf.data = des_outbuf; - krb5_use_keytype(&eblock,cred->keyblock.keytype); - if (status = krb5_process_key(&eblock,&cred->keyblock)) { + krb5_use_keytype(bsd_context, &eblock,cred->keyblock.keytype); + if (status = krb5_process_key(bsd_context, &eblock,&cred->keyblock)) { fprintf(stderr, "%s: Cannot process session key : %s.\n", argv0, error_message(status)); exit(1); @@ -581,7 +583,7 @@ int des_read(fd, buf, len) nstored = 0; } - if ((cc = krb5_net_read(fd, len_buf, 4)) != 4) { + if ((cc = krb5_net_read(bsd_context, fd, len_buf, 4)) != 4) { /* XXX can't read enough, pipe must have closed */ return(0); } @@ -594,14 +596,14 @@ int des_read(fd, buf, len) fprintf(stderr,"Read size problem.\n"); return(0); } - if ((cc = krb5_net_read(fd, desinbuf.data, net_len)) != net_len) { + if ((cc = krb5_net_read(bsd_context, fd, desinbuf.data, net_len)) != net_len) { /* pipe must have closed, return 0 */ fprintf(stderr, "Read error: length received %d != expected %d.\n", cc, net_len); return(0); } /* decrypt info */ - if (cc = krb5_decrypt(desinbuf.data, (krb5_pointer) storage, + if (cc = krb5_decrypt(bsd_context, desinbuf.data, (krb5_pointer) storage, net_len, &eblock, 0)) { fprintf(stderr,"Cannot decrypt data from network\n"); return(0); @@ -634,12 +636,12 @@ int des_write(fd, buf, len) if (!encrypt_flag) return(write(fd, buf, len)); - desoutbuf.length = krb5_encrypt_size(len,eblock.crypto_entry); + desoutbuf.length = krb5_encrypt_size(len, eblock.crypto_entry); if (desoutbuf.length > sizeof(des_outbuf)){ fprintf(stderr,"Write size problem.\n"); return(-1); } - if (( krb5_encrypt((krb5_pointer)buf, + if (( krb5_encrypt(bsd_context, (krb5_pointer)buf, desoutbuf.data, len, &eblock, diff --git a/src/appl/bsd/krshd.c b/src/appl/bsd/krshd.c index 5cad08f8a7..144be00ae8 100644 --- a/src/appl/bsd/krshd.c +++ b/src/appl/bsd/krshd.c @@ -178,6 +178,7 @@ char des_inbuf[2*BUFSIZ]; /* needs to be > largest read size */ krb5_encrypt_block eblock; /* eblock for encrypt/decrypt */ char des_outbuf[2*BUFSIZ]; /* needs to be > largest write size */ krb5_data desinbuf,desoutbuf; +krb5_context bsd_context; void fatal(); int v5_des_read(); @@ -552,7 +553,8 @@ doit(f, fromp) exit(1); } #ifdef KERBEROS - krb5_init_ets(); + krb5_init_context(&bsd_context); + krb5_init_ets(bsd_context); netf = f; desinbuf.data = des_inbuf; desoutbuf.data = des_outbuf; @@ -957,7 +959,7 @@ doit(f, fromp) #endif { /* krb5_kuserok returns 1 if OK */ - if (!krb5_kuserok(client, locuser)){ + if (!krb5_kuserok(bsd_context, client, locuser)){ syslog(LOG_ERR , "Principal %s (%s@%s) for local user %s failed krb5_kuserok.\n", kremuser, remuser, hostname, locuser); @@ -1469,7 +1471,7 @@ int princ_maps_to_lname(principal, luser) char *luser; { char kuser[10]; - if (!(krb5_aname_to_localname(principal, + if (!(krb5_aname_to_localname(bsd_context, principal, sizeof(kuser), kuser)) && (strcmp(kuser, luser) == 0)) { return 1; @@ -1485,14 +1487,15 @@ int default_realm(principal) int realm_length; int retval; - realm_length = krb5_princ_realm(principal)->length; + realm_length = krb5_princ_realm(bsd_context, principal)->length; - if (retval = krb5_get_default_realm(&def_realm)) { + if (retval = krb5_get_default_realm(bsd_context, &def_realm)) { return 0; } if ((realm_length != strlen(def_realm)) || - (memcmp(def_realm, krb5_princ_realm(principal)->data, realm_length))) { + (memcmp(def_realm, krb5_princ_realm(bsd_context, principal)->data, + realm_length))) { free(def_realm); return 0; } @@ -1536,8 +1539,8 @@ recvauth(netf, peersin, peeraddr) #define SIZEOF_INADDR sizeof(struct in_addr) #endif - if (status = krb5_sname_to_principal(NULL, "host", KRB5_NT_SRV_HST, - &server)) { + if (status = krb5_sname_to_principal(bsd_context, NULL, "host", + KRB5_NT_SRV_HST, &server)) { syslog(LOG_ERR, "parse server name %s: %s", "host", error_message(status)); exit(1); @@ -1545,7 +1548,7 @@ recvauth(netf, peersin, peeraddr) strcpy(v4_instance, "*"); - status = krb5_compat_recvauth(&netf, + status = krb5_compat_recvauth(bsd_context, &netf, "KCMDV0.1", server, /* Specify daemon principal */ &peeraddr, /* We do want to match */ @@ -1599,7 +1602,7 @@ recvauth(netf, peersin, peeraddr) sprintf(kremuser, "%s/%s@%s", v4_kdata->pname, v4_kdata->pinst, v4_kdata->prealm); - if (status = krb5_parse_name(kremuser, &client)) + if (status = krb5_parse_name(bsd_context, kremuser, &client)) return(status); return 0; } @@ -1608,31 +1611,31 @@ recvauth(netf, peersin, peeraddr) getstr(netf, remuser, sizeof(locuser), "remuser"); - if (status = krb5_unparse_name(client, &kremuser)) + if (status = krb5_unparse_name(bsd_context, client, &kremuser)) return status; /* Setup eblock for encrypted sessions. */ - krb5_use_keytype(&eblock, ticket->enc_part2->session->keytype); - if (status = krb5_process_key(&eblock, ticket->enc_part2->session)) + krb5_use_keytype(bsd_context, &eblock, ticket->enc_part2->session->keytype); + if (status = krb5_process_key(bsd_context, &eblock, ticket->enc_part2->session)) fatal(netf, "Permission denied"); /* Null out the "session" because eblock.key references the session * key here, and we do not want krb5_free_ticket() to destroy it. */ ticket->enc_part2->session = 0; - if (status = krb5_read_message((krb5_pointer)&netf, &inbuf)) { + if (status = krb5_read_message(bsd_context, (krb5_pointer)&netf, &inbuf)) { error("Error reading message: %s\n", error_message(status)); exit(1); } if (inbuf.length) { /* Forwarding being done, read creds */ - if (status = rd_and_store_for_creds(&inbuf, ticket, locuser)) { + if (status = rd_and_store_for_creds(bsd_context, &inbuf, ticket, locuser)) { error("Can't get forwarded credentials: %s\n", error_message(status)); exit(1); } } - krb5_free_ticket(ticket); + krb5_free_ticket(bsd_context, ticket); return 0; } @@ -1668,7 +1671,7 @@ v5_des_read(fd, buf, len) nstored = 0; } - if ((cc = krb5_net_read(fd, (char *)len_buf, 4)) != 4) { + if ((cc = krb5_net_read(bsd_context, fd, (char *)len_buf, 4)) != 4) { if ((cc < 0) && ((errno == EWOULDBLOCK) || (errno == EAGAIN))) return(cc); /* XXX can't read enough, pipe must have closed */ @@ -1689,7 +1692,7 @@ v5_des_read(fd, buf, len) } retry = 0; datard: - if ((cc = krb5_net_read(fd, desinbuf.data, net_len)) != net_len) { + if ((cc = krb5_net_read(bsd_context, fd, desinbuf.data, net_len)) != net_len) { /* XXX can't read enough, pipe must have closed */ if ((cc < 0) && ((errno == EWOULDBLOCK) || (errno == EAGAIN))) { retry++; @@ -1707,7 +1710,7 @@ v5_des_read(fd, buf, len) } /* decrypt info */ - if (krb5_decrypt(desinbuf.data, (krb5_pointer) storage, net_len, + if (krb5_decrypt(bsd_context, desinbuf.data, (krb5_pointer) storage, net_len, &eblock, 0)) { syslog(LOG_ERR,"Read decrypt problem."); return(0); @@ -1747,7 +1750,7 @@ v5_des_write(fd, buf, len) return(-1); } - if (krb5_encrypt((krb5_pointer)buf, desoutbuf.data, len, &eblock, 0)) { + if (krb5_encrypt(bsd_context, (krb5_pointer)buf, desoutbuf.data, len, &eblock, 0)) { syslog(LOG_ERR,"Write encrypt problem."); return(-1); } -- cgit