* main.c: Change KERBEROS to KRB5_KRB4_COMPAT where appropriate

	* secure.c: Use <secure.h> rather than "secure.h" so that the
	correct secure.h gets included (the one in the $(srcdir) of the
	directory we're compiling secure.c into).  From danw@mit.edu.

	* ftp.c: Change KERBEROS to KRB5_KRB4_COMPAT where appropriate.
	Re-order the clauses so that that GSSAPI gets tried before
	KERBEROS_V4.

	* Makefile.in: Update LOCALINCLUDE and the link line to DTRT with
	krb4 compatibility.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10235 dc483132-0cff-0310-8789-dd5450dbe970

5 files changed, 107 insertions, 91 deletions

diff --git a/src/appl/gssftp/ftp/ChangeLog b/src/appl/gssftp/ftp/ChangeLog
index 1205eaece..64cf0d0ca 100644
--- a/src/appl/gssftp/ftp/ChangeLog
+++ b/src/appl/gssftp/ftp/ChangeLog
@@ -1,3 +1,18 @@
+Thu Oct 16 01:20:30 1997  Tom Yu  <tlyu@mit.edu>
+
+	* main.c: Change KERBEROS to KRB5_KRB4_COMPAT where appropriate.
+
+	* secure.c: Use <secure.h> rather than "secure.h" so that the
+	correct secure.h gets included (the one in the $(srcdir) of the
+	directory we're compiling secure.c into).  From danw@mit.edu.
+
+	* ftp.c: Change KERBEROS to KRB5_KRB4_COMPAT where appropriate.
+	Re-order the clauses so that that GSSAPI gets tried before
+	KERBEROS_V4.
+
+	* Makefile.in: Update LOCALINCLUDE and the link line to DTRT with
+	krb4 compatibility.
+
 Sun Aug 17 14:23:39 1997  Ezra Peisach  <epeisach@mit.edu>
 
 	* Makefile.in (SRCS): Add $(srcdir) where needed.
diff --git a/src/appl/gssftp/ftp/Makefile.in b/src/appl/gssftp/ftp/Makefile.in
index 75b6aff70..e2927804b 100644
--- a/src/appl/gssftp/ftp/Makefile.in
+++ b/src/appl/gssftp/ftp/Makefile.in
@@ -14,13 +14,13 @@ SRCS	= $(srcdir)/cmds.c $(srcdir)/cmdtab.c $(srcdir)/domacro.c \
 OBJS	= cmds.o cmdtab.o domacro.o ftp.o getpass.o glob.o main.o pclose.o \
 	  radix.o ruserpass.o secure.o
 
-LOCALINCLUDE = -I$(srcdir)/..
+LOCALINCLUDE = -I$(srcdir)/.. -I$(srcdir) @KRB4_INCLUDES@
 DEFINES = -DGSSAPI -DNOCONFIDENTIAL
 
 all::	ftp
 
 ftp:	$(OBJS) $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
-	$(CC_LINK) -o ftp $(OBJS) $(GSS_LIBS) $(KRB5_BASE_LIBS)
+	$(CC_LINK) -o ftp $(OBJS) $(GSS_LIBS) $(KRB4COMPAT_LIBS)
 
 clean::
 	$(RM) ftp
diff --git a/src/appl/gssftp/ftp/ftp.c b/src/appl/gssftp/ftp/ftp.c
index 0641416bc..41207c06a 100644
--- a/src/appl/gssftp/ftp/ftp.c
+++ b/src/appl/gssftp/ftp/ftp.c
@@ -79,14 +79,14 @@ static char sccsid[] = "@(#)ftp.c	5.38 (Berkeley) 4/22/91";
 #define L_INCR 1
 #endif
 
-#ifdef KERBEROS
+#ifdef KRB5_KRB4_COMPAT
 #include <krb.h>
 
 KTEXT_ST ticket;
 CREDENTIALS cred;
 Key_schedule schedule;
 MSG_DAT msg_data;
-#endif /* KERBEROS */
+#endif /* KRB5_KRB4_COMPAT */
 #ifdef GSSAPI
 #include <gssapi/gssapi.h>
 #include <gssapi/gssapi_generic.h>
@@ -348,7 +348,7 @@ secure_command(cmd)
 		 * File protection level also determines whether
 		 * commands are MIC or ENC.  Should be independent ...
 		 */
-#ifdef KERBEROS
+#ifdef KRB5_KRB4_COMPAT
 		if (strcmp(auth_type, "KERBEROS_V4") == 0)
 		    if ((length = level == PROT_P ?
 			krb_mk_priv((unsigned char *)cmd, (unsigned char *)out,
@@ -361,7 +361,7 @@ secure_command(cmd)
 					level == PROT_P ? "priv" : "safe");
 			return(0);
 		    }
-#endif /* KERBEROS */
+#endif /* KRB5_KRB4_COMPAT */
 #ifdef GSSAPI
 		/* secure_command (based on level) */
 		if (strcmp(auth_type, "GSSAPI") == 0) {
@@ -616,7 +616,7 @@ getreply(expecteof)
 					code, radix_error(kerror), obuf);
 			    n = '5';
 			}
-#ifdef KERBEROS
+#ifdef KRB5_KRB4_COMPAT
 			else if (strcmp(auth_type, "KERBEROS_V4") == 0)
 				if ((kerror = safe ?
 				  krb_rd_safe((unsigned char *)ibuf, len,
@@ -1536,10 +1536,10 @@ pswitch(flag)
 		char mo[MAXPATHLEN];
 		char *authtype;
 		int lvl;
-#ifdef KERBEROS
+#ifdef KRB5_KRB4_COMPAT
 		C_Block session;
 		Key_schedule schedule;
-#endif /* KERBEROS */
+#endif /* KRB5_KRB4_COMPAT */
 	} proxstruct, tmpstruct;
 	struct comvars *ip, *op;
 
@@ -1608,12 +1608,12 @@ pswitch(flag)
 	level = op->lvl;
 	if (!level)
 		level = 1;
-#ifdef KERBEROS
+#ifdef KRB5_KRB4_COMPAT
 	memcpy(ip->session, cred.session, sizeof(cred.session));
 	memcpy(cred.session, op->session, sizeof(cred.session));
 	memcpy(ip->schedule, schedule, sizeof(schedule));
 	memcpy(schedule, op->schedule, sizeof(schedule));
-#endif /* KERBEROS */
+#endif /* KRB5_KRB4_COMPAT */
 	(void) signal(SIGINT, oldintr);
 	if (abrtflag) {
 		abrtflag = 0;
@@ -1821,9 +1821,9 @@ gunique(local)
 	return(new);
 }
 
-#ifdef KERBEROS
+#ifdef KRB5_KRB4_COMPAT
 char realm[REALM_SZ + 1];
-#endif /* KERBEROS */
+#endif /* KRB5_KRB4_COMPAT */
 
 #ifdef GSSAPI
 /* for testing, we don't have an ftp key yet */
@@ -1834,77 +1834,19 @@ do_auth()
 {
 	extern int setsafe();
 	int oldverbose;
-#ifdef KERBEROS
+#ifdef KRB5_KRB4_COMPAT
 	char *service, inst[INST_SZ];
 	u_long cksum, checksum = (u_long) getpid();
-#endif /* KERBEROS */
-#if defined(KERBEROS) || defined(GSSAPI)
+#endif /* KRB5_KRB4_COMPAT */
+#if defined(KRB5_KRB4_COMPAT) || defined(GSSAPI)
 	u_char out_buf[FTP_BUFSIZ];
 	int i;
-#endif /* KERBEROS */
+#endif /* KRB5_KRB4_COMPAT */
 
 	if (auth_type) return(1);	/* auth already succeeded */
 
 	/* Other auth types go here ... */
 
-#ifdef KERBEROS
-	if (command("AUTH %s", "KERBEROS_V4") == CONTINUE) {
-	    if (verbose)
-		printf("%s accepted as authentication type\n", "KERBEROS_V4");
-
-	    strcpy(inst, (char *) krb_get_phost(hostname));
-	    if (realm[0] == '\0')
-	    	strcpy(realm, (char *) krb_realmofhost(hostname));
-	    if ((kerror = krb_mk_req(&ticket, service = "ftp",
-					inst, realm, checksum))
-		&& (kerror != KDC_PR_UNKNOWN ||
-	        (kerror = krb_mk_req(&ticket, service = "rcmd",
-					inst, realm, checksum))))
-			fprintf(stderr, "Kerberos V4 krb_mk_req failed: %s\n",
-					krb_get_err_text(kerror));
-	    else if (kerror = krb_get_cred(service, inst, realm, &cred))
-			fprintf(stderr, "Kerberos V4 krb_get_cred failed: %s\n",
-					krb_get_err_text(kerror));
-	    else {
-		key_sched(cred.session, schedule);
-		reply_parse = "ADAT=";
-		oldverbose = verbose;
-		verbose = 0;
-		i = ticket.length;
-		if (kerror = radix_encode(ticket.dat, out_buf, &i, 0))
-			fprintf(stderr, "Base 64 encoding failed: %s\n",
-					radix_error(kerror));
-		else if (command("ADAT %s", out_buf) != COMPLETE)
-			fprintf(stderr, "Kerberos V4 authentication failed\n");
-		else if (!reply_parse)
-			fprintf(stderr,
-			       "No authentication data received from server\n");
-		else if (kerror = radix_encode(reply_parse, out_buf, &i, 1))
-			fprintf(stderr, "Base 64 decoding failed: %s\n",
-					radix_error(kerror));
-		else if (kerror = krb_rd_safe(out_buf, i, &cred.session,
-					    &hisctladdr, &myctladdr, &msg_data))
-			fprintf(stderr, "Kerberos V4 krb_rd_safe failed: %s\n",
-					krb_get_err_text(kerror));
-		else {
-		    /* fetch the (modified) checksum */
-		    (void) memcpy(&cksum, msg_data.app_data, sizeof(cksum));
-		    if (ntohl(cksum) == checksum + 1) {
-			verbose = oldverbose;
-			if (verbose)
-			   printf("Kerberos V4 authentication succeeded\n");
-			reply_parse = NULL;
-			auth_type = "KERBEROS_V4";
-			return(1);
-		    } else fprintf(stderr,
-				"Kerberos V4 mutual authentication failed\n");
-		}
-		verbose = oldverbose;
-		reply_parse = NULL;
-	    }
-	} else	fprintf(stderr, "%s rejected as an authentication type\n",
-				"KERBEROS_V4");
-#endif /* KERBEROS */
 #ifdef GSSAPI
 	if (command("AUTH %s", "GSSAPI") == CONTINUE) {
 	  OM_uint32 maj_stat, min_stat;
@@ -2042,6 +1984,64 @@ do_auth()
 	  }
 	}
 #endif /* GSSAPI */
+#ifdef KRB5_KRB4_COMPAT
+	if (command("AUTH %s", "KERBEROS_V4") == CONTINUE) {
+	    if (verbose)
+		printf("%s accepted as authentication type\n", "KERBEROS_V4");
+
+	    strcpy(inst, (char *) krb_get_phost(hostname));
+	    if (realm[0] == '\0')
+	    	strcpy(realm, (char *) krb_realmofhost(hostname));
+	    if ((kerror = krb_mk_req(&ticket, service = "ftp",
+					inst, realm, checksum))
+		&& (kerror != KDC_PR_UNKNOWN ||
+	        (kerror = krb_mk_req(&ticket, service = "rcmd",
+					inst, realm, checksum))))
+			fprintf(stderr, "Kerberos V4 krb_mk_req failed: %s\n",
+					krb_get_err_text(kerror));
+	    else if (kerror = krb_get_cred(service, inst, realm, &cred))
+			fprintf(stderr, "Kerberos V4 krb_get_cred failed: %s\n",
+					krb_get_err_text(kerror));
+	    else {
+		key_sched(cred.session, schedule);
+		reply_parse = "ADAT=";
+		oldverbose = verbose;
+		verbose = 0;
+		i = ticket.length;
+		if (kerror = radix_encode(ticket.dat, out_buf, &i, 0))
+			fprintf(stderr, "Base 64 encoding failed: %s\n",
+					radix_error(kerror));
+		else if (command("ADAT %s", out_buf) != COMPLETE)
+			fprintf(stderr, "Kerberos V4 authentication failed\n");
+		else if (!reply_parse)
+			fprintf(stderr,
+			       "No authentication data received from server\n");
+		else if (kerror = radix_encode(reply_parse, out_buf, &i, 1))
+			fprintf(stderr, "Base 64 decoding failed: %s\n",
+					radix_error(kerror));
+		else if (kerror = krb_rd_safe(out_buf, i, &cred.session,
+					    &hisctladdr, &myctladdr, &msg_data))
+			fprintf(stderr, "Kerberos V4 krb_rd_safe failed: %s\n",
+					krb_get_err_text(kerror));
+		else {
+		    /* fetch the (modified) checksum */
+		    (void) memcpy(&cksum, msg_data.app_data, sizeof(cksum));
+		    if (ntohl(cksum) == checksum + 1) {
+			verbose = oldverbose;
+			if (verbose)
+			   printf("Kerberos V4 authentication succeeded\n");
+			reply_parse = NULL;
+			auth_type = "KERBEROS_V4";
+			return(1);
+		    } else fprintf(stderr,
+				"Kerberos V4 mutual authentication failed\n");
+		}
+		verbose = oldverbose;
+		reply_parse = NULL;
+	    }
+	} else	fprintf(stderr, "%s rejected as an authentication type\n",
+				"KERBEROS_V4");
+#endif /* KRB5_KRB4_COMPAT */
 
 	/* Other auth types go here ... */
 
diff --git a/src/appl/gssftp/ftp/main.c b/src/appl/gssftp/ftp/main.c
index 4a6d88f54..a73f4fb93 100644
--- a/src/appl/gssftp/ftp/main.c
+++ b/src/appl/gssftp/ftp/main.c
@@ -67,11 +67,11 @@ uid_t	getuid();
 sigtype	intr(), lostpeer();
 extern	char *home;
 char	*getlogin();
-#ifdef KERBEROS
+#ifdef KRB5_KRB4_COMPAT
 #include <krb.h>
 struct servent staticsp;
 extern char realm[];
-#endif /* KERBEROS */
+#endif /* KRB5_KRB4_COMPAT */
 
 main(argc, argv)
 	char *argv[];
@@ -86,12 +86,12 @@ main(argc, argv)
 		fprintf(stderr, "ftp: ftp/tcp: unknown service\n");
 		exit(1);
 	}
-#ifdef KERBEROS
+#ifdef KRB5_KRB4_COMPAT
 /* GDM need to static sp so that the information is not lost
    when kerberos calls getservbyname */
 	memcpy(&staticsp,sp,sizeof(struct servent));
 	sp = &staticsp;
-#endif /* KERBEROS */
+#endif /* KRB5_KRB4_COMPAT */
 	doglob = 1;
 	interactive = 1;
 	autologin = 1;
@@ -105,7 +105,7 @@ main(argc, argv)
 				debug++;
 				break;
 
-#ifdef KERBEROS
+#ifdef KRB5_KRB4_COMPAT
 			case 'k':
 				if (*++cp != '\0')
 					strncpy(realm, ++cp, REALM_SZ);
diff --git a/src/appl/gssftp/ftp/secure.c b/src/appl/gssftp/ftp/secure.c
index 550160b03..a379370eb 100644
--- a/src/appl/gssftp/ftp/secure.c
+++ b/src/appl/gssftp/ftp/secure.c
@@ -4,16 +4,16 @@
  * Only one security context, thus only work on one fd at a time!
  */
 
-#include "secure.h"	/* stuff which is specific to client or server */
+#include <secure.h>	/* stuff which is specific to client or server */
 
-#ifdef KERBEROS
+#ifdef KRB5_KRB4_COMPAT
 #include <krb.h>
 
 CRED_DECL
 extern KTEXT_ST ticket;
 extern MSG_DAT msg_data;
 extern Key_schedule schedule;
-#endif /* KERBEROS */
+#endif /* KRB5_KRB4_COMPAT */
 #ifdef GSSAPI
 #include <gssapi/gssapi.h>
 #include <gssapi/gssapi_generic.h>
@@ -58,15 +58,16 @@ extern unsigned char *ucbuf;	/* cleartext buffer */
 static unsigned int nout, bufp;	/* number of chars in ucbuf,
 				 * pointer into ucbuf */
 
-#ifdef KERBEROS
+#ifdef KRB5_KRB4_COMPAT
 #define FUDGE_FACTOR 32		/* Amount of growth
 				 * from cleartext to ciphertext.
 				 * krb_mk_priv adds this # bytes.
 				 * Must be defined for each auth type.
 				 */
-#endif /* KERBEROS */
+#endif /* KRB5_KRB4_COMPAT */
 
 #ifdef GSSAPI
+#undef FUDGE_FACTOR
 #define FUDGE_FACTOR 64 /*It appears to add 52 byts, but I'm not usre it is a constant--hartmans*/
 #endif /*GSSAPI*/
 
@@ -74,7 +75,7 @@ static unsigned int nout, bufp;	/* number of chars in ucbuf,
 #define FUDGE_FACTOR 0
 #endif
 
-#ifdef KERBEROS
+#ifdef KRB5_KRB4_COMPAT
 /* XXX - The following must be redefined if KERBEROS_V4 is not used
  * but some other auth type is.  They must have the same properties. */
 #define looping_write krb_net_write
@@ -223,13 +224,13 @@ secure_putbuf(fd, buf, nbyte)
 unsigned char *buf;
 unsigned int nbyte;
 {
-  static char *outbuf;		/* output ciphertext */
+	static char *outbuf;		/* output ciphertext */
 	static unsigned int bufsize;	/* size of outbuf */
 	ftp_int32 length;
 	ftp_uint32 net_len;
 
 	/* Other auth types go here ... */
-#ifdef KERBEROS
+#ifdef KRB5_KRB4_COMPAT
 	if (bufsize < nbyte + FUDGE_FACTOR) {
 		if (outbuf?
 		    (outbuf = realloc(outbuf, (unsigned) (nbyte + FUDGE_FACTOR))):
@@ -253,7 +254,7 @@ unsigned int nbyte;
 				level == PROT_P ? "priv" : "safe");
 		return(ERR);
 	  }
-#endif /* KERBEROS */
+#endif /* KRB5_KRB4_COMPAT */
 #ifdef GSSAPI
 	if (strcmp(auth_type, "GSSAPI") == 0) {
 		gss_buffer_desc in_buf, out_buf;
@@ -330,7 +331,7 @@ int fd;
 			return(ERR);
 		}
 		/* Other auth types go here ... */
-#ifdef KERBEROS
+#ifdef KRB5_KRB4_COMPAT
 		if (strcmp(auth_type, "KERBEROS_V4") == 0) {
 		  if (kerror = level == PROT_P ?
 		    krb_rd_priv(ucbuf, length, schedule, SESSION,
@@ -345,7 +346,7 @@ int fd;
 		  memcpy(ucbuf, msg_data.app_data, msg_data.app_length);
 		  nin = bufp = msg_data.app_length;
 		}
-#endif /* KERBEROS */
+#endif /* KRB5_KRB4_COMPAT */
 #ifdef GSSAPI
 		if (strcmp(auth_type, "GSSAPI") == 0) {
 		  gss_buffer_desc xmit_buf, msg_buf;