diff options
| -rw-r--r-- | src/windows/leashdll/krb5routines.c | 431 | ||||
| -rw-r--r-- | src/windows/leashdll/leashw32.def | 2 |
2 files changed, 0 insertions, 433 deletions
diff --git a/src/windows/leashdll/krb5routines.c b/src/windows/leashdll/krb5routines.c index 8de317900..3911720ae 100644 --- a/src/windows/leashdll/krb5routines.c +++ b/src/windows/leashdll/krb5routines.c @@ -206,437 +206,6 @@ Leash_convert524( #endif /* NO_KRB5 */ } -#ifndef ENCTYPE_LOCAL_RC4_MD4 -#define ENCTYPE_LOCAL_RC4_MD4 0xFFFFFF80 -#endif - -static char * -etype_string(krb5_enctype enctype) -{ - static char buf[12]; - - switch (enctype) { - case ENCTYPE_NULL: - return "NULL"; - case ENCTYPE_DES_CBC_CRC: - return "DES-CBC-CRC"; - case ENCTYPE_DES_CBC_MD4: - return "DES-CBC-MD4"; - case ENCTYPE_DES_CBC_MD5: - return "DES-CBC-MD5"; - case ENCTYPE_DES_CBC_RAW: - return "DES-CBC-RAW"; - case ENCTYPE_DES3_CBC_SHA: - return "DES3-CBC-SHA"; - case ENCTYPE_DES3_CBC_RAW: - return "DES3-CBC-RAW"; - case ENCTYPE_DES_HMAC_SHA1: - return "DES-HMAC-SHA1"; - case ENCTYPE_DES3_CBC_SHA1: - return "DES3-CBC-SHA1"; - case ENCTYPE_AES128_CTS_HMAC_SHA1_96: - return "AES128_CTS-HMAC-SHA1_96"; - case ENCTYPE_AES256_CTS_HMAC_SHA1_96: - return "AES256_CTS-HMAC-SHA1_96"; - case ENCTYPE_ARCFOUR_HMAC: - return "RC4-HMAC-NT"; - case ENCTYPE_ARCFOUR_HMAC_EXP: - return "RC4-HMAC-NT-EXP"; - case ENCTYPE_UNKNOWN: - return "UNKNOWN"; -#ifdef ENCTYPE_LOCAL_DES3_HMAC_SHA1 - case ENCTYPE_LOCAL_DES3_HMAC_SHA1: - return "LOCAL-DES3-HMAC-SHA1"; -#endif -#ifdef ENCTYPE_LOCAL_RC4_MD4 - case ENCTYPE_LOCAL_RC4_MD4: - return "LOCAL-RC4-MD4"; -#endif - default: - wsprintf(buf, "#%d", enctype); - return buf; - } -} - -char * -one_addr(krb5_address *a) -{ - static char retstr[256]; - struct hostent *h; - int no_resolve = 1; - - retstr[0] = '\0'; - - if ((a->addrtype == ADDRTYPE_INET && a->length == 4) -#ifdef AF_INET6 - || (a->addrtype == ADDRTYPE_INET6 && a->length == 16) -#endif - ) { - int af = AF_INET; -#ifdef AF_INET6 - if (a->addrtype == ADDRTYPE_INET6) - af = AF_INET6; -#endif - if (!no_resolve) { -#ifdef HAVE_GETIPNODEBYADDR - int err; - h = getipnodebyaddr(a->contents, a->length, af, &err); - if (h) { - wsprintf(retstr, "%s", h->h_name); - freehostent(h); - } -#else - h = gethostbyaddr(a->contents, a->length, af); - if (h) { - wsprintf(retstr,"%s", h->h_name); - } -#endif - if (h) - return(retstr); - } - if (no_resolve || !h) { -#ifdef HAVE_INET_NTOP - char buf[46]; - const char *name = inet_ntop(a->addrtype, a->contents, buf, sizeof(buf)); - if (name) { - wsprintf(retstr,"%s", name); - return; - } -#else - if (a->addrtype == ADDRTYPE_INET) { - wsprintf(retstr,"%d.%d.%d.%d", a->contents[0], a->contents[1], - a->contents[2], a->contents[3]); - return(retstr); - } -#endif - } - } - wsprintf(retstr,"unknown addr type %d", a->addrtype); - return(retstr); -} - -static void -CredToTicketInfo(krb5_creds KRBv5Credentials, TICKETINFO *ticketinfo) -{ - ticketinfo->issued = KRBv5Credentials.times.starttime; - ticketinfo->valid_until = KRBv5Credentials.times.endtime; - ticketinfo->renew_until = - KRBv5Credentials.ticket_flags & TKT_FLG_RENEWABLE ? - KRBv5Credentials.times.renew_till : 0; - _tzset(); - if (ticketinfo->valid_until - time(0) <= 0L) - ticketinfo->btickets = EXPD_TICKETS; - else - ticketinfo->btickets = GOOD_TICKETS; -} - -static int -CredToTicketList(krb5_context ctx, krb5_creds KRBv5Credentials, - char *PrincipalName, TicketList ***ticketListTail) -{ - krb5_error_code code = 0; - krb5_ticket *tkt=NULL; - char *sServerName = NULL; - char Buffer[256]; - char *ticketFlag; - char *functionName = NULL; - TicketList *list = NULL; - - functionName = "krb5_unparse_name()"; - code = (*pkrb5_unparse_name)(ctx, KRBv5Credentials.server, &sServerName); - if (code) - goto cleanup; - - if (!KRBv5Credentials.times.starttime) - KRBv5Credentials.times.starttime = KRBv5Credentials.times.authtime; - - memset(Buffer, '\0', sizeof(Buffer)); - - ticketFlag = GetTicketFlag(&KRBv5Credentials); - - // @fixme: calloc for ptr init - list = calloc(1, sizeof(TicketList)); - if (list == NULL) { - code = ENOMEM; - functionName = "calloc()"; - goto cleanup; - } - list->service = strdup(sServerName); - if (!list->service) { - code = ENOMEM; - functionName = "calloc()"; - goto cleanup; - } - list->issued = KRBv5Credentials.times.starttime; - list->valid_until = KRBv5Credentials.times.endtime; - if (KRBv5Credentials.ticket_flags & TKT_FLG_RENEWABLE) - list->renew_until = KRBv5Credentials.times.renew_till; - else - list->renew_until = 0; - - if (!pkrb5_decode_ticket(&KRBv5Credentials.ticket, &tkt)) { - wsprintf(Buffer, "Session Key: %s Ticket: %s", - etype_string(KRBv5Credentials.keyblock.enctype), - etype_string(tkt->enc_part.enctype)); - pkrb5_free_ticket(ctx, tkt); - tkt = NULL; - } else { - wsprintf(Buffer, "Session Key: %s", - etype_string(KRBv5Credentials.keyblock.enctype)); - } - - list->encTypes = calloc(1, strlen(Buffer)+1); - if (list->encTypes == NULL) { - functionName = "calloc()"; - code = ENOMEM; - goto cleanup; - } - strcpy(list->encTypes, Buffer); - -cleanup: - if (code) { - Leash_krb5_error(code, functionName, 0, &ctx, NULL); - if (list != NULL) { - not_an_API_LeashFreeTicketList(&list); - } - } else { - **ticketListTail = list; - *ticketListTail = &list->next; - } - - if (sServerName != NULL) - (*pkrb5_free_unparsed_name)(ctx, sServerName); - - return code; -} - -int -do_ccache(krb5_context ctx, - krb5_ccache cache, - TICKETINFO ***ticketInfoTail) -{ - krb5_cc_cursor cur; - krb5_creds creds; - krb5_principal princ = NULL; - krb5_flags flags; - krb5_error_code code; - char *defname = NULL; - char *functionName = NULL; - TicketList **ticketListTail; - TICKETINFO *ticketinfo; - - flags = 0; /* turns off OPENCLOSE mode */ - code = pkrb5_cc_set_flags(ctx, cache, flags); - if (code) { - functionName = "krb5_cc_set_flags"; - goto cleanup; - } - code = pkrb5_cc_get_principal(ctx, cache, &princ); - if (code) { - functionName = "krb5_cc_get_principal"; - goto cleanup; - } - code = pkrb5_unparse_name(ctx, princ, &defname); - if (code) { - functionName = "krb5_unparse_name"; - goto cleanup; - } - code = pkrb5_cc_start_seq_get(ctx, cache, &cur); - if (code) { - functionName = "krb5_cc_start_seq_get"; - goto cleanup; - } - - ticketinfo = calloc(1, sizeof(TICKETINFO)); - if (ticketinfo == NULL) { - functionName = "calloc"; - code = ENOMEM; - goto cleanup; - } - ticketinfo->next = NULL; - ticketinfo->ticket_list = NULL; - ticketinfo->principal = strdup(defname); - if (ticketinfo->principal == NULL) { - functionName = "strdup"; - code = ENOMEM; - goto cleanup; - } - ticketinfo->ccache_name = strdup(pkrb5_cc_get_name(ctx, cache)); - if (ticketinfo->ccache_name == NULL) { - functionName = "strdup"; - code = ENOMEM; - goto cleanup; - } - **ticketInfoTail = ticketinfo; - *ticketInfoTail = &ticketinfo->next; - ticketListTail = &ticketinfo->ticket_list; - while (!(code = pkrb5_cc_next_cred(ctx, cache, &cur, &creds))) { - if (pkrb5_is_config_principal(ctx, creds.server)) - continue; - CredToTicketList(ctx, creds, defname, &ticketListTail); - CredToTicketInfo(creds, ticketinfo); - pkrb5_free_cred_contents(ctx, &creds); - } - if (code == KRB5_CC_END) { - code = pkrb5_cc_end_seq_get(ctx, cache, &cur); - if (code) { - functionName = "krb5_cc_end_seq_get"; - goto cleanup; - } - flags = KRB5_TC_OPENCLOSE; /* turns on OPENCLOSE mode */ - code = pkrb5_cc_set_flags(ctx, cache, flags); - if (code) { - functionName = "krb5_cc_set_flags"; - goto cleanup; - } - } else { - functionName = "krb5_cc_next_cred"; - goto cleanup; - } -cleanup: - if (code) { - Leash_krb5_error(code, functionName, 0, NULL, NULL); - } - if (princ) - pkrb5_free_principal(ctx, princ); - if (defname) - pkrb5_free_unparsed_name(ctx, defname); - return code ? 1 : 0; -} - - -// -// Returns 0 for success, 1 for failure -// -int -do_all_ccaches(krb5_context ctx, TICKETINFO **ticketinfotail) -{ - krb5_error_code code; - krb5_ccache cache; - krb5_cccol_cursor cursor; - int retval = 0; - char *functionName = NULL; - - code = pkrb5_cccol_cursor_new(ctx, &cursor); - if (code) { - functionName = "krb5_cccol_cursor_new"; - goto cleanup; - } - retval = 0; - while (!(code = pkrb5_cccol_cursor_next(ctx, cursor, &cache)) && - cache != NULL) { - // Note that ticketList will be updated here to point to the tail - // of the list but the caller of this function will remain with a - // pointer to the head. - do_ccache(ctx, cache, &ticketinfotail); - pkrb5_cc_close(ctx, cache); - } - if (code) - functionName = "krb5_cccol_cursor_next"; - pkrb5_cccol_cursor_free(ctx, &cursor); -cleanup: - if (code) { - Leash_krb5_error(code, functionName, 0, NULL, NULL); - } - return retval; -} - -static void FreeTicketInfo(TICKETINFO *ticketinfo) -{ - if (ticketinfo->principal) { - free(ticketinfo->principal); - ticketinfo->principal = NULL; - } - if (ticketinfo->ccache_name) { - free(ticketinfo->ccache_name); - ticketinfo->ccache_name = NULL; - } - if (ticketinfo->ticket_list) - not_an_API_LeashFreeTicketList(&ticketinfo->ticket_list); -} - -long -not_an_API_LeashKRB5FreeTickets(TICKETINFO *ticketinfo) -{ - TICKETINFO *initial = ticketinfo; // @TEMP fixme - TICKETINFO *next; - while (ticketinfo != NULL) { - next = ticketinfo->next; - FreeTicketInfo(ticketinfo); - // @TEMP fixme - if (ticketinfo != initial) { - free(ticketinfo); - } - ticketinfo = next; - } - return 0; -} - - -/* - * LeashKRB5GetTickets() treats krbv5Context as an in/out variable. - * If the caller does not provide a krb5_context, one will be allocated. - * It is up to the caller to ensure that the context is eventually freed. - * A context can be returned even if the function returns an error. - */ - -long -not_an_API_LeashKRB5GetTickets(TICKETINFO *ticketinfo, - krb5_context *krbv5Context) -{ - krb5_error_code code; - krb5_principal me = 0; - krb5_context ctx = 0; - krb5_ccache cache = 0; - char *PrincipalName = NULL; - - code = Leash_krb5_initialize(krbv5Context); - if (code) - return code; - - ctx = *krbv5Context; - - // @TEMP fixme; shouldn't be necessary - // save default principal name in ticketinfo - if (ticketinfo != NULL) { - ticketinfo->btickets = NO_TICKETS; - ticketinfo->principal = NULL; - ticketinfo->ccache_name = NULL; - ticketinfo->next = NULL; - ticketinfo->ticket_list = NULL; - - code = pkrb5_cc_default(ctx, &cache); - if (code) - goto cleanup; - ticketinfo->ccache_name = strdup(pkrb5_cc_get_name(ctx, cache)); - if (ticketinfo->ccache_name == NULL) { - code = ENOMEM; - goto cleanup; - } - if (!pkrb5_cc_get_principal(ctx, cache, &me)) { - code = (*pkrb5_unparse_name)(ctx, me, &PrincipalName); - if (code) - goto cleanup; - if (PrincipalName) { - ticketinfo->principal = strdup(PrincipalName); - pkrb5_free_unparsed_name(ctx, PrincipalName); - } - } - } - - do_all_ccaches(*krbv5Context, &ticketinfo->next); - // @TEMP aggregate ticket info here? - -cleanup: - if (code) - not_an_API_LeashKRB5FreeTickets(ticketinfo); - if (cache) - pkrb5_cc_close(ctx, cache); - if (me) - pkrb5_free_principal(ctx, me); - return code; -} - int LeashKRB5_renew(void) diff --git a/src/windows/leashdll/leashw32.def b/src/windows/leashdll/leashw32.def index 75371741b..a45392475 100644 --- a/src/windows/leashdll/leashw32.def +++ b/src/windows/leashdll/leashw32.def @@ -101,9 +101,7 @@ EXPORTS ; XXX - These have to go... not_an_API_LeashAFSGetToken - not_an_API_LeashKRB5GetTickets not_an_API_LeashFreeTicketList not_an_API_LeashKRB4GetTickets not_an_API_LeashGetTimeServerName not_an_API_Leash_AcquireInitialTicketsIfNeeded - not_an_API_LeashKRB5FreeTickets
\ No newline at end of file |