diff options
Diffstat (limited to 'src')
37 files changed, 1953 insertions, 933 deletions
diff --git a/src/include/ChangeLog b/src/include/ChangeLog index 8007aafbe..0cf22ca70 100644 --- a/src/include/ChangeLog +++ b/src/include/ChangeLog @@ -1,3 +1,8 @@ +2002-11-26 Tom Yu <tlyu@mit.edu> + + * port-sockets.h: Add SOCKET_CONNECT, SOCKET_GETSOCKNAME, and + SOCKET_CLOSE to allow for porting of some KfM things. + 2002-11-14 Tom Yu <tlyu@mit.edu> * Makefile.in: Remove references to adm_err.h from here too. diff --git a/src/include/kerberosIV/ChangeLog b/src/include/kerberosIV/ChangeLog index 8c8fa69b7..bbee33b22 100644 --- a/src/include/kerberosIV/ChangeLog +++ b/src/include/kerberosIV/ChangeLog @@ -1,3 +1,31 @@ +2002-11-26 Tom Yu <tlyu@mit.edu> + + * Makefile.in (KRB4_HEADERS): Don't install kadm.h anymore. + + * des.h: Put "#" characters in first column. Do the + KRBINT_BEGIN_DECLS hack to make emacs happy. Shuffle limits.h + inclusion to be outside C++ and Mac alignment magic. + + * kadm.h: Remove some spurious prototypes. Rename a bunch of + internal kadm_stream stuff to avoid stomping on namespace. Add + prototypes for some client-side kadm stuff. + + * krb.h: Do Mac CFM magic. Do C++ mangling protection. Do Mac + alignment magic. Move inclusions outside of C++ mangling + protection and Mac magic. Add KRB5_CALLCONV to a few functions + that KfM's krb.h exports. Merge the *_in_tkt_*_creds, + mk_req_creds, and rd_req_int functions from KfM. Add prototypes + for some KfM-specific things yet to be merged. + + * prot.h: Don't include krb_conf.h anymore. Twiddle the int + encoding/decoding macros a little. + + * des_conf.h: + * highc.h: + * krb_conf.h: + * passwd_server.h: + * principal.h: Remove, since they're obsolete. + 2002-10-07 Sam Hartman <hartmans@mit.edu> * Makefile.in: Support install-headers diff --git a/src/include/kerberosIV/Makefile.in b/src/include/kerberosIV/Makefile.in index e48321ec6..d54101dcd 100644 --- a/src/include/kerberosIV/Makefile.in +++ b/src/include/kerberosIV/Makefile.in @@ -3,7 +3,7 @@ myfulldir=include/kerberosIV mydir=kerberosIV MY_SUBDIRS=. BUILDTOP=$(REL)..$(S).. -KRB4_HEADERS=krb.h des.h kadm.h mit-copyright.h +KRB4_HEADERS=krb.h des.h mit-copyright.h all-unix:: krb_err.h diff --git a/src/include/kerberosIV/des.h b/src/include/kerberosIV/des.h index 46a4f527d..d51120958 100644 --- a/src/include/kerberosIV/des.h +++ b/src/include/kerberosIV/des.h @@ -27,25 +27,37 @@ */ #if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__)) - #include <TargetConditionals.h> - #if TARGET_RT_MAC_CFM - #error "Use KfM 4.0 SDK headers for CFM compilation." - #endif +# include <TargetConditionals.h> +# if TARGET_RT_MAC_CFM +# error "Use KfM 4.0 SDK headers for CFM compilation." +# endif +#endif + +#ifdef __cplusplus +#ifndef KRBINT_BEGIN_DECLS +#define KRBINT_BEGIN_DECLS extern "C" { +#define KRBINT_END_DECLS } +#endif +#else +#define KRBINT_BEGIN_DECLS +#define KRBINT_END_DECLS #endif #ifndef KRB5INT_DES_TYPES_DEFINED #define KRB5INT_DES_TYPES_DEFINED +#include <limits.h> + +KRBINT_BEGIN_DECLS + #if TARGET_OS_MAC - #if defined(__MWERKS__) - #pragma import on - #pragma enumsalwaysint on - #endif - #pragma options align=mac68k +# if defined(__MWERKS__) +# pragma import on +# pragma enumsalwaysint on +# endif +# pragma options align=mac68k #endif -#include <limits.h> - #if UINT_MAX >= 0xFFFFFFFFUL #define DES_INT32 int #define DES_UINT32 unsigned int @@ -60,10 +72,12 @@ typedef unsigned char des_cblock[8]; /* crypto-block size */ * * This used to be * - * typedef struct des_ks_struct { union { DES_INT32 pad; des_cblock _;} __; } des_key_schedule[16]; + * typedef struct des_ks_struct { + * union { DES_INT32 pad; des_cblock _;} __; + * } des_key_schedule[16]; * - * but it would cause trouble if DES_INT32 is ever more than 4 bytes. - * The reason is that all the encryption functions cast it to + * but it would cause trouble if DES_INT32 were ever more than 4 + * bytes. The reason is that all the encryption functions cast it to * (DES_INT32 *), and treat it as if it were DES_INT32[32]. If * 2*sizeof(DES_INT32) is ever more than sizeof(des_cblock), the * caller-allocated des_key_schedule will be overflowed by the key @@ -74,13 +88,15 @@ typedef unsigned char des_cblock[8]; /* crypto-block size */ typedef struct des_ks_struct { DES_INT32 _[2]; } des_key_schedule[16]; #if TARGET_OS_MAC - #if defined(__MWERKS__) - #pragma enumsalwaysint reset - #pragma import reset - #endif - #pragma options align=reset +# if defined(__MWERKS__) +# pragma enumsalwaysint reset +# pragma import reset +# endif +# pragma options align=reset #endif +KRBINT_END_DECLS + #endif /* KRB5INT_DES_TYPES_DEFINED */ /* only do the whole thing once */ @@ -94,18 +110,6 @@ typedef struct des_ks_struct { DES_INT32 _[2]; } des_key_schedule[16]; #ifndef KRB5INT_CRYPTO_DES_INT #define DES_DEFS -#if TARGET_OS_MAC - #if defined(__MWERKS__) - #pragma import on - #pragma enumsalwaysint on - #endif - #pragma options align=mac68k -#endif - -#if defined(_WIN32) && !defined(_WINDOWS) -#define _WINDOWS -#endif - #if defined(_WINDOWS) #ifndef KRB4 #define KRB4 1 @@ -114,6 +118,20 @@ typedef struct des_ks_struct { DES_INT32 _[2]; } des_key_schedule[16]; #endif #include <stdio.h> /* need FILE for des_cblock_print_file */ +KRBINT_BEGIN_DECLS + +#if TARGET_OS_MAC +# if defined(__MWERKS__) +# pragma import on +# pragma enumsalwaysint on +# endif +# pragma options align=mac68k +#endif + +#if defined(_WIN32) && !defined(_WINDOWS) +#define _WINDOWS +#endif + /* Windows declarations */ #ifndef KRB5_CALLCONV #define KRB5_CALLCONV @@ -221,12 +239,14 @@ void des_set_sequence_number(des_cblock); #endif /* TARGET_OS_MAC */ #if TARGET_OS_MAC - #if defined(__MWERKS__) - #pragma enumsalwaysint reset - #pragma import reset - #endif - #pragma options align=reset +# if defined(__MWERKS__) +# pragma enumsalwaysint reset +# pragma import reset +# endif +# pragma options align=reset #endif +KRBINT_END_DECLS + #endif /* KRB5INT_CRYPTO_DES_INT */ #endif /* DES_DEFS */ diff --git a/src/include/kerberosIV/des_conf.h b/src/include/kerberosIV/des_conf.h deleted file mode 100644 index 673eb93fb..000000000 --- a/src/include/kerberosIV/des_conf.h +++ /dev/null @@ -1,2 +0,0 @@ -This file is obsolete and should not be used any more. -Use "conf.h" instead. diff --git a/src/include/kerberosIV/highc.h b/src/include/kerberosIV/highc.h deleted file mode 100644 index c45a85502..000000000 --- a/src/include/kerberosIV/highc.h +++ /dev/null @@ -1,49 +0,0 @@ -/* - * include/kerberosIV/highc.h - * - * Copyright 1988, 1994 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Known breakage in the version of Metaware's High C compiler that - * we've got available.... - */ - -#define const -/*#define volatile*/ - -/* - * Some builtin functions we can take advantage of for inlining.... - */ - -#define abs _abs -/* the _max and _min builtins accept any number of arguments */ -#undef MAX -#define MAX(x,y) _max(x,y) -#undef MIN -#define MIN(x,y) _min(x,y) -/* - * I'm not sure if 65535 is a limit for this builtin, but it's - * reasonable for a string length. Or is it? - */ -/*#define strlen(s) _find_char(s,65535,0)*/ -#define bzero(ptr,len) _fill_char(ptr,len,'\0') -#define bcmp(b1,b2,len) _compare(b1,b2,len) diff --git a/src/include/kerberosIV/kadm.h b/src/include/kerberosIV/kadm.h index e3f47c059..e65af2926 100644 --- a/src/include/kerberosIV/kadm.h +++ b/src/include/kerberosIV/kadm.h @@ -1,8 +1,8 @@ /* * include/kerberosIV/kadm.h * - * Copyright 1988, 1994 by the Massachusetts Institute of Technology. - * All Rights Reserved. + * Copyright 1988, 1994, 2002 by the Massachusetts Institute of + * Technology. All Rights Reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. @@ -23,7 +23,9 @@ * this software for any purpose. It is provided "as is" without express * or implied warranty. * - * Definitions for Kerberos administration server & client + * Definitions for Kerberos administration server & client. These + * should be considered private; among other reasons, it leaks all + * over the namespace. */ #ifndef KADM_DEFS @@ -47,18 +49,21 @@ /* The global structures for the client and server */ typedef struct { - struct sockaddr_in admin_addr; - struct sockaddr_in my_addr; - int my_addr_len; - int admin_fd; /* file descriptor for link to admin server */ - char sname[ANAME_SZ]; /* the service name */ - char sinst[INST_SZ]; /* the services instance */ - char krbrlm[REALM_SZ]; + struct sockaddr_in admin_addr; + struct sockaddr_in my_addr; + int my_addr_len; + int admin_fd; /* file descriptor for link to admin server */ + char sname[ANAME_SZ]; /* the service name */ + char sinst[INST_SZ]; /* the services instance */ + char krbrlm[REALM_SZ]; + /* KfM additions... */ + int default_port; + CREDENTIALS creds; /* The client's credentials (from krb_get_pw_in_tkt_creds)*/ } Kadm_Client; typedef struct { /* status of the server, i.e the parameters */ - int inter; /* Space for command line flags */ - char *sysfile; /* filename of server */ + int inter; /* Space for command line flags */ + char *sysfile; /* filename of server */ } admin_params; /* Well... it's the admin's parameters */ /* Largest password length to be supported */ @@ -92,9 +97,9 @@ typedef struct { u_char fields[FLDSZ]; /* The active fields in this struct */ char name[ANAME_SZ]; char instance[INST_SZ]; - unsigned long key_low; - unsigned long key_high; - unsigned long exp_date; + KRB_UINT32 key_low; + KRB_UINT32 key_high; + KRB_UINT32 exp_date; unsigned short attributes; unsigned char max_life; } Kadm_vals; /* The basic values structure in Kadm */ @@ -143,18 +148,47 @@ DELACL #define KADM_CYGNUS_EXT_BASE 64 #define DEL_ENT (KADM_CYGNUS_EXT_BASE+1) -extern long kdb_get_master_key(); /* XXX should be in krb_db.h */ -extern long kdb_verify_master_key(); /* XXX ditto */ - -extern long krb_mk_priv(), krb_rd_priv(); /* XXX should be in krb.h */ -extern void krb_set_tkt_string(); /* XXX ditto */ - -extern unsigned long quad_cksum(); /* XXX should be in des.h */ - #ifdef POSIX typedef void sigtype; #else typedef int sigtype; #endif +/* Avoid stomping on namespace... */ + +#define vals_to_stream kadm_vals_to_stream +#define build_field_header kadm_build_field_header +#define vts_string kadm_vts_string +#define vts_short kadm_vts_short +#define vts_long kadm_vts_long +#define vts_char kadm_vts_char + +#define stream_to_vals kadm_stream_to_vals +#define check_field_header kadm_check_field_header +#define stv_string kadm_stv_string +#define stv_short kadm_stv_short +#define stv_long kadm_stv_long +#define stv_char kadm_stv_char + +int vals_to_stream(Kadm_vals *, u_char **); +int build_field_header(u_char *, u_char **); +int vts_string(char *, u_char **, int); +int vts_short(KRB_UINT32, u_char **, int); +int vts_long(KRB_UINT32, u_char **, int); +int vts_char(KRB_UINT32, u_char **, int); + +int stream_to_vals(u_char *, Kadm_vals *, int); +int check_field_header(u_char *, u_char *, int); +int stv_string(u_char *, char *, int, int, int); +int stv_short(u_char *, u_short *, int, int); +int stv_long(u_char *, KRB_UINT32 *, int, int); +int stv_char(u_char *, u_char *, int, int); + +int kadm_init_link(char *, char *, char *, Kadm_Client *, int); +int kadm_cli_send(Kadm_Client *, u_char *, size_t, u_char **, size_t *); +int kadm_cli_conn(Kadm_Client *); +void kadm_cli_disconn(Kadm_Client *); +int kadm_cli_out(Kadm_Client *, u_char *, int, u_char **, size_t *); +int kadm_cli_keyd(Kadm_Client *, des_cblock, des_key_schedule); + #endif /* KADM_DEFS */ diff --git a/src/include/kerberosIV/krb.h b/src/include/kerberosIV/krb.h index 30376bcfd..fe28111c4 100644 --- a/src/include/kerberosIV/krb.h +++ b/src/include/kerberosIV/krb.h @@ -1,8 +1,8 @@ /* * include/kerberosIV/krb.h * - * Copyright 1987, 1988, 1994, 2001 by the Massachusetts Institute of - * Technology. All Rights Reserved. + * Copyright 1987, 1988, 1994, 2001, 2002 by the Massachusetts + * Institute of Technology. All Rights Reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. @@ -30,17 +30,51 @@ #ifndef KRB_DEFS #define KRB_DEFS +#if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__)) +# include <TargetConditionals.h> +# if TARGET_RT_MAC_CFM +# error "Use KfM 4.0 SDK headers for CFM compilation." +# endif +#endif + +/* Define u_char, u_short, u_int, and u_long. */ +/* XXX these typdef names are not standardized! */ +#include <sys/types.h> + /* Need some defs from des.h */ #include <kerberosIV/des.h> -#define KRB4_32 DES_INT32 -#define KRB_INT32 DES_INT32 -#define KRB_UINT32 DES_UINT32 +#include <kerberosIV/krb_err.h> /* XXX FIXME! */ + +#include <profile.h> #ifdef _WINDOWS #include <time.h> #endif /* _WINDOWS */ +#ifdef __cplusplus +#ifndef KRBINT_BEGIN_DECLS +#define KRBINT_BEGIN_DECLS extern "C" { +#define KRBINT_END_DECLS } +#endif +#else +#define KRBINT_BEGIN_DECLS +#define KRBINT_END_DECLS +#endif +KRBINT_BEGIN_DECLS + +#if TARGET_OS_MAC +# if defined(__MWERKS__) +# pragma import on +# pragma enumsalwaysint on +# endif +# pragma options align=mac68k +#endif + +#define KRB4_32 DES_INT32 +#define KRB_INT32 DES_INT32 +#define KRB_UINT32 DES_UINT32 + /* Text describing error codes */ #define MAX_KRB_ERRORS 256 extern const char *const krb_err_txt[MAX_KRB_ERRORS]; @@ -74,6 +108,9 @@ extern const char *const krb_err_txt[MAX_KRB_ERRORS]; #define REALM_SZ 40 #define SNAME_SZ 40 #define INST_SZ 40 +/* + * NB: This overcounts due to NULs. + */ /* include space for '.' and '@' */ #define MAX_K_NAME_SZ (ANAME_SZ + INST_SZ + REALM_SZ + 2) #define KKEY_SZ 100 @@ -117,7 +154,7 @@ typedef struct ktext KTEXT_ST; #endif /* PC */ /* Parameters for rd_ap_req */ -/* Maximum alloable clock skew in seconds */ +/* Maximum allowable clock skew in seconds */ #define CLOCK_SKEW 5*60 /* Filename for readservkey */ #define KEYFILE ((char*)krb__get_srvtabname("/etc/srvtab")) @@ -182,7 +219,10 @@ typedef struct msg_dat MSG_DAT; #define TKT_ROOT "/tmp/tkt" #endif /* PC */ -#include "kerberosIV/krb_err.h" /* XXX FIXME! */ +/* + * Error codes are now defined as offsets from com_err (krb_err.et) + * values. + */ #define KRB_ET(x) ((KRBET_ ## x) - ERROR_TABLE_BASE_krb) /* Error codes returned from the KDC */ @@ -267,7 +307,7 @@ typedef struct msg_dat MSG_DAT; #define KNAME_FMT KRB_ET(KNAME_FMT) /* 81 - Bad krb name fmt */ /* Error code returned by krb_mk_safe */ -#define SAFE_PRIV_ERROR -1 /* syscall error */ +#define SAFE_PRIV_ERROR (-1) /* syscall error */ /* Kerberos ticket flag field bit definitions */ #define K_FLAG_ORDER 0 /* bit 0 --> lsb */ @@ -279,6 +319,7 @@ typedef struct msg_dat MSG_DAT; #define K_FLAG_6 /* reserved */ #define K_FLAG_7 /* reserved, bit 7 --> msb */ +/* Are these needed anymore? */ #ifdef OLDNAMES #define krb_mk_req mk_ap_req #define krb_rd_req rd_ap_req @@ -330,9 +371,6 @@ typedef struct msg_dat MSG_DAT; #endif /*_WINDOWS*/ -/* Define u_char, u_short, u_int, and u_long. */ -#include <sys/types.h> - /* ask to disable IP address checking in the library */ extern int krb_ignore_ip_address; @@ -376,10 +414,6 @@ extern struct _krb5_context * krb5__krb4_context; struct sockaddr_in; -#ifdef __cplusplus -extern "C" { -#endif - /* dest_tkt.c */ int KRB5_CALLCONV dest_tkt (void); @@ -387,7 +421,8 @@ int KRB5_CALLCONV dest_tkt const char * KRB5_CALLCONV krb_get_err_text (int errnum); /* g_ad_tkt.c */ -int get_ad_tkt +/* Previously not KRB5_CALLCONV */ +int KRB5_CALLCONV get_ad_tkt (char *service, char *sinst, char *realm, int lifetime); /* g_admhst.c */ int KRB5_CALLCONV krb_get_admhst @@ -397,15 +432,21 @@ int KRB5_CALLCONV krb_get_cred (char *service, char *instance, char *realm, CREDENTIALS *c); /* g_in_tkt.c */ -int krb_get_in_tkt +/* Previously not KRB5_CALLCONV */ +int KRB5_CALLCONV krb_get_in_tkt (char *k_user, char *instance, char *realm, char *service, char *sinst, int life, key_proc_type, decrypt_tkt_type, char *arg); -int krb_get_in_tkt_preauth +/* Previously not KRB5_CALLCONV */ +int KRB5_CALLCONV krb_get_in_tkt_preauth (char *k_user, char *instance, char *realm, char *service, char *sinst, int life, key_proc_type, decrypt_tkt_type, char *arg, char *preauth_p, int preauth_len); +/* From KfM */ +int KRB5_CALLCONV krb_get_in_tkt_creds(char *, char *, char *, char *, char *, + int, key_proc_type, decrypt_tkt_type, char *, CREDENTIALS *); + /* g_krbhst.c */ int KRB5_CALLCONV krb_get_krbhst (char *host, char *realm, int idx); @@ -427,11 +468,21 @@ int KRB5_CALLCONV krb_get_pw_in_tkt_preauth (char *k_user, char *instance, char *realm, char *service, char *sinstance, int life, char *password); +int KRB5_CALLCONV +krb_get_pw_in_tkt_creds(char *, char *, char *, + char *, char *, int, char *, CREDENTIALS *); + /* g_svc_in_tkt.c */ int KRB5_CALLCONV krb_get_svc_in_tkt (char *k_user, char *instance, char *realm, char *service, char *sinstance, int life, char *srvtab); +#if TARGET_OS_MAC && defined(__FILES__) +int KRB5_CALLCONV +FSp_krb_get_svc_in_tkt(char *, char *, char *, char *, char *, + int, const FSSpec *); +#endif + /* g_tf_fname.c */ int KRB5_CALLCONV krb_get_tf_fullname (char *ticket_file, char *name, char *inst, char *realm); @@ -453,6 +504,10 @@ int KRB5_CALLCONV krb_in_tkt int KRB5_CALLCONV kname_parse (char *name, char *inst, char *realm, char *fullname); +/* From KfM XXX to be merged*/ +int KRB5_CALLCONV kname_unparse + (char *, const char *, const char *, const char *); + int KRB5_CALLCONV k_isname (char *); int KRB5_CALLCONV k_isinst @@ -503,6 +558,12 @@ int KRB5_CALLCONV krb_mk_req (KTEXT authent, char *service, char *instance, char *realm, KRB4_32 checksum); +/* Merged from KfM */ +int KRB5_CALLCONV krb_mk_req_creds(KTEXT, CREDENTIALS *, KRB_INT32); + +/* Added CALLCONV (KfM exports w/o INTERFACE, but KfW doesn't export?) */ +int KRB5_CALLCONV krb_set_lifetime(int newval); + /* mk_safe.c */ long KRB5_CALLCONV krb_mk_safe (u_char *in, u_char *out, unsigned KRB4_32 length, @@ -510,12 +571,15 @@ long KRB5_CALLCONV krb_mk_safe struct sockaddr_in *sender, struct sockaddr_in *receiver); /* netread.c */ +/* XXX private */ int krb_net_read (int fd, char *buf, int len); /* netwrite.c */ +/* XXX private */ int krb_net_write (int fd, char *buf, int len); /* pkt_clen.c */ +/* XXX private */ int pkt_clen (KTEXT); /* put_svc_key.c */ @@ -523,6 +587,11 @@ int KRB5_CALLCONV put_svc_key (char *sfile, char *name, char *inst, char *realm, int newvno, char *key); +#if TARGET_OS_MAC && defined(__FILES__) +int KRB5_CALLCONV FSp_put_svc_key(const FSSpec *, char *, char *, char *, + int, char *); +#endif + /* rd_err.c */ int KRB5_CALLCONV krb_rd_err (u_char *in, u_long in_length, @@ -539,6 +608,10 @@ int KRB5_CALLCONV krb_rd_req (KTEXT, char *service, char *inst, unsigned KRB4_32 from_addr, AUTH_DAT *, char *srvtab); +/* Merged from KfM */ +int KRB5_CALLCONV +krb_rd_req_int(KTEXT, char *, char *, KRB_UINT32, AUTH_DAT *, C_Block); + /* rd_safe.c */ long KRB5_CALLCONV krb_rd_safe (u_char *in, unsigned KRB4_32 in_length, @@ -553,6 +626,11 @@ int KRB5_CALLCONV read_service_key int KRB5_CALLCONV get_service_key (char *service, char *instance, char *realm, int *kvno, char *file, char *key); +#if TARGET_OS_MAC && defined(__FILES__) +int KRB5_CALLCONV FSp_read_service_key(char *, char *, char *, + int, const FSSpec*, char *); +#endif + /* realmofhost.c */ char * KRB5_CALLCONV krb_realmofhost (char *host); @@ -579,13 +657,15 @@ int KRB5_CALLCONV krb_save_credentials C_Block session, int lifetime, int kvno, KTEXT ticket, long issue_date); /* send_to_kdc.c */ +/* XXX PRIVATE? KfM doesn't export. */ int send_to_kdc (KTEXT pkt, KTEXT rpkt, char *realm); /* tkt_string.c */ -char * tkt_string +/* Used to return pointer to non-const char */ +const char * KRB5_CALLCONV tkt_string (void); -void krb_set_tkt_string +void KRB5_CALLCONV krb_set_tkt_string (char *); /* tf_util.c */ @@ -608,7 +688,9 @@ unsigned KRB4_32 KRB5_CALLCONV unix_time_gmt_unixsec */ extern int krb_set_key (char *key, int cvt); -extern int decomp_ticket + +/* This is exported by KfM. It was previously not KRB5_CALLCONV. */ +extern int KRB5_CALLCONV decomp_ticket (KTEXT tkt, unsigned char *flags, char *pname, char *pinstance, char *prealm, unsigned KRB4_32 *paddress, C_Block session, int *life, unsigned KRB4_32 *time_sec, @@ -646,23 +728,38 @@ extern int krb_set_key_krb5(krb5_context ctx, krb5_keyblock *key); #endif #if TARGET_OS_MAC -/* The following functions are not part of the standard Kerberos v4 API. - * They were created for Mac implementation, and used by admin tools - * such as CNS-Config. */ +/* + * KfM krb.hin had the following, probably inherited from CNS: + * + * The following functions are not part of the standard Kerberos v4 + * API. They were created for Mac implementation, and used by admin + * tools such as CNS-Config. + */ extern int KRB5_CALLCONV krb_get_num_cred(void); -extern int INTERFACE +extern int KRB5_CALLCONV krb_get_nth_cred(char *, char *, char *, int); -extern int INTERFACE +extern int KRB5_CALLCONV krb_delete_cred(char *, char *,char *); -extern int INTERFACE +extern int KRB5_CALLCONV dest_all_tkts(void); #endif /* TARGET_OS_MAC */ +/* + * krb_change_password -- merged from KfM + */ +/* change_password.c */ +int KRB5_CALLCONV krb_change_password(char *, char *, char *, char *, char *); + +/* + * RealmConfig-glue.c from KfM XXX to be merged + */ +extern int KRB5_CALLCONV krb_get_profile(profile_t *profile); + #ifdef _WINDOWS HINSTANCE get_lib_instance(void); unsigned int krb_get_notification_message(void); @@ -672,8 +769,14 @@ unsigned KRB4_32 win_time_gmt_unixsec(unsigned KRB4_32 *); long win_time_get_epoch(void); #endif -#ifdef __cplusplus -} +#if TARGET_OS_MAC +# if defined(__MWERKS__) +# pragma enumsalwaysint reset +# pragma import reset +# endif +# pragma options align=reset #endif +KRBINT_END_DECLS + #endif /* KRB_DEFS */ diff --git a/src/include/kerberosIV/krb_conf.h b/src/include/kerberosIV/krb_conf.h deleted file mode 100644 index 3edeaf941..000000000 --- a/src/include/kerberosIV/krb_conf.h +++ /dev/null @@ -1,46 +0,0 @@ -/* - * include/kerberosIV/krb_conf.h - * - * Copyright 1988, 1994 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * This file contains configuration information for the Kerberos library - * which is machine specific; currently, this file contains - * configuration information for the vax, the "ibm032" (RT), and the - * "PC8086" (IBM PC). - * - * Note: cross-compiled targets must appear BEFORE their corresponding - * cross-compiler host. Otherwise, both will be defined when running - * the native compiler on the programs that construct cross-compiled - * sources. - */ - -#ifndef KRB_CONF_DEFS -#define KRB_CONF_DEFS - -/* Byte ordering */ -extern int krbONE; -#define HOST_BYTE_ORDER (* (char *) &krbONE) -#define MSB_FIRST 0 /* 68000, IBM RT/PC */ -#define LSB_FIRST 1 /* Vax, PC8086 */ - -#endif /* KRB_CONF_DEFS */ diff --git a/src/include/kerberosIV/passwd_server.h b/src/include/kerberosIV/passwd_server.h deleted file mode 100644 index e0a32c54c..000000000 --- a/src/include/kerberosIV/passwd_server.h +++ /dev/null @@ -1,45 +0,0 @@ -/* - * include/kerberosIV/passwd_server.h - * - * Copyright 1987, 1988, 1994 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Include file for password server - */ - -#ifndef PASSWD_SERVER_DEFS -#define PASSWD_SERVER_DEFS - -#define PW_SRV_VERSION 2 /* version number */ -#define RETRY_LIMIT 1 -#define TIME_OUT 30 -#define USER_TIMEOUT 90 -#define MAX_KPW_LEN 40 /* hey, seems like a good number */ - -#define INSTALL_NEW_PW (1<<0) /* - * ver, cmd, name, password, old_pass, - * crypt_pass, uid - */ - -#define INSTALL_REPLY (1<<1) /* ver, cmd, name, password */ - -#endif /* PASSWD_SERVER_DEFS */ diff --git a/src/include/kerberosIV/principal.h b/src/include/kerberosIV/principal.h deleted file mode 100644 index 2960870be..000000000 --- a/src/include/kerberosIV/principal.h +++ /dev/null @@ -1,35 +0,0 @@ -/* - * include/kerberosIV/principal.h - * - * Copyright 1988, 1994 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Definitions for principal names. - */ - -#ifndef PRINCIPAL_DEFS -#define PRINCIPAL_DEFS - -#define NAME_LEN 39 -#define INSTANCE_LEN 39 - -#endif /* PRINCIPAL_DEFS */ diff --git a/src/include/kerberosIV/prot.h b/src/include/kerberosIV/prot.h index aec6546cf..3c1b530e0 100644 --- a/src/include/kerberosIV/prot.h +++ b/src/include/kerberosIV/prot.h @@ -27,8 +27,6 @@ * encoding and decoding. */ -#include <kerberosIV/krb_conf.h> - #ifndef PROT_DEFS #define PROT_DEFS @@ -100,20 +98,22 @@ * that is a moving pointer of type (unsigned char *) into the buffer, * and assume that the caller has already bounds-checked. */ -#define KRB4_PUT32BE(p, val) \ -do { \ - *(p)++ = ((unsigned KRB4_32)(val) >> 24) & 0xff; \ - *(p)++ = ((unsigned KRB4_32)(val) >> 16) & 0xff; \ - *(p)++ = ((unsigned KRB4_32)(val) >> 8) & 0xff; \ - *(p)++ = (unsigned KRB4_32)(val) & 0xff; \ +#define KRB4_PUT32BE(p, val) \ +do { \ + (p)[0] = ((KRB_UINT32)(val) >> 24) & 0xff; \ + (p)[1] = ((KRB_UINT32)(val) >> 16) & 0xff; \ + (p)[2] = ((KRB_UINT32)(val) >> 8) & 0xff; \ + (p)[3] = (KRB_UINT32)(val) & 0xff; \ + (p) += 4; \ } while (0) -#define KRB4_PUT32LE(p, val) \ -do { \ - *(p)++ = (unsigned KRB4_32)(val) & 0xff; \ - *(p)++ = ((unsigned KRB4_32)(val) >> 8) & 0xff; \ - *(p)++ = ((unsigned KRB4_32)(val) >> 16) & 0xff; \ - *(p)++ = ((unsigned KRB4_32)(val) >> 24) & 0xff; \ +#define KRB4_PUT32LE(p, val) \ +do { \ + (p)[0] = (KRB_UINT32)(val) & 0xff; \ + (p)[1] = ((KRB_UINT32)(val) >> 8) & 0xff; \ + (p)[2] = ((KRB_UINT32)(val) >> 16) & 0xff; \ + (p)[3] = ((KRB_UINT32)(val) >> 24) & 0xff; \ + (p) += 4; \ } while (0) #define KRB4_PUT32(p, val, le) \ @@ -124,16 +124,18 @@ do { \ KRB4_PUT32BE((p), (val)); \ } while (0) -#define KRB4_PUT16BE(p, val) \ -do { \ - *(p)++ = ((unsigned KRB4_32)(val) >> 8) & 0xff; \ - *(p)++ = (unsigned KRB4_32)(val) & 0xff; \ +#define KRB4_PUT16BE(p, val) \ +do { \ + (p)[0] = ((KRB_UINT32)(val) >> 8) & 0xff; \ + (p)[1] = (KRB_UINT32)(val) & 0xff; \ + (p) += 2; \ } while (0) -#define KRB4_PUT16LE(p, val) \ -do { \ - *(p)++ = (unsigned KRB4_32)(val) & 0xff; \ - *(p)++ = ((unsigned KRB4_32)(val) >> 8) & 0xff; \ +#define KRB4_PUT16LE(p, val) \ +do { \ + (p)[0] = (KRB_UINT32)(val) & 0xff; \ + (p)[1] = ((KRB_UINT32)(val) >> 8) & 0xff; \ + (p) += 2; \ } while (0) #define KRB4_PUT16(p, val, le) \ @@ -154,18 +156,20 @@ do { \ */ #define KRB4_GET32BE(val, p) \ do { \ - (val) = (unsigned KRB4_32)*(p)++ << 24; \ - (val) |= (unsigned KRB4_32)*(p)++ << 16; \ - (val) |= (unsigned KRB4_32)*(p)++ << 8; \ - (val) |= (unsigned KRB4_32)*(p)++; \ + (val) = (KRB_UINT32)(p)[0] << 24; \ + (val) |= (KRB_UINT32)(p)[1] << 16; \ + (val) |= (KRB_UINT32)(p)[2] << 8; \ + (val) |= (KRB_UINT32)(p)[3]; \ + (p) += 4; \ } while (0) #define KRB4_GET32LE(val, p) \ do { \ - (val) = (unsigned KRB4_32)*(p)++; \ - (val) |= (unsigned KRB4_32)*(p)++ << 8; \ - (val) |= (unsigned KRB4_32)*(p)++ << 16; \ - (val) |= (unsigned KRB4_32)*(p)++ << 24; \ + (val) = (KRB_UINT32)(p)[0]; \ + (val) |= (KRB_UINT32)(p)[1] << 8; \ + (val) |= (KRB_UINT32)(p)[2] << 16; \ + (val) |= (KRB_UINT32)(p)[3] << 24; \ + (p) += 4; \ } while(0) #define KRB4_GET32(val, p, le) \ @@ -178,14 +182,16 @@ do { \ #define KRB4_GET16BE(val, p) \ do { \ - (val) = (unsigned KRB4_32)*(p)++ << 8; \ - (val) |= (unsigned KRB4_32)*(p)++; \ + (val) = (KRB_UINT32)(p)[0] << 8; \ + (val) |= (KRB_UINT32)(p)[1]; \ + (p) += 2; \ } while (0) #define KRB4_GET16LE(val, p) \ do { \ - (val) = (unsigned KRB4_32)*(p)++; \ - (val) |= (unsigned KRB4_32)*(p)++ << 8; \ + (val) = (KRB_UINT32)(p)[0]; \ + (val) |= (KRB_UINT32)(p)[1] << 8; \ + (p) += 2; \ } while (0) #define KRB4_GET16(val, p, le) \ diff --git a/src/include/port-sockets.h b/src/include/port-sockets.h index 1b9be3ee1..e23ac1a3f 100644 --- a/src/include/port-sockets.h +++ b/src/include/port-sockets.h @@ -26,6 +26,9 @@ typedef WSABUF sg_buf; #define SOCKET_NFDS(f) (0) /* select()'s first arg is ignored */ #define SOCKET_READ(fd, b, l) (recv(fd, b, l, 0)) #define SOCKET_WRITE(fd, b, l) (send(fd, b, l, 0)) +#define SOCKET_CONNECT connect /* XXX */ +#define SOCKET_GETSOCKNAME getsockname /* XXX */ +#define SOCKET_CLOSE close /* XXX */ #define SOCKET_EINTR WSAEINTR /* Return -1 for error or number of bytes written. @@ -119,6 +122,9 @@ typedef struct iovec sg_buf; #define SOCKET_NFDS(f) ((f)+1) /* select() arg for a single fd */ #define SOCKET_READ read #define SOCKET_WRITE write +#define SOCKET_CONNECT connect +#define SOCKET_GETSOCKNAME getsockname +#define SOCKET_CLOSE close #define SOCKET_EINTR EINTR #define SOCKET_WRITEV_TEMP int /* Use TMP to avoid compiler warnings and keep things consistent with diff --git a/src/kadmin/v4server/ChangeLog b/src/kadmin/v4server/ChangeLog index 256c60f3b..cdae96991 100644 --- a/src/kadmin/v4server/ChangeLog +++ b/src/kadmin/v4server/ChangeLog @@ -1,3 +1,15 @@ +2002-11-26 Tom Yu <tlyu@mit.edu> + + * Makefile.in (OBJS): Remove kadm_stream.o and kadm_err.o. Also, + remove references to kadm_err.et. + + * kadm_err.et: Remove. It lives in lib/krb4 now. + + * kadm_server.h: Remove some prototypes that were moved to + kadm.h. + + * kadm_stream.c: Remove. It lives in lib/krb4 now. + 2002-11-01 Tom Yu <tlyu@mit.edu> * kadm_ser_wrap.c (kadm_ser_in): Apply fix for MITKRB5-SA-2002-002 diff --git a/src/kadmin/v4server/Makefile.in b/src/kadmin/v4server/Makefile.in index 0260d4ee7..e6120d102 100644 --- a/src/kadmin/v4server/Makefile.in +++ b/src/kadmin/v4server/Makefile.in @@ -13,14 +13,10 @@ LOCALINCLUDES = $(KRB4_INCLUDES) -I. -I$(srcdir) PROG = kadmind4 OBJS = kadm_server.o admin_server.o kadm_ser_wrap.o \ - kadm_funcs.o kadm_stream.o kadm_supp.o acl_files.o kadm_err.o + kadm_funcs.o kadm_supp.o acl_files.o all:: $(PROG) -kadm_err.c kadm_err.h: kadm_err.et - -$(OBJS): kadm_err.h - $(PROG): $(OBJS) $(KADMCLNT_DEPLIBS) $(KDB5_DEPLIBS) $(KRB4COMPAT_DEPLIBS) $(CC_LINK) -o $(PROG) $(OBJS) $(KADMCLNT_LIBS) $(KDB5_LIBS) \ $(KRB4COMPAT_LIBS) $(HESIOD_LIBS) diff --git a/src/kadmin/v4server/kadm_server.h b/src/kadmin/v4server/kadm_server.h index 45007b4ac..6578716d0 100644 --- a/src/kadmin/v4server/kadm_server.h +++ b/src/kadmin/v4server/kadm_server.h @@ -94,18 +94,6 @@ void prin_vals(Kadm_vals *); void kadm_prin_to_vals(u_char *, Kadm_vals *, Principal *); void kadm_vals_to_prin(u_char *, Principal *, Kadm_vals *); -/* kadm_stream.c */ -int stv_char(u_char *, u_char *, int, int); -int stv_short(u_char *, u_short *, int, int); -int stv_long(u_char *, krb5_ui_4 *, int, int); -int stv_string(u_char *, char *, int, int, int); -int stream_to_vals(u_char *, Kadm_vals *, int); -int vals_to_stream(Kadm_vals *, u_char **); -int vts_string(char *, u_char **, int); -int vts_short(u_short, u_char **, int); -int vts_long(krb5_ui_4, u_char **, int); -int vts_char(u_char, u_char **, int); - /* acl_files.c */ int acl_add(char *, char *); int acl_delete(char *, char *); diff --git a/src/kadmin/v4server/kadm_stream.c b/src/kadmin/v4server/kadm_stream.c deleted file mode 100644 index d2a3cdb39..000000000 --- a/src/kadmin/v4server/kadm_stream.c +++ /dev/null @@ -1,298 +0,0 @@ -/* - * kadmin/v4server/kadm_stream.c - * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * <mit-copyright.h>. - * - * Stream conversion functions for Kerberos administration server - */ - - -#include <mit-copyright.h> -#include <string.h> -#include "k5-int.h" - -#ifdef HAVE_STDLIB_H -#include <stdlib.h> -#else -extern char *malloc(), *calloc(), *realloc(); -#endif - -static int check_field_header(u_char *, u_char *, int); -static int build_field_header(u_char *, u_char **); - - -/* - kadm_stream.c - this holds the stream support routines for the kerberos administration server - - vals_to_stream: converts a vals struct to a stream for transmission - internals build_field_header, vts_[string, char, long, short] - stream_to_vals: converts a stream to a vals struct - internals check_field_header, stv_[string, char, long, short] - error: prints out a kadm error message, returns - fatal: prints out a kadm fatal error message, exits -*/ - -#include "kadm.h" -#include "kadm_server.h" - -#define min(a,b) (((a) < (b)) ? (a) : (b)) - -/* -vals_to_stream - recieves : kadm_vals *, u_char * - returns : a realloced and filled in u_char * - -this function creates a byte-stream representation of the kadm_vals structure -*/ -int -vals_to_stream(dt_in, dt_out) -Kadm_vals *dt_in; -u_char **dt_out; -{ - int vsloop, stsize; /* loop counter, stream size */ - - stsize = build_field_header(dt_in->fields, dt_out); - for (vsloop=31; vsloop>=0; vsloop--) - if (IS_FIELD(vsloop,dt_in->fields)) { - switch (vsloop) { - case KADM_NAME: - stsize+=vts_string(dt_in->name, dt_out, stsize); - break; - case KADM_INST: - stsize+=vts_string(dt_in->instance, dt_out, stsize); - break; - case KADM_EXPDATE: - stsize+=vts_long(dt_in->exp_date, dt_out, stsize); - break; - case KADM_ATTR: - stsize+=vts_short(dt_in->attributes, dt_out, stsize); - break; - case KADM_MAXLIFE: - stsize+=vts_char(dt_in->max_life, dt_out, stsize); - break; - case KADM_DESKEY: - stsize+=vts_long(dt_in->key_high, dt_out, stsize); - stsize+=vts_long(dt_in->key_low, dt_out, stsize); - break; - default: - break; - } -} - return(stsize); -} - -static int -build_field_header(cont, st) -u_char *cont; /* container for fields data */ -u_char **st; /* stream */ -{ - *st = (u_char *) malloc (4); - memcpy((char *) *st, (char *) cont, 4); - return 4; /* return pointer to current stream location */ -} - -int -vts_string(dat, st, loc) -char *dat; /* a string to put on the stream */ -u_char **st; /* base pointer to the stream */ -int loc; /* offset into the stream for current data */ -{ - *st = (u_char *) realloc ((char *)*st, (unsigned) (loc + strlen(dat) + 1)); - memcpy((char *)(*st + loc), dat, strlen(dat)+1); - return strlen(dat)+1; -} - -int -vts_short(dat, st, loc) -u_short dat; /* the attributes field */ -u_char **st; /* a base pointer to the stream */ -int loc; /* offset into the stream for current data */ -{ - u_short temp; /* to hold the net order short */ - - temp = htons(dat); /* convert to network order */ - *st = (u_char *) realloc ((char *)*st, (unsigned)(loc + sizeof(u_short))); - memcpy((char *)(*st + loc), (char *) &temp, sizeof(u_short)); - return sizeof(u_short); -} - -int -vts_long(dat, st, loc) -krb5_ui_4 dat; /* the attributes field */ -u_char **st; /* a base pointer to the stream */ -int loc; /* offset into the stream for current data */ -{ - krb5_ui_4 temp; /* to hold the net order short */ - - temp = htonl(dat); /* convert to network order */ - *st = (u_char *) realloc ((char *)*st, (unsigned)(loc + sizeof(krb5_ui_4))); - memcpy((char *)(*st + loc), (char *) &temp, sizeof(krb5_ui_4)); - return sizeof(krb5_ui_4); -} - - -int -vts_char(dat, st, loc) -u_char dat; /* the attributes field */ -u_char **st; /* a base pointer to the stream */ -int loc; /* offset into the stream for current data */ -{ - *st = (u_char *) realloc ((char *)*st, (unsigned)(loc + sizeof(u_char))); - (*st)[loc] = (u_char) dat; - return 1; -} - -/* -stream_to_vals - recieves : u_char *, kadm_vals * - returns : a kadm_vals filled in according to u_char * - -this decodes a byte stream represntation of a vals struct into kadm_vals -*/ -int -stream_to_vals(dt_in, dt_out, maxlen) -u_char *dt_in; -Kadm_vals *dt_out; -int maxlen; /* max length to use */ -{ - register int vsloop, stsize; /* loop counter, stream size */ - register int status; - krb5_ui_4 l_trans; - - memset((char *) dt_out, 0, sizeof(*dt_out)); - - stsize = check_field_header(dt_in, dt_out->fields, maxlen); - if (stsize < 0) - return(-1); - for (vsloop=31; vsloop>=0; vsloop--) - if (IS_FIELD(vsloop,dt_out->fields)) - switch (vsloop) { - case KADM_NAME: - if ((status = stv_string(dt_in, dt_out->name, stsize, - sizeof(dt_out->name), maxlen)) < 0) - return(-1); - stsize += status; - break; - case KADM_INST: - if ((status = stv_string(dt_in, dt_out->instance, stsize, - sizeof(dt_out->instance), maxlen)) < 0) - return(-1); - stsize += status; - break; - case KADM_EXPDATE: - if ((status = stv_long(dt_in, &l_trans, stsize, - maxlen)) < 0) - return(-1); - dt_out->exp_date = l_trans; - stsize += status; - break; - case KADM_ATTR: - if ((status = stv_short(dt_in, &dt_out->attributes, stsize, - maxlen)) < 0) - return(-1); - stsize += status; - break; - case KADM_MAXLIFE: - if ((status = stv_char(dt_in, &dt_out->max_life, stsize, - maxlen)) < 0) - return(-1); - stsize += status; - break; - case KADM_DESKEY: - if ((status = stv_long(dt_in, &l_trans, stsize, - maxlen)) < 0) - return(-1); - dt_out->key_high = l_trans; - stsize += status; - if ((status = stv_long(dt_in, &l_trans, stsize, - maxlen)) < 0) - return(-1); - dt_out->key_low = l_trans; - stsize += status; - break; - default: - break; - } - return stsize; -} - -static int -check_field_header(st, cont, maxlen) -u_char *st; /* stream */ -u_char *cont; /* container for fields data */ -int maxlen; -{ - if (4 > maxlen) - return(-1); - memcpy((char *) cont, (char *) st, 4); - return 4; /* return pointer to current stream location */ -} - -int -stv_string(st, dat, loc, stlen, maxlen) -register u_char *st; /* base pointer to the stream */ -char *dat; /* a string to read from the stream */ -register int loc; /* offset into the stream for current data */ -int stlen; /* max length of string to copy in */ -int maxlen; /* max length of input stream */ -{ - int maxcount; /* max count of chars to copy */ - - maxcount = min(maxlen - loc, stlen); - - (void) strncpy(dat, (char *)st + loc, maxcount); - - if (dat[maxcount-1]) /* not null-term --> not enuf room */ - return(-1); - return strlen(dat)+1; -} - -int -stv_short(st, dat, loc, maxlen) -u_char *st; /* a base pointer to the stream */ -u_short *dat; /* the attributes field */ -int loc; /* offset into the stream for current data */ -int maxlen; -{ - u_short temp; /* to hold the net order short */ - - if (loc + sizeof(u_short) > maxlen) - return(-1); - memcpy((char *) &temp, (char *) st+ loc, sizeof(u_short)); - *dat = ntohs(temp); /* convert to network order */ - return sizeof(u_short); -} - -int -stv_long(st, dat, loc, maxlen) -u_char *st; /* a base pointer to the stream */ -krb5_ui_4 *dat; /* the attributes field */ -int loc; /* offset into the stream for current data */ -int maxlen; /* maximum length of st */ -{ - krb5_ui_4 temp; /* to hold the net order short */ - - if (loc + sizeof(krb5_ui_4) > maxlen) - return(-1); - memcpy((char *) &temp, (char *) st + loc, sizeof(krb5_ui_4)); - *dat = ntohl(temp); /* convert to network order */ - return sizeof(krb5_ui_4); -} - -int -stv_char(st, dat, loc, maxlen) -u_char *st; /* a base pointer to the stream */ -u_char *dat; /* the attributes field */ -int loc; /* offset into the stream for current data */ -int maxlen; -{ - if (loc + 1 > maxlen) - return(-1); - *dat = *(st + loc); - return 1; -} - diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog index cb4376369..7978904ea 100644 --- a/src/kdc/ChangeLog +++ b/src/kdc/ChangeLog @@ -1,3 +1,10 @@ +2002-11-26 Tom Yu <tlyu@mit.edu> + + * Makefile.in: Update dependencies. + + * kerberos_v4.c: Inline some stuff formerly in krb_conf.h until we + get a chance to fix it properly. + 2002-11-03 Tom Yu <tlyu@mit.edu> * do_as_req.c (process_as_req): Fix previous patch; it caused an diff --git a/src/kdc/Makefile.in b/src/kdc/Makefile.in index c597b6f29..077c2194a 100644 --- a/src/kdc/Makefile.in +++ b/src/kdc/Makefile.in @@ -165,8 +165,8 @@ $(OUTPRE)kerberos_v4.$(OBJEXT): kerberos_v4.c $(SRCTOP)/include/k5-int.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ $(BUILDTOP)/include/profile.h kdc_util.h $(SRCTOP)/include/krb5/adm_proto.h \ $(SRCTOP)/include/syslog.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/klog.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/kerberosIV/krb_conf.h \ + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(SRCTOP)/include/kerberosIV/klog.h $(SRCTOP)/include/kerberosIV/prot.h \ $(SRCTOP)/include/kerberosIV/krb_db.h $(SRCTOP)/include/kerberosIV/kdc.h \ extern.h diff --git a/src/kdc/kerberos_v4.c b/src/kdc/kerberos_v4.c index 2856d5fb6..d8a7ce452 100644 --- a/src/kdc/kerberos_v4.c +++ b/src/kdc/kerberos_v4.c @@ -79,6 +79,12 @@ char * v4_klog (int, const char *, ...); /* take this out when we don't need it anymore */ int krbONE = 1; +/* XXX inline former contents of krb_conf.h for now */ +/* Byte ordering */ +extern int krbONE; +#define HOST_BYTE_ORDER (* (char *) &krbONE) +#define MSB_FIRST 0 /* 68000, IBM RT/PC */ +#define LSB_FIRST 1 /* Vax, PC8086 */ int f; diff --git a/src/lib/krb4/ChangeLog b/src/lib/krb4/ChangeLog index ecaba3b34..2287b6d9a 100644 --- a/src/lib/krb4/ChangeLog +++ b/src/lib/krb4/ChangeLog @@ -1,3 +1,61 @@ +2002-11-26 Tom Yu <tlyu@mit.edu> + + * Makefile.in (OBJS, SRCS): Add change_password.c, kadm_err.c, + kadm_net.c, kadm_stream.c. Remove one.c. + Also, add com_err support for kadm_err.et. Update dependencies. + + * change_password.c: New file. + + * configure.in: Remove checks for BITS16, BITS32, MSBFIRST, and + LSBFIRST. + + * g_in_tkt.c (krb_mk_in_tkt_preauth): Update to optionally return + local address -- not yet fully implemented. + (krb_parse_in_tkt_creds): Renamed from krb_parse_in_tkt(). Now + fills in a CREDENTIALS instead of storing into a ticket file. + (krb_get_in_tkt_preauth_creds): Renamed from + krb_get_in_tkt_preauth(). Now fills in a CREDENTIALS instead of + storing into a ticket file. + (krb_get_in_tkt_creds): Port from KfM. + (krb_get_in_tkt_preauth): Reimplement in terms of + krb_get_in_tkt_creds_preauth(). + + * g_pw_in_tkt.c (krb_get_pw_in_tkt_creds): Port from KfM. + + * kadm_err.et: + * kadm_net.c: + * kadm_stream.c: New files to implement password changing, ported + from KfM. + + * mk_req.c (krb_mk_req_creds_prealm): New internal function -- + similar to krb_mk_req_creds() but takes the client's realm, since + it's needed for forming a correct request but is not present in a + CREDENTIALS. + (krb_mk_req): Reimplement in terms of krb_mk_req_creds_prealm(). + Move the logic for acquiring credentials and determining client's + realm here. + (krb_mk_req_creds): Port from KfM. + (krb_set_lifetime): Make KRB5_CALLCONV now. + + * one.c: Remove. + + * password_to_key.c: New file, ported from KfM. Will eventually + implement some string-to-key stuff. + + * prot_client.c: Eliminate references to {LSB,MSB}_FIRST. + + * prot_kdc.c: Eliminate references to {LSB,MSB}_FIRST. + + * rd_req.c (krb_rd_req_with_key): New internal function -- can + take a key schedule or a krb5_keyblock and use one of those to + decrypt the ticket. + (krb_rd_req_int): Ported from KfM. Calls into + krb_rd_req_with_key(). + (krb_rd_req): Reimplement in terms of krb_rd_req_with_key(). Copy + some of the realm and kvno reading logic here. + + * tkt_string.c: Returns pointer to const now. + 2002-08-29 Ken Raeburn <raeburn@mit.edu> * Makefile.in: Revert $(S)=>/ change, for Windows support. diff --git a/src/lib/krb4/Makefile.in b/src/lib/krb4/Makefile.in index 98da61abb..26870a9fa 100644 --- a/src/lib/krb4/Makefile.in +++ b/src/lib/krb4/Makefile.in @@ -30,6 +30,7 @@ SHLIB_RDIRS=$(KRB5_LIBDIR) EHDRDIR=$(BUILDTOP)$(S)include$(S)kerberosIV OBJS = \ + $(OUTPRE)change_password.$(OBJEXT) \ $(OUTPRE)cr_auth_repl.$(OBJEXT) \ $(OUTPRE)cr_ciph.$(OBJEXT) \ $(OUTPRE)cr_tkt.$(OBJEXT) \ @@ -44,6 +45,9 @@ OBJS = \ $(OUTPRE)g_tkt_svc.$(OBJEXT) \ $(OUTPRE)gethostname.$(OBJEXT) \ $(OUTPRE)getst.$(OBJEXT) \ + $(OUTPRE)kadm_err.$(OBJEXT) \ + $(OUTPRE)kadm_net.$(OBJEXT) \ + $(OUTPRE)kadm_stream.$(OBJEXT) \ $(OUTPRE)kname_parse.$(OBJEXT) \ $(OUTPRE)lifetime.$(OBJEXT) \ $(OUTPRE)mk_auth.$(OBJEXT) \ @@ -52,7 +56,6 @@ OBJS = \ $(OUTPRE)mk_req.$(OBJEXT) \ $(OUTPRE)mk_safe.$(OBJEXT) \ $(OUTPRE)month_sname.$(OBJEXT) \ - $(OUTPRE)one.$(OBJEXT) \ $(OUTPRE)prot_client.$(OBJEXT) \ $(OUTPRE)prot_common.$(OBJEXT) \ $(OUTPRE)prot_kdc.$(OBJEXT) \ @@ -70,6 +73,7 @@ OBJS = \ $(LIB_KRB_HOSTOBJS) $(SERVER_KRB_OBJS) $(NETIO_OBJS) $(REALMDBOBJS) SRCS = \ + $(srcdir)/change_password.c \ $(srcdir)/cr_auth_repl.c \ $(srcdir)/cr_ciph.c \ $(srcdir)/cr_tkt.c \ @@ -82,6 +86,8 @@ SRCS = \ $(srcdir)/g_tkt_svc.c \ $(srcdir)/getst.c \ $(srcdir)/gethostname.c \ + $(srcdir)/kadm_net.c \ + $(srcdir)/kadm_stream.c \ $(srcdir)/kname_parse.c \ $(srcdir)/err_txt.c \ $(srcdir)/lifetime.c \ @@ -92,7 +98,6 @@ SRCS = \ $(srcdir)/mk_req.c \ $(srcdir)/mk_safe.c \ $(srcdir)/month_sname.c \ - $(srcdir)/one.c \ $(srcdir)/pkt_cipher.c \ $(srcdir)/pkt_clen.c \ $(srcdir)/prot_client.c \ @@ -190,7 +195,7 @@ CODE=$(SRCS) Makefile.in krb_err.et # We want *library* compiler options... DBG=$(DBG_LIB) -all-unix:: krb_err.h includes all-liblinks +all-unix:: krb_err.h kadm_err.h includes all-liblinks ##DOS##LIBOBJS = $(OBJS) @@ -198,7 +203,10 @@ all-unix:: krb_err.h includes all-liblinks krb_err.h:: krb_err.et krb_err.c: krb_err.et -depend:: krb_err.h +kadm_err.h: kadm_err.et +kadm_err.c: kadm_err.et + +depend:: krb_err.h kadm_err.h depend:: $(CODE) includes:: krb_err.h @@ -208,8 +216,16 @@ includes:: krb_err.h $(CP) krb_err.h $(EHDRDIR)/krb_err.h) ; \ fi +includes:: kadm_err.h + if cmp kadm_err.h $(EHDRDIR)/kadm_err.h >/dev/null 2>&1; then :; \ + else \ + (set -x; $(RM) $(EHDRDIR)/kadm_err.h; \ + $(CP) kadm_err.h $(EHDRDIR)/kadm_err.h) ; \ + fi + clean-unix:: $(RM) $(EHDRDIR)/krb_err.h + $(RM) $(EHDRDIR)/kadm_err.h @@ -227,7 +243,10 @@ clean-:: clean-unix clean-unix:: -$(RM) krb_err.c -$(RM) krb_err.h + -$(RM) kadm_err.c + -$(RM) kadm_err.h -$(RM) ../../include/kerberosIV/krb_err.h + -$(RM) ../../include/kerberosIV/kadm_err.h clean-unix:: clean-liblinks clean-libs clean-libobjs @@ -243,222 +262,294 @@ install-unix:: install-libs # Makefile dependencies follow. This must be the last section in # the Makefile.in file # +change_password.so change_password.po $(OUTPRE)change_password.$(OBJEXT): change_password.c \ + $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h krb4int.h $(SRCTOP)/include/kerberosIV/kadm.h \ + $(SRCTOP)/include/kerberosIV/prot.h cr_auth_repl.so cr_auth_repl.po $(OUTPRE)cr_auth_repl.$(OBJEXT): cr_auth_repl.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h cr_ciph.so cr_ciph.po $(OUTPRE)cr_ciph.$(OBJEXT): cr_ciph.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h cr_tkt.so cr_tkt.po $(OUTPRE)cr_tkt.$(OBJEXT): cr_tkt.c $(BUILDTOP)/include/krb5.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h $(SRCTOP)/include/port-sockets.h \ - $(BUILDTOP)/include/krb5/autoconf.h + $(SRCTOP)/include/kerberosIV/krb.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \ + $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h debug.so debug.po $(OUTPRE)debug.$(OBJEXT): debug.c $(SRCTOP)/include/kerberosIV/mit-copyright.h decomp_tkt.so decomp_tkt.po $(OUTPRE)decomp_tkt.$(OBJEXT): decomp_tkt.c $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h $(BUILDTOP)/include/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/krb54proto.h $(SRCTOP)/include/port-sockets.h \ - $(BUILDTOP)/include/krb5/autoconf.h + $(SRCTOP)/include/kerberosIV/krb.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \ + $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/krb54proto.h \ + $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h g_ad_tkt.so g_ad_tkt.po $(OUTPRE)g_ad_tkt.$(OBJEXT): g_ad_tkt.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h g_pw_in_tkt.so g_pw_in_tkt.po $(OUTPRE)g_pw_in_tkt.$(OBJEXT): g_pw_in_tkt.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/krb.h \ $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/kerberosIV/krb_conf.h + $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h g_phost.so g_phost.po $(OUTPRE)g_phost.$(OBJEXT): g_phost.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ $(BUILDTOP)/include/krb5/autoconf.h g_pw_tkt.so g_pw_tkt.po $(OUTPRE)g_pw_tkt.$(OBJEXT): g_pw_tkt.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h + $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h g_tkt_svc.so g_tkt_svc.po $(OUTPRE)g_tkt_svc.$(OBJEXT): g_tkt_svc.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ $(BUILDTOP)/include/krb5/autoconf.h getst.so getst.po $(OUTPRE)getst.$(OBJEXT): getst.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - krb4int.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h krb4int.h gethostname.so gethostname.po $(OUTPRE)gethostname.$(OBJEXT): gethostname.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - krb4int.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h krb4int.h +kadm_net.so kadm_net.po $(OUTPRE)kadm_net.$(OBJEXT): kadm_net.c $(SRCTOP)/include/port-sockets.h \ + $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/kerberosIV/krb.h \ + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/krbports.h \ + $(SRCTOP)/include/kerberosIV/kadm.h $(BUILDTOP)/include/kerberosIV/kadm_err.h \ + $(SRCTOP)/include/kerberosIV/prot.h +kadm_stream.so kadm_stream.po $(OUTPRE)kadm_stream.$(OBJEXT): kadm_stream.c $(SRCTOP)/include/kerberosIV/kadm.h \ + $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h $(BUILDTOP)/include/kerberosIV/kadm_err.h \ + $(SRCTOP)/include/kerberosIV/prot.h kname_parse.so kname_parse.po $(OUTPRE)kname_parse.$(OBJEXT): kname_parse.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h err_txt.so err_txt.po $(OUTPRE)err_txt.$(OBJEXT): err_txt.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h + $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h lifetime.so lifetime.po $(OUTPRE)lifetime.$(OBJEXT): lifetime.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h g_in_tkt.so g_in_tkt.po $(OUTPRE)g_in_tkt.$(OBJEXT): g_in_tkt.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h mk_auth.so mk_auth.po $(OUTPRE)mk_auth.$(OBJEXT): mk_auth.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h mk_err.so mk_err.po $(OUTPRE)mk_err.$(OBJEXT): mk_err.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h mk_priv.so mk_priv.po $(OUTPRE)mk_priv.$(OBJEXT): mk_priv.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h \ - $(SRCTOP)/include/kerberosIV/mit-copyright.h $(SRCTOP)/include/port-sockets.h \ - $(BUILDTOP)/include/krb5/autoconf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \ + $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \ + $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h mk_req.so mk_req.po $(OUTPRE)mk_req.$(OBJEXT): mk_req.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h krb4int.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \ + krb4int.h mk_safe.so mk_safe.po $(OUTPRE)mk_safe.$(OBJEXT): mk_safe.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h \ - $(SRCTOP)/include/kerberosIV/mit-copyright.h $(SRCTOP)/include/port-sockets.h \ - $(BUILDTOP)/include/krb5/autoconf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \ + $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \ + $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h month_sname.so month_sname.po $(OUTPRE)month_sname.$(OBJEXT): month_sname.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h krb4int.h -one.so one.po $(OUTPRE)one.$(OBJEXT): one.c + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h krb4int.h pkt_cipher.so pkt_cipher.po $(OUTPRE)pkt_cipher.$(OBJEXT): pkt_cipher.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/kerberosIV/krb_conf.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h pkt_clen.so pkt_clen.po $(OUTPRE)pkt_clen.$(OBJEXT): pkt_clen.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/kerberosIV/krb_conf.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h prot_client.so prot_client.po $(OUTPRE)prot_client.$(OBJEXT): prot_client.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h prot_common.so prot_common.po $(OUTPRE)prot_common.$(OBJEXT): prot_common.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h prot_kdc.so prot_kdc.po $(OUTPRE)prot_kdc.$(OBJEXT): prot_kdc.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h $(SRCTOP)/include/port-sockets.h \ - $(BUILDTOP)/include/krb5/autoconf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \ + $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h rd_err.so rd_err.po $(OUTPRE)rd_err.$(OBJEXT): rd_err.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h rd_priv.so rd_priv.po $(OUTPRE)rd_priv.$(OBJEXT): rd_priv.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h \ - $(SRCTOP)/include/kerberosIV/mit-copyright.h $(SRCTOP)/include/port-sockets.h \ - $(BUILDTOP)/include/krb5/autoconf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \ + $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \ + $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h rd_safe.so rd_safe.po $(OUTPRE)rd_safe.$(OBJEXT): rd_safe.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h \ - $(SRCTOP)/include/kerberosIV/mit-copyright.h $(SRCTOP)/include/port-sockets.h \ - $(BUILDTOP)/include/krb5/autoconf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \ + $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \ + $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h send_to_kdc.so send_to_kdc.po $(OUTPRE)send_to_kdc.$(OBJEXT): send_to_kdc.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krbports.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h $(SRCTOP)/include/port-sockets.h \ + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/krbports.h \ + $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \ $(BUILDTOP)/include/krb5/autoconf.h stime.so stime.po $(OUTPRE)stime.$(OBJEXT): stime.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - krb4int.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h krb4int.h strnlen.so strnlen.po $(OUTPRE)strnlen.$(OBJEXT): strnlen.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h rd_preauth.so rd_preauth.po $(OUTPRE)rd_preauth.$(OBJEXT): rd_preauth.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb_db.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/kerberosIV/krb_conf.h \ - krb4int.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/krb_db.h \ + $(SRCTOP)/include/kerberosIV/prot.h krb4int.h mk_preauth.so mk_preauth.po $(OUTPRE)mk_preauth.$(OBJEXT): mk_preauth.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h unix_time.so unix_time.po $(OUTPRE)unix_time.$(OBJEXT): unix_time.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h unix_time.so unix_time.po $(OUTPRE)unix_time.$(OBJEXT): unix_time.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h tf_util.so tf_util.po $(OUTPRE)tf_util.$(OBJEXT): tf_util.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/k5-int.h \ $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \ - $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \ + $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ - $(BUILDTOP)/include/profile.h krb4int.h + krb4int.h dest_tkt.so dest_tkt.po $(OUTPRE)dest_tkt.$(OBJEXT): dest_tkt.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h in_tkt.so in_tkt.po $(OUTPRE)in_tkt.$(OBJEXT): in_tkt.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h -tkt_string.so tkt_string.po $(OUTPRE)tkt_string.$(OBJEXT): tkt_string.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h +tkt_string.so tkt_string.po $(OUTPRE)tkt_string.$(OBJEXT): tkt_string.c $(SRCTOP)/include/kerberosIV/krb.h \ + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ + $(BUILDTOP)/include/krb5/autoconf.h g_tf_fname.so g_tf_fname.po $(OUTPRE)g_tf_fname.$(OBJEXT): g_tf_fname.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h + $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h g_tf_realm.so g_tf_realm.po $(OUTPRE)g_tf_realm.$(OBJEXT): g_tf_realm.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h + $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h g_cred.so g_cred.po $(OUTPRE)g_cred.$(OBJEXT): g_cred.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h + $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h save_creds.so save_creds.po $(OUTPRE)save_creds.$(OBJEXT): save_creds.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - krb4int.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h krb4int.h unix_glue.so unix_glue.po $(OUTPRE)unix_glue.$(OBJEXT): unix_glue.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h krb4int.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h krb4int.h klog.so klog.po $(OUTPRE)klog.$(OBJEXT): klog.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - krb4int.h $(SRCTOP)/include/kerberosIV/klog.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h krb4int.h $(SRCTOP)/include/kerberosIV/klog.h kuserok.so kuserok.po $(OUTPRE)kuserok.$(OBJEXT): kuserok.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h + $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h log.so log.po $(OUTPRE)log.$(OBJEXT): log.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - krb4int.h $(SRCTOP)/include/kerberosIV/klog.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h krb4int.h $(SRCTOP)/include/kerberosIV/klog.h kntoln.so kntoln.po $(OUTPRE)kntoln.$(OBJEXT): kntoln.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h + $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h fgetst.so fgetst.po $(OUTPRE)fgetst.$(OBJEXT): fgetst.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - krb4int.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h krb4int.h rd_svc_key.so rd_svc_key.po $(OUTPRE)rd_svc_key.$(OBJEXT): rd_svc_key.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - krb4int.h $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ - $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \ - $(SRCTOP)/include/krb54proto.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h krb4int.h $(SRCTOP)/include/k5-int.h \ + $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \ + $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ + $(SRCTOP)/include/krb54proto.h $(SRCTOP)/include/kerberosIV/prot.h cr_err_repl.so cr_err_repl.po $(OUTPRE)cr_err_repl.$(OBJEXT): cr_err_repl.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h rd_req.so rd_req.po $(OUTPRE)rd_req.$(OBJEXT): rd_req.c $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h $(BUILDTOP)/include/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/krb54proto.h + $(SRCTOP)/include/kerberosIV/krb.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \ + $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/krb54proto.h g_svc_in_tkt.so g_svc_in_tkt.po $(OUTPRE)g_svc_in_tkt.$(OBJEXT): g_svc_in_tkt.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/kerberosIV/krb_conf.h \ + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h \ krb4int.h recvauth.so recvauth.po $(OUTPRE)recvauth.$(OBJEXT): recvauth.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ + $(BUILDTOP)/include/krb5/autoconf.h krb_err.so krb_err.po $(OUTPRE)krb_err.$(OBJEXT): krb_err.c $(COM_ERR_DEPS) ad_print.so ad_print.po $(OUTPRE)ad_print.$(OBJEXT): ad_print.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - krb4int.h $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h krb4int.h $(SRCTOP)/include/port-sockets.h \ + $(BUILDTOP)/include/krb5/autoconf.h cr_death_pkt.so cr_death_pkt.po $(OUTPRE)cr_death_pkt.$(OBJEXT): cr_death_pkt.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/kerberosIV/krb_conf.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/prot.h kparse.so kparse.po $(OUTPRE)kparse.$(OBJEXT): kparse.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/kparse.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/kparse.h put_svc_key.so put_svc_key.po $(OUTPRE)put_svc_key.$(OBJEXT): put_svc_key.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h krb4int.h + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h krb4int.h sendauth.so sendauth.po $(OUTPRE)sendauth.$(OBJEXT): sendauth.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - krb4int.h $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h krb4int.h $(SRCTOP)/include/port-sockets.h \ + $(BUILDTOP)/include/krb5/autoconf.h netread.so netread.po $(OUTPRE)netread.$(OBJEXT): netread.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ + $(BUILDTOP)/include/krb5/autoconf.h netwrite.so netwrite.po $(OUTPRE)netwrite.$(OBJEXT): netwrite.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ + $(BUILDTOP)/include/krb5/autoconf.h g_cnffile.so g_cnffile.po $(OUTPRE)g_cnffile.$(OBJEXT): g_cnffile.c $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/kerberosIV/des.h $(BUILDTOP)/include/kerberosIV/krb_err.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/k5-int.h \ $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \ - $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \ + $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ - $(BUILDTOP)/include/profile.h krb4int.h + krb4int.h g_krbhst.so g_krbhst.po $(OUTPRE)g_krbhst.$(OBJEXT): g_krbhst.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - krb4int.h $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h krb4int.h $(SRCTOP)/include/port-sockets.h \ + $(BUILDTOP)/include/krb5/autoconf.h g_krbrlm.so g_krbrlm.po $(OUTPRE)g_krbrlm.$(OBJEXT): g_krbrlm.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - krb4int.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h krb4int.h g_admhst.so g_admhst.po $(OUTPRE)g_admhst.$(OBJEXT): g_admhst.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - krb4int.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h krb4int.h realmofhost.so realmofhost.po $(OUTPRE)realmofhost.$(OBJEXT): realmofhost.c $(SRCTOP)/include/kerberosIV/mit-copyright.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ - krb4int.h + $(BUILDTOP)/include/kerberosIV/krb_err.h $(COM_ERR_DEPS) \ + $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ + $(BUILDTOP)/include/krb5/autoconf.h krb4int.h diff --git a/src/lib/krb4/change_password.c b/src/lib/krb4/change_password.c new file mode 100644 index 000000000..8bceec28d --- /dev/null +++ b/src/lib/krb4/change_password.c @@ -0,0 +1,138 @@ +/* + * g_pw_in_tkt.c + * + * Copyright 1987, 1988, 2002 by the Massachusetts Institute of + * Technology. All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +#include <string.h> +#include <stdlib.h> +#include <netdb.h> + +#if TARGET_OS_MAC /* XXX */ +#include <Kerberos/CredentialsCache.h> +#endif +#include "krb.h" +#include "krb4int.h" +#include "kadm.h" +#include "prot.h" + +/* + * krb_change_password(): This disgusting function handles changing passwords + * in a krb4-only environment. + * -1783126240 + * THIS IS NOT A NORMAL KRB4 API FUNCTION! DON'T USE IN PORTABLE CODE! + */ + +int KRB5_CALLCONV +krb_change_password(char *principal, char *instance, char *realm, + char *oldPassword, char *newPassword) +{ + KRB_INT32 err; + des_cblock key; + KRB_UINT32 tempKey; + size_t sendSize; + u_char *sendStream; + size_t receiveSize; + u_char *receiveStream; + Kadm_Client client_parm; + u_char *p; + + err = 0; + /* + * Get tickets to change the old password and shove them in the + * client_parm + */ + err = krb_get_pw_in_tkt_creds(principal, instance, realm, + PWSERV_NAME, KADM_SINST, 1, + oldPassword, &client_parm.creds); + if (err != KSUCCESS) + goto cleanup; + +#if TARGET_OS_MAC + /* Now create the key to send to the server */ + switch (client_parm.creds.stk_type) { + case cc_v4_stk_des: + mit_passwd_to_key(principal, instance, realm, newPassword, key); + break; + case cc_v4_stk_afs: + afs_passwd_to_key(principal, instance, realm, newPassword, key); + break; + case cc_v4_stk_krb5: + krb5_passwd_to_key(principal, instance, realm, newPassword, key); + break; + default: + /* + * Okay, actually afs_string_to_key sites can't use this + * protocol to change passwords + */ + mit_passwd_to_key(principal, instance, realm, newPassword, key); + break; + } +#else + des_string_to_key(newPassword, key); /* XXX check this! */ +#endif + /* Create the link to the server */ + err = kadm_init_link(PWSERV_NAME, KRB_MASTER, realm, &client_parm, 1); + if (err != KADM_SUCCESS) + goto cleanup; + + /* Connect to the KDC */ + err = kadm_cli_conn(&client_parm); + if (err != KADM_SUCCESS) + goto cleanup; + + /* possible problem with vts_long on a non-multiple of four boundary */ + sendSize = 0; /* start of our output packet */ + sendStream = malloc(1); /* to make it reallocable */ + sendStream[sendSize++] = CHANGE_PW; + + /* change key to stream */ + /* This looks backwards but gets inverted on the server side. */ + p = key + 4; + KRB4_GET32BE(tempKey, p); + sendSize += vts_long(tempKey, &sendStream, (int)sendSize); + p = key; + KRB4_GET32BE(tempKey, p); + sendSize += vts_long(tempKey, &sendStream, (int)sendSize); + + if (newPassword) { + sendSize += vts_string(newPassword, &sendStream, (int)sendSize); + } + + /* send the data to the kdc */ + err = kadm_cli_send(&client_parm, sendStream, sendSize, + &receiveStream, &receiveSize); + free(sendStream); + if (receiveSize > 0) + /* If there is a string from the kdc, free it - we don't care */ + free(receiveStream); + if (err != KADM_SUCCESS) + goto disconnect; + +disconnect: + /* Disconnect */ + kadm_cli_disconn(&client_parm); + +cleanup: + return err; +} diff --git a/src/lib/krb4/configure.in b/src/lib/krb4/configure.in index 874555ddf..0512949a5 100644 --- a/src/lib/krb4/configure.in +++ b/src/lib/krb4/configure.in @@ -10,33 +10,6 @@ dnl Could check for full stdc environment, but will only test dnl for stdlib.h AC_CHECK_HEADERS(stdlib.h) -AC_C_CROSS dnl pretty up output, eval this before AC_TRY_RUN -dnl need MSBFIRST, LSBFIRST, BITS16, BITS32 -AC_MSG_CHECKING([if system is msbfirst]) -AC_CACHE_VAL(krb5_cv_is_msbfirst, -[AC_TRY_RUN( -[#include <stdio.h> -int main() -{ - int one = 1; - exit (*(char*) &one); /* MSBFIRST iff 1 */ -}], -krb5_cv_is_msbfirst=yes, krb5_cv_is_msbfirst=no -)])dnl fail on cross for now -AC_MSG_RESULT($krb5_cv_is_msbfirst) -if test $krb5_cv_is_msbfirst = yes; then - AC_DEFINE(MSBFIRST) -else - AC_DEFINE(LSBFIRST) -fi -dnl -dnl check int, set bits16/bits32 based on it -AC_CHECK_SIZEOF(int) -if test $ac_cv_sizeof_int = 2; then - AC_DEFINE(BITS16) -else - AC_DEFINE(BITS32) -fi AC_TYPE_MODE_T AC_TYPE_UID_T AC_DEFINE(KRB4_USE_KEYTAB) @@ -45,4 +18,3 @@ AC_PROG_AWK KRB5_BUILD_LIBOBJS KRB5_BUILD_LIBRARY_WITH_DEPS V5_AC_OUTPUT_MAKEFILE - diff --git a/src/lib/krb4/g_in_tkt.c b/src/lib/krb4/g_in_tkt.c index 16b19660d..43997a698 100644 --- a/src/lib/krb4/g_in_tkt.c +++ b/src/lib/krb4/g_in_tkt.c @@ -44,13 +44,12 @@ typedef int (*decrypt_tkt_type) (char *, char *, char *, char *, key_proc_type, KTEXT *); #endif -static int -krb_mk_in_tkt_preauth(char *, char *, char *, char *, char *, - int, char *, int, KTEXT, int *); - -static int -krb_parse_in_tkt(char *, char *, char *, char *, char *, - int, KTEXT, int); +static int decrypt_tkt(char *, char *, char *, char *, key_proc_type, KTEXT *); +static int krb_mk_in_tkt_preauth(char *, char *, char *, char *, char *, + int, char *, int, KTEXT, int *, + struct sockaddr_in *); +static int krb_parse_in_tkt_creds(char *, char *, char *, char *, char *, + int, KTEXT, int, CREDENTIALS *); /* * decrypt_tkt(): Given user, instance, realm, passwd, key_proc @@ -135,7 +134,7 @@ decrypt_tkt(user, instance, realm, arg, key_proc, cipp) static int krb_mk_in_tkt_preauth(user, instance, realm, service, sinstance, life, - preauth_p, preauth_len, cip, byteorder) + preauth_p, preauth_len, cip, byteorder, local_addr) char *user; char *instance; char *realm; @@ -146,6 +145,7 @@ krb_mk_in_tkt_preauth(user, instance, realm, service, sinstance, life, int preauth_len; KTEXT cip; int *byteorder; + struct sockaddr_in *local_addr; { KTEXT_ST pkt_st; KTEXT pkt = &pkt_st; /* Packet to KDC */ @@ -213,7 +213,11 @@ krb_mk_in_tkt_preauth(user, instance, realm, service, sinstance, life, /* SEND THE REQUEST AND RECEIVE THE RETURN PACKET */ rpkt->length = 0; +#if 0 /* XXX */ + kerror = send_to_kdc_addr(pkt, rpkt, realm, local_addr); +#else kerror = send_to_kdc(pkt, rpkt, realm); +#endif if (kerror) return kerror; @@ -281,8 +285,8 @@ krb_mk_in_tkt_preauth(user, instance, realm, service, sinstance, life, } static int -krb_parse_in_tkt(user, instance, realm, service, sinstance, life, cip, - byteorder) +krb_parse_in_tkt_creds(user, instance, realm, service, sinstance, life, cip, + byteorder, creds) char *user; char *instance; char *realm; @@ -291,9 +295,9 @@ krb_parse_in_tkt(user, instance, realm, service, sinstance, life, cip, int life; KTEXT cip; int byteorder; + CREDENTIALS *creds; { unsigned char *ptr; - C_Block ses; /* Session key for tkt */ int len; int kvno; /* Kvno for session key */ char s_name[SNAME_SZ]; @@ -304,7 +308,6 @@ krb_parse_in_tkt(user, instance, realm, service, sinstance, life, cip, unsigned long kdc_time; /* KDC time */ unsigned KRB4_32 t_local; /* Must be 4 bytes long for memcpy below! */ KRB4_32 t_diff; /* Difference between timestamps */ - int kerror; int lifetime; ptr = cip->dat; @@ -368,24 +371,26 @@ krb_parse_in_tkt(user, instance, realm, service, sinstance, life, cip, return RD_AP_TIME; /* XXX should probably be better code */ } - /* initialize ticket cache */ - if (in_tkt(user,instance) != KSUCCESS) - return INTK_ERR; /* stash ticket, session key, etc. for future use */ - memcpy(ses, cip->dat, 8); - kerror = krb_save_credentials(s_name, s_instance, rlm, ses, - lifetime, kvno, - tkt, (KRB4_32)t_local); - memset(ses, 0, 8); - if (kerror) - return kerror; + strncpy(creds->service, s_name, sizeof(creds->service)); + strncpy(creds->instance, s_instance, sizeof(creds->instance)); + strncpy(creds->realm, rlm, sizeof(creds->realm)); + memmove(creds->session, cip->dat, sizeof(C_Block)); + creds->lifetime = lifetime; + creds->kvno = kvno; + creds->ticket_st.length = tkt->length; + memmove(creds->ticket_st.dat, tkt->dat, (size_t)tkt->length); + creds->issue_date = t_local; + strncpy(creds->pname, user, sizeof(creds->pname)); + strncpy(creds->pinst, instance, sizeof(creds->pinst)); return INTK_OK; } int -krb_get_in_tkt_preauth(user, instance, realm, service, sinstance, life, - key_proc, decrypt_proc, arg, preauth_p, preauth_len) +krb_get_in_tkt_preauth_creds(user, instance, realm, service, sinstance, life, + key_proc, decrypt_proc, + arg, preauth_p, preauth_len, creds) char *user; char *instance; char *realm; @@ -397,16 +402,27 @@ krb_get_in_tkt_preauth(user, instance, realm, service, sinstance, life, char *arg; char *preauth_p; int preauth_len; + CREDENTIALS *creds; { KTEXT_ST cip_st; KTEXT cip = &cip_st; /* Returned Ciphertext */ int kerror; int byteorder; +#if TARGET_OS_MAC + struct sockaddr_in local_addr; +#endif +#if TARGET_OS_MAC kerror = krb_mk_in_tkt_preauth(user, instance, realm, service, sinstance, life, preauth_p, preauth_len, - cip, &byteorder); + cip, &byteorder, &local_addr); +#else + kerror = krb_mk_in_tkt_preauth(user, instance, realm, + service, sinstance, + life, preauth_p, preauth_len, + cip, &byteorder, NULL); +#endif if (kerror) return kerror; /* Attempt to decrypt the reply. */ @@ -415,15 +431,87 @@ krb_get_in_tkt_preauth(user, instance, realm, service, sinstance, life, else (*decrypt_proc)(user, instance, realm, arg, key_proc, &cip); - kerror = krb_parse_in_tkt(user, instance, realm, - service, sinstance, - life, cip, byteorder); + kerror = krb_parse_in_tkt_creds(user, instance, realm, + service, sinstance, + life, cip, byteorder, creds); +#if TARGET_OS_MAC + /* Do this here to avoid OS dependency in parse_in_tkt prototype. */ + creds->address = local_addr->sin_addr.s_addr; +#endif /* stomp stomp stomp */ memset(cip->dat, 0, (size_t)cip->length); return kerror; } int +krb_get_in_tkt_creds(user, instance, realm, service, sinstance, life, + key_proc, decrypt_proc, arg, creds) + char *user; + char *instance; + char *realm; + char *service; + char *sinstance; + int life; + key_proc_type key_proc; + decrypt_tkt_type decrypt_proc; + char *arg; + CREDENTIALS *creds; +{ + return krb_get_in_tkt_preauth_creds(user, instance, realm, + service, sinstance, life, + key_proc, decrypt_proc, arg, + NULL, 0, creds); +} + +int +krb_get_in_tkt_preauth(user, instance, realm, service, sinstance, life, + key_proc, decrypt_proc, + arg, preauth_p, preauth_len) + char *user; + char *instance; + char *realm; + char *service; + char *sinstance; + int life; + key_proc_type key_proc; + decrypt_tkt_type decrypt_proc; + char *arg; + char *preauth_p; + int preauth_len; +{ + int retval; + CREDENTIALS creds; + + do { + retval = krb_get_in_tkt_preauth_creds(user, instance, realm, + service, sinstance, life, + key_proc, decrypt_proc, + arg, preauth_p, preauth_len, + &creds); + if (retval != KSUCCESS) break; + if (in_tkt(user, instance) != KSUCCESS) { + retval = INTK_ERR; + break; + } +#if TARGET_OS_MAC /* XXX */ + retval = krb_save_credentials_addr(creds.service, creds.instance, + creds.realm, creds.session, + creds.lifetime, creds.kvno, + &creds.ticket_st, creds.issue_date, + creds.address, creds.stk_type); +#else + retval = krb_save_credentials(creds.service, creds.instance, + creds.realm, creds.session, + creds.lifetime, creds.kvno, + &creds.ticket_st, creds.issue_date); +#endif + if (retval != KSUCCESS) break; + } while (0); + memset(&creds, 0, sizeof(creds)); + return retval; +} + +int krb_get_in_tkt(user, instance, realm, service, sinstance, life, key_proc, decrypt_proc, arg) char *user; @@ -439,5 +527,5 @@ krb_get_in_tkt(user, instance, realm, service, sinstance, life, return krb_get_in_tkt_preauth(user, instance, realm, service, sinstance, life, key_proc, decrypt_proc, arg, - (char *)NULL, 0); + NULL, 0); } diff --git a/src/lib/krb4/g_pw_in_tkt.c b/src/lib/krb4/g_pw_in_tkt.c index f878b77bd..3396fcbd9 100644 --- a/src/lib/krb4/g_pw_in_tkt.c +++ b/src/lib/krb4/g_pw_in_tkt.c @@ -115,6 +115,18 @@ krb_get_pw_in_tkt(user,instance,realm,service,sinstance,life,password) (decrypt_tkt_type)NULL, password)); } +int KRB5_CALLCONV +krb_get_pw_in_tkt_creds( + char *user, char *instance, char *realm, char *service, char *sinstance, + int life, char *password, CREDENTIALS *creds) +{ + return krb_get_in_tkt_creds(user, instance, realm, + service, sinstance, life, + (key_proc_type)passwd_to_key, + NULL, password, creds); +} + + /* * krb_get_pw_in_tkt_preauth() gets handed the password or key explicitly, * since the whole point of "pre" authentication is to prove that we've diff --git a/src/kadmin/v4server/kadm_err.et b/src/lib/krb4/kadm_err.et index 07ab9da4b..07ab9da4b 100644 --- a/src/kadmin/v4server/kadm_err.et +++ b/src/lib/krb4/kadm_err.et diff --git a/src/lib/krb4/kadm_net.c b/src/lib/krb4/kadm_net.c new file mode 100644 index 000000000..37a660319 --- /dev/null +++ b/src/lib/krb4/kadm_net.c @@ -0,0 +1,383 @@ +/* + * kadm_net.c + * + * Copyright 1988, 2002 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * Kerberos administration server client-side network access routines + * These routines do actual network traffic, in a machine dependent manner. + */ + +#include <errno.h> +#include <signal.h> +#include <string.h> +#include <stdlib.h> +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif + +#define DEFINE_SOCKADDR /* Ask krb.h for struct sockaddr, etc */ +#include "port-sockets.h" +#include "krb.h" +#include "krbports.h" +#include "kadm.h" +#include "kadm_err.h" +#include "prot.h" + +/* XXX FIXME! */ +#if defined(_WINDOWS) || defined(macintosh) + #define SIGNAL(s, f) 0 +#else + #define SIGNAL(s, f) signal(s, f) + extern int errno; +#endif + +static void clear_secrets(des_cblock sess_key, Key_schedule sess_sched); +/* XXX FIXME! */ +static sigtype (*opipe)(); + + +/* + * kadm_init_link + * receives : principal, instance, realm + * + * initializes client parm, the Kadm_Client structure which holds the + * data about the connection between the server and client, the services + * used, the locations and other fun things + */ +int +kadm_init_link(char *principal, char *instance, char *realm, + Kadm_Client *client_parm, int changepw) +{ + struct servent *sep; /* service we will talk to */ + u_short sep_port; + struct hostent *hop; /* host we will talk to */ + char adm_hostname[MAXHOSTNAMELEN]; + char *scol = 0; + + (void) strcpy(client_parm->sname, principal); + (void) strcpy(client_parm->sinst, instance); + (void) strcpy(client_parm->krbrlm, realm); + client_parm->admin_fd = -1; + client_parm->default_port = 1; + + /* + * set up the admin_addr - fetch name of admin or kpasswd host + * (usually the admin host is the kpasswd host unless you have + * some sort of realm on crack) + */ + if (changepw) { +#if 0 /* XXX */ + if (krb_get_kpasswdhst(adm_hostname, client_parm->krbrlm, 1) != KSUCCESS) +#endif + if (krb_get_admhst(adm_hostname, client_parm->krbrlm, 1) != KSUCCESS) + return KADM_NO_HOST; + } else { + if (krb_get_admhst(adm_hostname, client_parm->krbrlm, 1) != KSUCCESS) + return KADM_NO_HOST; + } + scol = strchr(adm_hostname,':'); + if (scol) *scol = 0; + if ((hop = gethostbyname(adm_hostname)) == NULL) + /* + * couldn't find the admin servers address + */ + return KADM_UNK_HOST; + if (scol) { + sep_port = htons(atoi(scol+1)); + client_parm->default_port = 0; + } else if ((sep = getservbyname(KADM_SNAME, "tcp")) != NULL) + sep_port = sep->s_port; + else + sep_port = htons(KADM_PORT); /* KADM_SNAME = kerberos_master/tcp */ + memset(&client_parm->admin_addr, 0, sizeof(client_parm->admin_addr)); + client_parm->admin_addr.sin_family = hop->h_addrtype; + memcpy(&client_parm->admin_addr.sin_addr, hop->h_addr, hop->h_length); + client_parm->admin_addr.sin_port = sep_port; + + return KADM_SUCCESS; +} + +/* + * kadm_cli_send + * recieves : opcode, packet, packet length, serv_name, serv_inst + * returns : return code from the packet build, the server, or + * something else + * + * It assembles a packet as follows: + * 8 bytes : VERSION STRING + * 4 bytes : LENGTH OF MESSAGE DATA and OPCODE + * : KTEXT + * : OPCODE \ + * : DATA > Encrypted (with make priv) + * : ...... / + * + * If it builds the packet and it is small enough, then it attempts to open the + * connection to the admin server. If the connection is succesfully open + * then it sends the data and waits for a reply. + */ +int +kadm_cli_send(Kadm_Client *client_parm, + u_char *st_dat, /* the actual data */ + size_t st_siz, /* length of said data */ + u_char **ret_dat, /* to give return info */ + size_t *ret_siz) /* length of returned info */ +{ +/* Macros for use in returning data... used in kadm_cli_send */ +#define RET_N_FREE(r) {clear_secrets(sess_key, sess_sched); free((char *)act_st); free((char *)priv_pak); return r;} +#define RET_N_FREE2(r) {free((char *)*ret_dat); *ret_dat = 0; *ret_siz = 0; clear_secrets(sess_key, sess_sched); return(r);} + + int act_len; /* current offset into packet, return */ + KRB_INT32 retdat; /* data */ + KTEXT_ST authent; /* the authenticator we will build */ + u_char *act_st; /* the pointer to the complete packet */ + u_char *priv_pak; /* private version of the packet */ + long priv_len; /* length of private packet */ + u_long cksum; /* checksum of the packet */ + MSG_DAT mdat; + u_char *return_dat; + u_char *p; + KRB_UINT32 uretdat; + + /* Keys for use in the transactions */ + des_cblock sess_key; /* to be filled in by kadm_cli_keyd */ + Key_schedule sess_sched; + + act_st = malloc(KADM_VERSIZE); /* verstr stored first */ + strncpy((char *)act_st, KADM_VERSTR, KADM_VERSIZE); + act_len = KADM_VERSIZE; + + if ((retdat = kadm_cli_keyd(client_parm, sess_key, sess_sched)) != KADM_SUCCESS) { + free(act_st); + return retdat; /* couldnt get key working */ + } + priv_pak = malloc(st_siz + 200); + /* 200 bytes for extra info case */ + /* XXX Check mk_priv return type */ + if ((priv_len = krb_mk_priv(st_dat, priv_pak, (u_long)st_siz, + sess_sched, (C_Block *)sess_key, + &client_parm->my_addr, + &client_parm->admin_addr)) < 0) + RET_N_FREE(KADM_NO_ENCRYPT); /* whoops... we got a lose here */ + /* + * here is the length of priv data. receiver calcs size of + * authenticator by subtracting vno size, priv size, and + * sizeof(u_long) (for the size indication) from total size + */ + act_len += vts_long((KRB_UINT32)priv_len, &act_st, (int)act_len); +#ifdef NOENCRYPTION + cksum = 0; +#else + cksum = quad_cksum(priv_pak, NULL, priv_len, 0, &sess_key); +#endif + /* XXX cast unsigned->signed */ + if ((retdat = krb_mk_req_creds(&authent, &client_parm->creds, (long)cksum)) != NULL) { + /* authenticator? */ + RET_N_FREE(retdat); + } + + act_st = realloc(act_st, (unsigned) (act_len + authent.length + + priv_len)); + if (!act_st) { + clear_secrets(sess_key, sess_sched); + free(priv_pak); + return KADM_NOMEM; + } + memcpy(act_st + act_len, authent.dat, authent.length); + memcpy(act_st + act_len + authent.length, priv_pak, priv_len); + free(priv_pak); + if ((retdat = kadm_cli_out(client_parm, act_st, + act_len + authent.length + priv_len, + ret_dat, ret_siz)) != KADM_SUCCESS) + RET_N_FREE(retdat); + free(act_st); + + /* first see if it's a YOULOSE */ + if ((*ret_siz >= KADM_VERSIZE) && + !strncmp(KADM_ULOSE, (char *)*ret_dat, KADM_VERSIZE)) + { + /* it's a youlose packet */ + if (*ret_siz < KADM_VERSIZE + 4) + RET_N_FREE2(KADM_BAD_VER); + p = *ret_dat + KADM_VERSIZE; + KRB4_GET32BE(uretdat, p); + /* XXX unsigned->signed */ + retdat = (KRB_INT32)uretdat; + RET_N_FREE2(retdat); + } + /* need to decode the ret_dat */ + if ((retdat = krb_rd_priv(*ret_dat, (u_long)*ret_siz, sess_sched, + (C_Block *)sess_key, &client_parm->admin_addr, + &client_parm->my_addr, &mdat)) != NULL) + RET_N_FREE2(retdat); + if (mdat.app_length < KADM_VERSIZE + 4) + /* too short! */ + RET_N_FREE2(KADM_BAD_VER); + if (strncmp((char *)mdat.app_data, KADM_VERSTR, KADM_VERSIZE)) + /* bad version */ + RET_N_FREE2(KADM_BAD_VER); + p = mdat.app_data + KADM_VERSIZE; + KRB4_GET32BE(uretdat, p); + /* XXX unsigned->signed */ + retdat = (KRB_INT32)uretdat; + if ((mdat.app_length - KADM_VERSIZE - 4) != 0) { + if (!(return_dat = + malloc((unsigned)(mdat.app_length - KADM_VERSIZE - 4)))) + RET_N_FREE2(KADM_NOMEM); + memcpy(return_dat, p, mdat.app_length - KADM_VERSIZE - 4); + } else { + /* If it's zero length, still need to malloc a 1 byte string; */ + /* malloc's of zero will return NULL on AIX & A/UX */ + if (!(return_dat = malloc((unsigned) 1))) + RET_N_FREE2(KADM_NOMEM); + *return_dat = '\0'; + } + free(*ret_dat); + clear_secrets(sess_key, sess_sched); + *ret_dat = return_dat; + *ret_siz = mdat.app_length - KADM_VERSIZE - 4; + return retdat; +} + +int kadm_cli_conn(Kadm_Client *client_parm) +{ /* this connects and sets my_addr */ +#if 0 + int on = 1; +#endif + if ((client_parm->admin_fd = + socket(client_parm->admin_addr.sin_family, SOCK_STREAM,0)) < 0) + return KADM_NO_SOCK; /* couldnt create the socket */ + if (SOCKET_CONNECT(client_parm->admin_fd, + (struct sockaddr *) & client_parm->admin_addr, + sizeof(client_parm->admin_addr))) { + (void) SOCKET_CLOSE(client_parm->admin_fd); + client_parm->admin_fd = -1; + + /* The V4 kadmind port number is 751. The RFC assigned + number, for V5, is 749. Sometimes the entry in + /etc/services on a client machine will say 749, but the + server may be listening on port 751. We try to partially + cope by automatically falling back to try port 751 if we + don't get a reply on port we are using. */ + if (client_parm->admin_addr.sin_port != htons(KADM_PORT) + && client_parm->default_port) { + client_parm->admin_addr.sin_port = htons(KADM_PORT); + return kadm_cli_conn(client_parm); + } + + return KADM_NO_CONN; /* couldnt get the connect */ + } + opipe = SIGNAL(SIGPIPE, SIG_IGN); + client_parm->my_addr_len = sizeof(client_parm->my_addr); + if (SOCKET_GETSOCKNAME(client_parm->admin_fd, + (struct sockaddr *) & client_parm->my_addr, + &client_parm->my_addr_len) < 0) { + (void) SOCKET_CLOSE(client_parm->admin_fd); + client_parm->admin_fd = -1; + (void) SIGNAL(SIGPIPE, opipe); + return KADM_NO_HERE; /* couldnt find out who we are */ + } +#if 0 + if (setsockopt(client_parm.admin_fd, SOL_SOCKET, SO_KEEPALIVE, (char *)&on, + sizeof(on)) < 0) { + (void) closesocket(client_parm.admin_fd); + client_parm.admin_fd = -1; + (void) SIGNAL(SIGPIPE, opipe); + return KADM_NO_CONN; /* XXX */ + } +#endif + return KADM_SUCCESS; +} + +void kadm_cli_disconn(Kadm_Client *client_parm) +{ + (void) SOCKET_CLOSE(client_parm->admin_fd); + (void) SIGNAL(SIGPIPE, opipe); + return; +} + +int kadm_cli_out(Kadm_Client *client_parm, u_char *dat, int dat_len, + u_char **ret_dat, size_t *ret_siz) +{ + u_short dlen; + int retval; + unsigned char buf[2], *p; + + dlen = (u_short)dat_len; + if (dlen > 0x7fff) /* XXX krb_net_write signedness */ + return KADM_NO_ROOM; + + p = buf; + KRB4_PUT16BE(p, dlen); + if (krb_net_write(client_parm->admin_fd, (char *)buf, 2) < 0) + return SOCKET_ERRNO; /* XXX */ + + if (krb_net_write(client_parm->admin_fd, (char *)dat, (int)dat_len) < 0) + return SOCKET_ERRNO; /* XXX */ + + retval = krb_net_read(client_parm->admin_fd, (char *)buf, 2); + if (retval != 2) { + if (retval < 0) + return SOCKET_ERRNO; /* XXX */ + else + return EPIPE; /* short read ! */ + } + + p = buf; + KRB4_GET16BE(dlen, p); + if (dlen > INT_MAX) /* XXX krb_net_read signedness */ + return KADM_NO_ROOM; + *ret_dat = malloc(dlen); + if (!*ret_dat) + return KADM_NOMEM; + + retval = krb_net_read(client_parm->admin_fd, (char *)*ret_dat, (int)dlen); + if (retval != dlen) { + if (retval < 0) + return SOCKET_ERRNO; /* XXX */ + else + return EPIPE; /* short read ! */ + } + *ret_siz = dlen; + return KADM_SUCCESS; +} + +static void +clear_secrets(des_cblock sess_key, Key_schedule sess_sched) +{ + memset(sess_key, 0, sizeof(sess_key)); + memset(sess_sched, 0, sizeof(sess_sched)); + return; +} + +/* takes in the sess_key and key_schedule and sets them appropriately */ +int kadm_cli_keyd(Kadm_Client *client_parm, + des_cblock s_k, des_key_schedule s_s) +{ + int stat; + + memcpy(s_k, client_parm->creds.session, sizeof(des_cblock)); + stat = key_sched(s_k, s_s); + if (stat) + return stat; + return KADM_SUCCESS; +} /* This code "works" */ diff --git a/src/lib/krb4/kadm_stream.c b/src/lib/krb4/kadm_stream.c new file mode 100644 index 000000000..3a9861eda --- /dev/null +++ b/src/lib/krb4/kadm_stream.c @@ -0,0 +1,319 @@ +/* + * kadm_stream.c + * + * Copyright 1988, 2002 by the Massachusetts Institute of Technology. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * Stream conversion functions for Kerberos administration server + */ + +/* + kadm_stream.c + this holds the stream support routines for the kerberos administration server + + vals_to_stream: converts a vals struct to a stream for transmission + internals build_field_header, vts_[string, char, long, short] + stream_to_vals: converts a stream to a vals struct + internals check_field_header, stv_[string, char, long, short] + error: prints out a kadm error message, returns + fatal: prints out a kadm fatal error message, exits +*/ + +#include <string.h> +#include <stdlib.h> + +#include "kadm.h" +#include "kadm_err.h" +#include "prot.h" + +#define min(a,b) (((a) < (b)) ? (a) : (b)) + +/* +vals_to_stream + recieves : kadm_vals *, u_char * + returns : a realloced and filled in u_char * + +this function creates a byte-stream representation of the kadm_vals structure +*/ +int +vals_to_stream(Kadm_vals *dt_in, u_char **dt_out) +{ + int vsloop, stsize; /* loop counter, stream size */ + + stsize = build_field_header(dt_in->fields, dt_out); + for (vsloop = 31; vsloop >= 0; vsloop--) + if (IS_FIELD(vsloop, dt_in->fields)) { + switch (vsloop) { + case KADM_NAME: + stsize += vts_string(dt_in->name, dt_out, stsize); + break; + case KADM_INST: + stsize += vts_string(dt_in->instance, dt_out, stsize); + break; + case KADM_EXPDATE: + stsize += vts_long((KRB_UINT32)dt_in->exp_date, + dt_out, stsize); + break; + case KADM_ATTR: + stsize += vts_short(dt_in->attributes, dt_out, stsize); + break; + case KADM_MAXLIFE: + stsize += vts_char(dt_in->max_life, dt_out, stsize); + break; + case KADM_DESKEY: + stsize += vts_long(dt_in->key_high, dt_out, stsize); + stsize += vts_long(dt_in->key_low, dt_out, stsize); + break; + default: + break; + } + } + return stsize; +} + +int +build_field_header( + u_char *cont, /* container for fields data */ + u_char **st) /* stream */ +{ + *st = malloc(4); + if (*st == NULL) + return -1; + memcpy(*st, cont, 4); + return 4; /* return pointer to current stream location */ +} + +int +vts_string(char *dat, u_char **st, int loc) +{ + size_t len; + unsigned char *p; + + if (loc < 0) + return -1; + len = strlen(dat) + 1; + p = realloc(*st, (size_t)loc + len); + if (p == NULL) + return -1; + memcpy(p + loc, dat, len); + *st = p; + return len; +} + +int +vts_short(KRB_UINT32 dat, u_char **st, int loc) +{ + unsigned char *p; + + if (loc < 0) + return -1; + p = realloc(*st, (size_t)loc + 2); + if (p == NULL) + return -1; + + KRB4_PUT16BE(p, dat); + *st = p; + return 2; +} + +int +vts_long(KRB_UINT32 dat, u_char **st, int loc) +{ + unsigned char *p; + + if (loc < 0) + return -1; + p = realloc(*st, (size_t)loc + 4); + if (p == NULL) + return -1; + + KRB4_PUT32BE(p, dat); + *st = p; + return 4; +} + +int +vts_char(KRB_UINT32 dat, u_char **st, int loc) +{ + unsigned char *p; + + if (loc < 0) + return -1; + p = realloc(*st, (size_t)loc + 1); + if (p == NULL) + return -1; + p[loc] = dat & 0xff; + *st = p; + return 1; +} + +/* +stream_to_vals + recieves : u_char *, kadm_vals * + returns : a kadm_vals filled in according to u_char * + +this decodes a byte stream represntation of a vals struct into kadm_vals +*/ +int +stream_to_vals( + u_char *dt_in, + Kadm_vals *dt_out, + int maxlen) /* max length to use */ +{ + register int vsloop, stsize; /* loop counter, stream size */ + register int status; + + memset(dt_out, 0, sizeof(*dt_out)); + + stsize = check_field_header(dt_in, dt_out->fields, maxlen); + if (stsize < 0) + return -1; + for (vsloop = 31; vsloop >= 0; vsloop--) + if (IS_FIELD(vsloop, dt_out->fields)) + switch (vsloop) { + case KADM_NAME: + status = stv_string(dt_in, dt_out->name, stsize, + sizeof(dt_out->name), maxlen); + if (status < 0) + return -1; + stsize += status; + break; + case KADM_INST: + status = stv_string(dt_in, dt_out->instance, stsize, + sizeof(dt_out->instance), maxlen); + if (status < 0) + return -1; + stsize += status; + break; + case KADM_EXPDATE: + { + KRB_UINT32 exp_date; + + status = stv_long(dt_in, &exp_date, stsize, maxlen); + if (status < 0) + return -1; + dt_out->exp_date = exp_date; + stsize += status; + } + break; + case KADM_ATTR: + status = stv_short(dt_in, &dt_out->attributes, stsize, + maxlen); + if (status < 0) + return -1; + stsize += status; + break; + case KADM_MAXLIFE: + status = stv_char(dt_in, &dt_out->max_life, stsize, + maxlen); + if (status < 0) + return -1; + stsize += status; + break; + case KADM_DESKEY: + status = stv_long(dt_in, &dt_out->key_high, stsize, + maxlen); + if (status < 0) + return -1; + stsize += status; + status = stv_long(dt_in, &dt_out->key_low, stsize, + maxlen); + if (status < 0) + return -1; + stsize += status; + break; + default: + break; + } + return stsize; +} + +int +check_field_header( + u_char *st, /* stream */ + u_char *cont, /* container for fields data */ + int maxlen) +{ + if (4 > maxlen) + return -1; + memcpy(cont, st, 4); + return 4; /* return pointer to current stream location */ +} + +int +stv_string( + register u_char *st, /* base pointer to the stream */ + char *dat, /* a string to read from the stream */ + register int loc, /* offset into the stream for current data */ + int stlen, /* max length of string to copy in */ + int maxlen) /* max length of input stream */ +{ + int maxcount; /* max count of chars to copy */ + + if (loc < 0) + return -1; + maxcount = min(maxlen - loc, stlen); + if (maxcount <= 0) /* No strings left in the input stream */ + return -1; + + (void) strncpy(dat, (char *)st + loc, (size_t)maxcount); + + if (dat[maxcount - 1]) /* not null-term --> not enuf room */ + return -1; + return strlen(dat) + 1; +} + +int +stv_short(u_char *st, u_short *dat, int loc, int maxlen) +{ + u_short temp; + unsigned char *p; + + if (loc < 0 || loc + 2 > maxlen) + return -1; + p = st + loc; + KRB4_GET16BE(temp, p); + *dat = temp; + return 2; +} + +int +stv_long(u_char *st, KRB_UINT32 *dat, int loc, int maxlen) +{ + KRB_UINT32 temp; + unsigned char *p; + + if (loc < 0 || loc + 4 > maxlen) + return -1; + p = st + loc; + KRB4_GET32BE(temp, p); + *dat = temp; + return 4; +} + +int +stv_char(u_char *st, u_char *dat, int loc, int maxlen) +{ + if (loc < 0 || loc + 1 > maxlen) + return -1; + *dat = *(st + loc); + return 1; +} diff --git a/src/lib/krb4/mk_req.c b/src/lib/krb4/mk_req.c index b5f02529b..698d2c2ad 100644 --- a/src/lib/krb4/mk_req.c +++ b/src/lib/krb4/mk_req.c @@ -1,7 +1,7 @@ /* * lib/krb4/mk_req.c * - * Copyright 1985, 1986, 1987, 1988, 2000 by the Massachusetts + * Copyright 1985, 1986, 1987, 1988, 2000, 2002 by the Massachusetts * Institute of Technology. All Rights Reserved. * * Export of this software from the United States of America may @@ -33,6 +33,8 @@ extern int krb_ap_req_debug; static int lifetime = 255; /* Default based on the TGT */ +static int krb_mk_req_creds_prealm(KTEXT, CREDENTIALS *, KRB4_32, char *); + /* * krb_mk_req takes a text structure in which an authenticator is to * be built, the name of a service, an instance, a realm, @@ -83,83 +85,51 @@ static int lifetime = 255; /* Default based on the TGT */ * all rounded up to multiple of 8. */ -int KRB5_CALLCONV -krb_mk_req(authent, service, instance, realm, checksum) +static int +krb_mk_req_creds_prealm(authent, creds, checksum, myrealm) register KTEXT authent; /* Place to build the authenticator */ - char *service; /* Name of the service */ - char *instance; /* Service instance */ - char *realm; /* Authentication domain of service */ + CREDENTIALS *creds; KRB4_32 checksum; /* Checksum of data (optional) */ + char *myrealm; /* Client's realm */ { KTEXT_ST req_st; /* Temp storage for req id */ KTEXT req_id = &req_st; unsigned char *p, *q, *reqid_lenp; int tl; /* Tkt len */ int idl; /* Reqid len */ - CREDENTIALS cr; /* Credentials used by retr */ - register KTEXT ticket = &(cr.ticket_st); /* Pointer to tkt_st */ - int retval; /* Returned by krb_get_cred */ + register KTEXT ticket; /* Pointer to tkt_st */ Key_schedule key_s; - char krb_realm[REALM_SZ]; /* Our local realm, if not specified */ - char myrealm[REALM_SZ]; /* Realm of our TGT */ size_t realmlen, pnamelen, pinstlen, myrealmlen; unsigned KRB4_32 time_secs; unsigned KRB4_32 time_usecs; - /* get current realm if not passed in */ - if (realm == NULL) { - retval = krb_get_lrealm(krb_realm, 1); - if (retval != KSUCCESS) - return retval; - realm = krb_realm; - } - + ticket = &creds->ticket_st; /* Get the ticket and move it into the authenticator */ if (krb_ap_req_debug) - DEB (("Realm: %s\n",realm)); - /* - * Determine realm of these tickets. We will send this to the - * KDC from which we are requesting tickets so it knows what to - * with our session key. - */ - retval = krb_get_tf_realm(TKT_FILE, myrealm); - if (retval != KSUCCESS) - return retval; + DEB (("Realm: %s\n", creds->realm)); - retval = krb_get_cred(service, instance, realm, &cr); - if (retval == RET_NOTKT) { - retval = get_ad_tkt(service, instance, realm, lifetime); - if (retval) - return retval; - retval = krb_get_cred(service, instance, realm, &cr); - if (retval) - return retval; - } - if (retval != KSUCCESS) - return retval; - - realmlen = strlen(realm) + 1; + realmlen = strlen(creds->realm) + 1; if (sizeof(authent->dat) < (1 + 1 + 1 + realmlen + 1 + 1 + ticket->length) || ticket->length < 0 || ticket->length > 255) { authent->length = 0; - memset(cr.session, 0, sizeof(cr.session)); + memset(creds->session, 0, sizeof(creds->session)); return KFAILURE; } if (krb_ap_req_debug) - DEB (("%s %s %s %s %s\n", service, instance, realm, - cr.pname, cr.pinst)); + DEB (("%s %s %s %s %s\n", creds->service, creds->instance, + creds->realm, creds->pname, creds->pinst)); p = authent->dat; /* The fixed parts of the authenticator */ *p++ = KRB_PROT_VERSION; *p++ = AUTH_MSG_APPL_REQUEST; - *p++ = cr.kvno; + *p++ = creds->kvno; - memcpy(p, realm, realmlen); + memcpy(p, creds->realm, realmlen); p += realmlen; tl = ticket->length; @@ -173,14 +143,14 @@ krb_mk_req(authent, service, instance, realm, checksum) if (krb_ap_req_debug) DEB (("Ticket->length = %d\n",ticket->length)); if (krb_ap_req_debug) - DEB (("Issue date: %d\n",cr.issue_date)); + DEB (("Issue date: %d\n",creds->issue_date)); - pnamelen = strlen(cr.pname) + 1; - pinstlen = strlen(cr.pinst) + 1; + pnamelen = strlen(creds->pname) + 1; + pinstlen = strlen(creds->pinst) + 1; myrealmlen = strlen(myrealm) + 1; if (sizeof(req_id->dat) / 8 < (pnamelen + pinstlen + myrealmlen + 4 + 1 + 4 + 7) / 8) { - memset(cr.session, 0, sizeof(cr.session)); + memset(creds->session, 0, sizeof(creds->session)); return KFAILURE; } @@ -188,10 +158,10 @@ krb_mk_req(authent, service, instance, realm, checksum) /* Build request id */ /* Auth name */ - memcpy(q, cr.pname, pnamelen); + memcpy(q, creds->pname, pnamelen); q += pnamelen; /* Principal's instance */ - memcpy(q, cr.pinst, pinstlen); + memcpy(q, creds->pinst, pinstlen); q += pinstlen; /* Authentication domain */ memcpy(q, myrealm, myrealmlen); @@ -210,12 +180,12 @@ krb_mk_req(authent, service, instance, realm, checksum) #ifndef NOENCRYPTION /* Encrypt the request ID using the session key */ - key_sched(cr.session, key_s); + key_sched(creds->session, key_s); pcbc_encrypt((C_Block *)req_id->dat, (C_Block *)req_id->dat, - (long)req_id->length, key_s, &cr.session, 1); + (long)req_id->length, key_s, &creds->session, 1); /* clean up */ memset(key_s, 0, sizeof(key_s)); - memset(cr.session, 0, sizeof(cr.session)); + memset(creds->session, 0, sizeof(creds->session)); #endif /* NOENCRYPTION */ /* Copy it into the authenticator */ @@ -239,6 +209,61 @@ krb_mk_req(authent, service, instance, realm, checksum) return KSUCCESS; } +int KRB5_CALLCONV +krb_mk_req(authent, service, instance, realm, checksum) + register KTEXT authent; /* Place to build the authenticator */ + char *service; /* Name of the service */ + char *instance; /* Service instance */ + char *realm; /* Authentication domain of service */ + KRB4_32 checksum; /* Checksum of data (optional) */ +{ + char krb_realm[REALM_SZ]; /* Our local realm, if not specified */ + char myrealm[REALM_SZ]; /* Realm of initial TGT. */ + int retval; + CREDENTIALS creds; + + /* get current realm if not passed in */ + if (realm == NULL) { + retval = krb_get_lrealm(krb_realm, 1); + if (retval != KSUCCESS) + return retval; + realm = krb_realm; + } + /* + * Determine realm of these tickets. We will send this to the + * KDC from which we are requesting tickets so it knows what to + * with our session key. + */ + retval = krb_get_tf_realm(TKT_FILE, myrealm); + if (retval != KSUCCESS) + retval = krb_get_lrealm(myrealm, 1); + if (retval != KSUCCESS) + return retval; + + retval = krb_get_cred(service, instance, realm, &creds); + if (retval == RET_NOTKT) { + retval = get_ad_tkt(service, instance, realm, lifetime); + if (retval) + return retval; + retval = krb_get_cred(service, instance, realm, &creds); + if (retval) + return retval; + } + if (retval != KSUCCESS) + return retval; + + return krb_mk_req_creds_prealm(authent, &creds, checksum, myrealm); +} + +int KRB5_CALLCONV +krb_mk_req_creds(authent, creds, checksum) + register KTEXT authent; /* Place to build the authenticator */ + CREDENTIALS *creds; + KRB4_32 checksum; /* Checksum of data (optional) */ +{ + return krb_mk_req_creds_prealm(authent, creds, checksum, creds->realm); +} + /* * krb_set_lifetime sets the default lifetime for additional tickets * obtained via krb_mk_req(). @@ -246,7 +271,7 @@ krb_mk_req(authent, service, instance, realm, checksum) * It returns the previous value of the default lifetime. */ -int +int KRB5_CALLCONV krb_set_lifetime(newval) int newval; { diff --git a/src/lib/krb4/one.c b/src/lib/krb4/one.c deleted file mode 100644 index 47a16e27f..000000000 --- a/src/lib/krb4/one.c +++ /dev/null @@ -1,15 +0,0 @@ -/* - * one.c - * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * <mit-copyright.h>. - */ - -/* - * definition of variable set to 1. - * used in krb_conf.h to determine host byte order. - */ - -const int krbONE = 1; diff --git a/src/lib/krb4/password_to_key.c b/src/lib/krb4/password_to_key.c new file mode 100644 index 000000000..be307a42d --- /dev/null +++ b/src/lib/krb4/password_to_key.c @@ -0,0 +1,146 @@ +/* + * password_to_key.c -- password_to_key functions merged from KfM + * + * Copyright 1999, 2002 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +#include <string.h> +#include <stdlib.h> + +#if TARGET_OS_MAC +#include <Kerberos/CredentialsCache.h> +#endif +#include "krb.h" +#include "krb4int.h" + +/* + * passwd_to_key(): given a password, return a DES key. + * There are extra arguments here which (used to be?) + * used by srvtab_to_key(). + * + * If the "passwd" argument is not null, generate a DES + * key from it, using string_to_key(). + * + * If the "passwd" argument is null, then on a Unix system we call + * des_read_password() to prompt for a password and then convert it + * into a DES key. But "prompting" the user is harder in a Windows or + * Macintosh environment, so we rely on our caller to explicitly do + * that now. + * + * In either case, the resulting key is put in the "key" argument, + * and 0 is returned. + */ + +#if TARGET_OS_MAC +/*ARGSUSED */ +int +krb_get_keyprocs(KRB_UINT32 stkType, + key_proc_array kps, key_proc_type_array sts) +{ + /* generates the list of key procs */ + /* always try them all, but try the specified one first */ + switch (stkType) { + case cc_v4_stk_afs: + kps[0] = afs_passwd_to_key; + sts[0] = cc_v4_stk_afs; + + kps[1] = mit_passwd_to_key; + sts[1] = cc_v4_stk_des; + + kps[2] = krb5_passwd_to_key; + sts[2] = cc_v4_stk_krb5; + + kps[3] = NULL; + break; + case cc_v4_stk_des: + case cc_v4_stk_unknown: + default: + kps[0] = mit_passwd_to_key; + sts[0] = cc_v4_stk_des; + + kps[1] = afs_passwd_to_key; + sts[1] = cc_v4_stk_afs; + + kps[2] = krb5_passwd_to_key; + sts[2] = cc_v4_stk_krb5; + + kps[3] = NULL; + break; + } + return KSUCCESS; +} +#endif + +int +mit_passwd_to_key(char *user, char *instance, char *realm, + char *passwd, C_Block key) +{ +#pragma unused(user) +#pragma unused(instance) +#pragma unused(realm) + + if (passwd) + mit_string_to_key(passwd, key); +#if !(defined(_WINDOWS) || defined(macintosh)) + else { + des_read_password((C_Block *)key, "Password: ", 0); + } +#endif /* unix */ + return (0); +} + +/* So we can use a v4 kinit against a v5 kdc with no krb4 salted key */ +int +krb5_passwd_to_key(char *user, char *instance, char *realm, + char *passwd, C_Block key) +{ + if (user && instance && realm && passwd) { + unsigned int len = MAX_K_NAME_SZ + strlen(passwd) + 1; + char *p = malloc (len); + if (p != NULL) { + snprintf (p, len, "%s%s%s%s", passwd, realm, user, instance); + p[len - 1] = '\0'; + mit_string_to_key (p, key); + free (p); + return 0; + } + } + return -1; +} + +int +afs_passwd_to_key(char *user, char *instance, char *realm, + char *passwd, C_Block key) +{ +#pragma unused(user) +#pragma unused(instance) + + if (passwd) + afs_string_to_key(passwd, realm, key); +#if !(defined(_WINDOWS) || defined(macintosh)) + else { + des_read_password((C_Block *)key, "Password: ", 0); + } +#endif /* unix */ + return (0); +} diff --git a/src/lib/krb4/prot_client.c b/src/lib/krb4/prot_client.c index d254e8949..315f7f08a 100644 --- a/src/lib/krb4/prot_client.c +++ b/src/lib/krb4/prot_client.c @@ -64,7 +64,7 @@ krb4prot_encode_kdc_request(char *pname, char *pinst, char *prealm, p = pkt->dat; *p++ = KRB_PROT_VERSION; - *p++ = AUTH_MSG_KDC_REQUEST | (le ? LSB_FIRST : MSB_FIRST); + *p++ = AUTH_MSG_KDC_REQUEST | !!le; ret = krb4prot_encode_naminstrlm(pname, pinst, prealm, chklen, pkt, &p); @@ -235,7 +235,7 @@ krb4prot_encode_apreq(int kvno, char *realm, p = pkt->dat; /* Assume >= 3 bytes in a KTEXT. */ *p++ = KRB_PROT_VERSION; - *p++ = AUTH_MSG_APPL_REQUEST | (le ? LSB_FIRST : MSB_FIRST); + *p++ = AUTH_MSG_APPL_REQUEST | !!le; *p++ = kvno; diff --git a/src/lib/krb4/prot_kdc.c b/src/lib/krb4/prot_kdc.c index d733c2589..aaaa9d00c 100644 --- a/src/lib/krb4/prot_kdc.c +++ b/src/lib/krb4/prot_kdc.c @@ -91,7 +91,7 @@ krb4prot_encode_kdc_reply(char *pname, char *pinst, char *prealm, else *p++ = KRB_PROT_VERSION; /* little-endianness based on input, usually big-endian, though. */ - *p++ = AUTH_MSG_KDC_REPLY | (le ? LSB_FIRST : MSB_FIRST); + *p++ = AUTH_MSG_KDC_REPLY | !!le; ret = krb4prot_encode_naminstrlm(pname, pinst, prealm, chklen, outbuf, &p); @@ -281,7 +281,7 @@ krb4prot_encode_tkt(unsigned int flags, * Assume at least one byte in a KTEXT. If not, we have bigger * problems. Also, bitwise-OR in the little-endian flag. */ - *p++ = flags | (le ? LSB_FIRST : MSB_FIRST); + *p++ = flags | !!le; if (krb4prot_encode_naminstrlm(pname, pinst, prealm, chklen, tkt, &p)) @@ -369,7 +369,7 @@ krb4prot_encode_err_reply(char *pname, char *pinst, char *prealm, p = pkt->dat; /* Assume >= 2 bytes in KTEXT. */ *p++ = KRB_PROT_VERSION; - *p++ = AUTH_MSG_ERR_REPLY | (le ? LSB_FIRST : MSB_FIRST); + *p++ = AUTH_MSG_ERR_REPLY | !!le; if (krb4prot_encode_naminstrlm(pname, pinst, prealm, chklen, pkt, &p)) diff --git a/src/lib/krb4/rd_req.c b/src/lib/krb4/rd_req.c index b97bdbe0a..1b8de0cf3 100644 --- a/src/lib/krb4/rd_req.c +++ b/src/lib/krb4/rd_req.c @@ -1,8 +1,8 @@ /* * lib/krb4/rd_req.c * - * Copyright 1985, 1986, 1987, 1988, 2000, 2001 by the Massachusetts - * Institute of Technology. All Rights Reserved. + * Copyright 1985, 1986, 1987, 1988, 2000, 2001, 2002 by the + * Massachusetts Institute of Technology. All Rights Reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. @@ -33,6 +33,10 @@ extern int krb_ap_req_debug; +static int +krb_rd_req_with_key(KTEXT, char *, char *, KRB_UINT32, AUTH_DAT *, + Key_schedule, krb5_keyblock *); + /* declared in krb.h */ int krb_ignore_ip_address = 0; @@ -162,14 +166,15 @@ krb_clear_key_krb5(ctx) * Mutual authentication is not implemented. */ -int KRB5_CALLCONV -krb_rd_req(authent, service, instance, from_addr, ad, fn) +static int +krb_rd_req_with_key(authent, service, instance, from_addr, ad, ks, k5key) register KTEXT authent; /* The received message */ char *service; /* Service name */ char *instance; /* Service instance */ unsigned KRB4_32 from_addr; /* Net address of originating host */ AUTH_DAT *ad; /* Structure to be filled in */ - char *fn; /* Filename to get keys from */ + Key_schedule ks; + krb5_keyblock *k5key; { KTEXT_ST ticket; /* Temp storage for ticket */ KTEXT tkt = &ticket; @@ -178,7 +183,6 @@ krb_rd_req(authent, service, instance, from_addr, ad, fn) char realm[REALM_SZ]; /* Realm of issuing kerberos */ Key_schedule seskey_sched; /* Key sched for session key */ - unsigned char skey[KKEY_SZ]; /* Session key from ticket */ char sname[SNAME_SZ]; /* Service name from ticket */ char iname[INST_SZ]; /* Instance name from ticket */ char r_aname[ANAME_SZ]; /* Client name from authenticator */ @@ -199,8 +203,6 @@ krb_rd_req(authent, service, instance, from_addr, ad, fn) Kerberos used to encrypt ticket */ int ret; int len; - krb5_keyblock keyblock; - int status; tkt->mbz = req_id->mbz = 0; @@ -248,49 +250,6 @@ krb_rd_req(authent, service, instance, from_addr, ad, fn) (void)memcpy(realm, ptr, (size_t)len); ptr += len; /* skip the realm "hint" */ - /* - * If "fn" is NULL, key info should already be set; don't - * bother with ticket file. Otherwise, check to see if we - * already have key info for the given server and key version - * (saved in the static st_* variables). If not, go get it - * from the ticket file. If "fn" is the null string, use the - * default ticket file. - */ - if (fn && (strcmp(st_nam,service) || strcmp(st_inst,instance) - || strcmp(st_rlm,realm) || (st_kvno != s_kvno))) { - if (*fn == 0) - fn = KEYFILE; - st_kvno = s_kvno; -#ifndef NOENCRYPTION - if (read_service_key(service,instance,realm, (int)s_kvno, - fn, (char *)skey) == 0) { - if ((status = krb_set_key((char *)skey,0))) - return(status); -#ifdef KRB4_USE_KEYTAB - } else if (krb54_get_service_keyblock(service, instance, - realm, (int)s_kvno, - fn, &keyblock) == 0) { - krb_set_key_krb5(krb5__krb4_context, &keyblock); - krb5_free_keyblock_contents(krb5__krb4_context, &keyblock); -#endif - } else - return RD_AP_UNDEC; -#endif /* !NOENCRYPTION */ - - len = krb4int_strnlen(realm, sizeof(st_rlm)) + 1; - if (len <= 0) - return KFAILURE; - memcpy(st_rlm, realm, (size_t)len); - len = krb4int_strnlen(service, sizeof(st_nam)) + 1; - if (len <= 0) - return KFAILURE; - memcpy(st_nam, service, (size_t)len); - len = krb4int_strnlen(instance, sizeof(st_inst)) + 1; - if (len <= 0) - return KFAILURE; - memcpy(st_inst, instance, (size_t)len); - } - /* Get ticket length */ tkt->length = *ptr++; /* Get authenticator length while we're at it. */ @@ -312,10 +271,10 @@ krb_rd_req(authent, service, instance, from_addr, ad, fn) /* Decrypt and take apart ticket */ #endif - if (!krb5_key) { + if (k5key == NULL) { if (decomp_ticket(tkt,&ad->k_flags,ad->pname,ad->pinst,ad->prealm, &(ad->address),ad->session, &(ad->life), - &(ad->time_sec),sname,iname,ky,serv_key)) { + &(ad->time_sec),sname,iname,ky,ks)) { #ifdef KRB_CRYPT_DEBUG log("Can't decode ticket"); #endif @@ -325,7 +284,7 @@ krb_rd_req(authent, service, instance, from_addr, ad, fn) if (decomp_tkt_krb5(tkt, &ad->k_flags, ad->pname, ad->pinst, ad->prealm, &ad->address, ad->session, &ad->life, &ad->time_sec, sname, iname, - &srv_k5key)) { + k5key)) { return RD_AP_UNDEC; } } @@ -471,3 +430,98 @@ cleanup: return RD_AP_OK; } + +int KRB5_CALLCONV +krb_rd_req_int(authent, service, instance, from_addr, ad, key) + KTEXT authent; /* The received message */ + char *service; /* Service name */ + char *instance; /* Service instance */ + KRB_UINT32 from_addr; /* Net address of originating host */ + AUTH_DAT *ad; /* Structure to be filled in */ + C_Block key; /* Key to decrypt ticket with */ +{ + Key_schedule ks; + int ret; + + do { + ret = des_key_sched(key, ks); + if (ret) break; + ret = krb_rd_req_with_key(authent, service, instance, + from_addr, ad, ks, NULL); + } while (0); + memset(ks, 0, sizeof(ks)); + return ret; +} + +int KRB5_CALLCONV +krb_rd_req(authent, service, instance, from_addr, ad, fn) + register KTEXT authent; /* The received message */ + char *service; /* Service name */ + char *instance; /* Service instance */ + unsigned KRB4_32 from_addr; /* Net address of originating host */ + AUTH_DAT *ad; /* Structure to be filled in */ + char *fn; /* Filename to get keys from */ +{ + unsigned char *ptr; + unsigned char s_kvno; + char realm[REALM_SZ]; + unsigned char skey[KKEY_SZ]; + krb5_keyblock keyblock; + int len; + int status; + +#define AUTHENT_REMAIN (authent->length - (ptr - authent->dat)) + if (authent->length < 3) + return RD_AP_MODIFIED; + ptr = authent->dat + 2; + s_kvno = *ptr++; /* get server key version */ + len = krb4int_strnlen((char *)ptr, AUTHENT_REMAIN) + 1; + if (len <= 0 || len > sizeof(realm)) + return RD_AP_MODIFIED; + (void)memcpy(realm, ptr, (size_t)len); +#undef AUTHENT_REMAIN + /* + * If "fn" is NULL, key info should already be set; don't + * bother with ticket file. Otherwise, check to see if we + * already have key info for the given server and key version + * (saved in the static st_* variables). If not, go get it + * from the ticket file. If "fn" is the null string, use the + * default ticket file. + */ + if (fn && (strcmp(st_nam,service) || strcmp(st_inst,instance) + || strcmp(st_rlm,realm) || (st_kvno != s_kvno))) { + if (*fn == 0) + fn = KEYFILE; + st_kvno = s_kvno; + if (read_service_key(service,instance,realm, (int)s_kvno, + fn, (char *)skey) == 0) { + if ((status = krb_set_key((char *)skey,0))) + return(status); +#ifdef KRB4_USE_KEYTAB + } else if (krb54_get_service_keyblock(service, instance, + realm, (int)s_kvno, + fn, &keyblock) == 0) { + krb_set_key_krb5(krb5__krb4_context, &keyblock); + krb5_free_keyblock_contents(krb5__krb4_context, &keyblock); +#endif + } else + return RD_AP_UNDEC; + + len = krb4int_strnlen(realm, sizeof(st_rlm)) + 1; + if (len <= 0) + return KFAILURE; + memcpy(st_rlm, realm, (size_t)len); + len = krb4int_strnlen(service, sizeof(st_nam)) + 1; + if (len <= 0) + return KFAILURE; + memcpy(st_nam, service, (size_t)len); + len = krb4int_strnlen(instance, sizeof(st_inst)) + 1; + if (len <= 0) + return KFAILURE; + memcpy(st_inst, instance, (size_t)len); + } + return krb_rd_req_with_key(authent, service, instance, + from_addr, ad, + krb5_key ? NULL : serv_key, + krb5_key ? &srv_k5key : NULL); +} diff --git a/src/lib/krb4/tf_util.c b/src/lib/krb4/tf_util.c index 5ceee51c2..473c597ad 100644 --- a/src/lib/krb4/tf_util.c +++ b/src/lib/krb4/tf_util.c @@ -689,8 +689,6 @@ tf_read(s, n) return n; } -char *tkt_string(); - /* * tf_save_cred() appends an incoming ticket to the end of the ticket * file. You must call tf_init() before calling tf_save_cred(). diff --git a/src/lib/krb4/tkt_string.c b/src/lib/krb4/tkt_string.c index 68ef84365..36625fc0b 100644 --- a/src/lib/krb4/tkt_string.c +++ b/src/lib/krb4/tkt_string.c @@ -1,14 +1,29 @@ /* * tkt_string.c * - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. + * Copyright 1985, 1986, 1987, 1988, 2002 by the Massachusetts + * Institute of Technology. All Rights Reserved. * - * For copying and distribution information, please see the file - * <mit-copyright.h>. + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. */ -#include "mit-copyright.h" #include "krb.h" #include <stdio.h> #include <string.h> @@ -44,7 +59,7 @@ uid_t getuid(void) { return 0; } static char krb_ticket_string[MAXPATHLEN]; -char *tkt_string() +const char *tkt_string() { char *env; uid_t getuid(); |