svn rev #21678: branches/mskrb-integ/ doc/ doc/old-V4-docs/ src/ src/appl/simple/client/ ...
hartmans@MIT.EDU
hartmans at MIT.EDU
Fri Jan 2 22:00:45 EST 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=21678
Commit By: hartmans
Log Message:
Merge trunk at 21659.
Conflicts:
src/Makefile.in
src/kadmin/server/misc.h
src/kdc/do_as_req.c
src/kdc/do_tgs_req.c
src/kdc/kdc_util.c
src/kdc/kdc_util.h
src/lib/crypto/Makefile.in
src/lib/crypto/des/Makefile.in
src/lib/crypto/enc_provider/Makefile.in
src/lib/kdb/kdb5.c
src/lib/krb5/krb/chk_trans.c
src/lib/krb5/krb/walk_rtree.c
Changed Files:
U branches/mskrb-integ/README
U branches/mskrb-integ/doc/Makefile
U branches/mskrb-integ/doc/admin.texinfo
U branches/mskrb-integ/doc/definitions.texinfo
U branches/mskrb-integ/doc/dnssrv.texinfo
U branches/mskrb-integ/doc/install.texinfo
D branches/mskrb-integ/doc/krb4-xrealm.txt
D branches/mskrb-integ/doc/krb425.texinfo
D branches/mskrb-integ/doc/old-V4-docs/README
D branches/mskrb-integ/doc/old-V4-docs/installation.PS
D branches/mskrb-integ/doc/old-V4-docs/installation.mss
D branches/mskrb-integ/doc/old-V4-docs/operation.PS
D branches/mskrb-integ/doc/old-V4-docs/operation.mss
U branches/mskrb-integ/src/Makefile.in
U branches/mskrb-integ/src/aclocal.m4
U branches/mskrb-integ/src/appl/simple/client/sim_client.c
U branches/mskrb-integ/src/config/pre.in
U branches/mskrb-integ/src/config-files/krb5.conf.M
U branches/mskrb-integ/src/configure.in
U branches/mskrb-integ/src/include/Makefile.in
D branches/mskrb-integ/src/include/kerberosIV/Makefile.in
D branches/mskrb-integ/src/include/kerberosIV/addr_comp.h
D branches/mskrb-integ/src/include/kerberosIV/admin_server.h
D branches/mskrb-integ/src/include/kerberosIV/des.h
D branches/mskrb-integ/src/include/kerberosIV/kadm.h
D branches/mskrb-integ/src/include/kerberosIV/kdc.h
D branches/mskrb-integ/src/include/kerberosIV/klog.h
D branches/mskrb-integ/src/include/kerberosIV/kparse.h
D branches/mskrb-integ/src/include/kerberosIV/krb.h
D branches/mskrb-integ/src/include/kerberosIV/krb_db.h
D branches/mskrb-integ/src/include/kerberosIV/krbports.h
D branches/mskrb-integ/src/include/kerberosIV/lsb_addr_cmp.h
D branches/mskrb-integ/src/include/kerberosIV/mit-copyright.h
D branches/mskrb-integ/src/include/kerberosIV/prot.h
U branches/mskrb-integ/src/kadmin/cli/kadmin.c
U branches/mskrb-integ/src/kadmin/dbutil/Makefile.in
U branches/mskrb-integ/src/kadmin/dbutil/kdb5_create.c
U branches/mskrb-integ/src/kadmin/server/ipropd_svc.c
U branches/mskrb-integ/src/kadmin/server/kadm_rpc_svc.c
U branches/mskrb-integ/src/kadmin/server/misc.h
U branches/mskrb-integ/src/kadmin/server/ovsec_kadmd.c
U branches/mskrb-integ/src/kdc/do_as_req.c
U branches/mskrb-integ/src/kdc/do_tgs_req.c
U branches/mskrb-integ/src/kdc/kdc_util.c
U branches/mskrb-integ/src/kdc/kdc_util.h
U branches/mskrb-integ/src/kim/agent/mac/AuthenticationController.m
U branches/mskrb-integ/src/kim/agent/mac/SelectIdentityController.m
U branches/mskrb-integ/src/krb5-config.M
U branches/mskrb-integ/src/krb5-config.in
D branches/mskrb-integ/src/krb524/Makefile.in
D branches/mskrb-integ/src/krb524/README
D branches/mskrb-integ/src/krb524/cnv_tkt_skey.c
D branches/mskrb-integ/src/krb524/k524init.M
D branches/mskrb-integ/src/krb524/k524init.c
D branches/mskrb-integ/src/krb524/krb524.c
D branches/mskrb-integ/src/krb524/krb524.def
D branches/mskrb-integ/src/krb524/krb524_prot
D branches/mskrb-integ/src/krb524/krb524d.M
D branches/mskrb-integ/src/krb524/krb524d.c
D branches/mskrb-integ/src/krb524/krb524d.h
D branches/mskrb-integ/src/krb524/libinit.c
D branches/mskrb-integ/src/krb524/test.c
U branches/mskrb-integ/src/lib/Makefile.in
U branches/mskrb-integ/src/lib/crypto/des/des_int.h
U branches/mskrb-integ/src/lib/crypto/keyhash_provider/Makefile.in
U branches/mskrb-integ/src/lib/crypto/keyhash_provider/hmac_md5.c
U branches/mskrb-integ/src/lib/crypto/old/Makefile.in
D branches/mskrb-integ/src/lib/des425/ISSUES
D branches/mskrb-integ/src/lib/des425/Makefile.in
D branches/mskrb-integ/src/lib/des425/cksum.c
D branches/mskrb-integ/src/lib/des425/des.c
D branches/mskrb-integ/src/lib/des425/enc_dec.c
D branches/mskrb-integ/src/lib/des425/key_parity.c
D branches/mskrb-integ/src/lib/des425/key_sched.c
D branches/mskrb-integ/src/lib/des425/libdes425.exports
D branches/mskrb-integ/src/lib/des425/mac_des_glue.c
D branches/mskrb-integ/src/lib/des425/new_rnd_key.c
D branches/mskrb-integ/src/lib/des425/pcbc_encrypt.c
D branches/mskrb-integ/src/lib/des425/quad_cksum.c
D branches/mskrb-integ/src/lib/des425/random_key.c
D branches/mskrb-integ/src/lib/des425/read_passwd.c
D branches/mskrb-integ/src/lib/des425/str_to_key.c
D branches/mskrb-integ/src/lib/des425/string2key.c
D branches/mskrb-integ/src/lib/des425/t_pcbc.c
D branches/mskrb-integ/src/lib/des425/t_quad.c
D branches/mskrb-integ/src/lib/des425/unix_time.c
D branches/mskrb-integ/src/lib/des425/util.c
D branches/mskrb-integ/src/lib/des425/verify.c
D branches/mskrb-integ/src/lib/des425/weak_key.c
U branches/mskrb-integ/src/lib/kadm5/admin.h
U branches/mskrb-integ/src/lib/kadm5/alt_prof.c
U branches/mskrb-integ/src/lib/kadm5/clnt/client_init.c
U branches/mskrb-integ/src/lib/kadm5/logger.c
U branches/mskrb-integ/src/lib/kdb/Makefile.in
U branches/mskrb-integ/src/lib/kdb/kdb5.c
A branches/mskrb-integ/src/lib/kdb/kdb5int.h
U branches/mskrb-integ/src/lib/kdb/kdb_log.c
D branches/mskrb-integ/src/lib/krb4/CCache-glue.c
D branches/mskrb-integ/src/lib/krb4/FSp-glue.c
D branches/mskrb-integ/src/lib/krb4/Makefile.in
D branches/mskrb-integ/src/lib/krb4/Password.c
D branches/mskrb-integ/src/lib/krb4/RealmsConfig-glue.c
D branches/mskrb-integ/src/lib/krb4/ad_print.c
D branches/mskrb-integ/src/lib/krb4/change_password.c
D branches/mskrb-integ/src/lib/krb4/cr_auth_repl.c
D branches/mskrb-integ/src/lib/krb4/cr_ciph.c
D branches/mskrb-integ/src/lib/krb4/cr_death_pkt.c
D branches/mskrb-integ/src/lib/krb4/cr_err_repl.c
D branches/mskrb-integ/src/lib/krb4/cr_tkt.c
D branches/mskrb-integ/src/lib/krb4/debug.c
D branches/mskrb-integ/src/lib/krb4/decomp_tkt.c
D branches/mskrb-integ/src/lib/krb4/dest_tkt.c
D branches/mskrb-integ/src/lib/krb4/err_txt.c
D branches/mskrb-integ/src/lib/krb4/et_errtxt.awk
D branches/mskrb-integ/src/lib/krb4/fgetst.c
D branches/mskrb-integ/src/lib/krb4/g_ad_tkt.c
D branches/mskrb-integ/src/lib/krb4/g_cnffile.c
D branches/mskrb-integ/src/lib/krb4/g_cred.c
D branches/mskrb-integ/src/lib/krb4/g_in_tkt.c
D branches/mskrb-integ/src/lib/krb4/g_phost.c
D branches/mskrb-integ/src/lib/krb4/g_pw_in_tkt.c
D branches/mskrb-integ/src/lib/krb4/g_pw_tkt.c
D branches/mskrb-integ/src/lib/krb4/g_svc_in_tkt.c
D branches/mskrb-integ/src/lib/krb4/g_tf_fname.c
D branches/mskrb-integ/src/lib/krb4/g_tf_realm.c
D branches/mskrb-integ/src/lib/krb4/g_tkt_svc.c
D branches/mskrb-integ/src/lib/krb4/gethostname.c
D branches/mskrb-integ/src/lib/krb4/getst.c
D branches/mskrb-integ/src/lib/krb4/in_tkt.c
D branches/mskrb-integ/src/lib/krb4/kadm_err.et
D branches/mskrb-integ/src/lib/krb4/kadm_net.c
D branches/mskrb-integ/src/lib/krb4/kadm_stream.c
D branches/mskrb-integ/src/lib/krb4/klog.c
D branches/mskrb-integ/src/lib/krb4/kname_parse.c
D branches/mskrb-integ/src/lib/krb4/kntoln.c
D branches/mskrb-integ/src/lib/krb4/krb4int.h
D branches/mskrb-integ/src/lib/krb4/krb_err.et
D branches/mskrb-integ/src/lib/krb4/kuserok.c
D branches/mskrb-integ/src/lib/krb4/libkrb4.exports
D branches/mskrb-integ/src/lib/krb4/lifetime.c
D branches/mskrb-integ/src/lib/krb4/log.c
D branches/mskrb-integ/src/lib/krb4/mac_glue.c
D branches/mskrb-integ/src/lib/krb4/mac_store.c
D branches/mskrb-integ/src/lib/krb4/mac_store.h
D branches/mskrb-integ/src/lib/krb4/mac_stubs.c
D branches/mskrb-integ/src/lib/krb4/mac_time.c
D branches/mskrb-integ/src/lib/krb4/memcache.c
D branches/mskrb-integ/src/lib/krb4/memcache.h
D branches/mskrb-integ/src/lib/krb4/mk_auth.c
D branches/mskrb-integ/src/lib/krb4/mk_err.c
D branches/mskrb-integ/src/lib/krb4/mk_preauth.c
D branches/mskrb-integ/src/lib/krb4/mk_priv.c
D branches/mskrb-integ/src/lib/krb4/mk_req.c
D branches/mskrb-integ/src/lib/krb4/mk_safe.c
D branches/mskrb-integ/src/lib/krb4/month_sname.c
D branches/mskrb-integ/src/lib/krb4/netread.c
D branches/mskrb-integ/src/lib/krb4/netwrite.c
D branches/mskrb-integ/src/lib/krb4/password_to_key.c
D branches/mskrb-integ/src/lib/krb4/pkt_cipher.c
D branches/mskrb-integ/src/lib/krb4/pkt_clen.c
D branches/mskrb-integ/src/lib/krb4/prot_client.c
D branches/mskrb-integ/src/lib/krb4/prot_common.c
D branches/mskrb-integ/src/lib/krb4/prot_kdc.c
D branches/mskrb-integ/src/lib/krb4/put_svc_key.c
D branches/mskrb-integ/src/lib/krb4/rd_err.c
D branches/mskrb-integ/src/lib/krb4/rd_preauth.c
D branches/mskrb-integ/src/lib/krb4/rd_priv.c
D branches/mskrb-integ/src/lib/krb4/rd_req.c
D branches/mskrb-integ/src/lib/krb4/rd_safe.c
D branches/mskrb-integ/src/lib/krb4/rd_svc_key.c
D branches/mskrb-integ/src/lib/krb4/recvauth.c
D branches/mskrb-integ/src/lib/krb4/ren-cyg.sh
D branches/mskrb-integ/src/lib/krb4/ren-pc.bat
D branches/mskrb-integ/src/lib/krb4/ren-pc.sh
D branches/mskrb-integ/src/lib/krb4/ren-pl10.sh
D branches/mskrb-integ/src/lib/krb4/ren.msg
D branches/mskrb-integ/src/lib/krb4/ren2dos.sh
D branches/mskrb-integ/src/lib/krb4/ren2long.sh
D branches/mskrb-integ/src/lib/krb4/save_creds.c
D branches/mskrb-integ/src/lib/krb4/sed-cyg.sh
D branches/mskrb-integ/src/lib/krb4/sed-pc.sh
D branches/mskrb-integ/src/lib/krb4/sed-pl10.sh
D branches/mskrb-integ/src/lib/krb4/send_to_kdc.c
D branches/mskrb-integ/src/lib/krb4/sendauth.c
D branches/mskrb-integ/src/lib/krb4/setenv.c
D branches/mskrb-integ/src/lib/krb4/stime.c
D branches/mskrb-integ/src/lib/krb4/strcasecmp.c
D branches/mskrb-integ/src/lib/krb4/strnlen.c
D branches/mskrb-integ/src/lib/krb4/swab.c
D branches/mskrb-integ/src/lib/krb4/tf_shm.c
D branches/mskrb-integ/src/lib/krb4/tf_util.c
D branches/mskrb-integ/src/lib/krb4/tkt_string.c
D branches/mskrb-integ/src/lib/krb4/unix_glue.c
D branches/mskrb-integ/src/lib/krb4/unix_time.c
D branches/mskrb-integ/src/lib/krb4/vmslink.com
D branches/mskrb-integ/src/lib/krb4/vmsswab.c
D branches/mskrb-integ/src/lib/krb4/win_glue.c
D branches/mskrb-integ/src/lib/krb4/win_store.c
D branches/mskrb-integ/src/lib/krb4/win_time.c
U branches/mskrb-integ/src/lib/krb5/ccache/ccdefault.c
U branches/mskrb-integ/src/lib/krb5/krb/Makefile.in
U branches/mskrb-integ/src/lib/krb5/krb/chk_trans.c
U branches/mskrb-integ/src/lib/krb5/krb/t_kerb.c
U branches/mskrb-integ/src/lib/krb5/krb/walk_rtree.c
U branches/mskrb-integ/src/lib/krb5/krb/walktree-tests
U branches/mskrb-integ/src/lib/krb5/libkrb5.exports
U branches/mskrb-integ/src/lib/krb5/os/hst_realm.c
U branches/mskrb-integ/src/lib/krb5/rcache/rc-int.h
U branches/mskrb-integ/src/lib/krb5/rcache/rc_base.c
U branches/mskrb-integ/src/lib/krb5/rcache/rc_base.h
U branches/mskrb-integ/src/lib/krb5/rcache/rc_conv.c
U branches/mskrb-integ/src/lib/krb5/rcache/rc_dfl.c
U branches/mskrb-integ/src/lib/krb5/rcache/rc_dfl.h
U branches/mskrb-integ/src/lib/krb5/rcache/rc_io.c
U branches/mskrb-integ/src/lib/krb5/rcache/rc_io.h
U branches/mskrb-integ/src/lib/krb5/rcache/rc_none.c
U branches/mskrb-integ/src/lib/krb5/rcache/rcdef.c
U branches/mskrb-integ/src/lib/krb5/rcache/rcfns.c
U branches/mskrb-integ/src/lib/krb5/rcache/ser_rc.c
U branches/mskrb-integ/src/lib/rpc/Makefile.in
U branches/mskrb-integ/src/lib/rpc/auth_gssapi.c
U branches/mskrb-integ/src/lib/rpc/auth_gssapi_misc.c
U branches/mskrb-integ/src/lib/rpc/clnt_perror.c
U branches/mskrb-integ/src/lib/rpc/clnt_simple.c
A branches/mskrb-integ/src/lib/rpc/gssrpcint.h
U branches/mskrb-integ/src/lib/rpc/svc_auth_gssapi.c
U branches/mskrb-integ/src/plugins/kdb/ldap/ldap_util/Makefile.in
U branches/mskrb-integ/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
U branches/mskrb-integ/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c
U branches/mskrb-integ/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.h
U branches/mskrb-integ/src/slave/kpropd.c
U branches/mskrb-integ/src/slave/kproplog.c
U branches/mskrb-integ/src/tests/asn.1/krb5_decode_test.c
U branches/mskrb-integ/src/tests/asn.1/krb5_encode_test.c
U branches/mskrb-integ/src/tests/asn.1/ktest.c
U branches/mskrb-integ/src/tests/asn.1/ktest.h
U branches/mskrb-integ/src/tests/dejagnu/Makefile.in
U branches/mskrb-integ/src/tests/dejagnu/config/default.exp
U branches/mskrb-integ/src/tests/dejagnu/krb-root/telnet.exp
U branches/mskrb-integ/src/tests/dejagnu/krb-standalone/standalone.exp
D branches/mskrb-integ/src/tests/dejagnu/krb-standalone/v4gssftp.exp
D branches/mskrb-integ/src/tests/dejagnu/krb-standalone/v4krb524d.exp
D branches/mskrb-integ/src/tests/dejagnu/krb-standalone/v4standalone.exp
U branches/mskrb-integ/src/util/depfix.pl
U branches/mskrb-integ/src/util/ss/Makefile.in
Modified: branches/mskrb-integ/README
===================================================================
--- branches/mskrb-integ/README 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/README 2009-01-03 03:00:25 UTC (rev 21678)
@@ -425,6 +425,10 @@
slave/kpropd_rpc.c
slave/kproplog.c
+and marked portions of the following files:
+
+ lib/krb5/os/hst_realm.c
+
are subject to the following license:
Copyright (c) 2004 Sun Microsystems, Inc.
Modified: branches/mskrb-integ/doc/Makefile
===================================================================
--- branches/mskrb-integ/doc/Makefile 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/doc/Makefile 2009-01-03 03:00:25 UTC (rev 21678)
@@ -26,11 +26,8 @@
USER_GUIDE_INCLUDES=definitions.texinfo copyright.texinfo glossary.texinfo
USER_GUIDE_DEPS=user-guide.texinfo $(USER_GUIDE_INCLUDES)
-KRB425_INCLUDES=definitions.texinfo copyright.texinfo
-KRB425_DEPS=krb425.texinfo $(KRB425_INCLUDES)
-
.PHONY: all
-all:: admin-guide-full install-guide-full user-guide-full krb425-guide-full clean-temp-ps clean-tex
+all:: admin-guide-full install-guide-full user-guide-full clean-temp-ps clean-tex
.PHONY: admin-guide-full
admin-guide-full:: admin-guide admin-guide-info admin-guide-html
@@ -118,28 +115,6 @@
$(MANTXT) $(SRCDIR)/kadmin/passwd/kpasswd.M | $(MANHTML) > kpasswd.html
$(HTML) user-guide.texinfo
-.PHONY: krb425-guide-full
-krb425-guide-full:: krb425-guide krb425-guide-info krb425-guide-html
-
-.PHONY: krb425-guide
-krb425-guide:: krb425-guide.ps
-
-krb425-guide.ps: $(KRB425_DEPS)
- $(DVI) krb425.texinfo
- $(DVIPS) krb425
-
-.PHONY: krb425-guide-html
-krb425-guide-html:: krb425.html
-
-krb425.html:: $(KRB425_DEPS)
- $(HTML) krb425.texinfo
-
-.PHONY: krb425-guide-info
-krb425-guide-info:: krb425.info
-
-krb425.info: $(KRB425_DEPS)
- $(INFO) krb425.texinfo
-
.PHONY: implementor.ps implementor.pdf implementor.info
implementor.pdf: implementor.ps
$(PSPDF) implementor.ps
Modified: branches/mskrb-integ/doc/admin.texinfo
===================================================================
--- branches/mskrb-integ/doc/admin.texinfo 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/doc/admin.texinfo 2009-01-03 03:00:25 UTC (rev 21678)
@@ -502,18 +502,6 @@
code.
@end ignore
- at itemx krb4_srvtab
-Specifies the location of the Kerberos V4 srvtab file. Default is
- at value{DefaultKrb4Srvtab}.
-
- at itemx krb4_config
-Specifies the location of hte Kerberos V4 configuration file. Default
-is @value{DefaultKrb4Config}.
-
- at itemx krb4_realms
-Specifies the location of the Kerberos V4 domain/realm translation
-file. Default is @value{DefaultKrb4Realms}.
-
@itemx dns_lookup_kdc
Indicate whether DNS SRV records should be used to locate the KDCs and
other servers for a realm, if they are not listed in the information for
@@ -637,33 +625,7 @@
that application's man pages. The application defaults specified here
are overridden by those specified in the [realms] section.
-A special application name (afs_krb5) is used by the krb524 service to
-know whether new format AFS tokens based on Kerberos 5 can be used
-rather than the older format which used a converted Kerberos 4 ticket.
-The new format allows for cross-realm authentication without
-introducing a security hole. It is used by default. Older AFS
-servers (before OpenAFS 1.2.8) will not support the new format. If
-servers in your cell do not support the new format, you will need to
-add an @code{afs_krb5} relation to the @code{appdefaults} section.
-The following config file shows how to disable new format AFS tickets
-for the @code{afs.example.com} cell in the @code{EXAMPLE.COM} realm.
- at smallexample
- at group
-[appdefaults]
- afs_krb5 = @{
- EXAMPLE.COM = @{
- afs/afs.example.com = false
- @}
- @}
-
- at end group
- at end smallexample
-
-
-
-
-
@node login, realms (krb5.conf), appdefaults, krb5.conf
@subsection [login]
@@ -675,20 +637,6 @@
Indicate whether or not to use a user's password to get V5 tickets.
The default value is @value{DefaultKrb5GetTickets}.
- at itemx krb4_get_tickets
-Indicate whether or not to user a user's password to get V4 tickets.
-The default value is @value{DefaultKrb4GetTickets}.
-
- at itemx krb4_convert
-Indicate whether or not to use the Kerberos conversion daemon to get V4
-tickets. The default value is @value{DefaultKrb4Convert}. If this is
-set to false and krb4_get_tickets is true, then login will get the V5
-tickets directly using the Kerberos V4 protocol directly. This does
-not currently work with non-MIT-V4 salt types (such as the AFS3 salt
-type). Note that if this is set to true and krb524d is not running,
-login will hang for approximately a minute under Solaris, due to a
-Solaris socket emulation bug.
-
@itemx krb_run_aklog
Indicate whether or not to run aklog. The default value is
@value{DefaultKrbRunAklog}.
@@ -1493,14 +1441,8 @@
current implementation has little protection against denial-of-service
attacks), the standard port number assigned for Kerberos TCP traffic
is port 88.
+- at end table
- at itemx v4_mode
-This string specifies how the KDC should respond to Kerberos 4
-packets. The possible values are none, disable, full, and nopreauth.
-The default value is @value{DefaultV4Mode}.
- at comment these values found in krb5/src/kdc/kerberos_v4.c in v4mode_table
- at end table
-
@node realms (kdc.conf), pkinit kdc options, kdcdefaults, kdc.conf
@subsection [realms]
@@ -4353,7 +4295,6 @@
krb5_prop @value{DefaultKrbPropPort}/tcp # Kerberos slave propagation
@c kpop 1109/tcp # Pop with Kerberos
eklogin @value{DefaultEkloginPort}/tcp # Kerberos auth. & encrypted rlogin
-krb524 @value{DefaultKrb524Port}/tcp # Kerberos 5 to 4 ticket translator
@end group
@end smallexample
Modified: branches/mskrb-integ/doc/definitions.texinfo
===================================================================
--- branches/mskrb-integ/doc/definitions.texinfo 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/doc/definitions.texinfo 2009-01-03 03:00:25 UTC (rev 21678)
@@ -131,10 +131,6 @@
@end ignore
@set DefaultKrb5GetTickets true
@comment login_krb5_get_tickets
- at set DefaultKrb4GetTickets false
- at comment login_krb4_get_tickets
- at set DefaultKrb4Convert false
- at comment login_krb4_convert
@set DefaultKrbRunAklog false
@comment login_krb_run_aklog
@set DefaultAklogPath $(prefix)/bin/aklog
@@ -143,13 +139,6 @@
@comment login_accept_password
@ignore
-the following defaults should be consistent with the values set in
-krb5/src/kdc/kerberos_v4
- at end ignore
- at set DefaultV4Mode none
- at comment KDC_V4_DEFAULT_MODE
-
- at ignore
these defaults are based on code in krb5/src/aclocal.m4
@end ignore
@set DefaultDNSLookupKDC true
@@ -175,14 +164,6 @@
@set DefaultFTPPort 21
@set DefaultKrb524Port 4444
- at comment src/include/kerberosIV/krb.h
- at set DefaultKrb4Srvtab /etc/srvtab
- at comment line 131
- at set DefaultKrb4Config /etc/krb.conf
- at comment KRB_CONF
- at set DefaultKrb4Realms /etc/krb.realms
- at comment KRB_RLM_TRANS
-
@comment krb5/src/lib/krb5/krb/get_in_tkt.c
@set DefaultRenewLifetime 0
@set DefaultNoaddresses set
Modified: branches/mskrb-integ/doc/dnssrv.texinfo
===================================================================
--- branches/mskrb-integ/doc/dnssrv.texinfo 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/doc/dnssrv.texinfo 2009-01-03 03:00:25 UTC (rev 21678)
@@ -59,10 +59,6 @@
This should list port @value{DefaultKpasswdPort} on your master KDC.
It is used when a user changes her password.
- at item _kerberos-iv._udp
-This should refer to your KDCs that serve Kerberos version 4 requests,
-if you have Kerberos v4 enabled.
-
@end table
Be aware, however, that the DNS SRV specification requires that the
Modified: branches/mskrb-integ/doc/install.texinfo
===================================================================
--- branches/mskrb-integ/doc/install.texinfo 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/doc/install.texinfo 2009-01-03 03:00:25 UTC (rev 21678)
@@ -206,9 +206,6 @@
@item
How frequently you will propagate the database from the master KDC to
the slave KDCs.
-
- at item
-Whether you need backward compatibility with Kerberos V4.
@end itemize
@menu
@@ -1184,17 +1181,6 @@
@smallexample
@group
-#
-# Note --- if you are using Kerberos V4 and you either:
-#
-# (a) haven't converted all your master or slave KDCs to V5, or
-#
-# (b) are worried about inter-realm interoperability with other KDC's
-# that are still using V4
-#
-# you will need to switch the "kerberos" service to port 750 and create a
-# "kerberos-sec" service on port 88.
-#
kerberos @value{DefaultPort}/udp kdc # Kerberos V5 KDC
kerberos @value{DefaultPort}/tcp kdc # Kerberos V5 KDC
klogin @value{DefaultKloginPort}/tcp # Kerberos authenticated rlogin
@@ -1208,13 +1194,6 @@
@end group
@end smallexample
- at noindent As described in the comments in the above code, if your master
-KDC or any of your slave KDCs is running Kerberos V4, (or if you will be
-authenticating to any Kerberos V4 KDCs in another realm) you will need
-to switch the port number for @code{kerberos} to 750 and create a
- at code{kerberos-sec} service (tcp and udp) on port 88, so the Kerberos
-V4 KDC(s) will continue to work properly.
-
@menu
* Mac OS X Configuration::
@end menu
Deleted: branches/mskrb-integ/doc/krb4-xrealm.txt
===================================================================
--- branches/mskrb-integ/doc/krb4-xrealm.txt 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/doc/krb4-xrealm.txt 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,143 +0,0 @@
-The following text was taken from the patchkit disabling cross-realm
-authentication and triple-DES in krb4.
-
-PATCH KIT DESCRIPTION
-=====================
-
-** FLAG DAY REQUIRED **
-
-One of the things we decided to do (and must do for security reasons)
-was drop support for the 3DES krb4 TGTs. Unfortunately the current
-code will only accept 3DES TGTs if it issues 3DES TGTs. Since the new
-code issues only DES TGTs, the old code will not understand its v4
-TGTs if the site has a 3DES key available for the krbtgt principal.
-The new code will understand and accept both DES and 3DES v4 TGTs.
-
-So, the easiest upgrade option is to deploy the code on all KDCs at
-once, being sure to deploy it on the master KDC last. Under this
-scenario, a brief window exists where slaves may be able to issue
-tickets that the master will not understand. However, the slaves will
-understand tickets issued by the master throughout the upgrade.
-
-An alternate and more annoying upgrade strategy exists. At least one
-max TGT life time before the upgrade, the TGT key can be changed to be
-a single-des key. Since we support adding a new TGT key while
-preserving the old one, this does not create an interruption in
-service. Since no 3DES key is available then both the old and new
-code will issue and accept DES v4 TGTs. After the upgrade, the TGT
-key can again be rekeyed to add 3DES keys. This does require two TGT
-key changes and creates a window where DES is used for the v5 TGT, but
-creates no window in which slaves will issue TGTs the master cannot
-accept.
-
-* What the patch does
-=====================
-
-1) Kerberos 4 cross-realm authentication is disabled by default. A
- "-X" switch is added to both krb524d and krb5kdc to enable v4
- cross-realm. This switch logs a note that a security hole has been
- opened in the KDC log. We said while designing the patch, that we
- were going to try to allow per-realm configuration; because of a
- design problem in the kadm5 library, we could not do this without
- bumping the ABI version of that library. We are unwilling to bump
- an ABI version in a security patch release to get that feature, so
- the configuration of v4 cross-realm is a global switch.
-
-2) Code responsible for v5 TGTs has been changed to require that the
- enctype of the ticket service key be the same as the enctype that
- would currently be issued for that kvno. This means that even if a
- service has multiple keys, you cannot use a weak key to fake the
- KDC into accepting tickets for that service. If you have a non-DES
- TGT key, this separates keys used for v4 and v5. We actually relax
- this requirement for cross-realm TGT keys (which in the new code
- are only used for v5) because we cannot guarantee other Kerberos
- implementations will choose keys the same way.
-
-3) We no longer issue 3DES v4 tickets either in the KDC or krb524d.
- We add code to accept either DES or 3DES tickets for v4. None of
- the attacks discovered so far can be implemented given a KDC that
- accepts but does not issue 3DES tickets, so we believe that leaving
- this functionality in as compatibility for a version or two is
- reasonable. Note however that the attacks described do allow
- successful attackers to print future tickets, so sites probably
- want to rekey important keys after installing this update. Note
- also that even if issuance of 3DES v4 tickets has been disabled,
- outstanding tickets may be used to perform the 3DES cut-and-paste
- attack.
-
-* Test Cases
-============
-
-This code is difficult to test for two reasons. First, you need a
-cross-realm relationship between two KDCs. Secondly, you need a KDC
-that will issue 3DES v4 tickets even though the code with the patch
-applied can no longer do this.
-
-I propose to meet these requirements by setting up a cross-realm 3DES
-key between a realm I control and the test environment. In order to
-provide concrete examples of what I plan to test with the automated
-tests, I assume a shared key between a realm PREPATCH.KRBTEST.COM and the
-test realm PATCH.
-
-In all of the following tests I assume the following configuration.
-A principal v4test at PREPATCH.KRBTEST.COM exists with known password and
-without requiring preauthentication. The PREPATCH.KRBTEST.COM KDC will
-issue v4 tickets for this principal. A principal test at PATCH exists
-with known password and without requiring preauthentication. A
-principal service at PATCH exists. The TGT for the PATCH realm has a
-3des and des key. The shared TGT keys between PATCH and
-PREPATCH.KRBTEST.COM are identical in both directions (required for v4) and
-support both 3DES and DES keys.
-
-1) Run krb524d and krb5kdc for PATCH with no special options using a
- krb5.conf without permitted_enctypes (fully permissive).
-
-
-A) Get v4 tickets as v4test at PREPATCH.KRBTEST.COM. Confirm that kvno -4
-service at PATCH fails with an unknown principal error and logs an error
-about cross-realm being denied to the PATCH KDC log. This confirms
-that v4 cross-realm is not accepted.
-
-B) Get v5 tickets as v4test at PREPATCH.KRBTEST.COM. Confirm that krb524init
--p service at PATCH fails with a prohibited by policy error, but that
-klist -5 includes a ticket for service at PATCH. This confirms that v5
-cross-realm works but the krb524d denies converting such a ticket into
-a cross-realm ticket. Note that the krb524init currently in the
-mainline source tree will not be useful for this test because the
-client denies cross-realm for the simple reason that the v4 ticket
-file format is not flexible enough to support it. The krb524init in
-the 1.2.x release is useful for this test.
-
-
-2) Restart the krb5kdc and krb524d for PATCH with the -X option
- enabling v4 cross-realm.
-
-A) Confirm that the security warning is written to kdc.log.
-
-B) Get v4 tickets as v4test at PREPATCH.KRBTEST.COM. Confirm that kvno -4
-service at PATCH works and leaves a service at PATCH ticket in the cache.
-This confirms that v4 cross-realm works in the KDC. It also confirms
-that the KDC can accept 3DES v4 TGTs. The code path for decrypting a
-TGT is the same for the local realm and for foreign realms, so I don't
-see a need to test local 3DES TGTs in an automated manner although I
-did test it manually.
-
-C) Get v5 tickets as v4test at PREPATCH.KRBTEST.COM. Confirm that krb524init
--p service at PATCH works. This confirms that krb524d will issue
-cross-realm tickets. They're completely useless because the v4 ticket
-file can't represent them, but that's not our problem today.
-
-3) Start the kdc and krb524d with a krb5.conf that includes
- permitted_enctypes only listing des-cbc-crc. Get tickets as
- test at PATCH. Restart the KDC and confirm that kvno service fails
- logging an error about permitted enctypes. This confirms that if
- you manage to obtain a ticket of the wrong enctype it will not be
- accepted later.
-
-These tests do not check to make sure that 3DES tickets are not
-issued by the v4 code. I'm fairly certain that is true as I've
-physically remove the calls to the routine that generates 3DES tickets
-from the code in both the KDC and krb524d. These tests also do not
-check to make sure that cross-realm TGTs are not required to follow
-the strict enctype policy. I've tested that manually but don't know
-how to test that without significantly complicating the test setup.
Deleted: branches/mskrb-integ/doc/krb425.texinfo
===================================================================
--- branches/mskrb-integ/doc/krb425.texinfo 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/doc/krb425.texinfo 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,322 +0,0 @@
-\input texinfo @c -*-texinfo-*-
- at c Note: the above texinfo file must include the "doubleleftarrow"
- at c definitions added by jcb.
- at c %**start of header
- at c guide
- at setfilename krb425.info
- at settitle Upgrading to Kerberos V5 from Kerberos V4
- at c @setchapternewpage odd @c chapter begins on next odd page
- at c @setchapternewpage on @c chapter begins on next page
- at c @smallbook @c Format for 7" X 9.25" paper
- at c %**end of header
-
- at paragraphindent 0
- at iftex
- at parskip 6pt plus 6pt
- at end iftex
-
- at dircategory Kerberos
- at direntry
-* krb425: (krb425). Upgrading to Kerberos V5 from V4
- at end direntry
-
- at include definitions.texinfo
- at set EDITION 1.0
- at set UPDATED May 22, 2003
-
- at finalout @c don't print black warning boxes
-
- at titlepage
- at title Upgrading to @value{PRODUCT} from Kerberos V4
- at subtitle Release: @value{RELEASE}
- at subtitle Document Edition: @value{EDITION}
- at subtitle Last updated: @value{UPDATED}
- at author @value{COMPANY}
-
- at page
- at vskip 0pt plus 1filll
-
- at end titlepage
-
- at node Top, Copyright, (dir), (dir)
-
- at ifinfo
-This document describes how to convert to @value{PRODUCT} from Kerberos V4.
- at end ifinfo
-
- at menu
-* Copyright::
-* Introduction::
-* Configuration Files::
-* Upgrading KDCs::
-* Upgrading Application Servers::
-* Upgrading Client machines::
-* Firewall Considerations::
- at end menu
-
- at node Copyright, Introduction, Top, Top
- at unnumbered Copyright
- at include copyright.texinfo
-
- at node Introduction, Configuration Files, Copyright, Top
- at chapter Introduction
-
-As with most software upgrades, @value{PRODUCT} is generally backward
-compatible but not necessarily forward compatible. The @value{PRODUCT}
-daemons can interoperate with Kerberos V4 clients, but most of the
-Kerberos V4 daemons can not interoperate with Kerberos V5 clients. This
-suggests the following strategy for performing the upgrade:
-
- at enumerate
- at item
- at strong{Upgrade your KDCs.} This must be done first, so that
-interactions with the Kerberos database, whether by Kerberos V5 clients
-or by Kerberos V4 clients, will succeed.
-
- at item
- at strong{Upgrade your servers.} This must be done before upgrading
-client machines, so that the servers are able to respond to both
-Kerberos V5 and Kerberos V4 queries.
-
- at item
- at strong{Upgrade your client machines.} Do this only after your KDCs and
-application servers are upgraded, so that all of your Kerberos V5
-clients will be talking to Kerberos V5 daemons.
- at end enumerate
-
- at node Configuration Files, Upgrading KDCs, Introduction, Top
- at chapter Configuration Files
-
-The Kerberos @code{krb5.conf} and KDC @code{kdc.conf} configuration
-files allow additional tags for Kerberos V4 compatibility.
-
- at menu
-* krb5.conf::
-* kdc.conf::
- at end menu
-
- at node krb5.conf, kdc.conf, Configuration Files, Configuration Files
- at section krb5.conf
-
-If you used the defaults, both when you installed Kerberos V4 and when
-you installed @value{PRODUCT}, you should not need to include any of
-these tags. However, some or all of them may be necessary for
-nonstandard installations.
-
- at menu
-* libdefaults::
-* realms (krb5.conf)::
-* AFS and the Appdefaults Section::
- at end menu
-
- at node libdefaults, realms (krb5.conf), krb5.conf, krb5.conf
- at subsection [libdefaults]
-
-In the [libdefaults] section, the following additional tags may be used:
-
- at table @b
- at item krb4_srvtab
-Specifies the location of the Kerberos V4 srvtab file. Default is
- at value{DefaultKrb4Srvtab}.
-
- at item krb4_config
-Specifies the location of the Kerberos V4 configuration file. Default
-is @value{DefaultKrb4Config}.
-
- at item krb4_realms
-Specifies the location of the Kerberos V4 domain/realm translation
-file. Default is @value{DefaultKrb4Realms}.
- at end table
-
- at node realms (krb5.conf), AFS and the Appdefaults Section, libdefaults, krb5.conf
- at subsection [realms]
-
-In the [realms] section, the following Kerberos V4 tags may be used:
- at table @b
- at itemx default_domain
-Identifies the default domain for hosts in this realm. This is needed
-for translating V4 principal names (which do not contain a domain name)
-to V5 principal names. The default is your Kerberos realm name,
-converted to lower case.
-
- at itemx v4_instance_convert
-This subsection allows the administrator to configure exceptions to the
-default_domain mapping rule. It contains V4 instances (tag name) which
-should be translated to some specific hostname (tag value) as the second
-component in a Kerberos V5 principal name.
-
- at itemx v4_realm
-This relation allows the administrator to configure a different
-realm name to be used when converting V5 principals to V4
-ones. This should only be used when running separate V4 and V5
-realms, with some external means of password sychronization
-between the realms.
-
- at end table
-
- at node AFS and the Appdefaults Section, , realms (krb5.conf), krb5.conf
- at subsection AFS and the Appdefaults Section
-
-Many Kerberos 4 sites also run the Andrew File System (AFS).
-
-Modern AFS servers (OpenAFS > 1.2.8) support the AFS 2b token format.
-This allows AFS to use Kerberos 5 tickets rather than version 4
-tickets, enabling cross-realm authentication. By default, the
- at file{krb524d} service will issue the new AFS 2b tokens. If you are
-using old AFS servers, you will need to disable these new tokens.
-Please see the documentation of the @code{appdefaults} section of
- at file{krb5.conf} in the Kerberos Administration guide.
-
-
-
- at node kdc.conf, , krb5.conf, Configuration Files
- at section kdc.conf
-
-Because Kerberos V4 requires a different type of salt for the encryption
-type, you will need to change the @code{supported_enctypes} line in the
-[realms] section to:
-
- at smallexample
-supported_enctypes = des-cbc-crc:normal des-cbc-crc:v4
- at end smallexample
-
-This is the only change needed to the @code{kdc.conf} file.
-
- at node Upgrading KDCs, Upgrading Application Servers, Configuration Files, Top
- at chapter Upgrading KDCs
-
-To convert your KDCs from Kerberos V4 to @value{PRODUCT}, do the
-following:
-
- at enumerate
- at item
-Install @value{PRODUCT} on each KDC, according to the instructions in
-the @value{PRODUCT} Installation Guide, up to the point where it tells
-you to create the database.
-
- at item
-Find the @code{kadmind} (V4) daemon process on the master KDC and kill
-it. This will prevent changes to the Kerberos database while you
-convert the database to the new Kerberos V5 format.
-
- at item
-Create a dump of the V4 database in the directory where your V5 database
-will reside by issuing the command:
-
- at smallexample
-% kdb_util dump @value{ROOTDIR}/var/krb5kdc/v4-dump
- at end smallexample
-
- at item
-Load the V4 dump into a Kerberos V5 database, by issuing the command:
-
- at smallexample
-% kdb5_util load_v4 v4-dump
- at end smallexample
-
- at item
-Create a Kerberos V5 stash file, if desired, by issuing the command:
-
- at smallexample
-% kdb5_util stash
- at end smallexample
-
- at item
-Proceed with the rest of the @value{PRODUCT} installation as described
-in the @value{PRODUCT} Installation Guide. When you get to the section
-that tells you to start the @code{krb5kdc} and @code{kadmind} daemons,
-first find and kill the Kerberos V4 @code{kerberos} daemon on each of
-the KDCs. Then start the @code{krb5kdc} and @code{kadmind} daemons as
-You will need to specify an argument to the @code{-4} command line option to enable Kerberos 4 compatibility.
-See the @code{krb5kdc} man page for details.
-directed. Finally, start the Kerberos V5 to V4 ticket translator
-daemon, @code{krb524d}, by issuing the command:
-
- at smallexample
-% @value{ROOTDIR}/sbin/krb524d -m > /dev/null &
- at end smallexample
-
-If you have a stash file and you start the @code{krb5kdc} and
- at code{kadmind} daemons at boot time, you should add the above line to
-your @code{/etc/rc} (or @code{/etc/rc.local}) file on each KDC.
- at end enumerate
-
- at node Upgrading Application Servers, Upgrading Client machines, Upgrading KDCs, Top
- at chapter Upgrading Application Servers
-
-Install @value{PRODUCT} on each application server, according to the
-instructions in the @value{PRODUCT} Installation Guide, with the
-following exceptions:
-
- at itemize @bullet
- at item
-In the file @code{/etc/services}, add or edit the lines described in the
- at value{PRODUCT} Installation Guide, with the following exception:
-
-in place of:
-
- at smallexample
- at group
-kerberos @value{DefaultPort}/udp kdc # Kerberos V5 KDC
-kerberos @value{DefaultPort}/tcp kdc # Kerberos V5 KDC
- at end group
- at end smallexample
-
- at noindent
-add instead:
-
- at smallexample
- at group
-kerberos-sec @value{DefaultPort}/udp kdc # Kerberos V5 KDC
-kerberos-sec @value{DefaultPort}/tcp kdc # Kerberos V5 KDC
- at end group
- at end smallexample
-
- at item
-Convert your Kerberos V4 srvtab file to Kerberos V5 keytab file as
-follows:
-
- at smallexample
- at group
- at b{#} @value{ROOTDIR}/sbin/ktutil
- at b{ktutil:} rst /etc/krb-srvtab
- at b{ktutil:} wkt /etc/krb5.keytab
- at b{ktutil:} q
- at b{#}
- at end group
- at end smallexample
- at end itemize
-
- at node Upgrading Client machines, Firewall Considerations, Upgrading Application Servers, Top
- at chapter Upgrading Client machines
-
-Install @value{PRODUCT} on each client machine, according to the
-instructions in the @value{PRODUCT} Installation Guide.
-
-Tell your users to add the appropriate directory to their paths. On
-UNIX machines, this will probably be @code{@value{BINDIR}}.
-
-Note that if you upgrade your client machines before all of your
-application servers are upgraded, your users will need to use the
-Kerberos V4 programs to connect to application servers that are still
-running Kerberos V4. (The one exception is the UNIX version of
- at value{PRODUCT} telnet, which can connect to a Kerberos V4 and Kerberos
-V5 application servers.) Users can use either the Kerberos V4 or
- at value{PRODUCT} programs to connect to Kerberos V5 servers.
-
- at node Firewall Considerations, , Upgrading Client machines, Top
- at chapter Firewall Considerations
-
- at value{PRODUCT} uses port @value{DefaultPort}, which is the port
-assigned by the IETF, for KDC requests. Kerberos V4 used port
- at value{DefaultSecondPort}. If your users will need to get to any KDCs
-outside your firewall, you will need to allow TCP and UDP requests on
-port @value{DefaultPort} for your users to get to off-site Kerberos V5
-KDCs, and on port @value{DefaultSecondPort} for your users to get to
-off-site Kerberos V4 KDCs.
-
- at contents
- at c second page break makes sure right-left page alignment works right
- at c with a one-page toc, even though we don't have setchapternewpage odd.
- at c end of texinfo file
- at bye
Deleted: branches/mskrb-integ/doc/old-V4-docs/README
===================================================================
--- branches/mskrb-integ/doc/old-V4-docs/README 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/doc/old-V4-docs/README 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,4 +0,0 @@
-These documentation files are old --- and refer to the Kerberos V4
-implementation. They are included because the equivalent V5 documentation
-set have not been written yet, and the concepts contained in these documents
-may be helpful.
Deleted: branches/mskrb-integ/doc/old-V4-docs/installation.PS
===================================================================
--- branches/mskrb-integ/doc/old-V4-docs/installation.PS 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/doc/old-V4-docs/installation.PS 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,2338 +0,0 @@
-%!PS-Adobe-2.0
-%%Title: installation.mss
-%%DocumentFonts: (atend)
-%%Creator: John T Kohl,,E40-351M,31510,6176432831 and Scribe 7(1700)
-%%CreationDate: 4 January 1990 11:56
-%%Pages: (atend)
-%%EndComments
-% PostScript Prelude for Scribe.
-/BS {/SV save def 0.0 792.0 translate .01 -.01 scale} bind def
-/ES {showpage SV restore} bind def
-/SC {setrgbcolor} bind def
-/FMTX matrix def
-/RDF {WFT SLT 0.0 eq
- {SSZ 0.0 0.0 SSZ neg 0.0 0.0 FMTX astore}
- {SSZ 0.0 SLT neg sin SLT cos div SSZ mul SSZ neg 0.0 0.0 FMTX astore}
- ifelse makefont setfont} bind def
-/SLT 0.0 def
-/SI { /SLT exch cvr def RDF} bind def
-/WFT /Courier findfont def
-/SF { /WFT exch findfont def RDF} bind def
-/SSZ 1000.0 def
-/SS { /SSZ exch 100.0 mul def RDF} bind def
-/AF { /WFT exch findfont def /SSZ exch 100.0 mul def RDF} bind def
-/MT /moveto load def
-/XM {currentpoint exch pop moveto} bind def
-/UL {gsave newpath moveto dup 2.0 div 0.0 exch rmoveto
- setlinewidth 0.0 rlineto stroke grestore} bind def
-/LH {gsave newpath moveto setlinewidth
- 0.0 rlineto
- gsave stroke grestore} bind def
-/LV {gsave newpath moveto setlinewidth
- 0.0 exch rlineto
- gsave stroke grestore} bind def
-/BX {gsave newpath moveto setlinewidth
- exch
- dup 0.0 rlineto
- exch 0.0 exch neg rlineto
- neg 0.0 rlineto
- closepath
- gsave stroke grestore} bind def
-/BX1 {grestore} bind def
-/BX2 {setlinewidth 1 setgray stroke grestore} bind def
-/PB {/PV save def newpath translate
- 100.0 -100.0 scale pop /showpage {} def} bind def
-/PE {PV restore} bind def
-/GB {/PV save def newpath translate rotate
- div dup scale 100.0 -100.0 scale /showpage {} def} bind def
-/GE {PV restore} bind def
-/FB {dict dup /FontMapDict exch def begin} bind def
-/FM {cvn exch cvn exch def} bind def
-/FE {end /original-findfont /findfont load def /findfont
- {dup FontMapDict exch known{FontMapDict exch get} if
- original-findfont} def} bind def
-/BC {gsave moveto dup 0 exch rlineto exch 0 rlineto neg 0 exch rlineto closepath clip} bind def
-/EC /grestore load def
-/SH /show load def
-/MX {exch show 0.0 rmoveto} bind def
-/W {0 32 4 -1 roll widthshow} bind def
-/WX {0 32 5 -1 roll widthshow 0.0 rmoveto} bind def
-/RC {100.0 -100.0 scale
-612.0 0.0 translate
--90.0 rotate
-.01 -.01 scale} bind def
-/URC {100.0 -100.0 scale
-90.0 rotate
--612.0 0.0 translate
-.01 -.01 scale} bind def
-/RCC {100.0 -100.0 scale
-0.0 -792.0 translate 90.0 rotate
-.01 -.01 scale} bind def
-/URCC {100.0 -100.0 scale
--90.0 rotate 0.0 792.0 translate
-.01 -.01 scale} bind def
-%%EndProlog
-%%Page: 0 1
-BS
-0 SI
-20 /Times-Bold AF
-18823 13788 MT
-(Kerberos Installation Notes)SH
-27156 15798 MT
-(DRAFT)SH
-16 /Times-Roman AF
-27021 23502 MT
-(Bill Bryant)SH
-25557 25150 MT
-(Jennifer Steiner)SH
-27289 26798 MT
-(John Kohl)SH
-23957 30444 MT
-(Project Athena, MIT)SH
-/Times-Bold SF
-19489 36042 MT
-(Initial Release, January 24, 1989)SH
-/Times-Italic SF
-17558 37690 MT
-(\050plus later patches through patchlevel 7\051)SH
-11 /Times-Roman AF
-7200 45644 MT
-(The release consists of three parts.)SH
-7200 47942 MT
-(The first part consists of the core Kerberos system, which was developed at MIT and does not require)SH
-7200 49138 MT
-(additional licenses for us to distribute. Included in this part are the Kerberos authentication server, the)SH
-7200 50334 MT
-(Kerberos library, the)SH
-/Times-Italic SF
-16606 XM
-(ndbm)SH
-/Times-Roman SF
-19325 XM
-(database interface library, user programs, administration programs, manual)SH
-7200 51530 MT
-(pages, some applications which use Kerberos for authentication, and some utilities.)SH
-7200 53828 MT
-(The second part is the Data Encryption Standard \050DES\051 library, which we are distributing only within the)SH
-7200 55024 MT
-(United States.)SH
-7200 57322 MT
-(The third part contains Kerberos modifications to Sun's NFS, which we distribute as ``context diffs'' to)SH
-7200 58518 MT
-(the Sun NFS source code. Its distribution is controlled to provide an accounting of who has retrieved the)SH
-7200 59714 MT
-(patches, so that Project Athena can comply with its agreements with Sun regarding distribution of these)SH
-7200 60910 MT
-(changes.)SH
-ES
-%%Page: 1 2
-BS
-0 SI
-16 /Times-Bold AF
-7200 8272 MT
-(1. Organization)
-400 W( of the Source Directory)SH
-11 /Times-Roman AF
-7200 10467 MT
-(The Kerberos building and installation process, as described in this document, builds the binaries and)SH
-7200 11663 MT
-(executables from the files contained in the Kerberos source tree, and deposits them in a separate object)SH
-7200 12859 MT
-(tree. This)
-275 W( is intended to easily support several different build trees from a single source tree \050this is useful)SH
-7200 14055 MT
-(if you support several machine architectures\051. We suggest that you copy the Kerberos sources into a)SH
-/Times-Italic SF
-7200 15251 MT
-(/mit/kerberos/src)SH
-/Times-Roman SF
-14991 XM
-(directory, and create as well a)SH
-/Times-Italic SF
-28396 XM
-(/mit/kerberos/obj)SH
-/Times-Roman SF
-36249 XM
-(directory in which to hold the)SH
-7200 16447 MT
-(executables. In)
-275 W( the rest of this document, we'll refer to the Kerberos source and object directories as)SH
-7200 17643 MT
-([SOURCE_DIR] and [OBJ_DIR], respectively.)SH
-7200 19941 MT
-(Below is a brief overview of the organization of the complete source directory. More detailed)SH
-7200 21137 MT
-(descriptions follow.)SH
-/Times-Bold SF
-7200 23088 MT
-(admin)SH
-/Times-Roman SF
-18200 XM
-(utilities for the Kerberos administrator)SH
-/Times-Bold SF
-7200 24783 MT
-(appl)SH
-/Times-Roman SF
-18200 XM
-(applications that use Kerberos)SH
-/Times-Bold SF
-7200 26478 MT
-(appl/bsd)SH
-/Times-Roman SF
-18200 XM
-(Berkeley's rsh/rlogin suite, using Kerberos)SH
-/Times-Bold SF
-7200 28173 MT
-(appl/knetd)SH
-/Times-Roman SF
-18200 XM
-(\050old\051 software for inetd-like multiplexing of a single TCP listening port)SH
-/Times-Bold SF
-7200 29868 MT
-(appl/sample)SH
-/Times-Roman SF
-18200 XM
-(sample application servers and clients)SH
-/Times-Bold SF
-7200 31563 MT
-(appl/tftp)SH
-/Times-Roman SF
-18200 XM
-(Trivial File Transfer Protocol, using Kerberos)SH
-/Times-Bold SF
-7200 33258 MT
-(include)SH
-/Times-Roman SF
-18200 XM
-(include files)SH
-/Times-Bold SF
-7200 34953 MT
-(kadmin)SH
-/Times-Roman SF
-18200 XM
-(remote administrative interface to the Kerberos master database)SH
-/Times-Bold SF
-7200 36648 MT
-(kuser)SH
-/Times-Roman SF
-18200 XM
-(assorted user programs)SH
-/Times-Bold SF
-7200 38343 MT
-(lib)SH
-/Times-Roman SF
-18200 XM
-(libraries for use with/by Kerberos)SH
-/Times-Bold SF
-7200 40038 MT
-(lib/acl)SH
-/Times-Roman SF
-18200 XM
-(Access Control List library)SH
-/Times-Bold SF
-7200 41733 MT
-(lib/des)SH
-/Times-Roman SF
-18200 XM
-(Data Encryption Standard library \050US only\051)SH
-/Times-Bold SF
-7200 43428 MT
-(lib/kadm)SH
-/Times-Roman SF
-18200 XM
-(administrative interface library)SH
-/Times-Bold SF
-7200 45123 MT
-(lib/kdb)SH
-/Times-Roman SF
-18200 XM
-(Kerberos server library interface to)SH
-/Times-Italic SF
-33925 XM
-(ndbm)SH
-/Times-Bold SF
-7200 46818 MT
-(lib/knet)SH
-/Times-Roman SF
-18200 XM
-(\050old\051 library for use with)SH
-/Times-Bold SF
-29349 XM
-(knetd)SH
-7200 48513 MT
-(lib/krb)SH
-/Times-Roman SF
-18200 XM
-(Kerberos library)SH
-/Times-Bold SF
-7200 50208 MT
-(man)SH
-/Times-Roman SF
-18200 XM
-(manual pages)SH
-/Times-Bold SF
-7200 51903 MT
-(prototypes)SH
-/Times-Roman SF
-18200 XM
-(sample configuration files)SH
-/Times-Bold SF
-7200 53598 MT
-(server)SH
-/Times-Roman SF
-18200 XM
-(the authentication server)SH
-/Times-Bold SF
-7200 55293 MT
-(slave)SH
-/Times-Roman SF
-18200 XM
-(Kerberos slave database propagation software)SH
-/Times-Bold SF
-7200 56988 MT
-(tools)SH
-/Times-Roman SF
-18200 XM
-(shell scripts for maintaining the source tree)SH
-/Times-Bold SF
-7200 58683 MT
-(util)SH
-/Times-Roman SF
-18200 XM
-(utilities)SH
-/Times-Bold SF
-7200 60378 MT
-(util/imake)SH
-/Times-Roman SF
-18200 XM
-(Imakefile-to-Makefile ``compilation'' tool)SH
-/Times-Bold SF
-7200 62073 MT
-(util/ss)SH
-/Times-Roman SF
-18200 XM
-(Sub-system library \050for command line subsystems\051)SH
-/Times-Bold SF
-7200 63768 MT
-(util/et)SH
-/Times-Roman SF
-18200 XM
-(Error-table library \050for independent, unique error codes\051)SH
-/Times-Bold SF
-7200 65463 MT
-(util/makedepend)SH
-/Times-Roman SF
-18200 XM
-(Makefile dependency generator tool)SH
-10 SS
-7200 75600 MT
-(MIT Project Athena)SH
-30350 XM
-(1)SH
-47890 XM
-(4 January 1990)SH
-ES
-%%Page: 2 3
-BS
-0 SI
-14 /Times-Bold AF
-7200 8167 MT
-(1.1 The)350 W
-/Times-BoldItalic SF
-12334 XM
-(admin)SH
-/Times-Bold SF
-16340 XM
-(Directory)SH
-11 /Times-Roman AF
-7200 10362 MT
-(This directory contains source for the Kerberos master database administration tools.)SH
-/Times-Bold SF
-7200 12313 MT
-(kdb_init)SH
-/Times-Roman SF
-18200 XM
-(This program creates and initializes the Kerberos master database. It prompts)SH
-18200 13509 MT
-(for a Kerberos realmname, and the Kerberos master password.)SH
-/Times-Bold SF
-7200 15204 MT
-(kstash)SH
-/Times-Roman SF
-18200 XM
-(This program ``stashes'' the master password in the file)SH
-/Times-Italic SF
-43033 XM
-(/.k)SH
-/Times-Roman SF
-44377 XM
-(so that the master)SH
-18200 16400 MT
-(server machine can restart the Kerberos server automatically after an unattended)SH
-18200 17596 MT
-(reboot. The)
-275 W( hidden password is also available to administrative programs that)SH
-18200 18792 MT
-(have been set to run automatically.)SH
-/Times-Bold SF
-7200 20487 MT
-(kdb_edit)SH
-/Times-Roman SF
-18200 XM
-(This program is a low-level tool for editing the master database.)SH
-/Times-Bold SF
-7200 22182 MT
-(kdb_destroy)SH
-/Times-Roman SF
-18200 XM
-(This program deletes the master database.)SH
-/Times-Bold SF
-7200 23877 MT
-(kdb_util)SH
-/Times-Roman SF
-18200 XM
-(This program can be used to dump the master database into an ascii file, and can)SH
-18200 25073 MT
-(also be used to load the ascii file into the master database.)SH
-/Times-Bold SF
-7200 26768 MT
-(ext_srvtab)SH
-/Times-Roman SF
-18200 XM
-(This program extracts information from the master database and creates a host-)SH
-18200 27964 MT
-(dependent)SH
-/Times-Italic SF
-22995 XM
-(srvtab)SH
-/Times-Roman SF
-26020 XM
-(file. This)
-275 W( file contains the Kerberos keys for the host's)SH
-18200 29160 MT
-(``Kerberized'' services. These services look up their keys in the)SH
-/Times-Italic SF
-46846 XM
-(srvtab)SH
-/Times-Roman SF
-49871 XM
-(file for)SH
-18200 30356 MT
-(use in the authentication process.)SH
-14 /Times-Bold AF
-7200 34203 MT
-(1.2 The)350 W
-/Times-BoldItalic SF
-12334 XM
-(kuser)SH
-/Times-Bold SF
-15874 XM
-(Directory)SH
-11 /Times-Roman AF
-7200 36398 MT
-(This directory contains the source code for several user-oriented programs.)SH
-/Times-Bold SF
-7200 38349 MT
-(kinit)SH
-/Times-Roman SF
-18200 XM
-(This program prompts users for their usernames and Kerberos passwords, then)SH
-18200 39545 MT
-(furnishes them with Kerberos ticket-granting tickets.)SH
-/Times-Bold SF
-7200 41240 MT
-(kdestroy)SH
-/Times-Roman SF
-18200 XM
-(This program destroys any active tickets. Users should use)SH
-/Times-Italic SF
-44563 XM
-(kdestroy)SH
-/Times-Roman SF
-48564 XM
-(before they)SH
-18200 42436 MT
-(log off their workstations.)SH
-/Times-Bold SF
-7200 44131 MT
-(klist)SH
-/Times-Roman SF
-18200 XM
-(This program lists a user's active tickets.)SH
-/Times-Bold SF
-7200 45826 MT
-(ksrvtgt)SH
-/Times-Roman SF
-18200 XM
-(This retrieves a ticket-granting ticket with a life time of five minutes, using a)SH
-18200 47022 MT
-(server's secret key in lieu of a password. It is primarily for use in shell scripts)SH
-18200 48218 MT
-(and other batch facilities.)SH
-/Times-Bold SF
-7200 49913 MT
-(ksu)SH
-/Times-Roman SF
-18200 XM
-(Substitute user id, using Kerberos to mediate attempts to change to ``root''.)SH
-14 /Times-Bold AF
-7200 53760 MT
-(1.3 The)350 W
-/Times-BoldItalic SF
-12334 XM
-(appl)SH
-/Times-Bold SF
-15173 XM
-(Directory)SH
-11 /Times-Roman AF
-7200 55955 MT
-(If your site has the appropriate BSD license, your Kerberos release provides certain Unix utilities The)SH
-7200 57151 MT
-(Berkeley programs that have been modified to use Kerberos authentication are found in the)SH
-/Times-Italic SF
-47640 XM
-(appl/bsd)SH
-/Times-Roman SF
-7200 58347 MT
-(directory. They)
-275 W( include)SH
-/Times-Italic SF
-18043 XM
-(login)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-20855 XM
-(rlogin)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-24095 XM
-(rsh)SH
-/Times-Roman SF
-(, and)SH
-/Times-Italic SF
-27914 XM
-(rcp)SH
-/Times-Roman SF
-(, as well as the associated daemon programs)SH
-/Times-Italic SF
-49081 XM
-(kshd)SH
-/Times-Roman SF
-51372 XM
-(and)SH
-/Times-Italic SF
-7200 59543 MT
-(klogind)SH
-/Times-Roman SF
-(. The)275 W
-/Times-Italic SF
-13310 XM
-(login)SH
-/Times-Roman SF
-15847 XM
-(program obtains ticket-granting tickets for users upon login; the other utilities provide)SH
-7200 60739 MT
-(authenticated Unix network services.)SH
-7200 63037 MT
-(The)SH
-/Times-Italic SF
-9185 XM
-(appl)SH
-/Times-Roman SF
-11416 XM
-(directory also contains samples Kerberos application client and server programs, an)SH
-7200 64233 MT
-(authenticated)SH
-/Times-Italic SF
-13339 XM
-(tftp)SH
-/Times-Roman SF
-15082 XM
-(program,)SH
-/Times-Italic SF
-19358 XM
-(knetd)SH
-/Times-Roman SF
-(, an authenticated inet daemon.)SH
-10 SS
-7200 75600 MT
-(MIT Project Athena)SH
-30350 XM
-(2)SH
-47890 XM
-(4 January 1990)SH
-ES
-%%Page: 3 4
-BS
-0 SI
-14 /Times-Bold AF
-7200 8167 MT
-(1.4 The)350 W
-/Times-BoldItalic SF
-12334 XM
-(server)SH
-/Times-Bold SF
-16185 XM
-(Directory)SH
-11 /Times-Roman AF
-7200 10362 MT
-(The)SH
-/Times-Italic SF
-9185 XM
-(server)SH
-/Times-Roman SF
-12208 XM
-(directory contains the Kerberos KDC server, called)SH
-/Times-Italic SF
-35052 XM
-(kerberos)SH
-/Times-Roman SF
-(. This)
-275 W( program manages read-)SH
-7200 11558 MT
-(only requests made to the master database, distributing tickets and encryption keys to clients requesting)SH
-7200 12754 MT
-(authentication service.)SH
-14 /Times-Bold AF
-7200 16601 MT
-(1.5 The)350 W
-/Times-BoldItalic SF
-12334 XM
-(kadmin)SH
-/Times-Bold SF
-17040 XM
-(Directory)SH
-11 /Times-Roman AF
-7200 18796 MT
-(The)SH
-/Times-Italic SF
-9185 XM
-(kadmin)SH
-/Times-Roman SF
-12698 XM
-(directory contains the Kerberos administration server and associated client programs. The)SH
-7200 19992 MT
-(server accepts network requests from the user program)SH
-/Times-Italic SF
-31570 XM
-(kpasswd)SH
-/Times-Roman SF
-35573 XM
-(\050used to change a user's password\051, the)SH
-7200 21188 MT
-(Kerberos administration program)SH
-/Times-Italic SF
-22137 XM
-(kadmin)SH
-/Times-Roman SF
-(, and the srvtab utility program)SH
-/Times-Italic SF
-39276 XM
-(ksrvutil)SH
-/Times-Roman SF
-(. The)
-275 W( administration)SH
-7200 22384 MT
-(server can make modifications to the master database.)SH
-14 /Times-Bold AF
-7200 26231 MT
-(1.6 The)350 W
-/Times-BoldItalic SF
-12334 XM
-(include)SH
-/Times-Bold SF
-16962 XM
-(Directory)SH
-11 /Times-Roman AF
-7200 28426 MT
-(This directory contains the)SH
-/Times-Italic SF
-19236 XM
-(include)SH
-/Times-Roman SF
-22749 XM
-(files needed to build the Kerberos system.)SH
-14 /Times-Bold AF
-7200 32273 MT
-(1.7 The)350 W
-/Times-BoldItalic SF
-12334 XM
-(lib)SH
-/Times-Bold SF
-14162 XM
-(Directory)SH
-11 /Times-Roman AF
-7200 34468 MT
-(The)SH
-/Times-Italic SF
-9185 XM
-(lib)SH
-/Times-Roman SF
-10622 XM
-(directory has six subdirectories:)SH
-/Times-Italic SF
-25193 XM
-(acl)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-27087 XM
-(des)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-29103 XM
-(kadm)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-32035 XM
-(kdb)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-34173 XM
-(knet)SH
-/Times-Roman SF
-(, and)SH
-/Times-Italic SF
-38418 XM
-(krb)SH
-/Times-Roman SF
-(. The)275 W
-/Times-Italic SF
-42694 XM
-(des)SH
-/Times-Roman SF
-44435 XM
-(directory contains)SH
-7200 35664 MT
-(source for the DES encryption library. The)SH
-/Times-Italic SF
-26595 XM
-(kadm)SH
-/Times-Roman SF
-29252 XM
-(directory contains source for the Kerberos)SH
-7200 36860 MT
-(administration server utility library. The)SH
-/Times-Italic SF
-25439 XM
-(kdb)SH
-/Times-Roman SF
-27302 XM
-(directory contains source for the Kerberos database routine)SH
-7200 38056 MT
-(library. The)275 W
-/Times-Italic SF
-12942 XM
-(knet)SH
-/Times-Roman SF
-15049 XM
-(directory contains source for a library used by clients of the)SH
-/Times-Italic SF
-41530 XM
-(knetd)SH
-/Times-Roman SF
-44187 XM
-(server. The)275 W
-/Times-Italic SF
-49683 XM
-(krb)SH
-/Times-Roman SF
-7200 39252 MT
-(directory contains source for the)SH
-/Times-Italic SF
-21707 XM
-(libkrb.a)SH
-/Times-Roman SF
-25435 XM
-(library. This)
-275 W( library contains routines that are used by the)SH
-7200 40448 MT
-(Kerberos server program, and by applications programs that require authentication service.)SH
-14 /Times-Bold AF
-7200 44295 MT
-(1.8 The)350 W
-/Times-BoldItalic SF
-12334 XM
-(man)SH
-/Times-Bold SF
-15251 XM
-(Directory)SH
-11 /Times-Roman AF
-7200 46490 MT
-(This directory contains manual pages for Kerberos programs and library routines.)SH
-14 /Times-Bold AF
-7200 50337 MT
-(1.9 The)350 W
-/Times-BoldItalic SF
-12334 XM
-(prototypes)SH
-/Times-Bold SF
-18596 XM
-(Directory)SH
-11 /Times-Roman AF
-7200 52532 MT
-(This directory contains prototype)SH
-/Times-Italic SF
-22108 XM
-(/etc/services)SH
-/Times-Roman SF
-27819 XM
-(and)SH
-/Times-Italic SF
-29682 XM
-(/etc/krb.conf)SH
-/Times-Roman SF
-35486 XM
-(files. New)
-275 W( entries must be added to the)SH
-/Times-Italic SF
-7200 53728 MT
-(/etc/services)SH
-/Times-Roman SF
-12911 XM
-(file for the Kerberos server, and possibly for Kerberized applications \050)SH
-/Times-Italic SF
-(services.append)SH
-/Times-Roman SF
-7200 54924 MT
-(contains the entries used by the Athena-provided servers & applications, and is suitable for appending to)SH
-7200 56120 MT
-(your existing)SH
-/Times-Italic SF
-13250 XM
-(/etc/services)SH
-/Times-Roman SF
-18961 XM
-(file.\051. The)275 W
-/Times-Italic SF
-23878 XM
-(/etc/krb.conf)SH
-/Times-Roman SF
-29682 XM
-(file defines the local Kerberos realm for its host and)SH
-7200 57316 MT
-(lists Kerberos servers for given realms. The)SH
-/Times-Italic SF
-26961 XM
-(/etc/krb.realms)SH
-/Times-Roman SF
-33865 XM
-(file defines exceptions for mapping machine)SH
-7200 58512 MT
-(names to Kerberos realms.)SH
-14 /Times-Bold AF
-7200 62359 MT
-(1.10 The)350 W
-/Times-BoldItalic SF
-13034 XM
-(tools)SH
-/Times-Bold SF
-16107 XM
-(Directory)SH
-11 /Times-Roman AF
-7200 64554 MT
-(This directory contains a makefile to set up a directory tree for building the software in, and a shell script)SH
-7200 65750 MT
-(to format code in the style we use.)SH
-10 SS
-7200 75600 MT
-(MIT Project Athena)SH
-30350 XM
-(3)SH
-47890 XM
-(4 January 1990)SH
-ES
-%%Page: 4 5
-BS
-0 SI
-14 /Times-Bold AF
-7200 8167 MT
-(1.11 The)350 W
-/Times-BoldItalic SF
-13034 XM
-(util)SH
-/Times-Bold SF
-15329 XM
-(Directory)SH
-11 /Times-Roman AF
-7200 10362 MT
-(This directory contains several utility programs and libraries. Included are Larry Wall's)SH
-/Times-Italic SF
-46296 XM
-(patch)SH
-/Times-Roman SF
-49015 XM
-(program, a)SH
-/Times-Italic SF
-7200 11558 MT
-(make)SH
-/Times-Roman SF
-9795 XM
-(pre-processor program called)SH
-/Times-Italic SF
-22956 XM
-(imake)SH
-/Times-Roman SF
-(, and a program for generating Makefile dependencies,)SH
-/Times-Italic SF
-7200 12754 MT
-(makedepend)SH
-/Times-Roman SF
-(, as well as the Sub-system library and utilities \050)SH
-/Times-Italic SF
-(ss)SH
-/Times-Roman SF
-(\051, and the Error table library and utilities)SH
-7200 13950 MT
-(\050)SH
-/Times-Italic SF
-(et)SH
-/Times-Roman SF
-(\051.)SH
-16 /Times-Bold AF
-7200 18622 MT
-(2. Preparing)
-400 W( for Installation)SH
-11 /Times-Roman AF
-7200 20817 MT
-(This document assumes that you will build the system on the machine on which you plan to install the)SH
-7200 22013 MT
-(Kerberos master server and its database. You'll need about 10 megabytes for source and executables.)SH
-7200 24311 MT
-(By default, there must be a)SH
-/Times-Italic SF
-19327 XM
-(/kerberos)SH
-/Times-Roman SF
-23756 XM
-(directory on the master server machine in which to store the)SH
-7200 25507 MT
-(Kerberos database files. If the master server machine does not have room on its root partition for these)SH
-7200 26703 MT
-(files, create a)SH
-/Times-Italic SF
-13306 XM
-(/kerberos)SH
-/Times-Roman SF
-17735 XM
-(symbolic link to another file system.)SH
-16 /Times-Bold AF
-7200 31375 MT
-(3. Preparing)
-400 W( for the Build)SH
-11 /Times-Roman AF
-7200 33570 MT
-(Before you build the system, you have to choose a)SH
-/Times-Bold SF
-29653 XM
-(realm name)SH
-/Times-Roman SF
-(, the name that specifies the system's)SH
-7200 34766 MT
-(administrative domain. Project Athena uses the internet domain name ATHENA.MIT.EDU to specify its)SH
-7200 35962 MT
-(Kerberos realm name. We recommend using a name of this form.)SH
-/Times-Bold SF
-36857 XM
-(NOTE:)SH
-/Times-Roman SF
-40616 XM
-(the realm-name is case)SH
-7200 37158 MT
-(sensitive; by convention, we suggest that you use your internet domain name, in capital letters.)SH
-7200 39456 MT
-(Edit the [SOURCE_DIR]/)SH
-/Times-Italic SF
-(include/krb.h)SH
-/Times-Roman SF
-24860 XM
-(file and look for the following lines of code:)SH
-10 SS
-7200 75600 MT
-(MIT Project Athena)SH
-30350 XM
-(4)SH
-47890 XM
-(4 January 1990)SH
-ES
-%%Page: 5 6
-BS
-0 SI
-11 /Courier AF
-8520 7886 MT
-(/*)SH
-9180 9000 MT
-(* Kerberos specific definitions)SH
-9180 10114 MT
-(*)SH
-9180 11228 MT
-(* KRBLOG is the log file for the kerberos master server.)SH
-9180 12342 MT
-(* KRB_CONF is the configuration file where different host)SH
-9180 13456 MT
-(* machines running master and slave servers can be found.)SH
-9180 14570 MT
-(* KRB_MASTER is the name of the machine with the master)SH
-9180 15684 MT
-(* database. The admin_server runs on this machine, and all)SH
-9180 16798 MT
-(* changes to the db \050as opposed to read-only requests, which)SH
-9180 17912 MT
-(* can go to slaves\051 must go to it.)SH
-9180 19026 MT
-(* KRB_HOST is the default machine when looking for a kerberos)SH
-9180 20140 MT
-(* slave server. Other possibilities are in the KRB_CONF file.)SH
-9180 21254 MT
-(* KRB_REALM is the name of the realm.)SH
-9180 22368 MT
-(*/)SH
-8520 24596 MT
-(#ifdef notdef)SH
-8520 25710 MT
-(this is server-only, does not belong here;)SH
-8520 26824 MT
-(#define KRBLOG)
-3960 W( "/kerberos/kerberos.log")5940 W
-8520 27938 MT
-(are these used anyplace '?';)SH
-8520 29052 MT
-(#define VX_KRB_HSTFILE)
-9240 W( "/etc/krbhst")660 W
-8520 30166 MT
-(#define PC_KRB_HSTFILE)
-9240 W( "\134\134kerberos\134\134krbhst")660 W
-8520 31280 MT
-(#endif)SH
-8520 33508 MT
-(#define KRB_CONF)
-9240 W( "/etc/krb.conf")4620 W
-8520 34622 MT
-(#define KRB_RLM_TRANS)
-9240 W( "/etc/krb.realms")1320 W
-8520 35736 MT
-(#define KRB_MASTER)
-9240 W( "kerberos")3300 W
-8520 36850 MT
-(#define KRB_HOST)
-9240 W( KRB_MASTER)5280 W
-8520 37964 MT
-(#define KRB_REALM)
-9240 W( "ATHENA.MIT.EDU")3960 W
-/Times-Roman SF
-7200 39559 MT
-(Edit the last line as follows:)SH
-9400 41510 MT
-(1.)SH
-10500 XM
-(Change the KRB_REALM definition so that it specifies the realm name you have chosen)SH
-10500 42706 MT
-(for your Kerberos system. This is a default which is usually overridden by a configuration)SH
-10500 43902 MT
-(file on each machine; however, if that config file is absent, many programs will use this)SH
-10500 45098 MT
-("built-in" realm name.)SH
-14 /Times-Bold AF
-7200 48945 MT
-(3.1 The)350 W
-/Times-BoldItalic SF
-12334 XM
-(/etc/krb.conf)SH
-/Times-Bold SF
-19956 XM
-(File)SH
-11 /Times-Roman AF
-7200 51140 MT
-(Create a)SH
-/Times-Italic SF
-11108 XM
-(/etc/krb.conf)SH
-/Times-Roman SF
-16912 XM
-(file using the following format:)SH
-/Times-BoldItalic SF
-8520 52740 MT
-(realm_name)SH
-8520 53854 MT
-(realm_name master_server_name)1045 W
-/Courier SF
-25594 XM
-(admin server)SH
-/Times-Roman SF
-7200 55449 MT
-(where)SH
-/Times-Italic SF
-10161 XM
-(realm_name)SH
-/Times-Roman SF
-15934 XM
-(specifies the system's realm name, and)SH
-/Times-Italic SF
-33375 XM
-(master_server_name)SH
-/Times-Roman SF
-42874 XM
-(specifies the machine)SH
-7200 56645 MT
-(name on which you will run the master server. The words 'admin server' must appear next to the name of)SH
-7200 57841 MT
-(the server on which you intend to run the administration server \050which must be a machine with access to)SH
-7200 59037 MT
-(the database\051.)SH
-7200 61335 MT
-(For example, if your realm name is)SH
-/Times-Italic SF
-22962 XM
-(tim.edu)SH
-/Times-Roman SF
-26506 XM
-(and your master server's name is)SH
-/Times-Italic SF
-41288 XM
-(kerberos.tim.edu)SH
-/Times-Roman SF
-(, the file)SH
-7200 62531 MT
-(should have these contents:)SH
-/Courier SF
-8520 64057 MT
-(tim.edu)SH
-8520 65171 MT
-(tim.edu kerberos.tim.edu)
-660 W( admin server)SH
-/Times-Roman SF
-7200 67469 MT
-(See the [SOURCE_DIR]/)SH
-/Times-Italic SF
-(prototypes/etc.krb.conf)SH
-/Times-Roman SF
-28921 XM
-(file for an example)SH
-/Times-Italic SF
-37533 XM
-(/etc/krb.conf)SH
-/Times-Roman SF
-43337 XM
-(file. That)
-275 W( file has)SH
-10 SS
-7200 75600 MT
-(MIT Project Athena)SH
-30350 XM
-(5)SH
-47890 XM
-(4 January 1990)SH
-ES
-%%Page: 6 7
-BS
-0 SI
-11 /Times-Roman AF
-7200 7955 MT
-(examples of how to provide backup servers for a given realm \050additional lines with the same leading)SH
-7200 9151 MT
-(realm name\051 and how to designate servers for remote realms.)SH
-14 /Times-Bold AF
-7200 12998 MT
-(3.2 The)350 W
-/Times-BoldItalic SF
-12334 XM
-(/etc/krb.realms)SH
-/Times-Bold SF
-21280 XM
-(File)SH
-11 /Times-Roman AF
-7200 15193 MT
-(In many situations, the default realm in which a host operates will be identical to the domain portion its)SH
-7200 16389 MT
-(Internet domain name.)SH
-7200 18687 MT
-(If this is not the case, you will need to establish a translation from host name or domain name to realm)SH
-7200 19883 MT
-(name. This)
-275 W( is accomplished with the)SH
-/Times-Italic SF
-23820 XM
-(/etc/krb.realms)SH
-/Times-Roman SF
-30724 XM
-(file.)SH
-7200 22181 MT
-(Each line of the translation file specifies either a hostname or domain name, and its associated realm:)SH
-/Courier SF
-8520 23707 MT
-(.domain.name kerberos.realm1)SH
-8520 24821 MT
-(host.name kerberos.realm2)SH
-/Times-Roman SF
-7200 26416 MT
-(For example, to map all hosts in the domain LSC.TIM.EDU to KRB.REALM1 but the host)SH
-7200 27612 MT
-(FILMS.LSC.TIM.EDU to KRB.REALM2 your file would read:)SH
-/Courier SF
-8520 29138 MT
-(.LSC.TIM.EDU KRB.REALM1)SH
-8520 30252 MT
-(FILMS.LSC.TIM.EDU KRB.REALM2)SH
-/Times-Roman SF
-7200 31847 MT
-(If a particular host matches both a domain and a host entry, the host entry takes precedence.)SH
-16 /Times-Bold AF
-7200 36519 MT
-(4. Building)
-400 W( the Software)SH
-11 /Times-Roman AF
-7200 38714 MT
-(Before you build the software read the)SH
-/Times-Bold SF
-24395 XM
-(README)SH
-/Times-Roman SF
-29558 XM
-(file in [SOURCE_DIR]. What follows is a more)SH
-7200 39910 MT
-(detailed description of the instructions listed in README.)SH
-9400 41861 MT
-(1.)SH
-10500 XM
-(Create an [OBJ_DIR] directory to hold the tree of Kerberos object files you are about to)SH
-10500 43057 MT
-(build, for example,)SH
-/Times-Italic SF
-19145 XM
-(/mit/kerberos/obj)SH
-/Times-Roman SF
-(.)SH
-9400 44951 MT
-(2.)SH
-10500 XM
-(Change directory to [OBJ_DIR]. The following command creates directories under)SH
-10500 46147 MT
-([OBJ_DIR] and installs Makefiles for the final build.)SH
-/Courier SF
-11820 47724 MT
-(host%)SH
-/Times-Bold SF
-15780 XM
-(make -f [SOURCE_DIR]/tools/makeconfig SRCDIR=[SOURCE_DIR])275 W
-/Times-Roman SF
-9400 49618 MT
-(3.)SH
-10500 XM
-(Change directory to util/imake.includes. Read through config.Imakefile, turning on)SH
-10500 50814 MT
-(appropriate flags for your installation. Change SRCTOP so that it is set to the top level of)SH
-10500 52010 MT
-(your source directory.)SH
-9400 53904 MT
-(4.)SH
-10500 XM
-(Check that your machine type has a definition in include/osconf.h & related files in the)SH
-10500 55100 MT
-(source tree \050if it doesn't, then you may need to create your own; if you get successful)SH
-10500 56296 MT
-(results, please post to kerberos at athena.mit.edu\051)SH
-9400 58190 MT
-(5.)SH
-10500 XM
-(Change directory to [OBJ_DIR]. The next command generates new Makefiles based on the)SH
-10500 59386 MT
-(configuration you selected in config.Imakefile, then adds dependency information to the)SH
-10500 60582 MT
-(Makefiles, and finally builds the system:)SH
-/Courier SF
-11820 62159 MT
-(host%)SH
-/Times-Bold SF
-15780 XM
-(make world)275 W
-/Times-Roman SF
-10500 63754 MT
-(This command takes a while to complete; you may wish to redirect the output onto a file)SH
-10500 64950 MT
-(and put the job in the background:)SH
-/Courier SF
-11820 66527 MT
-(host%)SH
-/Times-Bold SF
-15780 XM
-(make world)
-275 W( >&WORLDLOG_891201 &)SH
-/Times-Roman SF
-10500 68122 MT
-(If you need to rebuild the Kerberos programs and libraries after making a change, you can)SH
-10 SS
-7200 75600 MT
-(MIT Project Athena)SH
-30350 XM
-(6)SH
-47890 XM
-(4 January 1990)SH
-ES
-%%Page: 7 8
-BS
-0 SI
-11 /Times-Roman AF
-10500 7955 MT
-(usually just type:)SH
-/Courier SF
-11820 9532 MT
-(host%)SH
-/Times-Bold SF
-15780 XM
-(make all)275 W
-/Times-Roman SF
-10500 11127 MT
-(However, if you changed the configuration in config.Imakefile or modified the Imakefiles)SH
-10500 12323 MT
-(or Makefiles, you should run)SH
-/Times-Italic SF
-23514 XM
-(make world)SH
-/Times-Roman SF
-28952 XM
-(to re-build all the Makefiles and dependency lists.)SH
-14 /Times-Bold AF
-7200 16141 MT
-(4.1 Testing)
-350 W( the DES Library)SH
-11 /Times-Roman AF
-7200 18336 MT
-(Use the)SH
-/Times-Italic SF
-10804 XM
-(verify)SH
-/Times-Roman SF
-13583 XM
-(command to test the DES library implementation:)SH
-/Courier SF
-8520 19913 MT
-(host%)SH
-/Times-Bold SF
-12480 XM
-([OBJ_DIR]/lib/des/verify)SH
-/Times-Roman SF
-7200 21508 MT
-(The command should display the following:)SH
-10 SS
-7200 75600 MT
-(MIT Project Athena)SH
-30350 XM
-(7)SH
-47890 XM
-(4 January 1990)SH
-ES
-%%Page: 8 9
-BS
-0 SI
-11 /Courier AF
-8520 7886 MT
-(Examples per FIPS publication 81, keys ivs and cipher)SH
-8520 9000 MT
-(in hex. These are the correct answers, see below for)SH
-8520 10114 MT
-(the actual answers.)SH
-8520 12342 MT
-(Examples per Davies and Price.)SH
-8520 14570 MT
-(EXAMPLE ECB)
-SH( key)
-2640 W( = 08192a3b4c5d6e7f)SH
-13800 15684 MT
-(clear = 0)SH
-13800 16798 MT
-(cipher = 25 dd ac 3e 96 17 64 67)SH
-8520 17912 MT
-(ACTUAL ECB)SH
-13800 19026 MT
-(clear "")SH
-13800 20140 MT
-(cipher =)
-660 W( \050low to high bytes\051)SH
-19080 21254 MT
-(25 dd ac 3e 96 17 64 67)SH
-8520 23482 MT
-(EXAMPLE ECB)
-SH( key)
-2640 W( = 0123456789abcdef)SH
-13800 24596 MT
-(clear = "Now is the time for all ")SH
-13800 25710 MT
-(cipher = 3f a4 0e 8a 98 4d 48 15 ...)SH
-8520 26824 MT
-(ACTUAL ECB)SH
-13800 27938 MT
-(clear "Now is the time for all ")SH
-13800 29052 MT
-(cipher =)
-660 W( \050low to high bytes\051)SH
-19080 30166 MT
-(3f a4 0e 8a 98 4d 48 15)SH
-8520 32394 MT
-(EXAMPLE CBC)
-SH( key)
-2640 W( = 0123456789abcdef iv = 1234567890abcdef)SH
-13800 33508 MT
-(clear = "Now is the time for all ")SH
-13800 34622 MT
-(cipher =)
-SH( e5)
-4620 W( c7 cd de 87 2b f2 7c)SH
-24360 35736 MT
-(43 e9 34 00 8c 38 9c 0f)SH
-24360 36850 MT
-(68 37 88 49 9a 7c 05 f6)SH
-8520 37964 MT
-(ACTUAL CBC)SH
-13800 39078 MT
-(clear "Now is the time for all ")SH
-13800 40192 MT
-(ciphertext = \050low to high bytes\051)SH
-19080 41306 MT
-(e5 c7 cd de 87 2b f2 7c)SH
-19080 42420 MT
-(43 e9 34 00 8c 38 9c 0f)SH
-19080 43534 MT
-(68 37 88 49 9a 7c 05 f6)SH
-19080 44648 MT
-(00 00 00 00 00 00 00 00)SH
-19080 45762 MT
-(00 00 00 00 00 00 00 00)SH
-19080 46876 MT
-(00 00 00 00 00 00 00 00)SH
-19080 47990 MT
-(00 00 00 00 00 00 00 00)SH
-19080 49104 MT
-(00 00 00 00 00 00 00 00)SH
-13800 50218 MT
-(decrypted clear_text = "Now is the time for all ")SH
-8520 51332 MT
-(EXAMPLE CBC checksum)
-SH( key)
-1980 W( = 0123456789abcdef iv = 1234567890abcdef)SH
-13800 52446 MT
-(clear =)
-SH( "7654321)
-5280 W( Now is the time for ")SH
-13800 53560 MT
-(checksum 58)
-4620 W( d2 e7 7e 86 06 27 33 or some part thereof)SH
-8520 54674 MT
-(ACTUAL CBC checksum)SH
-19080 55788 MT
-(encrypted cksum = \050low to high bytes\051)SH
-19080 56902 MT
-(58 d2 e7 7e 86 06 27 33)SH
-/Times-Roman SF
-7200 59200 MT
-(If the)SH
-/Times-Italic SF
-9826 XM
-(verify)SH
-/Times-Roman SF
-12605 XM
-(command fails to display this information as specified above, the implementation of DES for)SH
-7200 60396 MT
-(your hardware needs to be adjusted. Your Kerberos system cannot work properly if your DES library)SH
-7200 61592 MT
-(fails this test.)SH
-7200 63890 MT
-(When you have finished building the software, you will find the executables in the object tree as follows:)SH
-/Times-Bold SF
-7200 65841 MT
-([OBJ_DIR]/admin)SH
-/Times-Italic SF
-18200 XM
-(ext_srvtab)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-23332 XM
-(kdb_destroy)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-29258 XM
-(kdb_edit)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-33596 XM
-(kdb_init)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-37752 XM
-(kdb_util)SH
-/Times-Roman SF
-(, and)SH
-/Times-Italic SF
-43771 XM
-(kstash)SH
-/Times-Roman SF
-(.)SH
-/Times-Bold SF
-7200 67536 MT
-([OBJ_DIR]/kuser)SH
-/Times-Italic SF
-18200 XM
-(kdestroy)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-22476 XM
-(kinit)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-24982 XM
-(klist)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-27366 XM
-(ksrvtgt)SH
-/Times-Roman SF
-(, and)SH
-/Times-Italic SF
-32773 XM
-(ksu)SH
-/Times-Roman SF
-(.)SH
-10 SS
-7200 75600 MT
-(MIT Project Athena)SH
-30350 XM
-(8)SH
-47890 XM
-(4 January 1990)SH
-ES
-%%Page: 9 10
-BS
-0 SI
-11 /Times-Bold AF
-7200 7955 MT
-([OBJ_DIR]/server)SH
-/Times-Italic SF
-18200 XM
-(kerberos)SH
-/Times-Roman SF
-(.)SH
-/Times-Bold SF
-7200 9650 MT
-([OBJ_DIR]/appl/bsd)SH
-/Times-Italic SF
-18200 XM
-(klogind)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-22050 XM
-(kshd)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-24616 XM
-(login.krb)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-29169 XM
-(rcp)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-31185 XM
-(rlogin)SH
-/Times-Roman SF
-(, and)SH
-/Times-Italic SF
-36288 XM
-(rsh)SH
-/Times-Roman SF
-(.)SH
-/Times-Bold SF
-7200 11345 MT
-([OBJ_DIR]/appl/knetd)SH
-/Times-Italic SF
-18200 XM
-(knetd)SH
-/Times-Roman SF
-(.)SH
-/Times-Bold SF
-7200 13040 MT
-([OBJ_DIR]/appl/sample)SH
-/Times-Italic SF
-18200 14236 MT
-(sample_server)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-25164 XM
-(sample_client)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-31824 XM
-(simple_server)SH
-/Times-Roman SF
-(, and)SH
-/Times-Italic SF
-40407 XM
-(simple_client)SH
-/Times-Roman SF
-(.)SH
-/Times-Bold SF
-7200 15931 MT
-([OBJ_DIR]/appl/tftp)SH
-/Times-Italic SF
-18200 XM
-(tcom)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-20888 XM
-(tftpd)SH
-/Times-Roman SF
-(, and)SH
-/Times-Italic SF
-25319 XM
-(tftp)SH
-/Times-Roman SF
-(.)SH
-/Times-Bold SF
-7200 17626 MT
-([OBJ_DIR]/slave)SH
-/Times-Italic SF
-18200 XM
-(kprop)SH
-/Times-Roman SF
-21041 XM
-(and)SH
-/Times-Italic SF
-22904 XM
-(kpropd)SH
-/Times-Roman SF
-(.)SH
-16 /Times-Bold AF
-7200 22298 MT
-(5. Installing)
-400 W( the Software)SH
-11 /Times-Roman AF
-7200 24493 MT
-(To install the software, issue the)SH
-/Times-Italic SF
-21711 XM
-(make install)SH
-/Times-Roman SF
-27333 XM
-(command from the [OBJ_DIR] \050you need to be a privileged)SH
-7200 25689 MT
-(user in order to properly install the programs\051. Programs can either be installed in default directories, or)SH
-7200 26885 MT
-(under a given root directory, as described below.)SH
-14 /Times-Bold AF
-7200 30703 MT
-(5.1 The)
-350 W( ``Standard'' Places)SH
-11 /Times-Roman AF
-7200 32898 MT
-(If you use the)SH
-/Times-Italic SF
-13492 XM
-(make)SH
-/Times-Roman SF
-16087 XM
-(command as follows:)SH
-/Courier SF
-8520 34475 MT
-(host#)SH
-/Times-Bold SF
-12480 XM
-(make install)275 W
-/Times-Roman SF
-7200 36070 MT
-(the installation process will try to install the various parts of the system in ``standard'' directories. This)SH
-7200 37266 MT
-(process creates the ``standard'' directories as needed.)SH
-7200 39564 MT
-(The standard installation process copies things as follows:)SH
-/Symbol SF
-9169 41640 MT
-(\267)SH
-/Times-Roman SF
-9950 XM
-(The)SH
-/Times-Italic SF
-11935 XM
-(include)SH
-/Times-Roman SF
-15448 XM
-(files)SH
-/Times-Italic SF
-17617 XM
-(krb.h)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-20458 XM
-(des.h)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-23299 XM
-(mit-copyright.h)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-30662 XM
-(kadm.h)SH
-/Times-Roman SF
-34144 XM
-(and)SH
-/Times-Italic SF
-36007 XM
-(kadm_err.h)SH
-/Times-Roman SF
-41383 XM
-(get copied to the)SH
-/Times-Italic SF
-9950 42836 MT
-(/usr/include)SH
-/Times-Roman SF
-15481 XM
-(directory.)SH
-/Symbol SF
-9169 44730 MT
-(\267)SH
-/Times-Roman SF
-9950 XM
-(The Kerberos libraries)SH
-/Times-Italic SF
-20119 XM
-(libdes.a)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-24122 XM
-(libkrb.a)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-28125 XM
-(libkdb.a)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-32250 XM
-(libkadm.a)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-37169 XM
-(libknet.a)SH
-/Times-Roman SF
-(, and)SH
-/Times-Italic SF
-43401 XM
-(libacl.a)SH
-/Times-Roman SF
-47007 XM
-(get)SH
-9950 45926 MT
-(copied to the)SH
-/Times-Italic SF
-15907 XM
-(/usr/athena/lib)SH
-/Times-Roman SF
-22662 XM
-(\050or wherever you pointed LIBDIR in config.Imakefile\051)SH
-9950 47122 MT
-(directory.)SH
-/Symbol SF
-9169 49016 MT
-(\267)SH
-/Times-Roman SF
-9950 XM
-(The Kerberos master database utilities)SH
-/Times-Italic SF
-27085 XM
-(kdb_init)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-31241 XM
-(kdb_destroy)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-37167 XM
-(kdb_edit)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-41505 XM
-(kdb_util)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-45661 XM
-(kstash)SH
-/Times-Roman SF
-(, and)SH
-/Times-Italic SF
-9950 50212 MT
-(ext_srvtab)SH
-/Times-Roman SF
-14807 XM
-(get copied to the)SH
-/Times-Italic SF
-22383 XM
-(/usr/etc)SH
-/Times-Roman SF
-25958 XM
-(\050DAEMDIR\051 directory.)SH
-/Symbol SF
-9169 52106 MT
-(\267)SH
-/Times-Roman SF
-9950 XM
-(The Kerberos user utilities)SH
-/Times-Italic SF
-21924 XM
-(kinit)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-24430 XM
-(kdestroy)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-28706 XM
-(klist)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-31090 XM
-(ksrvtgt)SH
-/Times-Roman SF
-34359 XM
-(and)SH
-/Times-Italic SF
-36222 XM
-(ksu)SH
-/Times-Roman SF
-37963 XM
-(get copied to the)SH
-/Times-Italic SF
-45539 XM
-(/usr/athena)SH
-/Times-Roman SF
-9950 53302 MT
-(\050PROGDIR\051 directory.)SH
-/Symbol SF
-9169 55196 MT
-(\267)SH
-/Times-Roman SF
-9950 XM
-(The modified Berkeley utilities)SH
-/Times-Italic SF
-24004 XM
-(rsh)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-25960 XM
-(rlogin)SH
-/Times-Roman SF
-28925 XM
-(get copied to the)SH
-/Times-Italic SF
-36501 XM
-(/usr/ucb)SH
-/Times-Roman SF
-40382 XM
-(\050UCBDIR\051 directory;)SH
-/Times-Italic SF
-9950 56392 MT
-(rcp)SH
-/Times-Roman SF
-11691 XM
-(gets copied to the)SH
-/Times-Italic SF
-19695 XM
-(/bin)SH
-/Times-Roman SF
-21682 XM
-(\050SLASHBINDIR\051 directory; and)SH
-/Times-Italic SF
-36375 XM
-(rlogind)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-40165 XM
-(rshd)SH
-/Times-Roman SF
-(, and)SH
-/Times-Italic SF
-44534 XM
-(login.krb)SH
-/Times-Roman SF
-48812 XM
-(get)SH
-9950 57588 MT
-(copied to the)SH
-/Times-Italic SF
-15907 XM
-(/usr/etc)SH
-/Times-Roman SF
-19482 XM
-(\050DAEMDIR\051 directory. The old copies of the user programs are)SH
-9950 58784 MT
-(renamed)SH
-/Times-Italic SF
-14011 XM
-(rsh.ucb)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-17830 XM
-(rlogin.ucb)SH
-/Times-Roman SF
-22658 XM
-(and)SH
-/Times-Italic SF
-24521 XM
-(rcp.ucb)SH
-/Times-Roman SF
-(, respectively. The Kerberos versions of these)SH
-9950 59980 MT
-(programs are designed to fall back and execute the original versions if something prevents)SH
-9950 61176 MT
-(the Kerberos versions from succeeding.)SH
-/Symbol SF
-9169 63070 MT
-(\267)SH
-/Times-Roman SF
-9950 XM
-(The Kerberos version of)SH
-/Times-Italic SF
-20944 XM
-(tftp)SH
-/Times-Roman SF
-22687 XM
-(and)SH
-/Times-Italic SF
-24550 XM
-(tcom)SH
-/Times-Roman SF
-26963 XM
-(get copied to the)SH
-/Times-Italic SF
-34539 XM
-(/usr/athena)SH
-/Times-Roman SF
-39826 XM
-(\050PROGDIR\051 directory;)SH
-/Times-Italic SF
-9950 64266 MT
-(tftpd)SH
-/Times-Roman SF
-12243 XM
-(gets copied to the)SH
-/Times-Italic SF
-20247 XM
-(/etc)SH
-/Times-Roman SF
-22110 XM
-(\050ETCDIR\051 directory.)SH
-/Times-Italic SF
-31884 XM
-(tftp)SH
-/Times-Roman SF
-33627 XM
-(and)SH
-/Times-Italic SF
-35490 XM
-(tftpd)SH
-/Times-Roman SF
-37783 XM
-(are installed set-uid to an)SH
-9950 65462 MT
-(unprivileged user \050user id of DEF_UID\051.)SH
-/Symbol SF
-9169 67356 MT
-(\267)SH
-/Times-Roman SF
-9950 XM
-(The)SH
-/Times-Italic SF
-11935 XM
-(knetd)SH
-/Times-Roman SF
-14592 XM
-(daemon gets copied to the)SH
-/Times-Italic SF
-26353 XM
-(/usr/etc)SH
-/Times-Roman SF
-29928 XM
-(\050DAEMDIR\051 directory.)SH
-10 SS
-7200 75600 MT
-(MIT Project Athena)SH
-30350 XM
-(9)SH
-47890 XM
-(4 January 1990)SH
-ES
-%%Page: 10 11
-BS
-0 SI
-11 /Symbol AF
-9169 8080 MT
-(\267)SH
-/Times-Roman SF
-9950 XM
-(The Kerberos server)SH
-/Times-Italic SF
-19201 XM
-(kerberos)SH
-/Times-Roman SF
-(, the slave propagation software)SH
-/Times-Italic SF
-37343 XM
-(kprop)SH
-/Times-Roman SF
-40184 XM
-(and)SH
-/Times-Italic SF
-42047 XM
-(kpropd)SH
-/Times-Roman SF
-(, and the)SH
-9950 9276 MT
-(administration server)SH
-/Times-Italic SF
-19542 XM
-(kadmind)SH
-/Times-Roman SF
-23605 XM
-(get copied to the)SH
-/Times-Italic SF
-31181 XM
-(/usr/etc)SH
-/Times-Roman SF
-34756 XM
-(\050SVRDIR, SVRDIR, and)SH
-9950 10472 MT
-(DAEMDIR\051 directory.)SH
-/Symbol SF
-9169 12366 MT
-(\267)SH
-/Times-Roman SF
-9950 XM
-(The remote administration tools)SH
-/Times-Italic SF
-24310 XM
-(kpasswd)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-28588 XM
-(ksrvutil)SH
-/Times-Roman SF
-32163 XM
-(and)SH
-/Times-Italic SF
-34026 XM
-(kadmin)SH
-/Times-Roman SF
-37539 XM
-(get copied to the)SH
-/Times-Italic SF
-45115 XM
-(/usr/athena)SH
-/Times-Roman SF
-9950 13562 MT
-(\050PROGDIR\051 directory.)SH
-/Symbol SF
-9169 15456 MT
-(\267)SH
-/Times-Roman SF
-9950 XM
-(The Kerberos manual pages get installed in the appropriate)SH
-/Times-Italic SF
-36187 XM
-(/usr/man)SH
-/Times-Roman SF
-40374 XM
-(directories. Don't)275 W
-9950 16652 MT
-(forget to run)SH
-/Times-Italic SF
-15723 XM
-(makewhatis)SH
-/Times-Roman SF
-21192 XM
-(after installing the manual pages.)SH
-14 /Times-Bold AF
-7200 20470 MT
-(5.2 ``Non-Standard'')
-350 W( Installation)SH
-11 /Times-Roman AF
-7200 22665 MT
-(If you'd rather install the software in a different location, you can use the)SH
-/Times-Italic SF
-39667 XM
-(make)SH
-/Times-Roman SF
-42262 XM
-(command as follows,)SH
-7200 23861 MT
-(where [DEST_DIR] specifies an alternate destination directory which will be used as the root for the)SH
-7200 25057 MT
-(installed programs, i.e. programs that would normally be installed in /usr/athena would be installed in)SH
-7200 26253 MT
-([DEST_DIR]/usr/athena.)SH
-/Courier SF
-8520 27830 MT
-(host#)SH
-/Times-Bold SF
-12480 XM
-(make install DESTDIR=[DEST_DIR])275 W
-16 SS
-7200 32502 MT
-(6. Conclusion)400 W
-11 /Times-Roman AF
-7200 34697 MT
-(Now that you have built and installed your Kerberos system, use the accompanying Kerberos Operation)SH
-4030 50 44224 34897 UL
-4398 50 48529 34897 UL
-7200 35893 MT
-(Notes to create a Kerberos Master database, install authenticated services, and start the Kerberos server.)SH
-2566 50 7200 36093 UL
-16 /Times-Bold AF
-7200 40565 MT
-(7. Acknowledgements)400 W
-11 /Times-Roman AF
-7200 42760 MT
-(We'd like to thank Henry Mensch and Jon Rochlis for helping us debug this document.)SH
-10 SS
-7200 75600 MT
-(MIT Project Athena)SH
-30100 XM
-(10)SH
-47890 XM
-(4 January 1990)SH
-ES
-%%Page: i 12
-BS
-0 SI
-14 /Times-Bold AF
-25272 8138 MT
-(Table of Contents)SH
-13 SS
-7200 9781 MT
-(1. Organization)
-325 W( of the Source Directory)SH
-53350 XM
-(1)SH
-12 /Times-Roman AF
-9000 11136 MT
-(1.1 The)300 W
-/Times-BoldItalic SF
-13266 XM
-(admin)SH
-/Times-Roman SF
-16701 XM
-(Directory)SH
-53400 XM
-(2)SH
-9000 12491 MT
-(1.2 The)300 W
-/Times-BoldItalic SF
-13266 XM
-(kuser)SH
-/Times-Roman SF
-16300 XM
-(Directory)SH
-53400 XM
-(2)SH
-9000 13846 MT
-(1.3 The)300 W
-/Times-BoldItalic SF
-13266 XM
-(appl)SH
-/Times-Roman SF
-15700 XM
-(Directory)SH
-53400 XM
-(2)SH
-9000 15201 MT
-(1.4 The)300 W
-/Times-BoldItalic SF
-13266 XM
-(server)SH
-/Times-Roman SF
-16566 XM
-(Directory)SH
-53400 XM
-(3)SH
-9000 16556 MT
-(1.5 The)300 W
-/Times-BoldItalic SF
-13266 XM
-(kadmin)SH
-/Times-Roman SF
-17301 XM
-(Directory)SH
-53400 XM
-(3)SH
-9000 17911 MT
-(1.6 The)300 W
-/Times-BoldItalic SF
-13266 XM
-(include)SH
-/Times-Roman SF
-17234 XM
-(Directory)SH
-53400 XM
-(3)SH
-9000 19266 MT
-(1.7 The)300 W
-/Times-BoldItalic SF
-13266 XM
-(lib)SH
-/Times-Roman SF
-14834 XM
-(Directory)SH
-53400 XM
-(3)SH
-9000 20621 MT
-(1.8 The)300 W
-/Times-BoldItalic SF
-13266 XM
-(man)SH
-/Times-Roman SF
-15767 XM
-(Directory)SH
-53400 XM
-(3)SH
-9000 21976 MT
-(1.9 The)300 W
-/Times-BoldItalic SF
-13266 XM
-(prototypes)SH
-/Times-Roman SF
-18634 XM
-(Directory)SH
-53400 XM
-(3)SH
-9000 23331 MT
-(1.10 The)300 W
-/Times-BoldItalic SF
-13866 XM
-(tools)SH
-/Times-Roman SF
-16501 XM
-(Directory)SH
-53400 XM
-(3)SH
-9000 24686 MT
-(1.11 The)300 W
-/Times-BoldItalic SF
-13866 XM
-(util)SH
-/Times-Roman SF
-15835 XM
-(Directory)SH
-53400 XM
-(4)SH
-13 /Times-Bold AF
-7200 26329 MT
-(2. Preparing)
-325 W( for Installation)SH
-53350 XM
-(4)SH
-7200 27972 MT
-(3. Preparing)
-325 W( for the Build)SH
-53350 XM
-(4)SH
-12 /Times-Roman AF
-9000 29327 MT
-(3.1 The)300 W
-/Times-BoldItalic SF
-13266 XM
-(/etc/krb.conf)SH
-/Times-Roman SF
-19801 XM
-(File)SH
-53400 XM
-(5)SH
-9000 30682 MT
-(3.2 The)300 W
-/Times-BoldItalic SF
-13266 XM
-(/etc/krb.realms)SH
-/Times-Roman SF
-20936 XM
-(File)SH
-53400 XM
-(6)SH
-13 /Times-Bold AF
-7200 32325 MT
-(4. Building)
-325 W( the Software)SH
-53350 XM
-(6)SH
-12 /Times-Roman AF
-9000 33674 MT
-(4.1 Testing)
-300 W( the DES Library)SH
-53400 XM
-(7)SH
-13 /Times-Bold AF
-7200 35317 MT
-(5. Installing)
-325 W( the Software)SH
-53350 XM
-(9)SH
-12 /Times-Roman AF
-9000 36666 MT
-(5.1 The)
-300 W( ``Standard'' Places)SH
-53400 XM
-(9)SH
-9000 38015 MT
-(5.2 ``Non-Standard'')
-300 W( Installation)SH
-52800 XM
-(10)SH
-13 /Times-Bold AF
-7200 39658 MT
-(6. Conclusion)325 W
-52700 XM
-(10)SH
-7200 41301 MT
-(7. Acknowledgements)325 W
-52700 XM
-(10)SH
-10 /Times-Roman AF
-7200 75600 MT
-(MIT Project Athena)SH
-30461 XM
-(i)SH
-47890 XM
-(4 January 1990)SH
-ES
-%%Trailer
-%%Pages: 12
-%%DocumentFonts: Times-Roman Times-Bold Times-Italic Times-BoldItalic Courier Symbol
Deleted: branches/mskrb-integ/doc/old-V4-docs/installation.mss
===================================================================
--- branches/mskrb-integ/doc/old-V4-docs/installation.mss 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/doc/old-V4-docs/installation.mss 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,681 +0,0 @@
- at Comment[ $Source$]
- at Comment[ $Author$]
- at Comment[ $Id$]
- at Comment[]
- at device[postscript]
- at make[report]
- at comment[
- at DefineFont(HeadingFont,
- P=<RawFont "NewCenturySchlbkBoldItalic">,
- B=<RawFont "NewCenturySchlbkBold">,
- I=<RawFont "NewCenturySchlbkBoldItalic">,
- R=<RawFont "NewCenturySchlbkRoman">)
-]
- at DefineFont(HeadingFont,
- P=<RawFont "TimesBoldItalic">,
- B=<RawFont "TimesBold">,
- I=<RawFont "TimesItalic">,
- R=<RawFont "TimesRoman">)
- at Counter(MajorPart,TitleEnv HD0,ContentsEnv tc0,Numbered [@I],
- IncrementedBy Use,Announced)
- at Counter(Chapter,TitleEnv HD1,ContentsEnv tc1,Numbered [@1. ],
- IncrementedBy Use,Referenced [@1],Announced)
- at Counter(Appendix,TitleEnv HD1,ContentsEnv tc1,Numbered [@A. ],
- IncrementedBy,Referenced [@A],Announced,Alias Chapter)
- at Counter(UnNumbered,TitleEnv HD1,ContentsEnv tc1,Announced,Alias
- Chapter)
- at Counter(Section,Within Chapter,TitleEnv HD2,ContentsEnv tc2,
- Numbered [@#@:. at 1 ],Referenced [@#@:. at 1],IncrementedBy
- Use,Announced)
- at Counter(AppendixSection,Within Appendix,TitleEnv HD2,
- ContentsEnv tc2,
- Numbered [@#@:. at 1 ],Referenced [@#@:. at 1],IncrementedBy
- Use,Announced)
- at Counter(SubSection,Within Section,TitleEnv HD3,ContentsEnv tc3,
- Numbered [@#@:. at 1 ],IncrementedBy Use,
- Referenced [@#@:. at 1 ])
- at Counter(AppendixSubSection,Within AppendixSection,TitleEnv HD3,
- ContentsEnv tc3,
- Numbered [@#@:. at 1 ],IncrementedBy Use,
- Referenced [@#@:. at 1 ])
- at Counter(Paragraph,Within SubSection,TitleEnv HD4,ContentsEnv tc4,
- Numbered [@#@:. at 1 ],Referenced [@#@:. at 1],
- IncrementedBy Use)
- at modify(CopyrightNotice, Fixed -1 inch, Flushright)
- at Modify(Titlebox, Fixed 3.0 inches)
- at Modify(hd1, below .2 inch, facecode B, size 16, spaces kept, pagebreak off)
- at Modify(hd2, below .2 inch, facecode B, size 14, spaces kept)
- at Modify(hd3, below .2 inch, facecode B, size 12, spaces kept)
- at Modify(Description, Leftmargin +20, Indent -20,below 1 line, above 1 line)
- at Modify(Tc1, Above .5, Facecode B)
- at Modify(Tc2, Above .25, Below .25, Facecode R)
- at Modify(Tc3,Facecode R)
- at Modify(Tc4,Facecode R)
- at Modify(Itemize,Above 1line,Below 1line)
- at Modify(Insert,LeftMargin +2, RightMargin +2)
- at libraryfile[stable]
- at comment[@Style(Font NewCenturySchoolBook, size 11)]
- at Style(Font TimesRoman, size 11)
- at Style(Spacing 1.1, indent 0)
- at Style(leftmargin 1.0inch)
- at Style(justification no)
- at Style(BottomMargin 1.5inch)
- at Style(ChangeBarLocation Right)
- at Style(ChangeBars=off)
- at pageheading[immediate]
- at pagefooting[immediate, left = "MIT Project Athena", center = "@value(page)",
-right = "@value(date)"]
- at set[page = 0]
- at blankspace[.5 inches]
- at begin[group, size 20]
- at begin(center)
- at b[Kerberos Installation Notes]
- at b[DRAFT]
- at end[center]
- at end(group)
- at blankspace[.5 inches]
- at begin[group, size 16]
- at begin(center)
-Bill Bryant
-Jennifer Steiner
-John Kohl
- at blankspace[1 line]
-Project Athena, MIT
- at blankspace[.5 inches]
- at b[Initial Release, January 24, 1989]
- at i[(plus later patches through patchlevel 7)]
- at end[center]
- at end(group)
- at begin[group, size 10]
- at end[group]
- at blankspace[.75 inches]
-
-
-The release consists of three parts.
-
-The first part consists of the core Kerberos system, which was developed
-at MIT and does not require additional licenses for us to distribute.
-Included in this part are the Kerberos authentication server, the
-Kerberos library, the
- at i[ndbm]
-database interface library, user programs, administration programs,
-manual pages, some applications which use Kerberos for authentication,
-and some utilities.
-
-The second part is the Data Encryption Standard (DES) library, which we
-are distributing only within the United States.
-
-The third part contains Kerberos modifications to Sun's NFS, which we
-distribute as ``context diffs'' to the Sun NFS source code. Its
-distribution is controlled to provide an accounting of who has retrieved
-the patches, so that Project Athena can comply with its agreements with
-Sun regarding distribution of these changes.
-
- at newpage()
- at chapter[Organization of the Source Directory]
-
-The Kerberos building and installation process,
-as described in this document,
-builds the binaries and executables from the files contained in the Kerberos
-source tree, and deposits them in a separate object tree.
-This is intended to easily support several different build trees from a
-single source tree (this is useful if you support several machine
-architectures).
-We suggest that you copy the Kerberos sources into a
- at i[/mit/kerberos/src] directory,
-and create as well a @i[/mit/kerberos/obj] directory in which
-to hold the executables.
-In the rest of this document, we'll refer to the Kerberos
-source and object directories as [SOURCE_DIR]
-and [OBJ_DIR], respectively.
-
-Below is a brief overview of the organization of the complete
-source directory.
-More detailed descriptions follow.
-
- at begin[description]
-
- at b[admin]@\utilities for the Kerberos administrator
-
- at b[appl]@\applications that use Kerberos
-
- at b[appl/bsd]@\Berkeley's rsh/rlogin suite, using Kerberos
-
- at b[appl/knetd]@\(old) software for inetd-like multiplexing of a single
-TCP listening port
-
- at b[appl/sample]@\sample application servers and clients
-
- at b[appl/tftp]@\Trivial File Transfer Protocol, using Kerberos
-
- at b[include]@\include files
-
- at b[kadmin]@\remote administrative interface to the Kerberos master database
-
- at b[kuser]@\assorted user programs
-
- at b[lib]@\libraries for use with/by Kerberos
-
- at b[lib/acl]@\Access Control List library
-
- at b[lib/des]@\Data Encryption Standard library (US only)
-
- at b[lib/kadm]@\administrative interface library
-
- at b[lib/kdb]@\Kerberos server library interface to @i[ndbm]
-
- at b[lib/knet]@\(old) library for use with @b[knetd]
-
- at b[lib/krb]@\Kerberos library
-
- at b[man]@\manual pages
-
- at b[prototypes]@\sample configuration files
-
- at b[server]@\the authentication server
-
- at b[slave]@\Kerberos slave database propagation software
-
- at b[tools]@\shell scripts for maintaining the source tree
-
- at b[util]@\utilities
-
- at b[util/imake]@\Imakefile-to-Makefile ``compilation'' tool
-
- at b[util/ss]@\Sub-system library (for command line subsystems)
-
- at b[util/et]@\Error-table library (for independent, unique error codes)
-
- at b[util/makedepend]@\Makefile dependency generator tool
-
- at end[description]
-
- at section[The @p(admin) Directory]
-
-This directory contains source for
-the Kerberos master database administration tools.
- at begin[description]
- at b[kdb_init]@\This program creates and initializes the
-Kerberos master database.
-It prompts for a Kerberos realmname, and the Kerberos master password.
-
- at b[kstash]@\This program ``stashes'' the master password in the file
- at i[/.k] so that the master server machine can restart the Kerberos
-server automatically after an unattended reboot.
-The hidden password is also available to administrative programs
-that have been set to run automatically.
-
- at b[kdb_edit]@\This program is a low-level tool for editing
-the master database.
-
- at b[kdb_destroy]@\This program deletes the master database.
-
- at b[kdb_util]@\This program can be used to dump the master database
-into an ascii file, and can also be used to load the ascii file
-into the master database.
-
- at b[ext_srvtab]@\This program extracts information from the master
-database and creates a host-dependent @i[srvtab] file.
-This file contains the Kerberos keys for the host's
-``Kerberized'' services.
-These services look up their keys in the @i[srvtab] file
-for use in the authentication process.
- at end[description]
-
- at section[The @p(kuser) Directory]
-
-This directory contains the source code for several user-oriented
-programs.
- at begin[description]
- at b[kinit]@\This program prompts users for their usernames and
-Kerberos passwords, then furnishes them with Kerberos ticket-granting
-tickets.
-
- at b[kdestroy]@\This program destroys any active tickets.
-Users should use @i[kdestroy] before they log off their workstations.
-
- at b[klist]@\This program lists a user's active tickets.
-
- at b[ksrvtgt]@\This retrieves a ticket-granting ticket with a life time
-of five minutes, using a server's secret key in lieu of a password. It
-is primarily for use in shell scripts and other batch facilities.
-
- at b[ksu]@\Substitute user id, using Kerberos to mediate attempts to
-change to ``root''.
- at end[description]
-
- at section[The @p(appl) Directory]
-
-If your site has the appropriate BSD license,
-your Kerberos release provides certain Unix utilities
-The Berkeley programs that have been modified to use Kerberos
-authentication are found in the @i[appl/bsd] directory.
-They include @i[login], @i[rlogin], @i[rsh], and @i[rcp], as well as the
-associated daemon programs @i[kshd] and @i[klogind].
-The @i[login] program obtains ticket-granting tickets for users
-upon login; the other utilities provide authenticated
-Unix network services.
-
-The @i[appl] directory also contains samples Kerberos application
-client and server programs, an authenticated @i[tftp] program,
- at i[knetd], an authenticated inet daemon.
-
- at section[The @p(server) Directory]
-
-The @i[server] directory contains the Kerberos KDC server, called
- at i[kerberos].
-This program manages read-only requests made to the
-master database,
-distributing tickets and encryption keys to clients requesting
-authentication service.
-
- at section[The @p(kadmin) Directory]
-
-The @i[kadmin] directory contains the Kerberos administration server and
-associated client programs.
-The server accepts network requests from the
-user program @i[kpasswd] (used to change a user's password), the
-Kerberos administration program @i(kadmin), and the srvtab utility
-program @i[ksrvutil].
-The administration server can make modifications to the master database.
-
- at section[The @p(include) Directory]
-
-This directory contains the @i[include] files needed to
-build the Kerberos system.
-
- at section[The @p(lib) Directory]
-
-The @i[lib] directory has six subdirectories:
- at i[acl], @i[des], @i[kadm], @i[kdb], @i[knet], and @i[krb].
-The @i[des] directory contains source for the DES encryption library.
-The @i[kadm] directory contains source for the Kerberos administration
-server utility library.
-The @i[kdb] directory contains source for the Kerberos database
-routine library.
-The @i[knet] directory contains source for a library used by clients of
-the @i[knetd] server.
-The @i[krb] directory contains source for the @i[libkrb.a]
-library.
-This library contains routines that are used by the Kerberos server program,
-and by applications programs that require authentication service.
-
- at section[The @p(man) Directory]
-
-This directory contains manual pages for Kerberos programs and
-library routines.
-
- at section[The @p(prototypes) Directory]
-
-This directory contains prototype
- at i[/etc/services] and @i[/etc/krb.conf] files.
-New entries must be added to the @i[/etc/services] file for
-the Kerberos server, and possibly for Kerberized applications
-(@i[services.append] contains the entries used by the Athena-provided
-servers & applications, and is suitable for appending to your existing
- at i[/etc/services] file.).
-The @i[/etc/krb.conf] file defines the local Kerberos realm
-for its host and lists Kerberos servers for given realms.
-The @i[/etc/krb.realms] file defines exceptions for mapping machine
-names to Kerberos realms.
-
- at section[The @p(tools) Directory]
-
-This directory contains
-a makefile to set up a directory tree
-for building the software in, and
-a shell script to format code in the
-style we use.
-
-
- at section[The @p(util) Directory]
-
-This directory contains several utility programs and libraries.
-Included are Larry Wall's @i[patch] program, a @i[make] pre-processor
-program called
- at i[imake], and a program for generating Makefile dependencies,
- at i[makedepend], as well as the Sub-system library and
-utilities (@i[ss]), and the Error table library and utilities (@i[et]).
-
- at chapter[Preparing for Installation]
-
-This document assumes that you will build the system
-on the machine on which you plan to install
-the Kerberos master server and its database.
-You'll need about 10 megabytes for source and executables.
-
-By default, there must be
-a @i[/kerberos] directory on the master server machine
-in which to store the Kerberos
-database files.
-If the master server machine does not have room on its root partition
-for these files,
-create a @i[/kerberos] symbolic link to another file system.
-
- at chapter[Preparing for the Build]
-
-Before you build the system,
-you have to choose a @b[realm name],
-the name that specifies the system's administrative domain.
-Project Athena uses the internet domain name ATHENA.MIT.EDU
-to specify its Kerberos realm name.
-We recommend using a name of this form.
- at b[NOTE:] the realm-name is case sensitive; by convention, we suggest
-that you use your internet domain name, in capital letters.
-
-Edit the [SOURCE_DIR]/@i[include/krb.h] file and look for the following
-lines of code:
- at begin[example]
-/*
- * Kerberos specific definitions
- *
- * KRBLOG is the log file for the kerberos master server.
- * KRB_CONF is the configuration file where different host
- * machines running master and slave servers can be found.
- * KRB_MASTER is the name of the machine with the master
- * database. The admin_server runs on this machine, and all
- * changes to the db (as opposed to read-only requests, which
- * can go to slaves) must go to it.
- * KRB_HOST is the default machine when looking for a kerberos
- * slave server. Other possibilities are in the KRB_CONF file.
- * KRB_REALM is the name of the realm.
- */
-
-#ifdef notdef
-this is server-only, does not belong here;
-#define KRBLOG "/kerberos/kerberos.log"
-are these used anyplace '?';
-#define VX_KRB_HSTFILE "/etc/krbhst"
-#define PC_KRB_HSTFILE "\\kerberos\\krbhst"
-#endif
-
-#define KRB_CONF "/etc/krb.conf"
-#define KRB_RLM_TRANS "/etc/krb.realms"
-#define KRB_MASTER "kerberos"
-#define KRB_HOST KRB_MASTER
-#define KRB_REALM "ATHENA.MIT.EDU"
- at end[example]
-Edit the last line as follows:
- at begin[enumerate]
-Change the KRB_REALM definition so that it specifies the realm name
-you have chosen for your Kerberos system. This is a default which is
-usually overridden by a configuration file on each machine; however, if
-that config file is absent, many programs will use this "built-in" realm
-name.
- at end[enumerate]
-
- at section[The @p(/etc/krb.conf) File]
-
-Create a @i[/etc/krb.conf] file using the following format:
- at begin[example]
- at p[realm_name]
- at p[realm_name] @p[master_server_name] admin server
- at end[example]
-where @i[realm_name] specifies the system's realm name,
-and @i[master_server_name] specifies the machine name on
-which you will run the master server. The words 'admin server' must
-appear next to the name of the server on which you intend to run the
-administration server (which must be a machine with access to the database).
-
-For example,
-if your realm name is @i[tim.edu] and your master server's name is
- at i[kerberos.tim.edu], the file should have these contents:
- at begin[example]
-tim.edu
-tim.edu kerberos.tim.edu admin server
- at end[example]
-
-See the [SOURCE_DIR]/@i[prototypes/etc.krb.conf] file for an
-example @i[/etc/krb.conf] file. That file has examples of how to
-provide backup servers for a given realm (additional lines with the same
-leading realm name) and how to designate servers for remote realms.
-
- at section[The @p(/etc/krb.realms) File]
-
-In many situations, the default realm in which a host operates will be
-identical to the domain portion its Internet domain name.
-
-If this is not the case, you will need to establish a translation from
-host name or domain name to realm name. This is accomplished with the
- at i(/etc/krb.realms) file.
-
-Each line of the translation file specifies either a hostname or domain
-name, and its associated realm:
- at begin[example]
-.domain.name kerberos.realm1
-host.name kerberos.realm2
- at end[example]
-For example, to map all hosts in the domain LSC.TIM.EDU to KRB.REALM1
-but the host FILMS.LSC.TIM.EDU to KRB.REALM2 your file would read:
- at begin[example]
-.LSC.TIM.EDU KRB.REALM1
-FILMS.LSC.TIM.EDU KRB.REALM2
- at end[example]
-If a particular host matches both a domain and a host entry, the host
-entry takes precedence.
-
- at chapter[Building the Software]
-
-Before you build the software
-read the @b[README] file in [SOURCE_DIR].
-What follows is a more detailed description of the instructions
-listed in README.
- at begin[enumerate]
-Create an [OBJ_DIR] directory to hold the tree of Kerberos object files you
-are about to build, for example,
- at i[/mit/kerberos/obj].
-
-Change directory to [OBJ_DIR].
-The following command creates directories under [OBJ_DIR]
-and installs Makefiles for the final build.
- at begin[example, rightmargin -7]
-host% @b(make -f [SOURCE_DIR]/tools/makeconfig SRCDIR=[SOURCE_DIR])
- at end[example]
-
-
-
-Change directory to util/imake.includes. Read through config.Imakefile,
-turning on appropriate flags for your installation. Change SRCTOP so
-that it is set to the top level of your source directory.
-
-Check that your machine type has a definition in include/osconf.h &
-related files in the source tree (if it doesn't, then you may need to
-create your own; if you get successful results, please post to
-kerberos@@athena.mit.edu)
-
-Change directory to [OBJ_DIR]. The next command generates new Makefiles
-based on the configuration you selected in config.Imakefile, then adds
-dependency information to the Makefiles, and finally builds the system:
- at begin[example, rightmargin -7]
-host% @b(make world)
- at end[example]
-This command takes a while to complete; you may wish to redirect the
-output onto a file and put the job in the background:
- at begin[example, rightmargin -7]
-host% @b(make world >&WORLDLOG_891201 &)
- at end[example]
-If you need to rebuild the Kerberos programs and libraries after making
-a change, you can usually just type:
- at begin[example, rightmargin -7]
-host% @b(make all)
- at end[example]
-However, if you changed the configuration in config.Imakefile or modified
-the Imakefiles or Makefiles, you should run @i[make world] to re-build
-all the Makefiles and dependency lists.
- at end(enumerate)
-
- at section[Testing the DES Library]
-
-Use the @i[verify] command to test the DES library
-implementation:
- at begin[example]
-host% @b([OBJ_DIR]/lib/des/verify)
- at end[example]
-The command should display the following:
- at begin[example, rightmargin -10]
-Examples per FIPS publication 81, keys ivs and cipher
-in hex. These are the correct answers, see below for
-the actual answers.
-
-Examples per Davies and Price.
-
-EXAMPLE ECB key = 08192a3b4c5d6e7f
- clear = 0
- cipher = 25 dd ac 3e 96 17 64 67
-ACTUAL ECB
- clear ""
- cipher = (low to high bytes)
- 25 dd ac 3e 96 17 64 67
-
-EXAMPLE ECB key = 0123456789abcdef
- clear = "Now is the time for all "
- cipher = 3f a4 0e 8a 98 4d 48 15 ...
-ACTUAL ECB
- clear "Now is the time for all "
- cipher = (low to high bytes)
- 3f a4 0e 8a 98 4d 48 15
-
-EXAMPLE CBC key = 0123456789abcdef iv = 1234567890abcdef
- clear = "Now is the time for all "
- cipher = e5 c7 cd de 87 2b f2 7c
- 43 e9 34 00 8c 38 9c 0f
- 68 37 88 49 9a 7c 05 f6
-ACTUAL CBC
- clear "Now is the time for all "
- ciphertext = (low to high bytes)
- e5 c7 cd de 87 2b f2 7c
- 43 e9 34 00 8c 38 9c 0f
- 68 37 88 49 9a 7c 05 f6
- 00 00 00 00 00 00 00 00
- 00 00 00 00 00 00 00 00
- 00 00 00 00 00 00 00 00
- 00 00 00 00 00 00 00 00
- 00 00 00 00 00 00 00 00
- decrypted clear_text = "Now is the time for all "
-EXAMPLE CBC checksum key = 0123456789abcdef iv = 1234567890abcdef
- clear = "7654321 Now is the time for "
- checksum 58 d2 e7 7e 86 06 27 33 or some part thereof
-ACTUAL CBC checksum
- encrypted cksum = (low to high bytes)
- 58 d2 e7 7e 86 06 27 33
- at end[example]
-
-If the @i[verify] command fails to display this information as specified
-above, the implementation of DES for your hardware needs to
-be adjusted.
-Your Kerberos system cannot work properly if your DES library
-fails this test.
-
-When you have finished building the software,
-you will find the executables in the object tree as follows:
- at begin[description]
- at b([OBJ_DIR]/admin)@\@i[ext_srvtab], @i[kdb_destroy],
- at i[kdb_edit], @i[kdb_init], @i[kdb_util], and @i[kstash].
-
- at b([OBJ_DIR]/kuser)@\@i[kdestroy], @i[kinit], @i[klist], @i[ksrvtgt],
-and @i[ksu].
-
- at b([OBJ_DIR]/server)@\@i[kerberos].
-
- at b([OBJ_DIR]/appl/bsd)@\@i[klogind], @i[kshd], @i[login.krb], @i[rcp],
- at i[rlogin], and @i[rsh].
-
- at b([OBJ_DIR]/appl/knetd)@\@i[knetd].
-
- at b([OBJ_DIR]/appl/sample)@\@i[sample_server], @i[sample_client],
- at i[simple_server], and @i[simple_client].
-
- at b([OBJ_DIR]/appl/tftp)@\@i[tcom], @i[tftpd], and @i[tftp].
-
- at b([OBJ_DIR]/slave)@\@i[kprop] and @i[kpropd].
- at end[description]
-
- at chapter[Installing the Software]
-
-To install the software, issue the @i[make install] command from
-the [OBJ_DIR] (you need to be a privileged user in order to
-properly install the programs).
-Programs can either be installed in default directories, or under
-a given root directory, as described below.
-
- at section[The ``Standard'' Places]
-
-If you use the @i[make] command as follows:
- at begin[example]
-host# @b(make install)
- at end[example]
-the installation process will try to install the various parts of the
-system in ``standard'' directories.
-This process creates the ``standard'' directories as needed.
-
-The standard installation process copies things as follows:
- at begin[itemize]
-The @i[include] files @i[krb.h], @i[des.h], @i[mit-copyright.h],
- at i[kadm.h] and @i[kadm_err.h] get copied to the
- at i[/usr/include] directory.
-
-The Kerberos libraries @i[libdes.a], @i[libkrb.a], @i[libkdb.a],
- at i[libkadm.a], @i[libknet.a], and @i[libacl.a] get copied
-to the @i[/usr/athena/lib] (or wherever you pointed LIBDIR in
-config.Imakefile) directory.
-
-The Kerberos master database utilities @i[kdb_init], @i[kdb_destroy],
- at i[kdb_edit], @i[kdb_util], @i[kstash], and @i[ext_srvtab] get copied to
-the @i[/usr/etc] (DAEMDIR) directory.
-
-The Kerberos user utilities @i[kinit], @i[kdestroy], @i[klist],
- at i[ksrvtgt] and @i[ksu] get copied to the @i[/usr/athena] (PROGDIR)
-directory.
-
-The modified Berkeley utilities @i[rsh], @i[rlogin] get copied to the
- at i[/usr/ucb] (UCBDIR) directory; @i[rcp] gets copied to the @i[/bin]
-(SLASHBINDIR) directory; and @i[rlogind], @i[rshd], and @i[login.krb]
-get copied to the @i[/usr/etc] (DAEMDIR) directory. The old copies of
-the user programs are renamed @i(rsh.ucb), @i(rlogin.ucb) and
- at i(rcp.ucb), respectively. The Kerberos versions of these programs are
-designed to fall back and execute the original versions if something
-prevents the Kerberos versions from succeeding.
-
-The Kerberos version of @i[tftp] and @i[tcom] get copied to the
- at i[/usr/athena] (PROGDIR) directory; @i[tftpd] gets copied to the
- at i[/etc] (ETCDIR) directory. @i[tftp] and @i[tftpd] are installed
-set-uid to an unprivileged user (user id of DEF_UID).
-
-The @i[knetd] daemon gets copied to the @i[/usr/etc] (DAEMDIR) directory.
-
-The Kerberos server @i[kerberos], the slave propagation software
- at i[kprop] and @i[kpropd], and the administration server @i[kadmind] get
-copied to the @i[/usr/etc] (SVRDIR, SVRDIR, and DAEMDIR) directory.
-
-The remote administration tools @i[kpasswd], @i[ksrvutil] and @i[kadmin]
-get copied to the @i[/usr/athena] (PROGDIR) directory.
-
-The Kerberos manual pages get installed in the appropriate
- at i[/usr/man] directories. Don't forget to run @i[makewhatis]
-after installing the manual pages.
-
- at end[itemize]
-
- at section[``Non-Standard'' Installation]
-
-If you'd rather install the software in a different location,
-you can use the @i[make] command as follows,
-where [DEST_DIR] specifies an alternate destination directory
-which will be used as the root for the installed programs, i.e. programs
-that would normally be installed in /usr/athena would be installed in
-[DEST_DIR]/usr/athena.
- at begin[example]
-host# @b(make install DESTDIR=[DEST_DIR])
- at end[example]
-
- at chapter[Conclusion]
-
-Now that you have built and installed your Kerberos system,
-use the accompanying @u[Kerberos Operation Notes]
-to create a Kerberos Master database, install authenticated services,
-and start the Kerberos server.
-
- at chapter [Acknowledgements]
-
-We'd like to thank Henry Mensch and Jon Rochlis for helping us debug
-this document.
Deleted: branches/mskrb-integ/doc/old-V4-docs/operation.PS
===================================================================
--- branches/mskrb-integ/doc/old-V4-docs/operation.PS 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/doc/old-V4-docs/operation.PS 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,2669 +0,0 @@
-%!PS-Adobe-2.0
-%%Title: operation.mss
-%%DocumentFonts: (atend)
-%%Creator: John T Kohl,,E40-351M,31510,6176432831 and Scribe 7(1700)
-%%CreationDate: 4 January 1990 11:55
-%%Pages: (atend)
-%%EndComments
-% PostScript Prelude for Scribe.
-/BS {/SV save def 0.0 792.0 translate .01 -.01 scale} bind def
-/ES {showpage SV restore} bind def
-/SC {setrgbcolor} bind def
-/FMTX matrix def
-/RDF {WFT SLT 0.0 eq
- {SSZ 0.0 0.0 SSZ neg 0.0 0.0 FMTX astore}
- {SSZ 0.0 SLT neg sin SLT cos div SSZ mul SSZ neg 0.0 0.0 FMTX astore}
- ifelse makefont setfont} bind def
-/SLT 0.0 def
-/SI { /SLT exch cvr def RDF} bind def
-/WFT /Courier findfont def
-/SF { /WFT exch findfont def RDF} bind def
-/SSZ 1000.0 def
-/SS { /SSZ exch 100.0 mul def RDF} bind def
-/AF { /WFT exch findfont def /SSZ exch 100.0 mul def RDF} bind def
-/MT /moveto load def
-/XM {currentpoint exch pop moveto} bind def
-/UL {gsave newpath moveto dup 2.0 div 0.0 exch rmoveto
- setlinewidth 0.0 rlineto stroke grestore} bind def
-/LH {gsave newpath moveto setlinewidth
- 0.0 rlineto
- gsave stroke grestore} bind def
-/LV {gsave newpath moveto setlinewidth
- 0.0 exch rlineto
- gsave stroke grestore} bind def
-/BX {gsave newpath moveto setlinewidth
- exch
- dup 0.0 rlineto
- exch 0.0 exch neg rlineto
- neg 0.0 rlineto
- closepath
- gsave stroke grestore} bind def
-/BX1 {grestore} bind def
-/BX2 {setlinewidth 1 setgray stroke grestore} bind def
-/PB {/PV save def newpath translate
- 100.0 -100.0 scale pop /showpage {} def} bind def
-/PE {PV restore} bind def
-/GB {/PV save def newpath translate rotate
- div dup scale 100.0 -100.0 scale /showpage {} def} bind def
-/GE {PV restore} bind def
-/FB {dict dup /FontMapDict exch def begin} bind def
-/FM {cvn exch cvn exch def} bind def
-/FE {end /original-findfont /findfont load def /findfont
- {dup FontMapDict exch known{FontMapDict exch get} if
- original-findfont} def} bind def
-/BC {gsave moveto dup 0 exch rlineto exch 0 rlineto neg 0 exch rlineto closepath clip} bind def
-/EC /grestore load def
-/SH /show load def
-/MX {exch show 0.0 rmoveto} bind def
-/W {0 32 4 -1 roll widthshow} bind def
-/WX {0 32 5 -1 roll widthshow 0.0 rmoveto} bind def
-/RC {100.0 -100.0 scale
-612.0 0.0 translate
--90.0 rotate
-.01 -.01 scale} bind def
-/URC {100.0 -100.0 scale
-90.0 rotate
--612.0 0.0 translate
-.01 -.01 scale} bind def
-/RCC {100.0 -100.0 scale
-0.0 -792.0 translate 90.0 rotate
-.01 -.01 scale} bind def
-/URCC {100.0 -100.0 scale
--90.0 rotate 0.0 792.0 translate
-.01 -.01 scale} bind def
-%%EndProlog
-%%Page: 0 1
-BS
-0 SI
-20 /Times-Bold AF
-19324 13788 MT
-(Kerberos Operation Notes)SH
-27156 15798 MT
-(DRAFT)SH
-16 /Times-Roman AF
-27021 23502 MT
-(Bill Bryant)SH
-27289 25150 MT
-(John Kohl)SH
-23957 26798 MT
-(Project Athena, MIT)SH
-/Times-Bold SF
-19489 32396 MT
-(Initial Release, January 24, 1989)SH
-/Times-Italic SF
-17558 34044 MT
-(\050plus later patches through patchlevel 7\051)SH
-11 /Times-Roman AF
-7200 43798 MT
-(These notes assume that you have used the)SH
-/Times-Italic SF
-26322 XM
-(Kerberos Installation Notes)SH
-/Times-Roman SF
-38821 XM
-(to build and install your Kerberos)SH
-7200 44994 MT
-(system. As)
-275 W( in that document, we refer to the directory that contains the built Kerberos binaries as)SH
-7200 46190 MT
-([OBJ_DIR].)SH
-7200 48488 MT
-(This document assumes that you are a Unix system manager.)SH
-ES
-%%Page: 1 2
-BS
-0 SI
-16 /Times-Bold AF
-7200 8272 MT
-(1. How)
-400 W( Kerberos Works: A Schematic Description)SH
-11 /Times-Roman AF
-7200 10467 MT
-(This section provides a simplified description of a general user's interaction with the Kerberos system.)SH
-7200 11663 MT
-(This interaction happens transparently--users don't need to know and probably don't care about what's)SH
-7200 12859 MT
-(going on--but Kerberos administrators might find a schematic description of the process useful. The)SH
-7200 14055 MT
-(description glosses over a lot of details; for more information, see)SH
-/Times-Italic SF
-36404 XM
-(Kerberos: An Authentication Service)SH
-7200 15251 MT
-(for Open Network Systems)SH
-/Times-Roman SF
-(, a paper presented at Winter USENIX 1988, in Dallas, Texas.)SH
-14 /Times-Bold AF
-7200 19069 MT
-(1.1 Network)
-350 W( Services and Their Client Programs)SH
-11 /Times-Roman AF
-7200 21264 MT
-(In an environment that provides network services, you use)SH
-/Times-Italic SF
-33164 XM
-(client)SH
-/Times-Roman SF
-35883 XM
-(programs to request service from)SH
-/Times-Italic SF
-50696 XM
-(server)SH
-/Times-Roman SF
-7200 22460 MT
-(programs that are somewhere on the network. Suppose you have logged in to a workstation and you want)SH
-7200 23656 MT
-(to)SH
-/Times-Italic SF
-8331 XM
-(rlogin)SH
-/Times-Roman SF
-11296 XM
-(to another machine. You use the local)SH
-/Times-Italic SF
-28493 XM
-(rlogin)SH
-/Times-Roman SF
-31458 XM
-(client program to contact the remote machine's)SH
-/Times-Italic SF
-7200 24852 MT
-(rlogin)SH
-/Times-Roman SF
-10165 XM
-(service daemon.)SH
-14 /Times-Bold AF
-7200 28670 MT
-(1.2 Kerberos)
-350 W( Tickets)SH
-11 /Times-Roman AF
-7200 30865 MT
-(Under Kerberos, the)SH
-/Times-Italic SF
-16422 XM
-(rlogin)SH
-/Times-Roman SF
-19387 XM
-(service program allows a client to login to a remote machine if it can provide)SH
-7200 32061 MT
-(a Kerberos)SH
-/Times-Bold SF
-12268 XM
-(ticket)SH
-/Times-Roman SF
-15169 XM
-(for the request. This ticket proves the identity of the person who has used the client)SH
-7200 33257 MT
-(program to access the server program.)SH
-14 /Times-Bold AF
-7200 37075 MT
-(1.3 The)
-350 W( Kerberos Master Database)SH
-11 /Times-Roman AF
-7200 39270 MT
-(Kerberos will give you tickets only if you have an entry in the Kerberos server's)SH
-/Times-Bold SF
-42845 XM
-(master database)SH
-/Times-Roman SF
-(. Your)275 W
-7200 40466 MT
-(database entry includes your Kerberos username \050often referred to as your Kerberos)SH
-/Times-Bold SF
-44394 XM
-(principal)SH
-/Times-Roman SF
-48949 XM
-(name\051, and)SH
-7200 41662 MT
-(your Kerberos password. Every Kerberos user must have an entry in this database.)SH
-14 /Times-Bold AF
-7200 45480 MT
-(1.4 The)
-350 W( Ticket-Granting Ticket)SH
-11 /Times-Roman AF
-7200 47675 MT
-(The)SH
-/Times-Italic SF
-9185 XM
-(kinit)SH
-/Times-Roman SF
-11416 XM
-(command prompts for your Kerberos username and password, and if you enter them)SH
-7200 48871 MT
-(successfully, you will obtain a Kerberos)SH
-/Times-Italic SF
-25131 XM
-(ticket-granting ticket)SH
-/Times-Roman SF
-(. As)
-275 W( illustrated below, client programs use)SH
-7200 50067 MT
-(this ticket to get other Kerberos tickets as needed.)SH
-14 /Times-Bold AF
-7200 53885 MT
-(1.5 Network)
-350 W( Services and the Master Database)SH
-11 /Times-Roman AF
-7200 56080 MT
-(The master database also contains entries for all network services that require Kerberos authentication.)SH
-7200 57276 MT
-(Suppose for instance that your site has a machine)SH
-/Times-Italic SF
-29163 XM
-(laughter)SH
-/Times-Roman SF
-33166 XM
-(that requires Kerberos authentication from)SH
-7200 58472 MT
-(anyone who wants to)SH
-/Times-Italic SF
-16792 XM
-(rlogin)SH
-/Times-Roman SF
-19757 XM
-(to it. This service must be registered in the master database. Its entry)SH
-7200 59668 MT
-(includes the service's principal name, and its)SH
-/Times-Bold SF
-27238 XM
-(instance)SH
-/Times-Roman SF
-(.)SH
-7200 61966 MT
-(The)SH
-/Times-Italic SF
-9185 XM
-(instance)SH
-/Times-Roman SF
-13126 XM
-(is the name of the service's machine; in this case, the service's instance is the name)SH
-/Times-Italic SF
-7200 63162 MT
-(laughter)SH
-/Times-Roman SF
-(. The)
-275 W( instance provides a means for Kerberos to distinguish between machines that provide the)SH
-7200 64358 MT
-(same service. Your site is likely to have more than one machine that provides)SH
-/Times-Italic SF
-41840 XM
-(rlogin)SH
-/Times-Roman SF
-44805 XM
-(service.)SH
-10 SS
-7200 75600 MT
-(MIT Project Athena)SH
-30350 XM
-(1)SH
-47890 XM
-(4 January 1990)SH
-ES
-%%Page: 2 3
-BS
-0 SI
-14 /Times-Bold AF
-7200 8138 MT
-(1.6 The)
-350 W( User-Kerberos Interaction)SH
-11 /Times-Roman AF
-7200 10333 MT
-(Suppose that you \050in the guise of a general user\051 walk up to a workstation intending to login to it, and)SH
-7200 11529 MT
-(then)SH
-/Times-Italic SF
-9369 XM
-(rlogin)SH
-/Times-Roman SF
-12334 XM
-(to the machine)SH
-/Times-Italic SF
-19085 XM
-(laughter)SH
-/Times-Roman SF
-(. Here's)
-275 W( what happens.)SH
-9400 13480 MT
-(1.)SH
-10500 XM
-(You login to the workstation and use the)SH
-/Times-Italic SF
-28648 XM
-(kinit)SH
-/Times-Roman SF
-30879 XM
-(command to to get a ticket-granting ticket.)SH
-10500 14676 MT
-(This command prompts you for your username \050your Kerberos Principal Name\051, and your)SH
-10500 15872 MT
-(Kerberos password [on some systems which use the new version of)SH
-/Times-Italic SF
-40465 XM
-(/bin/login)SH
-/Times-Roman SF
-(, this may be)SH
-10500 17068 MT
-(done as part of the login process, not requiring the user to run a separate program].)SH
-12762 19019 MT
-(a.)SH
-13800 XM
-(The)SH
-/Times-Italic SF
-15785 XM
-(kinit)SH
-/Times-Roman SF
-18016 XM
-(command sends your request to the Kerberos master server machine. The)SH
-13800 20215 MT
-(server software looks for your principal name's entry in the Kerberos)SH
-/Times-Bold SF
-44555 XM
-(master)SH
-13800 21411 MT
-(database)SH
-/Times-Roman SF
-(.)SH
-12700 23305 MT
-(b.)SH
-13800 XM
-(If this entry exists, the Kerberos server creates and returns a)SH
-/Times-Italic SF
-40430 XM
-(ticket-granting ticket)SH
-/Times-Roman SF
-(,)SH
-13800 24501 MT
-(encrypted in your password. If)SH
-/Times-Italic SF
-27819 XM
-(kinit)SH
-/Times-Roman SF
-30050 XM
-(can decrypt the Kerberos reply using the)SH
-13800 25697 MT
-(password you provide, it stores this ticket in a)SH
-/Times-Bold SF
-34270 XM
-(ticket file)SH
-/Times-Roman SF
-38912 XM
-(on your local machine for)SH
-13800 26893 MT
-(later use. The ticket file to be used can be specified in the)SH
-/Times-Bold SF
-39609 XM
-(KRBTKFILE)SH
-/Times-Roman SF
-13800 28089 MT
-(environment variable. If this variable is not set, the name of the file will be)SH
-/Times-Italic SF
-13800 29285 MT
-(/tmp/tkt)SH
-/Times-BoldItalic SF
-(uid)SH
-/Times-Roman SF
-(, where)SH
-/Times-BoldItalic SF
-22141 XM
-(uid)SH
-/Times-Roman SF
-23884 XM
-(is the UNIX user-id, represented in decimal.)SH
-9400 31236 MT
-(2.)SH
-10500 XM
-(Now you use the)SH
-/Times-Italic SF
-18198 XM
-(rlogin)SH
-/Times-Roman SF
-21163 XM
-(client to try to access the machine)SH
-/Times-Italic SF
-36344 XM
-(laughter)SH
-/Times-Roman SF
-(.)SH
-/Courier SF
-11820 32813 MT
-(host%)SH
-/Times-Bold SF
-15780 XM
-(rlogin laughter)275 W
-/Times-Roman SF
-12762 34764 MT
-(a.)SH
-13800 XM
-(The)SH
-/Times-Italic SF
-15785 XM
-(rlogin)SH
-/Times-Roman SF
-18750 XM
-(client checks your ticket file to see if you have a ticket for)SH
-/Times-Italic SF
-44559 XM
-(laughter)SH
-/Times-Roman SF
-('s)SH
-/Times-Italic SF
-13800 35960 MT
-(rcmd)SH
-/Times-Roman SF
-16335 XM
-(service \050the rlogin program uses the)SH
-/Times-Italic SF
-32401 XM
-(rcmd)SH
-/Times-Roman SF
-34936 XM
-(service name, mostly for historical)SH
-13800 37156 MT
-(reasons\051. You)
-275 W( don't, so)SH
-/Times-Italic SF
-24583 XM
-(rlogin)SH
-/Times-Roman SF
-27548 XM
-(uses the ticket file's)SH
-/Times-Italic SF
-36590 XM
-(ticket-granting ticket)SH
-/Times-Roman SF
-46060 XM
-(to make a)SH
-13800 38352 MT
-(request to the master server's ticket-granting service.)SH
-12700 40246 MT
-(b.)SH
-13800 XM
-(This ticket-granting service receives the)SH
-/Times-Italic SF
-31667 XM
-(rcmd-laughter)SH
-/Times-Roman SF
-38296 XM
-(request and looks in the)SH
-13800 41442 MT
-(master database for an)SH
-/Times-Italic SF
-23938 XM
-(rcmd-laughter)SH
-/Times-Roman SF
-30567 XM
-(entry. If)
-275 W( that entry exists, the ticket-granting)SH
-13800 42638 MT
-(service issues you a ticket for that service. That ticket is also cached in your ticket)SH
-13800 43834 MT
-(file.)SH
-12762 45728 MT
-(c.)SH
-13800 XM
-(The)SH
-/Times-Italic SF
-15785 XM
-(rlogin)SH
-/Times-Roman SF
-18750 XM
-(client now uses that ticket to request service from the)SH
-/Times-Italic SF
-42454 XM
-(laughter rlogin)SH
-/Times-Roman SF
-13800 46924 MT
-(service program. The service program lets you)SH
-/Times-Italic SF
-34843 XM
-(rlogin)SH
-/Times-Roman SF
-37808 XM
-(if the ticket is valid.)SH
-16 /Times-Bold AF
-7200 51596 MT
-(2. Setting)
-400 W( Up and Testing the Kerberos Server)SH
-11 /Times-Roman AF
-7200 53791 MT
-(The procedure for setting up and testing a Kerberos server is as follows:)SH
-9400 55742 MT
-(1.)SH
-10500 XM
-(Use the)SH
-/Times-Italic SF
-14104 XM
-(kdb_init)SH
-/Times-Roman SF
-17985 XM
-(command to create and initialize the master database.)SH
-9400 57636 MT
-(2.)SH
-10500 XM
-(Use the)SH
-/Times-Italic SF
-14104 XM
-(kdb_edit)SH
-/Times-Roman SF
-18167 XM
-(utility to add your username to the master database.)SH
-9400 59530 MT
-(3.)SH
-10500 XM
-(Start the Kerberos server.)SH
-9400 61424 MT
-(4.)SH
-10500 XM
-(Use the)SH
-/Times-Italic SF
-14104 XM
-(kinit)SH
-/Times-Roman SF
-16335 XM
-(command to obtain a Kerberos ticket-granting ticket.)SH
-9400 63318 MT
-(5.)SH
-10500 XM
-(Use the)SH
-/Times-Italic SF
-14104 XM
-(klist)SH
-/Times-Roman SF
-16213 XM
-(command to verify that the)SH
-/Times-Italic SF
-28402 XM
-(kinit)SH
-/Times-Roman SF
-30633 XM
-(command authenticated you successfully.)SH
-10 SS
-7200 75600 MT
-(MIT Project Athena)SH
-30350 XM
-(2)SH
-47890 XM
-(4 January 1990)SH
-ES
-%%Page: 3 4
-BS
-0 SI
-14 /Times-Bold AF
-7200 8138 MT
-(2.1 Creating)
-350 W( and Initializing the Master Database)SH
-11 /Times-Roman AF
-7200 10333 MT
-(Login to the Kerberos master server machine, and use the)SH
-/Times-Bold SF
-32825 XM
-(su)SH
-/Times-Roman SF
-34140 XM
-(command to become root. If you installed)SH
-7200 11529 MT
-(the Kerberos administration tools with the)SH
-/Times-Italic SF
-26020 XM
-(make install)SH
-/Times-Roman SF
-31642 XM
-(command and the default pathnames, they should)SH
-7200 12725 MT
-(be in the)SH
-/Times-Italic SF
-11263 XM
-(/usr/etc)SH
-/Times-Roman SF
-14838 XM
-(directory. If)
-275 W( you installed the tools in a different directory, hopefully you know what it)SH
-7200 13921 MT
-(is. From)
-275 W( now on, we will refer to this directory as [ADMIN_DIR].)SH
-7200 16219 MT
-(The)SH
-/Times-Italic SF
-9185 XM
-(kdb_init)SH
-/Times-Roman SF
-13066 XM
-(command creates and initializes the master database. It asks you to enter the system's realm)SH
-7200 17415 MT
-(name and the database's master password. Do not forget this password. If you do, the database becomes)SH
-7200 18611 MT
-(useless. \050Your)
-275 W( realm name should be substituted for [REALMNAME] below.\051)SH
-7200 20909 MT
-(Use)SH
-/Times-Italic SF
-9185 XM
-(kdb_init)SH
-/Times-Roman SF
-13066 XM
-(as follows:)SH
-/Courier SF
-8520 22486 MT
-(host#)SH
-/Times-Bold SF
-12480 XM
-([ADMIN_DIR]/kdb_init)SH
-/Courier SF
-8520 23600 MT
-(Realm name \050default XXX\051:)SH
-/Times-Bold SF
-25680 XM
-([REALMNAME])SH
-39600 XM
-(<--)SH
-/Times-BoldItalic SF
-41619 XM
-(Enter your system's realm name.)SH
-/Courier SF
-8520 24714 MT
-(You will be prompted for the database Master Password.)SH
-8520 25828 MT
-(It is important that you NOT FORGET this password.)SH
-8520 28056 MT
-(Enter Kerberos master key:)SH
-/Times-Bold SF
-28800 XM
-(<--)SH
-/Times-BoldItalic SF
-30819 XM
-(Enter the master password.)SH
-14 /Times-Bold AF
-7200 32988 MT
-(2.2 Storing)
-350 W( the Master Password)SH
-11 /Times-Roman AF
-7200 35183 MT
-(The)SH
-/Times-Italic SF
-9185 XM
-(kstash)SH
-/Times-Roman SF
-12210 XM
-(command ``stashes'' the master password in the file)SH
-/Times-Italic SF
-35424 XM
-(/.k)SH
-/Times-Roman SF
-36768 XM
-(so that the Kerberos server can be)SH
-7200 36379 MT
-(started automatically during an unattended reboot of the master server. Other administrative programs)SH
-7200 37575 MT
-(use this hidden password so that they can access the master database without someone having to manually)SH
-7200 38771 MT
-(provide the master password. This command is an optional one; if you'd rather enter the master password)SH
-7200 39967 MT
-(each time you start the Kerberos server, don't use)SH
-/Times-Italic SF
-29312 XM
-(kstash)SH
-/Times-Roman SF
-(.)SH
-7200 42265 MT
-(One the one hand, if you use)SH
-/Times-Italic SF
-20090 XM
-(kstash)SH
-/Times-Roman SF
-(, a copy of the master key will reside on disk which may not be)SH
-7200 43461 MT
-(acceptable; on the other hand, if you don't use)SH
-/Times-Italic SF
-27848 XM
-(kstash)SH
-/Times-Roman SF
-(, the server cannot be started unless someone is)SH
-7200 44657 MT
-(around to type the password in manually.)SH
-7200 46955 MT
-(The command prompts you twice for the master password:)SH
-/Courier SF
-8520 48532 MT
-(host#)SH
-/Times-Bold SF
-12480 XM
-([ADMIN_DIR]/kstash)SH
-/Courier SF
-8520 50760 MT
-(Enter Kerberos master key:)SH
-/Times-Bold SF
-28800 XM
-(<--)SH
-/Times-BoldItalic SF
-30819 XM
-(Enter the master password.)SH
-/Courier SF
-8520 51874 MT
-(Current Kerberos master key version is 1.)SH
-8520 54102 MT
-(Master key entered)
-SH( BEWARE!)1320 W
-/Times-Roman SF
-7200 56400 MT
-(A note about the Kerberos database master key: if your master key is compromised and the database is)SH
-7200 57596 MT
-(obtained, the security of your entire authentication system is compromised. The master key must be a)SH
-7200 58792 MT
-(carefully kept secret. If you keep backups, you must guard all the master keys you use, in case someone)SH
-7200 59988 MT
-(has stolen an old backup and wants to attack users' whose passwords haven't changed since the backup)SH
-7200 61184 MT
-(was stolen. This is why we provide the option not to store it on disk.)SH
-10 SS
-7200 75600 MT
-(MIT Project Athena)SH
-30350 XM
-(3)SH
-47890 XM
-(4 January 1990)SH
-ES
-%%Page: 4 5
-BS
-0 SI
-14 /Times-Bold AF
-7200 8167 MT
-(2.3 Using)350 W
-/Times-BoldItalic SF
-13423 XM
-(kdb_edit)SH
-/Times-Bold SF
-18673 XM
-(to Add Users to the Master Database)SH
-11 /Times-Roman AF
-7200 10362 MT
-(The)SH
-/Times-Italic SF
-9185 XM
-(kdb_edit)SH
-/Times-Roman SF
-13248 XM
-(program is used to add new users and services to the master database, and to modify)SH
-7200 11558 MT
-(existing database information. The program prompts you to enter a principal's)SH
-/Times-Bold SF
-42177 XM
-(name)SH
-/Times-Roman SF
-45018 XM
-(and)SH
-/Times-Bold SF
-46881 XM
-(instance)SH
-/Times-Roman SF
-(.)SH
-7200 13856 MT
-(A principal name is typically a username or a service program's name. An instance further qualifies the)SH
-7200 15052 MT
-(principal. If)
-275 W( the principal is a service, the instance is used to specify the name of the machine on which)SH
-7200 16248 MT
-(that service runs. If the principal is a username that has general user privileges, the instance is usually set)SH
-7200 17444 MT
-(to null.)SH
-7200 19742 MT
-(The following example shows how to use)SH
-/Times-Italic SF
-25805 XM
-(kdb_edit)SH
-/Times-Roman SF
-29868 XM
-(to add the user)SH
-/Times-Italic SF
-36588 XM
-(wave)SH
-/Times-Roman SF
-39123 XM
-(to the Kerberos database.)SH
-/Courier SF
-8520 21319 MT
-(host#)SH
-/Times-Bold SF
-12480 XM
-([ADMIN_DIR]/kdb_edit)SH
-/Courier SF
-8520 23547 MT
-(Opening database...)SH
-8520 25775 MT
-(Enter Kerberos master key:)SH
-8520 26889 MT
-(Verifying, please re-enter)SH
-8520 28003 MT
-(Enter Kerberos master key:)SH
-8520 29117 MT
-(Current Kerberos master key version is 1)SH
-8520 31345 MT
-(Master key entered. BEWARE!)SH
-8520 32459 MT
-(Previous or default values are in [brackets] ,)SH
-8520 33573 MT
-(enter return to leave the same, or new value.)SH
-8520 35801 MT
-(Principal name:)SH
-/Times-Bold SF
-19080 XM
-(wave)SH
-28800 XM
-(<--)SH
-/Times-BoldItalic SF
-30819 XM
-(Enter the username.)SH
-/Courier SF
-8520 36915 MT
-(Instance:)SH
-/Times-BoldItalic SF
-28800 XM
-(<-- Enter a null instance.)SH
-/Courier SF
-8520 39143 MT
-(<Not found>, Create [y] ?)SH
-/Times-Bold SF
-25680 XM
-(y)SH
-28800 XM
-(<--)SH
-/Times-BoldItalic SF
-30819 XM
-(The user-instance does not exist.)SH
-30450 40257 MT
-(Enter y to create the user-instance.)SH
-/Courier SF
-8520 41371 MT
-(Principal: wave Instance: m_key_v: 1)SH
-8520 42485 MT
-(New Password:)SH
-/Times-BoldItalic SF
-28800 XM
-(<-- Enter the user-instance's password.)SH
-/Courier SF
-8520 43599 MT
-(Verifying, please re-enter)SH
-8520 44713 MT
-(New Password:)SH
-8520 45827 MT
-(Principal's new key version = 1)SH
-8520 46941 MT
-(Expiration date \050enter dd-mm-yy\051 [ 12/31/99 ] ?)SH
-/Times-Bold SF
-39600 XM
-(<--)SH
-/Times-BoldItalic SF
-41619 XM
-(Enter newlines)SH
-/Courier SF
-8520 48055 MT
-(Max ticket lifetime \050*5 minutes\051 [ 255 ] ?)SH
-/Times-Bold SF
-39600 XM
-(<--)SH
-/Times-BoldItalic SF
-41619 XM
-(to get the)SH
-/Courier SF
-8520 49169 MT
-(Attributes [ 0 ] ?)SH
-/Times-Bold SF
-30120 XM
-(<--)SH
-/Times-BoldItalic SF
-32139 XM
-(default values.)SH
-/Courier SF
-8520 50283 MT
-(Edit O.K.)SH
-8520 52511 MT
-(Principal name:)SH
-/Times-BoldItalic SF
-28800 XM
-(<-- Enter a newline to exit the program.)SH
-/Times-Roman SF
-7200 54809 MT
-(Use the)SH
-/Times-Italic SF
-10804 XM
-(kdb_edit)SH
-/Times-Roman SF
-14867 XM
-(utility to add your username to the master database.)SH
-14 /Times-Bold AF
-7200 58627 MT
-(2.4 Starting)
-350 W( the Kerberos Server)SH
-11 /Times-Roman AF
-7200 60822 MT
-(Change directories to the directory in which you have installed the server program)SH
-/Times-Italic SF
-43701 XM
-(kerberos)SH
-/Times-Roman SF
-47824 XM
-(\050the default)SH
-7200 62018 MT
-(directory is)SH
-/Times-Italic SF
-12454 XM
-(/usr/etc)SH
-/Times-Roman SF
-(\051, and start the program as a background process:)SH
-/Courier SF
-8520 63595 MT
-(host#)SH
-/Times-Bold SF
-12480 XM
-(./kerberos &)SH
-/Times-Roman SF
-7200 65190 MT
-(If you have used the)SH
-/Times-Italic SF
-16393 XM
-(kstash)SH
-/Times-Roman SF
-19418 XM
-(command to store the master database password, the server will start)SH
-7200 66386 MT
-(automatically. If)
-275 W( you did not use)SH
-/Times-Italic SF
-22048 XM
-(kstash)SH
-/Times-Roman SF
-(, use the following command:)SH
-/Courier SF
-8520 67963 MT
-(host#)SH
-/Times-Bold SF
-12480 XM
-(./kerberos -m)SH
-10 /Times-Roman AF
-7200 75600 MT
-(MIT Project Athena)SH
-30350 XM
-(4)SH
-47890 XM
-(4 January 1990)SH
-ES
-%%Page: 5 6
-BS
-0 SI
-11 /Times-Roman AF
-7200 7955 MT
-(The server will prompt you to enter the master password before actually starting itself.)SH
-14 /Times-Bold AF
-7200 11773 MT
-(2.5 Testing)
-350 W( the Kerberos Server)SH
-11 /Times-Roman AF
-7200 13968 MT
-(Exit the root account and use the)SH
-/Times-Italic SF
-21893 XM
-(kinit)SH
-/Times-Roman SF
-24124 XM
-(command obtain a Kerberos ticket-granting ticket. This command)SH
-7200 15164 MT
-(creates your ticket file and stores the ticket-granting ticket in it.)SH
-7200 17462 MT
-(If you used the default)SH
-/Times-Italic SF
-17371 XM
-(make install)SH
-/Times-Roman SF
-22993 XM
-(command and directories to install the Kerberos user utilities,)SH
-/Times-Italic SF
-50365 XM
-(kinit)SH
-/Times-Roman SF
-7200 18658 MT
-(will be in the)SH
-/Times-Italic SF
-13250 XM
-(/usr/athena)SH
-/Times-Roman SF
-18537 XM
-(directory. From now on, we'll refer to the Kerberos user commands directory as)SH
-7200 19854 MT
-([K_USER].)SH
-7200 22152 MT
-(Use)SH
-/Times-Italic SF
-9185 XM
-(kinit)SH
-/Times-Roman SF
-11416 XM
-(as follows:)SH
-/Courier SF
-8520 23729 MT
-(host%)SH
-/Times-Bold SF
-12480 XM
-([K_USER]/kinit)SH
-/Courier SF
-8520 24843 MT
-(MIT Project Athena, \050ariadne\051)SH
-8520 25957 MT
-(Kerberos Initialization)SH
-8520 27071 MT
-(Kerberos name:)SH
-/Times-BoldItalic SF
-18420 XM
-(yourusername)SH
-/Times-Bold SF
-28800 XM
-(<--)SH
-/Times-BoldItalic SF
-30819 XM
-(Enter your Kerberos username.)SH
-/Courier SF
-8520 28185 MT
-(Password:)SH
-/Times-Bold SF
-28800 XM
-(<--)SH
-/Times-BoldItalic SF
-30819 XM
-(Enter your Kerberos password.)SH
-/Times-Roman SF
-7200 30483 MT
-(Use the)SH
-/Times-Italic SF
-10804 XM
-(klist)SH
-/Times-Roman SF
-12913 XM
-(program to list the contents of your ticket file.)SH
-/Courier SF
-8520 32060 MT
-(host%)SH
-/Times-Bold SF
-12480 XM
-([K_USER]/klist)SH
-/Times-Roman SF
-7200 33655 MT
-(The command should display something like the following:)SH
-/Courier SF
-8520 35181 MT
-(Ticket file:)
-SH( /tmp/tkt5555)1980 W
-8520 36295 MT
-(Principal: yourusername at REALMNAME)3300 W
-9840 38523 MT
-(Issued Expires)
-6600 W( Principal)5940 W
-8520 39637 MT
-(May 6)
-660 W( 10:15:23 May 6 18:15:23 krbtgt.REALMNAME at REALMNAME)SH
-/Times-Roman SF
-7200 41935 MT
-(If you have any problems, you can examine the log file)SH
-/Times-Italic SF
-31758 XM
-(/kerberos/kerberos.log)SH
-/Times-Roman SF
-42022 XM
-(on the Kerberos server)SH
-7200 43131 MT
-(machine to see if there was some sort of error.)SH
-16 /Times-Bold AF
-7200 47803 MT
-(3. Setting)
-400 W( up and testing the Administration server)SH
-11 /Times-Roman AF
-7200 49998 MT
-(The procedure for setting up and testing the Kerberos administration server is as follows:)SH
-9400 51949 MT
-(1.)SH
-10500 XM
-(Use the)SH
-/Times-Italic SF
-14104 XM
-(kdb_edit)SH
-/Times-Roman SF
-18167 XM
-(utility to add your username with an administration instance to the master)SH
-10500 53145 MT
-(database.)SH
-9400 55039 MT
-(2.)SH
-10500 XM
-(Edit the access control lists for the administration server)SH
-9400 56933 MT
-(3.)SH
-10500 XM
-(Start the Kerberos administration server.)SH
-9400 58827 MT
-(4.)SH
-10500 XM
-(Use the)SH
-/Times-Italic SF
-14104 XM
-(kpasswd)SH
-/Times-Roman SF
-18107 XM
-(command to change your password.)SH
-9400 60721 MT
-(5.)SH
-10500 XM
-(Use the)SH
-/Times-Italic SF
-14104 XM
-(kadmin)SH
-/Times-Roman SF
-17617 XM
-(command to add new entries to the database.)SH
-9400 62615 MT
-(6.)SH
-10500 XM
-(Use the)SH
-/Times-Italic SF
-14104 XM
-(kinit)SH
-/Times-Roman SF
-16335 XM
-(command to verify that the)SH
-/Times-Italic SF
-28524 XM
-(kadmin)SH
-/Times-Roman SF
-32037 XM
-(command correctly added new entries to)SH
-10500 63811 MT
-(the database.)SH
-10 SS
-7200 75600 MT
-(MIT Project Athena)SH
-30350 XM
-(5)SH
-47890 XM
-(4 January 1990)SH
-ES
-%%Page: 6 7
-BS
-0 SI
-14 /Times-Bold AF
-7200 8138 MT
-(3.1 Adding)
-350 W( an administration instance for the administrator)SH
-11 /Times-Roman AF
-7200 10333 MT
-(Login to the Kerberos master server machine, and use the)SH
-/Times-Bold SF
-32825 XM
-(su)SH
-/Times-Roman SF
-34140 XM
-(command to become root. Use the)SH
-/Times-Italic SF
-49780 XM
-(kdb_edit)SH
-/Times-Roman SF
-7200 11529 MT
-(program to create an entry for each administrator with the instance ``)SH
-/Times-BoldItalic SF
-(admin)SH
-/Times-Roman SF
-(''.)SH
-/Courier SF
-8520 13106 MT
-(host#)SH
-/Times-Bold SF
-12480 XM
-([ADMIN_DIR]/kdb_edit)SH
-/Courier SF
-8520 15334 MT
-(Opening database...)SH
-8520 17562 MT
-(Enter Kerberos master key:)SH
-8520 18676 MT
-(Verifying, please re-enter)SH
-8520 19790 MT
-(Enter Kerberos master key:)SH
-8520 20904 MT
-(Current Kerberos master key version is 1)SH
-8520 23132 MT
-(Master key entered. BEWARE!)SH
-8520 24246 MT
-(Previous or default values are in [brackets] ,)SH
-8520 25360 MT
-(enter return to leave the same, or new value.)SH
-8520 27588 MT
-(Principal name:)SH
-/Times-Bold SF
-19080 XM
-(wave)SH
-28800 XM
-(<--)SH
-/Times-BoldItalic SF
-30819 XM
-(Enter the username.)SH
-/Courier SF
-8520 28702 MT
-(Instance:)SH
-/Times-Bold SF
-(admin)SH
-28800 XM
-(<--)SH
-/Times-BoldItalic SF
-30819 XM
-(Enter ``admin''.)SH
-/Courier SF
-8520 30930 MT
-(<Not found>, Create [y] ?)SH
-/Times-Bold SF
-25680 XM
-(y)SH
-28800 XM
-(<--)SH
-/Times-BoldItalic SF
-30819 XM
-(The user-instance does not exist.)SH
-30450 32044 MT
-(Enter y to create the user-instance.)SH
-/Courier SF
-8520 33158 MT
-(Principal: wave Instance: admin m_key_v: 1)SH
-8520 34272 MT
-(New Password:)SH
-/Times-BoldItalic SF
-28800 XM
-(<-- Enter the user-instance's password.)SH
-/Courier SF
-8520 35386 MT
-(Verifying, please re-enter)SH
-8520 36500 MT
-(New Password:)SH
-8520 37614 MT
-(Principal's new key version = 1)SH
-8520 38728 MT
-(Expiration date \050enter dd-mm-yy\051 [ 12/31/99 ] ?)SH
-/Times-Bold SF
-39600 XM
-(<--)SH
-/Times-BoldItalic SF
-41619 XM
-(Enter newlines)SH
-/Courier SF
-8520 39842 MT
-(Max ticket lifetime \050*5 minutes\051 [ 255 ] ?)SH
-/Times-Bold SF
-39600 XM
-(<--)SH
-/Times-BoldItalic SF
-41619 XM
-(to get the)SH
-/Courier SF
-8520 40956 MT
-(Attributes [ 0 ] ?)SH
-/Times-Bold SF
-30120 XM
-(<--)SH
-/Times-BoldItalic SF
-32139 XM
-(default values.)SH
-/Courier SF
-8520 42070 MT
-(Edit O.K.)SH
-8520 44298 MT
-(Principal name:)SH
-/Times-BoldItalic SF
-28800 XM
-(<-- Enter a newline to exit the program.)SH
-14 /Times-Bold AF
-7200 48116 MT
-(3.2 The)
-350 W( Access Control Lists)SH
-11 /Times-Roman AF
-7200 50311 MT
-(The Kerberos administration server uses three access control lists to determine who is authorized to make)SH
-7200 51507 MT
-(certain requests. The access control lists are stored on the master Kerberos server in the same directory as)SH
-7200 52703 MT
-(the principal database,)SH
-/Times-Italic SF
-17340 XM
-(/kerberos)SH
-/Times-Roman SF
-(. The)
-275 W( access control lists are simple ASCII text files, with each line)SH
-7200 53899 MT
-(specifying the name of one principal who is allowed the particular function. To allow several people to)SH
-7200 55095 MT
-(perform the same function, put their principal names on separate lines in the same file.)SH
-7200 57393 MT
-(The first list,)SH
-/Times-Italic SF
-13128 XM
-(/kerberos/admin_acl.mod)SH
-/Times-Roman SF
-(, is a list of principals which are authorized to change entries in the)SH
-7200 58589 MT
-(database. To)
-275 W( allow the administrator `)SH
-/Times-Bold SF
-(wave)SH
-/Times-Roman SF
-(' to modify entries in the database for the realm `)SH
-/Times-Bold SF
-(TIM.EDU)SH
-/Times-Roman SF
-(',)SH
-7200 59785 MT
-(you would put the following line into the file)SH
-/Times-Italic SF
-27275 XM
-(/kerberos/admin_acl.mod)SH
-/Times-Roman SF
-(:)SH
-/Courier SF
-8520 61311 MT
-(wave.admin at TIM.EDU)SH
-/Times-Roman SF
-7200 63609 MT
-(The second list,)SH
-/Times-Italic SF
-14410 XM
-(/kerberos/admin_acl.get)SH
-/Times-Roman SF
-(, is a list of principals which are authorized to retrieve entries)SH
-7200 64805 MT
-(from the database.)SH
-7200 67103 MT
-(The third list,)SH
-/Times-Italic SF
-13434 XM
-(/kerberos/admin_acl.add)SH
-/Times-Roman SF
-(, is a list of principals which are authorized to add new entries to)SH
-7200 68299 MT
-(the database.)SH
-10 SS
-7200 75600 MT
-(MIT Project Athena)SH
-30350 XM
-(6)SH
-47890 XM
-(4 January 1990)SH
-ES
-%%Page: 7 8
-BS
-0 SI
-14 /Times-Bold AF
-7200 8138 MT
-(3.3 Starting)
-350 W( the administration server)SH
-11 /Times-Roman AF
-7200 10333 MT
-(Change directories to the directory in which you have installed the administration server program)SH
-/Times-Italic SF
-7200 11529 MT
-(kadmind)SH
-/Times-Roman SF
-11263 XM
-(\050the default directory is)SH
-/Times-Italic SF
-21831 XM
-(/usr/etc)SH
-/Times-Roman SF
-(\051, and start the program as a background process:)SH
-/Courier SF
-8520 13106 MT
-(host#)SH
-/Times-Bold SF
-12480 XM
-(./kadmind -n&)SH
-/Times-Roman SF
-7200 14701 MT
-(If you have used the)SH
-/Times-Italic SF
-16393 XM
-(kstash)SH
-/Times-Roman SF
-19418 XM
-(command to store the master database password, the server will start)SH
-7200 15897 MT
-(automatically. If)
-275 W( you did not use)SH
-/Times-Italic SF
-22048 XM
-(kstash)SH
-/Times-Roman SF
-(, use the following command:)SH
-/Courier SF
-8520 17474 MT
-(host#)SH
-/Times-Bold SF
-12480 XM
-(./kadmind)SH
-/Times-Roman SF
-7200 19069 MT
-(The server will prompt you to enter the master password before actually starting itself; after it starts, you)SH
-7200 20265 MT
-(should suspend it and put it in the background \050usually this is done by typing control-Z and then)SH
-/Times-Bold SF
-49792 XM
-(bg)SH
-/Times-Roman SF
-(\051.)SH
-14 /Times-Bold AF
-7200 24112 MT
-(3.4 Testing)350 W
-/Times-BoldItalic SF
-14434 XM
-(kpasswd)SH
-11 /Times-Roman AF
-7200 26307 MT
-(To test the administration server, you should try changing your password with the)SH
-/Times-Italic SF
-43494 XM
-(kpasswd)SH
-/Times-Roman SF
-47497 XM
-(command, and)SH
-7200 27503 MT
-(you should try adding new users with the)SH
-/Times-Italic SF
-25592 XM
-(kadmin)SH
-/Times-Roman SF
-29105 XM
-(command \050both commands are installed into)SH
-/Times-Italic SF
-48963 XM
-(/usr/athena)SH
-/Times-Roman SF
-7200 28699 MT
-(by default\051.)SH
-7200 30997 MT
-(Before testing, you should exit the root account.)SH
-7200 33295 MT
-(To change your password, run the)SH
-/Times-Italic SF
-22441 XM
-(kpasswd)SH
-/Times-Roman SF
-26444 XM
-(command:)SH
-/Courier SF
-8520 34872 MT
-(host%)SH
-/Times-Bold SF
-12480 XM
-([K_USER]/kpasswd)SH
-/Courier SF
-8520 35986 MT
-(Old password for wave at TIM.EDU:)SH
-/Times-Bold SF
-28800 XM
-(<--)SH
-/Times-BoldItalic SF
-(Enter your password)SH
-/Courier SF
-8520 37100 MT
-(New Password for wave at TIM.EDU:)SH
-/Times-Bold SF
-28800 XM
-(<--)SH
-/Times-BoldItalic SF
-(Enter a new password)SH
-/Courier SF
-8520 38214 MT
-(Verifying, please re-enter New Password for wave at TIM.EDU:)SH
-/Times-Bold SF
-28800 39328 MT
-(<--)SH
-/Times-BoldItalic SF
-(Enter new password again)SH
-/Courier SF
-8520 40442 MT
-(Password changed.)SH
-/Times-Roman SF
-7200 42037 MT
-(Once you have changed your password, use the)SH
-/Times-Italic SF
-28365 XM
-(kinit)SH
-/Times-Roman SF
-30596 XM
-(program as shown above to verify that the password)SH
-7200 43233 MT
-(was properly changed.)SH
-14 /Times-Bold AF
-7200 47080 MT
-(3.5 Testing)350 W
-/Times-BoldItalic SF
-14434 XM
-(kadmin)SH
-11 /Times-Roman AF
-7200 49275 MT
-(You should also test the function of the)SH
-/Times-Italic SF
-24798 XM
-(kadmin)SH
-/Times-Roman SF
-28311 XM
-(program, by adding a new user \050here named)SH
-7200 50471 MT
-(``)SH
-/Courier SF
-(username)SH
-/Times-Roman SF
-(''\051:)SH
-/Courier SF
-8520 52048 MT
-(host%)SH
-/Times-Bold SF
-12480 XM
-([K_USER]/kadmin)SH
-/Courier SF
-8520 53162 MT
-(Welcome to the Kerberos Administration Program, version 2)SH
-8520 54276 MT
-(Type "help" if you need it.)SH
-8520 55390 MT
-(admin:)SH
-/Times-Bold SF
-13800 XM
-(ank username)SH
-/Times-BoldItalic SF
-28800 XM
-(`ank' stands for Add New Key)SH
-/Courier SF
-8520 56504 MT
-(Admin password:)SH
-/Times-Bold SF
-28800 XM
-(<--)SH
-/Times-BoldItalic SF
-(enter the password)SH
-28800 57618 MT
-(you chose above for wave.admin)SH
-/Courier SF
-8520 58732 MT
-(Password for username:)SH
-/Times-Bold SF
-28800 XM
-(<--)SH
-/Times-BoldItalic SF
-(Enter the user's initial password)SH
-/Courier SF
-8520 59846 MT
-(Verifying, please re-enter Password for username:)SH
-/Times-Bold SF
-40920 XM
-(<--)SH
-/Times-BoldItalic SF
-(enter it again)SH
-/Courier SF
-8520 60960 MT
-(username added to database.)SH
-8520 63188 MT
-(admin: quit)660 W
-8520 64302 MT
-(Cleaning up and exiting.)SH
-10 /Times-Roman AF
-7200 75600 MT
-(MIT Project Athena)SH
-30350 XM
-(7)SH
-47890 XM
-(4 January 1990)SH
-ES
-%%Page: 8 9
-BS
-0 SI
-14 /Times-Bold AF
-7200 8167 MT
-(3.6 Verifying)
-350 W( with)SH
-/Times-BoldItalic SF
-18671 XM
-(kinit)SH
-11 /Times-Roman AF
-7200 10362 MT
-(Once you've added a new user, you should test to make sure it was added properly by using)SH
-/Times-Italic SF
-47917 XM
-(kinit)SH
-/Times-Roman SF
-(, and)SH
-7200 11558 MT
-(trying to get tickets for that user:)SH
-/Courier SF
-8520 13135 MT
-(host%)SH
-/Times-Bold SF
-12480 XM
-([K_USER]/kinit username)SH
-/Courier SF
-8520 14249 MT
-(MIT Project Athena \050ariadne\051)SH
-8520 15363 MT
-(Kerberos Initialization for "username at TIM.EDU")SH
-8520 16477 MT
-(Password:)SH
-/Times-Bold SF
-15120 XM
-(<--)SH
-/Times-BoldItalic SF
-(Enter the user's password you used above)SH
-/Courier SF
-8520 17591 MT
-(host%)SH
-/Times-Bold SF
-12480 XM
-([K_USER]/klist)SH
-/Courier SF
-8520 18705 MT
-(Ticket file:)
-SH( /tmp/tkt_5509_spare1)1980 W
-8520 19819 MT
-(Principal: username at TIM.MIT.EDU)3300 W
-9840 22047 MT
-(Issued Expires)
-6600 W( Principal)5940 W
-8520 23161 MT
-(Nov 20 15:58:52 Nov 20 23:58:52 krbtgt.TIM.EDU at TIM.EDU)SH
-/Times-Roman SF
-7200 25459 MT
-(If you have any problems, you can examine the log files)SH
-/Times-Italic SF
-32186 XM
-(/kerberos/kerberos.log)SH
-/Times-Roman SF
-42450 XM
-(and)SH
-/Times-Italic SF
-7200 26655 MT
-(/kerberos/admin_server.syslog)SH
-/Times-Roman SF
-21008 XM
-(on the Kerberos server machine to see if there was some sort of error.)SH
-16 /Times-Bold AF
-7200 31327 MT
-(4. Setting)
-400 W( up and testing slave server\050s\051)SH
-11 /Times-Roman AF
-7200 33522 MT
-([Unfortunately, this chapter is not yet ready. Sorry. -ed])SH
-16 /Times-Bold AF
-7200 38194 MT
-(5. A)
-400 W( Sample Application)SH
-11 /Times-Roman AF
-7200 40389 MT
-(This release of Kerberos comes with a sample application server and a corresponding client program.)SH
-7200 41585 MT
-(You will find this software in the [OBJ_DIR])SH
-/Times-Italic SF
-(/appl/sample)SH
-/Times-Roman SF
-33170 XM
-(directory. The)
-275 W( file)SH
-/Times-Italic SF
-41691 XM
-(sample_client)SH
-/Times-Roman SF
-48076 XM
-(contains the)SH
-7200 42781 MT
-(client program's executable code, the file)SH
-/Times-Italic SF
-25677 XM
-(sample_server)SH
-/Times-Roman SF
-32366 XM
-(contains the server's executable.)SH
-7200 45079 MT
-(The programs are rudimentary. When they have been installed \050the installation procedure is described in)SH
-7200 46275 MT
-(detail later\051, they work as follows:)SH
-/Symbol SF
-9169 48351 MT
-(\267)SH
-/Times-Roman SF
-9950 XM
-(The user starts)SH
-/Times-Italic SF
-16639 XM
-(sample_client)SH
-/Times-Roman SF
-23024 XM
-(and provides as arguments to the command the name of the)SH
-9950 49547 MT
-(server machine and a checksum. For instance:)SH
-/Courier SF
-11270 51147 MT
-(host%)SH
-/Times-Bold SF
-15230 XM
-(sample_client)SH
-/Times-BoldItalic SF
-22966 XM
-(servername 43)385 W
-/Symbol SF
-9169 53041 MT
-(\267)SH
-/Times-Italic SF
-9950 XM
-(Sample_client)SH
-/Times-Roman SF
-16457 XM
-(contacts the server machine and authenticates the user to)SH
-/Times-Italic SF
-41654 XM
-(sample_server)SH
-/Times-Roman SF
-(.)SH
-/Symbol SF
-9169 54935 MT
-(\267)SH
-/Times-Italic SF
-9950 XM
-(Sample_server)SH
-/Times-Roman SF
-16761 XM
-(authenticates itself to)SH
-/Times-Italic SF
-26384 XM
-(sample_client)SH
-/Times-Roman SF
-(, then returns a message to the client)SH
-9950 56131 MT
-(program. This)
-275 W( message contains diagnostic information that includes the user's username,)SH
-9950 57327 MT
-(the Kerberos realm, and the user's workstation address.)SH
-/Symbol SF
-9169 59221 MT
-(\267)SH
-/Times-Italic SF
-9950 XM
-(Sample_client)SH
-/Times-Roman SF
-16457 XM
-(displays the server's message on the user's terminal screen.)SH
-14 /Times-Bold AF
-7200 63039 MT
-(5.1 The)
-350 W( Installation Process)SH
-11 /Times-Roman AF
-7200 65234 MT
-(In general, you use the following procedure to install a Kerberos-authenticated server-client system.)SH
-9400 67185 MT
-(1.)SH
-10500 XM
-(Add the appropriate entry to the Kerberos database using)SH
-/Times-Italic SF
-35881 XM
-(kdb_edit)SH
-/Times-Roman SF
-39944 XM
-(or)SH
-/Times-Italic SF
-41135 XM
-(kadmin)SH
-/Times-Roman SF
-44648 XM
-(\050described)SH
-10500 68381 MT
-(below\051.)SH
-10 SS
-7200 75600 MT
-(MIT Project Athena)SH
-30350 XM
-(8)SH
-47890 XM
-(4 January 1990)SH
-ES
-%%Page: 9 10
-BS
-0 SI
-11 /Times-Roman AF
-9400 7955 MT
-(2.)SH
-10500 XM
-(Create a)SH
-/Times-Italic SF
-14408 XM
-(/etc/srvtab)SH
-/Times-Roman SF
-19327 XM
-(file for the server machine.)SH
-9400 9849 MT
-(3.)SH
-10500 XM
-(Install the service program and the)SH
-/Times-Italic SF
-26016 XM
-(/etc/srvtab)SH
-/Times-Roman SF
-30935 XM
-(file on the server machine.)SH
-9400 11743 MT
-(4.)SH
-10500 XM
-(Install the client program on the client machine.)SH
-9400 13637 MT
-(5.)SH
-10500 XM
-(Update the)SH
-/Times-Italic SF
-15570 XM
-(/etc/services)SH
-/Times-Roman SF
-21281 XM
-(file on the client and server machines.)SH
-7200 15935 MT
-(We will use the sample application as an example, although the procedure used to install)SH
-/Times-Italic SF
-46484 XM
-(sample_server)SH
-/Times-Roman SF
-7200 17131 MT
-(differs slightly from the general case because the)SH
-/Times-Italic SF
-29006 XM
-(sample_server)SH
-/Times-Roman SF
-35695 XM
-(takes requests via the)SH
-/Times-Italic SF
-45347 XM
-(inetd)SH
-/Times-Roman SF
-47822 XM
-(program.)SH
-/Times-Italic SF
-7200 18327 MT
-(Inetd)SH
-/Times-Roman SF
-9735 XM
-(starts)SH
-/Times-Italic SF
-12332 XM
-(sample_server)SH
-/Times-Roman SF
-19021 XM
-(each time a client process contacts the server machine.)SH
-/Times-Italic SF
-43606 XM
-(Sample_server)SH
-/Times-Roman SF
-7200 19523 MT
-(processes the request, terminiates, then is restarted when)SH
-/Times-Italic SF
-32368 XM
-(inetd)SH
-/Times-Roman SF
-34843 XM
-(receives another)SH
-/Times-Italic SF
-42293 XM
-(sample_client)SH
-/Times-Roman SF
-48678 XM
-(request.)SH
-7200 20719 MT
-(When you install the program on the server, you must add a)SH
-/Times-Italic SF
-33807 XM
-(sample)SH
-/Times-Roman SF
-37198 XM
-(entry to the server machine's)SH
-/Times-Italic SF
-7200 21915 MT
-(/etc/inetd.conf)SH
-/Times-Roman SF
-13738 XM
-(file.)SH
-7200 24213 MT
-(The following description assumes that you are installing)SH
-/Times-Italic SF
-32680 XM
-(sample_server)SH
-/Times-Roman SF
-39369 XM
-(on the machine)SH
-/Times-Italic SF
-46364 XM
-(ariadne.tim.edu)SH
-/Times-Roman SF
-(.)SH
-7200 25409 MT
-(Here's the process, step by step:)SH
-9400 27360 MT
-(1.)SH
-10500 XM
-(Login as or)SH
-/Times-Italic SF
-15785 XM
-(su)SH
-/Times-Roman SF
-17038 XM
-(to root on the Kerberos server machine. Use the)SH
-/Times-Italic SF
-38631 XM
-(kdb_edit)SH
-/Times-Roman SF
-42694 XM
-(or)SH
-/Times-Italic SF
-43885 XM
-(kadmin)SH
-/Times-Roman SF
-47398 XM
-(program)SH
-10500 28556 MT
-(to create an entry for)SH
-/Times-Italic SF
-19935 XM
-(sample)SH
-/Times-Roman SF
-23326 XM
-(in the Kerberos database:)SH
-/Courier SF
-11820 30133 MT
-(host#)SH
-/Times-Bold SF
-15780 XM
-([ADMIN_DIR]/kdb_edit)SH
-/Courier SF
-11820 32361 MT
-(Opening database...)SH
-11820 34589 MT
-(Enter Kerberos master key:)SH
-11820 35703 MT
-(Verifying, please re-enter)SH
-11820 36817 MT
-(master key entered. BEWARE!)SH
-11820 37931 MT
-(Previous or default values are in [brackets] ,)SH
-11820 39045 MT
-(enter return to leave the same, or new value.)SH
-11820 41273 MT
-(Principal name:)SH
-/Times-Bold SF
-22380 XM
-(sample)SH
-26220 XM
-(<--)SH
-/Times-BoldItalic SF
-28239 XM
-(Enter the principal name.)SH
-/Courier SF
-11820 42387 MT
-(Instance:)SH
-/Times-Bold SF
-18420 XM
-(ariadne)SH
-26220 XM
-(<--)SH
-/Times-BoldItalic SF
-28239 XM
-(Instances cannot have periods in them.)SH
-/Courier SF
-11820 44615 MT
-(<Not found>, Create [y] ?)SH
-/Times-Bold SF
-28980 XM
-(y)SH
-/Courier SF
-11820 46843 MT
-(Principal: sample_server Instance: ariadne m_key_v: 1)SH
-11820 47957 MT
-(New Password:)SH
-/Times-Bold SF
-26220 XM
-(<--)SH
-/Times-BoldItalic SF
-28239 XM
-(Enter ``RANDOM'' to get random password.)SH
-/Courier SF
-11820 49071 MT
-(Verifying, please re-enter)SH
-11820 50185 MT
-(New Password:)SH
-/Times-Bold SF
-26220 XM
-(<--)SH
-/Times-BoldItalic SF
-28239 XM
-(Enter ``RANDOM'' again.)SH
-/Courier SF
-11820 51299 MT
-(Random password [y] ?)SH
-/Times-Bold SF
-26340 XM
-(y)SH
-/Courier SF
-11820 53527 MT
-(Principal's new key version = 1)SH
-11820 54641 MT
-(Expiration date \050enter dd-mm-yy\051 [ 12/31/99 ] ?)SH
-11820 55755 MT
-(Max ticket lifetime \050*5 minutes\051 [ 255 ] ?)SH
-11820 56869 MT
-(Attributes [ 0 ] ?)SH
-11820 57983 MT
-(Edit O.K.)SH
-11820 60211 MT
-(Principal name:)SH
-/Times-Bold SF
-26220 XM
-(<--)SH
-/Times-BoldItalic SF
-28239 XM
-(Enter newline to exit kdb_edit.)SH
-/Times-Roman SF
-9400 62105 MT
-(2.)SH
-10500 XM
-(Use the)SH
-/Times-Italic SF
-14104 XM
-(ext_srvtab)SH
-/Times-Roman SF
-18961 XM
-(program to create a)SH
-/Times-Italic SF
-27755 XM
-(srvtab)SH
-/Times-Roman SF
-30780 XM
-(file for)SH
-/Times-Italic SF
-34078 XM
-(sample_server)SH
-/Times-Roman SF
-('s host machine:)SH
-10 SS
-7200 75600 MT
-(MIT Project Athena)SH
-30350 XM
-(9)SH
-47890 XM
-(4 January 1990)SH
-ES
-%%Page: 10 11
-BS
-0 SI
-11 /Courier AF
-11820 7937 MT
-(host#)SH
-/Times-Bold SF
-15780 XM
-([ADMIN_DIR]/ext_srvtab ariadne)275 W
-/Courier SF
-11820 10165 MT
-(Enter Kerberos master key:)SH
-11820 11279 MT
-(Current Kerberos master key version is 1.)SH
-11820 13507 MT
-(Generating 'ariadne-new-srvtab'....)SH
-/Times-Roman SF
-10500 15102 MT
-(Transfer the)SH
-/Times-Italic SF
-16118 XM
-(ariadne-new-srvtab)SH
-/Times-Roman SF
-25069 XM
-(file to)SH
-/Times-Italic SF
-27941 XM
-(ariadne)SH
-/Times-Roman SF
-31638 XM
-(and install it as)SH
-/Times-Italic SF
-38544 XM
-(/etc/srvtab)SH
-/Times-Roman SF
-(. Note)
-275 W( that this)SH
-10500 16298 MT
-(file is equivalent to the service's password and should be treated with care. For example, it)SH
-10500 17494 MT
-(could be transferred by removable media, but should not be sent over an open network in)SH
-10500 18690 MT
-(the clear. Once installed, this file should be readable only by root.)SH
-9400 20584 MT
-(3.)SH
-10500 XM
-(Add the following line to the)SH
-/Times-Italic SF
-23516 XM
-(/etc/services)SH
-/Times-Roman SF
-29227 XM
-(file on)SH
-/Times-Italic SF
-32343 XM
-(ariadne)SH
-/Times-Roman SF
-(, and on all machines that will run)SH
-10500 21780 MT
-(the)SH
-/Times-Italic SF
-12119 XM
-(sample_client)SH
-/Times-Roman SF
-18504 XM
-(program:)SH
-/Courier SF
-11820 23306 MT
-(sample 906/tcp)
-2640 W( #)
-3960 W( Kerberos sample app server)SH
-/Times-Roman SF
-9400 25200 MT
-(4.)SH
-10500 XM
-(Add a line similar to the following line to the)SH
-/Times-Italic SF
-30666 XM
-(/etc/inetd.conf)SH
-/Times-Roman SF
-37204 XM
-(file on)SH
-/Times-Italic SF
-40320 XM
-(sample_server)SH
-/Times-Roman SF
-('s)SH
-10500 26396 MT
-(machine:)SH
-/Courier SF
-11820 27922 MT
-(sample stream tcp nowait switched root)1320 W
-14460 29036 MT
-([PATH]/sample_server sample_server)SH
-/Times-Roman SF
-10500 30631 MT
-(where [PATH] should be substituted with the path to the)SH
-/Times-Italic SF
-35674 XM
-(sample_server)SH
-/Times-Roman SF
-42363 XM
-(program. \050This)275 W
-/Times-Italic SF
-10500 31827 MT
-(inetd.conf)SH
-/Times-Roman SF
-15144 XM
-(information should be placed on one line.\051 You should examine existing lines in)SH
-/Times-Italic SF
-10500 33023 MT
-(/etc/inetd.conf)SH
-/Times-Roman SF
-17038 XM
-(and use the same format used by other entries \050e.g. for telnet\051. Most systems)SH
-10500 34219 MT
-(do not have a column for the `switched' keyword, and some do not have a column for the)SH
-10500 35415 MT
-(username \050usually `root', as above\051.)SH
-9400 37309 MT
-(5.)SH
-10500 XM
-(Restart)SH
-/Times-Italic SF
-13891 XM
-(inetd)SH
-/Times-Roman SF
-16366 XM
-(by sending the current)SH
-/Times-Italic SF
-26446 XM
-(inetd)SH
-/Times-Roman SF
-28921 XM
-(process a hangup signal:)SH
-/Courier SF
-11820 38909 MT
-(host#)SH
-/Times-Bold SF
-15780 XM
-(kill -HUP)275 W
-/Times-BoldItalic SF
-21373 XM
-(process_id_number)SH
-/Times-Roman SF
-9400 40803 MT
-(6.)SH
-10500 XM
-(The)SH
-/Times-Italic SF
-12485 XM
-(sample_server)SH
-/Times-Roman SF
-19174 XM
-(is now ready to take)SH
-/Times-Italic SF
-28307 XM
-(sample_client)SH
-/Times-Roman SF
-34692 XM
-(requests.)SH
-14 /Times-Bold AF
-7200 44621 MT
-(5.2 Testing)
-350 W( the Sample Server)SH
-11 /Times-Roman AF
-7200 46816 MT
-(Assume that you have installed)SH
-/Times-Italic SF
-21223 XM
-(sample_server)SH
-/Times-Roman SF
-27912 XM
-(on)SH
-/Times-Italic SF
-29287 XM
-(ariadne)SH
-/Times-Roman SF
-(.)SH
-7200 49114 MT
-(Login to your workstation and use the)SH
-/Times-Italic SF
-24217 XM
-(kinit)SH
-/Times-Roman SF
-26448 XM
-(command to obtain a Kerberos ticket-granting ticket:)SH
-/Courier SF
-8520 50691 MT
-(host%)SH
-/Times-Bold SF
-12480 XM
-([K_USER]/kinit)SH
-/Courier SF
-8520 51805 MT
-(MIT Project Athena, \050your_workstation\051)SH
-8520 52919 MT
-(Kerberos Initialization)SH
-8520 54033 MT
-(Kerberos name:)SH
-/Times-BoldItalic SF
-18420 XM
-(yourusername)SH
-/Times-Bold SF
-28800 XM
-(<--)SH
-/Times-BoldItalic SF
-30819 XM
-(Enter your Kerberos username.)SH
-/Courier SF
-8520 55147 MT
-(Password:)SH
-/Times-Bold SF
-28800 XM
-(<--)SH
-/Times-BoldItalic SF
-30819 XM
-(Enter your Kerberos password.)SH
-/Times-Roman SF
-7200 57445 MT
-(Now use the)SH
-/Times-Italic SF
-12973 XM
-(sample_client)SH
-/Times-Roman SF
-19358 XM
-(program as follows:)SH
-/Courier SF
-8520 59022 MT
-(host%)SH
-/Times-Bold SF
-12480 XM
-([PATH]/sample_client ariadne)275 W
-/Times-Roman SF
-7200 60617 MT
-(The command should display something like the following:)SH
-/Courier SF
-8520 62143 MT
-(The server says:)SH
-8520 63257 MT
-(You are)SH
-/Times-BoldItalic SF
-13800 XM
-(yourusername)SH
-/Courier SF
-(. at REALMNAME \050local name)SH
-/Times-BoldItalic SF
-36180 XM
-(yourusername)SH
-/Courier SF
-(\051,)SH
-9180 64371 MT
-(at address)SH
-/Times-BoldItalic SF
-16440 XM
-(yournetaddress)SH
-/Courier SF
-(, version VERSION9, cksum 997)SH
-10 /Times-Roman AF
-7200 75600 MT
-(MIT Project Athena)SH
-30100 XM
-(10)SH
-47890 XM
-(4 January 1990)SH
-ES
-%%Page: 11 12
-BS
-0 SI
-16 /Times-Bold AF
-7200 8272 MT
-(6. Service)
-400 W( names and other services)SH
-14 SS
-7200 12090 MT
-(6.1 rlogin,)
-350 W( rsh, rcp, tftp, and others)SH
-11 /Times-Roman AF
-7200 14285 MT
-(Many services use a common principal name for authentication purposes.)SH
-/Times-Italic SF
-40128 XM
-(rlogin)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-43368 XM
-(rsh)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-45324 XM
-(rcp)SH
-/Times-Roman SF
-(,)SH
-/Times-Italic SF
-47340 XM
-(tftp)SH
-/Times-Roman SF
-49083 XM
-(and others)SH
-7200 15481 MT
-(use the principal name ``)SH
-/Courier SF
-(rcmd)SH
-/Times-Roman SF
-(''. For)
-275 W( example, to set up the machine)SH
-/Times-Italic SF
-38033 XM
-(ariadne)SH
-/Times-Roman SF
-41730 XM
-(to support Kerberos rlogin,)SH
-7200 16677 MT
-(it needs to have a service key for principal ``)SH
-/Courier SF
-(rcmd)SH
-/Times-Roman SF
-('', instance ``)SH
-/Courier SF
-(ariadne)SH
-/Times-Roman SF
-(''. You)
-275 W( create this key in the)SH
-7200 17873 MT
-(same way as shown above for the sample service.)SH
-7200 20171 MT
-(After creating this key, you need to run the)SH
-/Times-Italic SF
-26382 XM
-(ext_srvtab)SH
-/Times-Roman SF
-31239 XM
-(program again to generate a new srvtab file for)SH
-7200 21367 MT
-(ariadne.)SH
-14 /Times-Bold AF
-7200 25185 MT
-(6.2 NFS)
-350 W( modifications)SH
-11 /Times-Roman AF
-7200 27380 MT
-(The NFS modifications distributed separately use the service name ``)SH
-/Courier SF
-(rvdsrv)SH
-/Times-Roman SF
-('' with the instance set to)SH
-7200 28576 MT
-(the machine name \050as for the sample server and the rlogin, rsh, rcp and tftp services\051.)SH
-14 /Times-Bold AF
-7200 32394 MT
-(6.3 inetd.conf)
-350 W( entries)SH
-11 /Times-Roman AF
-7200 34589 MT
-(The following are the)SH
-/Times-Italic SF
-16974 XM
-(/etc/inetd.conf)SH
-/Times-Roman SF
-23512 XM
-(entries necessary to support rlogin, encrypted rlogin, rsh, and rcp)SH
-7200 35785 MT
-(services on a server machine. As above, your)SH
-/Times-Italic SF
-27631 XM
-(inetd.conf)SH
-/Times-Roman SF
-32275 XM
-(may not support all the fields shown here.)SH
-/Courier SF
-8520 37311 MT
-(eklogin stream)
-660 W( tcp nowait unswitched root)1320 W
-11160 38425 MT
-([PATH]/klogind eklogind)1320 W
-8520 39539 MT
-(kshell stream tcp nowait unswitched root)1320 W
-11160 40653 MT
-([PATH]/kshd kshd)1320 W
-8520 41767 MT
-(klogin stream tcp nowait unswitched root)1320 W
-11160 42881 MT
-([PATH]/klogind klogind)1320 W
-10 /Times-Roman AF
-7200 75600 MT
-(MIT Project Athena)SH
-30100 XM
-(11)SH
-47890 XM
-(4 January 1990)SH
-ES
-%%Page: i 13
-BS
-0 SI
-14 /Times-Bold AF
-25272 8138 MT
-(Table of Contents)SH
-13 SS
-7200 9781 MT
-(1. How)
-325 W( Kerberos Works: A Schematic Description)SH
-53350 XM
-(1)SH
-12 /Times-Roman AF
-9000 11130 MT
-(1.1 Network)
-300 W( Services and Their Client Programs)SH
-53400 XM
-(1)SH
-9000 12479 MT
-(1.2 Kerberos)
-300 W( Tickets)SH
-53400 XM
-(1)SH
-9000 13828 MT
-(1.3 The)
-300 W( Kerberos Master Database)SH
-53400 XM
-(1)SH
-9000 15177 MT
-(1.4 The)
-300 W( Ticket-Granting Ticket)SH
-53400 XM
-(1)SH
-9000 16526 MT
-(1.5 Network)
-300 W( Services and the Master Database)SH
-53400 XM
-(1)SH
-9000 17875 MT
-(1.6 The)
-300 W( User-Kerberos Interaction)SH
-53400 XM
-(2)SH
-13 /Times-Bold AF
-7200 19518 MT
-(2. Setting)
-325 W( Up and Testing the Kerberos Server)SH
-53350 XM
-(2)SH
-12 /Times-Roman AF
-9000 20867 MT
-(2.1 Creating)
-300 W( and Initializing the Master Database)SH
-53400 XM
-(3)SH
-9000 22216 MT
-(2.2 Storing)
-300 W( the Master Password)SH
-53400 XM
-(3)SH
-9000 23571 MT
-(2.3 Using)300 W
-/Times-BoldItalic SF
-14267 XM
-(kdb_edit)SH
-/Times-Roman SF
-18768 XM
-(to Add Users to the Master Database)SH
-53400 XM
-(4)SH
-9000 24920 MT
-(2.4 Starting)
-300 W( the Kerberos Server)SH
-53400 XM
-(4)SH
-9000 26269 MT
-(2.5 Testing)
-300 W( the Kerberos Server)SH
-53400 XM
-(5)SH
-13 /Times-Bold AF
-7200 27912 MT
-(3. Setting)
-325 W( up and testing the Administration server)SH
-53350 XM
-(5)SH
-12 /Times-Roman AF
-9000 29261 MT
-(3.1 Adding)
-300 W( an administration instance for the administrator)SH
-53400 XM
-(6)SH
-9000 30610 MT
-(3.2 The)
-300 W( Access Control Lists)SH
-53400 XM
-(6)SH
-9000 31959 MT
-(3.3 Starting)
-300 W( the administration server)SH
-53400 XM
-(7)SH
-9000 33314 MT
-(3.4 Testing)300 W
-/Times-BoldItalic SF
-15001 XM
-(kpasswd)SH
-/Times-Roman SF
-53400 XM
-(7)SH
-9000 34669 MT
-(3.5 Testing)300 W
-/Times-BoldItalic SF
-15001 XM
-(kadmin)SH
-/Times-Roman SF
-53400 XM
-(7)SH
-9000 36024 MT
-(3.6 Verifying)
-300 W( with)SH
-/Times-BoldItalic SF
-18501 XM
-(kinit)SH
-/Times-Roman SF
-53400 XM
-(8)SH
-13 /Times-Bold AF
-7200 37667 MT
-(4. Setting)
-325 W( up and testing slave server\050s\051)SH
-53350 XM
-(8)SH
-7200 39310 MT
-(5. A)
-325 W( Sample Application)SH
-53350 XM
-(8)SH
-12 /Times-Roman AF
-9000 40659 MT
-(5.1 The)
-300 W( Installation Process)SH
-53400 XM
-(8)SH
-9000 42008 MT
-(5.2 Testing)
-300 W( the Sample Server)SH
-52800 XM
-(10)SH
-13 /Times-Bold AF
-7200 43651 MT
-(6. Service)
-325 W( names and other services)SH
-52700 XM
-(11)SH
-12 /Times-Roman AF
-9000 45000 MT
-(6.1 rlogin,)
-300 W( rsh, rcp, tftp, and others)SH
-52800 XM
-(11)SH
-9000 46349 MT
-(6.2 NFS)
-300 W( modifications)SH
-52800 XM
-(11)SH
-9000 47698 MT
-(6.3 inetd.conf)
-300 W( entries)SH
-52800 XM
-(11)SH
-10 SS
-7200 75600 MT
-(MIT Project Athena)SH
-30461 XM
-(i)SH
-47890 XM
-(4 January 1990)SH
-ES
-%%Trailer
-%%Pages: 13
-%%DocumentFonts: Times-Roman Times-Bold Times-Italic Times-BoldItalic Courier Symbol
Deleted: branches/mskrb-integ/doc/old-V4-docs/operation.mss
===================================================================
--- branches/mskrb-integ/doc/old-V4-docs/operation.mss 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/doc/old-V4-docs/operation.mss 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,799 +0,0 @@
- at Comment[ $Source$]
- at Comment[ $Author$]
- at Comment[ $Id$]
- at Comment[]
- at device[postscript]
- at make[report]
- at comment[
- at DefineFont(HeadingFont,
- P=<RawFont "NewCenturySchlbkBoldItalic">,
- B=<RawFont "NewCenturySchlbkBold">,
- I=<RawFont "NewCenturySchlbkBoldItalic">,
- R=<RawFont "NewCenturySchlbkRoman">)
-]
- at DefineFont(HeadingFont,
- P=<RawFont "TimesBoldItalic">,
- B=<RawFont "TimesBold">,
- I=<RawFont "TimesItalic">,
- R=<RawFont "TimesRoman">)
- at Counter(MajorPart,TitleEnv HD0,ContentsEnv tc0,Numbered [@I],
- IncrementedBy Use,Announced)
- at Counter(Chapter,TitleEnv HD1,ContentsEnv tc1,Numbered [@1. ],
- IncrementedBy Use,Referenced [@1],Announced)
- at Counter(Appendix,TitleEnv HD1,ContentsEnv tc1,Numbered [@A. ],
- IncrementedBy,Referenced [@A],Announced,Alias Chapter)
- at Counter(UnNumbered,TitleEnv HD1,ContentsEnv tc1,Announced,Alias
- Chapter)
- at Counter(Section,Within Chapter,TitleEnv HD2,ContentsEnv tc2,
- Numbered [@#@:. at 1 ],Referenced [@#@:. at 1],IncrementedBy
- Use,Announced)
- at Counter(AppendixSection,Within Appendix,TitleEnv HD2,
- ContentsEnv tc2,
- Numbered [@#@:. at 1 ],Referenced [@#@:. at 1],IncrementedBy
- Use,Announced)
- at Counter(SubSection,Within Section,TitleEnv HD3,ContentsEnv tc3,
- Numbered [@#@:. at 1 ],IncrementedBy Use,
- Referenced [@#@:. at 1 ])
- at Counter(AppendixSubSection,Within AppendixSection,TitleEnv HD3,
- ContentsEnv tc3,
- Numbered [@#@:. at 1 ],IncrementedBy Use,
- Referenced [@#@:. at 1 ])
- at Counter(Paragraph,Within SubSection,TitleEnv HD4,ContentsEnv tc4,
- Numbered [@#@:. at 1 ],Referenced [@#@:. at 1],
- IncrementedBy Use)
- at modify(CopyrightNotice, Fixed -1 inch, Flushright)
- at Modify(Titlebox, Fixed 3.0 inches)
- at Modify(hd1, below .2 inch, facecode B, size 16, spaces kept, pagebreak off)
- at Modify(hd2, below .2 inch, facecode B, size 14, spaces kept)
- at Modify(hd3, below .2 inch, facecode B, size 12, spaces kept)
- at Modify(Description, Leftmargin +20, Indent -20,below 1 line, above 1 line)
- at Modify(Tc1, Above .5, Facecode B)
- at Modify(Tc2, Above .25, Below .25, Facecode R)
- at Modify(Tc3,Facecode R)
- at Modify(Tc4,Facecode R)
- at Modify(Itemize,Above 1line,Below 1line)
- at Modify(Insert,LeftMargin +2, RightMargin +2)
- at libraryfile[stable]
- at comment[@Style(Font NewCenturySchoolBook, size 11)]
- at Style(Font TimesRoman, size 11)
- at Style(Spacing 1.1, indent 0)
- at Style(leftmargin 1.0inch)
- at Style(justification no)
- at Style(BottomMargin 1.5inch)
- at Style(ChangeBarLocation Right)
- at Style(ChangeBars=off)
- at pageheading[immediate]
- at pagefooting[immediate, left = "MIT Project Athena", center = "@value(page)",
-right = "@value(date)"]
- at set[page = 0]
- at blankspace[.5 inches]
- at begin[group, size 20]
- at begin(center)
- at b[Kerberos Operation Notes]
- at b[DRAFT]
- at end[center]
- at blankspace[.5 inches]
- at end(group)
- at begin[group, size 16]
- at begin(center)
-Bill Bryant
-John Kohl
-Project Athena, MIT
- at blankspace[.5 inches]
- at b[Initial Release, January 24, 1989]
- at i[(plus later patches through patchlevel 7)]
- at end[center]
- at end(group)
- at begin[group, size 10]
- at end[group]
- at blankspace[1inches]
-
-These notes assume that you have used the
- at i[Kerberos Installation Notes] to build and install your
-Kerberos system.
-As in that document, we refer to the directory that contains
-the built Kerberos binaries as [OBJ_DIR].
-
-This document assumes that you are a Unix system manager.
-
- at newpage()
- at chapter[How Kerberos Works: A Schematic Description]
-
-This section provides a simplified description of
-a general user's interaction with the Kerberos system.
-This interaction happens transparently--users don't need to know
-and probably don't care about what's going on--but Kerberos administrators
-might find a schematic description of the process useful.
-The description glosses over a lot of details;
-for more information, see @i[Kerberos: An Authentication
-Service for Open Network Systems],
-a paper presented at Winter USENIX 1988, in Dallas, Texas.
-
- at section[Network Services and Their Client Programs]
-
-In an environment that provides network services,
-you use @i[client] programs to request service from
- at i[server] programs that are somewhere on the network.
-Suppose you have logged in to a workstation
-and you want to @i[rlogin] to another machine.
-You use the local @i[rlogin] client program to
-contact the remote machine's @i[rlogin] service daemon.
-
- at section[Kerberos Tickets]
-
-Under Kerberos, the @i[rlogin] service program
-allows a client to login to a remote machine if it
-can provide
-a Kerberos @b[ticket] for the request.
-This ticket proves the identity of the person who has used
-the client program to access the server program.
-
- at section[The Kerberos Master Database]
-
-Kerberos will give you tickets only if you
-have an entry in the Kerberos server's
- at b[master database].
-Your database entry includes your Kerberos username (often referred to
-as your Kerberos @b[principal] name), and your Kerberos password.
-Every Kerberos user must have an entry in this database.
-
- at section[The Ticket-Granting Ticket]
-
-The @i[kinit] command prompts for your Kerberos username and password,
-and if you enter them successfully, you will obtain a Kerberos
- at i[ticket-granting ticket].
-As illustrated below,
-client programs use this ticket to get other Kerberos tickets as
-needed.
-
- at section[Network Services and the Master Database]
-
-The master database also contains entries for all network services that
-require Kerberos authentication.
-Suppose for instance that your site has a machine @i[laughter]
-that requires Kerberos authentication from anyone who wants
-to @i[rlogin] to it.
-This service must be registered in the master database.
-Its entry includes the service's principal name, and its @b[instance].
-
-The @i[instance] is the name of the service's machine;
-in this case, the service's instance is the name @i[laughter].
-The instance provides a means for Kerberos to distinguish between
-machines that provide the same service.
-Your site is likely to have more than one machine that
-provides @i[rlogin] service.
-
- at section[The User-Kerberos Interaction]
-
-Suppose that you (in the guise of a general user) walk up to a workstation
-intending to login to it, and then @i[rlogin] to the machine @i[laughter].
-Here's what happens.
- at begin[enumerate]
-You login to the workstation and use the @i[kinit] command
-to to get a ticket-granting ticket.
-This command prompts you for your username (your Kerberos Principal Name),
-and your Kerberos password [on some systems which use the new version of
- at i{/bin/login}, this may be done as part of the login process, not
-requiring the user to run a separate program].
- at begin[enumerate]
-The @i[kinit] command sends your request to the Kerberos master server
-machine.
-The server software looks for your principal name's entry in the
-Kerberos @b[master database].
-
-If this entry exists, the
-Kerberos server creates and returns a
- at i[ticket-granting ticket], encrypted in your password.
-If @i[kinit] can decrypt the Kerberos reply using the password you
-provide, it stores this ticket in a @b[ticket file] on your
-local machine for later use.
-The ticket file to be used
-can be specified in the @b[KRBTKFILE] environment
-variable. If this variable is not set, the name of the file will be
- at i[/tmp/tkt at p(uid)], where @p(uid) is the UNIX user-id, represented in decimal.
- at end[enumerate]
-
-Now you use the @i[rlogin] client to try to access the machine @i[laughter].
- at begin[example]
-host% @b[rlogin laughter]
- at end[example]
- at begin[enumerate]
-The @i[rlogin] client checks your ticket file to see if you
-have a ticket for @i[laughter]'s @i[rcmd] service (the rlogin program
-uses the @i[rcmd] service name, mostly for historical reasons).
-You don't, so @i[rlogin] uses the ticket file's @i[ticket-granting
-ticket] to make a request to the master server's ticket-granting service.
-
-This ticket-granting service receives the @i[rcmd-laughter] request
-and looks in the master database for an @i[rcmd-laughter] entry.
-If that entry exists, the ticket-granting service issues you a ticket
-for that service.
-That ticket is also cached in your ticket file.
-
-The @i[rlogin] client now uses that ticket to request service from
-the @i[laughter] @i[rlogin] service program.
-The service program
-lets you @i[rlogin] if the ticket is valid.
- at end[enumerate]
- at end[enumerate]
-
- at chapter[Setting Up and Testing the Kerberos Server]
-
-The procedure for setting up and testing a Kerberos server
-is as follows:
- at begin[enumerate]
-Use the @i[kdb_init] command to create and initialize the master database.
-
-Use the @i[kdb_edit] utility to add your username to the
-master database.
-
-Start the Kerberos server.
-
-Use the @i[kinit] command to obtain a Kerberos ticket-granting ticket.
-
-Use the @i[klist] command to verify that the @i[kinit] command
-authenticated you successfully.
- at end[enumerate]
-
- at section[Creating and Initializing the Master Database]
-
-Login to the Kerberos master server machine,
-and use the @b[su] command to become root.
-If you installed the Kerberos administration tools
-with the @i[make install] command and the default pathnames,
-they should be in the @i[/usr/etc] directory.
-If you installed the tools in a different directory,
-hopefully you know what it is.
-From now on, we will refer to this directory as [ADMIN_DIR].
-
-The @i[kdb_init] command creates and initializes the master database.
-It asks you to enter the system's
-realm name and the database's master password.
-Do not forget this password.
-If you do, the database becomes useless.
-(Your realm name should be substituted for [REALMNAME] below.)
-
-Use @i[kdb_init] as follows:
- at tabset[3inches, +1.5inches]
- at begin[example, rightmargin -10]
-host# @b([ADMIN_DIR]/kdb_init)
-Realm name (default XXX): @b([REALMNAME])@\@b[<--] @p[Enter your system's realm name.]
-You will be prompted for the database Master Password.
-It is important that you NOT FORGET this password.
-
-Enter Kerberos master key: @\@b[<--] @p[Enter the master password.]
- at comment(this needs to be re-fixed...:
-Verifying, please re-enter
-Enter Kerberos master key: @\@b[<--] @p[Re-enter it.]
-)
- at end[example]
-
- at section[Storing the Master Password]
-
-The @i[kstash] command ``stashes'' the master password in the file @i[/.k]
-so that the Kerberos server can
-be started automatically during an unattended reboot of the
-master server.
-Other administrative programs use this hidden password so that they
-can access the master database without someone having to manually
-provide the master password.
-This command is an optional one;
-if you'd rather enter the master password each time you
-start the Kerberos server, don't use @i[kstash].
-
-One the one hand, if you use @i[kstash], a copy of the master
-key will reside
-on disk which may not be acceptable; on the other hand, if you don't
-use @i[kstash], the server cannot be started unless someone is around to
-type the password in manually.
-
-The command prompts you twice for the master password:
- at begin[example]
- at tabset[3inches]
-host# @b([ADMIN_DIR]/kstash)
-
-Enter Kerberos master key:@\@b[<--] @p[Enter the master password.]
-Current Kerberos master key version is 1.
-
-Master key entered BEWARE!
- at end[example]
-
-A note about the Kerberos database master key:
-if your master key is compromised and the database is obtained,
-the security of your entire authentication system is compromised.
-The master key must be a carefully kept secret. If you keep backups,
-you must guard all the master keys you use, in case someone has stolen
-an old backup and wants to attack users' whose passwords haven't changed
-since the backup was stolen.
-This is why we provide the option not to store it on disk.
-
- at section[Using @p(kdb_edit) to Add Users to the Master Database]
-
-The @i[kdb_edit] program is used to add new users and services
-to the master database, and to modify existing database information.
-The program prompts you to enter a principal's @b[name] and @b[instance].
-
-A principal name is typically a username or a service program's name.
-An instance further qualifies the principal.
-If the principal is a service,
-the instance is used to specify the name of the machine on which that
-service runs.
-If the principal is a username that has general user privileges,
-the instance is usually set to null.
-
-The following example shows how to use @i[kdb_edit] to
-add the user @i[wave] to the Kerberos database.
- at begin[example, rightmargin -10]
- at tabset[3inches, +1.5inches]
-host# @b([ADMIN_DIR]/kdb_edit)
-
-Opening database...
-
-Enter Kerberos master key:
-Verifying, please re-enter
-Enter Kerberos master key:
-Current Kerberos master key version is 1
-
-Master key entered. BEWARE!
-Previous or default values are in [brackets] ,
-enter return to leave the same, or new value.
-
-Principal name: @b[wave]@\@b[<--] @p[Enter the username.]
-Instance:@\@p[<-- Enter a null instance.]
-
-<Not found>, Create [y] ? @b[y]@\@b[<--] @p[The user-instance does not exist.]
-@\@p[ Enter y to create the user-instance.]
-Principal: wave Instance: m_key_v: 1
-New Password: @\@p[<-- Enter the user-instance's password.]
-Verifying, please re-enter
-New Password:
-Principal's new key version = 1
-Expiration date (enter dd-mm-yy) [ 12/31/99 ] ?@\@b[<--] @p[Enter newlines]
-Max ticket lifetime (*5 minutes) [ 255 ] ? @\@b[<--] @p[to get the]
-Attributes [ 0 ] ? @\@\@b[<--] @p[default values.]
-Edit O.K.
-
-Principal name:@\@p[<-- Enter a newline to exit the program.]
- at end[example]
-
-Use the @i[kdb_edit] utility to add your username to the master database.
-
- at section[Starting the Kerberos Server]
-
-Change directories to the directory in which you have installed
-the server program @i[kerberos]
-(the default directory is @i[/usr/etc]),
-and start the program as a background process:
- at begin[example]
-host# @b[./kerberos &]
- at end[example]
-If you have used the @i[kstash] command to store the master database password,
-the server will start automatically.
-If you did not use @i[kstash],
-use the following command:
- at begin[example]
-host# @b[./kerberos -m]
- at end[example]
-The server will prompt you to enter the master password before actually
-starting itself.
-
- at section[Testing the Kerberos Server]
-
-Exit the root account and use the @i[kinit] command obtain a Kerberos
-ticket-granting ticket.
-This command
-creates your ticket file
-and stores the ticket-granting ticket in it.
-
-If you used the default @i[make install] command and directories to
-install the Kerberos user utilities, @i[kinit] will be in the
- at i[/usr/athena] directory. From now on, we'll refer to the Kerberos user
-commands directory as [K_USER].
-
-Use @i[kinit] as follows:
- at begin[example]
- at tabset[3 inches]
-host% @b([K_USER]/kinit)
-MIT Project Athena, (ariadne)
-Kerberos Initialization
-Kerberos name: @p[yourusername]@\@b[<--] @p[Enter your Kerberos username.]
-Password: @\@b[<--] @p[Enter your Kerberos password.]
- at end[example]
-
-Use the @i[klist] program to list the contents of your ticket file.
- at begin[example]
-host% @b([K_USER]/klist)
- at end[example]
-The command should display something like the following:
- at begin[example]
-Ticket file: /tmp/tkt5555
-Principal: yourusername@@REALMNAME
-
- Issued Expires Principal
-May 6 10:15:23 May 6 18:15:23 krbtgt.REALMNAME@@REALMNAME
- at end[example]
-
-If you have any problems, you can examine the log file
- at i[/kerberos/kerberos.log] on the Kerberos server machine to see if
-there was some sort of error.
-
- at chapter[Setting up and testing the Administration server]
-
-The procedure for setting up and testing the Kerberos administration server
-is as follows:
- at begin[enumerate]
-Use the @i[kdb_edit] utility to add your username with an administration
-instance to the master database.
-
-Edit the access control lists for the administration server
-
-Start the Kerberos administration server.
-
-Use the @i[kpasswd] command to change your password.
-
-Use the @i[kadmin] command to add new entries to the database.
-
-Use the @i[kinit] command to verify that the @i[kadmin] command
-correctly added new entries to the database.
- at end(enumerate)
-
- at section[Adding an administration instance for the administrator]
-
-Login to the Kerberos master server machine,
-and use the @b[su] command to become root.
-Use the @i[kdb_edit] program to create an entry for each administrator
-with the instance ``@p(admin)''.
- at begin[example]
- at tabset[3inches, +1.5inches]
-host# @b([ADMIN_DIR]/kdb_edit)
-
-Opening database...
-
-Enter Kerberos master key:
-Verifying, please re-enter
-Enter Kerberos master key:
-Current Kerberos master key version is 1
-
-Master key entered. BEWARE!
-Previous or default values are in [brackets] ,
-enter return to leave the same, or new value.
-
-Principal name: @b[wave]@\@b[<--] @p[Enter the username.]
-Instance:@b[admin]@\@b[<--] @p[Enter ``admin''.]
-
-<Not found>, Create [y] ? @b[y]@\@b[<--] @p[The user-instance does not exist.]
-@\@p[ Enter y to create the user-instance.]
-Principal: wave Instance: admin m_key_v: 1
-New Password: @\@p[<-- Enter the user-instance's password.]
-Verifying, please re-enter
-New Password:
-Principal's new key version = 1
-Expiration date (enter dd-mm-yy) [ 12/31/99 ] ?@\@b[<--] @p[Enter newlines]
-Max ticket lifetime (*5 minutes) [ 255 ] ? @\@b[<--] @p[to get the]
-Attributes [ 0 ] ? @\@\@b[<--] @p[default values.]
-Edit O.K.
-
-Principal name:@\@p[<-- Enter a newline to exit the program.]
- at end[example]
-
- at section[The Access Control Lists]
-The Kerberos administration server uses three access control lists to
-determine who is authorized to make certain requests. The access
-control lists are stored on the master Kerberos server in the same
-directory as the principal database, @i(/kerberos). The access control
-lists are simple ASCII text files, with each line specifying the name of
-one principal who is allowed the particular function. To allow several
-people to perform the same function, put their principal names on
-separate lines in the same file.
-
-The first list, @i(/kerberos/admin_acl.mod), is a list of principals
-which are authorized to change entries in the database. To allow the
-administrator `@b[wave]' to modify entries in the database for the realm
-`@b[TIM.EDU]', you would put the following line into the file
- at i(/kerberos/admin_acl.mod):
- at begin(example)
-wave.admin@@TIM.EDU
- at end(example)
-
-The second list, @i(/kerberos/admin_acl.get), is a list of principals
-which are authorized to retrieve entries from the database.
-
-The third list, @i(/kerberos/admin_acl.add), is a list of principals
-which are authorized to add new entries to the database.
-
- at section(Starting the administration server)
-Change directories to the directory in which you have installed
-the administration server program @i[kadmind]
-(the default directory is @i[/usr/etc]),
-and start the program as a background process:
- at begin[example]
-host# @b[./kadmind -n&]
- at end[example]
-If you have used the @i[kstash] command to store the master database password,
-the server will start automatically.
-If you did not use @i[kstash],
-use the following command:
- at begin[example]
-host# @b[./kadmind]
- at end[example]
-The server will prompt you to enter the master password before actually
-starting itself; after it starts, you should suspend it and put it in
-the background (usually this is done by typing control-Z and then @b(bg)).
-
- at section(Testing @p[kpasswd])
-
-To test the administration server, you should try changing your password
-with the @i[kpasswd] command, and you should try adding new users with
-the @i[kadmin] command (both commands are installed into @i[/usr/athena]
-by default).
-
-Before testing, you should exit the root account.
-
-To change your password, run the @i[kpasswd] command:
- at begin(example)
- at tabset[3inches, +1.5inches]
-host% @b([K_USER]/kpasswd)
-Old password for wave@@TIM.EDU:@\@b[<--]@p[Enter your password]
-New Password for wave@@TIM.EDU:@\@b[<--]@p[Enter a new password]
-Verifying, please re-enter New Password for wave@@TIM.EDU:
-@\@b[<--]@p[Enter new password again]
-Password changed.
- at end(example)
-Once you have changed your password, use the @i[kinit] program as shown
-above to verify that the password was properly changed.
-
- at section(Testing @p[kadmin])
-You should also test the function of the @i[kadmin] program, by adding a
-new user (here named ``@t[username]''):
- at begin(example)
- at tabset[3inches, +1.5inches]
-host% @b([K_USER]/kadmin)
-Welcome to the Kerberos Administration Program, version 2
-Type "help" if you need it.
-admin: @b(ank username)@\@p[`ank' stands for Add New Key]
-Admin password: @\@b[<--]@p[enter the password
-@\you chose above for wave.admin]
-Password for username:@\@b[<--]@p[Enter the user's initial password]
-Verifying, please re-enter Password for username:@\@b[<--]@p[enter it again]
-username added to database.
-
-admin: quit
-Cleaning up and exiting.
- at end[example]
-
- at section(Verifying with @p[kinit])
-Once you've added a new user, you should test to make sure it was added
-properly by using @i[kinit], and trying to get tickets for that user:
-
- at begin[example]
- at tabset[3inches, +1.5inches]
-host% @b([K_USER]/kinit username)
-MIT Project Athena (ariadne)
-Kerberos Initialization for "username@@TIM.EDU"
-Password: @b[<--]@p[Enter the user's password you used above]
-host% @b([K_USER]/klist)
-Ticket file: /tmp/tkt_5509_spare1
-Principal: username@@TIM.MIT.EDU
-
- Issued Expires Principal
-Nov 20 15:58:52 Nov 20 23:58:52 krbtgt.TIM.EDU@@TIM.EDU
- at end[example]
-
-If you have any problems, you can examine the log files
- at i[/kerberos/kerberos.log] and @i[/kerberos/admin_server.syslog] on the
-Kerberos server machine to see if there was some sort of error.
-
- at chapter[Setting up and testing slave server(s)]
-
-[Unfortunately, this chapter is not yet ready. Sorry. -ed]
-
- at chapter[A Sample Application]
-
-This release of Kerberos comes with a sample application
-server and a corresponding client program.
-You will find this software in the [OBJ_DIR]@i[/appl/sample] directory.
-The file @i[sample_client] contains the client program's executable
-code, the file @i[sample_server] contains the server's executable.
-
-The programs are rudimentary.
-When they have been installed (the installation procedure is described
-in detail later), they work as follows:
- at begin[itemize]
-The user starts @i[sample_client] and provides as arguments
-to the command the name of the server machine and a checksum.
-For instance:
- at begin[example]
-host% @b[sample_client] @p[servername] @p[43]
- at end[example]
-
- at i[Sample_client] contacts the server machine and
-authenticates the user to @i[sample_server].
-
- at i[Sample_server] authenticates itself to @i[sample_client],
-then returns a message to the client program.
-This message contains diagnostic information
-that includes the user's username, the Kerberos realm,
-and the user's workstation address.
-
- at i[Sample_client] displays the server's message on the user's
-terminal screen.
- at end[itemize]
-
- at section[The Installation Process]
-
-In general,
-you use the following procedure to install a Kerberos-authenticated
-server-client system.
- at begin[enumerate]
-Add the appropriate entry to the Kerberos database using @i[kdb_edit] or
- at i[kadmin] (described below).
-
-Create a @i[/etc/srvtab] file for the server machine.
-
-Install the service program and the @i[/etc/srvtab]
-file on the server machine.
-
-Install the client program on the client machine.
-
-Update the @i[/etc/services] file on the client and server machines.
- at end[enumerate]
-
-We will use the sample application as an example, although
-the procedure used to install @i[sample_server] differs slightly
-from the general case because the @i[sample_server]
-takes requests via the
- at i[inetd] program.
- at i[Inetd] starts @i[sample_server] each time
-a client process contacts the server machine.
- at i[Sample_server] processes the request,
-terminiates, then is restarted when @i[inetd] receives another
- at i[sample_client] request.
-When you install the program on the server,
-you must add a @i[sample] entry to the server machine's
- at i[/etc/inetd.conf] file.
-
-The following description assumes that you are installing
- at i[sample_server] on the machine @i[ariadne.tim.edu].
-Here's the process, step by step:
- at begin[enumerate]
-Login as or @i[su] to root on the Kerberos server machine.
-Use the @i[kdb_edit] or @i[kadmin] program to create an entry for
- at i[sample] in the Kerberos database:
- at begin[example, rightmargin -10]
- at tabset[2.0inches, +.5inches]
-host# @b([ADMIN_DIR]/kdb_edit)
-
-Opening database...
-
-Enter Kerberos master key:
-Verifying, please re-enter
-master key entered. BEWARE!
-Previous or default values are in [brackets] ,
-enter return to leave the same, or new value.
-
-Principal name: @b[sample]@\@b[<--] @p[Enter the principal name.]
-Instance: @b[ariadne]@\@b[<--] @p[Instances cannot have periods in them.]
-
-<Not found>, Create [y] ? @b[y]
-
-Principal: sample_server Instance: ariadne m_key_v: 1
-New Password:@\@b[<--] @p[Enter ``RANDOM'' to get random password.]
-Verifying, please re-enter
-New Password:@\@b[<--] @p[Enter ``RANDOM'' again.]
-Random password [y] ? @b[y]
-
-Principal's new key version = 1
-Expiration date (enter dd-mm-yy) [ 12/31/99 ] ?
-Max ticket lifetime (*5 minutes) [ 255 ] ?
-Attributes [ 0 ] ?
-Edit O.K.
-
-Principal name:@\@b[<--] @p[Enter newline to exit kdb_edit.]
- at end[example]
-
-Use the @i[ext_srvtab] program to create a @i[srvtab] file
-for @i[sample_server]'s host machine:
- at begin[example]
-host# @b([ADMIN_DIR]/ext_srvtab ariadne)
-
-Enter Kerberos master key:
-Current Kerberos master key version is 1.
-
-Generating 'ariadne-new-srvtab'....
- at end[example]
-Transfer the @i[ariadne-new-srvtab] file to @i[ariadne] and install it as
- at i[/etc/srvtab].
-Note that this file is equivalent to the service's password and should
-be treated with care.
-For example, it could be transferred by removable media, but should
-not be sent over an open network in the clear.
-Once installed, this file should be readable only by root.
-
-Add the following line to the @i[/etc/services] file on
- at i[ariadne], and on all machines that
-will run the @i[sample_client] program:
- at begin[example]
-sample 906/tcp # Kerberos sample app server
- at end[example]
-
-Add a line similar to the following line to the @i[/etc/inetd.conf]
-file on @i[sample_server]'s machine:
- at begin[example]
-sample stream tcp nowait switched root
- [PATH]/sample_server sample_server
- at end[example]
-where [PATH] should be substituted with
-the path to the @i[sample_server] program.
-(This @i[inetd.conf] information should be placed on one line.)
-You should examine existing lines in @i[/etc/inetd.conf] and use the
-same format used by other entries (e.g. for telnet). Most systems do
-not have a column for the `switched' keyword, and some do not have a
-column for the username (usually `root', as above).
-
-Restart @i[inetd] by sending the current @i[inetd] process
-a hangup signal:
- at begin[example]
-host# @b[kill -HUP @p(process_id_number)]
- at end[example]
-
-The @i[sample_server] is now ready to take @i[sample_client] requests.
- at end[enumerate]
-
- at section[Testing the Sample Server]
-
-Assume that you have installed @i[sample_server] on @i[ariadne].
-
-Login to your workstation and use the @i[kinit] command to
-obtain a Kerberos ticket-granting ticket:
- at begin[example]
- at tabset[3 inches]
-host% @b([K_USER]/kinit)
-MIT Project Athena, (your_workstation)
-Kerberos Initialization
-Kerberos name: @p[yourusername]@\@b[<--] @p[Enter your Kerberos username.]
-Password: @\@b[<--] @p[Enter your Kerberos password.]
- at end[example]
-
-Now use the @i[sample_client] program as follows:
- at begin[example]
-host% @b([PATH]/sample_client ariadne)
- at end[example]
-The command should display something like the following:
- at begin[example]
-The server says:
-You are @p[yourusername].@@REALMNAME (local name @p[yourusername]),
- at address @p[yournetaddress], version VERSION9, cksum 997
- at end[example]
-
- at chapter[Service names and other services]
-
- at section(rlogin, rsh, rcp, tftp, and others)
-
-Many services use a common principal name for authentication purposes.
- at i[rlogin], @i[rsh], @i[rcp], @i[tftp] and others use the principal name
-``@t[rcmd]''. For example, to set up the machine @i[ariadne] to support
-Kerberos rlogin, it needs to have a service key for principal
-``@t[rcmd]'', instance ``@t[ariadne]''. You create this key in the same
-way as shown above for the sample service.
-
-After creating this key, you need to run the @i[ext_srvtab] program
-again to generate a new srvtab file for ariadne.
-
- at section(NFS modifications)
-
-The NFS modifications distributed separately use the service name
-``@t[rvdsrv]'' with the instance set to the machine name (as for the
-sample server and the rlogin, rsh, rcp and tftp services).
-
- at section(inetd.conf entries)
-The following are the @i(/etc/inetd.conf) entries necessary to support
-rlogin, encrypted rlogin, rsh, and rcp services on a server machine. As
-above, your @i(inetd.conf) may not support all the fields shown here.
- at begin[example]
-eklogin stream tcp nowait unswitched root
- [PATH]/klogind eklogind
-kshell stream tcp nowait unswitched root
- [PATH]/kshd kshd
-klogin stream tcp nowait unswitched root
- [PATH]/klogind klogind
- at end[example]
Modified: branches/mskrb-integ/src/Makefile.in
===================================================================
--- branches/mskrb-integ/src/Makefile.in 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678)
@@ -9,7 +9,7 @@
# plugins/preauth/wpse
# plugins/preauth/cksum_body
# plugins/authdata/greet
-SUBDIRS=util include lib @krb524@ kdc kadmin @ldap_plugin_dir@ slave clients \
+SUBDIRS=util include lib kdc kadmin @ldap_plugin_dir@ slave clients \
plugins/kdb/db2 \
plugins/preauth/pkinit \
appl tests \
@@ -195,7 +195,6 @@
clients\kpasswd\Makefile clients\kvno\Makefile \
clients\kcpytkt\Makefile clients\kdeltkt\Makefile \
include\Makefile \
- krb524\Makefile \
lib\Makefile lib\crypto\Makefile \
lib\crypto\crc32\Makefile lib\crypto\des\Makefile \
lib\crypto\dk\Makefile lib\crypto\enc_provider\Makefile \
@@ -205,10 +204,10 @@
lib\crypto\sha1\Makefile lib\crypto\arcfour\Makefile \
lib\crypto\md4\Makefile lib\crypto\md5\Makefile \
lib\crypto\yarrow\Makefile lib\crypto\aes\Makefile \
- lib\des425\Makefile \
lib\gssapi\Makefile lib\gssapi\generic\Makefile \
lib\gssapi\krb5\Makefile lib\gssapi\mechglue\Makefile \
- lib\krb4\Makefile lib\krb5\Makefile \
+ lib\gssapi\spnego\Makefile \
+ lib\krb5\Makefile \
lib\krb5\asn.1\Makefile lib\krb5\ccache\Makefile \
lib\krb5\ccache\ccapi\Makefile \
lib\krb5\error_tables\Makefile \
@@ -259,8 +258,6 @@
##DOS## $(WCONFIG) config < $@.in > $@
##DOS##include\Makefile: include\Makefile.in $(MKFDEP)
##DOS## $(WCONFIG) config < $@.in > $@
-##DOS##krb524\Makefile: krb524\Makefile.in $(MKFDEP)
-##DOS## $(WCONFIG) config < $@.in > $@
##DOS##lib\Makefile: lib\Makefile.in $(MKFDEP)
##DOS## $(WCONFIG) config < $@.in > $@
##DOS##lib\crypto\Makefile: lib\crypto\Makefile.in $(MKFDEP)
@@ -293,8 +290,6 @@
##DOS## $(WCONFIG) config < $@.in > $@
##DOS##lib\crypto\raw\Makefile: lib\crypto\raw\Makefile.in $(MKFDEP)
##DOS## $(WCONFIG) config < $@.in > $@
-##DOS##lib\des425\Makefile: lib\des425\Makefile.in $(MKFDEP)
-##DOS## $(WCONFIG) config < $@.in > $@
##DOS##lib\gssapi\Makefile: lib\gssapi\Makefile.in $(MKFDEP)
##DOS## $(WCONFIG) config < $@.in > $@
##DOS##lib\gssapi\generic\Makefile: lib\gssapi\generic\Makefile.in $(MKFDEP)
@@ -303,8 +298,6 @@
##DOS## $(WCONFIG) config < $@.in > $@
##DOS##lib\gssapi\krb5\Makefile: lib\gssapi\krb5\Makefile.in $(MKFDEP)
##DOS## $(WCONFIG) config < $@.in > $@
-##DOS##lib\krb4\Makefile: lib\krb4\Makefile.in $(MKFDEP)
-##DOS## $(WCONFIG) config < $@.in > $@
##DOS##lib\krb5\Makefile: lib\krb5\Makefile.in $(MKFDEP)
##DOS## $(WCONFIG) config < $@.in > $@
##DOS##lib\krb5\asn.1\Makefile: lib\krb5\asn.1\Makefile.in $(MKFDEP)
@@ -392,14 +385,14 @@
clients/* clients/kdestroy/* clients/kinit/* clients/klist/* \
clients/kpasswd/* clients/kcpytkt/* clients/kdeltkt/* \
config/* include/* include/kerberosIV/* \
- include/krb5/* include/krb5/stock/* include/sys/* krb524/* lib/* \
+ include/krb5/* include/krb5/stock/* include/sys/* lib/* \
lib/crypto/* lib/crypto/crc32/* lib/crypto/des/* lib/crypto/dk/* \
lib/crypto/enc_provider/* lib/crypto/hash_provider/* \
lib/crypto/keyhash_provider/* lib/crypto/old/* lib/crypto/raw/* \
lib/crypto/sha1/* lib/crypto/arcfour/* lib/crypto/md4/* \
lib/crypto/md5/* lib/crypto/yarrow/* \
- lib/des425/* lib/gssapi/* lib/gssapi/generic/* lib/gssapi/krb5/* \
- lib/gssapi/mechglue/* lib/gssapi/spnego/* lib/krb4/* \
+ lib/gssapi/* lib/gssapi/generic/* lib/gssapi/krb5/* \
+ lib/gssapi/mechglue/* lib/gssapi/spnego/* \
lib/krb5/* lib/krb5/asn.1/* lib/krb5/krb/* \
lib/krb5/ccache/* lib/krb5/ccache/ccapi/* \
lib/krb5/error_tables/* \
@@ -439,12 +432,9 @@
$(INC)krb5_err.h $(ET)krb5_err.c \
$(INC)kv5m_err.h $(ET)kv5m_err.c \
$(INC)krb524_err.h $(ET)krb524_err.c \
- $(INC)/kerberosIV/kadm_err.h lib/krb4/kadm_err.c \
- $(INC)/kerberosIV/krb_err.h lib/krb4/krb_err.c \
$(PR)prof_err.h $(PR)prof_err.c \
$(GG)gssapi_err_generic.h $(GG)gssapi_err_generic.c \
- $(GK)gssapi_err_krb5.h $(GK)gssapi_err_krb5.c \
- lib/krb4/krb_err_txt.c
+ $(GK)gssapi_err_krb5.h $(GK)gssapi_err_krb5.c
HOUT = $(INC)krb5\krb5.h $(GG)gssapi.h $(PR)profile.h
@@ -499,10 +489,6 @@
$(AWK) -f $(AH) outfile=$@ $(ET)kv5m_err.et
$(INC)krb524_err.h: $(AH) $(ET)krb524_err.et
$(AWK) -f $(AH) outfile=$@ $(ET)krb524_err.et
-$(INC)/kerberosIV/kadm_err.h: $(AH) lib/krb4/kadm_err.et
- $(AWK) -f $(AH) outfile=$@ lib/krb4/kadm_err.et
-$(INC)/kerberosIV/krb_err.h: $(AH) lib/krb4/krb_err.et
- $(AWK) -f $(AH) outfile=$@ lib/krb4/krb_err.et
$(PR)prof_err.h: $(AH) $(PR)prof_err.et
$(AWK) -f $(AH) outfile=$@ $(PR)prof_err.et
$(GG)gssapi_err_generic.h: $(AH) $(GG)gssapi_err_generic.et
@@ -524,10 +510,6 @@
$(AWK) -f $(AC) outfile=$@ $(ET)kv5m_err.et
$(ET)krb524_err.c: $(AC) $(ET)krb524_err.et
$(AWK) -f $(AC) outfile=$@ $(ET)krb524_err.et
-lib/krb4/kadm_err.c: $(AC) lib/krb4/kadm_err.et
- $(AWK) -f $(AC) outfile=$@ lib/krb4/kadm_err.et
-lib/krb4/krb_err.c: $(AC) lib/krb4/krb_err.et
- $(AWK) -f $(AC) outfile=$@ lib/krb4/krb_err.et
$(PR)prof_err.c: $(AC) $(PR)prof_err.et
$(AWK) -f $(AC) outfile=$@ $(PR)prof_err.et
$(GG)gssapi_err_generic.c: $(AC) $(GG)gssapi_err_generic.et
@@ -539,10 +521,6 @@
$(CE)test2.c: $(AC) $(CE)test2.et
$(AWK) -f $(AC) outfile=$@ $(CE)test2.et
-lib/krb4/krb_err_txt.c: lib/krb4/krb_err.et
- $(AWK) -f lib/krb4/et_errtxt.awk outfile=$@ \
- lib/krb4/krb_err.et
-
KRBHDEP = $(INC)krb5\krb5.hin $(INC)krb5_err.h $(INC)kdb5_err.h \
$(INC)kv5m_err.h $(INC)krb524_err.h $(INC)asn1_err.h
@@ -613,8 +591,6 @@
$(CP) clients\kcpytkt\$(OUTPRE)kcpytkt.exe "$(KRB_INSTALL_DIR)\bin\."
$(CP) clients\kdeltkt\$(OUTPRE)kdeltkt.exe "$(KRB_INSTALL_DIR)\bin\."
$(CP) clients\kpasswd\$(OUTPRE)kpasswd.exe "$(KRB_INSTALL_DIR)\bin\."
- @if exist "$(KRB_INSTALL_DIR)\bin\krb4_32.dll" del "$(KRB_INSTALL_DIR)\bin\krb4_32.dll"
- @if exist "$(KRB_INSTALL_DIR)\lib\krb4_32.lib" del "$(KRB_INSTALL_DIR)\lib\krb4_32.lib"
install-unix::
$(INSTALL_SCRIPT) krb5-config \
Modified: branches/mskrb-integ/src/aclocal.m4
===================================================================
--- branches/mskrb-integ/src/aclocal.m4 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/aclocal.m4 2009-01-03 03:00:25 UTC (rev 21678)
@@ -74,7 +74,6 @@
if test -z "$LD" ; then LD=$CC; fi
AC_ARG_VAR(LD,[linker command [CC]])
AC_SUBST(LDFLAGS) dnl
-WITH_KRB4 dnl
KRB5_AC_CHOOSE_ET dnl
KRB5_AC_CHOOSE_SS dnl
KRB5_AC_CHOOSE_DB dnl
@@ -502,61 +501,6 @@
AC_DEFINE_UNQUOTED($ac_tr_file) $2], $3)dnl
done
])
-dnl
-dnl set $(KRB4) from --with-krb4=value -- WITH_KRB4
-dnl
-AC_DEFUN(WITH_KRB4,[
-AC_ARG_WITH([krb4],
-[ --without-krb4 omit Kerberos V4 backwards compatibility (default)
- --with-krb4 use V4 libraries included with V5
- --with-krb4=KRB4DIR use preinstalled V4 libraries],
-,
-withval=no
-)dnl
-if test $withval = no; then
- AC_MSG_NOTICE(no krb4 support)
- KRB4_LIB=
- KRB4_DEPLIB=
- KRB4_INCLUDES=
- KRB4_LIBPATH=
- KRB_ERR_H_DEP=
- krb5_cv_build_krb4_libs=no
- krb5_cv_krb4_libdir=
-else
- AC_DEFINE([KRB5_KRB4_COMPAT], 1, [Define this if building with krb4 compat])
- if test $withval = yes; then
- AC_MSG_NOTICE(enabling built in krb4 support)
- KRB4_DEPLIB='$(TOPLIBD)/libkrb4$(DEPLIBEXT)'
- KRB4_LIB=-lkrb4
- KRB4_INCLUDES='-I$(SRCTOP)/include/kerberosIV -I$(BUILDTOP)/include/kerberosIV'
- KRB4_LIBPATH=
- KRB_ERR_H_DEP='$(BUILDTOP)/include/kerberosIV/krb_err.h'
- krb5_cv_build_krb4_libs=yes
- krb5_cv_krb4_libdir=
- else
- AC_MSG_NOTICE(using preinstalled krb4 in $withval)
- KRB4_LIB="-lkrb"
-dnl DEPKRB4_LIB="$withval/lib/libkrb.a"
- KRB4_INCLUDES="-I$withval/include"
- KRB4_LIBPATH="-L$withval/lib"
- KRB_ERR_H_DEP=
- krb5_cv_build_krb4_libs=no
- krb5_cv_krb4_libdir="$withval/lib"
- fi
-fi
-AC_SUBST(KRB4_INCLUDES)
-AC_SUBST(KRB4_LIBPATH)
-AC_SUBST(KRB4_LIB)
-AC_SUBST(KRB4_DEPLIB)
-AC_SUBST(KRB_ERR_H_DEP)
-dnl We always compile the des425 library
-DES425_DEPLIB='$(TOPLIBD)/libdes425$(DEPLIBEXT)'
-DES425_LIB=-ldes425
-AC_SUBST(DES425_DEPLIB)
-AC_SUBST(DES425_LIB)
-])dnl
-dnl
-dnl
AC_DEFUN(KRB5_AC_CHECK_FOR_CFLAGS,[
AC_BEFORE([$0],[AC_PROG_CC])
AC_BEFORE([$0],[AC_PROG_CXX])
Modified: branches/mskrb-integ/src/appl/simple/client/sim_client.c
===================================================================
--- branches/mskrb-integ/src/appl/simple/client/sim_client.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/appl/simple/client/sim_client.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -330,7 +330,7 @@
com_err(progname, retval, "while deleting replay cache");
exit(1);
}
-
+ krb5_auth_con_setrcache(context, auth_context, NULL);
krb5_auth_con_free(context, auth_context);
krb5_free_context(context);
Modified: branches/mskrb-integ/src/config/pre.in
===================================================================
--- branches/mskrb-integ/src/config/pre.in 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/config/pre.in 2009-01-03 03:00:25 UTC (rev 21678)
@@ -325,8 +325,6 @@
KDB5_DEPLIB = $(TOPLIBD)/libkdb5$(DEPLIBEXT)
GSSRPC_DEPLIB = $(TOPLIBD)/libgssrpc$(DEPLIBEXT)
GSS_DEPLIB = $(TOPLIBD)/libgssapi_krb5$(DEPLIBEXT)
-KRB4_DEPLIB = @KRB4_DEPLIB@ # $(TOPLIBD)/libkrb4$(DEPLIBEXT)
-DES425_DEPLIB = @DES425_DEPLIB@ # $(TOPLIBD)/libdes425$(DEPLIBEXT)
KRB5_DEPLIB = $(TOPLIBD)/libkrb5$(DEPLIBEXT)
CRYPTO_DEPLIB = $(TOPLIBD)/libk5crypto$(DEPLIBEXT)
COM_ERR_DEPLIB = $(COM_ERR_DEPLIB- at COM_ERR_VERSION@)
@@ -344,7 +342,6 @@
APPUTILS_DEPLIB = $(TOPLIBD)/libapputils.a
KRB5_BASE_DEPLIBS = $(KRB5_DEPLIB) $(CRYPTO_DEPLIB) $(COM_ERR_DEPLIB) $(SUPPORT_DEPLIB)
-KRB4COMPAT_DEPLIBS = $(KRB4_DEPLIB) $(DES425_DEPLIB) $(KRB5_BASE_DEPLIBS)
KDB5_DEPLIBS = $(KDB5_DEPLIB)
GSS_DEPLIBS = $(GSS_DEPLIB)
GSSRPC_DEPLIBS = $(GSSRPC_DEPLIB) $(GSS_DEPLIBS)
@@ -365,11 +362,6 @@
SS_DEPS-sys =
SS_DEPS-k5 = $(BUILDTOP)/include/ss/ss.h $(BUILDTOP)/include/ss/ss_err.h
-# Header file dependencies that might depend on whether krb4 support
-# is compiled.
-
-KRB_ERR_H_DEP = @KRB_ERR_H_DEP@
-
# LIBS gets substituted in... e.g. -lnsl -lsocket
# GEN_LIB is -lgen if needed for regexp
@@ -388,19 +380,10 @@
GSS_KRB5_LIB = -lgssapi_krb5
SUPPORT_LIB = -l$(SUPPORT_LIBNAME)
-# KRB4_LIB is -lkrb4 if building --with-krb4
-# needs fixing if ever used on Mac OS X!
-KRB4_LIB = @KRB4_LIB@
-
-# DES425_LIB is -ldes425 if building --with-krb4
-# needs fixing if ever used on Mac OS X!
-DES425_LIB = @DES425_LIB@
-
# HESIOD_LIBS is -lhesiod...
HESIOD_LIBS = @HESIOD_LIBS@
KRB5_BASE_LIBS = $(KRB5_LIB) $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(GEN_LIB) $(LIBS) $(DL_LIB)
-KRB4COMPAT_LIBS = $(KRB4_LIB) $(DES425_LIB) $(KRB5_BASE_LIBS)
KDB5_LIBS = $(KDB5_LIB) $(GSSRPC_LIBS)
GSS_LIBS = $(GSS_KRB5_LIB)
# needs fixing if ever used on Mac OS X!
@@ -421,11 +404,6 @@
APPUTILS_LIB = -lapputils
#
-# some more stuff for --with-krb4
-KRB4_LIBPATH = @KRB4_LIBPATH@
-KRB4_INCLUDES = @KRB4_INCLUDES@
-
-#
# variables for --with-tcl=
TCL_LIBS = @TCL_LIBS@
TCL_LIBPATH = @TCL_LIBPATH@
Modified: branches/mskrb-integ/src/config-files/krb5.conf.M
===================================================================
--- branches/mskrb-integ/src/config-files/krb5.conf.M 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/config-files/krb5.conf.M 2009-01-03 03:00:25 UTC (rev 21678)
@@ -201,6 +201,16 @@
General flag controlling the use of DNS for Kerberos information. If both
of the preceding options are specified, this option has no effect.
+.IP realm_try_domains
+Indicate whether a host's domain components should be used to
+determine the Kerberos realm of the host. The value of this variable
+is an integer: -1 means not to search, 0 means to try the host's
+domain itself, 1 means to also try the domain's immediate parent, and
+so forth. The library's usual mechanism for locating Kerberos realms
+is used to determine whether a domain is a valid realm--which may
+involve consulting DNS if dns_lookup_kdc is set. The default is not
+to search domain components.
+
.IP extra_addresses
This allows a computer to use multiple local addresses, in order to
allow Kerberos to work in a network that uses NATs. The addresses should
Modified: branches/mskrb-integ/src/configure.in
===================================================================
--- branches/mskrb-integ/src/configure.in 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/configure.in 2009-01-03 03:00:25 UTC (rev 21678)
@@ -55,20 +55,6 @@
AC_ARG_ENABLE([athena],
[ --enable-athena build with MIT Project Athena configuration],,)
dnl
-if test -z "$KRB4_LIB"; then
-kadminv4=""
-krb524=""
-libkrb4=""
-KRB4=""
-else
-kadminv4=kadmin.v4
-krb524=krb524
-libkrb4=lib/krb4
-KRB4=krb4
-fi
-AC_SUBST(KRB4)
-AC_SUBST(krb524)
-dnl
dnl Begin autoconf tests for the Makefiles generated out of the top-level
dnl configure.in...
dnl
@@ -168,7 +154,6 @@
AC_SUBST(FAKEKA)
KRB5_RUN_FLAGS
dnl
-dnl for krb524
AC_TYPE_SIGNAL
dnl
dnl from old include/configure.in
@@ -586,15 +571,6 @@
[ --enable-athena build with MIT Project Athena configuration],
AC_DEFINE(KRB5_ATHENA_COMPAT,1,[Define if MIT Project Athena default configuration should be used]),)
-if test "$KRB4_LIB" = ''; then
- AC_MSG_NOTICE(No Kerberos 4 compatibility)
- maybe_kerberosIV=
-else
- AC_MSG_NOTICE(Kerberos 4 compatibility enabled)
- maybe_kerberosIV=kerberosIV
- AC_DEFINE(KRB5_KRB4_COMPAT,1,[Define if Kerberos V4 backwards compatibility should be supported])
-fi
-AC_SUBST(maybe_kerberosIV)
dnl
AC_C_INLINE
AH_TOP([
@@ -700,11 +676,6 @@
fi
AC_SUBST(DO_TEST)
dnl
-DO_V4_TEST=
-if test "$have_PERL" = perl -a "$have_RUNTEST" = runtest -a "$TCL_LIBS" != "" -a "$ath_compat" != ""; then
- DO_V4_TEST=ok
-fi
-AC_SUBST(DO_V4_TEST)
dnl The following are substituted into kadmin/testing/scripts/env-setup.sh
RBUILD=`pwd`
AC_SUBST(RBUILD)
@@ -726,25 +697,6 @@
AC_CHECK_PROG(RUNTEST,runtest,runtest)
AC_CHECK_PROG(PERL,perl,perl)
dnl
-dnl
-dnl for lib/krb4
-case $krb5_cv_host in
- *-apple-darwin*)
- KRB_ERR_TXT=
- KRB_ERR=
- KRB_ERR_C=krb_err.c
- ;;
- *)
- KRB_ERR='$(OUTPRE)krb_err.$(OBJEXT)'
- KRB_ERR_TXT=krb_err_txt.c
- KRB_ERR_C=
- ;;
-esac
-AC_SUBST([KRB_ERR_TXT])
-AC_SUBST([KRB_ERR])
-AC_SUBST([KRB_ERR_C])
-dnl
-dnl
dnl lib/gssapi
AC_CHECK_HEADER(stdint.h,[
include_stdint='awk '\''END{printf("%cinclude <stdint.h>\n", 35);}'\'' < /dev/null'],
@@ -970,13 +922,6 @@
HAVE_RUNTEST=no
fi
AC_SUBST(HAVE_RUNTEST)
-if test "$KRB4_LIB" = ''; then
- KRB4_DEJAGNU_TEST="KRBIV=0"
-else
- AC_MSG_RESULT(Kerberos 4 testing enabled)
- KRB4_DEJAGNU_TEST="KRBIV=1"
-fi
-AC_SUBST(KRB4_DEJAGNU_TEST)
dnl for plugins/kdb/db2
dnl
@@ -1052,9 +997,6 @@
if test "$SS_VERSION" = k5 ; then
K5_GEN_MAKEFILE(util/ss)
fi
-if test -n "$KRB4_LIB"; then
- K5_GEN_MAKEFILE(lib/krb4)
-fi
dnl
dnl
ldap_plugin_dir=""
@@ -1109,7 +1051,7 @@
util util/support util/profile util/send-pr
- lib lib/des425 lib/kdb
+ lib lib/kdb
lib/crypto lib/crypto/crc32 lib/crypto/des lib/crypto/dk
lib/crypto/enc_provider lib/crypto/hash_provider
@@ -1130,8 +1072,7 @@
lib/apputils
- kdc slave krb524 config-files gen-manpages include
- include/kerberosIV
+ kdc slave config-files gen-manpages include
plugins/locate/python
plugins/kdb/db2
Modified: branches/mskrb-integ/src/include/Makefile.in
===================================================================
--- branches/mskrb-integ/src/include/Makefile.in 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/include/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,7 +1,6 @@
thisconfigdir=..
myfulldir=include
mydir=include
-SUBDIRS=@maybe_kerberosIV@
BUILDTOP=$(REL)..
KRB5RCTMPDIR= @KRB5_RCTMPDIR@
##DOSBUILDTOP = ..
Deleted: branches/mskrb-integ/src/include/kerberosIV/Makefile.in
===================================================================
--- branches/mskrb-integ/src/include/kerberosIV/Makefile.in 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/include/kerberosIV/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,23 +0,0 @@
-thisconfigdir=./../..
-myfulldir=include/kerberosIV
-mydir=include/kerberosIV
-BUILDTOP=$(REL)..$(S)..
-KRB4_HEADERS=krb.h des.h mit-copyright.h
-
-all-unix:: krb_err.h kadm_err.h
-
-krb_err.h: $(SRCTOP)/lib/krb4/krb_err.et
-kadm_err.h: $(SRCTOP)/lib/krb4/kadm_err.et
-krb_err.h kadm_err.h: rebuild-k4-error-tables; : $@
-rebuild-k4-error-tables:
- (cd $(BUILDTOP)/lib/krb4 && $(MAKE) includes)
-
-clean-unix::
- $(RM) krb_err.h kadm_err.h
-
-install-headers-unix install:: krb_err.h kadm_err.h
- @set -x; for f in $(KRB4_HEADERS) ; \
- do $(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(KRB5_INCDIR)/kerberosIV/$$f ; \
- done
- $(INSTALL_DATA) krb_err.h $(DESTDIR)$(KRB5_INCDIR)$(S)kerberosIV$(S)krb_err.h
- $(INSTALL_DATA) kadm_err.h $(DESTDIR)$(KRB5_INCDIR)$(S)kerberosIV$(S)kadm_err.h
Deleted: branches/mskrb-integ/src/include/kerberosIV/addr_comp.h
===================================================================
--- branches/mskrb-integ/src/include/kerberosIV/addr_comp.h 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/include/kerberosIV/addr_comp.h 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,52 +0,0 @@
-/*
- * include/kerberosIV/addr_comp.h
- *
- * Copyright 1987-1994 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * Include file for address comparison macros.
- */
-
-#ifndef ADDR_COMP_DEFS
-#define ADDR_COMP_DEFS
-
-/*
-** Look boys and girls, a big kludge
-** We need to compare the two internet addresses in network byte order, not
-** local byte order. This is a *really really slow way of doing that*
-** But.....
-** .....it works
-** so we run with it
-**
-** long_less_than gets fed two (u_char *)'s....
-*/
-
-#define u_char_comp(x,y) \
- (((x)>(y))?(1):(((x)==(y))?(0):(-1)))
-
-#define long_less_than(x,y) \
- (u_char_comp((x)[0],(y)[0])?u_char_comp((x)[0],(y)[0]): \
- (u_char_comp((x)[1],(y)[1])?u_char_comp((x)[1],(y)[1]): \
- (u_char_comp((x)[2],(y)[2])?u_char_comp((x)[2],(y)[2]): \
- (u_char_comp((x)[3],(y)[3])))))
-
-#endif /* ADDR_COMP_DEFS */
Deleted: branches/mskrb-integ/src/include/kerberosIV/admin_server.h
===================================================================
--- branches/mskrb-integ/src/include/kerberosIV/admin_server.h 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/include/kerberosIV/admin_server.h 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,58 +0,0 @@
-/*
- * include/kerberosIV/admin_server.h
- *
- * Copyright 1987-1994 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#ifndef ADMIN_SERVER_DEFS
-#define ADMIN_SERVER_DEFS
-
-#define PW_SRV_VERSION 2 /* version number */
-
-#define INSTALL_NEW_PW (1<<0) /*
- * ver, cmd, name, password,
- * old_pass, crypt_pass, uid
- */
-
-#define ADMIN_NEW_PW (2<<1) /*
- * ver, cmd, name, passwd,
- * old_pass
- * (grot), crypt_pass (grot)
- */
-
-#define ADMIN_SET_KDC_PASSWORD (3<<1) /* ditto */
-#define ADMIN_ADD_NEW_KEY (4<<1) /* ditto */
-#define ADMIN_ADD_NEW_KEY_ATTR (5<<1) /*
- * ver, cmd, name, passwd,
- * inst, attr (grot)
- */
-#define INSTALL_REPLY (1<<1) /* ver, cmd, name, password */
-#define RETRY_LIMIT 1
-#define TIME_OUT 30
-#define USER_TIMEOUT 90
-#define MAX_KPW_LEN 40
-
-#define KADM "changepw" /* service name */
-
-#endif /* ADMIN_SERVER_DEFS */
Deleted: branches/mskrb-integ/src/include/kerberosIV/des.h
===================================================================
--- branches/mskrb-integ/src/include/kerberosIV/des.h 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/include/kerberosIV/des.h 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,237 +0,0 @@
-/*
- * include/kerberosIV/des.h
- *
- * Copyright 1987, 1988, 1994, 2002 by the Massachusetts Institute of
- * Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * Include file for the Data Encryption Standard library.
- */
-
-#if defined(__MACH__) && defined(__APPLE__)
-#include <TargetConditionals.h>
-#include <AvailabilityMacros.h>
-#if TARGET_RT_MAC_CFM
-#error "Use KfM 4.0 SDK headers for CFM compilation."
-#endif
-#if defined(DEPRECATED_IN_MAC_OS_X_VERSION_10_5) && !defined(KRB5_SUPRESS_DEPRECATED_WARNINGS)
-#define KRB5INT_DES_DEPRECATED DEPRECATED_IN_MAC_OS_X_VERSION_10_5
-#endif
-#endif /* defined(__MACH__) && defined(__APPLE__) */
-
-/* Macro to add deprecated attribute to DES types and functions */
-/* Currently only defined on Mac OS X 10.5 and later. */
-#ifndef KRB5INT_DES_DEPRECATED
-#define KRB5INT_DES_DEPRECATED
-#endif
-
-#ifdef __cplusplus
-#ifndef KRBINT_BEGIN_DECLS
-#define KRBINT_BEGIN_DECLS extern "C" {
-#define KRBINT_END_DECLS }
-#endif
-#else
-#define KRBINT_BEGIN_DECLS
-#define KRBINT_END_DECLS
-#endif
-
-#ifndef KRB5INT_DES_TYPES_DEFINED
-#define KRB5INT_DES_TYPES_DEFINED
-
-#include <limits.h>
-
-KRBINT_BEGIN_DECLS
-
-#if TARGET_OS_MAC
-# pragma pack(push,2)
-#endif
-
-#if UINT_MAX >= 0xFFFFFFFFUL
-#define DES_INT32 int
-#define DES_UINT32 unsigned int
-#else
-#define DES_INT32 long
-#define DES_UINT32 unsigned long
-#endif
-
-typedef unsigned char des_cblock[8] /* crypto-block size */
-KRB5INT_DES_DEPRECATED;
-
-/*
- * Key schedule.
- *
- * This used to be
- *
- * typedef struct des_ks_struct {
- * union { DES_INT32 pad; des_cblock _;} __;
- * } des_key_schedule[16];
- *
- * but it would cause trouble if DES_INT32 were ever more than 4
- * bytes. The reason is that all the encryption functions cast it to
- * (DES_INT32 *), and treat it as if it were DES_INT32[32]. If
- * 2*sizeof(DES_INT32) is ever more than sizeof(des_cblock), the
- * caller-allocated des_key_schedule will be overflowed by the key
- * scheduling functions. We can't assume that every platform will
- * have an exact 32-bit int, and nothing should be looking inside a
- * des_key_schedule anyway.
- */
-typedef struct des_ks_struct { DES_INT32 _[2]; } des_key_schedule[16]
-KRB5INT_DES_DEPRECATED;
-
-#if TARGET_OS_MAC
-# pragma pack(pop)
-#endif
-
-KRBINT_END_DECLS
-
-#endif /* KRB5INT_DES_TYPES_DEFINED */
-
-/* only do the whole thing once */
-#ifndef DES_DEFS
-/*
- * lib/crypto/des/des_int.h defines KRB5INT_CRYPTO_DES_INT temporarily
- * to avoid including the defintions and declarations below. The
- * reason that the crypto library needs to include this file is that
- * it needs to have its types aligned with krb4's types.
- */
-#ifndef KRB5INT_CRYPTO_DES_INT
-#define DES_DEFS
-
-#if defined(_WIN32)
-#ifndef KRB4
-#define KRB4 1
-#endif
-#include <win-mac.h>
-#endif
-#include <stdio.h> /* need FILE for des_cblock_print_file */
-
-KRBINT_BEGIN_DECLS
-
-#if TARGET_OS_MAC
-# pragma pack(push,2)
-#endif
-
-/* Windows declarations */
-#ifndef KRB5_CALLCONV
-#define KRB5_CALLCONV
-#define KRB5_CALLCONV_C
-#endif
-
-#define DES_KEY_SZ (sizeof(des_cblock))
-#define DES_ENCRYPT 1
-#define DES_DECRYPT 0
-
-#ifndef NCOMPAT
-#define C_Block des_cblock
-#define Key_schedule des_key_schedule
-#define ENCRYPT DES_ENCRYPT
-#define DECRYPT DES_DECRYPT
-#define KEY_SZ DES_KEY_SZ
-#define string_to_key des_string_to_key
-#define read_pw_string des_read_pw_string
-#define random_key des_random_key
-#define pcbc_encrypt des_pcbc_encrypt
-#define key_sched des_key_sched
-#define cbc_encrypt des_cbc_encrypt
-#define cbc_cksum des_cbc_cksum
-#define C_Block_print des_cblock_print
-#define quad_cksum des_quad_cksum
-typedef struct des_ks_struct bit_64;
-#endif
-
-#define des_cblock_print(x) des_cblock_print_file(x, stdout)
-
-/*
- * Function Prototypes
- */
-
-int KRB5_CALLCONV des_key_sched (C_Block, Key_schedule)
-KRB5INT_DES_DEPRECATED;
-
-int KRB5_CALLCONV
-des_pcbc_encrypt (C_Block *in, C_Block *out, long length,
- const des_key_schedule schedule, C_Block *ivec,
- int enc)
-KRB5INT_DES_DEPRECATED;
-
-unsigned long KRB5_CALLCONV
-des_quad_cksum (const unsigned char *in, unsigned DES_INT32 *out,
- long length, int out_count, C_Block *seed)
-KRB5INT_DES_DEPRECATED;
-
-/*
- * XXX ABI change: used to return void; also, cns/kfm have signed long
- * instead of unsigned long length.
- */
-unsigned long KRB5_CALLCONV
-des_cbc_cksum(const des_cblock *, des_cblock *, unsigned long,
- const des_key_schedule, const des_cblock *)
-KRB5INT_DES_DEPRECATED;
-
-int KRB5_CALLCONV des_string_to_key (const char *, C_Block)
-KRB5INT_DES_DEPRECATED;
-
-void afs_string_to_key(char *, char *, des_cblock)
-KRB5INT_DES_DEPRECATED;
-
-/* XXX ABI change: used to return krb5_error_code */
-int KRB5_CALLCONV des_read_password(des_cblock *, char *, int)
-KRB5INT_DES_DEPRECATED;
-
-int KRB5_CALLCONV des_ecb_encrypt(des_cblock *, des_cblock *,
- const des_key_schedule, int)
-KRB5INT_DES_DEPRECATED;
-
-/* XXX kfm/cns have signed long length */
-int des_cbc_encrypt(des_cblock *, des_cblock *, unsigned long,
- const des_key_schedule, const des_cblock *, int)
-KRB5INT_DES_DEPRECATED;
-
-void des_fixup_key_parity(des_cblock)
-KRB5INT_DES_DEPRECATED;
-
-int des_check_key_parity(des_cblock)
-KRB5INT_DES_DEPRECATED;
-
-int KRB5_CALLCONV des_new_random_key(des_cblock)
-KRB5INT_DES_DEPRECATED;
-
-void des_init_random_number_generator(des_cblock)
-KRB5INT_DES_DEPRECATED;
-
-int des_random_key(des_cblock *)
-KRB5INT_DES_DEPRECATED;
-
-int des_is_weak_key(des_cblock)
-KRB5INT_DES_DEPRECATED;
-
-void des_cblock_print_file(des_cblock *, FILE *fp)
-KRB5INT_DES_DEPRECATED;
-
-
-#if TARGET_OS_MAC
-# pragma pack(pop)
-#endif
-
-KRBINT_END_DECLS
-
-#endif /* KRB5INT_CRYPTO_DES_INT */
-#endif /* DES_DEFS */
Deleted: branches/mskrb-integ/src/include/kerberosIV/kadm.h
===================================================================
--- branches/mskrb-integ/src/include/kerberosIV/kadm.h 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/include/kerberosIV/kadm.h 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,194 +0,0 @@
-/*
- * include/kerberosIV/kadm.h
- *
- * Copyright 1988, 1994, 2002 by the Massachusetts Institute of
- * Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * Definitions for Kerberos administration server & client. These
- * should be considered private; among other reasons, it leaks all
- * over the namespace.
- */
-
-#ifndef KADM_DEFS
-#define KADM_DEFS
-
-/*
- * kadm.h
- * Header file for the fourth attempt at an admin server
- * Doug Church, December 28, 1989, MIT Project Athena
- */
-
-#include <sys/types.h>
-#include "port-sockets.h"
-#include <kerberosIV/krb.h>
-#include <kerberosIV/des.h>
-
-/* for those broken Unixes without this defined... should be in sys/param.h */
-#ifndef MAXHOSTNAMELEN
-#define MAXHOSTNAMELEN 64
-#endif
-
-/* The global structures for the client and server */
-typedef struct {
- struct sockaddr_in admin_addr;
- struct sockaddr_in my_addr;
- int my_addr_len;
- int admin_fd; /* file descriptor for link to admin server */
- char sname[ANAME_SZ]; /* the service name */
- char sinst[INST_SZ]; /* the services instance */
- char krbrlm[REALM_SZ];
- /* KfM additions... */
- int default_port;
- CREDENTIALS creds; /* The client's credentials (from krb_get_pw_in_tkt_creds)*/
-} Kadm_Client;
-
-typedef struct { /* status of the server, i.e the parameters */
- int inter; /* Space for command line flags */
- char *sysfile; /* filename of server */
-} admin_params; /* Well... it's the admin's parameters */
-
-/* Largest password length to be supported */
-#define MAX_KPW_LEN 128
-
-/* Largest packet the admin server will ever allow itself to return */
-#define KADM_RET_MAX 2048
-
-/* That's right, versions are 8 byte strings */
-#define KADM_VERSTR "KADM0.0A"
-#define KADM_ULOSE "KYOULOSE" /* sent back when server can't
- decrypt client's msg */
-#define KADM_VERSIZE strlen(KADM_VERSTR)
-
-/* the lookups for the server instances */
-#define PWSERV_NAME "changepw"
-#define KADM_SNAME "kerberos_master"
-#define KADM_SINST "kerberos"
-
-/* Attributes fields constants and macros */
-#define ALLOC 2
-#define RESERVED 3
-#define DEALLOC 4
-#define DEACTIVATED 5
-#define ACTIVE 6
-
-/* Kadm_vals structure for passing db fields into the server routines */
-#define FLDSZ 4
-
-typedef struct {
- u_char fields[FLDSZ]; /* The active fields in this struct */
- char name[ANAME_SZ];
- char instance[INST_SZ];
- KRB_UINT32 key_low;
- KRB_UINT32 key_high;
- KRB_UINT32 exp_date;
- unsigned short attributes;
- unsigned char max_life;
-} Kadm_vals; /* The basic values structure in Kadm */
-
-/* Kadm_vals structure for passing db fields into the server routines */
-#define FLDSZ 4
-
-/* Need to define fields types here */
-#define KADM_NAME 31
-#define KADM_INST 30
-#define KADM_EXPDATE 29
-#define KADM_ATTR 28
-#define KADM_MAXLIFE 27
-#define KADM_DESKEY 26
-
-/* To set a field entry f in a fields structure d */
-#define SET_FIELD(f,d) (d[3-(f/8)]|=(1<<(f%8)))
-
-/* To set a field entry f in a fields structure d */
-#define CLEAR_FIELD(f,d) (d[3-(f/8)]&=(~(1<<(f%8))))
-
-/* Is field f in fields structure d */
-#define IS_FIELD(f,d) (d[3-(f/8)]&(1<<(f%8)))
-
-/* Various return codes */
-#define KADM_SUCCESS 0
-
-#define WILDCARD_STR "*"
-
-enum acl_types {
-ADDACL,
-GETACL,
-MODACL,
-STABACL,
-DELACL
-};
-
-/* Various opcodes for the admin server's functions */
-#define CHANGE_PW 2
-#define ADD_ENT 3
-#define MOD_ENT 4
-#define GET_ENT 5
-#define CHECK_PW 6
-#define CHG_STAB 7
-/* Cygnus principal-deletion support */
-#define KADM_CYGNUS_EXT_BASE 64
-#define DEL_ENT (KADM_CYGNUS_EXT_BASE+1)
-
-#ifdef POSIX
-typedef void sigtype;
-#else
-typedef int sigtype;
-#endif
-
-/* Avoid stomping on namespace... */
-
-#define vals_to_stream kadm_vals_to_stream
-#define build_field_header kadm_build_field_header
-#define vts_string kadm_vts_string
-#define vts_short kadm_vts_short
-#define vts_long kadm_vts_long
-#define vts_char kadm_vts_char
-
-#define stream_to_vals kadm_stream_to_vals
-#define check_field_header kadm_check_field_header
-#define stv_string kadm_stv_string
-#define stv_short kadm_stv_short
-#define stv_long kadm_stv_long
-#define stv_char kadm_stv_char
-
-int vals_to_stream(Kadm_vals *, u_char **);
-int build_field_header(u_char *, u_char **);
-int vts_string(char *, u_char **, int);
-int vts_short(KRB_UINT32, u_char **, int);
-int vts_long(KRB_UINT32, u_char **, int);
-int vts_char(KRB_UINT32, u_char **, int);
-
-int stream_to_vals(u_char *, Kadm_vals *, int);
-int check_field_header(u_char *, u_char *, int);
-int stv_string(u_char *, char *, int, int, int);
-int stv_short(u_char *, u_short *, int, int);
-int stv_long(u_char *, KRB_UINT32 *, int, int);
-int stv_char(u_char *, u_char *, int, int);
-
-int kadm_init_link(char *, char *, char *, Kadm_Client *, int);
-int kadm_cli_send(Kadm_Client *, u_char *, size_t, u_char **, size_t *);
-int kadm_cli_conn(Kadm_Client *);
-void kadm_cli_disconn(Kadm_Client *);
-int kadm_cli_out(Kadm_Client *, u_char *, int, u_char **, size_t *);
-int kadm_cli_keyd(Kadm_Client *, des_cblock, des_key_schedule);
-
-#endif /* KADM_DEFS */
Deleted: branches/mskrb-integ/src/include/kerberosIV/kdc.h
===================================================================
--- branches/mskrb-integ/src/include/kerberosIV/kdc.h 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/include/kerberosIV/kdc.h 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,55 +0,0 @@
-/*
- * include/kerberosIV/kdc.h
- *
- * Copyright 1987, 1988, 1994 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * Include file for the Kerberos Key Distribution Center.
- */
-
-#ifndef KDC_DEFS
-#define KDC_DEFS
-
-#define S_AD_SZ sizeof(struct sockaddr_in)
-
-#ifdef notdef
-#define max(a,b) (a>b ? a : b)
-#define min(a,b) (a<b ? a : b)
-#endif
-
-#define TRUE 1
-#define FALSE 0
-
-#define MKEYFILE "/.k"
-#define K_LOGFIL "/kerberos/kpropd.log"
-#define KS_LOGFIL "/kerberos/kerberos_slave.log"
-#define KRB_ACL "/kerberos/kerberos.acl"
-#define KRB_PROG "./kerberos"
-
-#define ONE_MINUTE 60
-#define FIVE_MINUTES (5 * ONE_MINUTE)
-#define ONE_HOUR (60 * ONE_MINUTE)
-#define ONE_DAY (24 * ONE_HOUR)
-#define THREE_DAYS (3 * ONE_DAY)
-
-#endif /* KDC_DEFS */
-
Deleted: branches/mskrb-integ/src/include/kerberosIV/klog.h
===================================================================
--- branches/mskrb-integ/src/include/kerberosIV/klog.h 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/include/kerberosIV/klog.h 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,57 +0,0 @@
-/*
- * include/kerberosIV/klog.h
- *
- * Copyright 1988, 1994 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * This file defines the types of log messages logged by klog. Each
- * type of message may be selectively turned on or off.
- */
-
-#ifndef KLOG_DEFS
-#define KLOG_DEFS
-
-#define KRBLOG "/kerberos/kerberos.log" /* master server */
-#define KRBSLAVELOG "/kerberos/kerberos_slave.log" /* master server */
-#define NLOGTYPE 100 /* Maximum number of log msg types */
-
-#define L_NET_ERR 1 /* Error in network code */
-#define L_NET_INFO 2 /* Info on network activity */
-#define L_KRB_PERR 3 /* Kerberos protocol errors */
-#define L_KRB_PINFO 4 /* Kerberos protocol info */
-#define L_INI_REQ 5 /* Request for initial ticket */
-#define L_NTGT_INTK 6 /* Initial request not for TGT */
-#define L_DEATH_REQ 7 /* Request for server death */
-#define L_TKT_REQ 8 /* All ticket requests using a tgt */
-#define L_ERR_SEXP 9 /* Service expired */
-#define L_ERR_MKV 10 /* Master key version incorrect */
-#define L_ERR_NKY 11 /* User's key is null */
-#define L_ERR_NUN 12 /* Principal not unique */
-#define L_ERR_UNK 13 /* Principal Unknown */
-#define L_ALL_REQ 14 /* All requests */
-#define L_APPL_REQ 15 /* Application requests (using tgt) */
-#define L_KRB_PWARN 16 /* Protocol warning messages */
-
-char *klog(int, char *, char *, char *, char *, char *, char *, char *,
- char *, char *, char *, char *);
-
-#endif /* KLOG_DEFS */
Deleted: branches/mskrb-integ/src/include/kerberosIV/kparse.h
===================================================================
--- branches/mskrb-integ/src/include/kerberosIV/kparse.h 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/include/kerberosIV/kparse.h 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,106 +0,0 @@
-/*
- * include/kerberosIV/kparse.h
- *
- * Copyright 1988, 1994 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * Include file for kparse routines.
- */
-
-#ifndef KPARSE_DEFS
-#define KPARSE_DEFS
-
-/*
- * values returned by fGetParameterSet()
- */
-
-#define PS_BAD_KEYWORD -2 /* unknown or duplicate keyword */
-#define PS_SYNTAX -1 /* syntax error */
-#define PS_OKAY 0 /* got a complete parameter set */
-#define PS_EOF 1 /* nothing more in the file */
-
-/*
- * values returned by fGetKeywordValue()
- */
-
-#define KV_SYNTAX -2 /* syntax error */
-#define KV_EOF -1 /* nothing more in the file */
-#define KV_OKAY 0 /* got a keyword/value pair */
-#define KV_EOL 1 /* nothing more on this line */
-
-/*
- * values returned by fGetToken()
- */
-
-#define GTOK_BAD_QSTRING -1 /* newline found in quoted string */
-#define GTOK_EOF 0 /* end of file encountered */
-#define GTOK_QSTRING 1 /* quoted string */
-#define GTOK_STRING 2 /* unquoted string */
-#define GTOK_NUMBER 3 /* one or more digits */
-#define GTOK_PUNK 4 /* punks are punctuation, newline,
- * etc. */
-#define GTOK_WHITE 5 /* one or more whitespace chars */
-
-/*
- * extended character classification macros
- */
-
-#define ISOCTAL(CH) ( (CH>='0') && (CH<='7') )
-#define ISQUOTE(CH) ( (CH=='\"') || (CH=='\'') || (CH=='`') )
-#define ISWHITESPACE(C) ( (C==' ') || (C=='\t') )
-#define ISLINEFEED(C) ( (C=='\n') || (C=='\r') || (C=='\f') )
-
-/*
- * tokens consist of any printable charcacter except comma, equal, or
- * whitespace
- */
-
-#define ISTOKENCHAR(C) ((C>040) && (C<0177) && (C != ',') && (C != '='))
-
-/*
- * the parameter table defines the keywords that will be recognized by
- * fGetParameterSet, and their default values if not specified.
- */
-
-typedef struct {
- char *keyword;
- char *defvalue;
- char *value;
-} parmtable;
-
-#define PARMCOUNT(P) (sizeof(P)/sizeof(P[0]))
-
-int fGetChar (FILE *fp);
-int fGetParameterSet (FILE *fp, parmtable parm[], int parmcount);
-int ParmCompare (parmtable parm[], int parmcount, char *keyword, char *value);
-
-void FreeParameterSet (parmtable parm[], int parmcount);
-
-int fGetKeywordValue (FILE *fp, char *keyword, int klen, char *value, int vlen);
-
-int fGetToken (FILE *fp, char *dest, int maxlen);
-
-int fGetLiteral (FILE *fp);
-
-int fUngetChar (int ch, FILE *fp);
-
-#endif /* KPARSE_DEFS */
Deleted: branches/mskrb-integ/src/include/kerberosIV/krb.h
===================================================================
--- branches/mskrb-integ/src/include/kerberosIV/krb.h 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/include/kerberosIV/krb.h 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,924 +0,0 @@
-/*
- * include/kerberosIV/krb.h
- *
- * Copyright 1987, 1988, 1994, 2001, 2002 by the Massachusetts
- * Institute of Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * Include file for the Kerberos V4 library.
- */
-
-/* Only one time, please */
-#ifndef KRB_DEFS
-#define KRB_DEFS
-
-/*
- * For MacOS, don't expose prototypes of various private functions.
- * Unfortuantely, they've leaked out everywhere else.
- */
-#if defined(__MACH__) && defined(__APPLE__)
-#include <TargetConditionals.h>
-#include <AvailabilityMacros.h>
-#if TARGET_RT_MAC_CFM
-#error "Use KfM 4.0 SDK headers for CFM compilation."
-#endif
-#ifndef KRB_PRIVATE
-#define KRB_PRIVATE 0
-#endif
-#if defined(DEPRECATED_IN_MAC_OS_X_VERSION_10_5) && !defined(KRB5_SUPRESS_DEPRECATED_WARNINGS)
-#define KRB5INT_KRB4_DEPRECATED DEPRECATED_IN_MAC_OS_X_VERSION_10_5
-#endif
-#else
-#ifndef KRB_PRIVATE
-#define KRB_PRIVATE 1
-#endif
-#endif /* defined(__MACH__) && defined(__APPLE__) */
-
-/* Macro to add deprecated attribute to KRB4 types and functions */
-/* Currently only defined on Mac OS X 10.5 and later. */
-#ifndef KRB5INT_KRB4_DEPRECATED
-#define KRB5INT_KRB4_DEPRECATED
-#endif
-
-/* Define u_char, u_short, u_int, and u_long. */
-/* XXX these typdef names are not standardized! */
-#include <sys/types.h>
-
-/* Need some defs from des.h */
-#include <kerberosIV/des.h>
-#include <kerberosIV/krb_err.h>
-#include <profile.h>
-
-#ifdef _WIN32
-#include <time.h>
-#endif /* _WIN32 */
-
-#ifdef __cplusplus
-#ifndef KRBINT_BEGIN_DECLS
-#define KRBINT_BEGIN_DECLS extern "C" {
-#define KRBINT_END_DECLS }
-#endif
-#else
-#define KRBINT_BEGIN_DECLS
-#define KRBINT_END_DECLS
-#endif
-KRBINT_BEGIN_DECLS
-
-#if TARGET_OS_MAC
-# pragma pack(push,2)
-#endif
-
-#define KRB4_32 DES_INT32
-#define KRB_INT32 DES_INT32
-#define KRB_UINT32 DES_UINT32
-
-#define MAX_KRB_ERRORS 256
-
-#if TARGET_OS_MAC
-/* ABI divergence on Mac for backwards compatibility. */
-extern const char * const * const krb_err_txt
-KRB5INT_KRB4_DEPRECATED;
-#else
-extern const char * const krb_err_txt[MAX_KRB_ERRORS]
-KRB5INT_KRB4_DEPRECATED;
-#endif
-
-/* General definitions */
-#define KSUCCESS 0
-#define KFAILURE 255
-
-/*
- * Kerberos specific definitions
- *
- * KRBLOG is the log file for the kerberos master server. KRB_CONF is
- * the configuration file where different host machines running master
- * and slave servers can be found. KRB_MASTER is the name of the
- * machine with the master database. The admin_server runs on this
- * machine, and all changes to the db (as opposed to read-only
- * requests, which can go to slaves) must go to it. KRB_HOST is the
- * default machine * when looking for a kerberos slave server. Other
- * possibilities are * in the KRB_CONF file. KRB_REALM is the name of
- * the realm.
- */
-
-#define KRB_CONF "/etc/krb.conf"
-#define KRB_RLM_TRANS "/etc/krb.realms"
-#define KRB_MASTER "kerberos"
-#define KRB_HOST KRB_MASTER
-#define KRB_REALM "ATHENA.MIT.EDU"
-
-/* The maximum sizes for aname, realm, sname, and instance +1 */
-#define ANAME_SZ 40
-#define REALM_SZ 40
-#define SNAME_SZ 40
-#define INST_SZ 40
-#define ADDR_SZ 40
-/*
- * NB: This overcounts due to NULs.
- */
-/* include space for '.' and '@' */
-#define MAX_K_NAME_SZ (ANAME_SZ + INST_SZ + REALM_SZ + 2)
-#define KKEY_SZ 100
-#define VERSION_SZ 1
-#define MSG_TYPE_SZ 1
-#define DATE_SZ 26 /* RTI date output */
-
-#define MAX_HSTNM 100
-
-#ifndef DEFAULT_TKT_LIFE /* allow compile-time override */
-#define DEFAULT_TKT_LIFE 120 /* default lifetime for krb_mk_req */
-#endif
-
-#define KRB_TICKET_GRANTING_TICKET "krbtgt"
-
-/* Definition of text structure used to pass text around */
-#define MAX_KTXT_LEN 1250
-
-struct ktext {
- int length; /* Length of the text */
- unsigned char dat[MAX_KTXT_LEN]; /* The data itself */
- unsigned long mbz; /* zero to catch runaway strings */
-} KRB5INT_KRB4_DEPRECATED;
-
-typedef struct ktext *KTEXT KRB5INT_KRB4_DEPRECATED;
-typedef struct ktext KTEXT_ST KRB5INT_KRB4_DEPRECATED;
-
-
-/* Definitions for send_to_kdc */
-#define CLIENT_KRB_TIMEOUT 4 /* time between retries */
-#define CLIENT_KRB_RETRY 5 /* retry this many times */
-#define CLIENT_KRB_BUFLEN 512 /* max unfragmented packet */
-
-/* Definitions for ticket file utilities */
-#define R_TKT_FIL 0
-#define W_TKT_FIL 1
-
-/* Definitions for cl_get_tgt */
-#ifdef PC
-#define CL_GTGT_INIT_FILE "\\kerberos\\k_in_tkts"
-#else
-#define CL_GTGT_INIT_FILE "/etc/k_in_tkts"
-#endif /* PC */
-
-/* Parameters for rd_ap_req */
-/* Maximum allowable clock skew in seconds */
-#define CLOCK_SKEW 5*60
-/* Filename for readservkey */
-#define KEYFILE ((char*)krb__get_srvtabname("/etc/srvtab"))
-
-/* Structure definition for rd_ap_req */
-
-struct auth_dat {
- unsigned char k_flags; /* Flags from ticket */
- char pname[ANAME_SZ]; /* Principal's name */
- char pinst[INST_SZ]; /* His Instance */
- char prealm[REALM_SZ]; /* His Realm */
- unsigned KRB4_32 checksum; /* Data checksum (opt) */
- C_Block session; /* Session Key */
- int life; /* Life of ticket */
- unsigned KRB4_32 time_sec; /* Time ticket issued */
- unsigned KRB4_32 address; /* Address in ticket */
- KTEXT_ST reply; /* Auth reply (opt) */
-} KRB5INT_KRB4_DEPRECATED;
-
-typedef struct auth_dat AUTH_DAT KRB5INT_KRB4_DEPRECATED;
-
-/* Structure definition for credentials returned by get_cred */
-
-struct credentials {
- char service[ANAME_SZ]; /* Service name */
- char instance[INST_SZ]; /* Instance */
- char realm[REALM_SZ]; /* Auth domain */
- C_Block session; /* Session key */
- int lifetime; /* Lifetime */
- int kvno; /* Key version number */
- KTEXT_ST ticket_st; /* The ticket itself */
- KRB4_32 issue_date; /* The issue time */
- char pname[ANAME_SZ]; /* Principal's name */
- char pinst[INST_SZ]; /* Principal's instance */
-#if TARGET_OS_MAC
- KRB_UINT32 address; /* Address in ticket */
- KRB_UINT32 stk_type; /* string_to_key function needed */
-#endif
-#ifdef _WIN32
- char address[ADDR_SZ]; /* Address in ticket */
-#endif
-} KRB5INT_KRB4_DEPRECATED;
-
-typedef struct credentials CREDENTIALS KRB5INT_KRB4_DEPRECATED;
-
-/* Structure definition for rd_private_msg and rd_safe_msg */
-
-struct msg_dat {
- unsigned char *app_data; /* pointer to appl data */
- unsigned KRB4_32 app_length; /* length of appl data */
- unsigned KRB4_32 hash; /* hash to lookup replay */
- int swap; /* swap bytes? */
- KRB4_32 time_sec; /* msg timestamp seconds */
- unsigned char time_5ms; /* msg timestamp 5ms units */
-} KRB5INT_KRB4_DEPRECATED;
-
-typedef struct msg_dat MSG_DAT KRB5INT_KRB4_DEPRECATED;
-
-
-/* Location of ticket file for save_cred and get_cred */
-#ifdef _WIN32
-#define TKT_FILE "\\kerberos\\ticket.ses"
-#else
-#define TKT_FILE tkt_string()
-#define TKT_ROOT "/tmp/tkt"
-#endif /* _WIN32 */
-
-/*
- * Error codes are now defined as offsets from com_err (krb_err.et)
- * values.
- */
-#define KRB_ET(x) ((KRBET_ ## x) - ERROR_TABLE_BASE_krb)
-
-/* Error codes returned from the KDC */
-#define KDC_OK KRB_ET(KSUCCESS) /* 0 - Request OK */
-#define KDC_NAME_EXP KRB_ET(KDC_NAME_EXP) /* 1 - Principal expired */
-#define KDC_SERVICE_EXP KRB_ET(KDC_SERVICE_EXP) /* 2 - Service expired */
-#define KDC_AUTH_EXP KRB_ET(KDC_AUTH_EXP) /* 3 - Auth expired */
-#define KDC_PKT_VER KRB_ET(KDC_PKT_VER) /* 4 - Prot version unknown */
-#define KDC_P_MKEY_VER KRB_ET(KDC_P_MKEY_VER) /* 5 - Wrong mkey version */
-#define KDC_S_MKEY_VER KRB_ET(KDC_S_MKEY_VER) /* 6 - Wrong mkey version */
-#define KDC_BYTE_ORDER KRB_ET(KDC_BYTE_ORDER) /* 7 - Byte order unknown */
-#define KDC_PR_UNKNOWN KRB_ET(KDC_PR_UNKNOWN) /* 8 - Princ unknown */
-#define KDC_PR_N_UNIQUE KRB_ET(KDC_PR_N_UNIQUE) /* 9 - Princ not unique */
-#define KDC_NULL_KEY KRB_ET(KDC_NULL_KEY) /* 10 - Princ has null key */
-#define KDC_GEN_ERR KRB_ET(KDC_GEN_ERR) /* 20 - Generic err frm KDC */
-
-/* Values returned by get_credentials */
-#define GC_OK KRB_ET(KSUCCESS) /* 0 - Retrieve OK */
-#define RET_OK KRB_ET(KSUCCESS) /* 0 - Retrieve OK */
-#define GC_TKFIL KRB_ET(GC_TKFIL) /* 21 - Can't rd tkt file */
-#define RET_TKFIL KRB_ET(GC_TKFIL) /* 21 - Can't rd tkt file */
-#define GC_NOTKT KRB_ET(GC_NOTKT) /* 22 - Can't find tkt|TGT */
-#define RET_NOTKT KRB_ET(GC_NOTKT) /* 22 - Can't find tkt|TGT */
-
-/* Values returned by mk_ap_req */
-#define MK_AP_OK KRB_ET(KSUCCESS) /* 0 - Success */
-#define MK_AP_TGTEXP KRB_ET(MK_AP_TGTEXP) /* 26 - TGT Expired */
-
-/* Values returned by rd_ap_req */
-#define RD_AP_OK KRB_ET(KSUCCESS) /* 0 - Request authentic */
-#define RD_AP_UNDEC KRB_ET(RD_AP_UNDEC) /* 31 - Can't decode authent */
-#define RD_AP_EXP KRB_ET(RD_AP_EXP) /* 32 - Ticket expired */
-#define RD_AP_NYV KRB_ET(RD_AP_NYV) /* 33 - Ticket not yet valid */
-#define RD_AP_REPEAT KRB_ET(RD_AP_REPEAT) /* 34 - Repeated request */
-#define RD_AP_NOT_US KRB_ET(RD_AP_NOT_US) /* 35 - Ticket isn't for us */
-#define RD_AP_INCON KRB_ET(RD_AP_INCON) /* 36 - Request inconsistent */
-#define RD_AP_TIME KRB_ET(RD_AP_TIME) /* 37 - delta_t too big */
-#define RD_AP_BADD KRB_ET(RD_AP_BADD) /* 38 - Incorrect net addr */
-#define RD_AP_VERSION KRB_ET(RD_AP_VERSION) /* 39 - prot vers mismatch */
-#define RD_AP_MSG_TYPE KRB_ET(RD_AP_MSG_TYPE) /* 40 - invalid msg type */
-#define RD_AP_MODIFIED KRB_ET(RD_AP_MODIFIED) /* 41 - msg stream modified */
-#define RD_AP_ORDER KRB_ET(RD_AP_ORDER) /* 42 - message out of order */
-#define RD_AP_UNAUTHOR KRB_ET(RD_AP_UNAUTHOR) /* 43 - unauthorized request */
-
-/* Values returned by get_pw_tkt */
-#define GT_PW_OK KRB_ET(KSUCCESS) /* 0 - Got passwd chg tkt */
-#define GT_PW_NULL KRB_ET(GT_PW_NULL) /* 51 - Current PW is null */
-#define GT_PW_BADPW KRB_ET(GT_PW_BADPW) /* 52 - Wrong passwd */
-#define GT_PW_PROT KRB_ET(GT_PW_PROT) /* 53 - Protocol Error */
-#define GT_PW_KDCERR KRB_ET(GT_PW_KDCERR) /* 54 - Error ret by KDC */
-#define GT_PW_NULLTKT KRB_ET(GT_PW_NULLTKT) /* 55 - Null tkt ret by KDC */
-
-/* Values returned by send_to_kdc */
-#define SKDC_OK KRB_ET(KSUCCESS) /* 0 - Response received */
-#define SKDC_RETRY KRB_ET(SKDC_RETRY) /* 56 - Retry count exceeded */
-#define SKDC_CANT KRB_ET(SKDC_CANT) /* 57 - Can't send request */
-
-/*
- * Values returned by get_intkt
- * (can also return SKDC_* and KDC errors)
- */
-
-#define INTK_OK KRB_ET(KSUCCESS) /* 0 - Ticket obtained */
-#define INTK_PW_NULL KRB_ET(GT_PW_NULL) /* 51 - Current PW is null */
-#define INTK_W_NOTALL KRB_ET(INTK_W_NOTALL) /* 61 - Not ALL tkts retd */
-#define INTK_BADPW KRB_ET(INTK_BADPW) /* 62 - Incorrect password */
-#define INTK_PROT KRB_ET(INTK_PROT) /* 63 - Protocol Error */
-#define INTK_ERR KRB_ET(INTK_ERR) /* 70 - Other error */
-
-/* Values returned by get_adtkt */
-#define AD_OK KRB_ET(KSUCCESS) /* 0 - Ticket Obtained */
-#define AD_NOTGT KRB_ET(AD_NOTGT) /* 71 - Don't have tgt */
-
-/* Error codes returned by ticket file utilities */
-#define NO_TKT_FIL KRB_ET(NO_TKT_FIL) /* 76 - No ticket file found */
-#define TKT_FIL_ACC KRB_ET(TKT_FIL_ACC) /* 77 - Can't acc tktfile */
-#define TKT_FIL_LCK KRB_ET(TKT_FIL_LCK) /* 78 - Can't lck tkt file */
-#define TKT_FIL_FMT KRB_ET(TKT_FIL_FMT) /* 79 - Bad tkt file format */
-#define TKT_FIL_INI KRB_ET(TKT_FIL_INI) /* 80 - tf_init not called */
-
-/* Error code returned by kparse_name */
-#define KNAME_FMT KRB_ET(KNAME_FMT) /* 81 - Bad krb name fmt */
-
-/* Error code returned by krb_mk_safe */
-#define SAFE_PRIV_ERROR (-1) /* syscall error */
-
-/* Kerberos ticket flag field bit definitions */
-#define K_FLAG_ORDER 0 /* bit 0 --> lsb */
-#define K_FLAG_1 /* reserved */
-#define K_FLAG_2 /* reserved */
-#define K_FLAG_3 /* reserved */
-#define K_FLAG_4 /* reserved */
-#define K_FLAG_5 /* reserved */
-#define K_FLAG_6 /* reserved */
-#define K_FLAG_7 /* reserved, bit 7 --> msb */
-
-/* Are these needed anymore? */
-#ifdef OLDNAMES
-#define krb_mk_req mk_ap_req
-#define krb_rd_req rd_ap_req
-#define krb_kntoln an_to_ln
-#define krb_set_key set_serv_key
-#define krb_get_cred get_credentials
-#define krb_mk_priv mk_private_msg
-#define krb_rd_priv rd_private_msg
-#define krb_mk_safe mk_safe_msg
-#define krb_rd_safe rd_safe_msg
-#define krb_mk_err mk_appl_err_msg
-#define krb_rd_err rd_appl_err_msg
-#define krb_ck_repl check_replay
-#define krb_get_pw_in_tkt get_in_tkt
-#define krb_get_svc_in_tkt get_svc_in_tkt
-#define krb_get_pw_tkt get_pw_tkt
-#define krb_realmofhost krb_getrealm
-#define krb_get_phost get_phost
-#define krb_get_krbhst get_krbhst
-#define krb_get_lrealm get_krbrlm
-#endif /* OLDNAMES */
-
-/* Defines for krb_sendauth and krb_recvauth */
-
-#define KOPT_DONT_MK_REQ 0x00000001 /* don't call krb_mk_req */
-#define KOPT_DO_MUTUAL 0x00000002 /* do mutual auth */
-#define KOPT_DONT_CANON 0x00000004 /* don't canonicalize inst as a host */
-
-#define KRB_SENDAUTH_VLEN 8 /* length for version strings */
-
-#ifdef ATHENA_COMPAT
-#define KOPT_DO_OLDSTYLE 0x00000008 /* use the old-style protocol */
-#endif /* ATHENA_COMPAT */
-
-
-#ifdef _WIN32
-#define TIME_GMT_UNIXSEC win_time_gmt_unixsec((unsigned KRB4_32 *)0)
-#define TIME_GMT_UNIXSEC_US(us) win_time_gmt_unixsec((us))
-#define CONVERT_TIME_EPOCH win_time_get_epoch()
-#else
-/* until we do V4 compat under DOS, just turn this off */
-#define _fmemcpy memcpy
-#define _fstrncpy strncpy
-#define far_fputs fputs
-/* and likewise, just drag in the unix time interface */
-#define TIME_GMT_UNIXSEC unix_time_gmt_unixsec((unsigned KRB4_32 *)0)
-#define TIME_GMT_UNIXSEC_US(us) unix_time_gmt_unixsec((us))
-#define CONVERT_TIME_EPOCH ((long)0) /* Unix epoch is Krb epoch */
-#endif /* _WIN32 */
-
-/* Constants for KerberosProfileLib */
-#define REALMS_V4_PROF_REALMS_SECTION "v4 realms"
-#define REALMS_V4_PROF_KDC "kdc"
-#define REALMS_V4_PROF_ADMIN_KDC "admin_server"
-#define REALMS_V4_PROF_KPASSWD_KDC "kpasswd_server"
-#define REALMS_V4_PROF_DOMAIN_SECTION "v4 domain_realm"
-#define REALMS_V4_PROF_LIBDEFAULTS_SECTION "libdefaults"
-#define REALMS_V4_PROF_LOCAL_REALM "default_realm"
-#define REALMS_V4_PROF_STK "string_to_key_type"
-#define REALMS_V4_MIT_STK "mit_string_to_key"
-#define REALMS_V4_AFS_STK "afs_string_to_key"
-#define REALMS_V4_COLUMBIA_STK "columbia_string_to_key"
-#define REALMS_V4_DEFAULT_REALM "default_realm"
-#define REALMS_V4_NO_ADDRESSES "noaddresses"
-
-/* ask to disable IP address checking in the library */
-extern int krb_ignore_ip_address;
-
-/* Debugging printfs shouldn't even be compiled on many systems that don't
- support printf! Use it like DEB (("Oops - %s\n", string)); */
-
-#ifdef DEBUG
-#define DEB(x) if (krb_debug) printf x
-extern int krb_debug;
-#else
-#define DEB(x) /* nothing */
-#endif
-
-/* Define a couple of function types including parameters. These
- are needed on MS-Windows to convert arguments of the function pointers
- to the proper types during calls. */
-
-typedef int (KRB5_CALLCONV *key_proc_type)
- (char *, char *, char *,
- char *, C_Block)
-KRB5INT_KRB4_DEPRECATED;
-
-#define KEY_PROC_TYPE_DEFINED
-
-typedef int (KRB5_CALLCONV *decrypt_tkt_type)
- (char *, char *, char *,
- char *, key_proc_type, KTEXT *)
-KRB5INT_KRB4_DEPRECATED;
-
-#define DECRYPT_TKT_TYPE_DEFINED
-
-extern struct _krb5_context * krb5__krb4_context;
-
-/*
- * Function Prototypes for Kerberos V4.
- */
-
-struct sockaddr_in;
-
-/* dest_tkt.c */
-int KRB5_CALLCONV dest_tkt
- (void)
-KRB5INT_KRB4_DEPRECATED;
-
-/* err_txt.c */
-const char * KRB5_CALLCONV krb_get_err_text
- (int errnum)
-KRB5INT_KRB4_DEPRECATED;
-
-/* g_ad_tkt.c */
-/* Previously not KRB5_CALLCONV */
-int KRB5_CALLCONV get_ad_tkt
- (char *service, char *sinst, char *realm, int lifetime)
-KRB5INT_KRB4_DEPRECATED;
-
-/* g_admhst.c */
-int KRB5_CALLCONV krb_get_admhst
- (char *host, char *realm, int idx)
-KRB5INT_KRB4_DEPRECATED;
-
-/* g_cred.c */
-int KRB5_CALLCONV krb_get_cred
- (char *service, char *instance, char *realm,
- CREDENTIALS *c)
-KRB5INT_KRB4_DEPRECATED;
-
-/* g_in_tkt.c */
-/* Previously not KRB5_CALLCONV */
-int KRB5_CALLCONV krb_get_in_tkt
- (char *k_user, char *instance, char *realm,
- char *service, char *sinst, int life,
- key_proc_type, decrypt_tkt_type, char *arg)
-KRB5INT_KRB4_DEPRECATED;
-
-#if KRB_PRIVATE
-/* Previously not KRB5_CALLCONV */
-int KRB5_CALLCONV krb_get_in_tkt_preauth
- (char *k_user, char *instance, char *realm,
- char *service, char *sinst, int life,
- key_proc_type, decrypt_tkt_type, char *arg,
- char *preauth_p, int preauth_len)
-KRB5INT_KRB4_DEPRECATED;
-#endif
-
-/* From KfM */
-int KRB5_CALLCONV krb_get_in_tkt_creds(char *, char *, char *, char *, char *,
- int, key_proc_type, decrypt_tkt_type, char *, CREDENTIALS *)
-KRB5INT_KRB4_DEPRECATED;
-
-
-/* g_krbhst.c */
-int KRB5_CALLCONV krb_get_krbhst
- (char *host, const char *realm, int idx)
-KRB5INT_KRB4_DEPRECATED;
-
-/* g_krbrlm.c */
-int KRB5_CALLCONV krb_get_lrealm
- (char *realm, int idx)
-KRB5INT_KRB4_DEPRECATED;
-
-/* g_phost.c */
-char * KRB5_CALLCONV krb_get_phost
- (char * alias)
-KRB5INT_KRB4_DEPRECATED;
-
-/* get_pw_tkt */
-int KRB5_CALLCONV get_pw_tkt
- (char *, char *, char *, char *)
-KRB5INT_KRB4_DEPRECATED;
-
-/* g_pw_in_tkt.c */
-int KRB5_CALLCONV krb_get_pw_in_tkt
- (char *k_user, char *instance, char *realm,
- char *service, char *sinstance,
- int life, char *password)
-KRB5INT_KRB4_DEPRECATED;
-
-#if KRB_PRIVATE
-int KRB5_CALLCONV krb_get_pw_in_tkt_preauth
- (char *k_user, char *instance, char *realm,
- char *service, char *sinstance,
- int life, char *password)
-KRB5INT_KRB4_DEPRECATED;
-#endif
-
-int KRB5_CALLCONV
-krb_get_pw_in_tkt_creds(char *, char *, char *,
- char *, char *, int, char *, CREDENTIALS *)
-KRB5INT_KRB4_DEPRECATED;
-
-/* g_svc_in_tkt.c */
-int KRB5_CALLCONV krb_get_svc_in_tkt
- (char *k_user, char *instance, char *realm,
- char *service, char *sinstance,
- int life, char *srvtab)
-KRB5INT_KRB4_DEPRECATED;
-
-/* g_tf_fname.c */
-int KRB5_CALLCONV krb_get_tf_fullname
- (const char *ticket_file, char *name, char *inst, char *realm)
-KRB5INT_KRB4_DEPRECATED;
-
-/* g_tf_realm.c */
-int KRB5_CALLCONV krb_get_tf_realm
- (const char *ticket_file, char *realm)
-KRB5INT_KRB4_DEPRECATED;
-
-/* g_tkt_svc.c */
-int KRB5_CALLCONV krb_get_ticket_for_service
- (char *serviceName,
- char *buf, unsigned KRB4_32 *buflen,
- int checksum, des_cblock, Key_schedule,
- char *version, int includeVersion)
-KRB5INT_KRB4_DEPRECATED;
-
-#if KRB_PRIVATE
-/* in_tkt.c */
-int KRB5_CALLCONV in_tkt
- (char *name, char *inst)
-KRB5INT_KRB4_DEPRECATED;
-
-int KRB5_CALLCONV krb_in_tkt
- (char *pname, char *pinst, char *realm)
-KRB5INT_KRB4_DEPRECATED;
-#endif
-
-/* kname_parse.c */
-int KRB5_CALLCONV kname_parse
- (char *name, char *inst, char *realm,
- char *fullname)
-KRB5INT_KRB4_DEPRECATED;
-
-/* Merged from KfM */
-int KRB5_CALLCONV kname_unparse
- (char *, const char *, const char *, const char *)
-KRB5INT_KRB4_DEPRECATED;
-
-int KRB5_CALLCONV k_isname
- (char *)
-KRB5INT_KRB4_DEPRECATED;
-
-int KRB5_CALLCONV k_isinst
- (char *)
-KRB5INT_KRB4_DEPRECATED;
-
-int KRB5_CALLCONV k_isrealm
- (char *)
-KRB5INT_KRB4_DEPRECATED;
-
-
-/* kuserok.c */
-int KRB5_CALLCONV kuserok
- (AUTH_DAT *kdata, char *luser)
-KRB5INT_KRB4_DEPRECATED;
-
-/* lifetime.c */
-KRB4_32 KRB5_CALLCONV krb_life_to_time
- (KRB4_32 start, int life)
-KRB5INT_KRB4_DEPRECATED;
-
-int KRB5_CALLCONV krb_time_to_life
- (KRB4_32 start, KRB4_32 end)
-KRB5INT_KRB4_DEPRECATED;
-
-/* mk_auth.c */
-int KRB5_CALLCONV krb_check_auth
- (KTEXT, unsigned KRB4_32 cksum, MSG_DAT *,
- C_Block, Key_schedule,
- struct sockaddr_in * local_addr,
- struct sockaddr_in * foreign_addr)
-KRB5INT_KRB4_DEPRECATED;
-
-int KRB5_CALLCONV krb_mk_auth
- (long k4_options, KTEXT ticket,
- char *service, char *inst, char *realm,
- unsigned KRB4_32 checksum, char *version, KTEXT buf)
-KRB5INT_KRB4_DEPRECATED;
-
-/* mk_err.c */
-long KRB5_CALLCONV krb_mk_err
- (u_char *out, KRB4_32 k4_code, char *text)
-KRB5INT_KRB4_DEPRECATED;
-
-#if KRB_PRIVATE
-/* mk_preauth.c */
-int krb_mk_preauth
- (char **preauth_p, int *preauth_len, key_proc_type,
- char *name, char *inst, char *realm, char *password,
- C_Block)
-KRB5INT_KRB4_DEPRECATED;
-
-void krb_free_preauth
- (char * preauth_p, int len)
-KRB5INT_KRB4_DEPRECATED;
-#endif
-
-/* mk_priv.c */
-long KRB5_CALLCONV krb_mk_priv
- (u_char *in, u_char *out,
- unsigned KRB4_32 length,
- Key_schedule, C_Block *,
- struct sockaddr_in * sender,
- struct sockaddr_in * receiver)
-KRB5INT_KRB4_DEPRECATED;
-
-/* mk_req.c */
-int KRB5_CALLCONV krb_mk_req
- (KTEXT authent,
- char *service, char *instance, char *realm,
- KRB4_32 checksum)
-KRB5INT_KRB4_DEPRECATED;
-
-/* Merged from KfM */
-int KRB5_CALLCONV krb_mk_req_creds(KTEXT, CREDENTIALS *, KRB_INT32)
-KRB5INT_KRB4_DEPRECATED;
-
-/* Added CALLCONV (KfM exports w/o INTERFACE, but KfW doesn't export?) */
-int KRB5_CALLCONV krb_set_lifetime(int newval)
-KRB5INT_KRB4_DEPRECATED;
-
-/* mk_safe.c */
-long KRB5_CALLCONV krb_mk_safe
- (u_char *in, u_char *out, unsigned KRB4_32 length,
- C_Block *,
- struct sockaddr_in *sender,
- struct sockaddr_in *receiver)
-KRB5INT_KRB4_DEPRECATED;
-
-#if KRB_PRIVATE
-/* netread.c */
-int krb_net_read
- (int fd, char *buf, int len)
-KRB5INT_KRB4_DEPRECATED;
-
-/* netwrite.c */
-int krb_net_write
- (int fd, char *buf, int len)
-KRB5INT_KRB4_DEPRECATED;
-
-/* pkt_clen.c */
-int pkt_clen
- (KTEXT)
-KRB5INT_KRB4_DEPRECATED;
-#endif
-
-/* put_svc_key.c */
-int KRB5_CALLCONV put_svc_key
- (char *sfile,
- char *name, char *inst, char *realm,
- int newvno, char *key)
-KRB5INT_KRB4_DEPRECATED;
-
-/* rd_err.c */
-int KRB5_CALLCONV krb_rd_err
- (u_char *in, u_long in_length,
- long *k4_code, MSG_DAT *m_data)
-KRB5INT_KRB4_DEPRECATED;
-
-/* rd_priv.c */
-long KRB5_CALLCONV krb_rd_priv
- (u_char *in,unsigned KRB4_32 in_length,
- Key_schedule, C_Block *,
- struct sockaddr_in *sender,
- struct sockaddr_in *receiver,
- MSG_DAT *m_data)
-KRB5INT_KRB4_DEPRECATED;
-
-/* rd_req.c */
-int KRB5_CALLCONV krb_rd_req
- (KTEXT, char *service, char *inst,
- unsigned KRB4_32 from_addr, AUTH_DAT *,
- char *srvtab)
-KRB5INT_KRB4_DEPRECATED;
-
-/* Merged from KfM */
-int KRB5_CALLCONV
-krb_rd_req_int(KTEXT, char *, char *, KRB_UINT32, AUTH_DAT *, C_Block)
-KRB5INT_KRB4_DEPRECATED;
-
-/* rd_safe.c */
-long KRB5_CALLCONV krb_rd_safe
- (u_char *in, unsigned KRB4_32 in_length,
- C_Block *,
- struct sockaddr_in *sender,
- struct sockaddr_in *receiver,
- MSG_DAT *m_data)
-KRB5INT_KRB4_DEPRECATED;
-
-/* rd_svc_key.c */
-int KRB5_CALLCONV read_service_key
- (char *service, char *instance, char *realm,
- int kvno, char *file, char *key)
-KRB5INT_KRB4_DEPRECATED;
-
-int KRB5_CALLCONV get_service_key
- (char *service, char *instance, char *realm,
- int *kvno, char *file, char *key)
-KRB5INT_KRB4_DEPRECATED;
-
-/* realmofhost.c */
-char * KRB5_CALLCONV krb_realmofhost
- (char *host)
-KRB5INT_KRB4_DEPRECATED;
-
-/* recvauth.c */
-int KRB5_CALLCONV krb_recvauth
- (long k4_options, int fd, KTEXT ticket,
- char *service, char *instance,
- struct sockaddr_in *foreign_addr,
- struct sockaddr_in *local_addr,
- AUTH_DAT *kdata, char *srvtab,
- Key_schedule schedule, char *version)
-KRB5INT_KRB4_DEPRECATED;
-
-/* sendauth.c */
-int KRB5_CALLCONV krb_sendauth
- (long k4_options, int fd, KTEXT ticket,
- char *service, char *inst, char *realm,
- unsigned KRB4_32 checksum, MSG_DAT *msg_data,
- CREDENTIALS *cred, Key_schedule schedule,
- struct sockaddr_in *laddr, struct sockaddr_in *faddr,
- char *version)
-KRB5INT_KRB4_DEPRECATED;
-
-#if KRB_PRIVATE
-/* save_creds.c */
-int KRB5_CALLCONV krb_save_credentials
- (char *service, char *instance, char *realm,
- C_Block session, int lifetime, int kvno,
- KTEXT ticket, long issue_date)
-KRB5INT_KRB4_DEPRECATED;
-
-/* send_to_kdc.c */
-/* XXX PRIVATE? KfM doesn't export. */
-int send_to_kdc
- (KTEXT pkt, KTEXT rpkt, char *realm)
-KRB5INT_KRB4_DEPRECATED;
-#endif
-
-/* tkt_string.c */
-/* Used to return pointer to non-const char */
-const char * KRB5_CALLCONV tkt_string
- (void)
-KRB5INT_KRB4_DEPRECATED;
-
-/* Previously not KRB5_CALLCONV, and previously took pointer to non-const. */
-void KRB5_CALLCONV krb_set_tkt_string
- (const char *)
-KRB5INT_KRB4_DEPRECATED;
-
-#if KRB_PRIVATE
-/* tf_util.c */
-int KRB5_CALLCONV tf_init (const char *tf_name, int rw)
-KRB5INT_KRB4_DEPRECATED;
-
-int KRB5_CALLCONV tf_get_pname (char *p)
-KRB5INT_KRB4_DEPRECATED;
-
-int KRB5_CALLCONV tf_get_pinst (char *p)
-KRB5INT_KRB4_DEPRECATED;
-
-int KRB5_CALLCONV tf_get_cred (CREDENTIALS *c)
-KRB5INT_KRB4_DEPRECATED;
-
-void KRB5_CALLCONV tf_close (void)
-KRB5INT_KRB4_DEPRECATED;
-#endif
-
-#if KRB_PRIVATE
-/* unix_time.c */
-unsigned KRB4_32 KRB5_CALLCONV unix_time_gmt_unixsec
- (unsigned KRB4_32 *)
-KRB5INT_KRB4_DEPRECATED;
-
-/*
- * Internal prototypes
- */
-extern int krb_set_key
- (char *key, int cvt)
-KRB5INT_KRB4_DEPRECATED;
-
-/* This is exported by KfM. It was previously not KRB5_CALLCONV. */
-extern int KRB5_CALLCONV decomp_ticket
- (KTEXT tkt, unsigned char *flags, char *pname,
- char *pinstance, char *prealm, unsigned KRB4_32 *paddress,
- C_Block session, int *life, unsigned KRB4_32 *time_sec,
- char *sname, char *sinstance, C_Block,
- Key_schedule key_s)
-KRB5INT_KRB4_DEPRECATED;
-
-
-extern void cr_err_reply(KTEXT pkt, char *pname, char *pinst, char *prealm,
- u_long time_ws, u_long e, char *e_string)
-KRB5INT_KRB4_DEPRECATED;
-
-extern int create_ciph(KTEXT c, C_Block session, char *service,
- char *instance, char *realm, unsigned long life,
- int kvno, KTEXT tkt, unsigned long kdc_time,
- C_Block key)
-KRB5INT_KRB4_DEPRECATED;
-
-
-extern int krb_create_ticket(KTEXT tkt, unsigned int flags, char *pname,
- char *pinstance, char *prealm, long paddress,
- char *session, int life, long time_sec,
- char *sname, char *sinstance, C_Block key)
-KRB5INT_KRB4_DEPRECATED;
-
-#endif /* KRB_PRIVATE */
-
-/* This function is used by KEYFILE above. Do not call it directly */
-extern char * krb__get_srvtabname(const char *)
-KRB5INT_KRB4_DEPRECATED;
-
-#if KRB_PRIVATE
-
-extern int krb_kntoln(AUTH_DAT *, char *)
-KRB5INT_KRB4_DEPRECATED;
-
-#ifdef KRB5_GENERAL__
-extern int krb_cr_tkt_krb5(KTEXT tkt, unsigned int flags, char *pname,
- char *pinstance, char *prealm, long paddress,
- char *session, int life, long time_sec,
- char *sname, char *sinstance,
- krb5_keyblock *k5key)
-KRB5INT_KRB4_DEPRECATED;
-
-extern int krb_set_key_krb5(krb5_context ctx, krb5_keyblock *key)
-KRB5INT_KRB4_DEPRECATED;
-
-#endif
-
-#endif /* KRB_PRIVATE */
-
-/*
- * krb_change_password -- merged from KfM
- */
-/* change_password.c */
-int KRB5_CALLCONV krb_change_password(char *, char *, char *, char *, char *)
-KRB5INT_KRB4_DEPRECATED;
-
-/*
- * RealmsConfig-glue.c -- merged from KfM
- */
-int KRB5_CALLCONV krb_get_profile(profile_t *)
-KRB5INT_KRB4_DEPRECATED;
-
-#ifdef _WIN32
-HINSTANCE get_lib_instance(void)
-KRB5INT_KRB4_DEPRECATED;
-unsigned int krb_get_notification_message(void)
-KRB5INT_KRB4_DEPRECATED;
-char * KRB5_CALLCONV krb_get_default_user(void)
-KRB5INT_KRB4_DEPRECATED;
-int KRB5_CALLCONV krb_set_default_user(char *)
-KRB5INT_KRB4_DEPRECATED;
-unsigned KRB4_32 win_time_gmt_unixsec(unsigned KRB4_32 *)
-KRB5INT_KRB4_DEPRECATED;
-long win_time_get_epoch(void)
-KRB5INT_KRB4_DEPRECATED;
-#endif
-
-#if TARGET_OS_MAC
-# pragma pack(pop)
-#endif
-
-KRBINT_END_DECLS
-
-#endif /* KRB_DEFS */
Deleted: branches/mskrb-integ/src/include/kerberosIV/krb_db.h
===================================================================
--- branches/mskrb-integ/src/include/kerberosIV/krb_db.h 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/include/kerberosIV/krb_db.h 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,119 +0,0 @@
-/*
- * include/kerberosIV/krb_db.h
- *
- * Copyright 1987, 1988, 1994 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * spm Project Athena 8/85
- *
- * This file defines data structures for the kerberos
- * authentication/authorization database.
- *
- * They MUST correspond to those defined in *.rel
- */
-
-#ifndef KRB_DB_DEFS
-#define KRB_DB_DEFS
-
-#define KERB_M_NAME "K" /* Kerberos */
-#define KERB_M_INST "M" /* Master */
-#define KERB_DEFAULT_NAME "default"
-#define KERB_DEFAULT_INST ""
-#define DBM_FILE "/kerberos/principal"
-
-/* this also defines the number of queue headers */
-#define KERB_DB_HASH_MODULO 64
-
-
-/* Arguments to kerb_dbl_lock() */
-
-#define KERB_DBL_EXCLUSIVE 1
-#define KERB_DBL_SHARED 0
-
-/* arguments to kerb_db_set_lockmode() */
-
-#define KERB_DBL_BLOCKING 0
-#define KERB_DBL_NONBLOCKING 1
-
-/* Principal defines the structure of a principal's name */
-
-typedef struct {
- char name[ANAME_SZ];
- char instance[INST_SZ];
-
- unsigned long key_low;
- unsigned long key_high;
- unsigned long exp_date;
- char exp_date_txt[DATE_SZ];
- unsigned long mod_date;
- char mod_date_txt[DATE_SZ];
- unsigned short attributes;
- unsigned char max_life;
- unsigned char kdc_key_ver;
- unsigned char key_version;
-
- char mod_name[ANAME_SZ];
- char mod_instance[INST_SZ];
- char *old; /* cast to (Principal *); not in db,
- * ptr to old vals */
-}
- Principal;
-
-typedef struct {
- long cpu;
- long elapsed;
- long dio;
- long pfault;
- long t_stamp;
- long n_retrieve;
- long n_replace;
- long n_append;
- long n_get_stat;
- long n_put_stat;
-}
- DB_stat;
-
-/* Dba defines the structure of a database administrator */
-
-typedef struct {
- char name[ANAME_SZ];
- char instance[INST_SZ];
- unsigned short attributes;
- unsigned long exp_date;
- char exp_date_txt[DATE_SZ];
- char *old; /*
- * cast to (Dba *); not in db, ptr to
- * old vals
- */
-}
- Dba;
-
-#if 0
-extern int kerb_get_principal();
-extern int kerb_put_principal();
-extern int kerb_db_get_stat();
-extern int kerb_db_put_stat();
-extern int kerb_get_dba();
-extern int kerb_db_get_dba();
-#endif
-
-#endif /* KRB_DB_DEFS */
Deleted: branches/mskrb-integ/src/include/kerberosIV/krbports.h
===================================================================
--- branches/mskrb-integ/src/include/kerberosIV/krbports.h 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/include/kerberosIV/krbports.h 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,27 +0,0 @@
-/* krbports.h -- fallback port numbers in case /etc/services isn't changed */
-/* used by: appl/bsd/rcp.c, rlogin.c, rsh.c, knetd.c
- kadmin/kadm_ser_wrap.c, lib/kadm/kadm_cli_wrap.c
- lib/krb/send_to_kdc.c
- movemail/movemail.c, pfrom/popmail.c
- server/kerberos.c, slave/kprop.c, kpropd.c
-*/
-
-#define KRB_SHELL_PORT 544
-#define UCB_SHELL_PORT 514
-
-#define KLOGIN_PORT 543
-#define EKLOGIN_PORT 2105
-#define UCB_LOGIN_PORT 513
-
-#define KADM_PORT 751
-#define KERBEROS_PORT 750
-#define KERBEROS_SEC_PORT 88
-#define KRB_PROP_PORT 754
-
-#define KPOP_PORT 1109
-#define POP3_PORT 110
-
-#define KNETD_PORT 2053
-
-/* already in rkinit_private.h */
-#define RKINIT_PORT 2108
Deleted: branches/mskrb-integ/src/include/kerberosIV/lsb_addr_cmp.h
===================================================================
--- branches/mskrb-integ/src/include/kerberosIV/lsb_addr_cmp.h 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/include/kerberosIV/lsb_addr_cmp.h 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,47 +0,0 @@
-/*
- * include/kerberosIV/lsb_addr_cmp.h
- *
- * Copyright 1988, 1995 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- * Comparison macros to emulate LSBFIRST comparison results of network
- * byte-order quantities
- */
-
-#include "mit-copyright.h"
-#ifndef LSB_ADDR_COMP_DEFS
-#define LSB_ADDR_COMP_DEFS
-
-/* #include "osconf.h" */
-
-/* note that if we don't explicitly know if we're LSBFIRST, the
- alternate code is byte order independent and will give the
- right answer. */
-#ifdef LSBFIRST
-#define lsb_net_ulong_less(x,y) ((x < y) ? -1 : ((x > y) ? 1 : 0))
-#define lsb_net_ushort_less(x,y) ((x < y) ? -1 : ((x > y) ? 1 : 0))
-#else
-/* MSBFIRST */
-#define u_char_comp(x,y) \
- (((x)>(y))?(1):(((x)==(y))?(0):(-1)))
-/* This is gross, but... */
-#define lsb_net_ulong_less(x, y) long_less_than((u_char *)&x, (u_char *)&y)
-#define lsb_net_ushort_less(x, y) short_less_than((u_char *)&x, (u_char *)&y)
-
-#define long_less_than(x,y) \
- (u_char_comp((x)[3],(y)[3])?u_char_comp((x)[3],(y)[3]): \
- (u_char_comp((x)[2],(y)[2])?u_char_comp((x)[2],(y)[2]): \
- (u_char_comp((x)[1],(y)[1])?u_char_comp((x)[1],(y)[1]): \
- (u_char_comp((x)[0],(y)[0])))))
-#define short_less_than(x,y) \
- (u_char_comp((x)[1],(y)[1])?u_char_comp((x)[1],(y)[1]): \
- (u_char_comp((x)[0],(y)[0])))
-
-#endif /* LSBFIRST */
-
-/* For krb4 library internal use only. */
-extern int krb4int_address_less (struct sockaddr_in *, struct sockaddr_in *);
-
-#endif /* LSB_ADDR_COMP_DEFS */
Deleted: branches/mskrb-integ/src/include/kerberosIV/mit-copyright.h
===================================================================
--- branches/mskrb-integ/src/include/kerberosIV/mit-copyright.h 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/include/kerberosIV/mit-copyright.h 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,23 +0,0 @@
-/*
- Copyright (C) 1989 by the Massachusetts Institute of Technology
-
- Export of this software from the United States of America may
- require a specific license from the United States Government.
- It is the responsibility of any person or organization contemplating
- export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, Permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. Furthermore if you modify this software you must label
-your software as modified software and not distribute it in such a
-fashion that it might be confused with the original M.I.T. software.
-M.I.T. makes no representations about the suitability of
-this software for any purpose. It is provided "as is" without express
-or implied warranty.
-
- */
Deleted: branches/mskrb-integ/src/include/kerberosIV/prot.h
===================================================================
--- branches/mskrb-integ/src/include/kerberosIV/prot.h 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/include/kerberosIV/prot.h 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,277 +0,0 @@
-/*
- * include/kerberosIV/prot.h
- *
- * Copyright 1985-1994, 2001 by the Massachusetts Institute of
- * Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * Prototypes for internal functions, mostly related to protocol
- * encoding and decoding.
- */
-
-#ifndef PROT_DEFS
-#define PROT_DEFS
-
-#define KRB_PORT 750 /* PC's don't have
- * /etc/services */
-#define KRB_PROT_VERSION 4
-#define MAX_PKT_LEN 1000
-#define MAX_TXT_LEN 1000
-
-/* Macro's to obtain various fields from a packet */
-
-#define pkt_version(packet) (unsigned int) *(packet->dat)
-#define pkt_msg_type(packet) (unsigned int) *(packet->dat+1)
-#define pkt_a_name(packet) (packet->dat+2)
-#define pkt_a_inst(packet) \
- (packet->dat+3+strlen((char *)pkt_a_name(packet)))
-#define pkt_a_realm(packet) \
- (pkt_a_inst(packet)+1+strlen((char *)pkt_a_inst(packet)))
-
-/* Macro to obtain realm from application request */
-#define apreq_realm(auth) (auth->dat + 3)
-
-#define pkt_time_ws(packet) (char *) \
- (packet->dat+5+strlen((char *)pkt_a_name(packet)) + \
- strlen((char *)pkt_a_inst(packet)) + \
- strlen((char *)pkt_a_realm(packet)))
-
-#define pkt_no_req(packet) (unsigned short) \
- *(packet->dat+9+strlen((char *)pkt_a_name(packet)) + \
- strlen((char *)pkt_a_inst(packet)) + \
- strlen((char *)pkt_a_realm(packet)))
-#define pkt_x_date(packet) (char *) \
- (packet->dat+10+strlen((char *)pkt_a_name(packet)) + \
- strlen((char *)pkt_a_inst(packet)) + \
- strlen((char *)pkt_a_realm(packet)))
-#define pkt_err_code(packet) ( (char *) \
- (packet->dat+9+strlen((char *)pkt_a_name(packet)) + \
- strlen((char *)pkt_a_inst(packet)) + \
- strlen((char *)pkt_a_realm(packet))))
-#define pkt_err_text(packet) \
- (packet->dat+13+strlen((char *)pkt_a_name(packet)) + \
- strlen((char *)pkt_a_inst(packet)) + \
- strlen((char *)pkt_a_realm(packet)))
-
-/*
- * This remains here for the KDC to use for now, but will go away
- * soon.
- */
-
-#define swap_u_long(x) {\
- unsigned KRB4_32 _krb_swap_tmp[4];\
- swab((char *) &x, ((char *) _krb_swap_tmp) +2 ,2); \
- swab(((char *) &x) +2,((char *) _krb_swap_tmp),2); \
- x = _krb_swap_tmp[0]; \
- }
-
-/*
- * New byte swapping routines, much cleaner.
- *
- * Should also go away soon though.
- */
-#include "k5-platform.h"
-
-#ifdef SWAP16
-#define krb4_swab16(val) SWAP16(val)
-#else
-#define krb4_swab16(val) ((((val) >> 8)&0xFF) | ((val) << 8))
-#endif
-#ifdef SWAP32
-#define krb4_swap32(val) SWAP32(val)
-#else
-#define krb4_swab32(val) ((((val)>>24)&0xFF) | (((val)>>8)&0xFF00) | \
- (((val)<<8)&0xFF0000) | ((val)<<24))
-#endif
-
-/*
- * Macros to encode integers into buffers. These take a parameter
- * that is a moving pointer of type (unsigned char *) into the buffer,
- * and assume that the caller has already bounds-checked.
- */
-#define KRB4_PUT32BE(p, val) (store_32_be(val, p), (p) += 4)
-#define KRB4_PUT32LE(p, val) (store_32_le(val, p), (p) += 4)
-#define KRB4_PUT32(p, val, le) \
-do { \
- if (le) \
- KRB4_PUT32LE((p), (val)); \
- else \
- KRB4_PUT32BE((p), (val)); \
-} while (0)
-
-#define KRB4_PUT16BE(p, val) (store_16_be(val, p), (p) += 2)
-#define KRB4_PUT16LE(p, val) (store_16_le(val, p), (p) += 2)
-#define KRB4_PUT16(p, val, le) \
-do { \
- if (le) \
- KRB4_PUT16LE((p), (val)); \
- else \
- KRB4_PUT16BE((p), (val)); \
-} while (0)
-
-/*
- * Macros to get integers from a buffer. These take a parameter that
- * is a moving pointer of type (unsigned char *) into the buffer, and
- * assume that the caller has already bounds-checked. In addition,
- * they assume that val is an unsigned type; ANSI leaves the semantics
- * of unsigned -> signed conversion as implementation-defined, so it's
- * unwise to depend on such.
- */
-#define KRB4_GET32BE(val, p) ((val) = load_32_be(p), (p) += 4)
-#define KRB4_GET32LE(val, p) ((val) = load_32_le(p), (p) += 4)
-#define KRB4_GET32(val, p, le) \
-do { \
- if (le) \
- KRB4_GET32LE((val), (p)); \
- else \
- KRB4_GET32BE((val), (p)); \
-} while (0)
-
-#define KRB4_GET16BE(val, p) ((val) = load_16_be(p), (p) += 2)
-#define KRB4_GET16LE(val, p) ((val) = load_16_le(p), (p) += 2)
-#define KRB4_GET16(val, p, le) \
-do { \
- if (le) \
- KRB4_GET16LE((val), (p)); \
- else \
- KRB4_GET16BE((val), (p)); \
-} while (0)
-
-/* Routines to create and read packets may be found in prot.c */
-
-KTEXT create_auth_reply(char *, char *, char *, long, int,
- unsigned long, int, KTEXT);
-KTEXT create_death_packet(char *);
-KTEXT pkt_cipher(KTEXT);
-
-/* getst.c */
-int krb4int_getst(int, char *, int);
-
-/* strnlen.c */
-extern int KRB5_CALLCONV krb4int_strnlen(const char *, int);
-
-/* prot_client.c */
-extern int KRB5_CALLCONV krb4prot_encode_kdc_request(
- char *, char *, char *,
- KRB4_32, int,
- char *, char *,
- char *, int, int, int,
- KTEXT);
-extern int KRB5_CALLCONV krb4prot_decode_kdc_reply(
- KTEXT,
- int *,
- char *, char *, char *,
- long *, int *, unsigned long *, int *, KTEXT);
-extern int KRB5_CALLCONV krb4prot_decode_ciph(
- KTEXT, int,
- C_Block,
- char *, char *, char *,
- int *, int *, KTEXT, unsigned long *);
-extern int KRB5_CALLCONV krb4prot_encode_apreq(
- int, char *,
- KTEXT, KTEXT,
- int, int, KTEXT);
-extern int KRB5_CALLCONV krb4prot_encode_authent(
- char *, char *, char *,
- KRB4_32,
- int, long,
- int, int le,
- KTEXT pkt);
-extern int KRB5_CALLCONV krb4prot_decode_error(
- KTEXT, int *,
- char *, char *, char *,
- unsigned long *, unsigned long *, char *);
-
-/* prot_common.c */
-extern int KRB5_CALLCONV krb4prot_encode_naminstrlm(
- char *, char *, char *,
- int, KTEXT, unsigned char **);
-extern int KRB5_CALLCONV krb4prot_decode_naminstrlm(
- KTEXT, unsigned char **,
- char *, char *, char *);
-extern int KRB5_CALLCONV krb4prot_decode_header(
- KTEXT, int *, int *, int *);
-
-/* prot_kdc.c */
-extern int KRB5_CALLCONV krb4prot_encode_kdc_reply(
- char *, char *, char *,
- long, int, unsigned long,
- int, KTEXT, int, int, KTEXT);
-extern int KRB5_CALLCONV krb4prot_encode_ciph(
- C_Block,
- char *, char *, char *,
- unsigned long, int, KTEXT, unsigned long,
- int, int, KTEXT);
-extern int KRB5_CALLCONV krb4prot_encode_tkt(
- unsigned int,
- char *, char *, char *,
- unsigned long,
- char *, int, long,
- char *, char *,
- int, int, KTEXT tkt);
-extern int KRB5_CALLCONV krb4prot_encode_err_reply(
- char *, char *, char *,
- unsigned long, unsigned long, char *,
- int, int, KTEXT);
-extern int KRB5_CALLCONV krb4prot_decode_kdc_request(
- KTEXT,
- int *, char *, char *, char *,
- long *, int *, char *sname, char *sinst);
-
-/* Message types , always leave lsb for byte order */
-
-#define AUTH_MSG_KDC_REQUEST 1<<1
-#define AUTH_MSG_KDC_REPLY 2<<1
-#define AUTH_MSG_APPL_REQUEST 3<<1
-#define AUTH_MSG_APPL_REQUEST_MUTUAL 4<<1
-#define AUTH_MSG_ERR_REPLY 5<<1
-#define AUTH_MSG_PRIVATE 6<<1
-#define AUTH_MSG_SAFE 7<<1
-#define AUTH_MSG_APPL_ERR 8<<1
-#define AUTH_MSG_DIE 63<<1
-
-/* values for kerb error codes */
-
-#define KERB_ERR_OK 0
-#define KERB_ERR_NAME_EXP 1
-#define KERB_ERR_SERVICE_EXP 2
-#define KERB_ERR_AUTH_EXP 3
-#define KERB_ERR_PKT_VER 4
-#define KERB_ERR_NAME_MAST_KEY_VER 5
-#define KERB_ERR_SERV_MAST_KEY_VER 6
-#define KERB_ERR_BYTE_ORDER 7
-#define KERB_ERR_PRINCIPAL_UNKNOWN 8
-#define KERB_ERR_PRINCIPAL_NOT_UNIQUE 9
-#define KERB_ERR_NULL_KEY 10
-/* Cygnus extensions for Preauthentication */
-#define KERB_ERR_PREAUTH_SHORT 11
-#define KERB_ERR_PREAUTH_MISMATCH 12
-
-/* Return codes from krb4prot_ encoders/decoders */
-
-#define KRB4PROT_OK 0
-#define KRB4PROT_ERR_UNDERRUN 1
-#define KRB4PROT_ERR_OVERRUN 2
-#define KRB4PROT_ERR_PROT_VERS 3
-#define KRB4PROT_ERR_MSG_TYPE 4
-#define KRB4PROT_ERR_GENERIC 255
-
-#endif /* PROT_DEFS */
Modified: branches/mskrb-integ/src/kadmin/cli/kadmin.c
===================================================================
--- branches/mskrb-integ/src/kadmin/cli/kadmin.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/kadmin/cli/kadmin.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -536,7 +536,7 @@
krb5_defkeyname = DEFAULT_KEYTAB;
}
- if ((retval = kadm5_init_iprop(handle)) != 0) {
+ if ((retval = kadm5_init_iprop(handle, 0)) != 0) {
com_err(whoami, retval, _("while mapping update log"));
exit(1);
}
Modified: branches/mskrb-integ/src/kadmin/dbutil/Makefile.in
===================================================================
--- branches/mskrb-integ/src/kadmin/dbutil/Makefile.in 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/kadmin/dbutil/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678)
@@ -2,10 +2,9 @@
myfulldir=kadmin/dbutil
mydir=kadmin/dbutil
BUILDTOP=$(REL)..$(S)..
-DEFINES = -DKDB4_DISABLE
DEFS=
-LOCALINCLUDES = -I. @KRB4_INCLUDES@
-PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH)
+LOCALINCLUDES = -I.
+PROG_LIBPATH=-L$(TOPLIBD) $(KRB5_LIBPATH)
PROG_RPATH=$(KRB5_LIBDIR)
KDB_DEP_LIB=$(DL_LIB) $(THREAD_LINKOPTS)
@@ -17,8 +16,8 @@
all:: $(PROG)
-$(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB4COMPAT_DEPLIBS)
- $(CC_LINK) -o $(PROG) $(OBJS) $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB4COMPAT_LIBS)
+$(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o $(PROG) $(OBJS) $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS)
import_err.c import_err.h: $(srcdir)/import_err.et
Modified: branches/mskrb-integ/src/kadmin/dbutil/kdb5_create.c
===================================================================
--- branches/mskrb-integ/src/kadmin/dbutil/kdb5_create.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/kadmin/dbutil/kdb5_create.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -281,9 +281,9 @@
/* } */
if (log_ctx && log_ctx->iproprole) {
- if (retval = ulog_map(util_context, global_params.iprop_logfile,
- global_params.iprop_ulogsize, FKCOMMAND,
- db5util_db_args)) {
+ if ((retval = ulog_map(util_context, global_params.iprop_logfile,
+ global_params.iprop_ulogsize, FKCOMMAND,
+ db5util_db_args))) {
com_err(argv[0], retval,
_("while creating update log"));
exit_status++;
Modified: branches/mskrb-integ/src/kadmin/server/ipropd_svc.c
===================================================================
--- branches/mskrb-integ/src/kadmin/server/ipropd_svc.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/kadmin/server/ipropd_svc.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -31,8 +31,6 @@
extern gss_name_t rqst2name(struct svc_req *rqstp);
-extern int setup_gss_names(struct svc_req *, gss_buffer_desc *,
- gss_buffer_desc *);
extern void *global_server_handle;
extern int nofork;
extern short l_port;
Modified: branches/mskrb-integ/src/kadmin/server/kadm_rpc_svc.c
===================================================================
--- branches/mskrb-integ/src/kadmin/server/kadm_rpc_svc.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/kadmin/server/kadm_rpc_svc.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -25,8 +25,6 @@
static int check_rpcsec_auth(struct svc_req *);
-void log_badauth(OM_uint32 major, OM_uint32 minor,
- struct sockaddr_in *addr, char *data);
/*
* Function: kadm_1
*
Modified: branches/mskrb-integ/src/kadmin/server/misc.h
===================================================================
--- branches/mskrb-integ/src/kadmin/server/misc.h 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/kadmin/server/misc.h 2009-01-03 03:00:25 UTC (rev 21678)
@@ -11,6 +11,15 @@
krb5_ui_4 port;
} krb5_fulladdr;
+void
+log_badauth(OM_uint32 major, OM_uint32 minor,
+ struct sockaddr_in *addr, char *data);
+
+int
+setup_gss_names(struct svc_req *, gss_buffer_desc *,
+ gss_buffer_desc *);
+
+
kadm5_ret_t
chpass_principal_wrapper_3(void *server_handle,
krb5_principal principal,
@@ -61,6 +70,7 @@
gss_to_krb5_name_1(struct svc_req *rqstp, krb5_context ctx, gss_name_t gss_name,
krb5_principal *princ, gss_buffer_t gss_str);
+<<<<<<< HEAD:src/kadmin/server/misc.h
extern volatile int signal_request_exit;
extern volatile int signal_request_hup;
@@ -75,3 +85,13 @@
krb5_error_code closedown_network(void *handle, const char *prog);
#endif /* _MISC_H */
+=======
+void
+krb5_iprop_prog_1(struct svc_req *rqstp, SVCXPRT *transp);
+
+kadm5_ret_t
+kiprop_get_adm_host_srv_name(krb5_context,
+ const char *,
+ char **);
+
+>>>>>>> trunk:src/kadmin/server/misc.h
Modified: branches/mskrb-integ/src/kadmin/server/ovsec_kadmd.c
===================================================================
--- branches/mskrb-integ/src/kadmin/server/ovsec_kadmd.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/kadmin/server/ovsec_kadmd.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -122,12 +122,6 @@
void kadm5_set_use_password_server (void);
#endif
-extern void krb5_iprop_prog_1();
-extern kadm5_ret_t kiprop_get_adm_host_srv_name(
- krb5_context,
- const char *,
- char **);
-
/*
* Function: usage
*
Modified: branches/mskrb-integ/src/kdc/do_as_req.c
===================================================================
--- branches/mskrb-integ/src/kdc/do_as_req.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/kdc/do_as_req.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -110,13 +110,11 @@
register int i;
krb5_timestamp until, rtime;
char *cname = 0, *sname = 0;
- const char *fromstring = 0;
unsigned int c_flags = 0, s_flags = 0;
krb5_principal_data client_princ;
- char ktypestr[128];
- char rep_etypestr[128];
- char fromstringbuf[70];
void *pa_context = NULL;
+ int did_log = 0;
+ const char *emsg = 0;
#if APPLE_PKINIT
asReqDebug("process_as_req top realm %s name %s\n",
@@ -133,15 +131,6 @@
session_key.contents = 0;
enc_tkt_reply.authorization_data = NULL;
- ktypes2str(ktypestr, sizeof(ktypestr),
- request->nktypes, request->ktype);
-
- fromstring = inet_ntop(ADDRTYPE2FAMILY (from->address->addrtype),
- from->address->contents,
- fromstringbuf, sizeof(fromstringbuf));
- if (!fromstring)
- fromstring = "<unknown>";
-
if (!request->client) {
status = "NULL_CLIENT";
errcode = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
@@ -564,14 +553,8 @@
memset(reply.enc_part.ciphertext.data, 0, reply.enc_part.ciphertext.length);
free(reply.enc_part.ciphertext.data);
- rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), &reply);
- krb5_klog_syslog(LOG_INFO,
- "AS_REQ (%s) %s: ISSUE: authtime %d, "
- "%s, %s for %s",
- ktypestr,
- fromstring, authtime,
- rep_etypestr,
- cname, sname);
+ log_as_req(from, request, &reply, cname, sname, authtime, 0, 0, 0);
+ did_log = 1;
#ifdef KRBCONF_KDC_MODIFIES_KDB
/*
@@ -582,33 +565,31 @@
#endif /* KRBCONF_KDC_MODIFIES_KDB */
update_client = 1;
+ goto egress;
+
errout:
+ assert (status != 0);
+ /* fall through */
+
+egress:
if (update_client) {
audit_as_request(request, &client, &server, authtime, errcode);
}
+
if (pa_context)
free_padata_context(kdc_context, &pa_context);
- if (status) {
- const char * emsg = 0;
- if (errcode)
- emsg = krb5_get_error_message (kdc_context, errcode);
+ if (errcode)
+ emsg = krb5_get_error_message(kdc_context, errcode);
- krb5_klog_syslog(LOG_INFO, "AS_REQ (%s) %s: %s: %s for %s%s%s",
- ktypestr,
- fromstring, status,
- cname ? cname : "<unknown client>",
- sname ? sname : "<unknown server>",
- errcode ? ", " : "",
- errcode ? emsg : "");
- if (errcode)
- krb5_free_error_message (kdc_context, emsg);
+ if (status) {
+ log_as_req(from, request, &reply, cname, sname, 0,
+ status, errcode, emsg);
+ did_log = 1;
}
if (errcode) {
- int got_err = 0;
if (status == 0) {
- status = krb5_get_error_message (kdc_context, errcode);
- got_err = 1;
+ status = emsg;
}
errcode -= ERROR_TABLE_BASE_krb5;
if (errcode < 0 || errcode > 128)
@@ -617,11 +598,10 @@
errcode = prepare_error_as(request, errcode, &e_data,
c_nprincs ? client.princ : NULL,
response, status);
- if (got_err) {
- krb5_free_error_message (kdc_context, status);
- status = 0;
- }
+ status = 0;
}
+ if (emsg)
+ krb5_free_error_message(kdc_context, emsg);
if (enc_tkt_reply.authorization_data != NULL)
krb5_free_authdata(kdc_context, enc_tkt_reply.authorization_data);
@@ -665,7 +645,7 @@
}
krb5_free_data_contents(kdc_context, &e_data);
-
+ assert(did_log != 0);
return errcode;
}
Modified: branches/mskrb-integ/src/kdc/do_tgs_req.c
===================================================================
--- branches/mskrb-integ/src/kdc/do_tgs_req.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/kdc/do_tgs_req.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,7 +1,7 @@
/*
* kdc/do_tgs_req.c
*
- * Copyright 1990,1991,2001,2007 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991,2001,2007,2008 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
@@ -76,7 +76,7 @@
krb5_boolean *, int *);
static krb5_error_code prepare_error_tgs (krb5_kdc_req *, krb5_ticket *,
- int, const char *, krb5_principal,
+ int, krb5_principal,
krb5_data **, const char *);
/*ARGSUSED*/
@@ -102,8 +102,7 @@
krb5_timestamp until, rtime;
krb5_keyblock encrypting_key;
krb5_key_data *server_key;
- char *cname = 0, *sname = 0, *tmp = 0;
- const char *fromstring = 0;
+ char *cname = 0, *sname = 0, *altcname = 0;
krb5_last_req_entry *nolrarray[2], nolrentry;
/* krb5_address *noaddrarray[1]; */
krb5_enctype useenctype;
@@ -111,9 +110,6 @@
register int i;
int firstpass = 1;
const char *status = 0;
- char ktypestr[128];
- char rep_etypestr[128];
- char fromstringbuf[70];
krb5_enc_tkt_part *header_enc_tkt = NULL; /* ticket granting or evidence ticket */
krb5_db_entry client, krbtgt;
int c_nprincs = 0, k_nprincs = 0;
@@ -122,6 +118,7 @@
unsigned int c_flags = 0, s_flags = 0; /* client/server KDB flags */
char *s4u_name = NULL;
krb5_boolean is_referral;
+ const char *emsg = NULL;
session_key.contents = NULL;
@@ -129,8 +126,6 @@
if (retval)
return retval;
- ktypes2str(ktypestr, sizeof(ktypestr),
- request->nktypes, request->ktype);
/*
* setup_server_realm() sets up the global realm-specific data pointer.
*/
@@ -139,12 +134,6 @@
return retval;
}
- fromstring = inet_ntop(ADDRTYPE2FAMILY(from->address->addrtype),
- from->address->contents,
- fromstringbuf, sizeof(fromstringbuf));
- if (!fromstring)
- fromstring = "<unknown>";
-
if ((errcode = krb5_unparse_name(kdc_context, request->server, &sname))) {
status = "UNPARSING SERVER";
goto cleanup;
@@ -728,7 +717,7 @@
enc_tkt_reply.transited.tr_contents.data,
tdots);
else {
- const char *emsg = krb5_get_error_message(kdc_context, errcode);
+ emsg = krb5_get_error_message(kdc_context, errcode);
krb5_klog_syslog (LOG_ERR,
"unexpected error checking transit from "
"'%s' to '%s' via '%.*s%s': %s",
@@ -738,6 +727,7 @@
enc_tkt_reply.transited.tr_contents.data,
tdots, emsg);
krb5_free_error_message(kdc_context, emsg);
+ emsg = NULL;
}
} else
krb5_klog_syslog (LOG_INFO, "not checking transit path");
@@ -764,19 +754,13 @@
krb5_enc_tkt_part *t2enc = request->second_ticket[st_idx]->enc_part2;
krb5_principal client2 = t2enc->client;
if (!krb5_principal_compare(kdc_context, request->server, client2)) {
- if ((errcode = krb5_unparse_name(kdc_context, client2, &tmp)))
- tmp = 0;
- if (tmp != NULL)
- limit_string(tmp);
+ if ((errcode = krb5_unparse_name(kdc_context, client2, &altcname)))
+ altcname = 0;
+ if (altcname != NULL)
+ limit_string(altcname);
- krb5_klog_syslog(LOG_INFO,
- "TGS_REQ %s: 2ND_TKT_MISMATCH: "
- "authtime %d, %s for %s, 2nd tkt client %s",
- fromstring, authtime,
- cname ? cname : "<unknown client>",
- sname ? sname : "<unknown server>",
- tmp ? tmp : "<unknown>");
errcode = KRB5KDC_ERR_SERVER_NOMATCH;
+ status = "2ND_TKT_MISMATCH";
goto cleanup;
}
@@ -851,36 +835,16 @@
free(reply.enc_part.ciphertext.data);
cleanup:
- if (0) {
- assert(header_enc_tkt != NULL);
- audit_tgs_request(request, header_enc_tkt->client, &server, header_enc_tkt->times.authtime, errcode);
+ assert(status != NULL);
+ if (errcode)
+ emsg = krb5_get_error_message (kdc_context, errcode);
+ log_tgs_req(from, request, &reply, cname, sname, altcname, authtime,
+ status, errcode, emsg);
+ if (errcode) {
+ krb5_free_error_message (kdc_context, emsg);
+ emsg = NULL;
}
- if (status) {
- const char * emsg = NULL;
- int s4u = isflagset(c_flags, KRB5_KDB_FLAGS_S4U);
- if (!errcode)
- rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), &reply);
- if (errcode)
- emsg = krb5_get_error_message (kdc_context, errcode);
- krb5_klog_syslog(LOG_INFO,
- "TGS_REQ (%s) %s: %s: authtime %d, "
- "%s%s %s %s%s%sfor %s%s%s",
- ktypestr,
- fromstring, status, authtime,
- !errcode ? rep_etypestr : "",
- !errcode ? "," : "",
- cname ? cname : "<unknown client>",
- s4u ? "[on behalf of " : "",
- s4u ? (s4u_name != NULL ? s4u_name : "<unknown proxy>") : "",
- s4u ? "] " : "",
- sname ? sname : "<unknown server>",
- errcode ? ", " : "",
- errcode ? emsg : "");
- if (errcode)
- krb5_free_error_message (kdc_context, emsg);
- }
-
if (errcode) {
int got_err = 0;
if (status == 0) {
@@ -892,7 +856,7 @@
errcode = KRB_ERR_GENERIC;
retval = prepare_error_tgs(request, header_ticket, errcode,
- fromstring, nprincs ? server.princ : NULL,
+ nprincs ? server.princ : NULL,
response, status);
if (got_err) {
krb5_free_error_message (kdc_context, status);
@@ -932,7 +896,7 @@
static krb5_error_code
prepare_error_tgs (krb5_kdc_req *request, krb5_ticket *ticket, int error,
- const char *ident, krb5_principal canon_server,
+ krb5_principal canon_server,
krb5_data **response, const char *status)
{
krb5_error errpkt;
@@ -1024,7 +988,6 @@
} else if (*nprincs == 1) {
/* Found it! */
krb5_principal tmpprinc;
- char *sname;
tmp = *krb5_princ_realm(kdc_context, *pl2);
krb5_princ_set_realm(kdc_context, *pl2,
@@ -1038,15 +1001,7 @@
krb5_free_principal(kdc_context, request->server);
request->server = tmpprinc;
- if (krb5_unparse_name(kdc_context, request->server, &sname)) {
- krb5_klog_syslog(LOG_INFO,
- "TGS_REQ: issuing alternate <un-unparseable> TGT");
- } else {
- limit_string(sname);
- krb5_klog_syslog(LOG_INFO,
- "TGS_REQ: issuing TGT %s", sname);
- free(sname);
- }
+ log_tgs_alt_tgt(request->server);
krb5_free_realm_tree(kdc_context, plist);
return;
}
Modified: branches/mskrb-integ/src/kdc/kdc_util.c
===================================================================
--- branches/mskrb-integ/src/kdc/kdc_util.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/kdc/kdc_util.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1669,6 +1669,7 @@
more);
}
+
krb5_error_code
sign_db_authdata (krb5_context context,
unsigned int flags,
@@ -2210,3 +2211,124 @@
return 0;
}
+
+/* Main logging routines for ticket requests.
+
+ There are a few simple cases -- unparseable requests mainly --
+ where messages are logged otherwise, but once a ticket request can
+ be decoded in some basic way, these routines are used for logging
+ the details. */
+
+/* "status" is null to indicate success. */
+/* Someday, pass local address/port as well. */
+void
+log_as_req(const krb5_fulladdr *from,
+ krb5_kdc_req *request, krb5_kdc_rep *reply,
+ const char *cname, const char *sname,
+ krb5_timestamp authtime,
+ const char *status, krb5_error_code errcode, const char *emsg)
+{
+ const char *fromstring = 0;
+ char fromstringbuf[70];
+ char ktypestr[128];
+ const char *cname2 = cname ? cname : "<unknown client>";
+ const char *sname2 = sname ? sname : "<unknown server>";
+
+ fromstring = inet_ntop(ADDRTYPE2FAMILY (from->address->addrtype),
+ from->address->contents,
+ fromstringbuf, sizeof(fromstringbuf));
+ if (!fromstring)
+ fromstring = "<unknown>";
+ ktypes2str(ktypestr, sizeof(ktypestr),
+ request->nktypes, request->ktype);
+
+ if (status == NULL) {
+ /* success */
+ char rep_etypestr[128];
+ rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), reply);
+ krb5_klog_syslog(LOG_INFO,
+ "AS_REQ (%s) %s: ISSUE: authtime %d, %s, %s for %s",
+ ktypestr, fromstring, authtime,
+ rep_etypestr, cname2, sname2);
+ } else {
+ /* fail */
+ krb5_klog_syslog(LOG_INFO, "AS_REQ (%s) %s: %s: %s for %s%s%s",
+ ktypestr, fromstring, status,
+ cname2, sname2, emsg ? ", " : "", emsg ? emsg : "");
+ }
+#if 0
+ /* Sun (OpenSolaris) version would probably something like this.
+ The client and server names passed can be null, unlike in the
+ logging routines used above. Note that a struct in_addr is
+ used, but the real address could be an IPv6 address. */
+ audit_krb5kdc_as_req(some in_addr *, (in_port_t)from->port, 0,
+ cname, sname, errcode);
+#endif
+}
+
+/* Here "status" must be non-null. Error code
+ KRB5KDC_ERR_SERVER_NOMATCH is handled specially. */
+void
+log_tgs_req(const krb5_fulladdr *from,
+ krb5_kdc_req *request, krb5_kdc_rep *reply,
+ const char *cname, const char *sname, const char *altcname,
+ krb5_timestamp authtime,
+ const char *status, krb5_error_code errcode, const char *emsg)
+{
+ char ktypestr[128];
+ const char *fromstring = 0;
+ char fromstringbuf[70];
+ char rep_etypestr[128];
+
+ fromstring = inet_ntop(ADDRTYPE2FAMILY(from->address->addrtype),
+ from->address->contents,
+ fromstringbuf, sizeof(fromstringbuf));
+ if (!fromstring)
+ fromstring = "<unknown>";
+ ktypes2str(ktypestr, sizeof(ktypestr), request->nktypes, request->ktype);
+ if (!errcode)
+ rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), reply);
+ else
+ rep_etypestr[0] = 0;
+
+ /* Differences: server-nomatch message logs 2nd ticket's client
+ name (useful), and doesn't log ktypestr (probably not
+ important). */
+ if (errcode != KRB5KDC_ERR_SERVER_NOMATCH)
+ krb5_klog_syslog(LOG_INFO,
+ "TGS_REQ (%s) %s: %s: authtime %d, %s%s %s for %s%s%s",
+ ktypestr,
+ fromstring, status, authtime,
+ rep_etypestr,
+ !errcode ? "," : "",
+ cname ? cname : "<unknown client>",
+ sname ? sname : "<unknown server>",
+ errcode ? ", " : "",
+ errcode ? emsg : "");
+ else
+ krb5_klog_syslog(LOG_INFO,
+ "TGS_REQ %s: %s: authtime %d, %s for %s, 2nd tkt client %s",
+ fromstring, status, authtime,
+ cname ? cname : "<unknown client>",
+ sname ? sname : "<unknown server>",
+ altcname ? altcname : "<unknown>");
+
+ /* OpenSolaris: audit_krb5kdc_tgs_req(...) or
+ audit_krb5kdc_tgs_req_2ndtktmm(...) */
+}
+
+void
+log_tgs_alt_tgt(krb5_principal p)
+{
+ char *sname;
+ if (krb5_unparse_name(kdc_context, p, &sname)) {
+ krb5_klog_syslog(LOG_INFO,
+ "TGS_REQ: issuing alternate <un-unparseable> TGT");
+ } else {
+ limit_string(sname);
+ krb5_klog_syslog(LOG_INFO, "TGS_REQ: issuing TGT %s", sname);
+ free(sname);
+ }
+ /* OpenSolaris: audit_krb5kdc_tgs_req_alt_tgt(...) */
+}
+
Modified: branches/mskrb-integ/src/kdc/kdc_util.h
===================================================================
--- branches/mskrb-integ/src/kdc/kdc_util.h 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/kdc/kdc_util.h 2009-01-03 03:00:25 UTC (rev 21678)
@@ -277,8 +277,25 @@
validate_transit_path(krb5_context context,
krb5_const_principal client,
krb5_db_entry *server,
- krb5_db_entry *krbtgt);
+ krb5_db_entry *krbtgt);
+
+void
+log_as_req(const krb5_fulladdr *from,
+ krb5_kdc_req *request, krb5_kdc_rep *reply,
+ const char *cname, const char *sname,
+ krb5_timestamp authtime,
+ const char *status, krb5_error_code errcode, const char *emsg);
+void
+log_tgs_req(const krb5_fulladdr *from,
+ krb5_kdc_req *request, krb5_kdc_rep *reply,
+ const char *cname, const char *sname, const char *altcname,
+ krb5_timestamp authtime,
+ const char *status, krb5_error_code errcode, const char *emsg);
+void log_tgs_alt_tgt(krb5_principal p);
+
+
+
#define isflagset(flagfield, flag) (flagfield & (flag))
#define setflag(flagfield, flag) (flagfield |= (flag))
#define clear(flagfield, flag) (flagfield &= ~(flag))
Modified: branches/mskrb-integ/src/kim/agent/mac/AuthenticationController.m
===================================================================
--- branches/mskrb-integ/src/kim/agent/mac/AuthenticationController.m 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/kim/agent/mac/AuthenticationController.m 2009-01-03 03:00:25 UTC (rev 21678)
@@ -75,8 +75,8 @@
{
[[self window] center];
// We need to float over the loginwindow and SecurityAgent so use its hardcoded level.
- [[self window] setLevel:NSScreenSaverWindowLevel];
-
+ [[self window] setLevel:NSModalPanelWindowLevel];
+
visibleAsSheet = NO;
lifetimeFormatter.displaySeconds = NO;
Modified: branches/mskrb-integ/src/kim/agent/mac/SelectIdentityController.m
===================================================================
--- branches/mskrb-integ/src/kim/agent/mac/SelectIdentityController.m 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/kim/agent/mac/SelectIdentityController.m 2009-01-03 03:00:25 UTC (rev 21678)
@@ -55,7 +55,7 @@
NSString *message = nil;
[[self window] center];
- [[self window] setLevel:NSScreenSaverWindowLevel];
+ [[self window] setLevel:NSModalPanelWindowLevel];
longTimeFormatter.displaySeconds = NO;
longTimeFormatter.displayShortFormat = NO;
Modified: branches/mskrb-integ/src/krb5-config.M
===================================================================
--- branches/mskrb-integ/src/krb5-config.M 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/krb5-config.M 2009-01-03 03:00:25 UTC (rev 21678)
@@ -64,7 +64,6 @@
.in +.5i
krb5 Kerberos 5 application
gssapi GSSAPI application with Kerberos 5 bindings
-krb4 Kerberos 4 application
kadm-client Kadmin client
kadm-server Kadmin server
kdb Application that accesses the kerberos database
Modified: branches/mskrb-integ/src/krb5-config.in
===================================================================
--- branches/mskrb-integ/src/krb5-config.in 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/krb5-config.in 2009-01-03 03:00:25 UTC (rev 21678)
@@ -32,8 +32,6 @@
includedir=@includedir@
libdir=@libdir@
CC_LINK='@CC_LINK@'
-KRB4_LIB=@KRB4_LIB@
-DES425_LIB=@DES425_LIB@
KDB5_DB_LIB=@KDB5_DB_LIB@
LDFLAGS='@LDFLAGS@'
RPATH_FLAG='@RPATH_FLAG@'
@@ -87,9 +85,6 @@
gssapi)
library=gssapi
;;
- krb4)
- library=krb4
- ;;
kadm-client)
library=kadm_client
;;
@@ -126,7 +121,6 @@
echo "Libraries:"
echo " krb5 Kerberos 5 application"
echo " gssapi GSSAPI application with Kerberos 5 bindings"
- echo " krb4 Kerberos 4 application"
echo " kadm-client Kadmin client"
echo " kadm-server Kadmin server"
echo " kdb Application that accesses the kerberos database"
@@ -219,11 +213,6 @@
library=krb5
fi
- if test $library = 'krb4'; then
- lib_flags="$lib_flags $KRB4_LIB $DES425_LIB"
- library=krb5
- fi
-
if test $library = 'krb5'; then
lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err $GEN_LIB $LIBS $DL_LIB"
fi
Deleted: branches/mskrb-integ/src/krb524/Makefile.in
===================================================================
--- branches/mskrb-integ/src/krb524/Makefile.in 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/krb524/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,175 +0,0 @@
-thisconfigdir=..
-myfulldir=krb524
-mydir=krb524
-BUILDTOP=$(REL)..
-KDB_DEP_LIB=$(DL_LIB) $(THREAD_LINKOPTS)
-DEFS=
-
-# Copyright 1994 by OpenVision Technologies, Inc.
-#
-# Permission to use, copy, modify, distribute, and sell this software
-# and its documentation for any purpose is hereby granted without fee,
-# provided that the above copyright notice appears in all copies and
-# that both that copyright notice and this permission notice appear in
-# supporting documentation, and that the name of OpenVision not be used
-# in advertising or publicity pertaining to distribution of the software
-# without specific, written prior permission. OpenVision makes no
-# representations about the suitability of this software for any
-# purpose. It is provided "as is" without express or implied warranty.
-#
-# OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
-# INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
-# EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
-# CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
-# USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
-# OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-# PERFORMANCE OF THIS SOFTWARE.
-#
-
-DEFINES = -DUSE_MASTER -DKRB524_PRIVATE=1
-PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH)
-PROG_RPATH=$(KRB5_LIBDIR)
-
-##WIN32##!if ("$(CPU)" == "i386") && defined(USE_ALTERNATE_KRB4_INCLUDES)
-##WIN32##KRB4_INCLUDES=-I$(USE_ALTERNATE_KRB4_INCLUDES)
-##WIN32##!endif
-
-##WIN32##!if ("$(CPU)" == "i386") && defined(USE_ALTERNATE_KRB4_LIB)
-##WIN32##K4LIB=$(USE_ALTERNATE_KRB4_LIB)
-##WIN32##!endif
-
-K524EXE = $(OUTPRE)k524init.exe
-K524LIB = $(OUTPRE)krb524.lib
-K524DEP = $(K524LIB)
-K524DEF = krb524.def
-WINLIBS = kernel32.lib ws2_32.lib user32.lib shell32.lib oldnames.lib \
- version.lib advapi32.lib gdi32.lib
-
-LOCALINCLUDES= $(KRB4_INCLUDES) -I. -I$(srcdir)
-
-# Library sources
-SRCS = \
- $(srcdir)/cnv_tkt_skey.c \
- $(srcdir)/libinit.c \
- $(srcdir)/krb524.c
-
-EXTRADEPSRCS = \
- $(srcdir)/test.c \
- $(srcdir)/k524init.c \
- $(srcdir)/krb524d.c
-
-##WIN32##!ifdef KRB524_STATIC_HACK
-##WIN32##LPREFIX=..\lib
-##WIN32##K5_GLUE=$(LPREFIX)\$(OUTPRE)k5_glue.obj
-##WIN32##KLIBS = $(LPREFIX)\krb5\$(OUTPRE)krb5.lib \
-##WIN32## $(LPREFIX)\crypto\$(OUTPRE)crypto.lib \
-##WIN32## $(BUILDTOP)\util\profile\$(OUTPRE)profile.lib \
-##WIN32## $(LPREFIX)\des425\$(OUTPRE)des425.lib
-##WIN32##KLIB=$(KLIBS) $(DNSLIBS) $(K5_GLUE) $(CLIB)
-##WIN32##STLIBOBJS=$(STLIBOBJS:libinit=globals)
-##WIN32##K524DEP=$(STLIBOBJS)
-##WIN32##!endif
-
-##WIN32##VERSIONRC = $(BUILDTOP)\windows\version.rc
-##WIN32##RCFLAGS=$(CPPFLAGS) -I$(SRCTOP) -D_WIN32 -DRES_ONLY
-
-##WIN32##EXERES=$(K524EXE:.exe=.res)
-##WIN32##LIBRES=$(K524LIB:.lib=.res)
-
-##WIN32##$(EXERES): $(VERSIONRC)
-##WIN32## $(RC) $(RCFLAGS) -DKRB524_INIT -fo $@ -r $**
-##WIN32##$(LIBRES): $(VERSIONRC)
-##WIN32## $(RC) $(RCFLAGS) -DKRB524_LIB -fo $@ -r $**
-
-all-unix:: krb524d krb524test k524init
-
-##WIN32##all-windows:: $(K524EXE) $(K524LIB)
-
-krb524test: test.o $(KRB5_DEPLIB) $(KRB4COMPAT_DEPLIBS)
- $(CC_LINK) -o krb524test test.o $(KRB5_LIB) $(KRB4COMPAT_LIBS)
-
-SERVER_OBJS= krb524d.o cnv_tkt_skey.o
-CLIENT_OBJS= $(OUTPRE)k524init.$(OBJEXT)
-
-krb524d: $(SERVER_OBJS) $(KADMSRV_DEPLIBS) $(KRB5_DEPLIB) $(KRB4COMPAT_DEPLIBS) $(APPUTILS_DEPLIB)
- $(CC_LINK) -o krb524d $(SERVER_OBJS) $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_LIB) $(KRB4COMPAT_LIBS) $(APPUTILS_LIB)
-
-k524init: $(CLIENT_OBJS) $(KRB5_DEPLIB) $(KRB4COMPAT_DEPLIBS)
- $(CC_LINK) -o k524init $(CLIENT_OBJS) $(KRB5_LIB) $(KRB4COMPAT_LIBS)
-
-##WIN32##$(K524LIB): $(OUTPRE)krb524.$(OBJEXT) $(OUTPRE)libinit.$(OBJEXT) $(KLIB) $(CLIB) $(LIBRES)
-##WIN32## link $(DLL_LINKOPTS) -def:$(K524DEF) -out:$*.dll $** $(WINLIBS)
-##WIN32## $(_VC_MANIFEST_EMBED_DLL)
-
-##WIN32##$(K524EXE): $(OUTPRE)k524init.$(OBJEXT) $(KLIB) $(K4LIB) $(CLIB) $(EXERES) $(BUILDTOP)\util\windows\$(OUTPRE)getopt.lib
-##WIN32## link $(EXE_LINKOPTS) -out:$@ $** $(WINLIBS) $(SCLIB)
-##WIN32## $(_VC_MANIFEST_EMBED_EXE)
-
-install-unix::
- $(INSTALL_PROGRAM) krb524d $(DESTDIR)$(SERVER_BINDIR)/krb524d
- $(INSTALL_PROGRAM) k524init $(DESTDIR)$(CLIENT_BINDIR)/krb524init
- $(INSTALL_DATA) $(srcdir)/krb524d.M $(DESTDIR)$(SERVER_MANDIR)/krb524d.8
- $(INSTALL_DATA) $(srcdir)/k524init.M \
- $(DESTDIR)$(CLIENT_MANDIR)/krb524init.1
-
-clean-unix::
- $(RM) $(OBJS) core *~ *.bak #*
- $(RM) krb524test krb524d k524init test.o $(CLIENT_OBJS) $(SERVER_OBJS)
-
-
-# +++ Dependency line eater +++
-#
-# Makefile dependencies follow. This must be the last section in
-# the Makefile.in file
-#
-$(OUTPRE)cnv_tkt_skey.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \
- $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
- $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
- $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h cnv_tkt_skey.c krb524d.h
-$(OUTPRE)libinit.$(OBJEXT): libinit.c
-$(OUTPRE)krb524.$(OBJEXT): krb524.c
-$(OUTPRE)test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \
- $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
- $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
- $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h test.c
-$(OUTPRE)k524init.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \
- $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
- $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
- $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h k524init.c
-$(OUTPRE)krb524d.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
- $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
- $(BUILDTOP)/include/kadm5/kadm_err.h $(KRB_ERR_H_DEP) \
- $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \
- $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
- $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
- $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
- $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
- $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
- $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
- $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h krb524d.c krb524d.h
Deleted: branches/mskrb-integ/src/krb524/README
===================================================================
--- branches/mskrb-integ/src/krb524/README 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/krb524/README 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,154 +0,0 @@
-Copyright 1994 by OpenVision Technologies, Inc.
-
-Permission to use, copy, modify, distribute, and sell this software
-and its documentation for any purpose is hereby granted without fee,
-provided that the above copyright notice appears in all copies and
-that both that copyright notice and this permission notice appear in
-supporting documentation, and that the name of OpenVision not be used
-in advertising or publicity pertaining to distribution of the software
-without specific, written prior permission. OpenVision makes no
-representations about the suitability of this software for any
-purpose. It is provided "as is" without express or implied warranty.
-
-OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
-INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
-EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
-CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
-USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
-OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-PERFORMANCE OF THIS SOFTWARE.
-
-
-Kerberos V5 to Kerberos V4 Credentials Converting Service, ALPHA RELEASE
-========================================================================
-
-krb524 is a service that converts Kerberos V5 credentials into
-Kerberos V4 credentials suitable for use with applications that for
-whatever reason do not use V5 directly. The service consists of a
-server that has access to the secret key of the Kerberos service for
-which credentials will be converted, and a library for use by client
-programs that wish to use the server.
-
-The protocol is simple. Suppose that a client C wishes to obtain V4
-credentials for a V5 service S by using the krb524 server. The
-notation {C,S}_n represents a Vn service ticket for S for use by C.
-
-(1) C obtains V5 credentials, including a ticket {C,S}_5, for S by the
-normal V5 means.
-
-(2) C transmits {C,S}_5 to KRB524.
-
-(3) KRB524 converts {C,S}_5 into {C,S}_4.
-
-(4) KRB524 transmits {C,S}_4 to C.
-
-(5) C creates a V4 credentials strucuture from the plaintext
-information in the V5 credential and {C,S}_4.
-
-Steps (2) through (4) are encapsulated in a single function call in
-the krb524 library.
-
-An alternate conversion is provided for AFS servers that support the
-encrypted part of a krb5 ticket as an AFS token. If the krb524d is
-converting a principal whose first component is afs and if the
-encrypted part of the ticket fits in 344 bytes, then it will default
-to simply returning the encrypted part of the ticket as a token. If
-it turns out that the AFS server does not support the ticket, then
-users will get an unknown key version error and the krb524d must be
-configured to use v4 tickets for this AFS service.
-
-
-Obviously, not all V5 credentials can be completely converted to V4
-credentials, since the former is a superset of the latter. The
-precise semantics of the conversion function are still undecided.
-UTSL.
-
-Programs contained in this release
-======================================================================
-
-krb524d [-m[aster]] [-k[eytab]]
-
-The krb524 server. It accepts UDP requests on the krb524 service
-port, specified in /etc/services, or on port 4444 by default. (A
-request for an official port assignment is underway.) The -m argument
-causes krb524d to access the KDC master database directly; the -k
-argument causes krb524d to use the default keytab (and therefore only
-be able to convert tickets for services in the keytab). Only one of
--m or -k can be specified.
-
-test -remote server client service
-
-A test program that obtains a V5 credential for {client,service},
-converts it to a V4 credential, and prints out the entire contents of
-both versions. It prompts for service's secret key, which it needs to
-decrypt both tickets in order to print them out. Enter it as an eight
-digit ASCII hex number.
-
-k524init [-n] [-p principal]
-
-Convert a V5 credential into a V4 credential and store it in a V4
-ticket file. The client is 'principal', or krbtgt at the V5 ccache's
-default principal's realm if not specified. The -n argument causes
-the new ticket to be added to the existing ticket file; otherwise, the
-ticket file is initialized.
-
-Configuring krb524d AFS Conversion
-======================================================================
-
-The krb524d looks in the appdefaults section of krb5.conf for an
-application called afs_krb5 to determine whether afs principals
-support encrypted ticket parts as tokens. The following configuration
-fragment says that afs/sipb.mit.edu at ATHENA.MIT.EDU supports the new
-token format but afs at ATHENA.MIT.EDU and
-afs/athena.mit.edu at ATHENA.MIT.EDU do not. Note that the default is to
-assume afs servers support the new format.
-
-[appdefaults]
-afs_krb5 = {
- ATHENA.MIT.EDU = {
- # This stanza describes principals in the
- #ATHENA.MIT.EDU realm
- afs = false
- afs/athena.mit.edu = false
- afs/sipb.mit.edu = true
- }
-}
-
-
-Using libkrb524.a
-======================================================================
-
-To use libkrb524.a, #include "krb524.h", link against libkrb524.a,
-call krb524_init_ets() at the beginning of your program, and call one
-of the following two functions:
-
-int krb524_convert_creds_addr(krb5_creds *v5creds, CREDENTIALS *v4creds,
- struct sockaddr *saddr)
-
-int krb524_convert_creds_kdc(krb5_creds *v5creds, CREDENTIALS *v4creds)
-
-Both convert the V5 credential in v5creds into a V4 credential in
-v4creds. One assumes krb524d is running on the KDC, the other uses an
-explicit host. You only need to specify the address for saddr; the
-port is filled in automatically.
-
-Unresolved issues / Bugs
-======================================================================
-
-o krb524d requires access to the secret key of any service to be
-converted. Should krb524d run on the KDC or on individual server
-machines? The latter is more paranoid, since it prevents bugs in
-krb524d from provided unauthorized access to the master database.
-However, it also requires the client to provide the address of the
-server to be used. The client will usually have this information
-(since presumably it will be sending the converted V4 credentials to
-the same server) but it may not be in a convenient form. It seems
-"cleaner" to have krb524d run on the KDC.
-
-o Even if krb524d uses keytabs on server machines, it needs to be more
-flexible. You only want to run one krb524d per host, so it has to be
-able to scan multiple keytabs. This might get logistically messy.
-
-o This code is of alpha quality. Bugs, omissions, memory leaks, and
-perhaps security holes still remain. Do not use it (yet) in a
-production environment.
Deleted: branches/mskrb-integ/src/krb524/cnv_tkt_skey.c
===================================================================
--- branches/mskrb-integ/src/krb524/cnv_tkt_skey.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/krb524/cnv_tkt_skey.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,223 +0,0 @@
-/*
- * Copyright 2003 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-/*
- * Copyright 1994 by OpenVision Technologies, Inc.
- *
- * Permission to use, copy, modify, distribute, and sell this software
- * and its documentation for any purpose is hereby granted without fee,
- * provided that the above copyright notice appears in all copies and
- * that both that copyright notice and this permission notice appear in
- * supporting documentation, and that the name of OpenVision not be used
- * in advertising or publicity pertaining to distribution of the software
- * without specific, written prior permission. OpenVision makes no
- * representations about the suitability of this software for any
- * purpose. It is provided "as is" without express or implied warranty.
- *
- * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
- * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
- * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
- * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
- * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "k5-int.h" /* we need krb5_context::clockskew */
-#include <stdio.h>
-#include <sys/types.h>
-
-#ifdef _WIN32
-#include "port-sockets.h"
-#else
-#include <sys/time.h>
-#include <netinet/in.h>
-#endif
-#include <krb.h>
-#include "krb524d.h"
-
-static int krb524d_debug = 0;
-
-static int
-krb524_convert_princs(context, client, server, pname, pinst, prealm,
- sname, sinst, srealm)
- krb5_context context;
- krb5_principal client, server;
- char *pname, *pinst, *prealm, *sname, *sinst, *srealm;
-{
- int ret;
-
- if ((ret = krb5_524_conv_principal(context, client, pname, pinst,
- prealm)))
- return ret;
-
- return krb5_524_conv_principal(context, server, sname, sinst, srealm);
-}
-/*
- * Convert a v5 ticket for server to a v4 ticket, using service key
- * skey for both.
- */
-int krb524_convert_tkt_skey(context, v5tkt, v4tkt, v5_skey, v4_skey,
- saddr)
- krb5_context context;
- krb5_ticket *v5tkt;
- KTEXT_ST *v4tkt;
- krb5_keyblock *v5_skey, *v4_skey;
- struct sockaddr_in *saddr;
-{
- char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ];
- char sname[ANAME_SZ], sinst[INST_SZ], srealm[REALM_SZ];
- krb5_enc_tkt_part *v5etkt;
- int ret, lifetime, v4endtime;
- krb5_timestamp server_time;
- struct sockaddr_in *sinp = (struct sockaddr_in *)saddr;
- krb5_address kaddr;
-
- v5tkt->enc_part2 = NULL;
- if ((ret = krb5_decrypt_tkt_part(context, v5_skey, v5tkt))) {
- return ret;
- }
- v5etkt = v5tkt->enc_part2;
-
- if (v5etkt->transited.tr_contents.length != 0) {
- /* Some intermediate realms transited -- do we accept them?
-
- Simple answer: No.
-
- More complicated answer: Check our local config file to
- see if the path is correct, and base the answer on that.
- This denies the krb4 application server any ability to do
- its own validation as krb5 servers can.
-
- Fast answer: Not right now. */
- krb5_free_enc_tkt_part(context, v5etkt);
- v5tkt->enc_part2 = NULL;
- return KRB5KRB_AP_ERR_ILL_CR_TKT;
- }
- /* We could also encounter a case where luser at R1 gets a ticket
- for krbtgt/R3 at R2, and then tries to convert it. But the
- converted ticket would be one the v4 KDC code should reject
- anyways. So we don't need to worry about it here. */
-
- if ((ret = krb524_convert_princs(context, v5etkt->client, v5tkt->server,
- pname, pinst, prealm, sname,
- sinst, srealm))) {
- krb5_free_enc_tkt_part(context, v5etkt);
- v5tkt->enc_part2 = NULL;
- return ret;
- }
- if ((v5etkt->session->enctype != ENCTYPE_DES_CBC_CRC &&
- v5etkt->session->enctype != ENCTYPE_DES_CBC_MD4 &&
- v5etkt->session->enctype != ENCTYPE_DES_CBC_MD5) ||
- v5etkt->session->length != sizeof(C_Block)) {
- if (krb524d_debug)
- fprintf(stderr, "v5 session keyblock type %d length %d != C_Block size %d\n",
- v5etkt->session->enctype,
- v5etkt->session->length,
- (int) sizeof(C_Block));
- krb5_free_enc_tkt_part(context, v5etkt);
- v5tkt->enc_part2 = NULL;
- return KRB524_BADKEY;
- }
-
- /* V4 has no concept of authtime or renew_till, so ignore them */
- if (v5etkt->times.starttime == 0)
- v5etkt->times.starttime = v5etkt->times.authtime;
- /* rather than apply fit an extended v5 lifetime into a v4 range,
- give out a v4 ticket with as much of the v5 lifetime is available
- "now" instead. */
- if ((ret = krb5_timeofday(context, &server_time))) {
- if (krb524d_debug)
- fprintf(stderr, "krb5_timeofday failed!\n");
- krb5_free_enc_tkt_part(context, v5etkt);
- v5tkt->enc_part2 = NULL;
- return ret;
- }
- if ((server_time + context->clockskew >= v5etkt->times.starttime)
- && (server_time - context->clockskew <= v5etkt->times.endtime)) {
- lifetime = krb_time_to_life(server_time, v5etkt->times.endtime);
- v4endtime = krb_life_to_time(server_time, lifetime);
- /*
- * Adjust start time backwards if the lifetime value
- * returned by krb_time_to_life() maps to a longer lifetime
- * than that of the original krb5 ticket.
- */
- if (v4endtime > v5etkt->times.endtime)
- server_time -= v4endtime - v5etkt->times.endtime;
- } else {
- if (krb524d_debug)
- fprintf(stderr, "v5 ticket time out of bounds\n");
- krb5_free_enc_tkt_part(context, v5etkt);
- v5tkt->enc_part2 = NULL;
- if (server_time+context->clockskew < v5etkt->times.starttime)
- return KRB5KRB_AP_ERR_TKT_NYV;
- else if (server_time-context->clockskew > v5etkt->times.endtime)
- return KRB5KRB_AP_ERR_TKT_EXPIRED;
- else /* shouldn't happen, but just in case... */
- return KRB5KRB_AP_ERR_TKT_NYV;
- }
-
- kaddr.addrtype = ADDRTYPE_INET;
- kaddr.length = sizeof(sinp->sin_addr);
- kaddr.contents = (krb5_octet *)&sinp->sin_addr;
-
- if (!krb5_address_search(context, &kaddr, v5etkt->caddrs)) {
- if (krb524d_debug)
- fprintf(stderr, "Invalid v5creds address information.\n");
- krb5_free_enc_tkt_part(context, v5etkt);
- v5tkt->enc_part2 = NULL;
- return KRB524_BADADDR;
- }
-
- if (krb524d_debug)
- printf("startime = %ld, authtime = %ld, lifetime = %ld\n",
- (long) v5etkt->times.starttime,
- (long) v5etkt->times.authtime,
- (long) lifetime);
-
- /* XXX are there V5 flags we should map to V4 equivalents? */
- if (v4_skey->enctype == ENCTYPE_DES_CBC_CRC) {
- ret = krb_create_ticket(v4tkt,
- 0, /* flags */
- pname,
- pinst,
- prealm,
- sinp->sin_addr.s_addr,
- (char *) v5etkt->session->contents,
- lifetime,
- /* issue_data */
- server_time,
- sname,
- sinst,
- v4_skey->contents);
- }
- else abort();
- krb5_free_enc_tkt_part(context, v5etkt);
- v5tkt->enc_part2 = NULL;
- if (ret == KSUCCESS)
- return 0;
- else
- return KRB524_V4ERR;
-}
Deleted: branches/mskrb-integ/src/krb524/k524init.M
===================================================================
--- branches/mskrb-integ/src/krb524/k524init.M 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/krb524/k524init.M 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,47 +0,0 @@
-.\" krb524/k524init.M
-.\"
-.\" Copyright 2005 by the Massachusetts Institute of Technology.
-.\"
-.\" Export of this software from the United States of America may
-.\" require a specific license from the United States Government.
-.\" It is the responsibility of any person or organization contemplating
-.\" export to obtain such a license before exporting.
-.\"
-.\" WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-.\" distribute this software and its documentation for any purpose and
-.\" without fee is hereby granted, provided that the above copyright
-.\" notice appear in all copies and that both that copyright notice and
-.\" this permission notice appear in supporting documentation, and that
-.\" the name of M.I.T. not be used in advertising or publicity pertaining
-.\" to distribution of the software without specific, written prior
-.\" permission. Furthermore if you modify this software you must label
-.\" your software as modified software and not distribute it in such a
-.\" fashion that it might be confused with the original M.I.T. software.
-.\" M.I.T. makes no representations about the suitability of
-.\" this software for any purpose. It is provided "as is" without express
-.\" or implied warranty.
-.\" "
-.TH KRB524INIT 1
-.SH NAME
-krb524init \- Obtain Kerberos V4 tickets from Kerberos V5 tickets
-.SH SYNOPSIS
-\fBkrb524init\fP [\fB\-n\fP] [\fB\-p\fP \fIprincipal\fP]
-.SH DESCRIPTION
-.I krb524init
-converts a V5 credential to a V4 credential by querying a remote krb524d
-server and stores it in a V4 ticket cache. The credential is
-.I principal
-or "krbtgt" at the V5 ticket cache's default principal's realm if not
-specified.
-.SH OPTIONS
-.TP
-.B \-n
-By default, the V4 ticket cache is initialized. If this option is given,
-the converted credential is instead added to the existing ticket cache.
-.TP
-\fB\-p\fP \fIprincipal\fP
-Convert
-.I principal
-rather than krbtgt.
-.SH SEE ALSO
-kinit(1), krb524d(8)
Deleted: branches/mskrb-integ/src/krb524/k524init.c
===================================================================
--- branches/mskrb-integ/src/krb524/k524init.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/krb524/k524init.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,183 +0,0 @@
-/*
- * Copyright 1994 by OpenVision Technologies, Inc.
- *
- * Permission to use, copy, modify, distribute, and sell this software
- * and its documentation for any purpose is hereby granted without fee,
- * provided that the above copyright notice appears in all copies and
- * that both that copyright notice and this permission notice appear in
- * supporting documentation, and that the name of OpenVision not be used
- * in advertising or publicity pertaining to distribution of the software
- * without specific, written prior permission. OpenVision makes no
- * representations about the suitability of this software for any
- * purpose. It is provided "as is" without express or implied warranty.
- *
- * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
- * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
- * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
- * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
- * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "autoconf.h"
-#include "k5-int.h" /* for data_eq */
-#include <krb5.h>
-#include "com_err.h"
-
-#include <stdio.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include <string.h>
-#include <signal.h>
-#include <sys/types.h>
-#ifndef _WIN32
-#include <sys/time.h>
-#include <sys/signal.h>
-#include <netinet/in.h>
-#endif
-
-#include <krb.h>
-
-extern int optind;
-extern char *optarg;
-char *prog = "k524init";
-
-int main(argc, argv)
- int argc;
- char **argv;
-{
- krb5_principal client, server;
- krb5_ccache cc;
- krb5_creds increds, *v5creds;
- CREDENTIALS v4creds;
- int code;
- int option;
- char *princ = NULL;
- int nodelete = 0;
- int lose = 0;
- krb5_context context;
- krb5_error_code retval;
-
- if (argv[0]) {
- prog = strrchr (argv[0], '/');
- if (prog)
- prog++;
- else
- prog = argv[0];
- }
-
- retval = krb5_init_context(&context);
- if (retval) {
- com_err(prog, retval, "while initializing krb5");
- exit(1);
- }
-
- while(((option = getopt(argc, argv, "p:n")) != -1)) {
- switch(option) {
- case 'p':
- princ = optarg;
- break;
- case 'n':
- nodelete++;
- break;
- default:
- lose++;
- break;
- }
- }
-
- if (lose || (argc - optind > 1)) {
- fprintf(stderr, "Usage: %s [-p principal] [-n]\n", prog);
- exit(1);
- }
-
- if ((code = krb5_cc_default(context, &cc))) {
- com_err(prog, code, "opening default credentials cache");
- exit(1);
- }
-
- if ((code = krb5_cc_get_principal(context, cc, &client))) {
- com_err(prog, code, "while retrieving user principal name");
- exit(1);
- }
-
- if (princ) {
- if ((code = krb5_parse_name(context, princ, &server))) {
- com_err(prog, code, "while parsing service principal name");
- exit(1);
- }
- } else {
- if ((code = krb5_build_principal(context, &server,
- krb5_princ_realm(context, client)->length,
- krb5_princ_realm(context, client)->data,
- "krbtgt",
- krb5_princ_realm(context, client)->data,
- NULL))) {
- com_err(prog, code, "while creating service principal name");
- exit(1);
- }
- }
-
- if (!nodelete) {
- krb5_data *crealm = krb5_princ_realm (context, client);
- krb5_data *srealm = krb5_princ_realm (context, server);
- if (!data_eq(*crealm, *srealm)) {
- /* Since krb4 ticket files don't store the realm name
- separately, and the client realm is assumed to be the
- realm of the first ticket, let's not store an initial
- ticket with the wrong realm name, since it'll confuse
- other programs. */
- fprintf (stderr,
- "%s: Client and server principals' realm names are different;\n"
- "\tbecause of limitations in the krb4 ticket file implementation,\n"
- "\tthis doesn't work for an initial ticket. Try `%s -n'\n"
- "\tif you already have other krb4 tickets, or convert the\n"
- "\tticket-granting ticket from your home realm.\n",
- prog, prog);
- exit (1);
- }
- }
-
- memset((char *) &increds, 0, sizeof(increds));
- increds.client = client;
- increds.server = server;
- increds.times.endtime = 0;
- increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC;
- if ((code = krb5_get_credentials(context, 0, cc, &increds, &v5creds))) {
- com_err(prog, code, "getting V5 credentials");
- exit(1);
- }
-
- if ((code = krb5_524_convert_creds(context, v5creds, &v4creds))) {
- com_err(prog, code, "converting to V4 credentials");
- exit(1);
- }
-
- /* this is stolen from the v4 kinit */
-
- if (!nodelete) {
- /* initialize ticket cache */
- code = krb_in_tkt(v4creds.pname,v4creds.pinst,v4creds.realm);
- if (code != KSUCCESS) {
- fprintf (stderr, "%s: %s trying to create the V4 ticket file",
- prog, krb_get_err_text (code));
- exit(1);
- }
- }
-
- /* stash ticket, session key, etc. for future use */
- /* This routine does *NOT* return one of the usual com_err codes. */
- if ((code = krb_save_credentials(v4creds.service, v4creds.instance,
- v4creds.realm, v4creds.session,
- v4creds.lifetime, v4creds.kvno,
- &(v4creds.ticket_st),
- v4creds.issue_date))) {
- fprintf (stderr, "%s: %s trying to save the V4 ticket\n",
- prog, krb_get_err_text (code));
- exit(1);
- }
-
- exit(0);
-}
Deleted: branches/mskrb-integ/src/krb524/krb524.c
===================================================================
--- branches/mskrb-integ/src/krb524/krb524.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/krb524/krb524.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,47 +0,0 @@
-/*
- * Copyright (C) 2003 by the Massachusetts Institute of Technology.
- * All rights reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#ifdef _WIN32
-#include "krb5.h"
-
-#ifdef krb524_convert_creds_kdc
-#undef krb524_convert_creds_kdc
-#endif
-#ifdef krb524_init_ets
-#undef krb524_init_ets
-#endif
-
-int KRB5_CALLCONV_WRONG
-krb524_convert_creds_kdc(krb5_context context, krb5_creds *v5creds, struct credentials *v4creds)
-{
- return(krb5_524_convert_creds(context,v5creds,v4creds));
-}
-
-void KRB5_CALLCONV_WRONG
-krb524_init_ets(krb5_context context)
-{
- /* no-op */
-}
-#endif /* _WIN32 */
Deleted: branches/mskrb-integ/src/krb524/krb524.def
===================================================================
--- branches/mskrb-integ/src/krb524/krb524.def 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/krb524/krb524.def 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,13 +0,0 @@
-;----------------------------------------------------
-; KRB524.DEF - KRB524.DLL module definition file
-;----------------------------------------------------
-
-; ****************************************************************************
-; Do not add any function to this file until you make sure the calling
-; convention for the exported function is KRB5_CALLCONV
-; ****************************************************************************
-
-
-EXPORTS
- krb524_convert_creds_kdc @1
- krb524_init_ets @2
Deleted: branches/mskrb-integ/src/krb524/krb524_prot
===================================================================
--- branches/mskrb-integ/src/krb524/krb524_prot 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/krb524/krb524_prot 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,11 +0,0 @@
-Protocol:
-
- -> ASN.1 encoded V5 ticket
- <- int status_code, [int kvno, encode_v4tkt encoded KTEXT_ST]
-
-kvno and V4 ticket are only included if status_code is zero.
-
-The kvno for the converted ticket is sent explicitly because the field
-is ASN.1 encoded in the krb5_creds structure; the client would have to
-decode (but not decrypt) the entire krb5_ticket structure to get it,
-which would be inefficient.
Deleted: branches/mskrb-integ/src/krb524/krb524d.M
===================================================================
--- branches/mskrb-integ/src/krb524/krb524d.M 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/krb524/krb524d.M 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,74 +0,0 @@
-.\" krb524/krb524d.M
-.\"
-.\" Copyright 1990 by the Massachusetts Institute of Technology.
-.\"
-.\" Export of this software from the United States of America may
-.\" require a specific license from the United States Government.
-.\" It is the responsibility of any person or organization contemplating
-.\" export to obtain such a license before exporting.
-.\"
-.\" WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-.\" distribute this software and its documentation for any purpose and
-.\" without fee is hereby granted, provided that the above copyright
-.\" notice appear in all copies and that both that copyright notice and
-.\" this permission notice appear in supporting documentation, and that
-.\" the name of M.I.T. not be used in advertising or publicity pertaining
-.\" to distribution of the software without specific, written prior
-.\" permission. Furthermore if you modify this software you must label
-.\" your software as modified software and not distribute it in such a
-.\" fashion that it might be confused with the original M.I.T. software.
-.\" M.I.T. makes no representations about the suitability of
-.\" this software for any purpose. It is provided "as is" without express
-.\" or implied warranty.
-.\" "
-.TH KRB524D 8
-.SH NAME
-krb524d \- Version 5 to Version 4 Credentials Conversion Daemon
-.SH SYNOPSIS
-.B krb524d
-[
-.B \-m[aster]
-|
-.B \-k[eytab]
-] [
-.B \-r
-.I realm
-] [
-.B \-nofork
-] [
-.B \-p
-.I portnum
-]
-.br
-.SH DESCRIPTION
-.I krb524d
-is the Kerberos Version 5 to Version 4 Credentials Conversion daemon.
-It works in conjuction with a krb5kdc to allow clients to acquire Kerberos
-version 4 tickets from Kerberos version 5 tickets without specifying a password.
-.SH OPTIONS
-.TP
-\fB\-m[aster]\fP
-Use the KDC database to convert credentials. This option cannot be combined with
-\fB\-k[eytab]\fP.
-.TP
-\fB\-k[eytab]\fP
-Use the default keytab to convert credentials. This option cannot be combined with
-\fB\-m[aster]\fP.
-.TP
-\fB\-r\fP \fIrealm\fP
-Convert credentials for \fIrealm\fP; by default the realm returned by
-.IR krb5_default_local_realm (3)
-is used.
-.TP
-\fB\-nofork\fP
-specifies that krb524d not fork on launch. Useful for debugging purposes.
-.TP
-\fB\-p\fP \fIportnum\fP
-specifies the default UDP port number which krb524d should listen on for
-Kerberos 524 requests. This value is used when no port is specified in
-the KDC profile and when no port is specified in the Kerberos configuration
-file.
-If no value is available, then the value in /etc/services for service
-"krb524" is used.
-.SH SEE ALSO
-kerberos(1), krb5kdc(8), kdb5_util(8), kdc.conf(5)
Deleted: branches/mskrb-integ/src/krb524/krb524d.c
===================================================================
--- branches/mskrb-integ/src/krb524/krb524d.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/krb524/krb524d.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,637 +0,0 @@
-/*
- * Copyright (C) 2002, 2007, 2008 by the Massachusetts Institute of Technology.
- * All rights reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- * Copyright 1994 by OpenVision Technologies, Inc.
- *
- * Permission to use, copy, modify, distribute, and sell this software
- * and its documentation for any purpose is hereby granted without fee,
- * provided that the above copyright notice appears in all copies and
- * that both that copyright notice and this permission notice appear in
- * supporting documentation, and that the name of OpenVision not be used
- * in advertising or publicity pertaining to distribution of the software
- * without specific, written prior permission. OpenVision makes no
- * representations about the suitability of this software for any
- * purpose. It is provided "as is" without express or implied warranty.
- *
- * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
- * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
- * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
- * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
- * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <k5-int.h>
-#include <kadm5/admin.h>
-#include <adm_proto.h>
-#include <com_err.h>
-#include <stdarg.h>
-
-#include <assert.h>
-#include <stdio.h>
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-#include <string.h>
-#include <signal.h>
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/signal.h>
-#include <netinet/in.h>
-
-#include <krb.h>
-#include "krb524d.h"
-
-#if defined(NEED_DAEMON_PROTO)
-extern int daemon(int, int);
-#endif
-
-#define TIMEOUT 60
-#define TKT_BUFSIZ 2048
-#define MSGSIZE 8192
-
-char *whoami;
-int signalled = 0;
-static int debug = 0;
-void *handle = NULL;
-
-int use_keytab, use_master;
-int allow_v4_crossrealm = 0;
-char *keytab = NULL;
-krb5_keytab kt;
-
-void init_keytab(krb5_context),
- init_master(krb5_context, kadm5_config_params *),
- cleanup_and_exit(int, krb5_context);
-krb5_error_code do_connection(int, krb5_context);
-krb5_error_code lookup_service_key(krb5_context, krb5_principal,
- krb5_enctype, krb5_kvno,
- krb5_keyblock *, krb5_kvno *);
-krb5_error_code kdc_get_server_key(krb5_context, krb5_principal,
- krb5_keyblock *, krb5_kvno *,
- krb5_enctype, krb5_kvno);
-
-static krb5_error_code
-handle_classic_v4 (krb5_context context, krb5_ticket *v5tkt,
- struct sockaddr_in *saddr,
- krb5_data *tktdata, krb5_kvno *v4kvno);
-static krb5_error_code
-afs_return_v4(krb5_context, const krb5_principal , int *use_v5);
-
-static void usage(context)
- krb5_context context;
-{
- fprintf(stderr, "Usage: %s [-k[eytab]] [-m[aster] [-r realm]] [-nofork] [-p portnum]\n", whoami);
- cleanup_and_exit(1, context);
-}
-
-static RETSIGTYPE request_exit(signo)
- int signo;
-{
- signalled = 1;
-}
-
-int (*encode_v4tkt)(KTEXT, char *, unsigned int *) = 0;
-
-int main(argc, argv)
- int argc;
- char **argv;
-{
- struct servent *serv;
- struct sockaddr_in saddr;
- struct timeval timeout;
- int ret, s, nofork;
- fd_set rfds;
- krb5_context context;
- krb5_error_code retval;
- kadm5_config_params config_params;
- unsigned long port = 0;
-
- whoami = ((whoami = strrchr(argv[0], '/')) ? whoami + 1 : argv[0]);
-
- retval = krb5int_init_context_kdc(&context);
- if (retval) {
- com_err(whoami, retval, "while initializing krb5");
- exit(1);
- }
-
- {
- krb5int_access k5int;
- retval = krb5int_accessor(&k5int, KRB5INT_ACCESS_VERSION);
- if (retval != 0) {
- com_err(whoami, retval,
- "while accessing krb5 library internal support");
- exit(1);
- }
- encode_v4tkt = k5int.krb524_encode_v4tkt;
- if (encode_v4tkt == NULL) {
- com_err(whoami, 0,
- "krb4 support disabled in krb5 support library");
- exit(1);
- }
- }
-
- argv++; argc--;
- use_master = use_keytab = nofork = 0;
- config_params.mask = 0;
-
- while (argc) {
- if (strncmp(*argv, "-X", 2) == 0) {
- allow_v4_crossrealm = 1;
- }
- else if (strncmp(*argv, "-k", 2) == 0)
- use_keytab = 1;
- else if (strncmp(*argv, "-m", 2) == 0)
- use_master = 1;
- else if (strcmp(*argv, "-nofork") == 0)
- nofork = 1;
- else if (strcmp(*argv, "-r") == 0) {
- argv++; argc--;
- if (argc == 0 || !use_master)
- usage(context);
- config_params.mask |= KADM5_CONFIG_REALM;
- config_params.realm = *argv;
- }
- else if (strcmp(*argv, "-p") == 0) {
- char *endptr = 0;
- argv++; argc--;
- if (argc == 0)
- usage (context);
- if (port != 0) {
- com_err (whoami, 0,
- "port number may only be specified once");
- exit (1);
- }
- port = strtoul (*argv, &endptr, 0);
- if (*endptr != '\0' || port > 65535 || port == 0) {
- com_err (whoami, 0,
- "invalid port number %s, must be 1..65535\n",
- *argv);
- exit (1);
- }
- }
- else
- break;
- argv++; argc--;
- }
- if (argc || use_keytab + use_master > 1 ||
- use_keytab + use_master == 0) {
- use_keytab = use_master = 0;
- usage(context);
- }
-
- signal(SIGINT, request_exit);
- signal(SIGHUP, SIG_IGN);
- signal(SIGTERM, request_exit);
-
- krb5_klog_init(context, "krb524d", whoami, !nofork);
-
- if (use_keytab)
- init_keytab(context);
- if (use_master)
- init_master(context, &config_params);
-
- memset((char *) &saddr, 0, sizeof(struct sockaddr_in));
- saddr.sin_family = AF_INET;
- saddr.sin_addr.s_addr = INADDR_ANY;
- if (port == 0) {
- serv = getservbyname(KRB524_SERVICE, "udp");
- if (serv == NULL) {
- com_err(whoami, 0, "service entry `%s' not found, using %d",
- KRB524_SERVICE, KRB524_PORT);
- saddr.sin_port = htons(KRB524_PORT);
- } else
- saddr.sin_port = serv->s_port;
- } else
- saddr.sin_port = htons(port);
-
- if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
- com_err(whoami, errno, "creating main socket");
- cleanup_and_exit(1, context);
- }
- set_cloexec_fd(s);
- if ((ret = bind(s, (struct sockaddr *) &saddr,
- sizeof(struct sockaddr_in))) < 0) {
- com_err(whoami, errno, "binding main socket");
- cleanup_and_exit(1, context);
- }
- if (!nofork && daemon(0, 0)) {
- com_err(whoami, errno, "while detaching from tty");
- cleanup_and_exit(1, context);
- }
-
- while (1) {
- FD_ZERO(&rfds);
- FD_SET(s, &rfds);
- timeout.tv_sec = TIMEOUT;
- timeout.tv_usec = 0;
-
- ret = select(s+1, &rfds, NULL, NULL, &timeout);
- if (signalled)
- cleanup_and_exit(0, context);
- else if (ret == 0) {
- if (use_master) {
- ret = kadm5_flush(handle);
- if (ret && ret != KRB5_KDB_DBNOTINITED) {
- com_err(whoami, ret, "closing kerberos database");
- cleanup_and_exit(1, context);
- }
- }
- } else if (ret < 0 && errno != EINTR) {
- com_err(whoami, errno, "in select");
- cleanup_and_exit(1, context);
- } else if (FD_ISSET(s, &rfds)) {
- if (debug)
- printf("received packet\n");
- if ((ret = do_connection(s, context))) {
- com_err(whoami, ret, "handling packet");
- }
- } else
- com_err(whoami, 0, "impossible situation occurred!");
- }
-
- cleanup_and_exit(0, context);
-}
-
-void cleanup_and_exit(ret, context)
- int ret;
- krb5_context context;
-{
- if (use_master && handle) {
- (void) kadm5_destroy(handle);
- }
- if (use_keytab && kt) krb5_kt_close(context, kt);
- krb5_klog_close(context);
- krb5_free_context(context);
- exit(ret);
-}
-
-void init_keytab(context)
- krb5_context context;
-{
- int ret;
- use_keytab = 0;
- if (keytab == NULL) {
- if ((ret = krb5_kt_default(context, &kt))) {
- com_err(whoami, ret, "while opening default keytab");
- cleanup_and_exit(1, context);
- }
- } else {
- if ((ret = krb5_kt_resolve(context, keytab, &kt))) {
- com_err(whoami, ret, "while resolving keytab %s",
- keytab);
- cleanup_and_exit(1, context);
- }
- }
- use_keytab = 1; /* now safe to close keytab */
-}
-
-void init_master(context, params)
- krb5_context context;
- kadm5_config_params *params;
-{
- int ret;
-
- use_master = 0;
- if ((ret = kadm5_init(whoami, NULL, KADM5_ADMIN_SERVICE, params,
- KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL,
- &handle))) {
- com_err(whoami, ret, "initializing kadm5 library");
- cleanup_and_exit(1, context);
- }
- use_master = 1; /* now safe to close kadm5 */
-}
-
-krb5_error_code do_connection(s, context)
- int s;
- krb5_context context;
-{
- struct sockaddr saddr;
- krb5_ticket *v5tkt = 0;
- krb5_data msgdata, tktdata;
- char msgbuf[MSGSIZE], tktbuf[TKT_BUFSIZ], *p;
- int ret;
- socklen_t saddrlen;
- krb5_int32 n; /* Must be 4 bytes */
- krb5_kvno v4kvno;
-
- msgdata.data = msgbuf;
- msgdata.length = MSGSIZE;
- tktdata.data = tktbuf;
- tktdata.length = TKT_BUFSIZ;
- saddrlen = sizeof(struct sockaddr);
- ret = recvfrom(s, msgdata.data, (int) msgdata.length, 0, &saddr, &saddrlen);
- if (ret < 0) {
- /* if recvfrom fails, we probably don't have a valid saddr to
- use for the reply, so don't even try to respond. */
- return errno;
- }
- if (debug)
- printf("message received\n");
-
- if ((ret = decode_krb5_ticket(&msgdata, &v5tkt))) {
- switch (ret) {
- case KRB5KDC_ERR_BAD_PVNO:
- case ASN1_MISPLACED_FIELD:
- case ASN1_MISSING_FIELD:
- case ASN1_BAD_ID:
- case KRB5_BADMSGTYPE:
- /* don't even answer parse errors */
- return ret;
- break;
- default:
- /* try and recognize our own error packet */
- if (msgdata.length == sizeof(krb5_int32))
- return KRB5_BADMSGTYPE;
- else
- goto error;
- }
- }
- if (debug)
- printf("V5 ticket decoded\n");
-
- if (krb5_princ_size(context, v5tkt->server) >= 1
- && krb5_princ_component(context, v5tkt->server, 0)->length == 3
- && strncmp(krb5_princ_component(context, v5tkt->server, 0)->data,
- "afs", 3) == 0) {
- krb5_data *enc_part;
- int use_v5;
- if ((ret = afs_return_v4(context, v5tkt->server,
- &use_v5)) != 0)
- goto error;
- if ((ret = encode_krb5_enc_data(&v5tkt->enc_part, &enc_part)) != 0)
- goto error;
- if (!(use_v5)|| enc_part->length >= 344) {
- krb5_free_data(context, enc_part);
- if ((ret = handle_classic_v4(context, v5tkt,
- (struct sockaddr_in *) &saddr, &tktdata,
- &v4kvno)) != 0)
- goto error;
- } else {
- KTEXT_ST fake_v4tkt;
- memset(&fake_v4tkt, 0x11, sizeof(fake_v4tkt));
- fake_v4tkt.mbz = 0;
- fake_v4tkt.length = enc_part->length;
- memcpy(fake_v4tkt.dat, enc_part->data, enc_part->length);
- v4kvno = (0x100-0x2b); /*protocol constant indicating v5
- * enc part only*/
- krb5_free_data(context, enc_part);
- ret = encode_v4tkt(&fake_v4tkt, tktdata.data, &tktdata.length);
- }
- } else {
- if ((ret = handle_classic_v4(context, v5tkt,
- (struct sockaddr_in *) &saddr, &tktdata,
- &v4kvno)) != 0)
- goto error;
- }
-
-error:
- /* create the reply */
- p = msgdata.data;
- msgdata.length = 0;
-
- n = htonl(ret);
- memcpy(p, (char *) &n, sizeof(krb5_int32));
- p += sizeof(krb5_int32);
- msgdata.length += sizeof(krb5_int32);
-
- if (ret)
- goto write_msg;
-
- n = htonl(v4kvno);
- memcpy(p, (char *) &n, sizeof(krb5_int32));
- p += sizeof(krb5_int32);
- msgdata.length += sizeof(krb5_int32);
-
- memcpy(p, tktdata.data, tktdata.length);
- p += tktdata.length;
- msgdata.length += tktdata.length;
-
-write_msg:
- if (ret)
- (void) sendto(s, msgdata.data, (int) msgdata.length, 0, &saddr, saddrlen);
- else
- if (sendto(s, msgdata.data, msgdata.length, 0, &saddr, saddrlen)<0)
- ret = errno;
- if (debug)
- printf("reply written\n");
- if (v5tkt)
- krb5_free_ticket(context, v5tkt);
-
-
- return ret;
-}
-
-krb5_error_code lookup_service_key(context, p, ktype, kvno, key, kvnop)
- krb5_context context;
- krb5_principal p;
- krb5_enctype ktype;
- krb5_kvno kvno;
- krb5_keyblock *key;
- krb5_kvno *kvnop;
-{
- int ret;
- krb5_keytab_entry entry;
-
- if (use_keytab) {
- if ((ret = krb5_kt_get_entry(context, kt, p, kvno, ktype, &entry)))
- return ret;
- *key = entry.key;
- key->contents = malloc(key->length);
- if (key->contents)
- memcpy(key->contents, entry.key.contents, key->length);
- else if (key->length) {
- /* out of memory? */
- ret = ENOMEM;
- memset (key, 0, sizeof (*key));
- return ret;
- }
-
- krb5_kt_free_entry(context, &entry);
- return 0;
- } else if (use_master) {
- return kdc_get_server_key(context, p, key, kvnop, ktype, kvno);
- }
- return 0;
-}
-
-krb5_error_code kdc_get_server_key(context, service, key, kvnop, ktype, kvno)
- krb5_context context;
- krb5_principal service;
- krb5_keyblock *key;
- krb5_kvno *kvnop;
- krb5_enctype ktype;
- krb5_kvno kvno;
-{
- krb5_error_code ret;
- kadm5_principal_ent_rec server;
-
- if ((ret = kadm5_get_principal(handle, service, &server,
- KADM5_KEY_DATA|KADM5_ATTRIBUTES)))
- return ret;
-
- if (server.attributes & KRB5_KDB_DISALLOW_ALL_TIX
- || server.attributes & KRB5_KDB_DISALLOW_SVR) {
- kadm5_free_principal_ent(handle, &server);
- return KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
- }
-
- /*
- * We try kadm5_decrypt_key twice because in the case of a
- * ENCTYPE_DES_CBC_CRC key, we prefer to find a krb4 salt type
- * over a normal key. Note this may create a problem if the
- * server key is passworded and has both a normal and v4 salt.
- * There is no good solution to this.
- */
- if ((ret = kadm5_decrypt_key(handle,
- &server,
- ktype,
- (ktype == ENCTYPE_DES_CBC_CRC) ?
- KRB5_KDB_SALTTYPE_V4 : -1,
- kvno,
- key, NULL, kvnop)) &&
- (ret = kadm5_decrypt_key(handle,
- &server,
- ktype,
- -1,
- kvno,
- key, NULL, kvnop))) {
- kadm5_free_principal_ent(handle, &server);
- return (KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN);
- }
-
- kadm5_free_principal_ent(handle, &server);
- return ret;
-}
-
-/*
- * We support two kinds of v4 credentials. There are real v4
- * credentials, and a Kerberos v5 enc part masquerading as a krb4
- * credential to be used by modern AFS implementations; this function
- * handles the classic v4 case.
- */
-
-static krb5_error_code
-handle_classic_v4 (krb5_context context, krb5_ticket *v5tkt,
- struct sockaddr_in *saddr,
- krb5_data *tktdata, krb5_kvno *v4kvno)
-{
- krb5_error_code ret;
- krb5_keyblock v5_service_key, v4_service_key;
- KTEXT_ST v4tkt;
-
- v5_service_key.contents = NULL;
- v4_service_key.contents = NULL;
-
- if ((ret = lookup_service_key(context, v5tkt->server,
- v5tkt->enc_part.enctype,
- v5tkt->enc_part.kvno,
- &v5_service_key, NULL)))
- goto error;
-
- if ((ret = lookup_service_key(context, v5tkt->server,
- ENCTYPE_DES_CBC_CRC,
- 0,
- &v4_service_key, v4kvno)))
- goto error;
-
- if (debug)
- printf("service key retrieved\n");
- if ((ret = krb5_decrypt_tkt_part(context, &v5_service_key, v5tkt))) {
- goto error;
- }
-
- if (!(allow_v4_crossrealm || krb5_realm_compare(context, v5tkt->server,
- v5tkt->enc_part2->client))) {
- ret = KRB5KDC_ERR_POLICY;
- goto error;
- }
- krb5_free_enc_tkt_part(context, v5tkt->enc_part2);
- v5tkt->enc_part2= NULL;
-
- memset(&v4tkt, 0x33, sizeof(v4tkt));
- ret = krb524_convert_tkt_skey(context, v5tkt, &v4tkt, &v5_service_key,
- &v4_service_key,
- (struct sockaddr_in *)saddr);
- if (ret)
- goto error;
-
- if (debug)
- printf("credentials converted\n");
-
- ret = encode_v4tkt(&v4tkt, tktdata->data, &tktdata->length);
- if (ret)
- goto error;
- if (debug)
- printf("v4 credentials encoded\n");
-
-error:
- if (v5tkt->enc_part2) {
- krb5_free_enc_tkt_part(context, v5tkt->enc_part2);
- v5tkt->enc_part2 = NULL;
- }
-
- if (v5_service_key.contents)
- krb5_free_keyblock_contents(context, &v5_service_key);
- if (v4_service_key.contents)
- krb5_free_keyblock_contents(context, &v4_service_key);
- return ret;
-}
-
-/*
- * afs_return_v4: a predicate to determine whether we want to try
- * using the afs krb5 encrypted part encoding or whether we just
- * return krb4. Takes a principal, and checks the configuration file.
- */
-static krb5_error_code
-afs_return_v4 (krb5_context context, const krb5_principal princ,
- int *use_v5)
-{
- krb5_error_code ret;
- char *unparsed_name;
- char *cp;
- krb5_data realm;
- assert(use_v5 != NULL);
- ret = krb5_unparse_name(context, princ, &unparsed_name);
- if (ret != 0)
- return ret;
-/* Trim out trailing realm component into separate string.*/
- for (cp = unparsed_name; *cp != '\0'; cp++) {
- if (*cp == '\\') {
- cp++; /* We trust unparse_name not to leave a singleton
- * backslash*/
- continue;
- }
- if (*cp == '@') {
- *cp = '\0';
- realm.data = cp+1;
- realm.length = strlen((char *) realm.data);
- break;
- }
- }
- krb5_appdefault_boolean(context, "afs_krb5",
- &realm, unparsed_name, 1,
- use_v5);
- krb5_free_unparsed_name(context, unparsed_name);
- return ret;
-}
Deleted: branches/mskrb-integ/src/krb524/krb524d.h
===================================================================
--- branches/mskrb-integ/src/krb524/krb524d.h 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/krb524/krb524d.h 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,48 +0,0 @@
-/*
- * Copyright 1994 by OpenVision Technologies, Inc.
- *
- * Permission to use, copy, modify, distribute, and sell this software
- * and its documentation for any purpose is hereby granted without fee,
- * provided that the above copyright notice appears in all copies and
- * that both that copyright notice and this permission notice appear in
- * supporting documentation, and that the name of OpenVision not be used
- * in advertising or publicity pertaining to distribution of the software
- * without specific, written prior permission. OpenVision makes no
- * representations about the suitability of this software for any
- * purpose. It is provided "as is" without express or implied warranty.
- *
- * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
- * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
- * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
- * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
- * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef KRB524INT_H
-#define KRB524INT_H
-
-#include "port-sockets.h"
-#include "kerberosIV/krb.h"
-
-#ifndef KRB524INT_BEGIN_DECLS
-#ifdef __cplusplus
-#define KRB524INT_BEGIN_DECLS extern "C" {
-#define KRB524INT_END_DECLS }
-#else
-#define KRB524INT_BEGIN_DECLS
-#define KRB524INT_END_DECLS
-#endif
-#endif
-
-KRB524INT_BEGIN_DECLS
-
-int krb524_convert_tkt_skey
- (krb5_context context, krb5_ticket *v5tkt, KTEXT_ST *v4tkt,
- krb5_keyblock *v5_skey, krb5_keyblock *v4_skey,
- struct sockaddr_in *saddr);
-
-KRB524INT_END_DECLS
-
-#endif /* KRB524INT_H */
Deleted: branches/mskrb-integ/src/krb524/libinit.c
===================================================================
--- branches/mskrb-integ/src/krb524/libinit.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/krb524/libinit.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,27 +0,0 @@
-#ifdef _WIN32
-#include <windows.h>
-
-BOOL
-WINAPI
-DllMain(
- HANDLE hModule,
- DWORD fdwReason,
- LPVOID lpReserved
- )
-{
- switch (fdwReason)
- {
- case DLL_PROCESS_ATTACH:
- break;
- case DLL_THREAD_ATTACH:
- break;
- case DLL_THREAD_DETACH:
- break;
- case DLL_PROCESS_DETACH:
- break;
- default:
- return FALSE;
- }
- return TRUE;
-}
-#endif
Deleted: branches/mskrb-integ/src/krb524/test.c
===================================================================
--- branches/mskrb-integ/src/krb524/test.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/krb524/test.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,353 +0,0 @@
-/*
- * Copyright 1994 by OpenVision Technologies, Inc.
- *
- * Permission to use, copy, modify, distribute, and sell this software
- * and its documentation for any purpose is hereby granted without fee,
- * provided that the above copyright notice appears in all copies and
- * that both that copyright notice and this permission notice appear in
- * supporting documentation, and that the name of OpenVision not be used
- * in advertising or publicity pertaining to distribution of the software
- * without specific, written prior permission. OpenVision makes no
- * representations about the suitability of this software for any
- * purpose. It is provided "as is" without express or implied warranty.
- *
- * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
- * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
- * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
- * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
- * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "k5-int.h"
-
-#include <stdio.h>
-#include <time.h>
-#include <sys/types.h>
-
-#ifndef _WIN32
-#include <netinet/in.h>
-#endif
-
-#include <des.h>
-#include <krb.h>
-#include "com_err.h"
-
-#define KEYSIZE 8
-#define CRED_BUFSIZ 2048
-
-#define krb5_print_addrs
-
-void do_local (krb5_creds *, krb5_keyblock *),
- do_remote (krb5_context, krb5_creds *, char *, krb5_keyblock *);
-
-static
-void print_key(msg, key)
- char *msg;
- des_cblock *key;
-{
- printf("%s: ", msg);
- C_Block_print(key);
- printf("\n");
-}
-
-static
-void print_time(msg, t)
- char *msg;
- int t;
-{
- printf("%s: %d, %s", msg, t, ctime((time_t *) &t));
-}
-
-static
-void krb5_print_times(msg, t)
- char *msg;
- krb5_ticket_times *t;
-{
- printf("%s: Start: %d, %s", msg, t->starttime,
- ctime((time_t *) &t->starttime));
- printf("%s: End: %d, %s", msg, t->endtime,
- ctime((time_t *) &t->endtime));
- printf("%s: Auth: %d, %s", msg, t->authtime,
- ctime((time_t *) &t->authtime));
- printf("%s: Renew: %d, %s", msg, t->renew_till,
- ctime((time_t *) &t->renew_till));
-}
-
-static
-void krb5_print_keyblock(msg, key)
- char *msg;
- krb5_keyblock *key;
-{
- printf("%s: Keytype: %d\n", msg, key->enctype);
- printf("%s: Length: %d\n", msg, key->length);
- printf("%s: Key: ", msg);
- C_Block_print((des_cblock *) key->contents);
- printf("\n");
-}
-
-static
-void krb5_print_ticket(context, ticket_data, key)
- krb5_context context;
- krb5_data *ticket_data;
- krb5_keyblock *key;
-{
- char *p;
- krb5_ticket *tkt;
- int ret;
-
- if ((ret = decode_krb5_ticket(ticket_data, &tkt))) {
- com_err("test", ret, "decoding ticket");
- exit(1);
- }
- if ((ret = krb5_decrypt_tkt_part(context, key, tkt))) {
- com_err("test", ret, "decrypting V5 ticket for print");
- exit(1);
- }
-
- krb5_unparse_name(context, tkt->server, &p);
- printf("Ticket: Server: %s\n", p);
- free(p);
- printf("Ticket: kvno: %d\n", tkt->enc_part.kvno);
- printf("Ticket: Flags: 0x%08x\n", tkt->enc_part2->flags);
- krb5_print_keyblock("Ticket: Session Keyblock",
- tkt->enc_part2->session);
- krb5_unparse_name(context, tkt->enc_part2->client, &p);
- printf("Ticket: Client: %s\n", p);
- free(p);
- krb5_print_times("Ticket: Times", &tkt->enc_part2->times);
- printf("Ticket: Address 0: %08lx\n",
- *((unsigned long *) tkt->enc_part2->caddrs[0]->contents));
-
- krb5_free_ticket(context, tkt);
-}
-
-static
-void krb5_print_creds(context, creds, secret_key)
- krb5_context context;
- krb5_creds *creds;
- krb5_keyblock *secret_key;
-{
- char *p;
-
- krb5_unparse_name(context, creds->client, &p);
- printf("Client: %s\n", p);
- free(p);
- krb5_unparse_name(context, creds->server, &p);
- printf("Server: %s\n", p);
- free(p);
- krb5_print_keyblock("Session key", &creds->keyblock);
- krb5_print_times("Times", &creds->times);
- printf("is_skey: %s\n", creds->is_skey ? "True" : "False");
- printf("Flags: 0x%08x\n", creds->ticket_flags);
-#if 0
- krb5_print_addrs(creds->addresses);
-#endif
- krb5_print_ticket(context, &creds->ticket, secret_key);
- /* krb5_print_ticket(context, &creds->second_ticket, secret_key); */
-}
-
-static
-void krb4_print_ticket(ticket, secret_key)
- KTEXT ticket;
- krb5_keyblock *secret_key;
-{
- char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ];
- char sname[ANAME_SZ], sinst[INST_SZ];
- unsigned char flags;
- krb5_ui_4 addr;
- krb5_ui_4 issue_time;
- C_Block session_key;
- int life;
- Key_schedule keysched;
-
- int ret;
-
- if (des_key_sched(secret_key->contents, keysched)) {
- fprintf(stderr, "Bug in DES key somewhere.\n");
- exit(1);
- }
-
- ret = decomp_ticket(ticket, &flags, pname, pinst, prealm, &addr,
- session_key, &life, &issue_time, sname,
- sinst, secret_key->contents, keysched);
- if (ret != KSUCCESS) {
- fprintf(stderr, "krb4 decomp_ticket failed\n");
- exit(1);
- }
- printf("Ticket: Client: %s.%s@%s\n", pname, pinst, prealm);
- printf("Ticket: Service: %s.%s\n", sname, sinst);
- printf("Ticket: Address: %08lx\n", (long) addr);
- print_key("Ticket: Session Key", (char *) session_key);
- printf("Ticket: Lifetime: %d\n", life);
- printf("Ticket: Issue Date: %ld, %s", (long) issue_time,
- ctime((time_t *) &issue_time));
-}
-
-static
-void krb4_print_creds(creds, secret_key)
- CREDENTIALS *creds;
- krb5_keyblock *secret_key;
-{
- printf("Client: %s.%s@%s\n", creds->pname, creds->pinst,
- creds->realm);
- printf("Service: %s.%s@%s\n", creds->service, creds->instance,
- creds->realm);
- print_key("Session key", (char *) creds->session);
- printf("Lifetime: %d\n", creds->lifetime);
- printf("Key Version: %d\n", creds->kvno);
- print_time("Issue Date", creds->issue_date);
- krb4_print_ticket(&creds->ticket_st, secret_key);
-}
-
-static
-void usage()
-{
- fprintf(stderr, "Usage: test [-remote server] client service\n");
- exit(1);
-}
-
-int main(argc, argv)
- int argc;
- char **argv;
-{
- krb5_principal client, server;
- krb5_ccache cc;
- krb5_creds increds, *v5creds;
- krb5_keyblock key;
- char keybuf[KEYSIZE], buf[BUFSIZ];
- int i, ret, local;
- char *remote;
- krb5_context context;
- krb5_error_code retval;
-
-#if 0
- krb524_debug = 1;
-#endif
-
- retval = krb5_init_context(&context);
- if (retval) {
- com_err(argv[0], retval, "while initializing krb5");
- exit(1);
- }
-
- local = 0;
- remote = NULL;
- argc--; argv++;
- while (argc) {
- if (strcmp(*argv, "-local") == 0)
- local++;
-#if 0
- else if (strcmp(*argv, "-remote") == 0) {
- argc--; argv++;
- if (!argc)
- usage();
- remote = *argv;
- }
-#endif
- else
- break;
- argc--; argv++;
- }
- if (argc != 2)
- usage();
-
- if ((ret = krb5_parse_name(context, argv[0], &client))) {
- com_err("test", ret, "parsing client name");
- exit(1);
- }
- if ((ret = krb5_parse_name(context, argv[1], &server))) {
- com_err("test", ret, "parsing server name");
- exit(1);
- }
- if ((ret = krb5_cc_default(context, &cc))) {
- com_err("test", ret, "opening default credentials cache");
- exit(1);
- }
-
- memset((char *) &increds, 0, sizeof(increds));
- increds.client = client;
- increds.server = server;
- increds.times.endtime = 0;
- increds.keyblock.enctype = ENCTYPE_DES_CBC_MD5;
- if ((ret = krb5_get_credentials(context, 0, cc, &increds, &v5creds))) {
- com_err("test", ret, "getting V5 credentials");
- exit(1);
- }
-
- /* We need the service key in order to locally decrypt both */
- /* tickets for testing */
- printf("Service's key: ");
- fflush(stdout);
- fgets(buf, BUFSIZ, stdin);
- for (i = 0; i < 8; i++) {
- unsigned char c;
- c = buf[2*i];
- if (c >= '0' && c <= '9')
- c -= '0';
- else if (c >= 'a' && c <= 'z')
- c = c - 'a' + 0xa;
- keybuf[i] = c << 4;
- c = buf[2*i+1];
- if (c >= '0' && c <= '9')
- c -= '0';
- else if (c >= 'a' && c <= 'z')
- c = c - 'a' + 0xa;
- keybuf[i] += c;
- }
-
- key.enctype = ENCTYPE_DES_CBC_MD5;
- key.length = KEYSIZE; /* presumably */
- key.contents = (krb5_octet *) keybuf;
-
- do_remote(context, v5creds, remote, &key);
- exit(0);
-}
-
-void do_remote(context, v5creds, server, key)
- krb5_context context;
- krb5_creds *v5creds;
- char *server;
- krb5_keyblock *key;
-{
-#if 0
- struct sockaddr_in saddr;
- struct hostent *hp;
-#endif
- CREDENTIALS v4creds;
- int ret;
-
- printf("\nV5 credentials:\n");
- krb5_print_creds(context, v5creds, key);
-
-#if 0
- if (strcmp(server, "kdc") != 0) {
- hp = gethostbyname(server);
- if (hp == NULL) {
- fprintf(stderr, "test: host %s does not exist.\n", server);
- exit(1);
- }
- memset((char *) &saddr, 0, sizeof(struct sockaddr_in));
- saddr.sin_family = AF_INET;
- memcpy((char *) &saddr.sin_addr.s_addr, hp->h_addr,
- sizeof(struct in_addr));
-
- if ((ret = krb524_convert_creds_addr(context, v5creds, &v4creds,
- (struct sockaddr *) &saddr))) {
- com_err("test", ret, "converting credentials on %s",
- server);
- exit(1);
- }
- } else
-#endif
- {
- if ((ret = krb524_convert_creds_kdc(context, v5creds, &v4creds))) {
- com_err("test", ret, "converting credentials via kdc");
- exit(1);
- }
- }
-
- printf("\nV4 credentials:\n");
- krb4_print_creds(&v4creds, key);
-}
Modified: branches/mskrb-integ/src/lib/Makefile.in
===================================================================
--- branches/mskrb-integ/src/lib/Makefile.in 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,15 +1,14 @@
thisconfigdir=./..
myfulldir=lib
mydir=lib
-SUBDIRS=crypto krb5 des425 @KRB4@ gssapi rpc kdb kadm5 apputils
+SUBDIRS=crypto krb5 gssapi rpc kdb kadm5 apputils
BUILDTOP=$(REL)..
all-unix::
-CLEANLIBS = libkrb5.a libkdb5.a libcrypto.a libgssapi_krb5.a libdes425.a \
- libkrb425.a libkadm.a libkrb4.a libcom_err.a libpty.a \
- libss.a libgssapi.a libapputils.a \
- libkrb5.so libcrypto.so libkrb4.so libdes425.so
+CLEANLIBS = libkrb5.a libkdb5.a libcrypto.a libgssapi_krb5.a libkadm.a \
+ libcom_err.a libpty.a ibss.a libgssapi.a libapputils.a libkrb5.so \
+ libcrypto.so
clean-unix::
Modified: branches/mskrb-integ/src/lib/crypto/des/des_int.h
===================================================================
--- branches/mskrb-integ/src/lib/crypto/des/des_int.h 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/crypto/des/des_int.h 2009-01-03 03:00:25 UTC (rev 21678)
@@ -64,10 +64,57 @@
#ifndef KRB5_MIT_DES__
#define KRB5_MIT_DES__
-#define KRB5INT_CRYPTO_DES_INT /* skip krb4-specific DES stuff */
-#include "kerberosIV/des.h" /* for des_key_schedule, etc. */
-#undef KRB5INT_CRYPTO_DES_INT /* don't screw other inclusions of des.h */
+#if defined(__MACH__) && defined(__APPLE__)
+#include <TargetConditionals.h>
+#include <AvailabilityMacros.h>
+#if TARGET_RT_MAC_CFM
+#error "Use KfM 4.0 SDK headers for CFM compilation."
+#endif
+#if defined(DEPRECATED_IN_MAC_OS_X_VERSION_10_5) && !defined(KRB5_SUPRESS_DEPRECATED_WARNINGS)
+#define KRB5INT_DES_DEPRECATED DEPRECATED_IN_MAC_OS_X_VERSION_10_5
+#endif
+#endif /* defined(__MACH__) && defined(__APPLE__) */
+/* Macro to add deprecated attribute to DES types and functions */
+/* Currently only defined on Mac OS X 10.5 and later. */
+#ifndef KRB5INT_DES_DEPRECATED
+#define KRB5INT_DES_DEPRECATED
+#endif
+
+#include <limits.h>
+
+#if UINT_MAX >= 0xFFFFFFFFUL
+#define DES_INT32 int
+#define DES_UINT32 unsigned int
+#else
+#define DES_INT32 long
+#define DES_UINT32 unsigned long
+#endif
+
+typedef unsigned char des_cblock[8] /* crypto-block size */
+KRB5INT_DES_DEPRECATED;
+
+/*
+ * Key schedule.
+ *
+ * This used to be
+ *
+ * typedef struct des_ks_struct {
+ * union { DES_INT32 pad; des_cblock _;} __;
+ * } des_key_schedule[16];
+ *
+ * but it would cause trouble if DES_INT32 were ever more than 4
+ * bytes. The reason is that all the encryption functions cast it to
+ * (DES_INT32 *), and treat it as if it were DES_INT32[32]. If
+ * 2*sizeof(DES_INT32) is ever more than sizeof(des_cblock), the
+ * caller-allocated des_key_schedule will be overflowed by the key
+ * scheduling functions. We can't assume that every platform will
+ * have an exact 32-bit int, and nothing should be looking inside a
+ * des_key_schedule anyway.
+ */
+typedef struct des_ks_struct { DES_INT32 _[2]; } des_key_schedule[16]
+KRB5INT_DES_DEPRECATED;
+
typedef des_cblock mit_des_cblock;
typedef des_key_schedule mit_des_key_schedule;
Modified: branches/mskrb-integ/src/lib/crypto/keyhash_provider/Makefile.in
===================================================================
--- branches/mskrb-integ/src/lib/crypto/keyhash_provider/Makefile.in 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/crypto/keyhash_provider/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678)
@@ -75,11 +75,10 @@
$(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
$(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
$(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(srcdir)/../des/des_int.h \
- descbc.c keyhash_provider.h
+ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
+ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
+ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+ $(srcdir)/../des/des_int.h descbc.c keyhash_provider.h
k5_md4des.so k5_md4des.po $(OUTPRE)k5_md4des.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
@@ -87,11 +86,10 @@
$(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
$(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
$(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(srcdir)/../des/des_int.h $(srcdir)/../md4/rsa-md4.h \
- k5_md4des.c keyhash_provider.h
+ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
+ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(srcdir)/../des/des_int.h \
+ $(srcdir)/../md4/rsa-md4.h k5_md4des.c keyhash_provider.h
k5_md5des.so k5_md5des.po $(OUTPRE)k5_md5des.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
@@ -99,11 +97,10 @@
$(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
$(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
$(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(srcdir)/../des/des_int.h $(srcdir)/../md5/rsa-md5.h \
- k5_md5des.c keyhash_provider.h
+ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
+ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(srcdir)/../des/des_int.h \
+ $(srcdir)/../md5/rsa-md5.h k5_md5des.c keyhash_provider.h
hmac_md5.so hmac_md5.po $(OUTPRE)hmac_md5.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
Modified: branches/mskrb-integ/src/lib/crypto/keyhash_provider/hmac_md5.c
===================================================================
--- branches/mskrb-integ/src/lib/crypto/keyhash_provider/hmac_md5.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/crypto/keyhash_provider/hmac_md5.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,9 +1,7 @@
/*
* lib/crypto/keyhash_provider/hmac_md5.c
*
-(I don't know)
-.
- * Copyright2001 by the Massachusetts Institute of Technology.
+ * Copyright 2001 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
@@ -26,8 +24,8 @@
* or implied warranty.
*
*
-* Implementation of the Microsoft hmac-md5 checksum type.
-* Implemented based on draft-brezak-win2k-krb-rc4-hmac-03
+ * Implementation of the Microsoft hmac-md5 checksum type.
+ * Implemented based on draft-brezak-win2k-krb-rc4-hmac-03
*/
#include "k5-int.h"
Modified: branches/mskrb-integ/src/lib/crypto/old/Makefile.in
===================================================================
--- branches/mskrb-integ/src/lib/crypto/old/Makefile.in 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/crypto/old/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678)
@@ -45,10 +45,10 @@
$(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
$(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
$(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(srcdir)/../des/des_int.h des_stringtokey.c old.h
+ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
+ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(srcdir)/../des/des_int.h \
+ des_stringtokey.c old.h
old_decrypt.so old_decrypt.po $(OUTPRE)old_decrypt.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
Deleted: branches/mskrb-integ/src/lib/des425/ISSUES
===================================================================
--- branches/mskrb-integ/src/lib/des425/ISSUES 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/des425/ISSUES 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,28 +0,0 @@
--*- text -*-
-
-* unix_time.c also exists in ../krb4, and they're different; both
- should probably call into the krb5 support anyways to avoid
- duplicating code.
-
-* namespace intrusions
-
-* Check include/kerberosIV/des.h and see if all the prototyped
- functions really are necessary to retain; if not, delete some of
- these source files.
-
-* Much of this code requires that DES_INT32 be *exactly* 32 bits, and
- 4 bytes.
-
-* Array types are used in function call signatures, which is unclean.
- It makes trying to add "const" qualifications in the right places
- really, um, interesting. But we're probably stuck with them.
-
-* quad_cksum is totally broken. I have no idea whether the author
- actually believed it implemented the documented algorithm, but I'm
- certain it doesn't. The only question is, is it still reasonably
- secure, when the plaintext and checksum are visible to an attacker
- as in the mk_safe message?
-
-* des_read_password and des_read_pw_string are not thread-safe. Also,
- they should be calling into the k5crypto library instead of
- duplicating functionality.
Deleted: branches/mskrb-integ/src/lib/des425/Makefile.in
===================================================================
--- branches/mskrb-integ/src/lib/des425/Makefile.in 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/des425/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,273 +0,0 @@
-thisconfigdir=../..
-myfulldir=lib/des425
-mydir=lib/des425
-BUILDTOP=$(REL)..$(S)..
-LOCALINCLUDES = -I$(srcdir)/../crypto/des -I$(srcdir)/../../include/kerberosIV
-DEFS=
-
-##DOS##BUILDTOP = ..\..
-##DOS##LIBNAME=$(OUTPRE)des425.lib
-##DOS##OBJFILE=$(OUTPRE)des425.lst
-##DOS##OBJFILEDEP=$(OUTPRE)des425.lst
-##DOS##OBJFILELIST=@$(OUTPRE)des425.lst
-
-PROG_LIBPATH=-L$(TOPLIBD)
-PROG_RPATH=$(KRB5_LIBDIR)
-
-RUN_SETUP=@KRB5_RUN_ENV@
-
-LIBBASE=des425
-LIBMAJOR=3
-LIBMINOR=0
-RELDIR=des425
-# Depends on libk5crypto and libkrb5
-SHLIB_EXPDEPS = \
- $(TOPLIBD)/libk5crypto$(SHLIBEXT) \
- $(TOPLIBD)/libkrb5$(SHLIBEXT)
-SHLIB_EXPLIBS=-lkrb5 -lcom_err -lk5crypto
-SHLIB_DIRS=-L$(TOPLIBD)
-SHLIB_RDIRS=$(KRB5_LIBDIR)
-
-STOBJLISTS=OBJS.ST
-STLIBOBJS=cksum.o \
- des.o \
- enc_dec.o \
- key_parity.o \
- key_sched.o \
- new_rnd_key.o \
- pcbc_encrypt.o \
- quad_cksum.o \
- random_key.o \
- read_passwd.o \
- str_to_key.o \
- unix_time.o \
- util.o \
- weak_key.o
-
-
-OBJS= $(OUTPRE)cksum.$(OBJEXT) \
- $(OUTPRE)des.$(OBJEXT) \
- $(OUTPRE)enc_dec.$(OBJEXT) \
- $(OUTPRE)key_parity.$(OBJEXT) \
- $(OUTPRE)key_sched.$(OBJEXT) \
- $(OUTPRE)new_rnd_key.$(OBJEXT) \
- $(OUTPRE)pcbc_encrypt.$(OBJEXT) \
- $(OUTPRE)quad_cksum.$(OBJEXT) \
- $(OUTPRE)random_key.$(OBJEXT) \
- $(OUTPRE)read_passwd.$(OBJEXT) \
- $(OUTPRE)str_to_key.$(OBJEXT) \
- $(OUTPRE)unix_time.$(OBJEXT) \
- $(OUTPRE)util.$(OBJEXT) \
- $(OUTPRE)weak_key.$(OBJEXT)
-
-SRCS= $(srcdir)/cksum.c \
- $(srcdir)/des.c \
- $(srcdir)/enc_dec.c \
- $(srcdir)/key_parity.c \
- $(srcdir)/key_sched.c \
- $(srcdir)/new_rnd_key.c \
- $(srcdir)/pcbc_encrypt.c \
- $(srcdir)/quad_cksum.c \
- $(srcdir)/random_key.c \
- $(srcdir)/read_passwd.c \
- $(srcdir)/str_to_key.c \
- $(srcdir)/unix_time.c \
- $(srcdir)/util.c \
- $(srcdir)/weak_key.c
-
-all-unix:: all-liblinks
-
-##DOS##LIBOBJS = $(OBJS)
-
-shared:
- mkdir shared
-
-verify: verify.o $(DES425_DEPLIB) $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o $@ verify.o $(DES425_LIB) $(KRB5_BASE_LIBS)
-
-t_quad: t_quad.o quad_cksum.o $(SUPPORT_DEPLIB)
- $(CC_LINK) -o $@ t_quad.o quad_cksum.o $(SUPPORT_LIB)
-
-t_pcbc: t_pcbc.o pcbc_encrypt.o key_sched.o $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o $@ t_pcbc.o pcbc_encrypt.o key_sched.o $(KRB5_BASE_LIBS)
-
-check-unix:: verify t_quad t_pcbc
- $(RUN_SETUP) $(VALGRIND) ./verify -z
- $(RUN_SETUP) $(VALGRIND) ./verify -m
- $(RUN_SETUP) $(VALGRIND) ./verify
- $(RUN_SETUP) $(VALGRIND) ./t_quad
- $(RUN_SETUP) $(VALGRIND) ./t_pcbc
-
-check-windows::
-
-clean::
- $(RM) $(OUTPRE)verify$(EXEEXT) $(OUTPRE)verify.$(OBJEXT) \
- $(OUTPRE)t_quad$(EXEEXT) $(OUTPRE)t_quad.$(OBJEXT) \
- $(OUTPRE)t_pcbc$(EXEEXT) $(OUTPRE)t_pcbc.$(OBJEXT)
-
-clean-unix:: clean-liblinks clean-libs clean-libobjs
-
-install-unix:: install-libs
-
- at lib_frag@
- at libobj_frag@
-
-# +++ Dependency line eater +++
-#
-# Makefile dependencies follow. This must be the last section in
-# the Makefile.in file
-#
-cksum.so cksum.po $(OUTPRE)cksum.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
- $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
- $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(srcdir)/../crypto/des/des_int.h \
- cksum.c
-des.so des.po $(OUTPRE)des.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
- $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
- $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(srcdir)/../crypto/des/des_int.h \
- des.c
-enc_dec.so enc_dec.po $(OUTPRE)enc_dec.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
- $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
- $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(srcdir)/../crypto/des/des_int.h \
- enc_dec.c
-key_parity.so key_parity.po $(OUTPRE)key_parity.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
- $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
- $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
- $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(srcdir)/../crypto/des/des_int.h key_parity.c
-key_sched.so key_sched.po $(OUTPRE)key_sched.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
- $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
- $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
- $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(srcdir)/../crypto/des/des_int.h key_sched.c
-new_rnd_key.so new_rnd_key.po $(OUTPRE)new_rnd_key.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
- $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
- $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
- $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(srcdir)/../crypto/des/des_int.h new_rnd_key.c
-pcbc_encrypt.so pcbc_encrypt.po $(OUTPRE)pcbc_encrypt.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
- $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
- $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
- $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(srcdir)/../crypto/des/des_int.h $(srcdir)/../crypto/des/f_tables.h \
- pcbc_encrypt.c
-quad_cksum.so quad_cksum.po $(OUTPRE)quad_cksum.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
- $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
- $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
- $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(srcdir)/../crypto/des/des_int.h quad_cksum.c
-random_key.so random_key.po $(OUTPRE)random_key.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
- $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
- $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
- $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(srcdir)/../crypto/des/des_int.h random_key.c
-read_passwd.so read_passwd.po $(OUTPRE)read_passwd.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
- $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
- $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
- $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(srcdir)/../crypto/des/des_int.h read_passwd.c
-str_to_key.so str_to_key.po $(OUTPRE)str_to_key.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
- $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
- $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
- $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(srcdir)/../crypto/des/des_int.h str_to_key.c
-unix_time.so unix_time.po $(OUTPRE)unix_time.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
- $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
- $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
- $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h unix_time.c
-util.so util.po $(OUTPRE)util.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
- $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
- $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(srcdir)/../crypto/des/des_int.h \
- util.c
-weak_key.so weak_key.po $(OUTPRE)weak_key.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
- $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
- $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
- $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(srcdir)/../crypto/des/des_int.h weak_key.c
Deleted: branches/mskrb-integ/src/lib/des425/cksum.c
===================================================================
--- branches/mskrb-integ/src/lib/des425/cksum.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/des425/cksum.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,68 +0,0 @@
-/*
- * lib/des425/cksum.c
- *
- * Copyright 1985, 1986, 1987, 1988, 1990 by the Massachusetts Institute
- * of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * These routines perform encryption and decryption using the DES
- * private key algorithm, or else a subset of it-- fewer inner loops.
- * (AUTH_DES_ITER defaults to 16, may be less.)
- *
- * Under U.S. law, this software may not be exported outside the US
- * without license from the U.S. Commerce department.
- *
- * These routines form the library interface to the DES facilities.
- *
- * spm 8/85 MIT project athena
- */
-
-#include "des_int.h"
-#include "des.h"
-
-/*
- * This routine performs DES cipher-block-chaining checksum operation,
- * a.k.a. Message Authentication Code. It ALWAYS encrypts from input
- * to a single 64 bit output MAC checksum.
- *
- * The key schedule is passed as an arg, as well as the cleartext or
- * ciphertext. The cleartext and ciphertext should be in host order.
- *
- * NOTE-- the output is ALWAYS 8 bytes long. If not enough space was
- * provided, your program will get trashed.
- *
- * The input is null padded, at the end (highest addr), to an integral
- * multiple of eight bytes.
- */
-
-unsigned long KRB5_CALLCONV
-des_cbc_cksum(in,out,length,key,iv)
- const des_cblock *in; /* >= length bytes of inputtext */
- des_cblock *out; /* >= length bytes of outputtext */
- register unsigned long length; /* in bytes */
- const mit_des_key_schedule key; /* precomputed key schedule */
- const des_cblock *iv; /* 8 bytes of ivec */
-{
- return mit_des_cbc_cksum((const krb5_octet *)in, (krb5_octet *)out,
- length, key, (krb5_octet *)iv);
-}
Deleted: branches/mskrb-integ/src/lib/des425/des.c
===================================================================
--- branches/mskrb-integ/src/lib/des425/des.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/des425/des.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,44 +0,0 @@
-/*
- * lib/des425/des.c
- *
- * Copyright 1985, 1986, 1987, 1988, 1990 by the Massachusetts Institute
- * of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include "des_int.h"
-#include "des.h"
-#undef mit_des_cbc_encrypt
-
-int KRB5_CALLCONV
-des_ecb_encrypt(clear, cipher, schedule, enc)
- des_cblock *clear;
- des_cblock *cipher;
- const mit_des_key_schedule schedule;
- int enc; /* 0 ==> decrypt, else encrypt */
-{
- static const des_cblock iv;
-
- return (mit_des_cbc_encrypt((const des_cblock *)clear, cipher,
- 8, schedule, iv, enc));
-}
Deleted: branches/mskrb-integ/src/lib/des425/enc_dec.c
===================================================================
--- branches/mskrb-integ/src/lib/des425/enc_dec.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/des425/enc_dec.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,47 +0,0 @@
-/*
- * lib/des425/enc_dec.c
- *
- * Copyright 1985, 1986, 1987, 1988, 1990 by the Massachusetts Institute
- * of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- */
-
-#include "des_int.h"
-#include "des.h"
-#undef mit_des_cbc_encrypt
-
-int
-des_cbc_encrypt(in,out,length,key,iv,enc)
- des_cblock *in; /* >= length bytes of input text */
- des_cblock *out; /* >= length bytes of output text */
- register unsigned long length; /* in bytes */
- const mit_des_key_schedule key; /* precomputed key schedule */
- const des_cblock *iv; /* 8 bytes of ivec */
- int enc; /* 0 ==> decrypt, else encrypt */
-{
- return (mit_des_cbc_encrypt((const des_cblock *) in,
- out, length, key,
- (const unsigned char *)iv, /* YUCK! */
- enc));
-}
Deleted: branches/mskrb-integ/src/lib/des425/key_parity.c
===================================================================
--- branches/mskrb-integ/src/lib/des425/key_parity.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/des425/key_parity.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,52 +0,0 @@
-/*
- * lib/des425/key_parity.c
- *
- * Copyright 1989, 1990 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include "des_int.h"
-#include "des.h"
-
-/*
- * des_fixup_key_parity: Forces odd parity per byte; parity is bits
- * 8,16,...64 in des order, implies 0, 8, 16, ...
- * vax order.
- */
-void
-des_fixup_key_parity(key)
- register mit_des_cblock key;
-{
- mit_des_fixup_key_parity(key);
-}
-
-/*
- * des_check_key_parity: returns true iff key has the correct des parity.
- */
-int
-des_check_key_parity(key)
- register mit_des_cblock key;
-{
- return(mit_des_check_key_parity(key));
-}
-
Deleted: branches/mskrb-integ/src/lib/des425/key_sched.c
===================================================================
--- branches/mskrb-integ/src/lib/des425/key_sched.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/des425/key_sched.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,40 +0,0 @@
-/*
- * lib/des425/key_sched.c
- *
- * Copyright 1985, 1986, 1987, 1988, 1990 by the Massachusetts Institute
- * of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-
-#include <stdio.h>
-#include "des_int.h"
-#include "des.h"
-
-int KRB5_CALLCONV
-des_key_sched(k,schedule)
- des_cblock k;
- des_key_schedule schedule;
-{
- return (mit_des_key_sched(k, schedule));
-}
Deleted: branches/mskrb-integ/src/lib/des425/libdes425.exports
===================================================================
--- branches/mskrb-integ/src/lib/des425/libdes425.exports 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/des425/libdes425.exports 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,18 +0,0 @@
-afs_string_to_key
-des_cbc_cksum
-des_cbc_encrypt
-des_cblock_print_file
-des_check_key_parity
-des_ecb_encrypt
-des_fixup_key_parity
-des_init_random_number_generator
-des_is_weak_key
-des_key_sched
-des_new_random_key
-des_pcbc_encrypt
-des_quad_cksum
-des_random_key
-des_read_password
-des_read_pw_string
-des_string_to_key
-unix_time_gmt_unixsec
Deleted: branches/mskrb-integ/src/lib/des425/mac_des_glue.c
===================================================================
--- branches/mskrb-integ/src/lib/des425/mac_des_glue.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/des425/mac_des_glue.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,104 +0,0 @@
-#include "des_int.h"
-#include "des.h"
-#undef mit_des3_cbc_encrypt
-
-/* These functions are exported on KfM for ABI compatibility with
- * older versions of the library. They have been pulled from the headers
- * in the hope that someday we can remove them.
- *
- * Do not change the ABIs of any of these functions!
- */
-
-//int des_read_pw_string(char *, int, char *, int);
-char *des_crypt(const char *, const char *);
-char *des_fcrypt(const char *, const char *, char *);
-
-int make_key_sched(des_cblock *, des_key_schedule);
-int des_set_key(des_cblock *, des_key_schedule);
-
-void des_3cbc_encrypt(des_cblock *, des_cblock *, long,
- des_key_schedule, des_key_schedule, des_key_schedule,
- des_cblock *, int);
-void des_3ecb_encrypt(des_cblock *, des_cblock *,
- des_key_schedule, des_key_schedule, des_key_schedule,
- int);
-
-void des_generate_random_block(des_cblock);
-void des_set_random_generator_seed(des_cblock);
-void des_set_sequence_number(des_cblock);
-
-#pragma mark -
-
-/* Why was this exported on KfM? Who knows... */
-int des_debug = 0;
-
-char *des_crypt(const char *str, const char *salt)
-{
- char afs_buf[16];
-
- return des_fcrypt(str, salt, afs_buf);
-}
-
-
-char *des_fcrypt(const char *str, const char *salt, char *buf)
-{
- return mit_afs_crypt(str, salt, buf);
-}
-
-
-int make_key_sched(des_cblock *k, des_key_schedule schedule)
-{
- return mit_des_key_sched((unsigned char *)k, schedule); /* YUCK! */
-}
-
-
-int des_set_key(des_cblock *key, des_key_schedule schedule)
-{
- return make_key_sched(key, schedule);
-}
-
-
-void des_3cbc_encrypt(des_cblock *in, des_cblock *out, long length,
- des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3,
- des_cblock *iv, int enc)
-{
- mit_des3_cbc_encrypt((const des_cblock *)in, out, (unsigned long)length,
- ks1, ks2, ks3,
- (const unsigned char *)iv, /* YUCK! */
- enc);
-}
-
-
-void des_3ecb_encrypt(des_cblock *clear, des_cblock *cipher,
- des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3,
- int enc)
-{
- static const des_cblock iv;
-
- mit_des3_cbc_encrypt((const des_cblock *)clear, cipher, 8, ks1, ks2, ks3, iv, enc);
-}
-
-
-void des_generate_random_block(des_cblock block)
-{
- krb5_data data;
-
- data.length = sizeof(des_cblock);
- data.data = (char *)block;
-
- /* This function can return an error, however we must ignore it. */
- /* The worst that happens is that the resulting block is non-random */
- krb5_c_random_make_octets(/* XXX */ 0, &data);
-}
-
-
-void des_set_random_generator_seed(des_cblock block)
-{
- des_init_random_number_generator(block); /* XXX */
-}
-
-
-void des_set_sequence_number(des_cblock block)
-{
- des_init_random_number_generator(block); /* XXX */
-}
Deleted: branches/mskrb-integ/src/lib/des425/new_rnd_key.c
===================================================================
--- branches/mskrb-integ/src/lib/des425/new_rnd_key.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/des425/new_rnd_key.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,96 +0,0 @@
-/*
- * lib/des425/new_rnd_key.c
- *
- * Copyright 1988,1990 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- */
-
-/*
- * Copyright (C) 1998 by the FundsXpress, INC.
- *
- * All rights reserved.
- *
- * Export of this software from the United States of America may require
- * a specific license from the United States Government. It is the
- * responsibility of any person or organization contemplating export to
- * obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of FundsXpress. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. FundsXpress makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#include "des_int.h"
-#include "des.h"
-#include "k5-int.h"
-
-void
-des_init_random_number_generator(key)
- mit_des_cblock key;
-{
- krb5_data seed;
-
- seed.length = sizeof(key);
- seed.data = (char *) key;
-
- if (krb5_c_random_seed(/* XXX */ 0, &seed))
- /* XXX */ abort();
-}
-
-/*
- * des_new_random_key: create a random des key
- *
- * Requires: des_set_random_number_generater_seed must be at called least
- * once before this routine is called.
- *
- * Notes: the returned key has correct parity and is guarenteed not
- * to be a weak des key. Des_generate_random_block is used to
- * provide the random bits.
- */
-int KRB5_CALLCONV
-des_new_random_key(key)
- mit_des_cblock key;
-{
- krb5_keyblock keyblock;
- krb5_error_code kret;
-
- kret = krb5_c_make_random_key(/* XXX */ 0, ENCTYPE_DES_CBC_CRC, &keyblock);
- if (kret) return kret;
-
- memcpy(key, keyblock.contents, sizeof(mit_des_cblock));
- krb5_free_keyblock_contents(/* XXX */ 0, &keyblock);
-
- return 0;
-}
Deleted: branches/mskrb-integ/src/lib/des425/pcbc_encrypt.c
===================================================================
--- branches/mskrb-integ/src/lib/des425/pcbc_encrypt.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/des425/pcbc_encrypt.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,235 +0,0 @@
-/*
- * lib/des425/pcbc_encrypt.c
- *
- * Copyright (C) 1990 by the Massachusetts Institute of Technology.
- * All rights reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * DES implementation donated by Dennis Ferguson
- */
-
-/*
- * des_pcbc_encrypt.c - encrypt a string of characters in error propagation mode
- */
-
-#include "autoconf.h" /* in case this defines CONFIG_SMALL */
-#undef CONFIG_SMALL /* XXX needs non-exported crypto symbols */
-#include "des_int.h"
-#include "des.h"
-#include <f_tables.h>
-
-/*
- * des_pcbc_encrypt - {en,de}crypt a stream in PCBC mode
- */
-int KRB5_CALLCONV
-des_pcbc_encrypt(in, out, length, schedule, ivec, enc)
- des_cblock *in;
- des_cblock *out;
- long length;
- const des_key_schedule schedule;
- des_cblock *ivec;
- int enc;
-{
- unsigned DES_INT32 left, right;
- const unsigned DES_INT32 *kp;
- const unsigned char *ip;
- unsigned char *op;
-
- /*
- * Copy the key pointer, just once
- */
- kp = (const unsigned DES_INT32 *)schedule;
-
- /*
- * Deal with encryption and decryption separately.
- */
- if (enc) {
- /* Initialization isn't really needed here, but gcc
- complains because it doesn't understand that the
- only case where these can be used uninitialized is
- to compute values that'll in turn be ignored
- because we won't go around the loop again. */
- unsigned DES_INT32 plainl = 42;
- unsigned DES_INT32 plainr = 17;
-
- /*
- * Initialize left and right with the contents of the initial
- * vector.
- */
- ip = *ivec;
- GET_HALF_BLOCK(left, ip);
- GET_HALF_BLOCK(right, ip);
-
- /*
- * Suitably initialized, now work the length down 8 bytes
- * at a time.
- */
- ip = *in;
- op = *out;
- while (length > 0) {
- /*
- * Get block of input. If the length is
- * greater than 8 this is straight
- * forward. Otherwise we have to fart around.
- */
- if (length > 8) {
- GET_HALF_BLOCK(plainl, ip);
- GET_HALF_BLOCK(plainr, ip);
- left ^= plainl;
- right ^= plainr;
- length -= 8;
- } else {
- /*
- * Oh, shoot. We need to pad the
- * end with zeroes. Work backwards
- * to do this. We know this is the
- * last block, though, so we don't have
- * to save the plain text.
- */
- ip += (int) length;
- switch(length) {
- case 8:
- right ^= *(--ip) & 0xff;
- case 7:
- right ^= (*(--ip) & 0xff) << 8;
- case 6:
- right ^= (*(--ip) & 0xff) << 16;
- case 5:
- right ^= (*(--ip) & 0xff) << 24;
- case 4:
- left ^= *(--ip) & 0xff;
- case 3:
- left ^= (*(--ip) & 0xff) << 8;
- case 2:
- left ^= (*(--ip) & 0xff) << 16;
- case 1:
- left ^= (*(--ip) & 0xff) << 24;
- break;
- }
- length = 0;
- }
-
- /*
- * Encrypt what we have
- */
- DES_DO_ENCRYPT(left, right, kp);
-
- /*
- * Copy the results out
- */
- PUT_HALF_BLOCK(left, op);
- PUT_HALF_BLOCK(right, op);
-
- /*
- * Xor with the old plain text
- */
- left ^= plainl;
- right ^= plainr;
- }
- } else {
- /*
- * Decrypting is harder than encrypting because of
- * the necessity of remembering a lot more things.
- * Should think about this a little more...
- */
- unsigned DES_INT32 ocipherl, ocipherr;
- unsigned DES_INT32 cipherl, cipherr;
-
- if (length <= 0)
- return 0;
-
- /*
- * Prime the old cipher with ivec.
- */
- ip = *ivec;
- GET_HALF_BLOCK(ocipherl, ip);
- GET_HALF_BLOCK(ocipherr, ip);
-
- /*
- * Now do this in earnest until we run out of length.
- */
- ip = *in;
- op = *out;
- for (;;) { /* check done inside loop */
- /*
- * Read a block from the input into left and
- * right. Save this cipher block for later.
- */
- GET_HALF_BLOCK(left, ip);
- GET_HALF_BLOCK(right, ip);
- cipherl = left;
- cipherr = right;
-
- /*
- * Decrypt this.
- */
- DES_DO_DECRYPT(left, right, kp);
-
- /*
- * Xor with the old cipher to get plain
- * text. Output 8 or less bytes of this.
- */
- left ^= ocipherl;
- right ^= ocipherr;
- if (length > 8) {
- length -= 8;
- PUT_HALF_BLOCK(left, op);
- PUT_HALF_BLOCK(right, op);
- /*
- * Save current cipher block here
- */
- ocipherl = cipherl ^ left;
- ocipherr = cipherr ^ right;
- } else {
- /*
- * Trouble here. Start at end of output,
- * work backwards.
- */
- op += (int) length;
- switch(length) {
- case 8:
- *(--op) = (unsigned char) (right & 0xff);
- case 7:
- *(--op) = (unsigned char) ((right >> 8) & 0xff);
- case 6:
- *(--op) = (unsigned char) ((right >> 16) & 0xff);
- case 5:
- *(--op) = (unsigned char) ((right >> 24) & 0xff);
- case 4:
- *(--op) = (unsigned char) (left & 0xff);
- case 3:
- *(--op) = (unsigned char) ((left >> 8) & 0xff);
- case 2:
- *(--op) = (unsigned char) ((left >> 16) & 0xff);
- case 1:
- *(--op) = (unsigned char) ((left >> 24) & 0xff);
- break;
- }
- break; /* we're done */
- }
- }
- }
-
- /*
- * Done, return nothing.
- */
- return 0;
-}
Deleted: branches/mskrb-integ/src/lib/des425/quad_cksum.c
===================================================================
--- branches/mskrb-integ/src/lib/des425/quad_cksum.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/des425/quad_cksum.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,200 +0,0 @@
-/*
- * lib/des425/quad_cksum.c
- *
- * Copyright 1985, 1986, 1987, 1988,1990 by the Massachusetts Institute
- * of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * This routine does not implement:
- *
- *
- * Quadratic Congruential Manipulation Dectection Code
- *
- * ref: "Message Authentication"
- * R.R. Jueneman, S. M. Matyas, C.H. Meyer
- * IEEE Communications Magazine,
- * Sept 1985 Vol 23 No 9 p 29-40
- *
- * This routine, part of the Athena DES library built for the Kerberos
- * authentication system, calculates a manipulation detection code for
- * a message. It is a much faster alternative to the DES-checksum
- * method. No guarantees are offered for its security.
- *
- * Implementation for 4.2bsd
- * by S.P. Miller Project Athena/MIT
- */
-
-/*
- * Algorithm (per paper):
- * define:
- * message to be composed of n m-bit blocks X1,...,Xn
- * optional secret seed S in block X1
- * MDC in block Xn+1
- * prime modulus N
- * accumulator Z
- * initial (secret) value of accumulator C
- * N, C, and S are known at both ends
- * C and , optionally, S, are hidden from the end users
- * then
- * (read array references as subscripts over time)
- * Z[0] = c;
- * for i = 1...n
- * Z[i] = (Z[i+1] + X[i])**2 modulo N
- * X[n+1] = Z[n] = MDC
- *
- * Then pick
- * N = 2**31 -1
- * m = 16
- * iterate 4 times over plaintext, also use Zn
- * from iteration j as seed for iteration j+1,
- * total MDC is then a 128 bit array of the four
- * Zn;
- *
- * return the last Zn and optionally, all
- * four as output args.
- *
- * Modifications:
- * To inhibit brute force searches of the seed space, this
- * implementation is modified to have
- * Z = 64 bit accumulator
- * C = 64 bit C seed
- * N = 2**63 - 1
- * S = S seed is not implemented here
- * arithmetic is not quite real double integer precision, since we
- * cant get at the carry or high order results from multiply,
- * but nontheless is 64 bit arithmetic.
- */
-/*
- * This code purports to implement the above algorithm, but fails.
- *
- * First of all, there was an implicit mod 2**32 being done on the
- * machines where this was developed because of their word sizes, and
- * for compabitility this has to be done on machines with 64-bit
- * words, so we make it explicit.
- *
- * Second, in the squaring operation, I really doubt the carry-over
- * from the low 31-bit half of the accumulator is being done right,
- * and using a modulus of 0x7fffffff on the low half of the
- * accumulator seems completely wrong. And I challenge anyone to
- * explain where the number 83653421 comes from.
- *
- * --Ken Raeburn 2001-04-06
- */
-
-
-/* System include files */
-#include <stdio.h>
-#include <errno.h>
-
-#include "des_int.h"
-#include "des.h"
-
-/* Definitions for byte swapping */
-
-/* vax byte order is LSB first. This is not performance critical, and
- is far more readable this way. */
-#define four_bytes_vax_to_nets(x) ((((((x[3]<<8)|x[2])<<8)|x[1])<<8)|x[0])
-#define vaxtohl(x) four_bytes_vax_to_nets(((const unsigned char *)(x)))
-#define two_bytes_vax_to_nets(x) ((x[1]<<8)|x[0])
-#define vaxtohs(x) two_bytes_vax_to_nets(((const unsigned char *)(x)))
-
-/* Externals */
-extern int des_debug;
-
-/*** Routines ***************************************************** */
-
-unsigned long KRB5_CALLCONV
-des_quad_cksum(in,out,length,out_count,c_seed)
- const unsigned char *in; /* input block */
- unsigned DES_INT32 *out; /* optional longer output */
- long length; /* original length in bytes */
- int out_count; /* number of iterations */
- mit_des_cblock *c_seed; /* secret seed, 8 bytes */
-{
-
- /*
- * this routine both returns the low order of the final (last in
- * time) 32bits of the checksum, and if "out" is not a null
- * pointer, a longer version, up to entire 32 bytes of the
- * checksum is written unto the address pointed to.
- */
-
- register unsigned DES_INT32 z;
- register unsigned DES_INT32 z2;
- register unsigned DES_INT32 x;
- register unsigned DES_INT32 x2;
- const unsigned char *p;
- register DES_INT32 len;
- register int i;
-
- /* use all 8 bytes of seed */
-
- z = vaxtohl(c_seed);
- z2 = vaxtohl((const char *)c_seed+4);
- if (out == NULL)
- out_count = 1; /* default */
-
- /* This is repeated n times!! */
- for (i = 1; i <=4 && i<= out_count; i++) {
- len = length;
- p = in;
- while (len) {
- /*
- * X = Z + Input ... sort of. Carry out from low half
- * isn't done, so we're using all 32 bits of x now.
- */
- if (len > 1) {
- x = (z + vaxtohs(p));
- p += 2;
- len -= 2;
- }
- else {
- x = (z + *(const unsigned char *)p++);
- len = 0;
- }
- x2 = z2;
- /*
- * I think this is supposed to be a squaring operation.
- * What it really is, I haven't figured out yet.
- *
- * Explicit mod 2**32 is for backwards compatibility. Why
- * mod 0x7fffffff and not 0x80000000 on the low half of
- * the (supposed) accumulator? And where does the number
- * 83653421 come from??
- */
- z = (((x * x) + (x2 * x2)) & 0xffffffff) % 0x7fffffff;
- z2 = ((x * (x2+83653421)) & 0xffffffff) % 0x7fffffff; /* modulo */
-#ifdef DEBUG
- if (des_debug & 8)
- printf("%d %d\n",z,z2);
-#endif
- }
-
- if (out != NULL) {
- *out++ = z;
- *out++ = z2;
- }
- }
- /* return final z value as 32 bit version of checksum */
- return z;
-}
Deleted: branches/mskrb-integ/src/lib/des425/random_key.c
===================================================================
--- branches/mskrb-integ/src/lib/des425/random_key.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/des425/random_key.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,74 +0,0 @@
-/*
- * lib/des425/random_key.c
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- */
-
-/*
- * Copyright (C) 1998 by the FundsXpress, INC.
- *
- * All rights reserved.
- *
- * Export of this software from the United States of America may require
- * a specific license from the United States Government. It is the
- * responsibility of any person or organization contemplating export to
- * obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of FundsXpress. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. FundsXpress makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#include "des_int.h"
-#include "des.h"
-
-/* random_key */
-int
-des_random_key(key)
- mit_des_cblock *key;
-{
- krb5_keyblock keyblock;
- krb5_error_code kret;
-
- if ((kret = krb5_c_make_random_key(/* XXX */ 0, ENCTYPE_DES_CBC_CRC,
- &keyblock)))
- return(kret);
-
- memcpy(key, keyblock.contents, sizeof(mit_des_cblock));
-
- return(0);
-}
-
Deleted: branches/mskrb-integ/src/lib/des425/read_passwd.c
===================================================================
--- branches/mskrb-integ/src/lib/des425/read_passwd.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/des425/read_passwd.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,128 +0,0 @@
-/*
- * lib/des425/read_passwd.c
- *
- * Copyright 1985,1986,1987,1988,1991 by the Massachusetts Institute
- * of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * This routine prints the supplied string to standard
- * output as a prompt, and reads a password string without
- * echoing.
- */
-
-#if !defined(_WIN32)
-
-#include "des_int.h"
-#include "des.h"
-#include <stdio.h>
-#include <errno.h>
-#include <krb5.h>
-/* This is re-declared here because des.h might not declare it. */
-int KRB5_CALLCONV des_read_pw_string(char *, int, char *, int);
-static int des_rd_pwstr_2prompt(char *, int, char *, char *);
-
-
-/*** Routines ****************************************************** */
-static int
-des_rd_pwstr_2prompt(return_pwd, bufsize_in, prompt, prompt2)
- char *return_pwd;
- int bufsize_in;
- char *prompt;
- char *prompt2;
-{
- krb5_data reply_data;
- krb5_prompt k5prompt;
- krb5_error_code retval;
- reply_data.length = bufsize_in;
- reply_data.data = return_pwd;
- k5prompt.prompt = prompt;
- k5prompt.hidden = 1;
- k5prompt.reply = &reply_data;
- retval = krb5_prompter_posix(NULL,
- NULL, NULL, NULL, 1, &k5prompt);
-
- if ((retval==0) && prompt2) {
- krb5_data verify_data;
- verify_data.data = malloc(bufsize_in);
- verify_data.length = bufsize_in;
- k5prompt.prompt = prompt2;
- k5prompt.reply = &verify_data;
- if (!verify_data.data)
- return ENOMEM;
- retval = krb5_prompter_posix(NULL,
- NULL,NULL, NULL, 1, &k5prompt);
- if (retval) {
- free(verify_data.data);
- } else {
- /* compare */
- if (strncmp(return_pwd, (char *)verify_data.data, bufsize_in)) {
- retval = KRB5_LIBOS_BADPWDMATCH;
- free(verify_data.data);
- }
- }
- }
- return retval;
-}
-
-
-int KRB5_CALLCONV
-des_read_password(k,prompt,verify)
- mit_des_cblock *k;
- char *prompt;
- int verify;
-{
- int ok;
- char key_string[BUFSIZ];
-
- ok = des_read_pw_string(key_string, sizeof(key_string), prompt, verify);
- if (ok == 0)
- des_string_to_key(key_string, *k);
-
- memset(key_string, 0, sizeof (key_string));
- return ok;
-}
-
-/* Note: this function is exported on KfM. Do not change its ABI. */
-int KRB5_CALLCONV
-des_read_pw_string(s, max, prompt, verify)
- char *s;
- int max;
- char *prompt;
- int verify;
-{
- int ok;
- char prompt2[BUFSIZ];
-
- if (verify) {
- snprintf(prompt2, sizeof(prompt2), "Verifying, please re-enter %s",
- prompt);
- }
- ok = des_rd_pwstr_2prompt(s, max, prompt, verify ? prompt2 : 0);
- return ok;
-}
-
-#else /* !unix */
-/*
- * These are all just dummy functions to make the rest of the library happy...
- */
-#endif /* _WINDOWS */
Deleted: branches/mskrb-integ/src/lib/des425/str_to_key.c
===================================================================
--- branches/mskrb-integ/src/lib/des425/str_to_key.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/des425/str_to_key.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,168 +0,0 @@
-/*
- * lib/des425/str_to_key.c
- *
- * Copyright 1985, 1986, 1987, 1988, 1989,1990 by the Massachusetts Institute
- * of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * These routines perform encryption and decryption using the DES
- * private key algorithm, or else a subset of it-- fewer inner loops.
- * (AUTH_DES_ITER defaults to 16, may be less.)
- *
- * Under U.S. law, this software may not be exported outside the US
- * without license from the U.S. Commerce department.
- *
- * The key schedule is passed as an arg, as well as the cleartext or
- * ciphertext. The cleartext and ciphertext should be in host order.
- *
- * These routines form the library interface to the DES facilities.
- *
- * spm 8/85 MIT project athena
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include "des_int.h"
-#include "des.h"
-
-extern int mit_des_debug;
-
-/*
- * Convert an arbitrary length string to a DES key.
- */
-
-/*
- * For krb5, a change was made to this algorithm: When each key is
- * generated, after fixing parity, a check for weak and semi-weak keys
- * is done. If the key is weak or semi-weak, we XOR the last byte
- * with 0xF0. (In the case of the intermediate key, the weakness is
- * probably irrelevant, but there it is.) The odds that this will
- * generate a different key for a random input string are pretty low,
- * but non-zero. So we need this different function for krb4 to use.
- */
-int KRB5_CALLCONV
-des_string_to_key(str,key)
- const char *str;
- register mit_des_cblock key;
-{
- const char *in_str;
- register unsigned temp;
- register int j;
- unsigned long i, length;
- unsigned char *k_p;
- int forward;
- register char *p_char;
- char k_char[64];
- mit_des_key_schedule key_sked;
-
- in_str = str;
- forward = 1;
- p_char = k_char;
- length = strlen(str);
-
- /* init key array for bits */
- memset(k_char, 0,sizeof(k_char));
-
-#ifdef DEBUG
- if (mit_des_debug)
- fprintf(stdout,
- "\n\ninput str length = %ld string = %s\nstring = 0x ",
- length,str);
-#endif
-
- /* get next 8 bytes, strip parity, xor */
- for (i = 1; i <= length; i++) {
- /* get next input key byte */
- temp = (unsigned int) *str++;
-#ifdef DEBUG
- if (mit_des_debug)
- fprintf(stdout,"%02x ",temp & 0xff);
-#endif
- /* loop through bits within byte, ignore parity */
- for (j = 0; j <= 6; j++) {
- if (forward)
- *p_char++ ^= (int) temp & 01;
- else
- *--p_char ^= (int) temp & 01;
- temp = temp >> 1;
- }
-
- /* check and flip direction */
- if ((i%8) == 0)
- forward = !forward;
- }
-
- /* now stuff into the key des_cblock, and force odd parity */
- p_char = k_char;
- k_p = (unsigned char *) key;
-
- for (i = 0; i <= 7; i++) {
- temp = 0;
- for (j = 0; j <= 6; j++)
- temp |= *p_char++ << (1+j);
- *k_p++ = (unsigned char) temp;
- }
-
- /* fix key parity */
- des_fixup_key_parity(key);
-
- /* Now one-way encrypt it with the folded key */
- (void) des_key_sched(key, key_sked);
- (void) des_cbc_cksum((const des_cblock *)in_str, (des_cblock *)key,
- length, key_sked, (const des_cblock *)key);
- /* erase key_sked */
- memset(key_sked, 0,sizeof(key_sked));
-
- /* now fix up key parity again */
- des_fixup_key_parity(key);
-
-#ifdef DEBUG
- if (mit_des_debug)
- fprintf(stdout,
- "\nResulting string_to_key = 0x%x 0x%x\n",
- *((unsigned long *) key),
- *((unsigned long *) key+1));
-#endif /* DEBUG */
- return 0; /* Really should be returning void, */
- /* but the original spec was for it to */
- /* return an int, and ANSI compilers */
- /* can do dumb things sometimes */
-}
-
-void afs_string_to_key(char *str, char *cell, des_cblock key)
-{
- krb5_data str_data;
- krb5_data cell_data;
- krb5_keyblock keyblock;
-
- str_data.data = str;
- str_data.length = strlen(str);
- cell_data.data = cell;
- cell_data.length = strlen(cell);
- keyblock.enctype = ENCTYPE_DES_CBC_CRC;
- keyblock.length = sizeof(des_cblock);
- keyblock.contents = key;
-
- mit_afs_string_to_key(&keyblock, &str_data, &cell_data);
-}
Deleted: branches/mskrb-integ/src/lib/des425/string2key.c
===================================================================
--- branches/mskrb-integ/src/lib/des425/string2key.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/des425/string2key.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,174 +0,0 @@
-/* THIS FILE DOES NOT GET COMPILED. AUDIT BEFORE USE. */
-/*
- * lib/des425/string2key.c
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * Wrapper for the V4 libdes for use with kerberos V5.
- */
-
-
-#include "des.h"
-#include "des_int.h"
-
-#ifdef DEBUG
-#include <stdio.h>
-extern int des_debug;
-#endif
-
-/*
- converts the string pointed to by "data" into an encryption key
- of type "enctype". *keyblock is filled in with the key info;
- in particular, keyblock->contents is to be set to allocated storage.
- It is the responsibility of the caller to release this storage
- when the generated key no longer needed.
-
- The routine may use "princ" to seed or alter the conversion
- algorithm.
-
- If the particular function called does not know how to make a
- key of type "enctype", an error may be returned.
-
- returns: errors
- */
-
-krb5_error_code mit_des_string_to_key (enctype, keyblock, data, princ)
- const krb5_enctype enctype;
- krb5_keyblock * keyblock;
- const krb5_data * data;
- krb5_const_principal princ;
-{
- char copystr[512];
-
- register char *str = copystr;
- register krb5_octet *key;
-
- register unsigned temp,i;
- register int j;
- register long length;
- unsigned char *k_p;
- int forward;
- register char *p_char;
- char k_char[64];
- mit_des_key_schedule key_sked;
-
-#define min(A, B) ((A) < (B) ? (A): (B))
-
- if ( enctype != ENCTYPE_DES )
- return (KRB5_PROG_ENCTYPE_NOSUPP);
-
- if ( !(keyblock->contents = (krb5_octet *)malloc(sizeof(mit_des_cblock))) )
- return(ENOMEM);
-
-#define cleanup() {memset(keyblock->contents, 0, sizeof(mit_des_cblock));\
- krb5_xfree(keyblock->contents);}
-
- keyblock->enctype = ENCTYPE_DES;
- keyblock->length = sizeof(mit_des_cblock);
- key = keyblock->contents;
-
- memset(copystr, 0, sizeof(copystr));
- j = min(data->length, 511);
- (void) strncpy(copystr, data->data, j);
- if ( princ != 0 )
- for (i=0; princ[i] != 0 && j < 511; i++) {
- (void) strncpy(copystr+j, princ[i]->data,
- min(princ[i]->length, 511-j));
- j += min(princ[i]->length, 511-j);
- }
-
- /* convert copystr to des key */
- forward = 1;
- p_char = k_char;
- length = strlen(str);
-
- /* init key array for bits */
- memset(k_char,0,sizeof(k_char));
-
-#ifdef DEBUG
- if (mit_des_debug)
- fprintf(stdout,
- "\n\ninput str length = %d string = %s\nstring = 0x ",
- length,str);
-#endif
-
- /* get next 8 bytes, strip parity, xor */
- for (i = 1; i <= length; i++) {
- /* get next input key byte */
- temp = (unsigned int) *str++;
-#ifdef DEBUG
- if (mit_des_debug)
- fprintf(stdout,"%02x ",temp & 0xff);
-#endif
- /* loop through bits within byte, ignore parity */
- for (j = 0; j <= 6; j++) {
- if (forward)
- *p_char++ ^= (int) temp & 01;
- else
- *--p_char ^= (int) temp & 01;
- temp = temp >> 1;
- }
-
- /* check and flip direction */
- if ((i%8) == 0)
- forward = !forward;
- }
-
- /* now stuff into the key mit_des_cblock, and force odd parity */
- p_char = k_char;
- k_p = (unsigned char *) key;
-
- for (i = 0; i <= 7; i++) {
- temp = 0;
- for (j = 0; j <= 6; j++)
- temp |= *p_char++ << (1+j);
- *k_p++ = (unsigned char) temp;
- }
-
- /* fix key parity */
- mit_des_fixup_key_parity(key);
-
- /* Now one-way encrypt it with the folded key */
- (void) mit_des_key_sched(key, key_sked);
- (void) mit_des_cbc_cksum((krb5_octet *)copystr, key, length, key_sked, key);
- /* erase key_sked */
- memset((char *)key_sked, 0, sizeof(key_sked));
-
- /* now fix up key parity again */
- mit_des_fixup_key_parity(key);
-
-#ifdef DEBUG
- if (mit_des_debug)
- fprintf(stdout,
- "\nResulting string_to_key = 0x%x 0x%x\n",
- *((unsigned long *) key),
- *((unsigned long *) key+1));
-#endif
-
- return 0;
-}
-
-
-
-
Deleted: branches/mskrb-integ/src/lib/des425/t_pcbc.c
===================================================================
--- branches/mskrb-integ/src/lib/des425/t_pcbc.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/des425/t_pcbc.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,123 +0,0 @@
-/*
- * lib/des425/t_quad.c
- *
- * Copyright 2001 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-
-#include <stdio.h>
-#include <errno.h>
-#include "des_int.h"
-#include "des.h"
-
-char *progname;
-int des_debug;
-
-/* These test values were constructed by experimentation, because I
- couldn't be bothered to look up the spec for the encryption mode
- and see if any test vector is defined. But really, the thing we
- need to test is that the operation we use doesn't changed. Like
- with quad_cksum, compatibility is more important than strict
- adherence to the spec, if we have to choose. In any case, if you
- have a useful test vector, send it in.... */
-struct {
- unsigned char text[32];
- des_cblock out[4];
-} tests[] = {
- {
- "Now is the time for all ",
- {
- { 0x7f, 0x81, 0x65, 0x41, 0x21, 0xdb, 0xd4, 0xcf, },
- { 0xf8, 0xaa, 0x09, 0x90, 0xeb, 0xc7, 0x60, 0x2b, },
- { 0x45, 0x3e, 0x4e, 0x65, 0x83, 0x6c, 0xf1, 0x98, },
- { 0x4c, 0xfc, 0x69, 0x72, 0x23, 0xdb, 0x48, 0x78, }
- }
- }, {
- "7654321 Now is the time for ",
- {
- { 0xcc, 0xd1, 0x73, 0xff, 0xab, 0x20, 0x39, 0xf4, },
- { 0x6d, 0xec, 0xb4, 0x70, 0xa0, 0xe5, 0x6b, 0x15, },
- { 0xae, 0xa6, 0xbf, 0x61, 0xed, 0x7d, 0x9c, 0x9f, },
- { 0xf7, 0x17, 0x46, 0x3b, 0x8a, 0xb3, 0xcc, 0x88, }
- }
- }, {
- "hi",
- { { 0x76, 0x61, 0x0e, 0x8b, 0x23, 0xa4, 0x5f, 0x34, } }
- },
-};
-
-/* 0x0123456789abcdef */
-unsigned char default_key[8] = {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
-};
-des_cblock ivec = {
- 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10
-};
-
-int
-main(argc,argv)
- int argc;
- char *argv[];
-{
- int i;
- int fail=0;
- des_cblock out[32/8];
- des_cblock out2[32/8];
- des_key_schedule sked;
-
- progname=argv[0]; /* salt away invoking program */
-
- /* use known input and key */
-
- for (i = 0; i < 3; i++) {
- int wrong = 0, j, jmax;
- des_key_sched (default_key, sked);
- /* This could lose on alignment... */
- des_pcbc_encrypt ((des_cblock *)&tests[i].text, out,
- strlen(tests[i].text) + 1, sked, &ivec, 1);
- printf ("pcbc_encrypt(\"%s\") = {", tests[i].text);
- jmax = (strlen (tests[i].text) + 8) & ~7U;
- for (j = 0; j < jmax; j++) {
- if (j % 8 == 0)
- printf ("\n\t");
- printf (" 0x%02x,", out[j/8][j%8]);
- if (out[j/8][j%8] != tests[i].out[j/8][j%8])
- wrong = 1;
- }
- printf ("\n}\n");
-
- /* reverse it */
- des_pcbc_encrypt (out, out2, jmax, sked, &ivec, 0);
- if (strcmp ((char *)out2, tests[i].text)) {
- printf ("decrypt failed\n");
- wrong = 1;
- } else
- printf ("decrypt worked\n");
-
- if (wrong) {
- printf ("wrong result!\n");
- fail = 1;
- }
- }
- return fail;
-}
Deleted: branches/mskrb-integ/src/lib/des425/t_quad.c
===================================================================
--- branches/mskrb-integ/src/lib/des425/t_quad.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/des425/t_quad.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,101 +0,0 @@
-/*
- * lib/des425/t_quad.c
- *
- * Copyright 2001 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-
-#include <stdio.h>
-#include <errno.h>
-#include "des_int.h"
-#include "des.h"
-
-extern unsigned long quad_cksum();
-char *progname;
-int des_debug;
-unsigned DES_INT32 out[8];
-struct {
- unsigned char text[64];
- unsigned DES_INT32 out[8];
-} tests[] = {
- {
- "Now is the time for all ",
- {
- 0x6c6240c5, 0x77db9b1c, 0x7991d316, 0x4e688989,
- 0x27a0ae6a, 0x13be2da4, 0x4a2fdfc6, 0x7dfc494c,
- }
- }, {
- "7654321 Now is the time for ",
- {
- 0x36839db5, 0x4d7be717, 0x15b0f5b6, 0x2304ff9c,
- 0x75472d26, 0x6a5f833c, 0x7399a4ee, 0x1170fdfb,
- }
- }, {
- {2,0,0,0, 1,0,0,0},
- {
- 0x7c81f205, 0x63d38e38, 0x314ece44, 0x05d3a4f8,
- 0x6e10db76, 0x3eda7685, 0x2e841332, 0x1bdc7fd3,
- }
- },
-};
-
-/* 0x0123456789abcdef */
-unsigned char default_key[8] = {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
-};
-
-int
-main(argc,argv)
- int argc;
- char *argv[];
-{
- int i;
- int fail=0;
-
- progname=argv[0]; /* salt away invoking program */
-
- /* use known input and key */
-
- for (i = 0; i < 3; i++) {
- int wrong = 0, j;
- des_quad_cksum (tests[i].text, out, 64L, 4,
- (mit_des_cblock *) &default_key);
- if (tests[i].text[0] == 2)
- printf ("quad_cksum(<binary blob 1>) = {");
- else
- printf ("quad_cksum(\"%s\"...zero fill...) = {", tests[i].text);
- for (j = 0; j < 8; j++) {
- if (j == 0 || j == 4)
- printf ("\n\t");
- printf (" 0x%lx,", (unsigned long) out[j]);
- if (out[j] != tests[i].out[j])
- wrong = 1;
- }
- printf ("\n}\n");
- if (wrong) {
- printf ("wrong result!\n");
- fail = 1;
- }
- }
- return fail;
-}
Deleted: branches/mskrb-integ/src/lib/des425/unix_time.c
===================================================================
--- branches/mskrb-integ/src/lib/des425/unix_time.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/des425/unix_time.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,46 +0,0 @@
-/*
- * unix_time.c
- *
- * Glue code for pasting Kerberos into the Unix environment.
- *
- * Originally written by John Gilmore, Cygnus Support, May '94.
- * Public Domain.
- *
- * Required for use by the Cygnus krb.a.
- */
-
-
-#include "k5-int.h"
-
-#if !defined(_WIN32)
-#include <sys/time.h>
-
-krb5_ui_4
-unix_time_gmt_unixsec (usecptr)
- krb5_ui_4 *usecptr;
-{
- struct timeval now;
-
- (void) gettimeofday (&now, (struct timezone *)0);
- if (usecptr)
- *usecptr = now.tv_usec;
- return now.tv_sec;
-}
-
-#endif /* !_WIN32 */
-
-#ifdef _WIN32
-#include <time.h>
-
-krb5_ui_4
-unix_time_gmt_unixsec (usecptr)
- krb5_ui_4 *usecptr;
-{
- time_t gmt;
-
- time(&gmt);
- if (usecptr)
- *usecptr = gmt;
- return gmt;
-}
-#endif /* _WIN32 */
Deleted: branches/mskrb-integ/src/lib/des425/util.c
===================================================================
--- branches/mskrb-integ/src/lib/des425/util.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/des425/util.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,33 +0,0 @@
-/*
- * lib/des425/util.c
- *
- * Copyright 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- * Miscellaneous debug printing utilities
- */
-
-#include <stdio.h>
-
-/* Application include files */
-#include "k5-int.h"
-#include "des_int.h"
-#include "des.h"
-
-void des_cblock_print_file(x, fp)
- des_cblock *x;
- FILE *fp;
-{
- unsigned char *y = *x;
- register int i = 0;
- fprintf(fp," 0x { ");
-
- while (i++ < 8) {
- fprintf(fp,"%x",*y++);
- if (i < 8)
- fprintf(fp,", ");
- }
- fprintf(fp," }");
-}
Deleted: branches/mskrb-integ/src/lib/des425/verify.c
===================================================================
--- branches/mskrb-integ/src/lib/des425/verify.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/des425/verify.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,317 +0,0 @@
-/*
- * lib/des425/verify.c
- *
- * Copyright 1988,1990 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * Program to test the correctness of the DES library
- * implementation.
- *
- * exit returns 0 ==> success
- * -1 ==> error
- */
-
-
-#include <stdio.h>
-#include <errno.h>
-#include "des_int.h"
-#include "des.h"
-
-char *progname;
-int nflag = 2;
-int vflag;
-int mflag;
-int zflag;
-int pid;
-int des_debug;
-des_key_schedule KS;
-unsigned char cipher_text[64];
-unsigned char clear_text[64] = "Now is the time for all " ;
-unsigned char clear_text2[64] = "7654321 Now is the time for ";
-unsigned char clear_text3[64] = {2,0,0,0, 1,0,0,0};
-unsigned char output[64];
-unsigned char zero_text[8] = {0x0,0,0,0,0,0,0,0};
-unsigned char msb_text[8] = {0x0,0,0,0, 0,0,0,0x40}; /* to ANSI MSB */
-unsigned char *input;
-
-/* 0x0123456789abcdef */
-unsigned char default_key[8] = {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
-};
-unsigned char key2[8] = { 0x08,0x19,0x2a,0x3b,0x4c,0x5d,0x6e,0x7f };
-unsigned char key3[8] = { 0x80,1,1,1,1,1,1,1 };
-des_cblock s_key;
-unsigned char default_ivec[8] = {
- 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef
-};
-unsigned char *ivec;
-unsigned char zero_key[8] = {1,1,1,1,1,1,1,1}; /* just parity bits */
-int i,j;
-
-unsigned char cipher1[8] = {
- 0x25,0xdd,0xac,0x3e,0x96,0x17,0x64,0x67
-};
-unsigned char cipher2[8] = {
- 0x3f,0xa4,0x0e,0x8a,0x98,0x4d,0x48,0x15
-};
-unsigned char cipher3[64] = {
- 0xe5,0xc7,0xcd,0xde,0x87,0x2b,0xf2,0x7c,
- 0x43,0xe9,0x34,0x00,0x8c,0x38,0x9c,0x0f,
- 0x68,0x37,0x88,0x49,0x9a,0x7c,0x05,0xf6
-};
-unsigned char checksum[8] = {
- 0x58,0xd2,0xe7,0x7e,0x86,0x06,0x27,0x33
-};
-
-unsigned char zresult[8] = {
- 0x8c, 0xa6, 0x4d, 0xe9, 0xc1, 0xb1, 0x23, 0xa7
-};
-
-unsigned char mresult[8] = {
- 0xa3, 0x80, 0xe0, 0x2a, 0x6b, 0xe5, 0x46, 0x96
-};
-
-
-/*
- * Can also add :
- * plaintext = 0, key = 0, cipher = 0x8ca64de9c1b123a7 (or is it a 1?)
- */
-
-void do_encrypt (unsigned char *, unsigned char *);
-void do_decrypt (unsigned char *, unsigned char *);
-
-int
-main(argc,argv)
- int argc;
- char *argv[];
-{
- /* Local Declarations */
- unsigned long in_length;
-
- progname=argv[0]; /* salt away invoking program */
-
- while (--argc > 0 && (*++argv)[0] == '-')
- for (i=1; argv[0][i] != '\0'; i++) {
- switch (argv[0][i]) {
-
- /* debug flag */
- case 'd':
- des_debug=3;
- continue;
-
- case 'z':
- zflag = 1;
- continue;
-
- case 'm':
- mflag = 1;
- continue;
-
- default:
- printf("%s: illegal flag \"%c\" ",
- progname,argv[0][i]);
- exit(1);
- }
- };
-
- if (argc) {
- fprintf(stderr, "Usage: %s [-dmz]\n", progname);
- exit(1);
- }
-
- /* use known input and key */
-
- /* ECB zero text zero key */
- if (zflag) {
- input = zero_text;
- des_key_sched(zero_key,KS);
- printf("plaintext = key = 0, cipher = 0x8ca64de9c1b123a7\n");
- do_encrypt(input,cipher_text);
- printf("\tcipher = (low to high bytes)\n\t\t");
- for (j = 0; j<=7; j++)
- printf("%02x ",cipher_text[j]);
- printf("\n");
- do_decrypt(output,cipher_text);
- if ( memcmp((char *)cipher_text, (char *)zresult, 8) ) {
- printf("verify: error in zero key test\n");
- exit(-1);
- }
- exit(0);
- }
-
- if (mflag) {
- input = msb_text;
- des_key_sched(key3,KS);
- printf("plaintext = 0x00 00 00 00 00 00 00 40, ");
- printf("key = 0, cipher = 0x??\n");
- do_encrypt(input,cipher_text);
- printf("\tcipher = (low to high bytes)\n\t\t");
- for (j = 0; j<=7; j++) {
- printf("%02x ",cipher_text[j]);
- }
- printf("\n");
- do_decrypt(output,cipher_text);
- if ( memcmp((char *)cipher_text, (char *)mresult, 8) ) {
- printf("verify: error in msb test\n");
- exit(-1);
- }
- exit(0);
- }
-
- /* ECB mode Davies and Price */
- {
- input = zero_text;
- des_key_sched(key2,KS);
- printf("Examples per FIPS publication 81, keys ivs and cipher\n");
- printf("in hex. These are the correct answers, see below for\n");
- printf("the actual answers.\n\n");
- printf("Examples per Davies and Price.\n\n");
- printf("EXAMPLE ECB\tkey = 08192a3b4c5d6e7f\n");
- printf("\tclear = 0\n");
- printf("\tcipher = 25 dd ac 3e 96 17 64 67\n");
- printf("ACTUAL ECB\n");
- printf("\tclear \"%s\"\n", input);
- do_encrypt(input,cipher_text);
- printf("\tcipher = (low to high bytes)\n\t\t");
- for (j = 0; j<=7; j++)
- printf("%02x ",cipher_text[j]);
- printf("\n\n");
- do_decrypt(output,cipher_text);
- if ( memcmp((char *)cipher_text, (char *)cipher1, 8) ) {
- printf("verify: error in ECB encryption\n");
- exit(-1);
- }
- else
- printf("verify: ECB encription is correct\n\n");
- }
-
- /* ECB mode */
- {
- des_key_sched(default_key,KS);
- input = clear_text;
- ivec = default_ivec;
- printf("EXAMPLE ECB\tkey = 0123456789abcdef\n");
- printf("\tclear = \"Now is the time for all \"\n");
- printf("\tcipher = 3f a4 0e 8a 98 4d 48 15 ...\n");
- printf("ACTUAL ECB\n\tclear \"%s\"",input);
- do_encrypt(input,cipher_text);
- printf("\n\tcipher = (low to high bytes)\n\t\t");
- for (j = 0; j<=7; j++) {
- printf("%02x ",cipher_text[j]);
- }
- printf("\n\n");
- do_decrypt(output,cipher_text);
- if ( memcmp((char *)cipher_text, (char *)cipher2, 8) ) {
- printf("verify: error in ECB encryption\n");
- exit(-1);
- }
- else
- printf("verify: ECB encription is correct\n\n");
- }
-
- /* CBC mode */
- printf("EXAMPLE CBC\tkey = 0123456789abcdef");
- printf("\tiv = 1234567890abcdef\n");
- printf("\tclear = \"Now is the time for all \"\n");
- printf("\tcipher =\te5 c7 cd de 87 2b f2 7c\n");
- printf("\t\t\t43 e9 34 00 8c 38 9c 0f\n");
- printf("\t\t\t68 37 88 49 9a 7c 05 f6\n");
-
- printf("ACTUAL CBC\n\tclear \"%s\"\n",input);
- in_length = strlen((char *) input);
- des_cbc_encrypt(input,cipher_text, in_length,KS,ivec,1);
- printf("\tciphertext = (low to high bytes)\n");
- for (i = 0; i <= 7; i++) {
- printf("\t\t");
- for (j = 0; j <= 7; j++) {
- printf("%02x ",cipher_text[i*8+j]);
- }
- printf("\n");
- }
- des_cbc_encrypt(cipher_text,clear_text,in_length,KS,ivec,0);
- printf("\tdecrypted clear_text = \"%s\"\n",clear_text);
-
- if ( memcmp(cipher_text, cipher3, (size_t) in_length) ) {
- printf("verify: error in CBC encryption\n");
- exit(-1);
- }
- else
- printf("verify: CBC encription is correct\n\n");
-
- printf("EXAMPLE CBC checksum");
- printf("\tkey = 0123456789abcdef\tiv = 1234567890abcdef\n");
- printf("\tclear =\t\t\"7654321 Now is the time for \"\n");
- printf("\tchecksum\t58 d2 e7 7e 86 06 27 33, ");
- printf("or some part thereof\n");
- input = clear_text2;
- des_cbc_cksum(input,cipher_text,(long) strlen((char *) input),KS,ivec);
- printf("ACTUAL CBC checksum\n");
- printf("\t\tencrypted cksum = (low to high bytes)\n\t\t");
- for (j = 0; j<=7; j++)
- printf("%02x ",cipher_text[j]);
- printf("\n\n");
- if ( memcmp((char *)cipher_text, (char *)checksum, 8) ) {
- printf("verify: error in CBC cheksum\n");
- exit(-1);
- }
- else
- printf("verify: CBC checksum is correct\n\n");
- exit(0);
-}
-
-void
-do_encrypt(in,out)
- unsigned char *in;
- unsigned char *out;
-{
- for (i =1; i<=nflag; i++) {
- des_ecb_encrypt((unsigned long *) in, (unsigned long *)out, KS, 1);
- if (des_debug) {
- printf("\nclear %s\n",in);
- for (j = 0; j<=7; j++)
- printf("%02X ",in[j] & 0xff);
- printf("\tcipher ");
- for (j = 0; j<=7; j++)
- printf("%02X ",out[j] & 0xff);
- }
- }
-}
-
-void
-do_decrypt(in,out)
- unsigned char *out;
- unsigned char *in;
- /* try to invert it */
-{
- for (i =1; i<=nflag; i++) {
- des_ecb_encrypt((unsigned long *) out, (unsigned long *)in,KS,0);
- if (des_debug) {
- printf("clear %s\n",in);
- for (j = 0; j<=7; j++)
- printf("%02X ",in[j] & 0xff);
- printf("\tcipher ");
- for (j = 0; j<=7; j++)
- printf("%02X ",out[j] & 0xff);
- }
- }
-}
Deleted: branches/mskrb-integ/src/lib/des425/weak_key.c
===================================================================
--- branches/mskrb-integ/src/lib/des425/weak_key.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/des425/weak_key.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,41 +0,0 @@
-/*
- * lib/des425/weak_key.c
- *
- * Copyright 1989,1990 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include "des_int.h"
-#include "des.h"
-
-/*
- * mit_des_is_weak_key: returns true iff key is a [semi-]weak des key.
- *
- * Requires: key has correct odd parity.
- */
-int
-des_is_weak_key(key)
- mit_des_cblock key;
-{
- return (mit_des_is_weak_key(key));
-}
Modified: branches/mskrb-integ/src/lib/kadm5/admin.h
===================================================================
--- branches/mskrb-integ/src/lib/kadm5/admin.h 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/kadm5/admin.h 2009-01-03 03:00:25 UTC (rev 21678)
@@ -515,6 +515,8 @@
krb5_error_code kadm5_init_krb5_context (krb5_context *);
+krb5_error_code kadm5_init_iprop(void *server_handle, char **db_args);
+
/*
* kadm5_get_principal_keys is used only by kadmin.local to extract existing
* keys from the database without changing them. It should never be exposed
Modified: branches/mskrb-integ/src/lib/kadm5/alt_prof.c
===================================================================
--- branches/mskrb-integ/src/lib/kadm5/alt_prof.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/kadm5/alt_prof.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -142,7 +142,7 @@
{
static const char *const yes[] = { "y", "yes", "true", "t", "1", "on" };
static const char *const no[] = { "n", "no", "false", "f", "nil", "0", "off" };
- int i;
+ unsigned int i;
for (i = 0; i < sizeof(yes)/sizeof(yes[0]); i++)
if (!strcasecmp(string, yes[i])) {
@@ -250,7 +250,7 @@
{
krb5_error_code kret;
char **values;
- int i, lastidx;
+ int lastidx;
if (!(kret = krb5_aprof_getvals(acontext, hierarchy, &values))) {
for (lastidx=0; values[lastidx]; lastidx++);
Modified: branches/mskrb-integ/src/lib/kadm5/clnt/client_init.c
===================================================================
--- branches/mskrb-integ/src/lib/kadm5/clnt/client_init.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/kadm5/clnt/client_init.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -839,7 +839,7 @@
* libkdb's ulog functions. The srv equivalent makes the actual calls.
*/
krb5_error_code
-kadm5_init_iprop(void *handle)
+kadm5_init_iprop(void *handle, char **db_args)
{
return (0);
}
Modified: branches/mskrb-integ/src/lib/kadm5/logger.c
===================================================================
--- branches/mskrb-integ/src/lib/kadm5/logger.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/kadm5/logger.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -569,7 +569,7 @@
{ "LOCAL7", LOG_LOCAL7 },
#endif /* LOG_LOCAL7 */
};
- int j;
+ unsigned int j;
for (j = 0; j < sizeof(facilities)/sizeof(facilities[0]); j++)
if (!strcasecmp(cp2, facilities[j].name)) {
Modified: branches/mskrb-integ/src/lib/kdb/Makefile.in
===================================================================
--- branches/mskrb-integ/src/lib/kdb/Makefile.in 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/kdb/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678)
@@ -86,7 +86,7 @@
$(SRCTOP)/include/kdb_log.h $(SRCTOP)/include/krb5.h \
$(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
$(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- adb_err.h kdb5.c kdb5.h
+ adb_err.h kdb5.c kdb5.h kdb5int.h
encrypt_key.so encrypt_key.po $(OUTPRE)encrypt_key.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
@@ -172,7 +172,7 @@
$(SRCTOP)/include/kdb_log.h $(SRCTOP)/include/krb5.h \
$(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
$(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- kdb5.h kdb_log.c
+ kdb5.h kdb5int.h kdb_log.c
keytab.so keytab.po $(OUTPRE)keytab.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
Modified: branches/mskrb-integ/src/lib/kdb/kdb5.c
===================================================================
--- branches/mskrb-integ/src/lib/kdb/kdb5.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/kdb/kdb5.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -38,6 +38,7 @@
#include "kdb5.h"
#include <assert.h>
#include "kdb_log.h"
+#include "kdb5int.h"
/* Currently DB2 policy related errors are exported from DAL. But
other databases should set_err function to return string. */
Copied: branches/mskrb-integ/src/lib/kdb/kdb5int.h (from rev 21677, branches/mskrb-integ/src/lib/crypto/mandatory_sumtype.c)
===================================================================
--- branches/mskrb-integ/src/lib/crypto/mandatory_sumtype.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/kdb/kdb5int.h 2009-01-03 03:00:25 UTC (rev 21678)
@@ -0,0 +1,44 @@
+/*
+ * lib/kdb5/kdb5int.h
+ *
+ * Copyright (C) 2008 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ *
+ * Private header file for the kdb5 library for internal functions
+ */
+
+#ifndef __KDB5INT_H__
+#define __KDB5INT_H__
+
+#include "kdb5.h"
+
+krb5_error_code
+krb5int_put_principal_no_log(krb5_context kcontext,
+ krb5_db_entry *entries, int *nentries);
+
+krb5_error_code
+krb5int_delete_principal_no_log(krb5_context kcontext,
+ krb5_principal search_for,
+ int *nentries);
+
+#endif /* __KDB5INT_H__ */
Modified: branches/mskrb-integ/src/lib/kdb/kdb_log.c
===================================================================
--- branches/mskrb-integ/src/lib/kdb/kdb_log.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/kdb/kdb_log.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -16,6 +16,7 @@
#include <syslog.h>
#include "kdb5.h"
#include "kdb_log.h"
+#include "kdb5int.h"
/*
* This modules includes all the necessary functions that create and
@@ -73,7 +74,7 @@
(pagesize-1)) & (~(pagesize-1));
size = end - start;
- if (retval = msync((caddr_t)start, size, MS_SYNC)) {
+ if ((retval = msync((caddr_t)start, size, MS_SYNC))) {
return (retval);
}
@@ -186,10 +187,10 @@
recsize = sizeof (kdb_ent_header_t) + upd_size;
if (recsize > ulog->kdb_block) {
- if (retval = ulog_resize(ulog, ulogentries, ulogfd, recsize)) {
- /* Resize element array failed */
- return (retval);
- }
+ if ((retval = ulog_resize(ulog, ulogentries, ulogfd, recsize))) {
+ /* Resize element array failed */
+ return (retval);
+ }
}
cur_sno = ulog->kdb_last_sno;
@@ -227,7 +228,7 @@
if (!xdr_kdb_incr_update_t(&xdrs, upd))
return (KRB5_LOG_CONV);
- if (retval = ulog_sync_update(ulog, indx_log))
+ if ((retval = ulog_sync_update(ulog, indx_log)))
return (retval);
if (ulog->kdb_num < ulogentries)
@@ -280,7 +281,7 @@
ulog->kdb_state = KDB_STABLE;
- if (retval = ulog_sync_update(ulog, indx_log))
+ if ((retval = ulog_sync_update(ulog, indx_log)))
return (retval);
ulog_sync_header(ulog);
@@ -370,8 +371,8 @@
(upd->kdb_princ_name.utf8str_t_len + 1));
dbprincstr[upd->kdb_princ_name.utf8str_t_len] = 0;
- if (retval = krb5_parse_name(context, dbprincstr,
- &dbprinc)) {
+ if ((retval = krb5_parse_name(context, dbprincstr,
+ &dbprinc))) {
goto cleanup;
}
@@ -398,7 +399,7 @@
(void) memset(entry, 0, sizeof (krb5_db_entry));
- if (retval = ulog_conv_2dbentry(context, entry, upd, 1))
+ if ((retval = ulog_conv_2dbentry(context, entry, upd, 1)))
goto cleanup;
retval = krb5int_put_principal_no_log(context, entry,
@@ -441,7 +442,7 @@
{
XDR xdrs;
krb5_error_code retval = 0;
- int i;
+ unsigned int i;
kdb_ent_header_t *indx_log;
kdb_incr_update_t *upd = NULL;
kdb_incr_result_t *incr_ret = NULL;
Deleted: branches/mskrb-integ/src/lib/krb4/CCache-glue.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/CCache-glue.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/CCache-glue.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,741 +0,0 @@
-/*
- * CCache-glue.c
- *
- * This file contains implementations of krb4 credentials cache operations in terms
- * of the CCache API (<http://www.umich.edu/~sgr/v4Cache/>).
- *
- * $Header$
- */
-
-
-#include "krb.h"
-#include "krb4int.h"
-
-#if !defined (USE_CCAPI) || !USE_CCAPI
-#error "Cannot use CCache glue without the CCAPI!"
-#endif
-
-#ifdef USE_LOGIN_LIBRARY
-#include <KerberosLoginPrivate.h>
-#endif /* USE_LOGIN_LIBRARY */
-#include <CredentialsCache.h>
-
-#include <string.h>
-#include <stdlib.h>
-
-/*
- * The following functions are part of the KfM ABI.
- * They are deprecated, so they only appear here, not in krb.h.
- *
- * Do not change the ABI of these functions!
- */
-int KRB5_CALLCONV krb_get_num_cred(void);
-int KRB5_CALLCONV krb_get_nth_cred(char *, char *, char *, int);
-int KRB5_CALLCONV krb_delete_cred(char *, char *,char *);
-int KRB5_CALLCONV dest_all_tkts(void);
-
-/* Internal functions */
-static void UpdateDefaultCache (void);
-
-/*
- * The way Kerberos v4 normally works is that at any given point in time there is a
- * file where all the tickets go, determined by an environment variable. If a user kinits
- * to a new principal, the existing tickets are replaced with new ones. At any point in time, there is a
- * "current" or "default" principal, which is determined by the principal associated with
- * the current ticket file.
- *
- * In the CCache API implementation, this corresponds to always having a "default"
- * or "current" named cache. The default principal then corresponds to that cache.
- *
- * Unfortunately, Kerberos v4 also has this notion that the default cache exists (in the sense
- * that its name is known) even before the actual file has been created.
- *
- * In addition to this, we cannot make the default cache system-wide global, because then
- * we get all sorts of interesting scenarios in which context switches between processes
- * can cause credentials to be stored in wrong caches.
- *
- * To solve all the problems, we have to emulate the concept of an environment variable,
- * by having a system-wide concept of what a default credentials cache is; then, we copy
- * the system-wide value into the per-process value when the application starts up.
- *
- * However, in order to allow applications to be able to sanely handle the user model we
- * want to support, in which the user has some way of selecting the system-wide default
- * user _without_ quitting and relaunching all applications (this is also necessary for
- * KClient support), calls had to be added to the Kerberos v4 library to reset the
- * per-process cached value of default cache.
- */
-
-/*
- * Name of the default cache
- */
-char* gDefaultCacheName = NULL;
-
-/*
- * Initialize credentials cache
- *
- * Creating the cache will blow away an existing one. The assumption is that
- * whoever called us made sure that the one that we blow away if it exists
- * is the right one to blow away.
- */
-
-int KRB5_CALLCONV
-krb_in_tkt (
- char* pname,
- char* pinst,
- char* realm)
-{
- char principal [MAX_K_NAME_SZ + 1];
- cc_int32 err = ccNoError;
- cc_context_t cc_context = NULL;
- cc_int32 cc_version;
- cc_ccache_t ccache = NULL;
-
- err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
-
- if (err == ccNoError) {
- snprintf (principal, sizeof(principal), "%s%s%s@%s", pname, (pinst [0] == '\0') ? "" : ".", pinst, realm);
- }
-
- if (err == ccNoError) {
- err = cc_context_create_ccache (cc_context, TKT_FILE, cc_credentials_v4, principal, &ccache);
- }
-
- if (ccache != NULL)
- cc_ccache_release (ccache);
- if (cc_context != NULL)
- cc_context_release (cc_context);
-
- if (err != ccNoError)
- return KFAILURE;
- else
- return KSUCCESS;
-}
-
-int KRB5_CALLCONV
-krb_save_credentials(
- char *service,
- char *instance,
- char *realm,
- C_Block session,
- int lifetime,
- int kvno,
- KTEXT ticket,
- long issue_date)
-{
- return krb4int_save_credentials_addr(service, instance, realm,
- session, lifetime, kvno,
- ticket, issue_date, 0);
-}
-
-/*
- * Store a ticket into the default credentials cache
- * cache must exist (if it didn't exist, it would have been created by in_tkt)
- */
-int
-krb4int_save_credentials_addr(
- char* service,
- char* instance,
- char* realm,
- C_Block session,
- int lifetime,
- int kvno,
- KTEXT ticket,
- KRB4_32 issue_date,
- KRB_UINT32 local_address)
-{
- cc_int32 cc_err = ccNoError;
- int kerr = KSUCCESS;
- cc_credentials_v4_t v4creds;
- cc_credentials_union creds;
- cc_ccache_t ccache = NULL;
- cc_string_t principal;
- cc_context_t cc_context = NULL;
- cc_int32 cc_version;
-
- cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
-
- if (cc_err == ccNoError) {
- /* First try existing cache */
- cc_err = cc_context_open_ccache (cc_context, TKT_FILE, &ccache);
- }
-
- if (cc_err == ccNoError) {
- /* Now we have a cache. Fill out the credentials and put them in the cache. */
- /* To fill out the credentials, we need the principal */
- cc_err = cc_ccache_get_principal (ccache, cc_credentials_v4, &principal);
- }
-
- if (cc_err == ccNoError) {
- kerr = kname_parse (v4creds.principal, v4creds.principal_instance, v4creds.realm, (char*) principal -> data);
- cc_string_release (principal);
- }
-
- if ((cc_err == ccNoError) && (kerr == KSUCCESS)) {
- strncpy (v4creds.service, service, SNAME_SZ);
- strncpy (v4creds.service_instance, instance, INST_SZ);
- strncpy (v4creds.realm, realm, REALM_SZ);
- memmove (v4creds.session_key, session, sizeof (C_Block));
- v4creds.kvno = kvno;
- v4creds.string_to_key_type = cc_v4_stk_unknown;
- v4creds.issue_date = issue_date;
- v4creds.address = local_address;
- v4creds.lifetime = lifetime;
- v4creds.ticket_size = ticket -> length;
- memmove (v4creds.ticket, ticket -> dat, ticket -> length);
-
- creds.version = cc_credentials_v4;
- creds.credentials.credentials_v4 = &v4creds;
-
- cc_err = cc_ccache_store_credentials (ccache, &creds);
- }
-
- if (ccache != NULL)
- cc_ccache_release (ccache);
- if (cc_context != NULL)
- cc_context_release (cc_context);
-
- if (kerr != KSUCCESS)
- return kerr;
- if (cc_err != ccNoError)
- return KFAILURE;
- else
- return KSUCCESS;
-}
-
-/*
- * Credentials file -> realm mapping
- *
- * Determine the realm by opening the named cache and parsing realm from the principal
- */
-int KRB5_CALLCONV
-krb_get_tf_realm (
- const char* ticket_file,
- char* realm)
-{
- cc_string_t principal;
- char pname [ANAME_SZ];
- char pinst [INST_SZ];
- char prealm [REALM_SZ];
- int kerr = KSUCCESS;
- cc_int32 cc_err = ccNoError;
- cc_context_t cc_context = NULL;
- cc_int32 cc_version = 0;
- cc_ccache_t ccache = NULL;
-
- cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
-
- if (cc_err == ccNoError) {
- cc_err = cc_context_open_ccache (cc_context, ticket_file, &ccache);
- }
-
- if (cc_err == ccNoError) {
- cc_err = cc_ccache_get_principal (ccache, cc_credentials_v4, &principal);
- }
-
- if (cc_err == ccNoError) {
- /* found cache. get princiapl and parse it */
- kerr = kname_parse (pname, pinst, prealm, (char*) principal -> data);
- cc_string_release (principal);
- }
-
- if ((cc_err == ccNoError) && (kerr == KSUCCESS)) {
- strcpy (realm, prealm);
- }
-
- if (ccache != NULL)
- cc_ccache_release (ccache);
- if (cc_context != NULL)
- cc_context_release (cc_context);
-
- if (kerr != KSUCCESS)
- return kerr;
- if (cc_err != ccNoError)
- return GC_NOTKT;
- else
- return KSUCCESS;
-}
-
-/*
- * Credentials file -> name, instance, realm mapping
- */
-int KRB5_CALLCONV
-krb_get_tf_fullname (
- const char* ticket_file,
- char* name,
- char* instance,
- char* realm)
-{
- cc_string_t principal;
- int kerr = KSUCCESS;
- cc_int32 cc_err = ccNoError;
- cc_context_t cc_context = NULL;
- cc_int32 cc_version;
- cc_ccache_t ccache = NULL;
-
- cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
-
- if (cc_err == ccNoError) {
- cc_err = cc_context_open_ccache (cc_context, ticket_file, &ccache);
- }
-
- if (cc_err == ccNoError) {
- /* found cache. get principal and parse it */
- cc_err = cc_ccache_get_principal (ccache, cc_credentials_v4, &principal);
- }
-
- if (cc_err == ccNoError) {
- kerr = kname_parse (name, instance, realm, (char*) principal -> data);
- cc_string_release (principal);
- }
-
- if (ccache != NULL)
- cc_ccache_release (ccache);
- if (cc_context != NULL)
- cc_context_release (cc_context);
-
- if (kerr != KSUCCESS)
- return kerr;
- if (cc_err != ccNoError)
- return GC_NOTKT;
- else
- return KSUCCESS;
-}
-
-
-/*
- * Retrieval from credentials cache
- */
-int KRB5_CALLCONV
-krb_get_cred (
- char* service,
- char* instance,
- char* realm,
- CREDENTIALS* creds)
-{
- int kerr = KSUCCESS;
- cc_int32 cc_err = ccNoError;
- cc_credentials_t theCreds = NULL;
- cc_credentials_iterator_t iterator = NULL;
- cc_context_t cc_context = NULL;
- cc_int32 cc_version;
- cc_ccache_t ccache = NULL;
-
-#ifdef USE_LOGIN_LIBRARY
- // If we are requesting a tgt, prompt for it
- if (strncmp (service, KRB_TICKET_GRANTING_TICKET, ANAME_SZ) == 0) {
- OSStatus err;
- char *cacheName;
- KLPrincipal outPrincipal;
-
- err = __KLInternalAcquireInitialTicketsForCache (TKT_FILE, kerberosVersion_V4, NULL,
- &outPrincipal, &cacheName);
-
- if (err == klNoErr) {
- krb_set_tkt_string (cacheName); // Tickets for the krb4 principal went here
- KLDisposeString (cacheName);
- KLDisposePrincipal (outPrincipal);
- } else {
- return GC_NOTKT;
- }
- }
-#endif /* USE_LOGIN_LIBRARY */
-
- cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
-
- if (cc_err == ccNoError) {
- cc_err = cc_context_open_ccache (cc_context, TKT_FILE, &ccache);
- }
-
- if (cc_err == ccNoError) {
- cc_err = cc_ccache_new_credentials_iterator (ccache, &iterator);
- }
-
- if (cc_err == ccNoError) {
- for (;;) {
- /* get next creds */
- cc_err = cc_credentials_iterator_next (iterator, &theCreds);
- if (cc_err == ccIteratorEnd) {
- kerr = GC_NOTKT;
- break;
- }
- if (cc_err != ccNoError) {
- kerr = KFAILURE;
- break;
- }
-
- /* version, service, instance, realm check */
- if ((theCreds -> data -> version == cc_credentials_v4) &&
- (strcmp (theCreds -> data -> credentials.credentials_v4 -> service, service) == 0) &&
- (strcmp (theCreds -> data -> credentials.credentials_v4 -> service_instance, instance) == 0) &&
- (strcmp (theCreds -> data -> credentials.credentials_v4 -> realm, realm) == 0)) {
-
- /* Match! */
- strcpy (creds -> service, service);
- strcpy (creds -> instance, instance);
- strcpy (creds -> realm, realm);
- memmove (creds -> session, theCreds -> data -> credentials.credentials_v4 -> session_key, sizeof (C_Block));
- creds -> lifetime = theCreds -> data -> credentials.credentials_v4 -> lifetime;
- creds -> kvno = theCreds -> data -> credentials.credentials_v4 -> kvno;
- creds -> ticket_st.length = theCreds -> data -> credentials.credentials_v4 -> ticket_size;
- memmove (creds -> ticket_st.dat, theCreds -> data -> credentials.credentials_v4 -> ticket, creds -> ticket_st.length);
- creds -> issue_date = theCreds -> data -> credentials.credentials_v4 -> issue_date;
- strcpy (creds -> pname, theCreds -> data -> credentials.credentials_v4 -> principal);
- strcpy (creds -> pinst, theCreds -> data -> credentials.credentials_v4 -> principal_instance);
- creds -> stk_type = theCreds -> data -> credentials.credentials_v4 -> string_to_key_type;
-
- cc_credentials_release (theCreds);
- kerr = KSUCCESS;
- break;
- } else {
- cc_credentials_release (theCreds);
- }
- }
- }
-
- if (iterator != NULL)
- cc_credentials_iterator_release (iterator);
- if (ccache != NULL)
- cc_ccache_release (ccache);
- if (cc_context != NULL)
- cc_context_release (cc_context);
-
- if (kerr != KSUCCESS)
- return kerr;
- if (cc_err != ccNoError)
- return GC_NOTKT;
- else
- return KSUCCESS;
-}
-
-
-/*
- * Getting name of default credentials cache
- */
-const char* KRB5_CALLCONV
-tkt_string (void)
-{
- if (gDefaultCacheName == NULL) {
- UpdateDefaultCache ();
- }
- return gDefaultCacheName;
-}
-
-/*
- * Synchronize default cache for this process with system default cache
- */
-
-static void
-UpdateDefaultCache (void)
-{
- cc_string_t name;
- cc_int32 cc_err = ccNoError;
- cc_context_t cc_context = NULL;
- cc_int32 cc_version;
-
- cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
-
- if (cc_err == ccNoError) {
- cc_err = cc_context_get_default_ccache_name (cc_context, &name);
- }
-
- if (cc_err == ccNoError) {
- krb_set_tkt_string ((char*) name -> data);
- cc_string_release (name);
- }
-
- if (cc_context != NULL)
- cc_context_release (cc_context);
-}
-
-/*
- * Setting name of default credentials cache
- */
-void
-krb_set_tkt_string (
- const char* val)
-{
- /* If we get called with the return value of tkt_string, we
- shouldn't dispose of the input string */
- if (val != gDefaultCacheName) {
- if (gDefaultCacheName != NULL)
- free (gDefaultCacheName);
-
- gDefaultCacheName = malloc (strlen (val) + 1);
- if (gDefaultCacheName != NULL)
- strcpy (gDefaultCacheName, val);
- }
-}
-
-/*
- * Destroy credentials file
- *
- * Implementation in dest_tkt.c
- */
-int KRB5_CALLCONV
-dest_tkt (void)
-{
- cc_int32 cc_err = ccNoError;
- cc_context_t cc_context = NULL;
- cc_int32 cc_version;
- cc_ccache_t ccache = NULL;
-
- cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
-
- if (cc_err == ccNoError) {
- cc_err = cc_context_open_ccache (cc_context, TKT_FILE, &ccache);
- }
-
- if (cc_err == ccNoError) {
- cc_ccache_destroy (ccache);
- }
-
- if (ccache != NULL)
- cc_ccache_release (ccache);
- if (cc_context != NULL)
- cc_context_release (cc_context);
-
- if (cc_err != ccNoError)
- return RET_TKFIL;
- else
- return KSUCCESS;
-}
-
-/*
- * The following functions are not part of the standard Kerberos v4 API.
- * They were created for Mac implementation, and used by admin tools
- * such as CNS-Config.
- */
-
-/*
- * Number of credentials in credentials cache
- */
-int KRB5_CALLCONV
-krb_get_num_cred (void)
-{
- cc_credentials_t theCreds = NULL;
- int count = 0;
- cc_credentials_iterator_t iterator = NULL;
- cc_int32 cc_err = ccNoError;
- cc_context_t cc_context = NULL;
- cc_int32 cc_version;
- cc_ccache_t ccache = NULL;
-
- cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
-
- if (cc_err == ccNoError) {
- cc_err = cc_context_open_ccache (cc_context, TKT_FILE, &ccache);
- }
-
- if (cc_err == ccNoError) {
- cc_err = cc_ccache_new_credentials_iterator (ccache, &iterator);
- }
-
- if (cc_err == ccNoError) {
- for (;;) {
- /* get next creds */
- cc_err = cc_credentials_iterator_next (iterator, &theCreds);
- if (cc_err != ccNoError)
- break;
-
- if (theCreds -> data -> version == cc_credentials_v4)
- count++;
-
- cc_credentials_release (theCreds);
- }
- }
-
- if (iterator != NULL)
- cc_credentials_iterator_release (iterator);
- if (ccache != NULL)
- cc_ccache_release (ccache);
- if (cc_context != NULL)
- cc_context_release (cc_context);
-
- if (cc_err != ccNoError)
- return 0;
- else
- return count;
-}
-
-/*
- * Retrieval from credentials file
- * This function is _not_!! well-defined under CCache API, because
- * there is no guarantee about order of credentials remaining the same.
- */
-int KRB5_CALLCONV
-krb_get_nth_cred (
- char* sname,
- char* sinstance,
- char* srealm,
- int n)
-{
- cc_credentials_t theCreds = NULL;
- int count = 0;
- cc_credentials_iterator_t iterator = NULL;
- cc_int32 cc_err = ccNoError;
- cc_context_t cc_context = NULL;
- cc_int32 cc_version;
- cc_ccache_t ccache = NULL;
-
- if (n < 1)
- return KFAILURE;
-
- cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
-
- if (cc_err == ccNoError) {
- cc_err = cc_context_open_ccache (cc_context, TKT_FILE, &ccache);
- }
-
- if (cc_err == ccNoError) {
- cc_err = cc_ccache_new_credentials_iterator (ccache, &iterator);
- }
-
- if (cc_err == ccNoError) {
- for (count = 0; count < n;) {
- /* get next creds */
- cc_err = cc_credentials_iterator_next (iterator, &theCreds);
- if (cc_err != ccNoError)
- break;
-
- if (theCreds -> data -> version == cc_credentials_v4)
- count++;
-
- if (count < n - 1)
- cc_credentials_release (theCreds);
- }
- }
-
- if (cc_err == ccNoError) {
- strcpy (sname, theCreds -> data -> credentials.credentials_v4 -> service);
- strcpy (sinstance, theCreds -> data -> credentials.credentials_v4 -> service_instance);
- strcpy (srealm, theCreds -> data -> credentials.credentials_v4 -> realm);
- }
-
- if (theCreds != NULL)
- cc_credentials_release (theCreds);
- if (iterator != NULL)
- cc_credentials_iterator_release (iterator);
- if (ccache != NULL)
- cc_ccache_release (ccache);
- if (cc_context != NULL)
- cc_context_release (cc_context);
-
- if (cc_err != ccNoError)
- return KFAILURE;
- else
- return KSUCCESS;
-}
-
-/*
- * Deletion from credentials file
- */
-int KRB5_CALLCONV
-krb_delete_cred (
- char* sname,
- char* sinstance,
- char* srealm)
-{
- cc_credentials_t theCreds = NULL;
- cc_credentials_iterator_t iterator = NULL;
- cc_int32 cc_err = ccNoError;
- cc_context_t cc_context = NULL;
- cc_int32 cc_version;
- cc_ccache_t ccache = NULL;
-
- cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
-
- if (cc_err == ccNoError) {
- cc_err = cc_context_open_ccache (cc_context, TKT_FILE, &ccache);
- }
-
- if (cc_err == ccNoError) {
- cc_err = cc_ccache_new_credentials_iterator (ccache, &iterator);
- }
-
- if (cc_err == ccNoError) {
- for (;;) {
- /* get next creds */
- cc_err = cc_credentials_iterator_next (iterator, &theCreds);
- if (cc_err != ccNoError) {
- break;
- }
-
- if ((theCreds -> data -> version == cc_credentials_v4) &&
- (strcmp (theCreds -> data -> credentials.credentials_v4 -> service, sname) == 0) &&
- (strcmp (theCreds -> data -> credentials.credentials_v4 -> service_instance, sinstance) == 0) &&
- (strcmp (theCreds -> data -> credentials.credentials_v4 -> realm, srealm) == 0)) {
-
- cc_ccache_remove_credentials (ccache, theCreds);
- cc_credentials_release (theCreds);
- break;
- }
-
- cc_credentials_release (theCreds);
- }
- }
-
- if (iterator != NULL)
- cc_credentials_iterator_release (iterator);
- if (ccache != NULL)
- cc_ccache_release (ccache);
- if (cc_context != NULL)
- cc_context_release (cc_context);
-
- if (cc_err != ccNoError)
- return KFAILURE;
- else
- return KSUCCESS;
-}
-
-/*
- * Destroy all credential caches
- *
- * Implementation in memcache.c
- */
-int KRB5_CALLCONV
-dest_all_tkts (void)
-{
- int count = 0;
- cc_ccache_iterator_t iterator = NULL;
- cc_int32 cc_err = ccNoError;
- cc_context_t cc_context = NULL;
- cc_int32 cc_version;
- cc_ccache_t ccache = NULL;
-
- cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
-
- if (cc_err == ccNoError) {
- cc_err = cc_context_new_ccache_iterator (cc_context, &iterator);
- }
-
- if (cc_err == ccNoError) {
- for (;;) {
- /* get next ccache */
- cc_err = cc_ccache_iterator_next (iterator, &ccache);
-
- if (cc_err != ccNoError)
- break;
-
- cc_ccache_destroy (ccache);
- count++;
- }
- }
-
- if (iterator != NULL)
- cc_credentials_iterator_release (iterator);
- if (cc_context != NULL)
- cc_context_release (cc_context);
-
- if ((cc_err == ccIteratorEnd) && (count == 0)) {
- /* first time, nothing to destroy */
- return KFAILURE;
- } else {
- if (cc_err == ccIteratorEnd) {
- /* done */
- return KSUCCESS;
- } else {
- /* error */
- return KFAILURE;
- }
- }
-}
Deleted: branches/mskrb-integ/src/lib/krb4/FSp-glue.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/FSp-glue.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/FSp-glue.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,112 +0,0 @@
-/*
- * lib/krb4/FSp-glue.c
- *
- * Copyright 1985, 1986, 1987, 1988, 2002 by the Massachusetts
- * Institute of Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * MacOS-specific glue for using FSSpecs to deal with srvtabs.
- */
-
-#include "krb.h"
-#include "krb4int.h"
-#include <stdio.h>
-#include <string.h>
-
-#include <Kerberos/FSpUtils.h>
-/*
- * These functions are compiled in for ABI compatibility with older versions of KfM.
- * They are deprecated so they do not appear in the KfM headers anymore.
- *
- * Do not change their ABIs!
- */
-int KRB5_CALLCONV FSp_krb_get_svc_in_tkt (char *, char *, char *, char *, char *, int, const FSSpec *);
-int KRB5_CALLCONV FSp_put_svc_key (const FSSpec *, char *, char *, char *, int, char *);
-int KRB5_CALLCONV FSp_read_service_key (char *, char *, char *, int, const FSSpec*, char *);
-
-static int FSp_srvtab_to_key (char *, char *, char *, char *, C_Block);
-
-int KRB5_CALLCONV
-FSp_read_service_key(
- char *service, /* Service Name */
- char *instance, /* Instance name or "*" */
- char *realm, /* Realm */
- int kvno, /* Key version number */
- const FSSpec *filespec, /* Filespec */
- char *key) /* Pointer to key to be filled in */
-{
- int retval = KFAILURE;
- char file [MAXPATHLEN];
- if (filespec != NULL) {
- if (FSSpecToPOSIXPath (filespec, file, sizeof(file)) != noErr) {
- return retval;
- }
- }
- retval = read_service_key(service, instance, realm, kvno, file, key);
- if (file != NULL) {
- free (file);
- }
- return retval;
-}
-
-int KRB5_CALLCONV
-FSp_put_svc_key(
- const FSSpec *sfilespec,
- char *name,
- char *inst,
- char *realm,
- int newvno,
- char *key)
-{
- int retval = KFAILURE;
- char sfile[MAXPATHLEN];
-
- if (sfilespec != NULL) {
- if (FSSpecToPOSIXPath (sfilespec, sfile, sizeof(sfile)) != noErr) {
- return retval;
- }
- }
- retval = put_svc_key(sfile, name, inst, realm, newvno, key);
- if (sfile != NULL) {
- free (sfile);
- }
- return retval;
-}
-
-int KRB5_CALLCONV
-FSp_krb_get_svc_in_tkt(
- char *user, char *instance, char *realm,
- char *service, char *sinstance, int life,
- const FSSpec *srvtab)
-{
- /* Cast the FSSpec into the password field. It will be pulled out again */
- /* by FSp_srvtab_to_key and used to read the real password */
- return krb_get_in_tkt(user, instance, realm, service, sinstance,
- life, FSp_srvtab_to_key, NULL, (char *)srvtab);
-}
-
-static int FSp_srvtab_to_key(char *user, char *instance, char *realm,
- char *srvtab, C_Block key)
-{
- /* FSp_read_service_key correctly handles a NULL FSSpecPtr */
- return FSp_read_service_key(user, instance, realm, 0,
- (FSSpec *)srvtab, (char *)key);
-}
Deleted: branches/mskrb-integ/src/lib/krb4/Makefile.in
===================================================================
--- branches/mskrb-integ/src/lib/krb4/Makefile.in 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,664 +0,0 @@
-thisconfigdir=../..
-myfulldir=lib/krb4
-mydir=lib/krb4
-BUILDTOP=$(REL)..$(S)..
-LOCALINCLUDES = -I$(BUILDTOP)/include/kerberosIV -I$(srcdir)/../../include/kerberosIV -I.
-DEFINES= -DKRB4_USE_KEYTAB
-DEFS=
-
-##DOS##BUILDTOP = ..\..
-##DOS##LIBNAME=$(OUTPRE)krb4.lib
-##DOS##OBJFILE=$(OUTPRE)krb4.lst
-
-LIBBASE=krb4
-LIBMAJOR=2
-LIBMINOR=0
-RELDIR=krb4
-
-# Depends on libk5crypto, libkrb5, KRB4_CRYPTO_LIB and _et_list...
-# Depends on libkrb5, expect to find
-# krb5_init_context, krb5_free_context, profile_get_values
-#
-KRB4_CRYPTO_LIBS=-ldes425
-
-SHLIB_EXPDEPS = \
- $(TOPLIBD)/libdes425$(SHLIBEXT) \
- $(TOPLIBD)/libk5crypto$(SHLIBEXT) \
- $(TOPLIBD)/libkrb5$(SHLIBEXT)
-SHLIB_EXPLIBS=-lkrb5 -lcom_err -ldes425 -lk5crypto
-SHLIB_DIRS=-L$(TOPLIBD)
-SHLIB_RDIRS=$(KRB5_LIBDIR)
-
-EHDRDIR=$(BUILDTOP)$(S)include$(S)kerberosIV
-KRB_ERR=@KRB_ERR@
-##DOS##KRB_ERR=$(OUTPRE)krb_err.$(OBJEXT)
-
-# Name of generated krb_err.c, needed for err_txt.* dependency on Darwin.
-KRB_ERR_C=@KRB_ERR_C@
-##DOS##KRB_ERR_C=
-
-OBJS = \
- $(OUTPRE)change_password.$(OBJEXT) \
- $(OUTPRE)cr_auth_repl.$(OBJEXT) \
- $(OUTPRE)cr_ciph.$(OBJEXT) \
- $(OUTPRE)cr_tkt.$(OBJEXT) \
- $(OUTPRE)debug.$(OBJEXT) \
- $(OUTPRE)decomp_tkt.$(OBJEXT) \
- $(OUTPRE)err_txt.$(OBJEXT) \
- $(OUTPRE)g_ad_tkt.$(OBJEXT) \
- $(OUTPRE)g_in_tkt.$(OBJEXT) \
- $(OUTPRE)g_phost.$(OBJEXT) \
- $(OUTPRE)g_pw_in_tkt.$(OBJEXT) \
- $(OUTPRE)g_pw_tkt.$(OBJEXT) \
- $(OUTPRE)g_tkt_svc.$(OBJEXT) \
- $(OUTPRE)gethostname.$(OBJEXT) \
- $(OUTPRE)getst.$(OBJEXT) \
- $(OUTPRE)kadm_err.$(OBJEXT) \
- $(OUTPRE)kadm_net.$(OBJEXT) \
- $(OUTPRE)kadm_stream.$(OBJEXT) \
- $(OUTPRE)kname_parse.$(OBJEXT) \
- $(OUTPRE)lifetime.$(OBJEXT) \
- $(OUTPRE)mk_auth.$(OBJEXT) \
- $(OUTPRE)mk_err.$(OBJEXT) \
- $(OUTPRE)mk_priv.$(OBJEXT) \
- $(OUTPRE)mk_req.$(OBJEXT) \
- $(OUTPRE)mk_safe.$(OBJEXT) \
- $(OUTPRE)month_sname.$(OBJEXT) \
- $(OUTPRE)password_to_key.$(OBJEXT) \
- $(OUTPRE)prot_client.$(OBJEXT) \
- $(OUTPRE)prot_common.$(OBJEXT) \
- $(OUTPRE)prot_kdc.$(OBJEXT) \
- $(OUTPRE)pkt_cipher.$(OBJEXT) \
- $(OUTPRE)pkt_clen.$(OBJEXT) \
- $(OUTPRE)rd_err.$(OBJEXT) \
- $(OUTPRE)rd_priv.$(OBJEXT) \
- $(OUTPRE)rd_safe.$(OBJEXT) \
- $(OUTPRE)send_to_kdc.$(OBJEXT) \
- $(OUTPRE)stime.$(OBJEXT) \
- $(OUTPRE)strnlen.$(OBJEXT) \
- $(OUTPRE)rd_preauth.$(OBJEXT) \
- $(OUTPRE)mk_preauth.$(OBJEXT) \
- $(OSOBJS) $(CACHEOBJS) $(SETENVOBJS) $(STRCASEOBJS) $(SHMOBJS) \
- $(LIB_KRB_HOSTOBJS) $(SERVER_KRB_OBJS) $(NETIO_OBJS) $(REALMDBOBJS) $(KRB_ERR)
-
-SRCS = \
- change_password.c \
- cr_auth_repl.c \
- cr_ciph.c \
- cr_tkt.c \
- debug.c \
- decomp_tkt.c \
- g_ad_tkt.c \
- g_pw_in_tkt.c \
- g_phost.c \
- g_pw_tkt.c \
- g_tkt_svc.c \
- getst.c \
- gethostname.c \
- kadm_err.c \
- kadm_net.c \
- kadm_stream.c \
- kname_parse.c \
- err_txt.c \
- lifetime.c \
- g_in_tkt.c \
- mk_auth.c \
- mk_err.c \
- mk_priv.c \
- mk_req.c \
- mk_safe.c \
- month_sname.c \
- password_to_key.c \
- pkt_cipher.c \
- pkt_clen.c \
- prot_client.c \
- prot_common.c \
- prot_kdc.c \
- rd_err.c \
- rd_priv.c \
- rd_safe.c \
- send_to_kdc.c \
- stime.c \
- strnlen.c \
- rd_preauth.c \
- mk_preauth.c \
- unix_time.c \
- $(OSSRCS) $(CACHESRCS) $(SETENVSRCS) $(STRCASESRCS) $(SHMSRCS) \
- $(LIB_KRB_HOSTSRCS) $(SERVER_KRB_SRCS) $(NETIO_SRCS) $(REALMDBSRCS)
-
-STLIBOBJS = $(OBJS)
-STOBJLISTS=OBJS.ST
-
-#
-# These objects implement the time computation routines.
-#
-OSOBJS = $(OUTPRE)unix_time.$(OBJEXT)
-OSSRCS = unix_time.c
-
-##DOS##OSOBJS = $(OUTPRE)win_time.obj
-
-#
-# These objects implement ticket cacheing for Unix. They are
-# replaced by other files when compiling for Windows or Mac.
-#
-CACHESRCS = \
- tf_util.c dest_tkt.c in_tkt.c \
- tkt_string.c g_tf_fname.c g_tf_realm.c \
- g_cred.c save_creds.c
-CACHEOBJS = \
- $(OUTPRE)tf_util.$(OBJEXT) $(OUTPRE)dest_tkt.$(OBJEXT) $(OUTPRE)in_tkt.$(OBJEXT) \
- $(OUTPRE)tkt_string.$(OBJEXT) $(OUTPRE)g_tf_fname.$(OBJEXT) $(OUTPRE)g_tf_realm.$(OBJEXT) \
- $(OUTPRE)g_cred.$(OBJEXT) $(OUTPRE)save_creds.$(OBJEXT)
-
-##DOS##CACHEOBJS = $(OUTPRE)memcache.$(OBJEXT)
-
-#
-# These objects implement Kerberos realm<->host database lookup.
-# They read config files and/or network databases in various ways
-# on various platforms.
-#
-
-CNFFILE = g_cnffile
-##DOS##CNFFILE = win_store
-
-REALMDBSRCS=$(CNFFILE).c RealmsConfig-glue.c
-REALMDBOBJS=$(OUTPRE)$(CNFFILE).$(OBJEXT) $(OUTPRE)RealmsConfig-glue.$(OBJEXT)
-
-#
-# These objects are only used on server or debug implementations of Kerberos,
-# and they cause some major or minor sort of trouble for some
-# client-only platform (Mac or Windows).
-#
-SERVER_KRB_SRCS = \
- klog.c kuserok.c log.c \
- kntoln.c \
- fgetst.c rd_svc_key.c cr_err_repl.c \
- rd_req.c g_svc_in_tkt.c recvauth.c \
- ad_print.c cr_death_pkt.c \
- put_svc_key.c sendauth.c
-SERVER_KRB_OBJS = \
- $(OUTPRE)klog.$(OBJEXT) $(OUTPRE)kuserok.$(OBJEXT) $(OUTPRE)log.$(OBJEXT) \
- $(OUTPRE)kntoln.$(OBJEXT) \
- $(OUTPRE)fgetst.$(OBJEXT) $(OUTPRE)rd_svc_key.$(OBJEXT) $(OUTPRE)cr_err_repl.$(OBJEXT) \
- $(OUTPRE)rd_req.$(OBJEXT) $(OUTPRE)g_svc_in_tkt.$(OBJEXT) $(OUTPRE)recvauth.$(OBJEXT) \
- $(OUTPRE)ad_print.$(OBJEXT) $(OUTPRE)cr_death_pkt.$(OBJEXT) \
- $(OUTPRE)put_svc_key.$(OBJEXT) $(OUTPRE)sendauth.$(OBJEXT)
-#
-# These objects are included on Unix and Windows (for kstream and kadm)
-# but not under Mac (there are no file descriptors).
-#
-NETIO_SRCS=netread.c netwrite.c
-NETIO_OBJS=$(OUTPRE)netread.$(OBJEXT) $(OUTPRE)netwrite.$(OBJEXT)
-
-#
-# These objects glue the Kerberos library to the operating system
-# (time-of-day access, etc). They are replaced in Mac and Windows
-# by other _glue.* routines.
-#
-LIB_KRB_HOSTSRCS=unix_glue.c
-LIB_KRB_HOSTOBJS=$(OUTPRE)unix_glue.$(OBJEXT)
-
-##DOS##LIB_KRB_HOSTOBJS=$(OUTPRE)win_glue.obj
-
-ARCHIVEARGS= $@ $(OBJS)
-
-# We want *library* compiler options...
-DBG=$(DBG_LIB)
-
-all-unix:: includes all-liblinks
-
-##DOS##LIBOBJS = $(OBJS)
-
-# comp_et_depend(krb_err)
-krb_err.h: krb_err.et
-krb_err.c: krb_err.et
-
-kadm_err.h: kadm_err.et
-kadm_err.c: kadm_err.et
-
-GEN_ERRTXT=$(AWK) -f $(srcdir)$(S)et_errtxt.awk outfile=$@
-
-krb_err_txt.c: krb_err.et $(srcdir)$(S)et_errtxt.awk
- $(GEN_ERRTXT) $(srcdir)/krb_err.et
-
-# Will be empty on Darwin, krb_err_txt.c elsewhere.
-KRB_ERR_TXT=@KRB_ERR_TXT@
-##DOS##KRB_ERR_TXT=krb_err_txt.c
-err_txt.so err_txt.po $(OUTPRE)err_txt.$(OBJEXT): err_txt.c $(KRB_ERR_C) $(KRB_ERR_TXT)
-
-depend-dependencies: krb_err.h $(EHDRDIR)$(S)krb_err.h \
- kadm_err.h $(EHDRDIR)$(S)kadm_err.h \
- krb_err.c
-
-includes: $(EHDRDIR)$(S)krb_err.h $(EHDRDIR)$(S)kadm_err.h
-
-$(EHDRDIR)$(S)krb_err.h: krb_err.h
- $(CP) krb_err.h $@
-$(EHDRDIR)$(S)kadm_err.h: kadm_err.h
- $(CP) kadm_err.h $@
-
-clean-unix::
- $(RM) $(EHDRDIR)/krb_err.h
- $(RM) $(EHDRDIR)/kadm_err.h
- $(RM) krb_err_txt.c
-
-clean::
- -$(RM) $(OBJS)
-
-clean-:: clean-unix
-
-clean-unix::
- -$(RM) krb_err.c
- -$(RM) krb_err.h
- -$(RM) kadm_err.c
- -$(RM) kadm_err.h
- -$(RM) ../../include/kerberosIV/krb_err.h
- -$(RM) ../../include/kerberosIV/kadm_err.h
-
-clean-unix:: clean-liblinks clean-libs clean-libobjs
-
-
-check-unix:: $(TEST_PROGS)
-check-windows::
-
-
-install-unix:: install-libs
-
- at lib_frag@
- at libobj_frag@
-
-# +++ Dependency line eater +++
-#
-# Makefile dependencies follow. This must be the last section in
-# the Makefile.in file
-#
-change_password.so change_password.po $(OUTPRE)change_password.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/kadm.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/prot.h \
- $(SRCTOP)/include/port-sockets.h change_password.c \
- krb4int.h
-cr_auth_repl.so cr_auth_repl.po $(OUTPRE)cr_auth_repl.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/prot.h cr_auth_repl.c
-cr_ciph.so cr_ciph.po $(OUTPRE)cr_ciph.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/prot.h cr_ciph.c
-cr_tkt.so cr_tkt.po $(OUTPRE)cr_tkt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/port-sockets.h cr_tkt.c
-debug.so debug.po $(OUTPRE)debug.$(OBJEXT): $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- debug.c
-decomp_tkt.so decomp_tkt.po $(OUTPRE)decomp_tkt.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/prot.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb54proto.h \
- $(SRCTOP)/include/port-sockets.h decomp_tkt.c
-g_ad_tkt.so g_ad_tkt.po $(OUTPRE)g_ad_tkt.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \
- g_ad_tkt.c krb4int.h
-g_pw_in_tkt.so g_pw_in_tkt.po $(OUTPRE)g_pw_in_tkt.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/prot.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/port-sockets.h \
- g_pw_in_tkt.c krb4int.h
-g_phost.so g_phost.po $(OUTPRE)g_phost.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/port-sockets.h g_phost.c
-g_pw_tkt.so g_pw_tkt.po $(OUTPRE)g_pw_tkt.$(OBJEXT): \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/mit-copyright.h g_pw_tkt.c
-g_tkt_svc.so g_tkt_svc.po $(OUTPRE)g_tkt_svc.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \
- g_tkt_svc.c
-getst.so getst.po $(OUTPRE)getst.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/mit-copyright.h $(SRCTOP)/include/port-sockets.h \
- getst.c krb4int.h
-gethostname.so gethostname.po $(OUTPRE)gethostname.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- $(SRCTOP)/include/port-sockets.h gethostname.c krb4int.h
-kadm_err.so kadm_err.po $(OUTPRE)kadm_err.$(OBJEXT): \
- $(COM_ERR_DEPS) kadm_err.c
-kadm_net.so kadm_net.po $(OUTPRE)kadm_net.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/kerberosIV/kadm_err.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/kadm.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/krbports.h \
- $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \
- kadm_net.c
-kadm_stream.so kadm_stream.po $(OUTPRE)kadm_stream.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/kerberosIV/kadm_err.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/kadm.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/prot.h \
- $(SRCTOP)/include/port-sockets.h kadm_stream.c
-kname_parse.so kname_parse.po $(OUTPRE)kname_parse.$(OBJEXT): \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- kname_parse.c
-err_txt.so err_txt.po $(OUTPRE)err_txt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/port-sockets.h err_txt.c krb4int.h
-lifetime.so lifetime.po $(OUTPRE)lifetime.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
- $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- lifetime.c
-g_in_tkt.so g_in_tkt.po $(OUTPRE)g_in_tkt.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \
- g_in_tkt.c krb4int.h
-mk_auth.so mk_auth.po $(OUTPRE)mk_auth.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/prot.h mk_auth.c
-mk_err.so mk_err.po $(OUTPRE)mk_err.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/prot.h mk_err.c
-mk_priv.so mk_priv.po $(OUTPRE)mk_priv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \
- mk_priv.c
-mk_req.so mk_req.po $(OUTPRE)mk_req.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \
- krb4int.h mk_req.c
-mk_safe.so mk_safe.po $(OUTPRE)mk_safe.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \
- mk_safe.c
-month_sname.so month_sname.po $(OUTPRE)month_sname.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \
- krb4int.h month_sname.c
-password_to_key.so password_to_key.po $(OUTPRE)password_to_key.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/port-sockets.h krb4int.h password_to_key.c
-pkt_cipher.so pkt_cipher.po $(OUTPRE)pkt_cipher.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/mit-copyright.h $(SRCTOP)/include/kerberosIV/prot.h \
- pkt_cipher.c
-pkt_clen.so pkt_clen.po $(OUTPRE)pkt_clen.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/mit-copyright.h $(SRCTOP)/include/kerberosIV/prot.h \
- pkt_clen.c
-prot_client.so prot_client.po $(OUTPRE)prot_client.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/prot.h prot_client.c
-prot_common.so prot_common.po $(OUTPRE)prot_common.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/prot.h prot_common.c
-prot_kdc.so prot_kdc.po $(OUTPRE)prot_kdc.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \
- prot_kdc.c
-rd_err.so rd_err.po $(OUTPRE)rd_err.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/prot.h rd_err.c
-rd_priv.so rd_priv.po $(OUTPRE)rd_priv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \
- rd_priv.c
-rd_safe.so rd_safe.po $(OUTPRE)rd_safe.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \
- rd_safe.c
-send_to_kdc.so send_to_kdc.po $(OUTPRE)send_to_kdc.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-err.h \
- $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
- $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
- $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/krbports.h $(SRCTOP)/include/kerberosIV/prot.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h krb4int.h send_to_kdc.c
-stime.so stime.po $(OUTPRE)stime.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/port-sockets.h krb4int.h stime.c
-strnlen.so strnlen.po $(OUTPRE)strnlen.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/prot.h strnlen.c
-rd_preauth.so rd_preauth.po $(OUTPRE)rd_preauth.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/krb_db.h $(SRCTOP)/include/kerberosIV/prot.h \
- $(SRCTOP)/include/port-sockets.h krb4int.h rd_preauth.c
-mk_preauth.so mk_preauth.po $(OUTPRE)mk_preauth.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h mk_preauth.c
-unix_time.so unix_time.po $(OUTPRE)unix_time.$(OBJEXT): \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- unix_time.c
-tf_util.so tf_util.po $(OUTPRE)tf_util.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \
- $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
- $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
- $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h krb4int.h tf_util.c
-dest_tkt.so dest_tkt.po $(OUTPRE)dest_tkt.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h dest_tkt.c
-in_tkt.so in_tkt.po $(OUTPRE)in_tkt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h in_tkt.c
-tkt_string.so tkt_string.po $(OUTPRE)tkt_string.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \
- tkt_string.c
-g_tf_fname.so g_tf_fname.po $(OUTPRE)g_tf_fname.$(OBJEXT): \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/mit-copyright.h g_tf_fname.c
-g_tf_realm.so g_tf_realm.po $(OUTPRE)g_tf_realm.$(OBJEXT): \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- g_tf_realm.c
-g_cred.so g_cred.po $(OUTPRE)g_cred.$(OBJEXT): $(KRB_ERR_H_DEP) \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- g_cred.c
-save_creds.so save_creds.po $(OUTPRE)save_creds.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \
- krb4int.h save_creds.c
-unix_glue.so unix_glue.po $(OUTPRE)unix_glue.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \
- krb4int.h unix_glue.c
-klog.so klog.po $(OUTPRE)klog.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/klog.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \
- klog.c krb4int.h
-kuserok.so kuserok.po $(OUTPRE)kuserok.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- kuserok.c
-log.so log.po $(OUTPRE)log.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/klog.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \
- krb4int.h log.c
-kntoln.so kntoln.po $(OUTPRE)kntoln.$(OBJEXT): $(KRB_ERR_H_DEP) \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- kntoln.c
-fgetst.so fgetst.po $(OUTPRE)fgetst.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/mit-copyright.h $(SRCTOP)/include/port-sockets.h \
- fgetst.c krb4int.h
-rd_svc_key.so rd_svc_key.po $(OUTPRE)rd_svc_key.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
- $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/krb54proto.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h krb4int.h rd_svc_key.c
-cr_err_repl.so cr_err_repl.po $(OUTPRE)cr_err_repl.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/prot.h cr_err_repl.c
-rd_req.so rd_req.po $(OUTPRE)rd_req.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb54proto.h rd_req.c
-g_svc_in_tkt.so g_svc_in_tkt.po $(OUTPRE)g_svc_in_tkt.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \
- g_svc_in_tkt.c krb4int.h
-recvauth.so recvauth.po $(OUTPRE)recvauth.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \
- recvauth.c
-ad_print.so ad_print.po $(OUTPRE)ad_print.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \
- ad_print.c krb4int.h
-cr_death_pkt.so cr_death_pkt.po $(OUTPRE)cr_death_pkt.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/kerberosIV/prot.h cr_death_pkt.c
-put_svc_key.so put_svc_key.po $(OUTPRE)put_svc_key.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/port-sockets.h krb4int.h put_svc_key.c
-sendauth.so sendauth.po $(OUTPRE)sendauth.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \
- $(SRCTOP)/include/port-sockets.h krb4int.h sendauth.c
-netread.so netread.po $(OUTPRE)netread.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \
- $(SRCTOP)/include/port-sockets.h netread.c
-netwrite.so netwrite.po $(OUTPRE)netwrite.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \
- netwrite.c
-g_cnffile.so g_cnffile.po $(OUTPRE)g_cnffile.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
- $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- g_cnffile.c krb4int.h
-RealmsConfig-glue.so RealmsConfig-glue.po $(OUTPRE)RealmsConfig-glue.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
- $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
- $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- RealmsConfig-glue.c krb4int.h
Deleted: branches/mskrb-integ/src/lib/krb4/Password.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/Password.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/Password.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,436 +0,0 @@
-#include "kerberos.h"
-#define KRB_DEFS
-#include "krb_driver.h"
-
-#include <Types.h>
-#include <Dialogs.h>
-#include <Controls.h>
-#include <ToolUtils.h>
-#include <OSUtils.h>
-#include <Resources.h>
-
-/* added for OpenInitRF.c
- FIXME jcm - should check that they are not in c-mac
- or other included file
-*/
-
-#include <Errors.h>
-#include <Files.h>
-#include <Memory.h>
-#include <Traps.h>
-#include <GestaltEqu.h>
-#include <Folders.h>
-
-
-// #include "debug.h"
-
-#define kLoginDLOGID -4081
-#define kErrorALERTID -4082
-#define kLoginOKItem 1
-#define kLoginCnclItem 2
-#define kLoginNameItem 10
-#define kLoginVisPwItem 9
-#define kLoginFrameItem 5
-#define kLoginIvisPwItem 6
-#define kBadUserError 1
-#define kNotUniqueError 2
-#define kGenError 3
-#define kIntegrityError 4
-#define kBadPasswordError 5
-#define cr 0x0D
-#define enter 0x03
-#define bs 0x08
-#define tab 0x09
-#define larrow 0x1C
-#define rarrow 0x1D
-#define uarrow 0x1E
-#define darrow 0x1F
-#define DialogNotDone 1
-
-typedef union { // used to convert ProcPtr to Handle
- Handle H;
- ProcPtr P;
-} Proc2Hand;
-
-static char gPassword [MAX_K_NAME_SZ] = "\0";
-
-pascal void FrameOKbtn( WindowPtr myWindow, short itemNo );
-pascal Boolean TwoItemFilter( DialogPtr dlog, EventRecord *event, short *itemHit );
-
-/*
- FIXME jcm - begin OpenInitRF
- Mac_store thinks that it is managing the open resource file
- is this code in conflict?
-*/
-
-void GetExtensionsFolder(short *vRefNumP, long *dirIDP)
-{
- Boolean hasFolderMgr = false;
- long feature;
-
-/*
- FIXME Error: Ô_GestaltDispatchÕ has not been declared - not needed now? - jcm
- if (TrapAvailable(_GestaltDispatch))
-*/
- if (Gestalt(gestaltFindFolderAttr, &feature) == noErr) hasFolderMgr = true;
- if (!hasFolderMgr) {
- GetSystemFolder(vRefNumP, dirIDP);
- return;
- }
- else {
- if (FindFolder(kOnSystemDisk, kExtensionFolderType, kDontCreateFolder, vRefNumP, dirIDP) != noErr) {
- *vRefNumP = 0;
- *dirIDP = 0;
- }
- }
-}
-
-short SearchFolderForINIT(long targetType, long targetCreator, short vRefNum, long dirID)
-{
- HParamBlockRec fi;
- Str255 filename;
- short refnum;
-
- fi.fileParam.ioCompletion = nil;
- fi.fileParam.ioNamePtr = filename;
- fi.fileParam.ioVRefNum = vRefNum;
- fi.fileParam.ioDirID = dirID;
- fi.fileParam.ioFDirIndex = 1;
-
- while (PBHGetFInfo(&fi, false) == noErr) {
- /* scan system folder for driver resource files of specific type & creator */
- if (fi.fileParam.ioFlFndrInfo.fdType == targetType &&
- fi.fileParam.ioFlFndrInfo.fdCreator == targetCreator) {
- refnum = HOpenResFile(vRefNum, dirID, filename, fsRdPerm);
- return refnum;
- }
- /* check next file in folder */
- fi.fileParam.ioFDirIndex++;
- fi.fileParam.ioDirID = dirID; /* PBHGetFInfo() clobbers ioDirID */
- }
- return(-1);
-}
-
-short OpenInitRF()
-{
- short refnum;
- short vRefNum;
- long dirID;
-
- /* first search Extensions Panels */
- GetExtensionsFolder(&vRefNum, &dirID);
- refnum = SearchFolderForINIT('INIT', 'krbL', vRefNum, dirID);
- if (refnum != -1) return(refnum);
-
- /* next search System Folder */
- GetSystemFolder(&vRefNum, &dirID);
- refnum = SearchFolderForINIT('INIT', 'krbL', vRefNum, dirID);
- if (refnum != -1) return(refnum);
-
- /* finally, search Control Panels */
- GetCPanelFolder(&vRefNum, &dirID);
- refnum = SearchFolderForINIT('INIT', 'krbL', vRefNum, dirID);
- if (refnum != -1) return(refnum);
-
- return -1;
-}
-
-int DisplayError( short errorID )
-{
- OSErr err;
- Str255 errText;
-
- GetIndString(errText,kErrorALERTID,errorID);
- if (errText[0] == 0) {
- SysBeep(1); // nothing else we can do
- return cKrbCorruptedFile;
- }
-
- ParamText(errText,"\p","\p","\p");
- err = StopAlert(kErrorALERTID,nil);
-
- return DialogNotDone;
-}
-
-
-
-OSErr GetUserInfo( char *password )
-{
- DialogPtr myDLOG;
- short itemHit;
- short itemType;
- Handle itemHandle;
- Rect itemRect;
- OSErr rc = DialogNotDone;
- Str255 tempStr,tpswd,tuser;
- Proc2Hand procConv;
- short rf;
- char uname[ANAME_SZ]="\0";
- char uinst[INST_SZ]="\0";
- char realm[REALM_SZ]="\0";
- char UserName[MAX_K_NAME_SZ]="\0";
- CursHandle aCursor;
-
- krb_get_lrealm (realm, 1);
-
- //////////////////////////////////////////////////////
- // already got a password, just get the initial ticket
- //////////////////////////////////////////////////////
- if (*gPassword) {
- strncpy (UserName, krb_get_default_user( ), sizeof(UserName)-1);
- UserName[sizeof(UserName) - 1] = '\0';
- /* FIXME jcm - if we have a password then no dialog
- comes up for setting the uinstance. */
- rc = kname_parse(uname, uinst, realm, UserName);
- if (rc) return rc;
- (void) dest_all_tkts(); // start from scratch
- rc = krb_get_pw_in_tkt(uname,uinst,realm,"krbtgt",realm,DEFAULT_TKT_LIFE,gPassword);
- *gPassword = 0; // Always clear, password only good for one shot
- return rc;
- }
-
- /////////////////////////
- // Ask user for password
- /////////////////////////
- rf = OpenInitRF(); // need the resource file for the dialog resources
- if (rf<=0) return rf;
- password[0] = 0;
- myDLOG = GetNewDialog( kLoginDLOGID, (void *) NULL, (WindowPtr) -1 );
- if( myDLOG == NULL ) {
- CloseResFile(rf);
- return cKrbCorruptedFile;
- }
-
- // Insert user's name in dialog
- strncpy (UserName, krb_get_default_user( ), sizeof(UserName) - 1);
- UserName[sizeof(UserName) - 1] = '\0';
- if (*UserName) {
- tempStr[0] = strlen(UserName);
- memcpy( &(tempStr[1]), UserName, tempStr[0]);
- GetDItem( myDLOG, kLoginNameItem, &itemType, &itemHandle, &itemRect );
- SetIText( itemHandle, tempStr );
- SelIText( myDLOG, kLoginVisPwItem,0,0 );
- }
- else SelIText( myDLOG, kLoginNameItem,0,0 );
-
- // Establish a user item around the OK button to draw the default button frame in
- GetDItem( myDLOG, kLoginOKItem, &itemType, &itemHandle, &itemRect );
- InsetRect( &itemRect, -4, -4 ); // position user item around OK button
- procConv.P = (ProcPtr) FrameOKbtn; // convert ProcPtr to a Handle
- SetDItem( myDLOG, kLoginFrameItem, userItem, procConv.H, &itemRect );
-
- InitCursor();
- do {
- do { // display the dialog & handle events
- SetOKEnable(myDLOG);
- ModalDialog( (ModalFilterProcPtr) TwoItemFilter, (short *) &itemHit );
- } while( itemHit != kLoginOKItem && itemHit != kLoginCnclItem );
-
- if( itemHit == kLoginOKItem ) { // OK button pressed?
- GetDItem( myDLOG, kLoginNameItem, &itemType, &itemHandle, &itemRect );
- GetIText( itemHandle, tempStr );
-
- tempStr[0] = ( tempStr[0] < MAX_K_NAME_SZ ) ? tempStr[0] : MAX_K_NAME_SZ-1 ;
- memcpy ((void*) UserName, (void*) &(tempStr[1]), tempStr[0]);
- UserName[tempStr[0]] = 0;
-
- GetDItem( myDLOG, kLoginIvisPwItem, &itemType, &itemHandle, &itemRect );
- GetIText( itemHandle, tempStr );
-
- tempStr[0] = ( tempStr[0] < ANAME_SZ ) ? tempStr[0] : ANAME_SZ-1 ;
- memcpy( (void*) password, (void*) &(tempStr[1]), tempStr[0]);
- password[tempStr[0]] = 0;
-
- //----------------------------------------------------
- // Get the ticket
- //----------------------------------------------------
- aCursor = GetCursor(watchCursor);
- SetCursor(*aCursor);
- ShowCursor();
-
- rc = kname_parse(uname, uinst, realm, UserName);
- if (rc) return rc;
-
- (void) dest_all_tkts(); // start from scratch
- rc = krb_get_pw_in_tkt(uname,uinst,realm,"krbtgt",realm,DEFAULT_TKT_LIFE,password);
- InitCursor();
- if (!rc)
- switch (rc) {
- case KDC_PR_UNKNOWN:
- case KDC_NULL_KEY:
- rc = DisplayError(kBadUserError);
- SelIText( myDLOG, kLoginNameItem,0,256 );
- break;
- case KDC_PR_N_UNIQUE:
- rc = DisplayError(kNotUniqueError);
- SelIText( myDLOG, kLoginNameItem,0,256 );
- break;
- case KDC_GEN_ERR:
- rc = DisplayError(kGenError);
- SelIText( myDLOG, kLoginNameItem,0,256 );
- break;
- case RD_AP_MODIFIED:
- rc = DisplayError(kIntegrityError);
- SelIText( myDLOG, kLoginNameItem,0,256 );
- break;
- case INTK_BADPW:
- rc = DisplayError(kBadPasswordError);
- SelIText( myDLOG, kLoginVisPwItem,0,256 );
- break;
- default:
- break;
- }
- //----------------------------------------------------
- }
- else rc = cKrbUserCancelled; // pressed the Cancel button
- } while( rc == DialogNotDone );
-
- DisposDialog( myDLOG );
- CloseResFile(rf);
- return rc;
-}
-
-
-static pascal void FrameOKbtn( WindowPtr myWindow, short itemNo )
-{
- short tempType;
- Handle tempHandle;
- Rect itemRect;
-
- GetDItem( (DialogPtr) myWindow, itemNo, &tempType, &tempHandle, &itemRect );
- PenSize( 3, 3 );
- FrameRoundRect( &itemRect, 16, 16 ); // make it an OK button suitable for framing
-}
-
-
-static pascal Boolean TwoItemFilter( DialogPtr dlog, EventRecord *event, short *itemHit )
-{
- DialogPtr evtDlog;
- short selStart, selEnd;
- Handle okBtnHandle;
- short tempType;
- Rect tempRect;
- long tempTicks;
-
- if( event->what != keyDown && event->what != autoKey )
- return false; // don't care about this event
-
- switch( event->message & charCodeMask )
- {
- case cr: // Return (hitting return or enter is the same as hitting the OK button)
- case enter: // Enter
-
- if (!OKIsEnabled(dlog)) {
- event->what = nullEvent;
- return false;
- }
-
- GetDItem( dlog, kLoginOKItem, &tempType, &okBtnHandle, &tempRect );
- HiliteControl( (ControlHandle) okBtnHandle, 1 ); // hilite the OK button
- Delay( 10, &tempTicks ); // wait a little while
- HiliteControl( (ControlHandle) okBtnHandle, 0 );
-
- *itemHit = kLoginOKItem; // OK Button
- return true; // We handled the event
-
- case tab: // Tab
- case larrow: // Left arrow (Keys that just change the selection)
- case rarrow: // Right arrow
- case uarrow: // Up arrow
- case darrow: // Down arrow
- return false; // Let ModalDialog handle them
-
- default:
-
- // First see if we're in password field, do stuff to make ¥ displayed
-
- if( ((DialogPeek) dlog)->editField == kLoginVisPwItem - 1 ) {
-
- selStart = (**((DialogPeek) dlog)->textH).selStart; // Get the selection in the visible item
- selEnd = (**((DialogPeek) dlog)->textH).selEnd;
-
- SelIText( dlog, kLoginIvisPwItem, selStart, selEnd ); // Select text in invisible item
- DialogSelect( event,&evtDlog, itemHit ); // Input key
-
- SelIText( dlog, kLoginVisPwItem, selStart, selEnd ); // Select same area in visible item
- if( ( event->message & charCodeMask ) != bs ) // If it's not a backspace (backspace is the only key that can affect both the text and the selection- thus we need to process it in both fields, but not change it for the hidden field.
- event->message = '¥'; // Replace with character to use
- }
-
- // Do the key event and set the hilite on the OK button accordingly
-
- DialogSelect( event,&evtDlog, itemHit ); // Input key
- SetOKEnable(dlog);
-
- // Pass a NULL event back to DialogMgr
-
- event->what = nullEvent;
-
- return false;
- }
-}
-
-static int SetOKEnable( DialogPtr dlog )
-{
- short itemType,state;
- Handle itemHandle;
- Rect itemRect;
- Str255 tpswd,tuser;
- ControlHandle okButton;
-
- GetDItem( dlog, kLoginNameItem, &itemType, &itemHandle, &itemRect );
- GetIText( itemHandle, tuser );
- GetDItem( dlog, kLoginVisPwItem, &itemType, &itemHandle, &itemRect );
- GetIText( itemHandle, tpswd );
- GetDItem( dlog, kLoginOKItem, &itemType, (Handle *) &okButton, &itemRect );
- state = (tuser[0] && tpswd[0]) ? 0 : 255;
- HiliteControl(okButton,state);
-}
-
-static int OKIsEnabled( DialogPtr dlog )
-{
- short itemType;
- Rect itemRect;
- ControlHandle okButton;
-
- GetDItem( dlog, kLoginOKItem, &itemType, (Handle *) &okButton, &itemRect );
- return ((**okButton).contrlHilite != 255);
-}
-
-
-extern OSErr INTERFACE
-CacheInitialTicket( serviceName )
- char *serviceName;
-{
- char service[ANAME_SZ]="\0";
- char instance[INST_SZ]="\0";
- char realm[REALM_SZ]="\0";
- OSErr err = noErr;
- char uname[ANAME_SZ]="\0";
- char uinst[INST_SZ]="\0";
- char urealm[REALM_SZ]="\0";
- char password[KKEY_SZ]="\0";
- char UserName[MAX_K_NAME_SZ]="\0";
- char oldName[120]="\0";
-
- err = GetUserInfo( password );
- if (err) return err;
-
- if (!serviceName || (serviceName[0] == '\0'))
- return err;
-
- strncpy (UserName, krb_get_default_user(), sizeof(UserName) - 1);
- UserName[sizeof(UserName) - 1] = '\0';
-
- err = kname_parse(uname, uinst, urealm, UserName);
- if (err) return err;
-
- if (urealm[0] == '\0')
- krb_get_lrealm (urealm, 1);
-
- err = kname_parse(service, instance, realm, serviceName); // check if there is a service name
- if (err) return err;
-
- err = krb_get_pw_in_tkt(uname,uinst,urealm,service,instance,DEFAULT_TKT_LIFE,password);
- return err;
-}
Deleted: branches/mskrb-integ/src/lib/krb4/RealmsConfig-glue.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/RealmsConfig-glue.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/RealmsConfig-glue.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,692 +0,0 @@
-/*
- * lib/krb4/RealmsConfig-glue.c
- *
- * Copyright 1985-2002 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * These calls implement the layer of Kerberos v4 library which
- * accesses realms configuration by calling into the Kerberos Profile
- * library.
- */
-
-#include <string.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <ctype.h>
-#include <errno.h>
-
-#include "profile.h"
-#include "krb.h"
-#include "krb4int.h"
-#include "k5-int.h" /* for accessor, addrlist stuff */
-#include "port-sockets.h"
-
-/* These two *must* be kept in sync to avoid buffer overflows. */
-#define SCNSCRATCH "%1023s"
-#define SCRATCHSZ 1024
-#if SCRATCHSZ < MAXHOSTNAMELEN
-#error "SCRATCHSZ must be at least MAXHOSTNAMELEN"
-#endif
-
-/*
- * Returns to the caller an initialized profile using the same files
- * as Kerberos4Lib would.
- */
-int KRB5_CALLCONV
-krb_get_profile(profile_t* profile)
-{
- int retval = KSUCCESS;
- profile_filespec_t *files = NULL;
-
- /* Use krb5 to get the config files */
- retval = krb5_get_default_config_files(&files);
-
- if (retval == KSUCCESS) {
- retval = profile_init((const_profile_filespec_t *)files, profile);
- }
-
- if (files) {
- krb5_free_config_files(files);
- }
-
- if (retval == ENOENT) {
- /* No edu.mit.Kerberos file */
- return KFAILURE;
- }
-
- if ((retval == PROF_SECTION_NOTOP) ||
- (retval == PROF_SECTION_SYNTAX) ||
- (retval == PROF_RELATION_SYNTAX) ||
- (retval == PROF_EXTRA_CBRACE) ||
- (retval == PROF_MISSING_OBRACE)) {
- /* Bad config file format */
- return retval;
- }
-
- return retval;
-}
-
-/* Caller must ensure that n >= 1 and that pointers are non-NULL. */
-static int
-krb_prof_get_nth(
- char *ret,
- size_t retlen,
- const char *realm,
- int n,
- const char *sec,
- const char *key)
-{
- int result;
- long profErr;
- profile_t profile = NULL;
- const char *names[4];
- void *iter = NULL;
- char *name = NULL;
- char *value = NULL;
- int i;
-
- result = KFAILURE;
-
- profErr = krb_get_profile(&profile);
- if (profErr) {
- /*
- * Can krb_get_profile() return errors that change PROFILE?
- */
- goto cleanup;
- }
- names[0] = sec;
- names[1] = realm;
- names[2] = key;
- names[3] = NULL;
- profErr = profile_iterator_create(profile, names,
- PROFILE_ITER_RELATIONS_ONLY, &iter);
- if (profErr)
- goto cleanup;
-
- result = KSUCCESS;
- for (i = 1; i <= n; i++) {
- if (name != NULL)
- profile_release_string(name);
- if (value != NULL)
- profile_release_string(value);
- name = value = NULL;
-
- profErr = profile_iterator(&iter, &name, &value);
- if (profErr || (name == NULL)) {
- result = KFAILURE;
- break;
- }
- }
- if (result == KSUCCESS) {
- /* Return error rather than truncating. */
- /* Don't strncpy because retlen is a guess for some callers */
- if (strlen(value) >= retlen)
- result = KFAILURE;
- else
- strcpy(ret, value);
- }
-cleanup:
- if (name != NULL)
- profile_release_string(name);
- if (value != NULL)
- profile_release_string(value);
- if (iter != NULL)
- profile_iterator_free(&iter);
- if (profile != NULL)
- profile_abandon(profile);
- return result;
-}
-
-/*
- * Index -> realm name mapping
- *
- * Not really. The original implementation has a cryptic comment
- * indicating that the function can only work for n = 1, and always
- * returns the default realm. I don't know _why_ that's the case, but
- * I have to do it that way...
- *
- * Old description from g_krbrlm.c:
- *
- * krb_get_lrealm takes a pointer to a string, and a number, n. It fills
- * in the string, r, with the name of the nth realm specified on the
- * first line of the kerberos config file (KRB_CONF, defined in "krb.h").
- * It returns 0 (KSUCCESS) on success, and KFAILURE on failure. If the
- * config file does not exist, and if n=1, a successful return will occur
- * with r = KRB_REALM (also defined in "krb.h").
- *
- * NOTE: for archaic & compatibility reasons, this routine will only return
- * valid results when n = 1.
- *
- * For the format of the KRB_CONF file, see comments describing the routine
- * krb_get_krbhst(). This will also look in KRB_FB_CONF is
- * ATHENA_CONF_FALLBACK is defined.
- */
-int KRB5_CALLCONV
-krb_get_lrealm(
- char *realm,
- int n)
-{
- int result = KSUCCESS;
- profile_t profile = NULL;
- char *profileDefaultRealm = NULL;
- char **profileV4Realms = NULL;
- int profileHasDefaultRealm = 0;
- int profileDefaultRealmIsV4RealmInProfile = 0;
- char krbConfLocalRealm[REALM_SZ];
- int krbConfHasLocalRealm = 0;
-
- if ((realm == NULL) || (n != 1)) { result = KFAILURE; }
-
- if (result == KSUCCESS) {
- /* Some callers don't check the return value so we initialize
- * to an empty string in case it never gets filled in. */
- realm [0] = '\0';
- }
-
- if (result == KSUCCESS) {
- int profileErr = krb_get_profile (&profile);
-
- if (!profileErr) {
- /* Get the default realm from the profile */
- profileErr = profile_get_string(profile, REALMS_V4_PROF_LIBDEFAULTS_SECTION,
- REALMS_V4_DEFAULT_REALM, NULL, NULL,
- &profileDefaultRealm);
- if (profileDefaultRealm == NULL) { profileErr = KFAILURE; }
- }
-
- if (!profileErr) {
- /* If there is an equivalent v4 realm to the default realm, use that instead */
- char *profileV4EquivalentRealm = NULL;
-
- if (profile_get_string (profile, "realms", profileDefaultRealm, "v4_realm", NULL,
- &profileV4EquivalentRealm) == 0 &&
- profileV4EquivalentRealm != NULL) {
-
- profile_release_string (profileDefaultRealm);
- profileDefaultRealm = profileV4EquivalentRealm;
- }
- }
-
- if (!profileErr) {
- if (strlen (profileDefaultRealm) < REALM_SZ) {
- profileHasDefaultRealm = 1; /* a reasonable default realm */
- } else {
- profileErr = KFAILURE;
- }
- }
-
- if (!profileErr) {
- /* Walk through the v4 realms list looking for the default realm */
- const char *profileV4RealmsList[] = { REALMS_V4_PROF_REALMS_SECTION, NULL };
-
- if (profile_get_subsection_names (profile, profileV4RealmsList,
- &profileV4Realms) == 0 &&
- profileV4Realms != NULL) {
-
- char **profileRealm;
- for (profileRealm = profileV4Realms; *profileRealm != NULL; profileRealm++) {
- if (strcmp (*profileRealm, profileDefaultRealm) == 0) {
- /* default realm is a v4 realm */
- profileDefaultRealmIsV4RealmInProfile = 1;
- break;
- }
- }
- }
- }
- }
-
- if (result == KSUCCESS) {
- /* Try to get old-style config file lookup for fallback. */
- FILE *cnffile = NULL;
- char scratch[SCRATCHSZ];
-
- cnffile = krb__get_cnffile();
- if (cnffile != NULL) {
- if (fscanf(cnffile, SCNSCRATCH, scratch) == 1) {
- if (strlen(scratch) < REALM_SZ) {
- strncpy(krbConfLocalRealm, scratch, REALM_SZ);
- krbConfHasLocalRealm = 1;
- }
- }
- fclose(cnffile);
- }
- }
-
- if (result == KSUCCESS) {
- /*
- * We want to favor the profile value over the krb.conf value
- * but not stop suppporting its use with a v5-only profile.
- * So we only use the krb.conf realm when the default profile
- * realm doesn't exist in the v4 realm section of the profile.
- */
- if (krbConfHasLocalRealm && !profileDefaultRealmIsV4RealmInProfile) {
- strncpy (realm, krbConfLocalRealm, REALM_SZ);
- } else if (profileHasDefaultRealm) {
- strncpy (realm, profileDefaultRealm, REALM_SZ);
- } else {
- result = KFAILURE; /* No default realm */
- }
- }
-
- if (profileDefaultRealm != NULL) { profile_release_string (profileDefaultRealm); }
- if (profileV4Realms != NULL) { profile_free_list (profileV4Realms); }
- if (profile != NULL) { profile_abandon (profile); }
-
- return result;
-}
-
-/*
- * Realm, index -> admin KDC mapping
- *
- * Old description from g_admhst.c:
- *
- * Given a Kerberos realm, find a host on which the Kerberos database
- * administration server can be found.
- *
- * krb_get_admhst takes a pointer to be filled in, a pointer to the name
- * of the realm for which a server is desired, and an integer n, and
- * returns (in h) the nth administrative host entry from the configuration
- * file (KRB_CONF, defined in "krb.h") associated with the specified realm.
- * If ATHENA_CONF_FALLBACK is defined, also look in old location.
- *
- * On error, get_admhst returns KFAILURE. If all goes well, the routine
- * returns KSUCCESS.
- *
- * For the format of the KRB_CONF file, see comments describing the routine
- * krb_get_krbhst().
- *
- * This is a temporary hack to allow us to find the nearest system running
- * a Kerberos admin server. In the long run, this functionality will be
- * provided by a nameserver.
- */
-int KRB5_CALLCONV
-krb_get_admhst(
- char *host,
- char *realm,
- int n)
-{
- int result;
- int i;
- FILE *cnffile;
- char linebuf[BUFSIZ];
- char trealm[SCRATCHSZ];
- char thost[SCRATCHSZ];
- char scratch[SCRATCHSZ];
-
- if (n < 1 || host == NULL || realm == NULL)
- return KFAILURE;
-
- result = krb_prof_get_nth(host, MAXHOSTNAMELEN, realm, n,
- REALMS_V4_PROF_REALMS_SECTION,
- REALMS_V4_PROF_ADMIN_KDC);
- if (result == KSUCCESS)
- return result;
-
- /*
- * Do old-style config file lookup.
- */
- cnffile = krb__get_cnffile();
- if (cnffile == NULL)
- return KFAILURE;
- result = KSUCCESS;
- for (i = 0; i < n;) {
- if (fgets(linebuf, BUFSIZ, cnffile) == NULL) {
- result = KFAILURE;
- break;
- }
- if (!strchr(linebuf, '\n')) {
- result = KFAILURE;
- break;
- }
- /*
- * Need to scan for a token after 'admin' to make sure that
- * admin matched correctly.
- */
- if (sscanf(linebuf, SCNSCRATCH " " SCNSCRATCH " admin " SCNSCRATCH,
- trealm, thost, scratch) != 3)
- continue;
- if (!strcmp(trealm, realm))
- i++;
- }
- fclose(cnffile);
- if (result == KSUCCESS && strlen(thost) < MAX_HSTNM)
- strcpy(host, thost);
- else
- result = KFAILURE;
- return result;
-}
-
-/*
- * Realm, index -> kpasswd KDC mapping
- */
-int
-krb_get_kpasswdhst(
- char *host,
- char *realm,
- int n)
-{
- if (n < 1 || host == NULL || realm == NULL)
- return KFAILURE;
-
- return krb_prof_get_nth(host, MAXHOSTNAMELEN, realm, n,
- REALMS_V4_PROF_REALMS_SECTION,
- REALMS_V4_PROF_KPASSWD_KDC);
-}
-
-/*
- * Realm, index -> KDC mapping
- *
- * Old description from g_krbhst.c:
- *
- * Given a Kerberos realm, find a host on which the Kerberos authenti-
- * cation server can be found.
- *
- * krb_get_krbhst takes a pointer to be filled in, a pointer to the name
- * of the realm for which a server is desired, and an integer, n, and
- * returns (in h) the nth entry from the configuration file (KRB_CONF,
- * defined in "krb.h") associated with the specified realm.
- *
- * On end-of-file, krb_get_krbhst returns KFAILURE. If n=1 and the
- * configuration file does not exist, krb_get_krbhst will return KRB_HOST
- * (also defined in "krb.h"). If all goes well, the routine returnes
- * KSUCCESS.
- *
- * The KRB_CONF file contains the name of the local realm in the first
- * line (not used by this routine), followed by lines indicating realm/host
- * entries. The words "admin server" following the hostname indicate that
- * the host provides an administrative database server.
- * This will also look in KRB_FB_CONF if ATHENA_CONF_FALLBACK is defined.
- *
- * For example:
- *
- * ATHENA.MIT.EDU
- * ATHENA.MIT.EDU kerberos-1.mit.edu admin server
- * ATHENA.MIT.EDU kerberos-2.mit.edu
- * LCS.MIT.EDU kerberos.lcs.mit.edu admin server
- *
- * This is a temporary hack to allow us to find the nearest system running
- * kerberos. In the long run, this functionality will be provided by a
- * nameserver.
- */
-#ifdef KRB5_DNS_LOOKUP
-static struct {
- time_t when;
- char realm[REALM_SZ+1];
- struct srv_dns_entry *srv;
-} dnscache = { 0, { 0 }, 0 };
-#define DNS_CACHE_TIMEOUT 60 /* seconds */
-#endif
-
-int KRB5_CALLCONV
-krb_get_krbhst(
- char *host,
- const char *realm,
- int n)
-{
- int result;
- int i;
- FILE *cnffile;
- char linebuf[BUFSIZ];
- char tr[SCRATCHSZ];
- char scratch[SCRATCHSZ];
-#ifdef KRB5_DNS_LOOKUP
- time_t now;
-#endif
-
- if (n < 1 || host == NULL || realm == NULL)
- return KFAILURE;
-
-#ifdef KRB5_DNS_LOOKUP
- /* We'll only have this realm's info in the DNS cache if there is
- no data in the local config files.
-
- XXX The files could've been updated in the last few seconds.
- Do we care? */
- if (!strncmp(dnscache.realm, realm, REALM_SZ)
- && (time(&now), abs(dnscache.when - now) < DNS_CACHE_TIMEOUT)) {
- struct srv_dns_entry *entry;
-
- get_from_dnscache:
- /* n starts at 1, addrs indices run 0..naddrs */
- for (i = 1, entry = dnscache.srv; i < n && entry; i++)
- entry = entry->next;
- if (entry == NULL)
- return KFAILURE;
- if (strlen(entry->host) + 6 >= MAXHOSTNAMELEN)
- return KFAILURE;
- snprintf(host, MAXHOSTNAMELEN, "%s:%d", entry->host, entry->port);
- return KSUCCESS;
- }
-#endif
-
- result = krb_prof_get_nth(host, MAXHOSTNAMELEN, realm, n,
- REALMS_V4_PROF_REALMS_SECTION,
- REALMS_V4_PROF_KDC);
- if (result == KSUCCESS)
- return result;
- /*
- * Do old-style config file lookup.
- */
- do {
- cnffile = krb__get_cnffile();
- if (cnffile == NULL)
- break;
- /* Skip default realm name. */
- if (fscanf(cnffile, SCNSCRATCH, tr) == EOF) {
- fclose(cnffile);
- break;
- }
- result = KSUCCESS;
- for (i = 0; i < n;) {
- if (fgets(linebuf, BUFSIZ, cnffile) == NULL) {
- result = KFAILURE;
- break;
- }
- if (!strchr(linebuf, '\n')) {
- result = KFAILURE;
- break;
- }
- if ((sscanf(linebuf, SCNSCRATCH " " SCNSCRATCH,
- tr, scratch) != 2))
- continue;
- if (!strcmp(tr, realm))
- i++;
- }
- fclose(cnffile);
- if (result == KSUCCESS && strlen(scratch) < MAXHOSTNAMELEN) {
- strcpy(host, scratch);
- return KSUCCESS;
- }
- if (i > 0)
- /* Found some, but not as many as requested. */
- return KFAILURE;
- } while (0);
-#ifdef KRB5_DNS_LOOKUP
- do {
- krb5int_access k5;
- krb5_error_code err;
- krb5_data realmdat;
- struct srv_dns_entry *srv;
-
- err = krb5int_accessor(&k5, KRB5INT_ACCESS_VERSION);
- if (err)
- break;
-
- if (k5.use_dns_kdc(krb5__krb4_context)) {
- realmdat.data = realm;
- realmdat.length = strlen(realm);
- err = k5.make_srv_query_realm(&realmdat, "_kerberos-iv", "_udp",
- &srv);
- if (err)
- break;
-
- if (srv == 0)
- break;
-
- if (dnscache.srv)
- k5.free_srv_dns_data(dnscache.srv);
- dnscache.srv = srv;
- strncpy(dnscache.realm, realm, REALM_SZ);
- dnscache.when = now;
- goto get_from_dnscache;
- }
- } while (0);
-#endif
- return KFAILURE;
-}
-
-/*
- * Hostname -> realm name mapping
- *
- * Old description from realmofhost.c:
- *
- * Given a fully-qualified domain-style primary host name,
- * return the name of the Kerberos realm for the host.
- * If the hostname contains no discernable domain, or an error occurs,
- * return the local realm name, as supplied by get_krbrlm().
- * If the hostname contains a domain, but no translation is found,
- * the hostname's domain is converted to upper-case and returned.
- *
- * The format of each line of the translation file is:
- * domain_name kerberos_realm
- * -or-
- * host_name kerberos_realm
- *
- * domain_name should be of the form .XXX.YYY (e.g. .LCS.MIT.EDU)
- * host names should be in the usual form (e.g. FOO.BAR.BAZ)
- */
-char * KRB5_CALLCONV
-krb_realmofhost(char *host)
-{
- /* Argh! */
- static char realm[REALM_SZ];
- char *lhost;
- const char *names[] = {REALMS_V4_PROF_DOMAIN_SECTION, NULL, NULL};
- char **values = NULL;
- profile_t profile = NULL;
- long profErr;
- char hostname[MAXHOSTNAMELEN];
- char *p;
- char *domain;
- FILE *trans_file = NULL;
- int retval;
- char thost[SCRATCHSZ];
- char trealm[SCRATCHSZ];
- struct hostent *h;
-
- /* Return local realm if all else fails */
- krb_get_lrealm(realm, 1);
-
- /* Forward-resolve in case domain is missing. */
- h = gethostbyname(host);
- if (h == NULL)
- lhost = host;
- else
- lhost = h->h_name;
-
- if (strlen(lhost) >= MAXHOSTNAMELEN)
- return realm;
- strcpy(hostname, lhost);
-
- /* Remove possible trailing dot. */
- p = strrchr(hostname, '.');
- if (p != NULL && p[1] == '\0')
- *p = '\0';
- domain = strchr(hostname, '.');
- /*
- * If the hostname is just below the top, e.g., CYGNUS.COM, then
- * we special-case it; if someone really wants a realm called COM
- * they will just have to specify it properly.
- */
- if (domain != NULL) {
- domain++;
- p = strchr(domain, '.');
- if (p == NULL)
- domain = lhost;
- if (strlen(domain) < REALM_SZ) {
- strncpy(realm, domain, REALM_SZ);
- /* Upcase realm name. */
- for (p = hostname; *p != '\0'; p++) {
- if (*p > 0 && islower((unsigned char)*p))
- *p = toupper((unsigned char)*p);
- }
- }
- }
- /* Downcase hostname. */
- for (p = hostname; *p != '\0'; p++) {
- if (*p > 0 && isupper((unsigned char)*p))
- *p = tolower((unsigned char)*p);
- }
-
- profErr = krb_get_profile(&profile);
- if (profErr)
- goto cleanup;
-
- for (domain = hostname; domain != NULL && *domain != '\0';) {
- names[1] = domain;
- values = NULL;
- profErr = profile_get_values(profile, names, &values);
- if (!profErr && strlen(values[0]) < REALM_SZ) {
- /* Found, return it */
- strncpy(realm, values[0], REALM_SZ);
- profile_free_list(values);
- break;
- } else {
- /* Skip over leading dot. */
- if (*domain == '.')
- domain++;
- domain = strchr(domain, '.');
- }
- profile_free_list(values);
- }
-cleanup:
- if (profile != NULL)
- profile_abandon(profile);
-
- trans_file = krb__get_realmsfile();
- if (trans_file == NULL)
- return realm;
- domain = strchr(hostname, '.');
- for (;;) {
- retval = fscanf(trans_file, SCNSCRATCH " " SCNSCRATCH,
- thost, trealm);
- if (retval == EOF)
- break;
- if (retval != 2 || strlen(trealm) >= REALM_SZ)
- continue; /* Ignore malformed lines. */
- /* Attempt to match domain. */
- if (*thost == '.') {
- if (domain && !strcasecmp(thost, domain)) {
- strncpy(realm, trealm, REALM_SZ);
- continue; /* Try again for an exact match. */
- }
- } else {
- /* Hostname must match exactly. */
- if (!strcasecmp(thost, hostname)) {
- strncpy(realm, trealm, REALM_SZ);
- break;
- }
- }
- }
- fclose(trans_file);
- return realm;
-}
Deleted: branches/mskrb-integ/src/lib/krb4/ad_print.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/ad_print.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/ad_print.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,85 +0,0 @@
-/*
- * lib/krb4/ad_print.c
- *
- * Copyright 1988 by the Massachusetts Institute of Technology. All
- * Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include "des.h"
-#include "krb4int.h"
-#include <stdio.h>
-#include "port-sockets.h"
-
-#ifndef _WIN32
-
-/*
- * Print some of the contents of the given authenticator structure
- * (AUTH_DAT defined in "krb.h"). Fields printed are:
- *
- * pname, pinst, prealm, netaddr, flags, cksum, timestamp, session
- */
-
-void
-ad_print(x)
- AUTH_DAT *x;
-{
- struct in_addr ina;
- ina.s_addr = x->address;
-
- printf("\n%s %s %s ", x->pname, x->pinst, x->prealm);
- far_fputs (inet_ntoa(ina), stdout);
- printf(" flags %u cksum 0x%lX\n\ttkt_tm 0x%lX sess_key",
- x->k_flags, (long) x->checksum, (long) x->time_sec);
- printf("[8] =");
-#ifdef NOENCRYPTION
- placebo_cblock_print(x->session);
-#else /* Do Encryption */
- des_cblock_print_file(&x->session,stdout);
-#endif /* NOENCRYPTION */
- /* skip reply for now */
-}
-
-#ifdef NOENCRYPTION
-/*
- * Print in hex the 8 bytes of the given session key.
- *
- * Printed format is: " 0x { x, x, x, x, x, x, x, x }"
- */
-
-placebo_cblock_print(x)
- des_cblock x;
-{
- unsigned char *y = (unsigned char *) x;
- register int i = 0;
-
- printf(" 0x { ");
-
- while (i++ <8) {
- printf("%x",*y++);
- if (i<8) printf(", ");
- }
- printf(" }");
-}
-#endif /* NOENCRYPTION */
-
-#endif
Deleted: branches/mskrb-integ/src/lib/krb4/change_password.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/change_password.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/change_password.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,127 +0,0 @@
-/*
- * change_password.c
- *
- * Copyright 1987, 1988, 2002 by the Massachusetts Institute of
- * Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include <string.h>
-#include <stdlib.h>
-
-#include "krb.h"
-#include "krb4int.h"
-#include "kadm.h"
-#include "prot.h"
-
-/*
- * krb_change_password(): This disgusting function handles changing passwords
- * in a krb4-only environment.
- * -1783126240
- * THIS IS NOT A NORMAL KRB4 API FUNCTION! DON'T USE IN PORTABLE CODE!
- */
-
-int KRB5_CALLCONV
-krb_change_password(char *principal, char *instance, char *realm,
- char *oldPassword, char *newPassword)
-{
- int err;
- des_cblock key;
- KRB_UINT32 tempKey;
- size_t sendSize;
- u_char *sendStream;
- size_t receiveSize;
- u_char *receiveStream;
- Kadm_Client client_parm;
- u_char *p;
-
- err = 0;
-
- /* Check inputs: */
- if (principal == NULL || instance == NULL || realm == NULL ||
- oldPassword == NULL || newPassword == NULL) {
- return KFAILURE;
- }
-
- /*
- * Get tickets to change the old password and shove them in the
- * client_parm
- */
- err = krb_get_pw_in_tkt_creds(principal, instance, realm,
- PWSERV_NAME, KADM_SINST, 1,
- oldPassword, &client_parm.creds);
- if (err != KSUCCESS)
- goto cleanup;
-
- /* Now create the key to send to the server */
- /* Use this and not mit_password_to_key so that we don't prompt */
- des_string_to_key(newPassword, key);
-
- /* Create the link to the server */
- err = kadm_init_link(PWSERV_NAME, KRB_MASTER, realm, &client_parm, 1);
- if (err != KADM_SUCCESS)
- goto cleanup;
-
- /* Connect to the KDC */
- err = kadm_cli_conn(&client_parm);
- if (err != KADM_SUCCESS)
- goto cleanup;
-
- /* possible problem with vts_long on a non-multiple of four boundary */
- sendSize = 0; /* start of our output packet */
- sendStream = malloc(1); /* to make it reallocable */
- if (sendStream == NULL)
- goto disconnect;
- sendStream[sendSize++] = CHANGE_PW;
-
- /* change key to stream */
- /* This looks backwards but gets inverted on the server side. */
- p = key + 4;
- KRB4_GET32BE(tempKey, p);
- sendSize += vts_long(tempKey, &sendStream, (int)sendSize);
- p = key;
- KRB4_GET32BE(tempKey, p);
- sendSize += vts_long(tempKey, &sendStream, (int)sendSize);
- tempKey = 0;
-
- if (newPassword) {
- sendSize += vts_string(newPassword, &sendStream, (int)sendSize);
- }
-
- /* send the data to the kdc */
- err = kadm_cli_send(&client_parm, sendStream, sendSize,
- &receiveStream, &receiveSize);
- free(sendStream);
- if (receiveSize > 0)
- /* If there is a string from the kdc, free it - we don't care */
- free(receiveStream);
- if (err != KADM_SUCCESS)
- goto disconnect;
-
-disconnect:
- /* Disconnect */
- kadm_cli_disconn(&client_parm);
-
-cleanup:
- memset(&client_parm.creds.session, 0, sizeof(client_parm.creds.session));
- memset(&key, 0, sizeof(key));
- return err;
-}
Deleted: branches/mskrb-integ/src/lib/krb4/cr_auth_repl.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/cr_auth_repl.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/cr_auth_repl.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,136 +0,0 @@
-/*
- * lib/krb4/cr_auth_repl.c
- *
- * Copyright 1985, 1986, 1987, 1988, 2000 by the Massachusetts
- * Institute of Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include "prot.h"
-#include <string.h>
-
-/*
- * This routine is called by the Kerberos authentication server
- * to create a reply to an authentication request. The routine
- * takes the user's name, instance, and realm, the client's
- * timestamp, the number of tickets, the user's key version
- * number and the ciphertext containing the tickets themselves.
- * It constructs a packet and returns a pointer to it.
- *
- * Notes: The packet returned by this routine is static. Thus, if you
- * intend to keep the result beyond the next call to this routine, you
- * must copy it elsewhere.
- *
- * The packet is built in the following format:
- *
- * variable
- * type or constant data
- * ---- ----------- ----
- *
- * unsigned char KRB_PROT_VERSION protocol version number
- *
- * unsigned char AUTH_MSG_KDC_REPLY protocol message type
- *
- * [least significant HOST_BYTE_ORDER sender's (server's) byte
- * bit of above field] order
- *
- * string pname principal's name
- *
- * string pinst principal's instance
- *
- * string prealm principal's realm
- *
- * unsigned long time_ws client's timestamp
- *
- * unsigned char n number of tickets
- *
- * unsigned long x_date expiration date
- *
- * unsigned char kvno master key version
- *
- * short w_1 cipher length
- *
- * --- cipher->dat cipher data
- */
-
-KTEXT
-create_auth_reply(pname, pinst, prealm, time_ws, n, x_date, kvno, cipher)
- char *pname; /* Principal's name */
- char *pinst; /* Principal's instance */
- char *prealm; /* Principal's authentication domain */
- long time_ws; /* Workstation time */
- int n; /* Number of tickets */
- unsigned long x_date; /* Principal's expiration date */
- int kvno; /* Principal's key version number */
- KTEXT cipher; /* Cipher text with tickets and
- * session keys */
-{
- static KTEXT_ST pkt_st;
- KTEXT pkt = &pkt_st;
- unsigned char *p;
- size_t pnamelen, pinstlen, prealmlen;
-
- /* Create fixed part of packet */
- p = pkt->dat;
- /* This is really crusty. */
- if (n != 0)
- *p++ = 3;
- else
- *p++ = KRB_PROT_VERSION;
- *p++ = AUTH_MSG_KDC_REPLY; /* always big-endian */
-
- /* Make sure the response will actually fit into its buffer. */
- pnamelen = strlen(pname) + 1;
- pinstlen = strlen(pinst) + 1;
- prealmlen = strlen(prealm) + 1;
- if (sizeof(pkt->dat) < (1 + 1 + pnamelen + pinstlen + prealmlen
- + 4 + 1 + 4 + 1 + 2 + cipher->length)
- || cipher->length > 65535 || cipher->length < 0) {
- pkt->length = 0;
- return NULL;
- }
- /* Add the basic info */
- memcpy(p, pname, pnamelen);
- p += pnamelen;
- memcpy(p, pinst, pinstlen);
- p += pinstlen;
- memcpy(p, prealm, prealmlen);
- p += prealmlen;
-
- /* Workstation timestamp */
- KRB4_PUT32BE(p, time_ws);
-
- *p++ = n;
-
- /* Expiration date */
- KRB4_PUT32BE(p, x_date);
-
- /* Now send the ciphertext and info to help decode it */
- *p++ = kvno;
- KRB4_PUT16BE(p, cipher->length);
- memcpy(p, cipher->dat, (size_t)cipher->length);
- p += cipher->length;
-
- /* And return the packet */
- pkt->length = p - pkt->dat;
- return pkt;
-}
Deleted: branches/mskrb-integ/src/lib/krb4/cr_ciph.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/cr_ciph.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/cr_ciph.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,136 +0,0 @@
-/*
- * lib/krb4/cr_ciph.c
- *
- * Copyright 1986, 1987, 1988, 2000 by the Massachusetts Institute of
- * Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include "prot.h"
-#include "des.h"
-#include <string.h>
-
-/*
- * This routine is used by the authentication server to create
- * a packet for its client, containing a ticket for the requested
- * service (given in "tkt"), and some information about the ticket,
-#ifndef NOENCRYPTION
- * all encrypted in the given key ("key").
-#endif
- *
- * Returns KSUCCESS no matter what.
- *
- * The length of the cipher is stored in c->length; the format of
- * c->dat is as follows:
- *
- * variable
- * type or constant data
- * ---- ----------- ----
- *
- *
- * 8 bytes session session key for client, service
- *
- * string service service name
- *
- * string instance service instance
- *
- * string realm KDC realm
- *
- * unsigned char life ticket lifetime
- *
- * unsigned char kvno service key version number
- *
- * unsigned char tkt->length length of following ticket
- *
- * data tkt->dat ticket for service
- *
- * 4 bytes kdc_time KDC's timestamp
- *
- * <=7 bytes null null pad to 8 byte multiple
- *
- */
-
-int
-create_ciph(c, session, service, instance, realm, life, kvno, tkt,
- kdc_time, key)
- KTEXT c; /* Text block to hold ciphertext */
- C_Block session; /* Session key to send to user */
- char *service; /* Service name on ticket */
- char *instance; /* Instance name on ticket */
- char *realm; /* Realm of this KDC */
- unsigned long life; /* Lifetime of the ticket */
- int kvno; /* Key version number for service */
- KTEXT tkt; /* The ticket for the service */
- unsigned long kdc_time; /* KDC time */
- C_Block key; /* Key to encrypt ciphertext with */
-{
- unsigned char *ptr;
- size_t servicelen, instancelen, realmlen;
- Key_schedule key_s;
-
- ptr = c->dat;
-
- /* Validate lengths. */
- servicelen = strlen(service) + 1;
- instancelen = strlen(instance) + 1;
- realmlen = strlen(realm) + 1;
- if (sizeof(c->dat) / 8 < ((8 + servicelen + instancelen + realmlen
- + 1 + 1 + 1 + tkt->length
- + 4 + 7) / 8)
- || tkt->length > 255 || tkt->length < 0) {
- c->length = 0;
- return KFAILURE;
- }
-
- memcpy(ptr, session, 8);
- ptr += 8;
-
- memcpy(ptr, service, servicelen);
- ptr += servicelen;
- memcpy(ptr, instance, instancelen);
- ptr += instancelen;
- memcpy(ptr, realm, realmlen);
- ptr += realmlen;
-
- *ptr++ = life;
- *ptr++ = kvno;
- *ptr++ = tkt->length;
-
- memcpy(ptr, tkt->dat, (size_t)tkt->length);
- ptr += tkt->length;
-
- KRB4_PUT32BE(ptr, kdc_time);
-
- /* guarantee null padded encrypted data to multiple of 8 bytes */
- memset(ptr, 0, 7);
-
- c->length = (((ptr - c->dat) + 7) / 8) * 8;
-
-#ifndef NOENCRYPTION
- key_sched(key, key_s);
- pcbc_encrypt((C_Block *)c->dat, (C_Block *)c->dat,
- (long)c->length, key_s, (C_Block*)key, ENCRYPT);
- memset(key_s, 0, sizeof(key_s));
-#endif /* NOENCRYPTION */
-
- return KSUCCESS;
-}
Deleted: branches/mskrb-integ/src/lib/krb4/cr_death_pkt.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/cr_death_pkt.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/cr_death_pkt.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,78 +0,0 @@
-/*
- * lib/krb4/cr_death_pkt.c
- *
- * Copyright 1985, 1986, 1987, 1988, 2000 by the Massachusetts
- * Institute of Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include "prot.h"
-#include <string.h>
-
-/*
- * This routine creates a packet to type AUTH_MSG_DIE which is sent to
- * the Kerberos server to make it shut down. It is used only in the
- * development environment.
- *
- * It takes a string "a_name" which is sent in the packet. A pointer
- * to the packet is returned.
- *
- * The format of the killer packet is:
- *
- * type variable data
- * or constant
- * ---- ----------- ----
- *
- * unsigned char KRB_PROT_VERSION protocol version number
- *
- * unsigned char AUTH_MSG_DIE message type
- *
- * [least significant HOST_BYTE_ORDER byte order of sender
- * bit of above field]
- *
- * string a_name presumably, name of
- * principal sending killer
- * packet
- */
-
-#ifdef DEBUG
-KTEXT
-krb_create_death_packet(a_name)
- char *a_name;
-{
- static KTEXT_ST pkt_st;
- KTEXT pkt = &pkt_st;
- unsigned char *p;
- size_t namelen;
-
- p = pkt->dat;
- *p++ = KRB_PROT_VERSION;
- *p++ = AUTH_MSG_DIE;
- namelen = strlen(a_name) + 1;
- if (1 + 1 + namelen > sizeof(pkt->dat))
- return NULL;
- memcpy(p, a_name, namelen);
- p += namelen;
- pkt->length = p - pkt->dat;
- return pkt;
-}
-#endif /* DEBUG */
Deleted: branches/mskrb-integ/src/lib/krb4/cr_err_repl.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/cr_err_repl.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/cr_err_repl.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,110 +0,0 @@
-/*
- * lib/krb4/cr_err_repl.c
- *
- * Copyright 1985, 1986, 1987, 1988, 2000 by the Massachusetts
- * Institute of Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include "prot.h"
-#include <string.h>
-
-/*
- * This routine is used by the Kerberos authentication server to
- * create an error reply packet to send back to its client.
- *
- * It takes a pointer to the packet to be built, the name, instance,
- * and realm of the principal, the client's timestamp, an error code
- * and an error string as arguments. Its return value is undefined.
- *
- * The packet is built in the following format:
- *
- * type variable data
- * or constant
- * ---- ----------- ----
- *
- * unsigned char req_ack_vno protocol version number
- *
- * unsigned char AUTH_MSG_ERR_REPLY protocol message type
- *
- * [least significant HOST_BYTE_ORDER sender's (server's) byte
- * bit of above field] order
- *
- * string pname principal's name
- *
- * string pinst principal's instance
- *
- * string prealm principal's realm
- *
- * unsigned long time_ws client's timestamp
- *
- * unsigned long e error code
- *
- * string e_string error text
- */
-
-void
-cr_err_reply(pkt,pname,pinst,prealm,time_ws,e,e_string)
- KTEXT pkt;
- char *pname; /* Principal's name */
- char *pinst; /* Principal's instance */
- char *prealm; /* Principal's authentication domain */
- u_long time_ws; /* Workstation time */
- u_long e; /* Error code */
- char *e_string; /* Text of error */
-{
- unsigned char *p;
- size_t pnamelen, pinstlen, prealmlen, e_stringlen;
-
- p = pkt->dat;
- *p++ = KRB_PROT_VERSION;
- *p++ = AUTH_MSG_ERR_REPLY;
-
- /* Make sure the reply will fit into the buffer. */
- pnamelen = strlen(pname) + 1;
- pinstlen = strlen(pinst) + 1;
- prealmlen = strlen(prealm) + 1;
- e_stringlen = strlen(e_string) + 1;
- if(sizeof(pkt->dat) < (1 + 1 + pnamelen + pinstlen + prealmlen
- + 4 + 4 + e_stringlen)) {
- pkt->length = 0;
- return;
- }
- /* Add the basic info */
- memcpy(p, pname, pnamelen);
- p += pnamelen;
- memcpy(p, pinst, pinstlen);
- p += pinstlen;
- memcpy(p, prealm, prealmlen);
- p += prealmlen;
- /* ws timestamp */
- KRB4_PUT32BE(p, time_ws);
- /* err code */
- KRB4_PUT32BE(p, e);
- /* err text */
- memcpy(p, e_string, e_stringlen);
- p += e_stringlen;
-
- /* And return */
- pkt->length = p - pkt->dat;
- return;
-}
Deleted: branches/mskrb-integ/src/lib/krb4/cr_tkt.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/cr_tkt.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/cr_tkt.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,254 +0,0 @@
-/*
- * lib/krb4/cr_tkt.c
- *
- * Copyright 1985, 1986, 1987, 1988, 2000 by the Massachusetts
- * Institute of Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include <krb5.h>
-#include "des.h"
-#include "krb.h"
-#include "prot.h"
-#include <string.h>
-#include "port-sockets.h"
-
-static int
-krb_cr_tkt_int (KTEXT tkt, unsigned int flags_in, char *pname,
- char *pinstance, char *prealm, long paddress,
- char *session, int life, long time_sec,
- char *sname, char *sinstance);
-
-/*
- * Create ticket takes as arguments information that should be in a
- * ticket, and the KTEXT object in which the ticket should be
- * constructed. It then constructs a ticket and returns, leaving the
- * newly created ticket in tkt.
-#ifndef NOENCRYPTION
- * The data in tkt->dat is encrypted in the server's key.
-#endif
- * The length of the ticket is a multiple of
- * eight bytes and is in tkt->length.
- *
- * If the ticket is too long, the ticket will contain nulls.
- * The return value of the routine is undefined.
- *
- * The corresponding routine to extract information from a ticket it
- * decomp_ticket. When changes are made to this routine, the
- * corresponding changes should also be made to that file.
- *
- * The packet is built in the following format:
- *
- * variable
- * type or constant data
- * ---- ----------- ----
- *
- * tkt->length length of ticket (multiple of 8 bytes)
- *
-#ifdef NOENCRYPTION
- * tkt->dat:
-#else
- * tkt->dat: (encrypted in server's key)
-#endif
- *
- * unsigned char flags namely, HOST_BYTE_ORDER
- *
- * string pname client's name
- *
- * string pinstance client's instance
- *
- * string prealm client's realm
- *
- * 4 bytes paddress client's address
- *
- * 8 bytes session session key
- *
- * 1 byte life ticket lifetime
- *
- * 4 bytes time_sec KDC timestamp
- *
- * string sname service's name
- *
- * string sinstance service's instance
- *
- * <=7 bytes null null pad to 8 byte multiple
- *
- */
-int
-krb_create_ticket(tkt, flags, pname, pinstance, prealm, paddress,
- session, life, time_sec, sname, sinstance, key)
- KTEXT tkt; /* Gets filled in by the ticket */
- unsigned int flags; /* Various Kerberos flags */
- char *pname; /* Principal's name */
- char *pinstance; /* Principal's instance */
- char *prealm; /* Principal's authentication domain */
- long paddress; /* Net address of requesting entity */
- char *session; /* Session key inserted in ticket */
- int life; /* Lifetime of the ticket */
- long time_sec; /* Issue time and date */
- char *sname; /* Service Name */
- char *sinstance; /* Instance Name */
- C_Block key; /* Service's secret key */
-{
- int kerr;
- Key_schedule key_s;
-
- kerr = krb_cr_tkt_int(tkt, flags, pname, pinstance, prealm, paddress,
- session, life, time_sec, sname, sinstance);
- if (kerr)
- return kerr;
-
- /* Encrypt the ticket in the services key */
- key_sched(key, key_s);
- pcbc_encrypt((C_Block *)tkt->dat, (C_Block *)tkt->dat,
- (long)tkt->length, key_s, (C_Block *)key, 1);
- memset(key_s, 0, sizeof(key_s));
- return 0;
-}
-
-int
-krb_cr_tkt_krb5(tkt, flags, pname, pinstance, prealm, paddress,
- session, life, time_sec, sname, sinstance, k5key)
- KTEXT tkt; /* Gets filled in by the ticket */
- unsigned int flags; /* Various Kerberos flags */
- char *pname; /* Principal's name */
- char *pinstance; /* Principal's instance */
- char *prealm; /* Principal's authentication domain */
- long paddress; /* Net address of requesting entity */
- char *session; /* Session key inserted in ticket */
- int life; /* Lifetime of the ticket */
- long time_sec; /* Issue time and date */
- char *sname; /* Service Name */
- char *sinstance; /* Instance Name */
- krb5_keyblock *k5key; /* NULL if not present */
-{
- int kerr;
- krb5_data in;
- krb5_enc_data out;
- krb5_error_code ret;
- size_t enclen;
-
- kerr = krb_cr_tkt_int(tkt, flags, pname, pinstance, prealm,
- paddress, session, life, time_sec,
- sname, sinstance);
- if (kerr)
- return kerr;
-
- /* Encrypt the ticket in the services key */
- in.length = tkt->length;
- in.data = (char *)tkt->dat;
- /* XXX assumes context arg is ignored */
- ret = krb5_c_encrypt_length(NULL, k5key->enctype,
- (size_t)in.length, &enclen);
- if (ret)
- return KFAILURE;
- out.ciphertext.length = enclen;
- out.ciphertext.data = malloc(enclen);
- if (out.ciphertext.data == NULL)
- return KFAILURE; /* XXX maybe ENOMEM? */
-
- /* XXX assumes context arg is ignored */
- ret = krb5_c_encrypt(NULL, k5key, KRB5_KEYUSAGE_KDC_REP_TICKET,
- NULL, &in, &out);
- if (ret) {
- free(out.ciphertext.data);
- return KFAILURE;
- } else {
- tkt->length = out.ciphertext.length;
- memcpy(tkt->dat, out.ciphertext.data, out.ciphertext.length);
- memset(out.ciphertext.data, 0, out.ciphertext.length);
- free(out.ciphertext.data);
- }
- return 0;
-}
-
-static int
-krb_cr_tkt_int(tkt, flags_in, pname, pinstance, prealm, paddress,
- session, life, time_sec, sname, sinstance)
- KTEXT tkt; /* Gets filled in by the ticket */
- unsigned int flags_in; /* Various Kerberos flags */
- char *pname; /* Principal's name */
- char *pinstance; /* Principal's instance */
- char *prealm; /* Principal's authentication domain */
- long paddress; /* Net address of requesting entity */
- char *session; /* Session key inserted in ticket */
- int life; /* Lifetime of the ticket */
- long time_sec; /* Issue time and date */
- char *sname; /* Service Name */
- char *sinstance; /* Instance Name */
-{
- register unsigned char *data; /* running index into ticket */
- size_t pnamelen, pinstlen, prealmlen, snamelen, sinstlen;
- struct in_addr paddr;
-
- /* Be really paranoid. */
- if (sizeof(paddr.s_addr) != 4)
- return KFAILURE;
-
- tkt->length = 0; /* Clear previous data */
-
- /* Check length of ticket */
- pnamelen = strlen(pname) + 1;
- pinstlen = strlen(pinstance) + 1;
- prealmlen = strlen(prealm) + 1;
- snamelen = strlen(sname) + 1;
- sinstlen = strlen(sinstance) + 1;
- if (sizeof(tkt->dat) / 8 < ((1 + pnamelen + pinstlen + prealmlen
- + 4 /* address */
- + 8 /* session */
- + 1 /* life */
- + 4 /* issue time */
- + snamelen + sinstlen
- + 7) / 8) /* roundoff */
- || life > 255 || life < 0) {
- memset(tkt->dat, 0, sizeof(tkt->dat));
- return KFAILURE /* XXX */;
- }
-
- data = tkt->dat;
- *data++ = flags_in;
- memcpy(data, pname, pnamelen);
- data += pnamelen;
- memcpy(data, pinstance, pinstlen);
- data += pinstlen;
- memcpy(data, prealm, prealmlen);
- data += prealmlen;
-
- paddr.s_addr = paddress;
- memcpy(data, &paddr.s_addr, sizeof(paddr.s_addr));
- data += sizeof(paddr.s_addr);
-
- memcpy(data, session, 8);
- data += 8;
- *data++ = life;
- /* issue time */
- KRB4_PUT32BE(data, time_sec);
-
- memcpy(data, sname, snamelen);
- data += snamelen;
- memcpy(data, sinstance, sinstlen);
- data += sinstlen;
-
- /* guarantee null padded ticket to multiple of 8 bytes */
- memset(data, 0, 7);
- tkt->length = ((data - tkt->dat + 7) / 8) * 8;
- return 0;
-}
Deleted: branches/mskrb-integ/src/lib/krb4/debug.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/debug.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/debug.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,15 +0,0 @@
-/*
- * debug.c
- *
- * Copyright 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- */
-
-#include "mit-copyright.h"
-
-/* Declare global debugging variables. */
-
-int krb_ap_req_debug = 0;
-int krb_debug = 0;
Deleted: branches/mskrb-integ/src/lib/krb4/decomp_tkt.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/decomp_tkt.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/decomp_tkt.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,295 +0,0 @@
-/*
- * lib/krb4/decomp_tkt.c
- *
- * Copyright 1985, 1986, 1987, 1988, 2000, 2001 by the Massachusetts
- * Institute of Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "des.h"
-#include "krb.h"
-#include "prot.h"
-#include <string.h>
-#include <krb5.h>
-#include "krb54proto.h"
-#include "port-sockets.h"
-
-#ifdef KRB_CRYPT_DEBUG
-extern int krb_debug;
-#endif
-
-static int dcmp_tkt_int (KTEXT tkt, unsigned char *flags,
- char *pname, char *pinstance, char *prealm,
- unsigned KRB4_32 *paddress, C_Block session,
- int *life, unsigned KRB4_32 *time_sec,
- char *sname, char *sinstance, C_Block key,
- Key_schedule key_s, krb5_keyblock *k5key);
-/*
- * This routine takes a ticket and pointers to the variables that
- * should be filled in based on the information in the ticket. It
-#ifndef NOENCRYPTION
- * decrypts the ticket using the given key, and
-#endif
- * fills in values for its arguments.
- *
- * Note: if the client realm field in the ticket is the null string,
- * then the "prealm" variable is filled in with the local realm (as
- * defined by KRB_REALM).
- *
- * If the ticket byte order is different than the host's byte order
- * (as indicated by the byte order bit of the "flags" field), then
- * the KDC timestamp "time_sec" is byte-swapped. The other fields
- * potentially affected by byte order, "paddress" and "session" are
- * not byte-swapped.
- *
- * The routine returns KFAILURE if any of the "pname", "pinstance",
- * or "prealm" fields is too big, otherwise it returns KSUCCESS.
- *
- * The corresponding routine to generate tickets is create_ticket.
- * When changes are made to this routine, the corresponding changes
- * should also be made to that file.
- *
- * See create_ticket.c for the format of the ticket packet.
- */
-
-int KRB5_CALLCONV /* XXX should this be exported on win32? */
-decomp_ticket(tkt, flags, pname, pinstance, prealm, paddress, session,
- life, time_sec, sname, sinstance, key, key_s)
- KTEXT tkt; /* The ticket to be decoded */
- unsigned char *flags; /* Kerberos ticket flags */
- char *pname; /* Authentication name */
- char *pinstance; /* Principal's instance */
- char *prealm; /* Principal's authentication domain */
- unsigned KRB4_32 *paddress; /* Net address of entity
- * requesting ticket */
- C_Block session; /* Session key inserted in ticket */
- int *life; /* Lifetime of the ticket */
- unsigned KRB4_32 *time_sec; /* Issue time and date */
- char *sname; /* Service name */
- char *sinstance; /* Service instance */
- C_Block key; /* Service's secret key
- * (to decrypt the ticket) */
- Key_schedule key_s; /* The precomputed key schedule */
-{
- return
- dcmp_tkt_int(tkt, flags, pname, pinstance, prealm,
- paddress, session, life, time_sec, sname, sinstance,
- key, key_s, NULL);
-}
-
-int
-decomp_tkt_krb5(tkt, flags, pname, pinstance, prealm, paddress, session,
- life, time_sec, sname, sinstance, k5key)
- KTEXT tkt; /* The ticket to be decoded */
- unsigned char *flags; /* Kerberos ticket flags */
- char *pname; /* Authentication name */
- char *pinstance; /* Principal's instance */
- char *prealm; /* Principal's authentication domain */
- unsigned KRB4_32 *paddress; /* Net address of entity
- * requesting ticket */
- C_Block session; /* Session key inserted in ticket */
- int *life; /* Lifetime of the ticket */
- unsigned KRB4_32 *time_sec; /* Issue time and date */
- char *sname; /* Service name */
- char *sinstance; /* Service instance */
- krb5_keyblock *k5key; /* krb5 keyblock of service */
-{
- C_Block key; /* placeholder; doesn't get used */
- Key_schedule key_s; /* placeholder; doesn't get used */
-
- return
- dcmp_tkt_int(tkt, flags, pname, pinstance, prealm, paddress, session,
- life, time_sec, sname, sinstance, key, key_s, k5key);
-}
-
-static int
-dcmp_tkt_int(tkt, flags, pname, pinstance, prealm, paddress, session,
- life, time_sec, sname, sinstance, key, key_s, k5key)
- KTEXT tkt; /* The ticket to be decoded */
- unsigned char *flags; /* Kerberos ticket flags */
- char *pname; /* Authentication name */
- char *pinstance; /* Principal's instance */
- char *prealm; /* Principal's authentication domain */
- unsigned KRB4_32 *paddress; /* Net address of entity
- * requesting ticket */
- C_Block session; /* Session key inserted in ticket */
- int *life; /* Lifetime of the ticket */
- unsigned KRB4_32 *time_sec; /* Issue time and date */
- char *sname; /* Service name */
- char *sinstance; /* Service instance */
- C_Block key; /* Service's secret key
- * (to decrypt the ticket) */
- Key_schedule key_s; /* The precomputed key schedule */
- krb5_keyblock *k5key; /* krb5 keyblock of service */
-{
- int tkt_le; /* little-endian ticket? */
- unsigned char *ptr = tkt->dat;
- int kret, len;
- struct in_addr paddr;
-
- /* Be really paranoid. */
- if (sizeof(paddr.s_addr) != 4)
- return KFAILURE;
-
-#ifndef NOENCRYPTION
- /* Do the decryption */
-#ifdef KRB_CRYPT_DEBUG
- if (krb_debug) {
- FILE *fp;
- char *keybuf[BUFSIZ]; /* Avoid secret stuff in stdio buffers */
-
- fp = fopen("/kerberos/tkt.des", "wb");
- setbuf(fp, keybuf);
- fwrite(tkt->dat, 1, tkt->length, fp);
- fclose(fp);
- memset(keybuf, 0, sizeof(keybuf)); /* Clear the buffer */
- }
-#endif
- if (k5key != NULL) {
- /* block locals */
- krb5_enc_data in;
- krb5_data out;
- krb5_error_code ret;
-
- in.enctype = k5key->enctype;
- in.kvno = 0;
- in.ciphertext.length = tkt->length;
- in.ciphertext.data = (char *)tkt->dat;
- out.length = tkt->length;
- out.data = malloc((size_t)tkt->length);
- if (out.data == NULL)
- return KFAILURE; /* XXX maybe ENOMEM? */
-
- /* XXX note the following assumes that context arg isn't used */
- ret =
- krb5_c_decrypt(NULL, k5key,
- KRB5_KEYUSAGE_KDC_REP_TICKET, NULL, &in, &out);
- if (ret) {
- free(out.data);
- return KFAILURE;
- } else {
- memcpy(tkt->dat, out.data, out.length);
- memset(out.data, 0, out.length);
- free(out.data);
- }
- } else {
- pcbc_encrypt((C_Block *)tkt->dat, (C_Block *)tkt->dat,
- (long)tkt->length, key_s, (C_Block *)key, 0);
- }
-#endif /* ! NOENCRYPTION */
-#ifdef KRB_CRYPT_DEBUG
- if (krb_debug) {
- FILE *fp;
- char *keybuf[BUFSIZ]; /* Avoid secret stuff in stdio buffers */
-
- fp = fopen("/kerberos/tkt.clear", "wb");
- setbuf(fp, keybuf);
- fwrite(tkt->dat, 1, tkt->length, fp);
- fclose(fp);
- memset(keybuf, 0, sizeof(keybuf)); /* Clear the buffer */
- }
-#endif
-
-#define TKT_REMAIN (tkt->length - (ptr - tkt->dat))
- kret = KFAILURE;
- if (TKT_REMAIN < 1)
- goto cleanup;
- *flags = *ptr++;
- tkt_le = (*flags >> K_FLAG_ORDER) & 1;
-
- len = krb4int_strnlen((char *)ptr, TKT_REMAIN) + 1;
- if (len <= 0 || len > ANAME_SZ)
- goto cleanup;
- memcpy(pname, ptr, (size_t)len);
- ptr += len;
-
- len = krb4int_strnlen((char *)ptr, TKT_REMAIN) + 1;
- if (len <= 0 || len > INST_SZ)
- goto cleanup;
- memcpy(pinstance, ptr, (size_t)len);
- ptr += len;
-
- len = krb4int_strnlen((char *)ptr, TKT_REMAIN) + 1;
- if (len <= 0 || len > REALM_SZ)
- goto cleanup;
- memcpy(prealm, ptr, (size_t)len);
- ptr += len;
-
- /*
- * This hack may be needed for some really krb4 servers, such as
- * AFS kaserver (?), that fail to fill in the realm of a ticket
- * under some circumstances.
- */
- if (*prealm == '\0')
- krb_get_lrealm(prealm, 1);
-
- /*
- * Ensure there's enough remaining in the ticket to get the
- * fixed-size stuff.
- */
- if (TKT_REMAIN < 4 + 8 + 1 + 4)
- goto cleanup;
-
- memcpy(&paddr.s_addr, ptr, sizeof(paddr.s_addr));
- ptr += sizeof(paddr.s_addr);
- *paddress = paddr.s_addr;
-
- memcpy(session, ptr, 8); /* session key */
- memset(ptr, 0, 8);
- ptr += 8;
-#ifdef notdef /* DONT SWAP SESSION KEY spm 10/22/86 */
- if (tkt_swap_bytes)
- swap_C_Block(session);
-#endif
-
- *life = *ptr++;
-
- KRB4_GET32(*time_sec, ptr, tkt_le);
-
- len = krb4int_strnlen((char *)ptr, TKT_REMAIN) + 1;
- if (len <= 0 || len > SNAME_SZ)
- goto cleanup;
- memcpy(sname, ptr, (size_t)len);
- ptr += len;
-
- len = krb4int_strnlen((char *)ptr, TKT_REMAIN) + 1;
- if (len <= 0 || len > INST_SZ)
- goto cleanup;
- memcpy(sinstance, ptr, (size_t)len);
- ptr += len;
- kret = KSUCCESS;
-
-#ifdef KRB_CRYPT_DEBUG
- if (krb_debug) {
- krb_log("service=%s.%s len(sname)=%d, len(sinstance)=%d",
- sname, sinstance, strlen(sname), strlen(sinstance));
- krb_log("ptr - tkt->dat=%d",(char *)ptr - (char *)tkt->dat);
- }
-#endif
-
-cleanup:
- if (kret != KSUCCESS) {
- memset(session, 0, sizeof(session));
- memset(tkt->dat, 0, (size_t)tkt->length);
- return kret;
- }
- return KSUCCESS;
-}
Deleted: branches/mskrb-integ/src/lib/krb4/dest_tkt.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/dest_tkt.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/dest_tkt.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,162 +0,0 @@
-/*
- * lib/krb4/dest_tkt.c
- *
- * Copyright 1985, 1986, 1987, 1988, 2000, 2001, 2007 by the Massachusetts
- * Institute of Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include <stdio.h>
-#include <string.h>
-#include <fcntl.h>
-#include <sys/stat.h>
-
-#include "k5-util.h"
-#define do_seteuid krb5_seteuid
-#include "k5-platform.h"
-
-#ifdef TKT_SHMEM
-#include <sys/param.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include <errno.h>
-
-#ifndef O_SYNC
-#define O_SYNC 0
-#endif
-
-/*
- * dest_tkt() is used to destroy the ticket store upon logout.
- * If the ticket file does not exist, dest_tkt() returns RET_TKFIL.
- * Otherwise the function returns RET_OK on success, KFAILURE on
- * failure.
- *
- * The ticket file (TKT_FILE) is defined in "krb.h".
- */
-
-int KRB5_CALLCONV
-dest_tkt()
-{
- const char *file = TKT_FILE;
- int i,fd;
- int ret;
- struct stat statpre, statpost;
- char buf[BUFSIZ];
- uid_t me, metoo;
-#ifdef TKT_SHMEM
- char shmidname[MAXPATHLEN];
- size_t shmidlen;
-#endif /* TKT_SHMEM */
-
- /* If ticket cache selector is null, use default cache. */
- if (file == 0)
- file = tkt_string();
-
- errno = 0;
- ret = KSUCCESS;
- me = getuid();
- metoo = geteuid();
-
- if (lstat(file, &statpre) < 0)
- return (errno == ENOENT) ? RET_TKFIL : KFAILURE;
- /*
- * This does not guard against certain cases that are vulnerable
- * to race conditions, such as world-writable or group-writable
- * directories that are not stickybitted, or untrusted path
- * components. In all other cases, the following checks should be
- * sufficient. It is assumed that the aforementioned certain
- * vulnerable cases are unlikely to arise on a well-administered
- * system where the user is not deliberately being stupid.
- */
- if (!(statpre.st_mode & S_IFREG) || me != statpre.st_uid
- || statpre.st_nlink != 1)
- return KFAILURE;
- /*
- * Yes, we do uid twiddling here. It's not optimal, but some
- * applications may expect that the ruid is what should really own
- * the ticket file, e.g. setuid applications.
- */
- if (me != metoo && do_seteuid(me) < 0)
- return KFAILURE;
- if ((fd = open(file, O_RDWR|O_SYNC, 0)) < 0) {
- ret = (errno == ENOENT) ? RET_TKFIL : KFAILURE;
- goto out;
- }
- set_cloexec_fd(fd);
- /*
- * Do some additional paranoid things. The worst-case situation
- * is that a user may be fooled into opening a non-regular file
- * briefly if the file is in a directory with improper
- * permissions.
- */
- if (fstat(fd, &statpost) < 0) {
- (void)close(fd);
- ret = KFAILURE;
- goto out;
- }
- if (statpre.st_dev != statpost.st_dev
- || statpre.st_ino != statpost.st_ino) {
- (void)close(fd);
- errno = 0;
- ret = KFAILURE;
- goto out;
- }
-
- memset(buf, 0, BUFSIZ);
- for (i = 0; i < statpost.st_size; i += BUFSIZ)
- if (write(fd, buf, BUFSIZ) != BUFSIZ) {
-#ifndef NO_FSYNC
- (void) fsync(fd);
-#endif
- (void) close(fd);
- goto out;
- }
-
-#ifndef NO_FSYNC
- (void) fsync(fd);
-#endif
- (void) close(fd);
-
- (void) unlink(file);
-
-out:
- if (me != metoo && do_seteuid(metoo) < 0)
- return KFAILURE;
- if (ret != KSUCCESS)
- return ret;
-
-#ifdef TKT_SHMEM
- /*
- * handle the shared memory case
- */
- shmidlen = strlen(file) + sizeof(".shm");
- if (shmidlen > sizeof(shmidname))
- return RET_TKFIL;
- (void)strcpy(shmidname, file);
- (void)strcat(shmidname, ".shm");
- return krb_shm_dest(shmidname);
-#else /* !TKT_SHMEM */
- return KSUCCESS;
-#endif /* !TKT_SHMEM */
-}
Deleted: branches/mskrb-integ/src/lib/krb4/err_txt.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/err_txt.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/err_txt.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,87 +0,0 @@
-/*
- * lib/krb4/err_txt.c
- *
- * Copyright 1988, 2002 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include "krb4int.h"
-
-/*
- * This is gross. We want krb_err_txt to match the contents of the
- * com_err error table, but the text is static in krb_err.c. We can't
- * alias it by making a pointer to it, either, so we have to suck in
- * another copy of it that is named differently. */
-#if TARGET_OS_MAC && !defined(DEPEND)
-#undef initialize_krb_error_table
-#define initialize_krb_error_table krb4int_init_krb_err_tbl
-void krb4int_init_krb_err_tbl(void);
-#include "krb_err.c"
-#undef initialize_krb_error_table
-
-/*
- * Depends on the name of the static table generated by compile_et,
- * but since this is only on Darwin, where we will always use a
- * certain compile_et, it should be ok.
- */
-const char * const * const krb_err_txt = text;
-#else
-#ifndef DEPEND
-/* Don't put this in auto-generated dependencies. */
-#include "krb_err_txt.c"
-#endif
-#endif
-
-void initialize_krb_error_table(void);
-
-static int inited = 0;
-
-void
-krb4int_et_init(void)
-{
- if (inited)
- return;
- add_error_table(&et_krb_error_table);
- inited = 1;\
-}
-
-void
-krb4int_et_fini(void)
-{
- if (inited)
- remove_error_table(&et_krb_error_table);
-}
-
-const char * KRB5_CALLCONV
-krb_get_err_text(code)
- int code;
-{
- krb4int_et_init();
- /*
- * Shift krb error code into com_err number space.
- */
- if (code >= 0 && code < MAX_KRB_ERRORS)
- return error_message(ERROR_TABLE_BASE_krb + code);
- else
- return "Invalid Kerberos error code";
-}
Deleted: branches/mskrb-integ/src/lib/krb4/et_errtxt.awk
===================================================================
--- branches/mskrb-integ/src/lib/krb4/et_errtxt.awk 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/et_errtxt.awk 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,71 +0,0 @@
-/^[ \t]*(error_table|et)[ \t]+[a-zA-Z][a-zA-Z0-9_]+/ {
- print "/*" > outfile
- print " * " outfile ":" > outfile
- print " * This file is automatically generated; please do not edit it." > outfile
- print " */" > outfile
- print "#if TARGET_OS_MAC" > outfile
- print "const char * const * const krb_err_txt" > outfile
- print "#else" > outfile
- print "const char * const krb_err_txt[]" > outfile
- print "#endif" > outfile
- print "\t= {" > outfile
- table_item_count = 0
-}
-
-(continuation == 1) && ($0 ~ /\\[ \t]*$/) {
- text=substr($0,1,length($0)-1);
-# printf "\t\t\"%s\"\n", text > outfile
- cont_buf=cont_buf text;
-}
-
-(continuation == 1) && ($0 ~ /"[ \t]*$/) {
-# "
-# printf "\t\t\"%s,\n", $0 > outfile
- printf "\t%s,\n", cont_buf $0 > outfile
- continuation = 0;
-}
-/^[ \t]*(error_code|ec)[ \t]+[A-Z_0-9]+,[ \t]*$/ {
- table_item_count++
- skipone=1
- next
-}
-
-/^[ \t]*(error_code|ec)[ \t]+[A-Z_0-9]+,[ \t]*".*"[ \t]*$/ {
- text=""
- for (i=3; i<=NF; i++) {
- text = text FS $i
- }
- text=substr(text,2,length(text)-1);
- printf "\t%s,\n", text > outfile
- table_item_count++
-}
-/^[ \t]*(error_code|ec)[ \t]+[A-Z_0-9]+,[ \t]*".*\\[ \t]*$/ {
- text=""
- for (i=3; i<=NF; i++) {
- text = text FS $i
- }
- text=substr(text,2,length(text)-2);
-# printf "\t%s\"\n", text > outfile
- cont_buf=text
- continuation++;
-}
-
-/^[ \t]*".*\\[ \t]*$/ {
- if (skipone) {
- text=substr($0,1,length($0)-1);
-# printf "\t%s\"\n", text > outfile
- cont_buf=text
- continuation++;
- }
- skipone=0
-}
-
-{
- if (skipone) {
- printf "\t%s,\n", $0 > outfile
- }
- skipone=0
-}
-END {
- print "};" > outfile
-}
Deleted: branches/mskrb-integ/src/lib/krb4/fgetst.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/fgetst.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/fgetst.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,38 +0,0 @@
-/*
- * fgetst.c
- *
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- */
-
-#include "mit-copyright.h"
-#include <stdio.h>
-#include "krb.h"
-#include "krb4int.h"
-
-/*
- * fgetst takes a file descriptor, a character pointer, and a count.
- * It reads from the file it has either read "count" characters, or
- * until it reads a null byte. When finished, what has been read exists
- * in "s". If "count" characters were actually read, the last is changed
- * to a null, so the returned string is always null-terminated. fgetst
- * returns the number of characters read, including the null terminator.
- */
-
-int
-fgetst(f, s, n)
- FILE *f;
- register char *s;
- int n;
-{
- register int count = n;
- int ch; /* NOT char; otherwise you don't see EOF */
-
- while ((ch = getc(f)) != EOF && ch && --count) {
- *s++ = ch;
- }
- *s = '\0';
- return (n - count);
-}
Deleted: branches/mskrb-integ/src/lib/krb4/g_ad_tkt.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/g_ad_tkt.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/g_ad_tkt.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,383 +0,0 @@
-/*
- * lib/krb4/g_ad_tkt.c
- *
- * Copyright 1986, 1987, 1988, 2000, 2001 by the Massachusetts
- * Institute of Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include "des.h"
-#include "krb4int.h"
-#include "prot.h"
-#include <string.h>
-
-#include <stdio.h>
-
-extern int krb_debug;
-extern int swap_bytes;
-
-/*
- * get_ad_tkt obtains a new service ticket from Kerberos, using
- * the ticket-granting ticket which must be in the ticket file.
- * It is typically called by krb_mk_req() when the client side
- * of an application is creating authentication information to be
- * sent to the server side.
- *
- * get_ad_tkt takes four arguments: three pointers to strings which
- * contain the name, instance, and realm of the service for which the
- * ticket is to be obtained; and an integer indicating the desired
- * lifetime of the ticket.
- *
- * It returns an error status if the ticket couldn't be obtained,
- * or AD_OK if all went well. The ticket is stored in the ticket
- * cache.
- *
- * The request sent to the Kerberos ticket-granting service looks
- * like this:
- *
- * pkt->dat
- *
- * TEXT original contents of authenticator+ticket
- * pkt->dat built in krb_mk_req call
- *
- * 4 bytes time_ws always 0 (?) FIXME!
- * char lifetime lifetime argument passed
- * string service service name argument
- * string sinstance service instance arg.
- *
- * See "prot.h" for the reply packet layout and definitions of the
- * extraction macros like pkt_version(), pkt_msg_type(), etc.
- */
-
-/*
- * g_ad_tk_parse()
- *
- * Parse the returned packet from the KDC.
- *
- * Note that the caller is responsible for clearing the returned
- * session key if there is an error; that makes the error handling
- * code a little less hairy.
- */
-static int
-g_ad_tkt_parse(KTEXT rpkt, C_Block tgtses, C_Block ses,
- char *s_name, char *s_instance, char *rlm,
- char *service, char *sinstance, char *realm,
- int *lifetime, int *kvno, KTEXT tkt,
- unsigned KRB4_32 *kdc_time,
- KRB4_32 *t_local)
-{
- unsigned char *ptr;
- unsigned int t_switch;
- int msg_byte_order;
- unsigned long rep_err_code;
- unsigned long cip_len;
- KTEXT_ST cip_st;
- KTEXT cip = &cip_st; /* Returned Ciphertext */
- Key_schedule key_s;
- int len, i;
- KRB4_32 t_diff; /* Difference between timestamps */
-
- ptr = rpkt->dat;
-#define RPKT_REMAIN (rpkt->length - (ptr - rpkt->dat))
- if (RPKT_REMAIN < 1 + 1)
- return INTK_PROT;
- /* check packet version of the returned packet */
- if (*ptr++ != KRB_PROT_VERSION)
- return INTK_PROT;
-
- /* This used to be
- switch (pkt_msg_type(rpkt) & ~1) {
- but SCO 3.2v4 cc compiled that incorrectly. */
- t_switch = *ptr++;
- /* Check byte order (little-endian == 1) */
- msg_byte_order = t_switch & 1;
- t_switch &= ~1;
- /*
- * Skip over some stuff (3 strings and various integers -- see
- * cr_auth_repl.c for details). Maybe we should actually verify
- * these?
- */
- for (i = 0; i < 3; i++) {
- len = krb4int_strnlen((char *)ptr, RPKT_REMAIN) + 1;
- if (len <= 0)
- return INTK_PROT;
- ptr += len;
- }
- switch (t_switch) {
- case AUTH_MSG_KDC_REPLY:
- if (RPKT_REMAIN < 4 + 1 + 4 + 1)
- return INTK_PROT;
- ptr += 4 + 1 + 4 + 1;
- break;
- case AUTH_MSG_ERR_REPLY:
- if (RPKT_REMAIN < 8)
- return INTK_PROT;
- ptr += 4;
- KRB4_GET32(rep_err_code, ptr, msg_byte_order);
- return rep_err_code;
-
- default:
- return INTK_PROT;
- }
-
- /* Extract the ciphertext */
- if (RPKT_REMAIN < 2)
- return INTK_PROT;
- KRB4_GET16(cip_len, ptr, msg_byte_order);
- if (RPKT_REMAIN < cip_len)
- return INTK_PROT;
- /*
- * RPKT_REMAIN will always be non-negative and at most the maximum
- * possible value of cip->length, so this assignment is safe.
- */
- cip->length = cip_len;
- memcpy(cip->dat, ptr, (size_t)cip->length);
- ptr += cip->length;
-
-#ifndef NOENCRYPTION
- /* Attempt to decrypt it */
-
- key_sched(tgtses, key_s);
- DEB (("About to do decryption ..."));
- pcbc_encrypt((C_Block *)cip->dat, (C_Block *)cip->dat,
- (long)cip->length, key_s, (C_Block *)tgtses, 0);
-#endif /* !NOENCRYPTION */
- /*
- * Stomp on key schedule. Caller should stomp on tgtses.
- */
- memset(key_s, 0, sizeof(key_s));
-
- ptr = cip->dat;
-#define CIP_REMAIN (cip->length - (ptr - cip->dat))
- if (CIP_REMAIN < 8)
- return RD_AP_MODIFIED;
- memcpy(ses, ptr, 8);
- /*
- * Stomp on decrypted session key immediately after copying it.
- */
- memset(ptr, 0, 8);
- ptr += 8;
-
- len = krb4int_strnlen((char *)ptr, CIP_REMAIN) + 1;
- if (len <= 0 || len > SNAME_SZ)
- return RD_AP_MODIFIED;
- memcpy(s_name, ptr, (size_t)len);
- ptr += len;
-
- len = krb4int_strnlen((char *)ptr, CIP_REMAIN) + 1;
- if (len <= 0 || len > INST_SZ)
- return RD_AP_MODIFIED;
- memcpy(s_instance, ptr, (size_t)len);
- ptr += len;
-
- len = krb4int_strnlen((char *)ptr, CIP_REMAIN) + 1;
- if (len <= 0 || len > REALM_SZ)
- return RD_AP_MODIFIED;
- memcpy(rlm, ptr, (size_t)len);
- ptr += len;
-
- if (strcmp(s_name, service) || strcmp(s_instance, sinstance)
- || strcmp(rlm, realm)) /* not what we asked for */
- return INTK_ERR; /* we need a better code here XXX */
-
- if (CIP_REMAIN < 1 + 1 + 1)
- return RD_AP_MODIFIED;
- *lifetime = *ptr++;
- *kvno = *ptr++;
- tkt->length = *ptr++;
-
- if (CIP_REMAIN < tkt->length)
- return RD_AP_MODIFIED;
- memcpy(tkt->dat, ptr, (size_t)tkt->length);
- ptr += tkt->length;
-
- /* Time (coarse) */
- if (CIP_REMAIN < 4)
- return RD_AP_MODIFIED;
- KRB4_GET32(*kdc_time, ptr, msg_byte_order);
-
- /* check KDC time stamp */
- *t_local = TIME_GMT_UNIXSEC;
- t_diff = *t_local - *kdc_time;
- if (t_diff < 0)
- t_diff = -t_diff; /* Absolute value of difference */
- if (t_diff > CLOCK_SKEW)
- return RD_AP_TIME; /* XXX should probably be better code */
-
- return 0;
-}
-
-int KRB5_CALLCONV
-get_ad_tkt(service, sinstance, realm, lifetime)
- char *service;
- char *sinstance;
- char *realm;
- int lifetime;
-{
- KTEXT_ST pkt_st;
- KTEXT pkt = & pkt_st; /* Packet to KDC */
- KTEXT_ST rpkt_st;
- KTEXT rpkt = &rpkt_st; /* Returned packet */
- KTEXT_ST tkt_st;
- KTEXT tkt = &tkt_st; /* Current ticket */
- C_Block ses; /* Session key for tkt */
- CREDENTIALS cr;
- int kvno; /* Kvno for session key */
- int kerror;
- char lrealm[REALM_SZ];
- KRB4_32 time_ws = 0;
- char s_name[SNAME_SZ];
- char s_instance[INST_SZ];
- char rlm[REALM_SZ];
- unsigned char *ptr;
- KRB4_32 t_local;
- struct sockaddr_in laddr;
- socklen_t addrlen;
- unsigned KRB4_32 kdc_time; /* KDC time */
- size_t snamelen, sinstlen;
-
- kerror = krb_get_tf_realm(TKT_FILE, lrealm);
-#if USE_LOGIN_LIBRARY
- if (kerror == GC_NOTKT) {
- /* No tickets... call krb_get_cred (KLL will prompt) and try again. */
- if ((kerror = krb_get_cred ("krbtgt", realm, realm, &cr)) == KSUCCESS) {
- /* Now get the realm again. */
- kerror = krb_get_tf_realm (TKT_FILE, lrealm);
- }
- }
-#endif
- if (kerror != KSUCCESS)
- return kerror;
-
- /* Create skeleton of packet to be sent */
- pkt->length = 0;
-
- /*
- * Look for the session key (and other stuff we don't need)
- * in the ticket file for krbtgt.realm at lrealm where "realm"
- * is the service's realm (passed in "realm" argument) and
- * "lrealm" is the realm of our initial ticket (the local realm).
- * If that fails, and the server's realm and the local realm are
- * the same thing, give up - no TGT available for local realm.
- *
- * If the server realm and local realm are different, though,
- * try getting a ticket-granting ticket for the server's realm,
- * i.e. a ticket for "krbtgt.alienrealm at lrealm", by calling get_ad_tkt().
- * If that succeeds, the ticket will be in ticket cache, get it
- * into the "cr" structure by calling krb_get_cred().
- */
- kerror = krb_get_cred("krbtgt", realm, lrealm, &cr);
- if (kerror != KSUCCESS) {
- /*
- * If realm == lrealm, we have no hope, so let's not even try.
- */
- if (strncmp(realm, lrealm, sizeof(lrealm)) == 0)
- return AD_NOTGT;
- else {
- kerror = get_ad_tkt("krbtgt", realm, lrealm, lifetime);
- if (kerror != KSUCCESS) {
- if (kerror == KDC_PR_UNKNOWN) /* no cross-realm ticket */
- return AD_NOTGT; /* So call it no ticket */
- return kerror;
- }
- kerror = krb_get_cred("krbtgt",realm,lrealm,&cr);
- if (kerror != KSUCCESS)
- return kerror;
- }
- }
-
- /*
- * Make up a request packet to the "krbtgt.realm at lrealm".
- * Start by calling krb_mk_req() which puts ticket+authenticator
- * into "pkt". Then tack other stuff on the end.
- */
- kerror = krb_mk_req(pkt, "krbtgt", realm, lrealm, 0L);
- if (kerror) {
- /* stomp stomp stomp */
- memset(cr.session, 0, sizeof(cr.session));
- return AD_NOTGT;
- }
-
- ptr = pkt->dat + pkt->length;
-
- snamelen = strlen(service) + 1;
- sinstlen = strlen(sinstance) + 1;
- if (sizeof(pkt->dat) - (ptr - pkt->dat) < (4 + 1
- + snamelen
- + sinstlen)) {
- /* stomp stomp stomp */
- memset(cr.session, 0, sizeof(cr.session));
- return INTK_ERR;
- }
-
- /* timestamp */ /* FIXME -- always 0 now, should we fill it in??? */
- KRB4_PUT32BE(ptr, time_ws);
-
- *ptr++ = lifetime;
-
- memcpy(ptr, service, snamelen);
- ptr += snamelen;
- memcpy(ptr, sinstance, sinstlen);
- ptr += sinstlen;
-
- pkt->length = ptr - pkt->dat;
-
- /* Send the request to the local ticket-granting server */
- rpkt->length = 0;
- addrlen = sizeof(laddr);
- kerror = krb4int_send_to_kdc_addr(pkt, rpkt, realm,
- (struct sockaddr *)&laddr, &addrlen);
-
- if (!kerror) {
- /* No error; parse return packet from KDC. */
- kerror = g_ad_tkt_parse(rpkt, cr.session, ses,
- s_name, s_instance, rlm,
- service, sinstance, realm,
- &lifetime, &kvno, tkt,
- &kdc_time, &t_local);
- }
- /*
- * Unconditionally stomp on cr.session because we don't need it
- * anymore.
- */
- memset(cr.session, 0, sizeof(cr.session));
- if (kerror) {
- /*
- * Stomp on ses for good measure, since g_ad_tkt_parse()
- * doesn't do that for us.
- */
- memset(ses, 0, sizeof(ses));
- return kerror;
- }
-
- kerror = krb4int_save_credentials_addr(s_name, s_instance, rlm,
- ses, lifetime, kvno, tkt,
- t_local,
- laddr.sin_addr.s_addr);
- /*
- * Unconditionally stomp on ses because we don't need it anymore.
- */
- memset(ses, 0, sizeof(ses));
- if (kerror)
- return kerror;
- return AD_OK;
-}
Deleted: branches/mskrb-integ/src/lib/krb4/g_cnffile.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/g_cnffile.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/g_cnffile.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,128 +0,0 @@
-/* Copyright 1994 Cygnus Support */
-/* Mark W. Eichin */
-/*
- * Permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation.
- * Cygnus Support makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-/* common code for looking at krb.conf and krb.realms file */
-/* this may be superceded by <gnu>'s work for the Mac port, but
- it solves a problem for now. */
-
-#include <stdio.h>
-#include "krb.h"
-#include "k5-int.h"
-#include "krb4int.h"
-
-krb5_context krb5__krb4_context = 0;
-
-static FILE*
-krb__v5_get_file(s)
- const char *s;
-{
- FILE *cnffile = 0;
- const char* names[3];
- char **full_name = 0, **cpp;
- krb5_error_code retval;
-
- if (!krb5__krb4_context)
- krb5_init_context(&krb5__krb4_context);
- names[0] = "libdefaults";
- names[1] = s;
- names[2] = 0;
- if (krb5__krb4_context) {
- retval = profile_get_values(krb5__krb4_context->profile, names,
- &full_name);
- if (retval == 0 && full_name && full_name[0]) {
- cnffile = fopen(full_name[0],"r");
- if (cnffile)
- set_cloexec_file(cnffile);
- for (cpp = full_name; *cpp; cpp++)
- krb5_xfree(*cpp);
- krb5_xfree(full_name);
- }
- }
- return cnffile;
-}
-
-char *
-krb__get_srvtabname(default_srvtabname)
- const char *default_srvtabname;
-{
- const char* names[3];
- char **full_name = 0, **cpp;
- krb5_error_code retval;
- static char retname[MAXPATHLEN];
-
- if (!krb5__krb4_context)
- krb5_init_context(&krb5__krb4_context);
- names[0] = "libdefaults";
- names[1] = "krb4_srvtab";
- names[2] = 0;
- if (krb5__krb4_context) {
- retval = profile_get_values(krb5__krb4_context->profile, names,
- &full_name);
- if (retval == 0 && full_name && full_name[0]) {
- retname[0] = '\0';
- strncat(retname, full_name[0], sizeof(retname));
- for (cpp = full_name; *cpp; cpp++)
- krb5_xfree(*cpp);
- krb5_xfree(full_name);
- return retname;
- }
- }
- retname[0] = '\0';
- strncat(retname, default_srvtabname, sizeof(retname));
- return retname;
-}
-
-FILE*
-krb__get_cnffile()
-{
- char *s;
- FILE *cnffile = 0;
- extern char *getenv();
-
- /* standard V4 override first */
- s = getenv("KRB_CONF");
- if (s) cnffile = fopen(s,"r");
- /* if that's wrong, use V5 config */
- if (!cnffile) cnffile = krb__v5_get_file("krb4_config");
- /* and if V5 config doesn't have it, go to hard-coded values */
- if (!cnffile) cnffile = fopen(KRB_CONF,"r");
-#ifdef ATHENA_CONF_FALLBACK
- if (!cnffile) cnffile = fopen(KRB_FB_CONF,"r");
-#endif
- if (cnffile)
- set_cloexec_file(cnffile);
- return cnffile;
-}
-
-
-FILE*
-krb__get_realmsfile()
-{
- FILE *realmsfile = 0;
- char *s;
-
- /* standard (not really) V4 override first */
- s = getenv("KRB_REALMS");
- if (s) realmsfile = fopen(s,"r");
- if (!realmsfile) realmsfile = krb__v5_get_file("krb4_realms");
- if (!realmsfile) realmsfile = fopen(KRB_RLM_TRANS, "r");
-
-#ifdef ATHENA_CONF_FALLBACK
- if (!realmsfile) realmsfile = fopen(KRB_FB_RLM_TRANS, "r");
-#endif
-
- if (realmsfile)
- set_cloexec_file(realmsfile);
-
- return realmsfile;
-}
Deleted: branches/mskrb-integ/src/lib/krb4/g_cred.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/g_cred.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/g_cred.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,58 +0,0 @@
-/*
- * g_cred.c
- *
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- */
-
-#include "mit-copyright.h"
-#include <stdio.h>
-#include <string.h>
-#include "krb.h"
-
-/*
- * krb_get_cred takes a service name, instance, and realm, and a
- * structure of type CREDENTIALS to be filled in with ticket
- * information. It then searches the ticket file for the appropriate
- * ticket and fills in the structure with the corresponding
- * information from the file. If successful, it returns KSUCCESS.
- * On failure it returns a Kerberos error code.
- */
-
-int KRB5_CALLCONV
-krb_get_cred(service,instance,realm,c)
- char *service; /* Service name */
- char *instance; /* Instance */
- char *realm; /* Auth domain */
- CREDENTIALS *c; /* Credentials struct */
-{
- int tf_status; /* return value of tf function calls */
-
- /* Open ticket file and lock it for shared reading */
- if ((tf_status = tf_init(TKT_FILE, R_TKT_FIL)) != KSUCCESS)
- return(tf_status);
-
- /* Copy principal's name and instance into the CREDENTIALS struc c */
-
- if ( (tf_status = tf_get_pname(c->pname)) != KSUCCESS ||
- (tf_status = tf_get_pinst(c->pinst)) != KSUCCESS )
- return (tf_status);
-
- /* Search for requested service credentials and copy into c */
-
- while ((tf_status = tf_get_cred(c)) == KSUCCESS) {
- /* Is this the right ticket? */
- if ((strcmp(c->service,service) == 0) &&
- (strcmp(c->instance,instance) == 0) &&
- (strcmp(c->realm,realm) == 0))
- break;
- }
- (void) tf_close();
-
- if (tf_status == EOF)
- return (GC_NOTKT);
- return(tf_status);
-}
Deleted: branches/mskrb-integ/src/lib/krb4/g_in_tkt.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/g_in_tkt.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/g_in_tkt.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,555 +0,0 @@
-/*
- * lib/krb4/g_in_tkt.c
- *
- * Copyright 1986-2002 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include "des.h"
-#include "krb4int.h"
-#include "prot.h"
-
-#include "port-sockets.h"
-#include <string.h>
-
-/* Define a couple of function types including parameters. These
- are needed on MS-Windows to convert arguments of the function pointers
- to the proper types during calls. These declarations are found
- in <krb-sed.h>, but the code below is too opaque if you can't also
- see them here. */
-#ifndef KEY_PROC_TYPE_DEFINED
-typedef int (*key_proc_type) (char *, char *, char *,
- char *, C_Block);
-#endif
-#ifndef DECRYPT_TKT_TYPE_DEFINED
-typedef int (*decrypt_tkt_type) (char *, char *, char *, char *,
- key_proc_type, KTEXT *);
-#endif
-
-static int decrypt_tkt(char *, char *, char *, char *, key_proc_type, KTEXT *);
-static int krb_mk_in_tkt_preauth(char *, char *, char *, char *, char *,
- int, char *, int, KTEXT, int *, struct sockaddr_in *);
-static int krb_parse_in_tkt_creds(char *, char *, char *, char *, char *,
- int, KTEXT, int, CREDENTIALS *);
-
-/*
- * decrypt_tkt(): Given user, instance, realm, passwd, key_proc
- * and the cipher text sent from the KDC, decrypt the cipher text
- * using the key returned by key_proc.
- */
-
-static int
-decrypt_tkt(user, instance, realm, arg, key_proc, cipp)
- char *user;
- char *instance;
- char *realm;
- char *arg;
- key_proc_type key_proc;
- KTEXT *cipp;
-{
- KTEXT cip = *cipp;
- C_Block key; /* Key for decrypting cipher */
- Key_schedule key_s;
- register int rc;
-
-#ifndef NOENCRYPTION
- /* Attempt to decrypt it */
-#endif
- /* generate a key from the supplied arg or password. */
- rc = (*key_proc)(user, instance, realm, arg, key);
- if (rc)
- return rc;
-
-#ifndef NOENCRYPTION
- key_sched(key, key_s);
- pcbc_encrypt((C_Block *)cip->dat, (C_Block *)cip->dat,
- (long)cip->length, key_s, (C_Block *)key, 0);
-#endif /* !NOENCRYPTION */
- /* Get rid of all traces of key */
- memset(key, 0, sizeof(key));
- memset(key_s, 0, sizeof(key_s));
-
- return 0;
-}
-
-/*
- * krb_get_in_tkt() gets a ticket for a given principal to use a given
- * service and stores the returned ticket and session key for future
- * use.
- *
- * The "user", "instance", and "realm" arguments give the identity of
- * the client who will use the ticket. The "service" and "sinstance"
- * arguments give the identity of the server that the client wishes
- * to use. (The realm of the server is the same as the Kerberos server
- * to whom the request is sent.) The "life" argument indicates the
- * desired lifetime of the ticket; the "key_proc" argument is a pointer
- * to the routine used for getting the client's private key to decrypt
- * the reply from Kerberos. The "decrypt_proc" argument is a pointer
- * to the routine used to decrypt the reply from Kerberos; and "arg"
- * is an argument to be passed on to the "key_proc" routine.
- *
- * If all goes well, krb_get_in_tkt() returns INTK_OK, otherwise it
- * returns an error code: If an AUTH_MSG_ERR_REPLY packet is returned
- * by Kerberos, then the error code it contains is returned. Other
- * error codes returned by this routine include INTK_PROT to indicate
- * wrong protocol version, INTK_BADPW to indicate bad password (if
- * decrypted ticket didn't make sense), INTK_ERR if the ticket was for
- * the wrong server or the ticket store couldn't be initialized.
- *
- * The format of the message sent to Kerberos is as follows:
- *
- * Size Variable Field
- * ---- -------- -----
- *
- * 1 byte KRB_PROT_VERSION protocol version number
- * 1 byte AUTH_MSG_KDC_REQUEST | message type
- * HOST_BYTE_ORDER local byte order in lsb
- * string user client's name
- * string instance client's instance
- * string realm client's realm
- * 4 bytes tlocal.tv_sec timestamp in seconds
- * 1 byte life desired lifetime
- * string service service's name
- * string sinstance service's instance
- */
-
-static int
-krb_mk_in_tkt_preauth(user, instance, realm, service, sinstance, life,
- preauth_p, preauth_len, cip, byteorder, local_addr)
- char *user;
- char *instance;
- char *realm;
- char *service;
- char *sinstance;
- int life;
- char *preauth_p;
- int preauth_len;
- KTEXT cip;
- int *byteorder;
- struct sockaddr_in *local_addr;
-{
- KTEXT_ST pkt_st;
- KTEXT pkt = &pkt_st; /* Packet to KDC */
- KTEXT_ST rpkt_st;
- KTEXT rpkt = &rpkt_st; /* Returned packet */
- unsigned char *p;
- size_t userlen, instlen, realmlen, servicelen, sinstlen;
- unsigned KRB4_32 t_local;
-
- int msg_byte_order;
- int kerror;
- socklen_t addrlen;
-#if 0
- unsigned long exp_date;
-#endif
- unsigned long rep_err_code;
- unsigned long cip_len;
- unsigned int t_switch;
- int i, len;
-
- /* BUILD REQUEST PACKET */
-
- p = pkt->dat;
-
- userlen = strlen(user) + 1;
- instlen = strlen(instance) + 1;
- realmlen = strlen(realm) + 1;
- servicelen = strlen(service) + 1;
- sinstlen = strlen(sinstance) + 1;
- /* Make sure the ticket data will fit into the buffer. */
- if (sizeof(pkt->dat) < (1 + 1 + userlen + instlen + realmlen
- + 4 + 1 + servicelen + sinstlen
- + preauth_len)) {
- pkt->length = 0;
- return INTK_ERR;
- }
-
- /* Set up the fixed part of the packet */
- *p++ = KRB_PROT_VERSION;
- *p++ = AUTH_MSG_KDC_REQUEST;
-
- /* Now for the variable info */
- memcpy(p, user, userlen);
- p += userlen;
- memcpy(p, instance, instlen);
- p += instlen;
- memcpy(p, realm, realmlen);
- p += realmlen;
-
- /* timestamp */
- t_local = TIME_GMT_UNIXSEC;
- KRB4_PUT32BE(p, t_local);
-
- *p++ = life;
-
- memcpy(p, service, servicelen);
- p += servicelen;
- memcpy(p, sinstance, sinstlen);
- p += sinstlen;
-
- if (preauth_len)
- memcpy(p, preauth_p, (size_t)preauth_len);
- p += preauth_len;
-
- pkt->length = p - pkt->dat;
-
- /* SEND THE REQUEST AND RECEIVE THE RETURN PACKET */
- rpkt->length = 0;
- addrlen = sizeof(struct sockaddr_in);
- kerror = krb4int_send_to_kdc_addr(pkt, rpkt, realm,
- (struct sockaddr *)local_addr,
- &addrlen);
- if (kerror)
- return kerror;
-
- p = rpkt->dat;
-#define RPKT_REMAIN (rpkt->length - (p - rpkt->dat))
-
- /* check packet version of the returned packet */
- if (RPKT_REMAIN < 1 + 1)
- return INTK_PROT;
- if (*p++ != KRB_PROT_VERSION)
- return INTK_PROT;
-
- /* This used to be
- switch (pkt_msg_type(rpkt) & ~1) {
- but SCO 3.2v4 cc compiled that incorrectly. */
- t_switch = *p++;
- /* Check byte order */
- msg_byte_order = t_switch & 1;
- t_switch &= ~1;
-
- /* EXTRACT INFORMATION FROM RETURN PACKET */
-
- /*
- * Skip over some stuff (3 strings and various integers -- see
- * cr_auth_repl.c for details).
- */
- for (i = 0; i < 3; i++) {
- len = krb4int_strnlen((char *)p, RPKT_REMAIN) + 1;
- if (len <= 0)
- return INTK_PROT;
- p += len;
- }
- switch (t_switch) {
- case AUTH_MSG_KDC_REPLY:
- if (RPKT_REMAIN < 4 + 1 + 4 + 1)
- return INTK_PROT;
- p += 4 + 1 + 4 + 1;
- break;
- case AUTH_MSG_ERR_REPLY:
- if (RPKT_REMAIN < 8)
- return INTK_PROT;
- p += 4;
- KRB4_GET32(rep_err_code, p, msg_byte_order);
- return rep_err_code;
- default:
- return INTK_PROT;
- }
-
- /* Extract the ciphertext */
- if (RPKT_REMAIN < 2)
- return INTK_PROT;
- KRB4_GET16(cip_len, p, msg_byte_order);
- if (RPKT_REMAIN < cip_len)
- return INTK_ERR;
- /*
- * RPKT_REMAIN will always be non-negative and at most the maximum
- * possible value of cip->length, so this assignment is safe.
- */
- cip->length = cip_len;
- memcpy(cip->dat, p, (size_t)cip->length);
- p += cip->length;
-
- *byteorder = msg_byte_order;
- return INTK_OK;
-}
-
-static int
-krb_parse_in_tkt_creds(user, instance, realm, service, sinstance, life, cip,
- byteorder, creds)
- char *user;
- char *instance;
- char *realm;
- char *service;
- char *sinstance;
- int life;
- KTEXT cip;
- int byteorder;
- CREDENTIALS *creds;
-{
- unsigned char *ptr;
- int len;
- int kvno; /* Kvno for session key */
- char s_name[SNAME_SZ];
- char s_instance[INST_SZ];
- char rlm[REALM_SZ];
- KTEXT_ST tkt_st;
- KTEXT tkt = &tkt_st; /* Current ticket */
- unsigned long kdc_time; /* KDC time */
- unsigned KRB4_32 t_local; /* Must be 4 bytes long for memcpy below! */
- KRB4_32 t_diff; /* Difference between timestamps */
- int lifetime;
-
- ptr = cip->dat;
- /* Assume that cip->length >= 0 for now. */
-#define CIP_REMAIN (cip->length - (ptr - cip->dat))
-
- /* Skip session key for now */
- if (CIP_REMAIN < 8)
- return INTK_BADPW;
- ptr += 8;
-
- /* extract server's name */
- len = krb4int_strnlen((char *)ptr, CIP_REMAIN) + 1;
- if (len <= 0 || len > sizeof(s_name))
- return INTK_BADPW;
- memcpy(s_name, ptr, (size_t)len);
- ptr += len;
-
- /* extract server's instance */
- len = krb4int_strnlen((char *)ptr, CIP_REMAIN) + 1;
- if (len <= 0 || len > sizeof(s_instance))
- return INTK_BADPW;
- memcpy(s_instance, ptr, (size_t)len);
- ptr += len;
-
- /* extract server's realm */
- len = krb4int_strnlen((char *)ptr, CIP_REMAIN) + 1;
- if (len <= 0 || len > sizeof(rlm))
- return INTK_BADPW;
- memcpy(rlm, ptr, (size_t)len);
- ptr += len;
-
- /* extract ticket lifetime, server key version, ticket length */
- /* be sure to avoid sign extension on lifetime! */
- if (CIP_REMAIN < 3)
- return INTK_BADPW;
- lifetime = *ptr++;
- kvno = *ptr++;
- tkt->length = *ptr++;
-
- /* extract ticket itself */
- if (CIP_REMAIN < tkt->length)
- return INTK_BADPW;
- memcpy(tkt->dat, ptr, (size_t)tkt->length);
- ptr += tkt->length;
-
- if (strcmp(s_name, service) || strcmp(s_instance, sinstance)
- || strcmp(rlm, realm)) /* not what we asked for */
- return INTK_ERR; /* we need a better code here XXX */
-
- /* check KDC time stamp */
- if (CIP_REMAIN < 4)
- return INTK_BADPW;
- KRB4_GET32(kdc_time, ptr, byteorder);
-
- t_local = TIME_GMT_UNIXSEC;
- t_diff = t_local - kdc_time;
- if (t_diff < 0)
- t_diff = -t_diff; /* Absolute value of difference */
- if (t_diff > CLOCK_SKEW) {
- return RD_AP_TIME; /* XXX should probably be better code */
- }
-
- /* stash ticket, session key, etc. for future use */
- strncpy(creds->service, s_name, sizeof(creds->service));
- strncpy(creds->instance, s_instance, sizeof(creds->instance));
- strncpy(creds->realm, rlm, sizeof(creds->realm));
- memmove(creds->session, cip->dat, sizeof(C_Block));
- creds->lifetime = lifetime;
- creds->kvno = kvno;
- creds->ticket_st.length = tkt->length;
- memmove(creds->ticket_st.dat, tkt->dat, (size_t)tkt->length);
- creds->issue_date = t_local;
- strncpy(creds->pname, user, sizeof(creds->pname));
- strncpy(creds->pinst, instance, sizeof(creds->pinst));
-
- return INTK_OK;
-}
-
-int
-krb_get_in_tkt_preauth_creds(user, instance, realm, service, sinstance, life,
- key_proc, decrypt_proc,
- arg, preauth_p, preauth_len, creds, laddrp)
- char *user;
- char *instance;
- char *realm;
- char *service;
- char *sinstance;
- int life;
- key_proc_type key_proc;
- decrypt_tkt_type decrypt_proc;
- char *arg;
- char *preauth_p;
- int preauth_len;
- CREDENTIALS *creds;
- KRB_UINT32 *laddrp;
-{
- int ok;
- char key_string[BUFSIZ];
- KTEXT_ST cip_st;
- KTEXT cip = &cip_st; /* Returned Ciphertext */
- int kerror;
- int byteorder;
- key_proc_type *keyprocs = krb_get_keyprocs (key_proc);
- int i = 0;
- struct sockaddr_in local_addr;
-
- kerror = krb_mk_in_tkt_preauth(user, instance, realm,
- service, sinstance,
- life, preauth_p, preauth_len,
- cip, &byteorder, &local_addr);
- if (kerror)
- return kerror;
-
- /* If arg is null, we have to prompt for the password. decrypt_tkt, by
- way of the *_passwd_to_key functions, will prompt if the password is
- NULL, but that means that each separate encryption type will prompt
- separately. Obtain the password first so that we can try multiple
- encryption types without re-prompting.
-
- Don't, however, prompt on a Windows or Macintosh environment, since
- that's harder. Rely on our caller to do it. */
-#if !(defined(_WIN32) || defined(USE_LOGIN_LIBRARY))
- if (arg == NULL) {
- ok = des_read_pw_string(key_string, sizeof(key_string), "Password", 0);
- if (ok != 0)
- return ok;
- arg = key_string;
- }
-#endif
-
- /* Attempt to decrypt the reply. Loop trying password_to_key algorithms
- until we succeed or we get an error other than "bad password" */
- do {
- KTEXT_ST cip_copy_st;
- memcpy(&cip_copy_st, &cip_st, sizeof(cip_st));
- cip = &cip_copy_st;
- if (decrypt_proc == NULL) {
- decrypt_tkt (user, instance, realm, arg, keyprocs[i], &cip);
- } else {
- (*decrypt_proc)(user, instance, realm, arg, keyprocs[i], &cip);
- }
- kerror = krb_parse_in_tkt_creds(user, instance, realm,
- service, sinstance, life, cip, byteorder, creds);
- } while ((keyprocs [++i] != NULL) && (kerror == INTK_BADPW));
- cip = &cip_st;
-
- /* Fill in the local address if the caller wants it */
- if (laddrp != NULL) {
- *laddrp = local_addr.sin_addr.s_addr;
- }
-
- /* stomp stomp stomp */
- memset(key_string, 0, sizeof(key_string));
- memset(cip->dat, 0, (size_t)cip->length);
- return kerror;
-}
-
-int KRB5_CALLCONV
-krb_get_in_tkt_creds(user, instance, realm, service, sinstance, life,
- key_proc, decrypt_proc, arg, creds)
- char *user;
- char *instance;
- char *realm;
- char *service;
- char *sinstance;
- int life;
- key_proc_type key_proc;
- decrypt_tkt_type decrypt_proc;
- char *arg;
- CREDENTIALS *creds;
-{
-#if TARGET_OS_MAC
- KRB_UINT32 *laddrp = &creds->address;
-#else
- KRB_UINT32 *laddrp = NULL; /* Only the Mac stores the address */
-#endif
-
- return krb_get_in_tkt_preauth_creds(user, instance, realm,
- service, sinstance, life,
- key_proc, decrypt_proc, arg,
- NULL, 0, creds, laddrp);
-}
-
-int KRB5_CALLCONV
-krb_get_in_tkt_preauth(user, instance, realm, service, sinstance, life,
- key_proc, decrypt_proc,
- arg, preauth_p, preauth_len)
- char *user;
- char *instance;
- char *realm;
- char *service;
- char *sinstance;
- int life;
- key_proc_type key_proc;
- decrypt_tkt_type decrypt_proc;
- char *arg;
- char *preauth_p;
- int preauth_len;
-{
- int retval;
- KRB_UINT32 laddr;
- CREDENTIALS creds;
-
- do {
- retval = krb_get_in_tkt_preauth_creds(user, instance, realm,
- service, sinstance, life,
- key_proc, decrypt_proc,
- arg, preauth_p, preauth_len,
- &creds, &laddr);
- if (retval != KSUCCESS) break;
- if (krb_in_tkt(user, instance, realm) != KSUCCESS) {
- retval = INTK_ERR;
- break;
- }
- retval = krb4int_save_credentials_addr(creds.service, creds.instance,
- creds.realm, creds.session,
- creds.lifetime, creds.kvno,
- &creds.ticket_st,
- creds.issue_date, laddr);
- if (retval != KSUCCESS) break;
- } while (0);
- memset(&creds, 0, sizeof(creds));
- return retval;
-}
-
-int KRB5_CALLCONV
-krb_get_in_tkt(user, instance, realm, service, sinstance, life,
- key_proc, decrypt_proc, arg)
- char *user;
- char *instance;
- char *realm;
- char *service;
- char *sinstance;
- int life;
- key_proc_type key_proc;
- decrypt_tkt_type decrypt_proc;
- char *arg;
-{
- return krb_get_in_tkt_preauth(user, instance, realm,
- service, sinstance, life,
- key_proc, decrypt_proc, arg,
- NULL, 0);
-}
Deleted: branches/mskrb-integ/src/lib/krb4/g_phost.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/g_phost.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/g_phost.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,92 +0,0 @@
-/*
- * lib/krb4/g_phost.c
- *
- * Copyright 1988, 2001 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-
-#include <stdio.h>
-#include <ctype.h>
-#include <string.h>
-#include "port-sockets.h"
-
-/*
- * This routine takes an alias for a host name and returns the first
- * field, lower case, of its domain name. For example, if "menel" is
- * an alias for host officially named "menelaus" (in /etc/hosts), for
- * the host whose official name is "MENELAUS.MIT.EDU", the name "menelaus"
- * is returned.
- *
- * This is done for historical Athena reasons: the Kerberos name of
- * rcmd servers (rlogin, rsh, rcp) is of the form "rcmd.host at realm"
- * where "host"is the lowercase for of the host name ("menelaus").
- * This should go away: the instance should be the domain name
- * (MENELAUS.MIT.EDU). But for now we need this routine...
- *
- * A pointer to the name is returned, if found, otherwise a pointer
- * to the original "alias" argument is returned.
- */
-
-char * KRB5_CALLCONV
-krb_get_phost(alias)
- char *alias;
-{
- struct hostent *h;
- char *p;
- unsigned char *ucp;
- static char hostname_mem[MAXHOSTNAMELEN];
-#ifdef DO_REVERSE_RESOLVE
- char *rev_addr; int rev_type, rev_len;
-#endif
-
- if ((h=gethostbyname(alias)) != (struct hostent *)NULL ) {
-#ifdef DO_REVERSE_RESOLVE
- if (! h->h_addr_list ||! h->h_addr_list[0]) {
- return(0);
- }
- rev_type = h->h_addrtype;
- rev_len = h->h_length;
- rev_addr = malloc(rev_len);
- _fmemcpy(rev_addr, h->h_addr_list[0], rev_len);
- h = gethostbyaddr(rev_addr, rev_len, rev_type);
- free(rev_addr);
- if (h == 0) {
- return (0);
- }
-#endif
- /* We don't want to return a *, so we copy to a safe location. */
- strncpy (hostname_mem, h->h_name, sizeof (hostname_mem));
- /* Bail out if h_name is too long. */
- if (hostname_mem[MAXHOSTNAMELEN-1] != '\0')
- return NULL;
- p = strchr( hostname_mem, '.' );
- if (p)
- *p = 0;
- ucp = (unsigned char *)hostname_mem;
- do {
- if (isupper(*ucp)) *ucp=tolower(*ucp);
- } while (*ucp++);
- }
- return(hostname_mem);
-}
Deleted: branches/mskrb-integ/src/lib/krb4/g_pw_in_tkt.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/g_pw_in_tkt.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/g_pw_in_tkt.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,341 +0,0 @@
-/*
- * lib/krb4/g_pw_in_tkt.c
- *
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include <krb5.h>
-#include "krb.h"
-#include "krb4int.h"
-#include "krb_err.h"
-#include "prot.h"
-#include <string.h>
-
-#ifndef NULL
-#define NULL 0
-#endif
-
-#ifndef INTK_PW_NULL
-#define INTK_PW_NULL KRBET_GT_PW_NULL
-#endif
-
-/*
- * This file contains one routine: krb_get_pw_in_tkt() gets an initial ticket for
- * a user.
- */
-
-/*
- * krb_get_pw_in_tkt() takes the name of the server for which the initial
- * ticket is to be obtained, the name of the principal the ticket is
- * for, the desired lifetime of the ticket, and the user's password.
- * It passes its arguments on to krb_get_in_tkt(), which contacts
- * Kerberos to get the ticket, decrypts it using the password provided,
- * and stores it away for future use.
- *
- * On a Unix system, krb_get_pw_in_tkt() is able to prompt the user
- * for a password, if the supplied password is null. On a a non Unix
- * system, it now requires the caller to supply a non-null password.
- * This is because of the complexities of prompting the user in a
- * non-terminal-oriented environment like the Macintosh (running in a
- * driver) or MS-Windows (in a DLL).
- *
- * krb_get_pw_in_tkt() passes two additional arguments to
- * krb_get_in_tkt(): a routine to be used to get the password in case
- * the "password" argument is null and NULL for the decryption
- * procedure indicating that krb_get_in_tkt should use the default
- * method of decrypting the response from the KDC.
- *
- * The result of the call to krb_get_in_tkt() is returned.
- */
-
-int KRB5_CALLCONV
-krb_get_pw_in_tkt(user,instance,realm,service,sinstance,life,password)
- char *user, *instance, *realm, *service, *sinstance;
- int life;
- char *password;
-{
-#if defined(_WIN32) || (defined(USE_LOGIN_LIBRARY) && USE_LOGIN_LIBRARY)
- /* In spite of the comments above, we don't allow that path here,
- to simplify coding the non-UNIX clients. The only code that now
- depends on this behavior is the preauth support, which has a
- seperate function without this trap. Strictly speaking, this
- is an API change. */
-
- if (password == 0)
- return INTK_PW_NULL;
-#endif
-
- return(krb_get_in_tkt(user,instance,realm,service,sinstance,life,
- (key_proc_type)NULL, /* krb_get_in_tkt will try them all */
- (decrypt_tkt_type)NULL, password));
-}
-
-int KRB5_CALLCONV
-krb_get_pw_in_tkt_creds(
- char *user, char *instance, char *realm, char *service, char *sinstance,
- int life, char *password, CREDENTIALS *creds)
-{
- return krb_get_in_tkt_creds(user, instance, realm,
- service, sinstance, life,
- (key_proc_type)NULL, /* krb_get_in_tkt_creds will try them all */
- NULL, password, creds);
-}
-
-
-/*
- * krb_get_pw_in_tkt_preauth() gets handed the password or key explicitly,
- * since the whole point of "pre" authentication is to prove that we've
- * already got the key, and the only way to do that is to ask the user
- * for it. Clearly we shouldn't ask twice.
- */
-
-static C_Block old_key;
-
-static int stub_key(user,instance,realm,passwd,key)
- char *user, *instance, *realm, *passwd;
- C_Block key;
-{
- (void) memcpy((char *) key, (char *) old_key, sizeof(old_key));
- return 0;
-}
-
-int KRB5_CALLCONV
-krb_get_pw_in_tkt_preauth(user,instance,realm,service,sinstance,life,password)
- char *user, *instance, *realm, *service, *sinstance;
- int life;
- char *password;
-{
- char *preauth_p;
- int preauth_len;
- int ret_st;
- key_proc_type *keyprocs = krb_get_keyprocs (NULL);
- int i = 0;
-
-#if defined(_WIN32) || (defined(USE_LOGIN_LIBRARY) && USE_LOGIN_LIBRARY)
- /* On non-Unix systems, we can't handle a null password, because
- passwd_to_key can't handle prompting for the password. */
- if (password == 0)
- return INTK_PW_NULL;
-#endif
-
- /* Loop trying all the key_proc types */
- do {
- krb_mk_preauth(&preauth_p, &preauth_len, keyprocs[i],
- user, instance, realm, password, old_key);
- ret_st = krb_get_in_tkt_preauth(user,instance,realm,service,sinstance,life,
- (key_proc_type) stub_key,
- (decrypt_tkt_type) NULL, password,
- preauth_p, preauth_len);
-
- krb_free_preauth(preauth_p, preauth_len);
- } while ((keyprocs[++i] != NULL) && (ret_st == INTK_BADPW));
-
- return ret_st;
-}
-
-/* FIXME! This routine belongs in the krb library and should simply
- be shared between the encrypted and NOENCRYPTION versions! */
-
-#ifdef NOENCRYPTION
-/*
- * This routine prints the supplied string to standard
- * output as a prompt, and reads a password string without
- * echoing.
- */
-
-#include <stdio.h>
-#ifdef BSDUNIX
-#include <string.h>
-#include <sys/ioctl.h>
-#include <signal.h>
-#include <setjmp.h>
-#else
-int strcmp();
-#endif
-#if defined(__svr4__) || defined(__SVR4)
-#include <sgtty.h>
-#endif
-
-#ifdef BSDUNIX
-static jmp_buf env;
-#endif
-
-#ifdef BSDUNIX
-static void sig_restore();
-static push_signals(), pop_signals();
-int placebo_read_pw_string();
-#endif
-
-/*** Routines ****************************************************** */
-int
-placebo_read_password(k,prompt,verify)
- des_cblock *k;
- char *prompt;
- int verify;
-{
- int ok;
- char key_string[BUFSIZ];
-
-#ifdef BSDUNIX
- if (setjmp(env)) {
- ok = -1;
- goto lose;
- }
-#endif
-
- ok = placebo_read_pw_string(key_string, BUFSIZ, prompt, verify);
- if (ok == 0)
- memset(k, 0, sizeof(C_Block));
-
-lose:
- memset(key_string, 0, sizeof (key_string));
- return ok;
-}
-
-/*
- * This version just returns the string, doesn't map to key.
- *
- * Returns 0 on success, non-zero on failure.
- */
-
-int
-placebo_read_pw_string(s,max,prompt,verify)
- char *s;
- int max;
- char *prompt;
- int verify;
-{
- int ok = 0;
- char *ptr;
-
-#ifdef BSDUNIX
- jmp_buf old_env;
- struct sgttyb tty_state;
-#endif
- char key_string[BUFSIZ];
-
- if (max > BUFSIZ) {
- return -1;
- }
-
-#ifdef BSDUNIX
- memcpy(env, old_env, sizeof(env));
- if (setjmp(env))
- goto lose;
-
- /* save terminal state */
- if (ioctl(0,TIOCGETP,&tty_state) == -1)
- return -1;
-
- push_signals();
- /* Turn off echo */
- tty_state.sg_flags &= ~ECHO;
- if (ioctl(0,TIOCSETP,&tty_state) == -1)
- return -1;
-#endif
- while (!ok) {
- printf(prompt);
- fflush(stdout);
-#ifdef CROSSMSDOS
- h19line(s,sizeof(s),0);
- if (!strlen(s))
- continue;
-#else
- if (!fgets(s, max, stdin)) {
- clearerr(stdin);
- continue;
- }
- if ((ptr = strchr(s, '\n')))
- *ptr = '\0';
-#endif
- if (verify) {
- printf("\nVerifying, please re-enter %s",prompt);
- fflush(stdout);
-#ifdef CROSSMSDOS
- h19line(key_string,sizeof(key_string),0);
- if (!strlen(key_string))
- continue;
-#else
- if (!fgets(key_string, sizeof(key_string), stdin)) {
- clearerr(stdin);
- continue;
- }
- if ((ptr = strchr(key_string, '\n')))
- *ptr = '\0';
-#endif
- if (strcmp(s,key_string)) {
- printf("\n\07\07Mismatch - try again\n");
- fflush(stdout);
- continue;
- }
- }
- ok = 1;
- }
-
-#ifdef BSDUNIX
-lose:
- if (!ok)
- memset(s, 0, max);
- printf("\n");
- /* turn echo back on */
- tty_state.sg_flags |= ECHO;
- if (ioctl(0,TIOCSETP,&tty_state))
- ok = 0;
- pop_signals();
- memcpy(old_env, env, sizeof(env));
-#endif
- if (verify)
- memset(key_string, 0, sizeof (key_string));
- s[max-1] = 0; /* force termination */
- return !ok; /* return nonzero if not okay */
-}
-
-#ifdef BSDUNIX
-/*
- * this can be static since we should never have more than
- * one set saved....
- */
-static sigtype (*old_sigfunc[NSIG])();
-
-static push_signals()
-{
- register i;
- for (i = 0; i < NSIG; i++)
- old_sigfunc[i] = signal(i,sig_restore);
-}
-
-static pop_signals()
-{
- register i;
- for (i = 0; i < NSIG; i++)
- signal(i,old_sigfunc[i]);
-}
-
-static void sig_restore(sig,code,scp)
- int sig,code;
- struct sigcontext *scp;
-{
- longjmp(env,1);
-}
-#endif
-#endif /* NOENCRYPTION */
Deleted: branches/mskrb-integ/src/lib/krb4/g_pw_tkt.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/g_pw_tkt.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/g_pw_tkt.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,68 +0,0 @@
-/*
- * g_pw_tkt.c
- *
- * Copyright 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- */
-
-#include "mit-copyright.h"
-#include "krb.h"
-
-/*
- * Get a ticket for the password-changing server ("changepw.KRB_MASTER").
- *
- * Given the name, instance, realm, and current password of the
- * principal for which the user wants a password-changing-ticket,
- * return either:
- *
- * GT_PW_BADPW if current password was wrong,
- * GT_PW_NULL if principal had a NULL password,
- * or the result of the krb_get_pw_in_tkt() call.
- *
- * First, try to get a ticket for "user.instance at realm" to use the
- * "changepw.KRB_MASTER" server (KRB_MASTER is defined in "krb.h").
- * The requested lifetime for the ticket is "1", and the current
- * password is the "cpw" argument given.
- *
- * If the password was bad, give up.
- *
- * If the principal had a NULL password in the Kerberos database
- * (indicating that the principal is known to Kerberos, but hasn't
- * got a password yet), try instead to get a ticket for the principal
- * "default.changepw at realm" to use the "changepw.KRB_MASTER" server.
- * Use the password "changepwkrb" instead of "cpw". Return GT_PW_NULL
- * if all goes well, otherwise the error.
- *
- * If this routine succeeds, a ticket and session key for either the
- * principal "user.instance at realm" or "default.changepw at realm" to use
- * the password-changing server will be in the user's ticket file.
- */
-
-int KRB5_CALLCONV
-get_pw_tkt(user,instance,realm,cpw)
- char *user;
- char *instance;
- char *realm;
- char *cpw;
-{
- int kerror;
-
- kerror = krb_get_pw_in_tkt(user, instance, realm, "changepw",
- KRB_MASTER, 1, cpw);
-
- if (kerror == INTK_BADPW)
- return(GT_PW_BADPW);
-
- if (kerror == KDC_NULL_KEY) {
- kerror = krb_get_pw_in_tkt("default","changepw",realm,"changepw",
- KRB_MASTER,1,"changepwkrb");
- if (kerror)
- return(kerror);
- return(GT_PW_NULL);
- }
-
- return(kerror);
-}
Deleted: branches/mskrb-integ/src/lib/krb4/g_svc_in_tkt.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/g_svc_in_tkt.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/g_svc_in_tkt.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,152 +0,0 @@
-/*
- * lib/krb4/g_svc_in_tkt.c
- *
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include <string.h>
-#include <stdlib.h>
-#include "krb.h"
-#include "prot.h"
-#include "krb4int.h"
-
-/*
- * This file contains two routines: srvtab_to_key(), which gets
- * a server's key from a srvtab file, and krb_get_svc_in_tkt() which
- * gets an initial ticket for a server.
- */
-
-/*
- * srvtab_to_key(): given a "srvtab" file (where the keys for the
- * service on a host are stored), return the private key of the
- * given service (user.instance at realm).
- *
- * srvtab_to_key() passes its arguments on to read_service_key(),
- * plus one additional argument, the key version number.
- * (Currently, the key version number is always 0; this value
- * is treated as a wildcard by read_service_key().)
- *
- * If the "srvtab" argument is null, KEYFILE (defined in "krb.h")
- * is passed in its place.
- *
- * It returns the return value of the read_service_key() call.
- * The service key is placed in "key".
- */
-
-static int srvtab_to_key(user, instance, realm, srvtab, key)
- char *user, *instance, *realm, *srvtab;
- C_Block key;
-{
- if (!srvtab)
- srvtab = KEYFILE;
-
- return(read_service_key(user, instance, realm, 0, srvtab,
- (char *)key));
-}
-
-/*
- * krb_get_svc_in_tkt() passes its arguments on to krb_get_in_tkt(),
- * plus two additional arguments: a pointer to the srvtab_to_key()
- * function to be used to get the key from the key file and a NULL
- * for the decryption procedure indicating that krb_get_in_tkt should
- * use the default method of decrypting the response from the KDC.
- *
- * It returns the return value of the krb_get_in_tkt() call.
- */
-
-int KRB5_CALLCONV
-krb_get_svc_in_tkt(user, instance, realm, service, sinstance, life, srvtab)
- char *user, *instance, *realm, *service, *sinstance;
- int life;
- char *srvtab;
-{
- return(krb_get_in_tkt(user, instance, realm, service, sinstance, life,
- (key_proc_type) srvtab_to_key, NULL, srvtab));
-}
-
-/* and we need a preauth version as well. */
-static C_Block old_key;
-
-static int stub_key(user,instance,realm,passwd,key)
- char *user, *instance, *realm, *passwd;
- C_Block key;
-{
- memcpy(key, old_key, sizeof(C_Block));
- return 0;
-}
-
-int
-krb_get_svc_in_tkt_preauth(user, instance, realm, service, sinstance, life, srvtab)
- char *user, *instance, *realm, *service, *sinstance;
- int life;
- char *srvtab;
-{
- char *preauth_p;
- int preauth_len;
- int ret_st;
-
- krb_mk_preauth(&preauth_p, &preauth_len,
- (key_proc_type) srvtab_to_key, user, instance, realm,
- srvtab, old_key);
- ret_st = krb_get_in_tkt_preauth(user,instance,realm,service,sinstance,life,
- (key_proc_type) stub_key, NULL, srvtab,
- preauth_p, preauth_len);
-
- krb_free_preauth(preauth_p, preauth_len);
- return ret_st;
-}
-
-/* DEC's dss-kerberos adds krb_svc_init; simple enough */
-
-int
-krb_svc_init(user,instance,realm,lifetime,srvtab_file,tkt_file)
- char *user;
- char *instance;
- char *realm;
- int lifetime;
- char *srvtab_file;
- char *tkt_file;
-{
- if (tkt_file)
- krb_set_tkt_string(tkt_file);
-
- return krb_get_svc_in_tkt(user,instance,realm,
- KRB_TICKET_GRANTING_TICKET,realm,lifetime,srvtab_file);
-}
-
-
-int
-krb_svc_init_preauth(user,instance,realm,lifetime,srvtab_file,tkt_file)
- char *user;
- char *instance;
- char *realm;
- int lifetime;
- char *srvtab_file;
- char *tkt_file;
-{
- if (tkt_file)
- krb_set_tkt_string(tkt_file);
-
- return krb_get_svc_in_tkt_preauth(user,instance,realm,
- KRB_TICKET_GRANTING_TICKET,realm,lifetime,srvtab_file);
-}
Deleted: branches/mskrb-integ/src/lib/krb4/g_tf_fname.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/g_tf_fname.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/g_tf_fname.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,67 +0,0 @@
-/*
- * g_tf_fname.c
- *
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- */
-
-#include "mit-copyright.h"
-#include "krb.h"
-#include <string.h>
-#include <stdio.h> /* For EOF */
-
-/*
- * This file contains a routine to extract the fullname of a user
- * from the ticket file.
- */
-
-/*
- * krb_get_tf_fullname() takes four arguments: the name of the
- * ticket file, and variables for name, instance, and realm to be
- * returned in. Since the realm of a ticket file is not really fully
- * supported, the realm used will be that of the the first ticket in
- * the file as this is the one that was obtained with a password by
- * krb_get_in_tkt().
- */
-
-int KRB5_CALLCONV
-krb_get_tf_fullname(ticket_file, name, instance, realm)
- const char *ticket_file;
- char *name;
- char *instance;
- char *realm;
-{
- int tf_status;
- CREDENTIALS c;
-
- /* If ticket cache selector is null, use default cache. */
- if (ticket_file == 0)
- ticket_file = tkt_string();
-
- if ((tf_status = tf_init(ticket_file, R_TKT_FIL)) != KSUCCESS)
- return(tf_status);
-
- if (((tf_status = tf_get_pname(c.pname)) != KSUCCESS) ||
- ((tf_status = tf_get_pinst(c.pinst)) != KSUCCESS))
- return (tf_status);
-
- if (name)
- strcpy(name, c.pname);
- if (instance)
- strcpy(instance, c.pinst);
- if ((tf_status = tf_get_cred(&c)) == KSUCCESS) {
- if (realm)
- strcpy(realm, c.realm);
- }
- else {
- if (tf_status == EOF)
- return(KFAILURE);
- else
- return(tf_status);
- }
- (void) tf_close();
-
- return(tf_status);
-}
Deleted: branches/mskrb-integ/src/lib/krb4/g_tf_realm.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/g_tf_realm.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/g_tf_realm.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,44 +0,0 @@
-/*
- * lib/krb4/g_tf_realm.c
- *
- * Copyright 1987-2002 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-
-/*
- * This file contains a routine to extract the realm of a kerberos
- * ticket file.
- */
-
-/*
- * krb_get_tf_realm() takes two arguments: the name of a ticket
- * and a variable to store the name of the realm in.
- *
- */
-
-int KRB5_CALLCONV
-krb_get_tf_realm(const char *ticket_file, char *realm)
-{
- return krb_get_tf_fullname(ticket_file, NULL, NULL, realm);
-}
Deleted: branches/mskrb-integ/src/lib/krb4/g_tkt_svc.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/g_tkt_svc.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/g_tkt_svc.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,174 +0,0 @@
-/*
- * g_tkt_svc.c
- *
- * Gets a ticket for a service. Adopted from KClient.
- */
-
-#include <string.h>
-#include "krb.h"
-#include "port-sockets.h"
-
-/* FIXME -- this should probably be calling mk_auth nowadays. */
-#define KRB_SENDAUTH_VERS "AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN chars */
-
-
-static int
-ParseFullName(name, instance, realm, fname)
- char *name;
- char *instance;
- char *realm;
- char *fname;
-{
- int err;
-
- if (!*fname) return KNAME_FMT; /* null names are not OK */
- *instance = '\0';
- err = kname_parse(name,instance,realm,fname);
- if (err) return err;
- if (!*name) return KNAME_FMT; /* null names are not OK */
- if (!*realm) {
- if ((err = krb_get_lrealm (realm, 1)))
- return err;
- if (!*realm) return KNAME_FMT; /* FIXME -- should give better error */
- }
- return KSUCCESS;
-}
-
-
-
-static void
-CopyTicket(dest, src, numBytes, version, includeVersion)
- char *dest;
- KTEXT src;
- unsigned KRB4_32 *numBytes;
- char *version;
- int includeVersion;
-{
- unsigned KRB4_32 tkt_len;
- unsigned KRB4_32 nbytes = 0;
-
- /* first put version info into the buffer */
- if (includeVersion) {
- (void) strncpy(dest, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN);
- (void) strncpy(dest+KRB_SENDAUTH_VLEN, version, KRB_SENDAUTH_VLEN);
- nbytes = 2*KRB_SENDAUTH_VLEN;
- }
-
- /* put ticket length into buffer */
- tkt_len = htonl((unsigned long) src->length);
- (void) memcpy((char *)(dest+nbytes), (char *) &tkt_len, sizeof(tkt_len));
- nbytes += sizeof(tkt_len);
-
- /* put ticket into buffer */
- (void) memcpy ((char *)(dest+nbytes), (char *) src->dat, src->length);
- nbytes += src->length;
-
- *numBytes = nbytes;
-}
-
-
-static int
-CredIsExpired( cr )
- CREDENTIALS *cr;
-{
- KRB4_32 now;
-
- /* This routine is for use with clients only in order to determine
- if a credential is still good.
- Note: twice CLOCK_SKEW was added to age of ticket so that we could
- be more sure that the ticket was good.
- FIXME: I think this is a bug -- should use the same algorithm
- everywhere to determine ticket expiration. */
-
- now = TIME_GMT_UNIXSEC;
- return now + 2 * CLOCK_SKEW > krb_life_to_time(cr->issue_date,
- cr->lifetime);
-}
-
-
-/*
- * Gets a ticket and returns it to application in buf
- -> service Formal Kerberos name of service
- -> buf Buffer to receive ticket
- -> checksum checksum for this service
- <-> buflen length of ticket buffer (must be at least
- 1258 bytes)
- <- sessionKey for internal use
- <- schedule for internal use
-
- * Result is:
- * GC_NOTKT if there is no matching TGT in the cache
- * MK_AP_TGTEXP if the matching TGT is expired
- * Other errors possible. These could cause a dialogue with the user
- * to get a new TGT.
- */
-
-int KRB5_CALLCONV
-krb_get_ticket_for_service (serviceName, buf, buflen, checksum, sessionKey,
- schedule, version, includeVersion)
- char *serviceName;
- char *buf;
- unsigned KRB4_32 *buflen;
- int checksum;
- des_cblock sessionKey;
- Key_schedule schedule;
- char *version;
- int includeVersion;
-{
- char service[SNAME_SZ];
- char instance[INST_SZ];
- char realm[REALM_SZ];
- int err;
- char lrealm[REALM_SZ];
- CREDENTIALS cr;
-
- service[0] = '\0';
- instance[0] = '\0';
- realm[0] = '\0';
-
- /* parse out service name */
-
- err = ParseFullName(service, instance, realm, serviceName);
- if (err)
- return err;
-
- if ((err = krb_get_tf_realm(TKT_FILE, lrealm)) != KSUCCESS)
- return(err);
-
- /* Make sure we have an intial ticket for the user in this realm
- Check local realm, not realm for service since krb_mk_req will
- get additional krbtgt if necessary. This is so that inter-realm
- works without asking for a password twice.
- FIXME gnu - I think this is a bug. We should allow direct
- authentication to the desired realm, regardless of what the "local"
- realm is. I fixed it. FIXME -- not quite right. */
- err = krb_get_cred (KRB_TICKET_GRANTING_TICKET, realm, lrealm, &cr);
- if (err)
- return err;
-
- err = CredIsExpired(&cr);
- if (err)
- return RD_AP_EXP; /* Expired ticket */
-
- /* Get a ticket for the service */
- err = krb_mk_req(&(cr.ticket_st),service,instance,realm,checksum);
- if (err)
- return err;
-
- CopyTicket(buf, &(cr.ticket_st), buflen, version, includeVersion);
-
- /* get the session key for later use in deciphering the server response */
- err = krb_get_cred(service,instance,realm,&cr);
- if (err)
- return err;
- memcpy((char *)sessionKey, (char *)cr.session, sizeof(C_Block));
- err = key_sched(sessionKey, schedule);
- if (err)
- return KFAILURE; /* Bad DES key for some reason (FIXME better error) */
-
- else
- return KSUCCESS;
-
-}
-
-
Deleted: branches/mskrb-integ/src/lib/krb4/gethostname.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/gethostname.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/gethostname.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,36 +0,0 @@
-/*
- * gethostname.c
- *
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- */
-
-#include "mit-copyright.h"
-#include "krb.h"
-#include "krb4int.h"
-#include "autoconf.h"
-
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#ifndef GETHOSTNAME
-#define GETHOSTNAME gethostname /* A rather simple default */
-#endif
-
-/*
- * Return the local host's name in "name", up to "namelen" characters.
- * "name" will be null-terminated if "namelen" is big enough.
- * The return code is 0 on success, -1 on failure. (The calling
- * interface is identical to BSD gethostname(2).)
- */
-
-int
-k_gethostname(name, namelen)
- char *name;
- int namelen;
-{
- return GETHOSTNAME(name, namelen);
-}
Deleted: branches/mskrb-integ/src/lib/krb4/getst.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/getst.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/getst.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,40 +0,0 @@
-/*
- * getst.c
- *
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- */
-
-#include "mit-copyright.h"
-#include "krb.h"
-#include "krb4int.h"
-#include "autoconf.h"
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-/*
- * getst() takes a file descriptor, a string and a count. It reads
- * from the file until either it has read "count" characters, or until
- * it reads a null byte. When finished, what has been read exists in
- * the given string "s". If "count" characters were actually read, the
- * last is changed to a null, so the returned string is always null-
- * terminated. getst() returns the number of characters read, including
- * the null terminator.
- */
-
-int
-getst(fd, s, n)
- int fd;
- register char *s;
- int n;
-{
- register int count = n;
- while (read(fd, s, 1) > 0 && --count)
- if (*s++ == '\0')
- return (n - count);
- *s = '\0';
- return (n - count);
-}
Deleted: branches/mskrb-integ/src/lib/krb4/in_tkt.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/in_tkt.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/in_tkt.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,205 +0,0 @@
-/*
- * lib/krb4/in_tkt.c
- *
- * Copyright 1985, 1986, 1987, 1988, 2000, 2001, 2007 by the Massachusetts
- * Institute of Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#include "krb.h"
-#include <fcntl.h>
-#include <sys/stat.h>
-#include "autoconf.h"
-#ifdef TKT_SHMEM
-#include <sys/param.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-extern int krb_debug;
-
-/*
- * in_tkt() is used to initialize the ticket store. It creates the
- * file to contain the tickets and writes the given user's name "pname"
- * and instance "pinst" in the file. in_tkt() returns KSUCCESS on
- * success, or KFAILURE if something goes wrong.
- */
-
-#include "k5-util.h"
-#define do_seteuid krb5_seteuid
-#include "k5-platform.h"
-
-#ifndef O_SYNC
-#define O_SYNC 0
-#endif
-
-int KRB5_CALLCONV
-in_tkt(pname,pinst)
- char *pname;
- char *pinst;
-{
- int tktfile;
- uid_t me, metoo, getuid(), geteuid();
- struct stat statpre, statpost;
- int count;
- const char *file = TKT_FILE;
- int fd;
- register int i;
- char charbuf[BUFSIZ];
- mode_t mask;
-#ifdef TKT_SHMEM
- char shmidname[MAXPATHLEN];
-#endif /* TKT_SHMEM */
-
- /* If ticket cache selector is null, use default cache. */
- if (file == 0)
- file = tkt_string();
-
- me = getuid ();
- metoo = geteuid();
- if (lstat(file, &statpre) == 0) {
- if (statpre.st_uid != me || !(statpre.st_mode & S_IFREG)
- || statpre.st_nlink != 1 || statpre.st_mode & 077) {
- if (krb_debug)
- fprintf(stderr,"Error initializing %s",file);
- return(KFAILURE);
- }
- /*
- * Yes, we do uid twiddling here. It's not optimal, but some
- * applications may expect that the ruid is what should really
- * own the ticket file, e.g. setuid applications.
- */
- if (me != metoo && do_seteuid(me) < 0)
- return KFAILURE;
- /* file already exists, and permissions appear ok, so nuke it */
- fd = open(file, O_RDWR|O_SYNC, 0);
- if (fd >= 0)
- set_cloexec_fd(fd);
- (void)unlink(file);
- if (me != metoo && do_seteuid(metoo) < 0)
- return KFAILURE;
- if (fd < 0) {
- goto out; /* can't zero it, but we can still try truncating it */
- }
-
- /*
- * Do some additional paranoid things. The worst-case
- * situation is that a user may be fooled into opening a
- * non-regular file briefly if the file is in a directory with
- * improper permissions.
- */
- if (fstat(fd, &statpost) < 0) {
- (void)close(fd);
- goto out;
- }
- if (statpre.st_dev != statpost.st_dev
- || statpre.st_ino != statpost.st_ino) {
- (void)close(fd);
- errno = 0;
- goto out;
- }
-
- memset(charbuf, 0, sizeof(charbuf));
-
- for (i = 0; i < statpost.st_size; i += sizeof(charbuf))
- if (write(fd, charbuf, sizeof(charbuf)) != sizeof(charbuf)) {
-#ifndef NO_FSYNC
- (void) fsync(fd);
-#endif
- (void) close(fd);
- goto out;
- }
-
-#ifndef NO_FSYNC
- (void) fsync(fd);
-#endif
- (void) close(fd);
- }
- out:
- /* arrange so the file is owned by the ruid
- (swap real & effective uid if necessary).
- This isn't a security problem, since the ticket file, if it already
- exists, has the right uid (== ruid) and mode. */
- if (me != metoo) {
- if (do_seteuid(me) < 0) {
- /* can't switch??? barf! */
- if (krb_debug)
- perror("in_tkt: seteuid");
- return(KFAILURE);
- } else
- if (krb_debug)
- printf("swapped UID's %d and %d\n",(int) metoo, (int) me);
- }
- /* Set umask to ensure that we have write access on the created
- ticket file. */
- mask = umask(077);
- tktfile = open(file, O_RDWR|O_SYNC|O_CREAT|O_EXCL, 0600);
- if (tktfile >= 0)
- set_cloexec_fd(tktfile);
- umask(mask);
- if (me != metoo) {
- if (do_seteuid(metoo) < 0) {
- /* can't switch??? barf! */
- if (krb_debug)
- perror("in_tkt: seteuid2");
- return(KFAILURE);
- } else
- if (krb_debug)
- printf("swapped UID's %d and %d\n", (int) me, (int) metoo);
- }
- if (tktfile < 0) {
- if (krb_debug)
- fprintf(stderr,"Error initializing %s",TKT_FILE);
- return(KFAILURE);
- }
- count = strlen(pname)+1;
- if (write(tktfile,pname,count) != count) {
- (void) close(tktfile);
- return(KFAILURE);
- }
- count = strlen(pinst)+1;
- if (write(tktfile,pinst,count) != count) {
- (void) close(tktfile);
- return(KFAILURE);
- }
- (void) close(tktfile);
-#ifdef TKT_SHMEM
- (void) strncpy(shmidname, file, sizeof(shmidname) - 1);
- shmidname[sizeof(shmidname) - 1] = '\0';
- (void) strncat(shmidname, ".shm", sizeof(shmidname) - 1 - strlen(shmidname));
- return(krb_shm_create(shmidname));
-#else /* !TKT_SHMEM */
- return(KSUCCESS);
-#endif /* TKT_SHMEM */
-}
-
-int KRB5_CALLCONV
-krb_in_tkt(pname, pinst, prealm)
- char *pname;
- char *pinst;
- char *prealm;
-{
- return in_tkt(pname, pinst);
-}
Deleted: branches/mskrb-integ/src/lib/krb4/kadm_err.et
===================================================================
--- branches/mskrb-integ/src/lib/krb4/kadm_err.et 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/kadm_err.et 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,58 +0,0 @@
-# kadmin.v4/server/kadm_err.et
-#
-# Copyright 1988 by the Massachusetts Institute of Technology.
-#
-# For copying and distribution information, please see the file
-# <mit-copyright.h>.
-#
-# Kerberos administration server error table
-#
- et kadm
-
-# KADM_SUCCESS, as all success codes should be, is zero
-
-ec KADM_RCSID, "$Header$"
-# /* Building and unbuilding the packet errors */
-ec KADM_NO_REALM, "Cannot fetch local realm"
-ec KADM_NO_CRED, "Unable to fetch credentials"
-ec KADM_BAD_KEY, "Bad key supplied"
-ec KADM_NO_ENCRYPT, "Can't encrypt data"
-ec KADM_NO_AUTH, "Cannot encode/decode authentication info"
-ec KADM_WRONG_REALM, "Principal attemping change is in wrong realm"
-ec KADM_NO_ROOM, "Packet is too large"
-ec KADM_BAD_VER, "Version number is incorrect"
-ec KADM_BAD_CHK, "Checksum does not match"
-ec KADM_NO_READ, "Unsealing private data failed"
-ec KADM_NO_OPCODE, "Unsupported operation"
-ec KADM_NO_HOST, "Could not find administrating host"
-ec KADM_UNK_HOST, "Administrating host name is unknown"
-ec KADM_NO_SERV, "Could not find service name in services database"
-ec KADM_NO_SOCK, "Could not create socket"
-ec KADM_NO_CONN, "Could not connect to server"
-ec KADM_NO_HERE, "Could not fetch local socket address"
-ec KADM_NO_MAST, "Could not fetch master key"
-ec KADM_NO_VERI, "Could not verify master key"
-
-# /* From the server side routines */
-ec KADM_INUSE, "Entry already exists in database"
-ec KADM_UK_SERROR, "Database store error"
-ec KADM_UK_RERROR, "Database read error"
-ec KADM_UNAUTH, "Insufficient access to perform requested operation"
-# KADM_DATA isn't really an error, but...
-ec KADM_DATA, "Data is available for return to client"
-ec KADM_NOENTRY, "No such entry in the database"
-
-ec KADM_NOMEM, "Memory exhausted"
-ec KADM_NO_HOSTNAME, "Could not fetch system hostname"
-ec KADM_NO_BIND, "Could not bind port"
-ec KADM_LENGTH_ERROR, "Length mismatch problem"
-ec KADM_ILL_WILDCARD, "Illegal use of wildcard"
-
-ec KADM_DB_INUSE, "Database locked or in use"
-
-ec KADM_INSECURE_PW, "Insecure password rejected"
-ec KADM_PW_MISMATCH, "Cleartext password and DES key did not match"
-
-ec KADM_NOT_SERV_PRINC, "Invalid principal for change srvtab request"
-ec KADM_REALM_TOO_LONG, "Realm name too long"
-end
Deleted: branches/mskrb-integ/src/lib/krb4/kadm_net.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/kadm_net.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/kadm_net.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,393 +0,0 @@
-/*
- * lib/krb4/kadm_net.c
- *
- * Copyright 1988, 2002, 2007 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * Kerberos administration server client-side network access routines
- * These routines do actual network traffic, in a machine dependent manner.
- */
-
-#include <errno.h>
-#include <signal.h>
-#include <string.h>
-#include <stdlib.h>
-#include "autoconf.h"
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#define DEFINE_SOCKADDR /* Ask krb.h for struct sockaddr, etc */
-#include "port-sockets.h"
-#include "krb.h"
-#include "krbports.h"
-#include "kadm.h"
-#include "kadm_err.h"
-#include "prot.h"
-
-/* XXX FIXME! */
-#if defined(_WIN32)
- #define SIGNAL(s, f) 0
-#else
- #define SIGNAL(s, f) signal(s, f)
-#endif
-
-static void clear_secrets(des_cblock sess_key, Key_schedule sess_sched);
-/* XXX FIXME! */
-#ifdef SIGPIPE
-static krb5_sigtype (*opipe)();
-#endif
-
-/*
- * kadm_init_link
- * receives : principal, instance, realm
- *
- * initializes client parm, the Kadm_Client structure which holds the
- * data about the connection between the server and client, the services
- * used, the locations and other fun things
- */
-int
-kadm_init_link(char *principal, char *instance, char *realm,
- Kadm_Client *client_parm, int changepw)
-{
- struct servent *sep; /* service we will talk to */
- u_short sep_port;
- struct hostent *hop; /* host we will talk to */
- char adm_hostname[MAXHOSTNAMELEN];
- char *scol = 0;
-
- (void) strcpy(client_parm->sname, principal);
- (void) strcpy(client_parm->sinst, instance);
- (void) strcpy(client_parm->krbrlm, realm);
- client_parm->admin_fd = -1;
- client_parm->default_port = 1;
-
- /*
- * set up the admin_addr - fetch name of admin or kpasswd host
- * (usually the admin host is the kpasswd host unless you have
- * some sort of realm on crack)
- */
- if (changepw) {
-#if 0 /* XXX */
- if (krb_get_kpasswdhst(adm_hostname, client_parm->krbrlm, 1) != KSUCCESS)
-#endif
- if (krb_get_admhst(adm_hostname, client_parm->krbrlm, 1) != KSUCCESS)
- return KADM_NO_HOST;
- } else {
- if (krb_get_admhst(adm_hostname, client_parm->krbrlm, 1) != KSUCCESS)
- return KADM_NO_HOST;
- }
- scol = strchr(adm_hostname,':');
- if (scol) *scol = 0;
- if ((hop = gethostbyname(adm_hostname)) == NULL)
- /*
- * couldn't find the admin servers address
- */
- return KADM_UNK_HOST;
- if (scol) {
- sep_port = htons(atoi(scol+1));
- client_parm->default_port = 0;
- } else if ((sep = getservbyname(KADM_SNAME, "tcp")) != NULL)
- sep_port = sep->s_port;
- else
- sep_port = htons(KADM_PORT); /* KADM_SNAME = kerberos_master/tcp */
- memset(&client_parm->admin_addr, 0, sizeof(client_parm->admin_addr));
- client_parm->admin_addr.sin_family = hop->h_addrtype;
- memcpy(&client_parm->admin_addr.sin_addr, hop->h_addr, hop->h_length);
- client_parm->admin_addr.sin_port = sep_port;
-
- return KADM_SUCCESS;
-}
-
-/*
- * kadm_cli_send
- * recieves : opcode, packet, packet length, serv_name, serv_inst
- * returns : return code from the packet build, the server, or
- * something else
- *
- * It assembles a packet as follows:
- * 8 bytes : VERSION STRING
- * 4 bytes : LENGTH OF MESSAGE DATA and OPCODE
- * : KTEXT
- * : OPCODE \
- * : DATA > Encrypted (with make priv)
- * : ...... /
- *
- * If it builds the packet and it is small enough, then it attempts to open the
- * connection to the admin server. If the connection is succesfully open
- * then it sends the data and waits for a reply.
- */
-int
-kadm_cli_send(Kadm_Client *client_parm,
- u_char *st_dat, /* the actual data */
- size_t st_siz, /* length of said data */
- u_char **ret_dat, /* to give return info */
- size_t *ret_siz) /* length of returned info */
-{
-/* Macros for use in returning data... used in kadm_cli_send */
-#define RET_N_FREE(r) {clear_secrets(sess_key, sess_sched); free((char *)act_st); free((char *)priv_pak); return r;}
-#define RET_N_FREE2(r) {free((char *)*ret_dat); *ret_dat = 0; *ret_siz = 0; clear_secrets(sess_key, sess_sched); return(r);}
-
- int act_len; /* current offset into packet, return */
- KRB_INT32 retdat; /* data */
- KTEXT_ST authent; /* the authenticator we will build */
- u_char *act_st; /* the pointer to the complete packet */
- u_char *priv_pak; /* private version of the packet */
- long priv_len; /* length of private packet */
- u_long cksum; /* checksum of the packet */
- MSG_DAT mdat;
- u_char *return_dat;
- u_char *p;
- KRB_UINT32 uretdat;
-
- /* Keys for use in the transactions */
- des_cblock sess_key; /* to be filled in by kadm_cli_keyd */
- Key_schedule sess_sched;
-
- act_st = malloc(KADM_VERSIZE); /* verstr stored first */
- strncpy((char *)act_st, KADM_VERSTR, KADM_VERSIZE);
- act_len = KADM_VERSIZE;
-
- if ((retdat = kadm_cli_keyd(client_parm, sess_key, sess_sched)) != KADM_SUCCESS) {
- free(act_st);
- return retdat; /* couldnt get key working */
- }
- priv_pak = malloc(st_siz + 200);
- /* 200 bytes for extra info case */
- /* XXX Check mk_priv return type */
- if ((priv_len = krb_mk_priv(st_dat, priv_pak, (u_long)st_siz,
- sess_sched, (C_Block *)sess_key,
- &client_parm->my_addr,
- &client_parm->admin_addr)) < 0)
- RET_N_FREE(KADM_NO_ENCRYPT); /* whoops... we got a lose here */
- /*
- * here is the length of priv data. receiver calcs size of
- * authenticator by subtracting vno size, priv size, and
- * sizeof(u_long) (for the size indication) from total size
- */
- act_len += vts_long((KRB_UINT32)priv_len, &act_st, (int)act_len);
-#ifdef NOENCRYPTION
- cksum = 0;
-#else
- cksum = quad_cksum(priv_pak, NULL, priv_len, 0, &sess_key);
-#endif
- /* XXX cast unsigned->signed */
- if ((retdat = krb_mk_req_creds(&authent, &client_parm->creds, (long)cksum)) != 0) {
- /* authenticator? */
- RET_N_FREE(retdat);
- }
-
- act_st = realloc(act_st, (unsigned) (act_len + authent.length
- + priv_len));
- if (!act_st) {
- clear_secrets(sess_key, sess_sched);
- free(priv_pak);
- return KADM_NOMEM;
- }
- memcpy(act_st + act_len, authent.dat, authent.length);
- memcpy(act_st + act_len + authent.length, priv_pak, priv_len);
- free(priv_pak);
- if ((retdat = kadm_cli_out(client_parm, act_st,
- act_len + authent.length + priv_len,
- ret_dat, ret_siz)) != KADM_SUCCESS)
- RET_N_FREE(retdat);
- free(act_st);
-
- /* first see if it's a YOULOSE */
- if ((*ret_siz >= KADM_VERSIZE) &&
- !strncmp(KADM_ULOSE, (char *)*ret_dat, KADM_VERSIZE))
- {
- /* it's a youlose packet */
- if (*ret_siz < KADM_VERSIZE + 4)
- RET_N_FREE2(KADM_BAD_VER);
- p = *ret_dat + KADM_VERSIZE;
- KRB4_GET32BE(uretdat, p);
- /* XXX unsigned->signed */
- retdat = (KRB_INT32)uretdat;
- RET_N_FREE2(retdat);
- }
- /* need to decode the ret_dat */
- if ((retdat = krb_rd_priv(*ret_dat, (u_long)*ret_siz, sess_sched,
- (C_Block *)sess_key, &client_parm->admin_addr,
- &client_parm->my_addr, &mdat)) != 0)
- RET_N_FREE2(retdat);
- if (mdat.app_length < KADM_VERSIZE + 4)
- /* too short! */
- RET_N_FREE2(KADM_BAD_VER);
- if (strncmp((char *)mdat.app_data, KADM_VERSTR, KADM_VERSIZE))
- /* bad version */
- RET_N_FREE2(KADM_BAD_VER);
- p = mdat.app_data + KADM_VERSIZE;
- KRB4_GET32BE(uretdat, p);
- /* XXX unsigned->signed */
- retdat = (KRB_INT32)uretdat;
- if ((mdat.app_length - KADM_VERSIZE - 4) != 0) {
- if (!(return_dat =
- malloc((unsigned)(mdat.app_length - KADM_VERSIZE - 4))))
- RET_N_FREE2(KADM_NOMEM);
- memcpy(return_dat, p, mdat.app_length - KADM_VERSIZE - 4);
- } else {
- /* If it's zero length, still need to malloc a 1 byte string; */
- /* malloc's of zero will return NULL on AIX & A/UX */
- if (!(return_dat = malloc((unsigned) 1)))
- RET_N_FREE2(KADM_NOMEM);
- *return_dat = '\0';
- }
- free(*ret_dat);
- clear_secrets(sess_key, sess_sched);
- *ret_dat = return_dat;
- *ret_siz = mdat.app_length - KADM_VERSIZE - 4;
- return retdat;
-}
-
-int kadm_cli_conn(Kadm_Client *client_parm)
-{ /* this connects and sets my_addr */
-#if 0
- int on = 1;
-#endif
- if ((client_parm->admin_fd =
- socket(client_parm->admin_addr.sin_family, SOCK_STREAM,0)) < 0)
- return KADM_NO_SOCK; /* couldnt create the socket */
- set_cloexec_fd(client_parm->admin_fd);
- if (SOCKET_CONNECT(client_parm->admin_fd,
- (struct sockaddr *) & client_parm->admin_addr,
- sizeof(client_parm->admin_addr))) {
- (void) SOCKET_CLOSE(client_parm->admin_fd);
- client_parm->admin_fd = -1;
-
- /* The V4 kadmind port number is 751. The RFC assigned
- number, for V5, is 749. Sometimes the entry in
- /etc/services on a client machine will say 749, but the
- server may be listening on port 751. We try to partially
- cope by automatically falling back to try port 751 if we
- don't get a reply on port we are using. */
- if (client_parm->admin_addr.sin_port != htons(KADM_PORT)
- && client_parm->default_port) {
- client_parm->admin_addr.sin_port = htons(KADM_PORT);
- return kadm_cli_conn(client_parm);
- }
-
- return KADM_NO_CONN; /* couldnt get the connect */
- }
-#ifdef SIGPIPE
- opipe = SIGNAL(SIGPIPE, SIG_IGN);
-#endif
- client_parm->my_addr_len = sizeof(client_parm->my_addr);
- if (SOCKET_GETSOCKNAME(client_parm->admin_fd,
- (struct sockaddr *) & client_parm->my_addr,
- &client_parm->my_addr_len) < 0) {
- (void) SOCKET_CLOSE(client_parm->admin_fd);
- client_parm->admin_fd = -1;
-#ifdef SIGPIPE
- (void) SIGNAL(SIGPIPE, opipe);
-#endif
- return KADM_NO_HERE; /* couldnt find out who we are */
- }
-#if 0
- if (setsockopt(client_parm.admin_fd, SOL_SOCKET, SO_KEEPALIVE, (char *)&on,
- sizeof(on)) < 0) {
- (void) closesocket(client_parm.admin_fd);
- client_parm.admin_fd = -1;
-#ifdef SIGPIPE
- (void) SIGNAL(SIGPIPE, opipe);
-#endif
- return KADM_NO_CONN; /* XXX */
- }
-#endif
- return KADM_SUCCESS;
-}
-
-void kadm_cli_disconn(Kadm_Client *client_parm)
-{
- (void) SOCKET_CLOSE(client_parm->admin_fd);
-#ifdef SIGPIPE
- (void) SIGNAL(SIGPIPE, opipe);
-#endif
- return;
-}
-
-int kadm_cli_out(Kadm_Client *client_parm, u_char *dat, int dat_len,
- u_char **ret_dat, size_t *ret_siz)
-{
- u_short dlen;
- int retval;
- unsigned char buf[2], *p;
-
- dlen = (u_short)dat_len;
- if (dlen > 0x7fff) /* XXX krb_net_write signedness */
- return KADM_NO_ROOM;
-
- p = buf;
- KRB4_PUT16BE(p, dlen);
- if (krb_net_write(client_parm->admin_fd, (char *)buf, 2) < 0)
- return SOCKET_ERRNO; /* XXX */
-
- if (krb_net_write(client_parm->admin_fd, (char *)dat, (int)dat_len) < 0)
- return SOCKET_ERRNO; /* XXX */
-
- retval = krb_net_read(client_parm->admin_fd, (char *)buf, 2);
- if (retval != 2) {
- if (retval < 0)
- return SOCKET_ERRNO; /* XXX */
- else
- return EPIPE; /* short read ! */
- }
-
- p = buf;
- KRB4_GET16BE(dlen, p);
- if (dlen > INT_MAX) /* XXX krb_net_read signedness */
- return KADM_NO_ROOM;
- *ret_dat = malloc(dlen);
- if (!*ret_dat)
- return KADM_NOMEM;
-
- retval = krb_net_read(client_parm->admin_fd, (char *)*ret_dat, (int)dlen);
- if (retval != dlen) {
- if (retval < 0)
- return SOCKET_ERRNO; /* XXX */
- else
- return EPIPE; /* short read ! */
- }
- *ret_siz = dlen;
- return KADM_SUCCESS;
-}
-
-static void
-clear_secrets(des_cblock sess_key, Key_schedule sess_sched)
-{
- memset(sess_key, 0, sizeof(sess_key));
- memset(sess_sched, 0, sizeof(sess_sched));
- return;
-}
-
-/* takes in the sess_key and key_schedule and sets them appropriately */
-int kadm_cli_keyd(Kadm_Client *client_parm,
- des_cblock s_k, des_key_schedule s_s)
-{
- int stat;
-
- memcpy(s_k, client_parm->creds.session, sizeof(des_cblock));
- stat = key_sched(s_k, s_s);
- if (stat)
- return stat;
- return KADM_SUCCESS;
-} /* This code "works" */
Deleted: branches/mskrb-integ/src/lib/krb4/kadm_stream.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/kadm_stream.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/kadm_stream.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,325 +0,0 @@
-/*
- * kadm_stream.c
- *
- * Copyright 1988, 2002 by the Massachusetts Institute of Technology.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * Stream conversion functions for Kerberos administration server
- */
-
-/*
- kadm_stream.c
- this holds the stream support routines for the kerberos administration server
-
- vals_to_stream: converts a vals struct to a stream for transmission
- internals build_field_header, vts_[string, char, long, short]
- stream_to_vals: converts a stream to a vals struct
- internals check_field_header, stv_[string, char, long, short]
- error: prints out a kadm error message, returns
- fatal: prints out a kadm fatal error message, exits
-*/
-
-#include <string.h>
-#include <stdlib.h>
-
-#include "kadm.h"
-#include "kadm_err.h"
-#include "prot.h"
-
-#define min(a,b) (((a) < (b)) ? (a) : (b))
-
-/*
-vals_to_stream
- recieves : kadm_vals *, u_char *
- returns : a realloced and filled in u_char *
-
-this function creates a byte-stream representation of the kadm_vals structure
-*/
-int
-vals_to_stream(Kadm_vals *dt_in, u_char **dt_out)
-{
- int vsloop, stsize; /* loop counter, stream size */
-
- stsize = build_field_header(dt_in->fields, dt_out);
- for (vsloop = 31; vsloop >= 0; vsloop--)
- if (IS_FIELD(vsloop, dt_in->fields)) {
- switch (vsloop) {
- case KADM_NAME:
- stsize += vts_string(dt_in->name, dt_out, stsize);
- break;
- case KADM_INST:
- stsize += vts_string(dt_in->instance, dt_out, stsize);
- break;
- case KADM_EXPDATE:
- stsize += vts_long((KRB_UINT32)dt_in->exp_date,
- dt_out, stsize);
- break;
- case KADM_ATTR:
- stsize += vts_short(dt_in->attributes, dt_out, stsize);
- break;
- case KADM_MAXLIFE:
- stsize += vts_char(dt_in->max_life, dt_out, stsize);
- break;
- case KADM_DESKEY:
- stsize += vts_long(dt_in->key_high, dt_out, stsize);
- stsize += vts_long(dt_in->key_low, dt_out, stsize);
- break;
- default:
- break;
- }
- }
- return stsize;
-}
-
-int
-build_field_header(
- u_char *cont, /* container for fields data */
- u_char **st) /* stream */
-{
- *st = malloc(4);
- if (*st == NULL)
- return -1;
- memcpy(*st, cont, 4);
- return 4; /* return pointer to current stream location */
-}
-
-int
-vts_string(char *dat, u_char **st, int loc)
-{
- size_t len;
- unsigned char *p;
-
- if (loc < 0)
- return -1;
- len = strlen(dat) + 1;
- p = realloc(*st, (size_t)loc + len);
- if (p == NULL)
- return -1;
- memcpy(p + loc, dat, len);
- *st = p;
- return len;
-}
-
-int
-vts_short(KRB_UINT32 dat, u_char **st, int loc)
-{
- unsigned char *p;
-
- if (loc < 0)
- return -1;
- p = realloc(*st, (size_t)loc + 2);
- if (p == NULL)
- return -1;
-
- *st = p; /* KRB4_PUT32BE will modify p */
-
- p += loc; /* place bytes at the end */
- KRB4_PUT16BE(p, dat);
-
- return 2;
-}
-
-int
-vts_long(KRB_UINT32 dat, u_char **st, int loc)
-{
- unsigned char *p;
-
- if (loc < 0)
- return -1;
- p = realloc(*st, (size_t)loc + 4);
- if (p == NULL)
- return -1;
-
- *st = p; /* KRB4_PUT32BE will modify p */
-
- p += loc; /* place bytes at the end */
- KRB4_PUT32BE(p, dat);
-
- return 4;
-}
-
-int
-vts_char(KRB_UINT32 dat, u_char **st, int loc)
-{
- unsigned char *p;
-
- if (loc < 0)
- return -1;
- p = realloc(*st, (size_t)loc + 1);
- if (p == NULL)
- return -1;
- p[loc] = dat & 0xff;
- *st = p;
- return 1;
-}
-
-/*
-stream_to_vals
- recieves : u_char *, kadm_vals *
- returns : a kadm_vals filled in according to u_char *
-
-this decodes a byte stream represntation of a vals struct into kadm_vals
-*/
-int
-stream_to_vals(
- u_char *dt_in,
- Kadm_vals *dt_out,
- int maxlen) /* max length to use */
-{
- register int vsloop, stsize; /* loop counter, stream size */
- register int status;
-
- memset(dt_out, 0, sizeof(*dt_out));
-
- stsize = check_field_header(dt_in, dt_out->fields, maxlen);
- if (stsize < 0)
- return -1;
- for (vsloop = 31; vsloop >= 0; vsloop--)
- if (IS_FIELD(vsloop, dt_out->fields))
- switch (vsloop) {
- case KADM_NAME:
- status = stv_string(dt_in, dt_out->name, stsize,
- sizeof(dt_out->name), maxlen);
- if (status < 0)
- return -1;
- stsize += status;
- break;
- case KADM_INST:
- status = stv_string(dt_in, dt_out->instance, stsize,
- sizeof(dt_out->instance), maxlen);
- if (status < 0)
- return -1;
- stsize += status;
- break;
- case KADM_EXPDATE:
- {
- KRB_UINT32 exp_date;
-
- status = stv_long(dt_in, &exp_date, stsize, maxlen);
- if (status < 0)
- return -1;
- dt_out->exp_date = exp_date;
- stsize += status;
- }
- break;
- case KADM_ATTR:
- status = stv_short(dt_in, &dt_out->attributes, stsize,
- maxlen);
- if (status < 0)
- return -1;
- stsize += status;
- break;
- case KADM_MAXLIFE:
- status = stv_char(dt_in, &dt_out->max_life, stsize,
- maxlen);
- if (status < 0)
- return -1;
- stsize += status;
- break;
- case KADM_DESKEY:
- status = stv_long(dt_in, &dt_out->key_high, stsize,
- maxlen);
- if (status < 0)
- return -1;
- stsize += status;
- status = stv_long(dt_in, &dt_out->key_low, stsize,
- maxlen);
- if (status < 0)
- return -1;
- stsize += status;
- break;
- default:
- break;
- }
- return stsize;
-}
-
-int
-check_field_header(
- u_char *st, /* stream */
- u_char *cont, /* container for fields data */
- int maxlen)
-{
- if (4 > maxlen)
- return -1;
- memcpy(cont, st, 4);
- return 4; /* return pointer to current stream location */
-}
-
-int
-stv_string(
- register u_char *st, /* base pointer to the stream */
- char *dat, /* a string to read from the stream */
- register int loc, /* offset into the stream for current data */
- int stlen, /* max length of string to copy in */
- int maxlen) /* max length of input stream */
-{
- int maxcount; /* max count of chars to copy */
-
- if (loc < 0)
- return -1;
- maxcount = min(maxlen - loc, stlen);
- if (maxcount <= 0) /* No strings left in the input stream */
- return -1;
-
- (void) strncpy(dat, (char *)st + loc, (size_t)maxcount);
-
- if (dat[maxcount - 1]) /* not null-term --> not enuf room */
- return -1;
- return strlen(dat) + 1;
-}
-
-int
-stv_short(u_char *st, u_short *dat, int loc, int maxlen)
-{
- u_short temp;
- unsigned char *p;
-
- if (loc < 0 || loc + 2 > maxlen)
- return -1;
- p = st + loc;
- KRB4_GET16BE(temp, p);
- *dat = temp;
- return 2;
-}
-
-int
-stv_long(u_char *st, KRB_UINT32 *dat, int loc, int maxlen)
-{
- KRB_UINT32 temp;
- unsigned char *p;
-
- if (loc < 0 || loc + 4 > maxlen)
- return -1;
- p = st + loc;
- KRB4_GET32BE(temp, p);
- *dat = temp;
- return 4;
-}
-
-int
-stv_char(u_char *st, u_char *dat, int loc, int maxlen)
-{
- if (loc < 0 || loc + 1 > maxlen)
- return -1;
- *dat = *(st + loc);
- return 1;
-}
Deleted: branches/mskrb-integ/src/lib/krb4/klog.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/klog.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/klog.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,126 +0,0 @@
-/*
- * lib/krb4/klog.c
- *
- * Copyright 1985, 1986, 1987, 1988, 2007 by the Massachusetts Institute of
- * Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include "autoconf.h"
-#ifdef HAVE_TIME_H
-#include <time.h>
-#endif
-#if !defined(VMS) && !defined(_WIN32)
-#include <sys/time.h>
-#endif
-#include <stdio.h>
-
-#include "krb4int.h"
-#include <klog.h>
-#include "k5-platform.h"
-
-static char *log_name = KRBLOG;
-static char logtxt[1000];
-
-/*
- * This file contains two logging routines: kset_logfile()
- * to determine the file to which log entries should be written;
- * and klog() to write log entries to the file.
- */
-
-/*
- * klog() is used to add entries to the logfile (see kset_logfile()
- * below). Note that it is probably not portable since it makes
- * assumptions about what the compiler will do when it is called
- * with less than the correct number of arguments which is the
- * way it is usually called.
- *
- * The log entry consists of a timestamp and the given arguments
- * printed according to the given "format" string.
- *
- * The log file is opened and closed for each log entry.
- *
- * If the given log type "type" is unknown, or if the log file
- * cannot be opened, no entry is made to the log file.
- *
- * The return value is always a pointer to the formatted log
- * text string "logtxt".
- */
-
-char * klog(type,format,a1,a2,a3,a4,a5,a6,a7,a8,a9,a0)
- int type;
- char *format;
- char *a1,*a2,*a3,*a4,*a5,*a6,*a7,*a8,*a9,*a0;
-{
- FILE *logfile;
- time_t now;
- struct tm *tm;
- static int logtype_array[NLOGTYPE];
- static int array_initialized;
-
- if (!(array_initialized++)) {
- logtype_array[L_NET_ERR] = 1;
- logtype_array[L_KRB_PERR] = 1;
- logtype_array[L_KRB_PWARN] = 1;
- logtype_array[L_APPL_REQ] = 1;
- logtype_array[L_INI_REQ] = 1;
- logtype_array[L_DEATH_REQ] = 1;
- logtype_array[L_NTGT_INTK] = 1;
- logtype_array[L_ERR_SEXP] = 1;
- logtype_array[L_ERR_MKV] = 1;
- logtype_array[L_ERR_NKY] = 1;
- logtype_array[L_ERR_NUN] = 1;
- logtype_array[L_ERR_UNK] = 1;
- }
-
- (void) snprintf(logtxt,sizeof(logtxt),format,a1,a2,a3,a4,a5,a6,a7,a8,a9,a0);
-
- if (!logtype_array[type])
- return(logtxt);
-
- if ((logfile = fopen(log_name,"a")) == NULL)
- return(logtxt);
- set_cloexec_file(logfile);
-
- (void) time(&now);
- tm = localtime(&now);
-
- fprintf(logfile,"%2d-%s-%d %02d:%02d:%02d ",tm->tm_mday,
- month_sname(tm->tm_mon + 1),1900+tm->tm_year,
- tm->tm_hour, tm->tm_min, tm->tm_sec);
- fprintf(logfile,"%s\n",logtxt);
- (void) fclose(logfile);
- return(logtxt);
-}
-
-/*
- * kset_logfile() changes the name of the file to which
- * messages are logged. If kset_logfile() is not called,
- * the logfile defaults to KRBLOG, defined in "krb.h".
- */
-
-void
-kset_logfile(filename)
- char *filename;
-{
- log_name = filename;
-}
Deleted: branches/mskrb-integ/src/lib/krb4/kname_parse.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/kname_parse.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/kname_parse.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,411 +0,0 @@
-/*
- * lib/krb4/kname_parse.c
- *
- * Copyright 1987, 1988, 2001 by the Massachusetts Institute of
- * Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include <stdio.h>
-#include "krb.h"
-#include <string.h>
-
-static int k_isname_unparsed(const char *s);
-static int k_isinst_unparsed(const char *s);
-static int k_isrealm_unparsed(const char *s);
-
-/*
- * max size of full name
- *
- * XXX This does not account for backslach quoting, and besides we
- * might want to use MAX_K_NAME_SZ.
- */
-#define FULL_SZ (ANAME_SZ + INST_SZ + REALM_SZ)
-
-#define NAME 0 /* which field are we in? */
-#define INST 1
-#define REALM 2
-
-/*
- * This file contains four routines for handling Kerberos names.
- *
- * kname_parse() breaks a Kerberos name into its name, instance,
- * and realm components.
- *
- * k_isname(), k_isinst(), and k_isrealm() check a given string to see if
- * it's a syntactically legitimate respective part of a Kerberos name,
- * returning 1 if it is, 0 if it isn't.
- *
- * Definition of "syntactically legitimate" names is according to
- * the Project Athena Technical Plan Section E.2.1, page 7 "Specifying
- * names", version dated 21 Dec 1987.
- */
-
-/*
- * kname_parse() takes a Kerberos name "fullname" of the form:
- *
- * username[.instance][@realm]
- *
- * and returns the three components ("name", "instance", and "realm"
- * in the example above) in the given arguments "np", "ip", and "rp".
- *
- * If successful, it returns KSUCCESS. If there was an error,
- * KNAME_FMT is returned.
- *
- * For proper operation, this routine requires that the ip, np, and rp
- * arguments be initialized, either to null strings, or to default values
- * of name, instance, and realm. FIXME-gnu: Does anyone use it this way?
- */
-
-int KRB5_CALLCONV
-kname_parse(np, ip, rp, fullname)
- char *np;
- char *ip;
- char *rp;
- char *fullname;
-{
- char buf[FULL_SZ];
- char *rnext, *wnext; /* next char to read, write */
- register char c;
- int backslash;
- int field;
-
- backslash = 0;
- rnext = buf;
- wnext = np;
- field = NAME;
-
- if (strlen(fullname) > FULL_SZ)
- return KNAME_FMT;
- (void) strcpy(buf, fullname);
-
- while ((c = *rnext++)) {
- if (backslash) {
- *wnext++ = c;
- backslash = 0;
- continue;
- }
- switch (c) {
- case '\\':
- backslash++;
- break;
- case '.':
- switch (field) {
- case NAME:
- if (wnext == np)
- return KNAME_FMT;
- *wnext = '\0';
- field = INST;
- wnext = ip;
- break;
- case INST: /* We now allow period in instance */
- case REALM:
- *wnext++ = c;
- break;
- default:
- DEB (("unknown field value\n"));
- return KNAME_FMT;
- }
- break;
- case '@':
- switch (field) {
- case NAME:
- if (wnext == np)
- return KNAME_FMT;
- *ip = '\0';
- /* fall through */
- case INST:
- *wnext = '\0';
- field = REALM;
- wnext = rp;
- break;
- case REALM:
- return KNAME_FMT;
- default:
- DEB (("unknown field value\n"));
- return KNAME_FMT;
- }
- break;
- default:
- *wnext++ = c;
- }
- /*
- * Paranoia: check length each time through to ensure that we
- * don't overwrite things.
- */
- switch (field) {
- case NAME:
- if (wnext - np >= ANAME_SZ)
- return KNAME_FMT;
- break;
- case INST:
- if (wnext - ip >= INST_SZ)
- return KNAME_FMT;
- break;
- case REALM:
- if (wnext - rp >= REALM_SZ)
- return KNAME_FMT;
- break;
- default:
- DEB (("unknown field value\n"));
- return KNAME_FMT;
- }
- }
- *wnext = '\0';
- return KSUCCESS;
-}
-
-/*
- * k_isname() returns 1 if the given name is a syntactically legitimate
- * Kerberos name; returns 0 if it's not.
- */
-
-int KRB5_CALLCONV
-k_isname(s)
- char *s;
-{
- register char c;
- int backslash = 0;
-
- if (!*s)
- return 0;
- if (strlen(s) > ANAME_SZ - 1)
- return 0;
- while((c = *s++)) {
- if (backslash) {
- backslash = 0;
- continue;
- }
- switch(c) {
- case '\\':
- backslash = 1;
- break;
- case '.':
- return 0;
- /* break; */
- case '@':
- return 0;
- /* break; */
- }
- }
- return 1;
-}
-
-
-/*
- * k_isinst() returns 1 if the given name is a syntactically legitimate
- * Kerberos instance; returns 0 if it's not.
- *
- * We now allow periods in instance names -- they are unambiguous.
- */
-
-int KRB5_CALLCONV
-k_isinst(s)
- char *s;
-{
- register char c;
- int backslash = 0;
-
- if (strlen(s) > INST_SZ - 1)
- return 0;
- while((c = *s++)) {
- if (backslash) {
- backslash = 0;
- continue;
- }
- switch(c) {
- case '\\':
- backslash = 1;
- break;
- case '@':
- return 0;
- /* break; */
- }
- }
- return 1;
-}
-
-/*
- * k_isrealm() returns 1 if the given name is a syntactically legitimate
- * Kerberos realm; returns 0 if it's not.
- */
-
-int KRB5_CALLCONV
-k_isrealm(s)
- char *s;
-{
- register char c;
- int backslash = 0;
-
- if (!*s)
- return 0;
- if (strlen(s) > REALM_SZ - 1)
- return 0;
- while((c = *s++)) {
- if (backslash) {
- backslash = 0;
- continue;
- }
- switch(c) {
- case '\\':
- backslash = 1;
- break;
- case '@':
- return 0;
- /* break; */
- }
- }
- return 1;
-}
-
-int KRB5_CALLCONV
-kname_unparse(
- char *outFullName,
- const char *inName,
- const char *inInstance,
- const char *inRealm)
-{
- const char *read;
- char *write = outFullName;
-
- if (inName == NULL)
- return KFAILURE;
-
- if (outFullName == NULL)
- return KFAILURE;
-
- if (!k_isname_unparsed(inName) ||
- ((inInstance != NULL) && !k_isinst_unparsed(inInstance)) ||
- ((inRealm != NULL) && !k_isrealm_unparsed(inRealm))) {
-
- return KFAILURE;
- }
-
- for (read = inName; *read != '\0'; read++, write++) {
- if ((*read == '.') || (*read == '@')) {
- *write = '\\';
- write++;
- }
- *write = *read;
- }
-
- if ((inInstance != NULL) && (inInstance[0] != '\0')) {
- *write = '.';
- write++;
- for (read = inInstance; *read != '\0'; read++, write++) {
- if (*read == '@') {
- *write = '\\';
- write++;
- }
- *write = *read;
- }
- }
-
- if ((inRealm != NULL) && (inRealm[0] != '\0')) {
- *write = '@';
- write++;
- for (read = inRealm; *read != '\0'; read++, write++) {
- if (*read == '@') {
- *write = '\\';
- write++;
- }
- *write = *read;
- }
- }
-
- *write = '\0';
- return KSUCCESS;
-}
-
-/*
- * k_isname, k_isrealm, k_isinst expect an unparsed realm -- i.e., one where all
- * components have special characters escaped with \. However,
- * for kname_unparse, we need to be able to sanity-check components without \.
- * That's what k_is*_unparsed are for.
- */
-
-static int
-k_isname_unparsed(const char *s)
-{
- int len = strlen(s);
- const char* c;
- /* Has to be non-empty and has to fit in ANAME_SZ when escaped with \ */
-
- if (!*s)
- return 0;
-
- for (c = s; *c != '\0'; c++) {
- switch (*c) {
- case '.':
- case '@':
- len++;
- break;
- }
- }
-
- if (len > ANAME_SZ - 1)
- return 0;
- return 1;
-}
-
-static int
-k_isinst_unparsed(const char *s)
-{
- int len = strlen(s);
- const char* c;
- /* Has to fit in INST_SZ when escaped with \ */
-
- for (c = s; *c != '\0'; c++) {
- switch (*c) {
- case '.':
- case '@':
- len++;
- break;
- }
- }
-
- if (len > INST_SZ - 1)
- return 0;
- return 1;
-}
-
-static int
-k_isrealm_unparsed(const char *s)
-{
- int len = strlen(s);
- const char* c;
- /* Has to be non-empty and has to fit in REALM_SZ when escaped with \ */
-
- if (!*s)
- return 0;
-
- for (c = s; *c != '\0'; c++) {
- switch (*c) {
- case '@':
- len++;
- break;
- }
- }
-
- if (len > REALM_SZ - 1)
- return 0;
- return 1;
-}
Deleted: branches/mskrb-integ/src/lib/krb4/kntoln.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/kntoln.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/kntoln.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,62 +0,0 @@
-/*
- * kntoln.c
- *
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- */
-
-#include "mit-copyright.h"
-#include "krb.h"
-#include <string.h>
-
-/*
- * krb_kntoln converts an auth name into a local name by looking up
- * the auth name in the /etc/aname file. The format of the aname
- * file is:
- *
- * +-----+-----+-----+-----+------+----------+-------+-------+
- * | anl | inl | rll | lnl | name | instance | realm | lname |
- * +-----+-----+-----+-----+------+----------+-------+-------+
- * | 1by | 1by | 1by | 1by | name | instance | realm | lname |
- * +-----+-----+-----+-----+------+----------+-------+-------+
- *
- * If the /etc/aname file can not be opened it will set the
- * local name to the auth name. Thus, in this case it performs as
- * the identity function.
- *
- * The name instance and realm are passed to krb_kntoln through
- * the AUTH_DAT structure (ad).
- *
- * Now here's what it *really* does:
- *
- * Given a Kerberos name in an AUTH_DAT structure, check that the
- * instance is null, and that the realm is the same as the local
- * realm, and return the principal's name in "lname". Return
- * KSUCCESS if all goes well, otherwise KFAILURE.
- */
-
-/* The definition of MAX_USERNAME here MUST agree with kuserok.c, or bad
- * things will happen. */
-#define MAX_USERNAME 10
-
-int
-krb_kntoln(ad,lname)
- AUTH_DAT *ad;
- char *lname;
-{
- static char lrealm[REALM_SZ];
-
- if (!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE))
- return(KFAILURE);
-
- if (strcmp(ad->pinst,""))
- return(KFAILURE);
- if (strcmp(ad->prealm,lrealm))
- return(KFAILURE);
- (void) strncpy(lname,ad->pname,MAX_USERNAME-1);
- lname[MAX_USERNAME - 1] = '\0';
- return(KSUCCESS);
-}
Deleted: branches/mskrb-integ/src/lib/krb4/krb4int.h
===================================================================
--- branches/mskrb-integ/src/lib/krb4/krb4int.h 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/krb4int.h 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,129 +0,0 @@
-/*
- * lib/krb4/krb4int.h
- *
- * Copyright 2001-2002, 2007 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * A series of private prototypes that we are not exporting but should
- * be available for self consistancy in the library.
- */
-
-#include "port-sockets.h"
-
-/* ad_print.c */
-void ad_print(AUTH_DAT *x);
-
-/* fgetst.c */
-int fgetst(FILE *, char *, int);
-
-/* getst.c */
-int getst(int, char *, int);
-
-/* g_cnffile.c */
-FILE *krb__get_realmsfile(void);
-
-FILE *krb__get_cnffile(void);
-
-/* g_svc_in_tkt.c */
-int krb_svc_init(char *, char *, char *, int, char *, char *);
-int krb_svc_init_preauth(char *, char *, char *, int, char *, char *);
-
-int krb_get_svc_in_tkt_preauth(char *, char *, char *, char *, char *, int, char *);
-
-/* gethostname.c */
-int k_gethostname(char *, int);
-
-/* g_in_tkt.c */
-int krb_get_in_tkt_preauth_creds(char *, char *, char *,
- char *, char *, int,
- key_proc_type, decrypt_tkt_type,
- char *, char *, int, CREDENTIALS *, KRB_UINT32 *);
-
-/* klog.c */
-void kset_logfile(char *);
-
-/* log.c */
-void krb_log(const char *, ...)
-#if !defined(__cplusplus) && (__GNUC__ > 2)
- __attribute__((__format__(__printf__, 1, 2)))
-#endif
- ;
-
-void krb_set_logfile(char *);
-
-/* month_sname.c */
-const char * month_sname(int);
-
-/* password_to_key.c */
-key_proc_type *krb_get_keyprocs (key_proc_type keyproc);
-int KRB5_CALLCONV mit_passwd_to_key(char *user, char *instance, char *realm,
- char *passwd, C_Block key);
-int KRB5_CALLCONV krb5_passwd_to_key(char *user, char *instance, char *realm,
- char *passwd, C_Block key);
-int KRB5_CALLCONV afs_passwd_to_key(char *user, char *instance, char *realm,
- char *passwd, C_Block key);
-
-/* rd_preauth.c */
-#ifdef KRB_DB_DEFS
-int krb_rd_preauth(KTEXT, char *, int, Principal *, des_cblock);
-#endif
-
-/* sendauth.c */
-int krb_net_rd_sendauth(int, KTEXT, KRB4_32 *);
-
-/* stime.c */
-char *krb_stime(long *);
-
-/* tf_util.c */
-int tf_save_cred(char *, char *, char *, C_Block, int , int, KTEXT, KRB4_32);
-
-
-/* unix_glue.c */
-int krb_start_session(char *);
-
-int krb_end_session(char *);
-
-#ifndef _WIN32
-/* For windows users, these are defined in krb.h */
-char *krb_get_default_user (void);
-
-int krb_set_default_user (char *);
-#endif
-
-/* RealmConfig-glue.c */
-int krb_get_kpasswdhst(char *, char *, int);
-
-/* err_txt.c */
-void krb4int_et_init(void);
-void krb4int_et_fini(void);
-
-int krb4int_save_credentials_addr(
- char *, char *, char *, C_Block, int, int, KTEXT, KRB4_32, KRB_UINT32);
-
-int krb4int_send_to_kdc_addr(KTEXT, KTEXT, char *,
- struct sockaddr *, socklen_t *);
-
-/*
- * Exported by libdes425 and called by krb_get_in_pw_tkt, but not part of
- * the standard DES interface and therefore not prototyped in des.h.
- */
-int KRB5_CALLCONV des_read_pw_string(char *, int, char *, int);
Deleted: branches/mskrb-integ/src/lib/krb4/krb_err.et
===================================================================
--- branches/mskrb-integ/src/lib/krb4/krb_err.et 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/krb_err.et 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,776 +0,0 @@
-# Copyright 1987,1988 Massachusetts Institute of Technology
-#
-# For copying and distribution information, see the file
-# "mit-copyright.h".
-#
-#
- error_table krb
-
- ec KRBET_KSUCCESS,
- "Kerberos successful"
-
- ec KRBET_KDC_NAME_EXP,
- "Kerberos principal expired"
-
- ec KRBET_KDC_SERVICE_EXP,
- "Kerberos service expired"
-
- ec KRBET_KDC_AUTH_EXP,
- "Kerberos auth expired"
-
- ec KRBET_KDC_PKT_VER,
- "Unknown kerberos protocol version"
-
- ec KRBET_KDC_P_MKEY_VER,
- "Incorrect kerberos master key version for principal"
-
- ec KRBET_KDC_S_MKEY_VER,
- "Incorrect kerberos master key version for service"
-
- ec KRBET_KDC_BYTE_ORDER,
- "Bad byte order (kerberos)"
-
- ec KRBET_KDC_PR_UNKNOWN,
- "Kerberos principal unknown"
-
- ec KRBET_KDC_PR_N_UNIQUE,
- "Kerberos principal not unique"
-
- ec KRBET_KDC_NULL_KEY,
- "Kerberos principal has null key"
-
- ec KRBET_KRB_RES11,
- "Reserved error message 11 (kerberos)"
-
- ec KRBET_KRB_RES12,
- "Reserved error message 12 (kerberos)"
-
- ec KRBET_KRB_RES13,
- "Reserved error message 13 (kerberos)"
-
- ec KRBET_KRB_RES14,
- "Reserved error message 14 (kerberos)"
-
- ec KRBET_KRB_RES15,
- "Reserved error message 15 (kerberos)"
-
- ec KRBET_KRB_RES16,
- "Reserved error message 16 (kerberos)"
-
- ec KRBET_KRB_RES17,
- "Reserved error message 17 (kerberos)"
-
- ec KRBET_KRB_RES18,
- "Reserved error message 18 (kerberos)"
-
- ec KRBET_KRB_RES19,
- "Reserved error message 19 (kerberos)"
-
- ec KRBET_KDC_GEN_ERR,
- "Generic error from Kerberos KDC"
-
- ec KRBET_GC_TKFIL,
- "Can't read Kerberos ticket file"
-
- ec KRBET_GC_NOTKT,
- "Can't find Kerberos ticket or TGT"
-
- ec KRBET_KRB_RES23,
- "Reserved error message 23 (krb_get_cred)"
-
- ec KRBET_KRB_RES24,
- "Reserved error message 24 (krb_get_cred)"
-
- ec KRBET_KRB_RES25,
- "Reserved error message 25 (krb_get_cred)"
-
- ec KRBET_MK_AP_TGTEXP,
- "Kerberos TGT Expired"
-
- ec KRBET_KRB_RES27,
- "Reserved error message 27 (krb_mk_req)"
-
- ec KRBET_KRB_RES28,
- "Reserved error message 28 (krb_mk_req)"
-
- ec KRBET_KRB_RES29,
- "Reserved error message 29 (krb_mk_req)"
-
- ec KRBET_KRB_RES30,
- "Reserved error message 30 (krb_mk_req)"
-
- ec KRBET_RD_AP_UNDEC,
- "Can't decode authenticator (krb_rd_req)"
-
- ec KRBET_RD_AP_EXP,
- "Kerberos ticket expired (krb_rd_req)"
-
- ec KRBET_RD_AP_NYV,
- "Kerberos ticket not yet valid (krb_rd_req)"
-
- ec KRBET_RD_AP_REPEAT,
- "Repeated request (krb_rd_req)"
-
- ec KRBET_RD_AP_NOT_US,
- "Kerberos ticket is for wrong server (krb_rd_req)"
-
- ec KRBET_RD_AP_INCON,
- "Kerberos request inconsistent"
-
- ec KRBET_RD_AP_TIME,
- "Time is out of bounds (krb_rd_req)"
-
- ec KRBET_RD_AP_BADD,
- "Incorrect net address (krb_rd_req)"
-
- ec KRBET_RD_AP_VERSION,
- "Kerberos protocol version mismatch (krb_rd_req)"
-
- ec KRBET_RD_AP_MSG_TYPE,
- "Invalid msg type (krb_rd_req)"
-
- ec KRBET_RD_AP_MODIFIED,
- "Message integrity error (krb_rd_req)"
-
- ec KRBET_RD_AP_ORDER,
- "Message out of order (krb_rd_req)"
-
- ec KRBET_RD_AP_UNAUTHOR,
- "Unauthorized request (krb_rd_req)"
-
- ec KRBET_KRB_RES44,
- "Reserved error message 44 (krb_rd_req)"
-
- ec KRBET_KRB_RES45,
- "Reserved error message 45 (krb_rd_req)"
-
- ec KRBET_KRB_RES46,
- "Reserved error message 46 (krb_rd_req)"
-
- ec KRBET_KRB_RES47,
- "Reserved error message 47 (krb_rd_req)"
-
- ec KRBET_KRB_RES48,
- "Reserved error message 48 (krb_rd_req)"
-
- ec KRBET_KRB_RES49,
- "Reserved error message 49 (krb_rd_req)"
-
- ec KRBET_KRB_RES50,
- "Reserved error message 50 (krb_rd_req)"
-
- ec KRBET_GT_PW_NULL,
- "Current password is null (get_pw_tkt)"
-
- ec KRBET_GT_PW_BADPW,
- "Incorrect current password (get_pw_tkt)"
-
- ec KRBET_GT_PW_PROT,
- "Protocol error (get_pw_tkt)"
-
- ec KRBET_GT_PW_KDCERR,
- "Error returned by KDC (get_pw_tkt)"
-
- ec KRBET_GT_PW_NULLTKT,
- "Null Kerberos ticket returned by KDC (get_pw_tkt)"
-
- ec KRBET_SKDC_RETRY,
- "Retry count exceeded (send_to_kdc)"
-
- ec KRBET_SKDC_CANT,
- "Can't send request (send_to_kdc)"
-
- ec KRBET_KRB_RES58,
- "Reserved error message 58 (send_to_kdc)"
-
- ec KRBET_KRB_RES59,
- "Reserved error message 59 (send_to_kdc)"
-
- ec KRBET_KRB_RES60,
- "Reserved error message 60 (send_to_kdc)"
-
- ec KRBET_INTK_W_NOTALL,
- "Kerberos error: not all tickets returned"
-
- ec KRBET_INTK_BADPW,
- "Incorrect password (get_in_tkt)"
-
- ec KRBET_INTK_PROT,
- "Protocol error (get_in_tkt)"
-
- ec KRBET_KRB_RES64,
- "Reserved error message 64 (get_in_tkt)"
-
- ec KRBET_KRB_RES65,
- "Reserved error message 65 (get_in_tkt)"
-
- ec KRBET_KRB_RES66,
- "Reserved error message 66 (get_in_tkt)"
-
- ec KRBET_KRB_RES67,
- "Reserved error message 67 (get_in_tkt)"
-
- ec KRBET_KRB_RES68,
- "Reserved error message 68 (get_in_tkt)"
-
- ec KRBET_KRB_RES69,
- "Reserved error message 69 (get_in_tkt)"
-
- ec KRBET_INTK_ERR,
- "Other error (get_in_tkt)"
-
- ec KRBET_AD_NOTGT,
- "Don't have Kerberos ticket-granting ticket (get_ad_tkt)"
-
- ec KRBET_KRB_RES72,
- "Reserved error message 72 (get_ad_tkt)"
-
- ec KRBET_KRB_RES73,
- "Reserved error message 73 (get_ad_tkt)"
-
- ec KRBET_KRB_RES74,
- "Reserved error message 74 (get_ad_tkt)"
-
- ec KRBET_KRB_RES75,
- "Reserved error message 75 (get_ad_tkt)"
-
- ec KRBET_NO_TKT_FIL,
- "You have no tickets cached"
-
- ec KRBET_TKT_FIL_ACC,
- "Couldn't access ticket file (tf_util)"
-
- ec KRBET_TKT_FIL_LCK,
- "Couldn't lock ticket file (tf_util)"
-
- ec KRBET_TKT_FIL_FMT,
- "Bad ticket file format (tf_util)"
-
- ec KRBET_TKT_FIL_INI,
- "tf_init not called before reading from ticket file (tf_util)"
-
- ec KRBET_KNAME_FMT,
- "Bad Kerberos name format (kname_parse)"
-
- ec KRBET_RES82,
- "Reserved error message 82"
-
- ec KRBET_RES83,
- "Reserved error message 83"
-
- ec KRBET_RES84,
- "Reserved error message 84"
-
- ec KRBET_RES85,
- "Reserved error message 85"
-
- ec KRBET_RES86,
- "Reserved error message 86"
-
- ec KRBET_RES87,
- "Reserved error message 87"
-
- ec KRBET_RES88,
- "Reserved error message 88"
-
- ec KRBET_RES89,
- "Reserved error message 89"
-
- ec KRBET_RES90,
- "Reserved error message 90"
-
- ec KRBET_RES91,
- "Reserved error message 91"
-
- ec KRBET_RES92,
- "Reserved error message 92"
-
- ec KRBET_RES93,
- "Reserved error message 93"
-
- ec KRBET_RES94,
- "Reserved error message 94"
-
- ec KRBET_RES95,
- "Reserved error message 95"
-
- ec KRBET_RES96,
- "Reserved error message 96"
-
- ec KRBET_RES97,
- "Reserved error message 97"
-
- ec KRBET_RES98,
- "Reserved error message 98"
-
- ec KRBET_RES99,
- "Reserved error message 99"
-
- ec KRBET_RES100,
- "Reserved error message 100"
-
- ec KRBET_RES101,
- "Reserved error message 101"
-
- ec KRBET_RES102,
- "Reserved error message 102"
-
- ec KRBET_RES103,
- "Reserved error message 103"
-
- ec KRBET_RES104,
- "Reserved error message 104"
-
- ec KRBET_RES105,
- "Reserved error message 105"
-
- ec KRBET_RES106,
- "Reserved error message 106"
-
- ec KRBET_RES107,
- "Reserved error message 107"
-
- ec KRBET_RES108,
- "Reserved error message 108"
-
- ec KRBET_RES109,
- "Reserved error message 109"
-
- ec KRBET_RES110,
- "Reserved error message 110"
-
- ec KRBET_RES111,
- "Reserved error message 111"
-
- ec KRBET_RES112,
- "Reserved error message 112"
-
- ec KRBET_RES113,
- "Reserved error message 113"
-
- ec KRBET_RES114,
- "Reserved error message 114"
-
- ec KRBET_RES115,
- "Reserved error message 115"
-
- ec KRBET_RES116,
- "Reserved error message 116"
-
- ec KRBET_RES117,
- "Reserved error message 117"
-
- ec KRBET_RES118,
- "Reserved error message 118"
-
- ec KRBET_RES119,
- "Reserved error message 119"
-
- ec KRBET_RES120,
- "Reserved error message 120"
-
- ec KRBET_RES121,
- "Reserved error message 121"
-
- ec KRBET_RES122,
- "Reserved error message 122"
-
- ec KRBET_RES123,
- "Reserved error message 123"
-
- ec KRBET_RES124,
- "Reserved error message 124"
-
- ec KRBET_RES125,
- "Reserved error message 125"
-
- ec KRBET_RES126,
- "Reserved error message 126"
-
- ec KRBET_RES127,
- "Reserved error message 127"
-
- ec KRBET_RES128,
- "Reserved error message 128"
-
- ec KRBET_RES129,
- "Reserved error message 129"
-
- ec KRBET_RES130,
- "Reserved error message 130"
-
- ec KRBET_RES131,
- "Reserved error message 131"
-
- ec KRBET_RES132,
- "Reserved error message 132"
-
- ec KRBET_RES133,
- "Reserved error message 133"
-
- ec KRBET_RES134,
- "Reserved error message 134"
-
- ec KRBET_RES135,
- "Reserved error message 135"
-
- ec KRBET_RES136,
- "Reserved error message 136"
-
- ec KRBET_RES137,
- "Reserved error message 137"
-
- ec KRBET_RES138,
- "Reserved error message 138"
-
- ec KRBET_RES139,
- "Reserved error message 139"
-
- ec KRBET_RES140,
- "Reserved error message 140"
-
- ec KRBET_RES141,
- "Reserved error message 141"
-
- ec KRBET_RES142,
- "Reserved error message 142"
-
- ec KRBET_RES143,
- "Reserved error message 143"
-
- ec KRBET_RES144,
- "Reserved error message 144"
-
- ec KRBET_RES145,
- "Reserved error message 145"
-
- ec KRBET_RES146,
- "Reserved error message 146"
-
- ec KRBET_RES147,
- "Reserved error message 147"
-
- ec KRBET_RES148,
- "Reserved error message 148"
-
- ec KRBET_RES149,
- "Reserved error message 149"
-
- ec KRBET_RES150,
- "Reserved error message 150"
-
- ec KRBET_RES151,
- "Reserved error message 151"
-
- ec KRBET_RES152,
- "Reserved error message 152"
-
- ec KRBET_RES153,
- "Reserved error message 153"
-
- ec KRBET_RES154,
- "Reserved error message 154"
-
- ec KRBET_RES155,
- "Reserved error message 155"
-
- ec KRBET_RES156,
- "Reserved error message 156"
-
- ec KRBET_RES157,
- "Reserved error message 157"
-
- ec KRBET_RES158,
- "Reserved error message 158"
-
- ec KRBET_RES159,
- "Reserved error message 159"
-
- ec KRBET_RES160,
- "Reserved error message 160"
-
- ec KRBET_RES161,
- "Reserved error message 161"
-
- ec KRBET_RES162,
- "Reserved error message 162"
-
- ec KRBET_RES163,
- "Reserved error message 163"
-
- ec KRBET_RES164,
- "Reserved error message 164"
-
- ec KRBET_RES165,
- "Reserved error message 165"
-
- ec KRBET_RES166,
- "Reserved error message 166"
-
- ec KRBET_RES167,
- "Reserved error message 167"
-
- ec KRBET_RES168,
- "Reserved error message 168"
-
- ec KRBET_RES169,
- "Reserved error message 169"
-
- ec KRBET_RES170,
- "Reserved error message 170"
-
- ec KRBET_RES171,
- "Reserved error message 171"
-
- ec KRBET_RES172,
- "Reserved error message 172"
-
- ec KRBET_RES173,
- "Reserved error message 173"
-
- ec KRBET_RES174,
- "Reserved error message 174"
-
- ec KRBET_RES175,
- "Reserved error message 175"
-
- ec KRBET_RES176,
- "Reserved error message 176"
-
- ec KRBET_RES177,
- "Reserved error message 177"
-
- ec KRBET_RES178,
- "Reserved error message 178"
-
- ec KRBET_RES179,
- "Reserved error message 179"
-
- ec KRBET_RES180,
- "Reserved error message 180"
-
- ec KRBET_RES181,
- "Reserved error message 181"
-
- ec KRBET_RES182,
- "Reserved error message 182"
-
- ec KRBET_RES183,
- "Reserved error message 183"
-
- ec KRBET_RES184,
- "Reserved error message 184"
-
- ec KRBET_RES185,
- "Reserved error message 185"
-
- ec KRBET_RES186,
- "Reserved error message 186"
-
- ec KRBET_RES187,
- "Reserved error message 187"
-
- ec KRBET_RES188,
- "Reserved error message 188"
-
- ec KRBET_RES189,
- "Reserved error message 189"
-
- ec KRBET_RES190,
- "Reserved error message 190"
-
- ec KRBET_RES191,
- "Reserved error message 191"
-
- ec KRBET_RES192,
- "Reserved error message 192"
-
- ec KRBET_RES193,
- "Reserved error message 193"
-
- ec KRBET_RES194,
- "Reserved error message 194"
-
- ec KRBET_RES195,
- "Reserved error message 195"
-
- ec KRBET_RES196,
- "Reserved error message 196"
-
- ec KRBET_RES197,
- "Reserved error message 197"
-
- ec KRBET_RES198,
- "Reserved error message 198"
-
- ec KRBET_RES199,
- "Reserved error message 199"
-
- ec KRBET_RES200,
- "Reserved error message 200"
-
- ec KRBET_RES201,
- "Reserved error message 201"
-
- ec KRBET_RES202,
- "Reserved error message 202"
-
- ec KRBET_RES203,
- "Reserved error message 203"
-
- ec KRBET_RES204,
- "Reserved error message 204"
-
- ec KRBET_RES205,
- "Reserved error message 205"
-
- ec KRBET_RES206,
- "Reserved error message 206"
-
- ec KRBET_RES207,
- "Reserved error message 207"
-
- ec KRBET_RES208,
- "Reserved error message 208"
-
- ec KRBET_RES209,
- "Reserved error message 209"
-
- ec KRBET_RES210,
- "Reserved error message 210"
-
- ec KRBET_RES211,
- "Reserved error message 211"
-
- ec KRBET_RES212,
- "Reserved error message 212"
-
- ec KRBET_RES213,
- "Reserved error message 213"
-
- ec KRBET_RES214,
- "Reserved error message 214"
-
- ec KRBET_RES215,
- "Reserved error message 215"
-
- ec KRBET_RES216,
- "Reserved error message 216"
-
- ec KRBET_RES217,
- "Reserved error message 217"
-
- ec KRBET_RES218,
- "Reserved error message 218"
-
- ec KRBET_RES219,
- "Reserved error message 219"
-
- ec KRBET_RES220,
- "Reserved error message 220"
-
- ec KRBET_RES221,
- "Reserved error message 221"
-
- ec KRBET_RES222,
- "Reserved error message 222"
-
- ec KRBET_RES223,
- "Reserved error message 223"
-
- ec KRBET_RES224,
- "Reserved error message 224"
-
- ec KRBET_RES225,
- "Reserved error message 225"
-
- ec KRBET_RES226,
- "Reserved error message 226"
-
- ec KRBET_RES227,
- "Reserved error message 227"
-
- ec KRBET_RES228,
- "Reserved error message 228"
-
- ec KRBET_RES229,
- "Reserved error message 229"
-
- ec KRBET_RES230,
- "Reserved error message 230"
-
- ec KRBET_RES231,
- "Reserved error message 231"
-
- ec KRBET_RES232,
- "Reserved error message 232"
-
- ec KRBET_RES233,
- "Reserved error message 233"
-
- ec KRBET_RES234,
- "Reserved error message 234"
-
- ec KRBET_RES235,
- "Reserved error message 235"
-
- ec KRBET_RES236,
- "Reserved error message 236"
-
- ec KRBET_RES237,
- "Reserved error message 237"
-
- ec KRBET_RES238,
- "Reserved error message 238"
-
- ec KRBET_RES239,
- "Reserved error message 239"
-
- ec KRBET_RES240,
- "Reserved error message 240"
-
- ec KRBET_RES241,
- "Reserved error message 241"
-
- ec KRBET_RES242,
- "Reserved error message 242"
-
- ec KRBET_RES243,
- "Reserved error message 243"
-
- ec KRBET_RES244,
- "Reserved error message 244"
-
- ec KRBET_RES245,
- "Reserved error message 245"
-
- ec KRBET_RES246,
- "Reserved error message 246"
-
- ec KRBET_RES247,
- "Reserved error message 247"
-
- ec KRBET_RES248,
- "Reserved error message 248"
-
- ec KRBET_RES249,
- "Reserved error message 249"
-
- ec KRBET_RES250,
- "Reserved error message 250"
-
- ec KRBET_RES251,
- "Reserved error message 251"
-
- ec KRBET_RES252,
- "Reserved error message 252"
-
- ec KRBET_RES253,
- "Reserved error message 253"
-
- ec KRBET_RES254,
- "Reserved error message 254"
-
- ec KRBET_KFAILURE,
- "Generic kerberos error (kfailure)"
- end
Deleted: branches/mskrb-integ/src/lib/krb4/kuserok.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/kuserok.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/kuserok.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,190 +0,0 @@
-/*
- * lib/krb4/kuserok.c
- *
- * Copyright 1987, 1988, 2007 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * kuserok: check if a kerberos principal has
- * access to a local account
- */
-
-#include "krb.h"
-
-#if !defined(_WIN32)
-
-#include <stdio.h>
-#include <pwd.h>
-#include <sys/param.h>
-#include <sys/stat.h>
-#include <sys/file.h>
-#include <string.h>
-#include "autoconf.h"
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef __SCO__
-/* just for F_OK for sco */
-#include <sys/unistd.h>
-#endif
-#include "k5-platform.h"
-
-#ifndef HAVE_SETEUID
-#ifdef HAVE_SETRESUID
-#define seteuid(e) setresuid(-1,e,-1)
-#define setegid(e) setresgid(-1,e,-1)
-#endif
-#endif
-
-#define OK 0
-#define NOTOK 1
-#define MAX_USERNAME 10
-
-/*
- * Given a Kerberos principal "kdata", and a local username "luser",
- * determine whether user is authorized to login according to the
- * authorization file ("~luser/.klogin" by default). Returns OK
- * if authorized, NOTOK if not authorized.
- *
- * If there is no account for "luser" on the local machine, returns
- * NOTOK. If there is no authorization file, and the given Kerberos
- * name "kdata" translates to the same name as "luser" (using
- * krb_kntoln()), returns OK. Otherwise, if the authorization file
- * can't be accessed, returns NOTOK. Otherwise, the file is read for
- * a matching principal name, instance, and realm. If one is found,
- * returns OK, if none is found, returns NOTOK.
- *
- * The file entries are in the format:
- *
- * name.instance at realm
- *
- * one entry per line.
- *
- */
-
-int KRB5_CALLCONV
-kuserok(kdata, luser)
- AUTH_DAT *kdata;
- char *luser;
-{
- struct stat sbuf;
- struct passwd *pwd;
- char pbuf[MAXPATHLEN];
- int isok = NOTOK, rc;
- FILE *fp;
- char kuser[MAX_USERNAME];
- char principal[ANAME_SZ], inst[INST_SZ], realm[REALM_SZ];
- char linebuf[BUFSIZ];
- char *newline;
- int gobble;
-
- /* no account => no access */
- if ((pwd = getpwnam(luser)) == NULL) {
- return(NOTOK);
- }
- if (strlen (pwd->pw_dir) + sizeof ("/.klogin") >= sizeof (pbuf))
- return NOTOK;
- (void) strncpy(pbuf, pwd->pw_dir, sizeof(pbuf) - 1);
- pbuf[sizeof(pbuf) - 1] = '\0';
- (void) strncat(pbuf, "/.klogin", sizeof(pbuf) - 1 - strlen(pbuf));
-
- if (access(pbuf, F_OK)) { /* not accessible */
- /*
- * if he's trying to log in as himself, and there is no .klogin file,
- * let him. To find out, call
- * krb_kntoln to convert the triple in kdata to a name which we can
- * string compare.
- */
- if (!krb_kntoln(kdata, kuser) && (strcmp(kuser, luser) == 0)) {
- return(OK);
- }
- }
- /* open ~/.klogin */
- if ((fp = fopen(pbuf, "r")) == NULL) {
- /* however, root might not have enough access, so temporarily switch
- * over to the user's uid, try the access again, and switch back
- */
- if(getuid() == 0) {
- uid_t old_euid = geteuid();
- if (seteuid(pwd->pw_uid) < 0)
- return NOTOK;
- fp = fopen(pbuf, "r");
- if (seteuid(old_euid) < 0)
- return NOTOK;
- if ((fp) == NULL) {
- return(NOTOK);
- }
- } else {
- return(NOTOK);
- }
- }
- set_cloexec_file(fp);
- /*
- * security: if the user does not own his own .klogin file,
- * do not grant access
- */
- if (fstat(fileno(fp), &sbuf)) {
- fclose(fp);
- return(NOTOK);
- }
- /*
- * however, allow root to own the .klogin file, to allow creative
- * access management schemes.
- */
- if (sbuf.st_uid && (sbuf.st_uid != pwd->pw_uid)) {
- fclose(fp);
- return(NOTOK);
- }
-
- /* check each line */
- while ((isok != OK) && (fgets(linebuf, BUFSIZ, fp) != NULL)) {
- /* null-terminate the input string */
- linebuf[BUFSIZ-1] = '\0';
- newline = NULL;
- /* nuke the newline if it exists */
- if ((newline = strchr(linebuf, '\n')))
- *newline = '\0';
-
- /* Default the fields (default realm is filled in later) */
- principal[0] = '\0';
- inst[0] = '\0';
- realm[0] = '\0';
- rc = kname_parse(principal, inst, realm, linebuf);
- if (rc == KSUCCESS) {
- if (realm[0] == '\0') {
- rc = krb_get_lrealm(realm, 1);
- if (rc != KSUCCESS)
- goto nextline;
- }
- isok = (strncmp(kdata->pname, principal, ANAME_SZ) ||
- strncmp(kdata->pinst, inst, INST_SZ) ||
- strncmp(kdata->prealm, realm, REALM_SZ));
- }
- nextline:
- /* clean up the rest of the line if necessary */
- if (!newline)
- while (((gobble = getc(fp)) != EOF) && gobble != '\n');
- }
- fclose(fp);
- return(isok);
-}
-
-#endif
Deleted: branches/mskrb-integ/src/lib/krb4/libkrb4.exports
===================================================================
--- branches/mskrb-integ/src/lib/krb4/libkrb4.exports 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/libkrb4.exports 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,157 +0,0 @@
-__krb_sendauth_hidden_tkt_len
-ad_print
-afs_passwd_to_key
-cr_err_reply
-create_auth_reply
-create_ciph
-decomp_ticket
-decomp_tkt_krb5
-dest_tkt
-et_kadm_error_table
-et_krb_error_table
-fgetst
-get_ad_tkt
-get_pw_tkt
-get_service_key
-getst
-in_tkt
-initialize_kadm_error_table
-initialize_krb_error_table
-k_gethostname
-k_isinst
-k_isname
-k_isrealm
-kadm_build_field_header
-kadm_check_field_header
-kadm_cli_conn
-kadm_cli_disconn
-kadm_cli_keyd
-kadm_cli_out
-kadm_cli_send
-kadm_init_link
-kadm_stream_to_vals
-kadm_stv_char
-kadm_stv_long
-kadm_stv_short
-kadm_stv_string
-kadm_vals_to_stream
-kadm_vts_char
-kadm_vts_long
-kadm_vts_short
-kadm_vts_string
-klog
-kname_parse
-kname_unparse
-krb4int_address_less
-krb4int_et_fini
-krb4int_et_init
-krb4int_save_credentials_addr
-krb4int_send_to_kdc_addr
-krb4int_strnlen
-krb4prot_decode_ciph
-krb4prot_decode_error
-krb4prot_decode_header
-krb4prot_decode_kdc_reply
-krb4prot_decode_kdc_request
-krb4prot_decode_naminstrlm
-krb4prot_encode_apreq
-krb4prot_encode_authent
-krb4prot_encode_ciph
-krb4prot_encode_err_reply
-krb4prot_encode_kdc_reply
-krb4prot_encode_kdc_request
-krb4prot_encode_naminstrlm
-krb4prot_encode_tkt
-krb54_get_service_keyblock
-krb5__krb4_context
-krb5_passwd_to_key
-krb__get_cnffile
-krb__get_realmsfile
-krb__get_srvtabname
-krb_ap_req_debug
-krb_change_password
-krb_check_auth
-krb_clear_key_krb5
-krb_cr_tkt_krb5
-krb_create_ticket
-krb_debug
-krb_end_session
-krb_err_txt
-krb_free_preauth
-krb_get_admhst
-krb_get_cred
-krb_get_default_user
-krb_get_err_text
-krb_get_in_tkt
-krb_get_in_tkt_creds
-krb_get_in_tkt_preauth
-krb_get_in_tkt_preauth_creds
-krb_get_keyprocs
-krb_get_kpasswdhst
-krb_get_krbhst
-krb_get_lrealm
-krb_get_phost
-krb_get_profile
-krb_get_pw_in_tkt
-krb_get_pw_in_tkt_creds
-krb_get_pw_in_tkt_preauth
-krb_get_svc_in_tkt
-krb_get_svc_in_tkt_preauth
-krb_get_tf_fullname
-krb_get_tf_realm
-krb_get_ticket_for_service
-krb_ignore_ip_address
-krb_in_tkt
-krb_kntoln
-krb_life_to_time
-krb_log
-krb_mk_auth
-krb_mk_err
-krb_mk_preauth
-krb_mk_priv
-krb_mk_req
-krb_mk_req_creds
-krb_mk_safe
-krb_net_rd_sendauth
-krb_net_read
-krb_net_write
-krb_rd_err
-krb_rd_preauth
-krb_rd_priv
-krb_rd_req
-krb_rd_req_int
-krb_rd_safe
-krb_realmofhost
-krb_recvauth
-krb_save_credentials
-krb_sendauth
-krb_set_default_user
-krb_set_key
-krb_set_key_krb5
-krb_set_lifetime
-krb_set_logfile
-krb_set_tkt_string
-krb_start_session
-krb_stime
-krb_svc_init
-krb_svc_init_preauth
-krb_time_to_life
-kset_logfile
-kuserok
-mit_passwd_to_key
-month_sname
-pkt_cipher
-pkt_clen
-private_msg_ver
-put_svc_key
-read_service_key
-send_to_kdc
-swap_bytes
-tf_close
-tf_get_cred
-tf_get_pinst
-tf_get_pname
-tf_init
-tf_save_cred
-tkt_string
-unix_time_gmt_unixsec
Deleted: branches/mskrb-integ/src/lib/krb4/lifetime.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/lifetime.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/lifetime.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,62 +0,0 @@
-/*
- * Copyright 2000, 2001, 2003 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include "krb.h"
-#include "k5-int.h"
-
-/*
- * krb_life_to_time
- *
- * Given a start date and a lifetime byte, compute the expiration
- * date.
- */
-KRB4_32 KRB5_CALLCONV
-krb_life_to_time(KRB4_32 start, int life)
-{
- krb5int_access k5internals;
-
- if (krb5int_accessor(&k5internals, KRB5INT_ACCESS_VERSION)
- || k5internals.krb_life_to_time == NULL)
- return start;
- return k5internals.krb_life_to_time(start, life);
-}
-
-/*
- * krb_time_to_life
- *
- * Given the start date and the end date, compute the lifetime byte.
- * Round up, since we can adjust the start date backwards if we are
- * issuing the ticket to cause it to expire at the correct time.
- */
-int KRB5_CALLCONV
-krb_time_to_life(KRB4_32 start, KRB4_32 end)
-{
- krb5int_access k5internals;
-
- if (krb5int_accessor(&k5internals, KRB5INT_ACCESS_VERSION)
- || k5internals.krb_time_to_life == NULL)
- return 0;
- return k5internals.krb_time_to_life(start, end);
-}
Deleted: branches/mskrb-integ/src/lib/krb4/log.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/log.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/log.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,151 +0,0 @@
-/*
- * lib/krb4/log.c
- *
- * Copyright 1985, 1986, 1987, 1988, 2007 by the Massachusetts Institute of
- * Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#ifdef KRB_CRYPT_DEBUG
-/* This file used to contain log() and set_logfile(). If you define
- KRB_CRYPT_DEBUG, you'll need to define those to point to krb_log and
- krb_set_logfile, or change all the invokers. */
-#endif
-
-#include "krb.h"
-#include "autoconf.h"
-#ifdef HAVE_TIME_H
-#include <time.h>
-#endif
-#if !defined(VMS) && !defined(_WIN32)
-#include <sys/time.h>
-#endif
-#include <stdio.h>
-#include <stdarg.h>
-
-#include "krb4int.h"
-#include <klog.h>
-#include "k5-platform.h"
-
-static char *log_name = KRBLOG;
-#if 0
-static is_open;
-#endif
-
-/*
- * This file contains three logging routines: set_logfile()
- * to determine the file that log entries should be written to;
- * and log() and new_log() to write log entries to the file.
- */
-
-/*
- * krb_log() is used to add entries to the logfile (see krb_set_logfile()
- * below). Note that it is probably not portable since it makes
- * assumptions about what the compiler will do when it is called
- * with less than the correct number of arguments which is the
- * way it is usually called.
- *
- * The log entry consists of a timestamp and the given arguments
- * printed according to the given "format".
- *
- * The log file is opened and closed for each log entry.
- *
- * The return value is undefined.
- */
-
-void krb_log(const char *format,...)
-{
- FILE *logfile;
- time_t now;
- struct tm *tm;
- va_list args;
-
- va_start(args, format);
-
- if ((logfile = fopen(log_name,"a")) != NULL) {
- set_cloexec_file(logfile);
- (void) time(&now);
- tm = localtime(&now);
-
- fprintf(logfile,"%2d-%s-%d %02d:%02d:%02d ",tm->tm_mday,
- month_sname(tm->tm_mon + 1),1900+tm->tm_year,
- tm->tm_hour, tm->tm_min, tm->tm_sec);
- vfprintf(logfile,format,args);
- fprintf(logfile,"\n");
- (void) fclose(logfile);
- }
- va_end(args);
- return;
-}
-
-/*
- * krb_set_logfile() changes the name of the file to which
- * messages are logged. If krb_set_logfile() is not called,
- * the logfile defaults to KRBLOG, defined in "krb.h".
- */
-
-void
-krb_set_logfile(filename)
- char *filename;
-{
- log_name = filename;
-#if 0
- is_open = 0;
-#endif
-}
-
-#if 0
-/*
- * new_log() appends a log entry containing the give time "t" and the
- * string "string" to the logfile (see set_logfile() above). The file
- * is opened once and left open. The routine returns 1 on failure, 0
- * on success.
- */
-
-krb_new_log(t,string)
- long t;
- char *string;
-{
- static FILE *logfile;
-
- struct tm *tm;
-
- if (!is_open) {
- if ((logfile = fopen(log_name,"a")) == NULL) return(1);
- set_cloexec_file(logfile);
- is_open = 1;
- }
-
- if (t) {
- tm = localtime(&t);
-
- fprintf(logfile,"\n%2d-%s-%d %02d:%02d:%02d %s",tm->tm_mday,
- month_sname(tm->tm_mon + 1),1900+tm->tm_year,
- tm->tm_hour, tm->tm_min, tm->tm_sec, string);
- }
- else {
- fprintf(logfile,"\n%20s%s","",string);
- }
-
- (void) fflush(logfile);
- return(0);
-}
-#endif
Deleted: branches/mskrb-integ/src/lib/krb4/mac_glue.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/mac_glue.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/mac_glue.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,48 +0,0 @@
-/*
- * mac_glue.c
- *
- * Copyright 1989 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- * Macintosh ooperating system interface for Kerberos.
- */
-
-#include "mit-copyright.h"
-#include "krb.h"
-
-/* Mac Cincludes */
-#include <string.h>
-#include <stddef.h>
-
-/* FIXME! swab should be swapping, but for initial test, don't bother. */
-
-void swab(char *from, char *to, int nbytes) {}
-
-mymemset( void *s, register int c, register size_t n )
-{
- // written because memset doesn't work in think C (ARGGGG!!!!!!)
- register char *j = s;
- while( n-- )
- *j++ = c;
-}
-
-int INTERFACE
-krb_start_session (x)
- char *x;
-{
- return KSUCCESS;
-}
-
-int INTERFACE
-krb_end_session (x)
- char *x;
-{
- return KSUCCESS;
-}
-
-/* FIXME: These stubs should go away. */
-int read() {return 0;}
-int write () {return 0;}
-int krb_ignore_ip_address = 0;
Deleted: branches/mskrb-integ/src/lib/krb4/mac_store.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/mac_store.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/mac_store.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,731 +0,0 @@
-/*
- * mac_store.c
- *
- * Kerberos configuration store
- * Originally coded by Tim Miller / Brown University as KRB_Store.c
- * Mods 1/92 By Peter Bosanko
- *
- * Modified May-June 1994 by Julia Menapace and John Gilmore
- * of Cygnus Support.
- *
- * This file incorporates replacements for the Unix files
- * g_admhst.c, g_krbhst.c, realmofhost.c, and g_krbrlm.c.
- */
-
-/* Headers from in_tkt.c, merged in by gnu FIXME */
-#include <types.h>
-
-/* Headers from store.c from KClient */
-#include <string.h>
-#include <traps.h>
-#include <gestaltEqu.h>
-#include <Folders.h>
-#include <Resources.h>
-#include <Memory.h>
-#include <Files.h>
-
-#include "krb.h"
-#include "mac_store.h" /* includes memcache.h */
-#include "krb_driver.h"
-
-#define prefname "\pKerberos Client Preferences"
-const OSType preftype = 'PREF';
-const OSType prefcrea = 'krbL';
-const OSType unametype = 'UNam';
-const OSType lrealmtype = 'LRlm';
-const OSType templatetype = 'TMPL';
-const OSType realmmaptype = 'RMap';
-const OSType servermaptype = 'SMap';
-#define kNumTemplates 4
-#define kFirstTemplate 128
-#define kMapResNum 1024
-
-
-/* Lower level routines and data structures */
-
-
-/* Need to check this in each high-level routine, and call init_store
- if not set. */
-static int initialized_store = 0;
-
-static char fLRealm[REALM_SZ] = "";
-static Handle fRealmMap = 0;
-static Handle fServerMap = 0;
-static short fPrefVRefNum;
-static long fPrefDirID;
-OSErr fConstructErr = -1;
-
-/* Current default user name (for prompts, etc). */
-
-static char gUserName[MAX_K_NAME_SZ];
-
-
-/* Routines for dealing with the realm versus host database */
-
-/*
- * krb_get_admhst
- *
- * Given a Kerberos realm, find a host on which the Kerberos database
- * administration server can be found.
- *
- * krb_get_admhst takes a pointer to be filled in, a pointer to the name
- * of the realm for which a server is desired, and an integer n, and
- * returns (in h) the nth administrative host entry from the configuration
- * file (KRB_CONF, defined in "krb.h") associated with the specified realm.
- * If ATHENA_CONF_FALLBACK is defined, also look in old location.
- *
- * On error, get_admhst returns KFAILURE. If all goes well, the routine
- * returns KSUCCESS.
- *
- * For the format of the KRB_CONF file, see comments describing the routine
- * krb_get_krbhst().
- *
- * This is a temporary hack to allow us to find the nearest system running
- * a Kerberos admin server. In the long run, this functionality will be
- * provided by a nameserver. (HAH!)
- */
-int
-krb_get_admhst (h, r, n)
- char *h;
- char *r;
- int n;
-{
- if (!initialized_store)
- if (init_store())
- return KFAILURE;
- if(GetNthServer(n, r, 1, h)) return KFAILURE;
- else return KSUCCESS;
-}
-
-/*
- * Given a Kerberos realm, find a host on which the Kerberos authenti-
- * cation server can be found.
- *
- * krb_get_krbhst takes a pointer to be filled in, a pointer to the name
- * of the realm for which a server is desired, and an integer, n, and
- * returns (in h) the nth entry from the configuration information
- * associated with the specified realm.
- *
- * If no info is found, krb_get_krbhst returns KFAILURE. If n=1 and the
- * configuration file does not exist, krb_get_krbhst will return KRB_HOST
- * (defined in "krb.h"). If all goes well, the routine returnes
- * KSUCCESS.
- *
- * This is a temporary hack to allow us to find the nearest system running
- * kerberos. In the long run, this functionality will be provided by a
- * nameserver. (AH SO!)
- */
-int krb_get_krbhst(h, r, n)
- char *h;
- char *r;
- int n;
-{
- if (!initialized_store)
- if (init_store())
- return KFAILURE;
- if (GetNthServer(n, r, 0, h)) return KFAILURE;
- else return KSUCCESS;
-}
-
-
-/*
- * krb_get_lrealm takes a pointer to a string, and a number, n. It fills
- * in the string, r, with the name of the local realm specified in
- * the local Kerberos configuration.
- * It returns 0 (KSUCCESS) on success, and KFAILURE on failure. If the
- * config info does not exist, and if n=1, a successful return will occur
- * with r = KRB_REALM (also defined in "krb.h"). [FIXME -- not implem.]
- *
- * NOTE: for archaic & compatibility reasons, this routine will only return
- * valid results when n = 1.
- */
-
-int krb_get_lrealm(char *r, int n)
-{
- if (!initialized_store)
- if (init_store())
- return KFAILURE;
- if (n != 1)
- return KFAILURE;
- if (GetLocalRealm(r))
- return KFAILURE;
- return KSUCCESS;
-}
-
-
-/*
- * krb_realmofhost.
- * Given a fully-qualified domain-style primary host name,
- * return the name of the Kerberos realm for the host.
- * If the hostname contains no discernable domain, or an error occurs,
- * return the local realm name, as supplied by get_krbrlm().
- * If the hostname contains a domain, but no translation is found,
- * the hostname's domain is converted to upper-case and returned.
- *
- * In the database,
- * domain_name should be of the form .XXX.YYY (e.g. .LCS.MIT.EDU)
- * host names should be in the usual form (e.g. FOO.BAR.BAZ)
- */
-
-char *krb_realmofhost(char *host)
-{
- static char realm[REALM_SZ];
-
- if (!initialized_store)
- if (init_store())
- return 0;
-
- /* Store realm string through REALM pointer arg */
- GetRealm(host, realm);
- return realm;
-}
-
-
-char * INTERFACE
-krb_get_default_user (void)
-{
- if (!initialized_store)
- if (init_store())
- return 0;
-
- return gUserName;
-}
-
-
-int INTERFACE
-krb_set_default_user (uName)
- char* uName;
-{
- if (!initialized_store)
- if (init_store())
- return KFAILURE;
-
- if( strcmp( gUserName, uName ) != 0 ) {
- strcpy( gUserName, uName );
- if (WriteUser() != 0)
- return KFAILURE;
- }
- return KSUCCESS;
-}
-
-
-
-void GetPrefsFolder(short *vRefNumP, long *dirIDP)
-{
- Boolean hasFolderMgr = false;
- long feature;
-/*
- FIXME Error: Ô_GestaltDispatchÕ has not been declared - not needed now? - jcm
- if (TrapAvailable(_GestaltDispatch))
-*/
- if (Gestalt(gestaltFindFolderAttr, &feature) == noErr) hasFolderMgr = true;
- if (!hasFolderMgr) {
- GetSystemFolder(vRefNumP, dirIDP);
- return;
- }
- else {
- if (FindFolder(kOnSystemDisk, kPreferencesFolderType, kDontCreateFolder, vRefNumP, dirIDP) != noErr) {
- *vRefNumP = 0;
- *dirIDP = 0;
- }
- }
- }
-
-
-/*
- init_store() is used to initialize the config store. It opens the
- driver preferences file and reads the local realm, user name, and
- realm and server maps from resources in the prefs file into driver
- storage. If the preferences file doesn't exist, init_store creates it.
- Returns 0 on success, or 1 if something goes wrong.
- */
-int
-init_store()
-{
- short refnum;
- Handle temp;
- int hasPrefFile;
-
- /* If a prefs file exists, load from it, otherwise load defaults from self */
- GetPrefsFolder(&fPrefVRefNum, &fPrefDirID);
- refnum = HOpenResFile(fPrefVRefNum, fPrefDirID, (unsigned char *)prefname, fsRdPerm);
- hasPrefFile = (refnum != -1); // did we open it?
-
- temp = GetResource(lrealmtype, kMapResNum);
- if(ResError() || !temp) {
- if(refnum != -1) CloseResFile(refnum);
- fConstructErr = cKrbCorruptedFile;
- return 1;
- }
- strcpy(fLRealm, *temp);
- ReleaseResource(temp);
-
- temp = GetResource(unametype, kMapResNum);
- if(ResError() || !temp) {
- if(refnum != -1) CloseResFile(refnum);
- fConstructErr = cKrbCorruptedFile;
- return 1;
- }
- strcpy(gUserName, *temp);
- ReleaseResource(temp);
-
- fRealmMap = GetResource(realmmaptype, kMapResNum);
- if(ResError() || !fRealmMap) {
- if(refnum != -1) CloseResFile(refnum);
- *fLRealm = 0;
- fConstructErr = cKrbCorruptedFile;
- return 1;
- }
- DetachResource(fRealmMap);
-
- fServerMap = GetResource(servermaptype, kMapResNum);
- if(ResError() || !fServerMap) {
- if(refnum != -1) CloseResFile(refnum);
- *fLRealm = 0;
- DisposeHandle(fRealmMap);
- fRealmMap = 0;
- fConstructErr = cKrbCorruptedFile;
- return 1;
- }
- DetachResource(fServerMap);
-
- if(refnum != -1) CloseResFile(refnum);
- fConstructErr = noErr;
-
- if (!hasPrefFile) {
- fConstructErr = CreatePrefFile(); // make prefs file if we need to
- }
-
- initialized_store = 1;
- return 0;
-}
-
-
-/****************Private routines******************/
-
-OSErr OpenPrefsFile(short *refnum)
-{
- *refnum = HOpenResFile(fPrefVRefNum, fPrefDirID, (unsigned char *)prefname, fsRdWrPerm);
-
- if(ResError()) { /* doesn't exist, create it */
- FInfo fndrinfo;
-
- HCreateResFile(fPrefVRefNum, fPrefDirID, (unsigned char *)prefname);
- if(ResError()) {
- return ResError();
- }
- *refnum = HOpenResFile(fPrefVRefNum, fPrefDirID, (unsigned char *)prefname, fsRdWrPerm);
- if(ResError()) {
- return ResError();
- }
- HGetFInfo(fPrefVRefNum, fPrefDirID, (unsigned char *)prefname, &fndrinfo);
- fndrinfo.fdCreator = prefcrea;
- fndrinfo.fdType = preftype;
- HSetFInfo(fPrefVRefNum, fPrefDirID, (unsigned char *)prefname, &fndrinfo);
- }
-
- return noErr;
- }
-
-
-
-OSErr CreatePrefFile()
-{
- short refnum, i;
- OSErr err;
- Handle tmpls[ kNumTemplates ];
-
- // Get all the templates for ResEdit
- for( i = 0; i < kNumTemplates; i++ ) {
- tmpls[i] = GetResource( templatetype, kFirstTemplate + i );
- if( ResError() || !tmpls[i] ) return cKrbCorruptedFile;
- }
-
- err = OpenPrefsFile( &refnum );
- if( err ) return err;
-
- // write out the templates
- for( i = 0; i < kNumTemplates && !err; i++ ) {
- short tmplid;
- ResType theType;
- Str255 resName;
-
- GetResInfo( tmpls[i], &tmplid, &theType, resName );
- err = WritePref( refnum, tmpls[i], templatetype, tmplid, resName );
- ReleaseResource( tmpls[i] );
- }
-
- if( !err )
- err = WritePref( refnum, fRealmMap, realmmaptype, kMapResNum, "\p" );
- if( !err )
- err = WritePref( refnum, fServerMap, servermaptype, kMapResNum, "\p" );
- if( !err )
- err = WritePrefStr( refnum, fLRealm, lrealmtype, kMapResNum, "\p" );
- if( !err )
- err = WritePrefStr( refnum, gUserName, unametype, kMapResNum, "\p" );
-
- CloseResFile( refnum );
- if( !err ) err = ResError();
- return err;
-}
-
-OSErr WriteUser()
-{
- short refnum;
- OSErr err;
-
- err = OpenPrefsFile( &refnum );
- if( err ) return err;
-
- err = WritePrefStr( refnum, gUserName, unametype, kMapResNum, "\p" );
-
- CloseResFile( refnum );
- if( !err ) err = ResError();
- return err;
-}
-
-OSErr WritePref( short refnum, Handle dataHandle, OSType mapType, short resID, Str255 resName )
-{
- OSErr err;
- Handle resHandle;
-
- resHandle = Get1Resource( mapType, resID );
- if( !resHandle ) { // create a new resource:
- resHandle = dataHandle;
- err = HandToHand( &resHandle ); // copy the data handle
- if( err != noErr ) return err;
-
- AddResource( resHandle, mapType, resID, resName );
- if( ( err = ResError() ) != noErr ) {
- DisposHandle( resHandle );
- return err;
- }
- SetResAttrs( resHandle, resSysHeap | GetResAttrs( resHandle ) );
- }
- else { /* modify an existing resource: */
- Size handleSize = GetHandleSize( dataHandle );
- SetHandleSize( resHandle, handleSize );
- if( ( err = MemError() ) != noErr ) {
- ReleaseResource( resHandle );
- return err;
- }
- BlockMove( *dataHandle, *resHandle, handleSize );
- ChangedResource( resHandle );
- if( ( err = ResError() ) != noErr ) {
- ReleaseResource( resHandle );
- return err;
- }
- }
-
- UpdateResFile( refnum );
- err = ResError();
- ReleaseResource( resHandle );
- return err;
-}
-
-OSErr WritePrefStr( short refnum, char *dataString, OSType mapType, short resID, Str255 resName )
-{
- OSErr err;
- Handle dataHandle;
-
- err = PtrToHand( dataString, &dataHandle, strlen( dataString ) + 1 );
- if( err == noErr ) {
- err = WritePref( refnum, dataHandle, mapType, resID, resName );
- DisposHandle( dataHandle );
- }
- return err;
-}
-
-OSErr WriteRealmMap()
-{
- short refnum;
- OSErr err;
-
- err = OpenPrefsFile( &refnum );
- if( err ) return err;
-
- err = WritePref( refnum, fRealmMap, realmmaptype, kMapResNum, "\p" );
-
- CloseResFile( refnum );
- if( !err ) err = ResError();
- return err;
-}
-
-OSErr WriteServerMap()
-{
- short refnum;
- OSErr err;
-
- err = OpenPrefsFile(&refnum);
- if( err ) return err;
-
- err = WritePref( refnum, fServerMap, servermaptype, kMapResNum,"\p" );
-
- CloseResFile( refnum );
- if( !err ) err = ResError();
- return err;
-}
-
-OSErr GetLocalRealm(char *lrealm)
-{
- if (!initialized_store)
- init_store();
-
- strcpy(lrealm, fLRealm);
- return noErr;
- }
-
-OSErr SetLocalRealm( const char *lrealm )
-{
- short refnum;
- OSErr err;
-
- if (!initialized_store)
- init_store();
-
- strcpy( fLRealm, (char *) lrealm );
-
- err = OpenPrefsFile( &refnum );
- if( err ) return err;
-
- err = WritePrefStr( refnum, fLRealm, lrealmtype, kMapResNum, "\p" );
-
- CloseResFile( refnum );
- if( !err ) err = ResError();
- return err;
-}
-
-OSErr GetRealm(const char *host, char *realm)
-{
- int numrealms;
- char *curnetorhost, *currealm;
- char *domain;
-
- if (!initialized_store)
- init_store();
-
- numrealms = *((short *)*fRealmMap);
- GetLocalRealm(realm);
-
- domain = strchr( host, '.');
- if(!domain) return noErr;
-
- curnetorhost = (*fRealmMap) + 2;
- currealm = strchr(curnetorhost, '\0') + 1;
- for( ; numrealms > 0; numrealms--) {
- if(!strcasecmp(curnetorhost, host)) {
- strcpy(realm, currealm);
- return noErr;
- }
- if(!strcasecmp(curnetorhost, domain)) {
- strcpy(realm, currealm);
- }
-
- if(numrealms > 1) {
- curnetorhost = strchr(currealm, '\0') + 1;
- currealm = strchr(curnetorhost, '\0') + 1;
- }
- }
-
- return noErr;
- }
-
-OSErr AddRealmMap(const char *netorhost, const char *realm)
-{
- int numrealms;
- char *curptr;
-
- SetHandleSize(fRealmMap, strlen(netorhost)+1 + strlen(realm)+1 +
- GetHandleSize(fRealmMap));
- if(MemError()) return MemError();
-
- numrealms = ++(*((short *)*fRealmMap));
-
- for(curptr = (*fRealmMap)+2; numrealms > 1; numrealms--) {
- curptr = strchr(curptr, '\0') + 1;
- curptr = strchr(curptr, '\0') + 1;
- }
-
- strcpy(curptr, netorhost);
- curptr = strchr(curptr, '\0') + 1;
- strcpy(curptr, realm);
-
- return WriteRealmMap();
- }
-
-OSErr DeleteRealmMap(const char *netorhost)
-{
- int numrealms = *((short *)*fRealmMap);
- char *curptr, *fromptr, *nextptr;
-
- for(curptr = (*fRealmMap)+2; numrealms > 0; numrealms--) {
- if(!strcasecmp(curptr, netorhost)) break; /* got it! */
-
- curptr = strchr(curptr, '\0') + 1;
- curptr = strchr(curptr, '\0') + 1;
- }
-
- if(numrealms == 0) return cKrbMapDoesntExist;
-
- *(short*)*fRealmMap -= 1;
-
- if(numrealms > 1) {
- fromptr = strchr(curptr, '\0') + 1;
- fromptr = strchr(fromptr, '\0') + 1;
- }
-
- for( ; numrealms > 1; numrealms--) {
- nextptr = strchr(fromptr, '\0') + 1;
- strcpy(curptr, fromptr);
- curptr = strchr(curptr, '\0') + 1;
- fromptr = nextptr;
-
- nextptr = strchr(fromptr, '\0') + 1;
- strcpy(curptr, fromptr);
- curptr = strchr(curptr, '\0') + 1;
- fromptr = nextptr;
- }
-
- SetHandleSize(fRealmMap, curptr-(*fRealmMap));
- if(MemError()) return MemError();
- return WriteRealmMap();
- }
-
-OSErr GetNthRealmMap(const int n, char *netorhost, char *realm)
-{
- int i;
- char *curptr;
-
- if(n > *(short*)*fRealmMap) return cKrbMapDoesntExist;
-
- for(curptr = (*fRealmMap) + 2, i = 1; i < n; i++) {
- curptr = strchr(curptr, '\0') + 1;
- curptr = strchr(curptr, '\0') + 1;
- }
-
- strcpy(netorhost, curptr);
- curptr = strchr(curptr, '\0') + 1;
- strcpy(realm, curptr);
-
- return noErr;
- }
-
-OSErr GetNthServer(const int n, const char *realm, const int mustadmin,
- char *server)
-{
- int numservers = *(short*)*fServerMap, i = 0;
- char *currealm, *curserver;
-
- currealm = (*fServerMap) + 2;
- curserver = strchr(currealm, '\0') + 1 + 1;
- for( ; numservers > 0; numservers--) {
- if(!strcmp(currealm, realm)) {
- if(!mustadmin || *(curserver-1)) i++;
- if(i >= n) {
- strcpy(server, curserver);
- return noErr;
- }
- }
-
- if(numservers > 1) {
- currealm = strchr(curserver, '\0') + 1;
- curserver = strchr(currealm, '\0') + 1 + 1;
- }
- }
-
- return cKrbMapDoesntExist;
- }
-
-OSErr AddServerMap(const char *realm, const char *server,
- const int isadmin)
-{
- int numservers;
- char *curptr;
-
- SetHandleSize(fServerMap, strlen(realm)+1 + 1 + strlen(server)+1 +
- GetHandleSize(fServerMap));
- if(MemError()) return MemError();
-
- numservers = ++(*((short *)*fServerMap));
-
- for(curptr = (*fServerMap)+2; numservers > 1; numservers--) {
- curptr = strchr(curptr, '\0') + 1 + 1;
- curptr = strchr(curptr, '\0') + 1;
- }
-
- strcpy(curptr, realm);
- curptr = strchr(curptr, '\0') + 1;
- *curptr = (char) isadmin;
- curptr++;
- strcpy(curptr, server);
-
- return WriteServerMap();
- }
-
-OSErr DeleteServerMap(const char *realm, const char *server)
-{
- int numservers = *((short *)*fServerMap);
- char *curptr, *fromptr, *nextptr;
-
- for(curptr = (*fServerMap)+2; numservers > 0; numservers--) {
- if(!strcmp(curptr, realm)) {
- nextptr = strchr(curptr, '\0') + 1 + 1;
- if(!strcasecmp(nextptr, server)) {
- break; /* got it! */
- }
- }
-
- curptr = strchr(curptr, '\0') + 1 + 1;
- curptr = strchr(curptr, '\0') + 1;
- }
-
- if(numservers == 0) return cKrbMapDoesntExist;
-
- *(short*)*fServerMap -= 1;
-
- if(numservers > 1) {
- fromptr = strchr(curptr, '\0') + 1 + 1;
- fromptr = strchr(fromptr, '\0') + 1;
- }
-
- for( ; numservers > 1; numservers--) {
- nextptr = strchr(fromptr, '\0') + 1;
- strcpy(curptr, fromptr);
- curptr = strchr(curptr, '\0') + 1;
- fromptr = nextptr;
-
- *curptr = *fromptr;
- curptr++;
- fromptr++;
-
- nextptr = strchr(fromptr, '\0') + 1;
- strcpy(curptr, fromptr);
- curptr = strchr(curptr, '\0') + 1;
- fromptr = nextptr;
- }
-
- SetHandleSize(fServerMap, curptr-(*fServerMap));
- if(MemError()) return MemError();
- return WriteServerMap();
- }
-
-OSErr GetNthServerMap(const int n, char *realm, char *server, int *admin)
-{
- int i;
- char *curptr;
-
- if(n > *(short*)*fServerMap) return cKrbMapDoesntExist;
-
- for(curptr = (*fServerMap) + 2, i = 1; i < n; i++) {
- curptr = strchr(curptr, '\0') + 1 + 1;
- curptr = strchr(curptr, '\0') + 1;
- }
-
- strcpy(realm, curptr);
- curptr = strchr(curptr, '\0') + 1;
- *admin = *curptr;
- curptr++;
- strcpy(server, curptr);
-
- return noErr;
-}
Deleted: branches/mskrb-integ/src/lib/krb4/mac_store.h
===================================================================
--- branches/mskrb-integ/src/lib/krb4/mac_store.h 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/mac_store.h 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,56 +0,0 @@
-/*
- store.h
- Kerberos credential store
- Originally coded by Tim Miller / Brown University
- Mods 1/92 By Peter Bosanko
-
- Modified May 1994 by Julia Menapace and John Gilmore, Cygnus
- Support.
-*/
-
-#include "memcache.h"
-
-extern OSErr fConstructErr;
-
- OSErr CreatePrefFile();
- OSErr WriteUser(); /* saves gUserName to prefs file */
-
- /* Used internally... */
- OSErr WritePref(short refnum, Handle dataHandle, OSType mapType, short resID,
- Str255 resName);
- OSErr WritePrefStr(short refnum, char *dataString, OSType mapType, short resID,
- Str255 resName);
-
- /*** Realm info routines: ***/
- OSErr GetLocalRealm(char *lrealm); /* stuffs local realm in lrealm */
- OSErr SetLocalRealm(const char *lrealm); /* sets local realm */
-
- OSErr GetRealm(const char *host, char *realm); /* yields realm for given
- host's net name */
- OSErr AddRealmMap(const char *netorhost, const char *realm); /* says hosts
- with this name or in this domain (if
- begins with period) map to this realm
- (provided no more specific map is
- found) */
- OSErr DeleteRealmMap(const char *netorhost); /* deletes realm map for the
- net or net hostname */
- OSErr GetNthRealmMap(const int n, char *netorhost, char *realm); /* yields
- the Nth mapping of a net or host to
- a kerberos realm */
-
- OSErr GetNthServer(const int n, const char *realm, const int mustadmin,
- char *server); /* yields Nth (administrating if
- mustadmin is true) server for
- the given realm */
- OSErr AddServerMap(const char *realm, const char *server,
- const int isadmin); /* says this server services this
- realm (administratively if isadmin) */
- OSErr DeleteServerMap(const char *realm, const char *server); /* deletes
- the map of this realm to this server */
- OSErr GetNthServerMap(const int n, char *realm, char *server, int *admin);
- /* yields Nth realm-server mapping */
-
- OSErr OpenPrefsFile(short *refnum); /* open (create if necessary) prefs file
- for writing */
- OSErr WriteRealmMap();
- OSErr WriteServerMap();
Deleted: branches/mskrb-integ/src/lib/krb4/mac_stubs.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/mac_stubs.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/mac_stubs.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,525 +0,0 @@
-/*
- * mac_stubs.c
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- * Macintosh oopserating system stub interface for Kerberos.
- * Applications call these routines, which then call the driver to do the work.
- */
-
-#include "krb.h"
-#include "krb_driver.h" /* Mac driver interface */
-
-#include <string.h>
-#include <stddef.h>
-#include <Files.h>
-#include <Devices.h>
-
-/* We export the driver reference under the name mac_stubs_kdriver,
- but for convenience throughout this code, we call it "kdriver",
- which was its name when it was static. */
-short mac_stubs_kdriver = 0; /* .Kerberos driver ref */
-#define kdriver mac_stubs_kdriver
-
-ParamBlockRec pb[1];
-struct krbHiParmBlock khipb[1];
-struct krbParmBlock klopb[1];
-
-short lowcall (long cscode, krbParmBlock *klopb, short kdriver)
-{
- short s;
- ParamBlockRec pb;
-
- memset (&pb, 0, sizeof(ParamBlockRec));
- *(long *)pb.cntrlParam.csParam = (long)klopb;
- pb.cntrlParam.ioCompletion = nil;
- pb.cntrlParam.ioCRefNum = kdriver;
- pb.cntrlParam.csCode = cscode;
-
- if (s = PBControl(&pb, false))
- return KFAILURE;
- if (s = pb.cntrlParam.ioResult)
- return -(s - cKrbKerberosErrBlock); /* Restore krb err code from driver err */
-
- return KSUCCESS;
-}
-
-
-short hicall (long cscode, krbHiParmBlock *khipb, short kdriver)
-{
- short s;
- ParamBlockRec pb;
- memset(&pb, 0, sizeof(ParamBlockRec));
- *(long *)pb.cntrlParam.csParam = (long)khipb;
- pb.cntrlParam.ioCompletion = nil;
- pb.cntrlParam.ioCRefNum = kdriver;
-
- pb.cntrlParam.csCode = cscode;
- if (s = PBControl(&pb, false))
- return KFAILURE;
- if (s = pb.cntrlParam.ioResult)
- return -(s - cKrbKerberosErrBlock); /* Restore krb err code from driver err */
-
- return KSUCCESS;
-}
-
-
-int INTERFACE
-krb_start_session (x)
- char *x;
-{
- short s;
-
- /*
- * Open the .Kerberos driver if not already open
- */
- if (!kdriver) {
- s = OpenDriver("\p.Kerberos", &kdriver);
- if (s) {
- return KFAILURE; /* Improve this error code */
- }
- }
-
- return KSUCCESS;
-}
-
-
-int INTERFACE
-krb_end_session (x)
- char *x;
-{
- short s;
-
-#if 0 /* This driver doesn't want to be closed. FIXME, is this OK? */
- if (kdriver) {
- s = CloseDriver(kdriver);
- if (s)
- return KFAILURE;
- kdriver = 0;
- }
-#endif
- return KSUCCESS;
-}
-
-
-char * INTERFACE
-krb_realmofhost (host)
- char *host;
-{
- short s;
- ParamBlockRec pb;
- static char realm[REALM_SZ];
-
- memset(klopb, 0, sizeof(*klopb));
- klopb->host = host;
- klopb->uRealm = realm;
-
- /* FIXME jcm - no error handling for return value of lowcall in krb_realmofhost */
- s = lowcall (cKrbGetRealm , klopb, kdriver);
-
- return realm;
-}
-
-int INTERFACE
-krb_get_lrealm (realm, n)
- char *realm;
- int n;
-{
- short s;
- ParamBlockRec pb;
-
- if (n != 1)
- return KFAILURE;
-
- memset(klopb, 0, sizeof(*klopb));
- klopb->uRealm = realm;
-
- s = lowcall (cKrbGetLocalRealm, klopb, kdriver);
- return s;
-
-}
-
-
-int INTERFACE
-kname_parse (name, instance, realm, fullname)
- char *name, *instance, *realm, *fullname;
-{
- short s;
- ParamBlockRec pb;
-
- memset(klopb, 0, sizeof(*klopb));
- klopb->uName = name;
- klopb->uInstance = instance;
- klopb->uRealm = realm;
- klopb->fullname = fullname;
-
- s = lowcall (cKrbKnameParse, klopb, kdriver);
- return s;
-}
-
-const char* INTERFACE
-krb_get_err_text (error_code)
- int error_code;
-{
- short s;
-
- memset(klopb, 0, sizeof(*klopb));
- klopb->admin = error_code;
- s = lowcall (cKrbGetErrText, klopb, kdriver);
- if (s != KSUCCESS)
- return "Error in get_err_text";
- return klopb->uName;
-}
-
-
-int INTERFACE
-krb_get_pw_in_tkt(user,instance,realm,service,sinstance,life,password)
- char *user, *instance, *realm, *service, *sinstance;
- int life;
- char *password;
-{
- short s;
-
- memset(klopb, 0, sizeof(*klopb));
- klopb->uName = user;
- klopb->uInstance = instance;
- klopb->uRealm = realm;
- klopb->sName = service;
- klopb->sInstance = sinstance;
- klopb->admin = life;
- klopb->fullname = password;
-
- s = lowcall (cKrbGetPwInTkt, klopb, kdriver);
- return s;
-}
-
-
-/* FIXME: For now, we handle the preauth version exactly the same
- as the non-preauth. */
-krb_get_pw_in_tkt_preauth(user,instance,realm,service,sinstance,life,password)
- char *user, *instance, *realm, *service, *sinstance;
- int life;
- char *password;
-{
- short s;
-
- memset(klopb, 0, sizeof(*klopb));
- klopb->uName = user;
- klopb->uInstance = instance;
- klopb->uRealm = realm;
- klopb->sName = service;
- klopb->sInstance = sinstance;
- klopb->admin = life;
- klopb->fullname = password;
-
- s = lowcall (cKrbGetPwInTkt, klopb, kdriver);
- return s;
-}
-
-
-
-char* INTERFACE
-krb_get_default_user (void)
-{
- short s;
- static char return_name[MAX_K_NAME_SZ];
-
- memset(khipb, 0, sizeof(*khipb));
- khipb->user = return_name;
- s = hicall (cKrbGetUserName, khipb, kdriver);
- if (s != KSUCCESS)
- return 0;
- return return_name;
-}
-
-
-int INTERFACE
-krb_set_default_user (uName)
- char* uName;
-{
- short s;
-
- memset(khipb, 0, sizeof(*khipb));
- khipb->user = uName;
- s = hicall (cKrbSetUserName, khipb, kdriver);
- return s;
-}
-
-int INTERFACE
-krb_get_cred (name, instance, realm, cr)
- char *name;
- char *instance;
- char *realm;
- CREDENTIALS *cr;
-{
- short s;
-
- memset(klopb, 0, sizeof(*klopb));
-
- strcpy(cr->service, name);
- strcpy(cr->instance, instance);
- strcpy(cr->realm, realm);
-
- klopb->cred = cr;
-
- s = lowcall (cKrbGetCredentials, klopb, kdriver);
- return s;
-}
-
-int INTERFACE
-krb_save_credentials (sname, sinstance, srealm, session,
- lifetime, kvno,ticket, issue_date)
- char *sname; /* service name */
- char *sinstance; /* service instance */
- char *srealm; /* service realm */
- C_Block session; /* Session key */
- int lifetime; /* Lifetime */
- int kvno; /* Key version number */
- KTEXT ticket; /* The ticket itself */
- long issue_date; /* The issue time */
-
-{
- short s;
- CREDENTIALS cr;
-
- strcpy(cr.service, sname);
- strcpy(cr.instance, sinstance);
- strcpy(cr.realm, srealm);
- memcpy(cr.session, session, sizeof(C_Block));
- cr.lifetime = lifetime;
- cr.kvno = kvno;
- cr.ticket_st = *ticket;
- cr.issue_date = issue_date;
-
- memset(klopb, 0, sizeof(*klopb));
- klopb->cred = &cr;
-
- s = lowcall (cKrbAddCredentials, klopb, kdriver);
- return s;
-}
-
-
-int INTERFACE
-krb_delete_cred (sname, sinstance, srealm)
- char *sname;
- char *sinstance;
- char *srealm;
-{
- short s;
-
- memset(klopb, 0, sizeof(*klopb));
-
- klopb->sName = sname;
- klopb->sInstance = sinstance;
- klopb->sRealm = srealm;
-
- s = lowcall (cKrbDeleteCredentials, klopb, kdriver);
- return s;
-}
-
-int INTERFACE
-dest_tkt (cachename)
- char *cachename; /* This parameter is ignored. */
-{
- short s;
-
- memset(klopb, 0, sizeof(*klopb));
- s = lowcall (cKrbDeleteAllSessions, klopb, kdriver);
- return s;
-}
-
-/*
- * returns service name, service instance and realm of the nth credential.
- * credential numbering is 1 based.
- */
-
-int INTERFACE
-krb_get_nth_cred (sname, sinstance, srealm, n)
- char *sname;
- char *sinstance;
- char *srealm;
- int n;
-{
- short s;
-
- memset(klopb, 0, sizeof(*klopb));
-
- klopb->sName = sname;
- klopb->sInstance = sinstance;
- klopb->sRealm = srealm;
- klopb->itemNumber = &n;
-
- s = lowcall (cKrbGetNthCredentials, klopb, kdriver);
- return s;
-}
-
-/*
- * Return the number of credentials in the current credential cache (ticket cache).
- * On error, returns -1.
- */
-int INTERFACE
-krb_get_num_cred ()
-{
- int s;
- int n;
-
- memset(klopb, 0, sizeof(*klopb));
- klopb->itemNumber = &n;
-
- s = lowcall (cKrbGetNumCredentials, klopb, kdriver);
- if (s)
- return -1;
- return *(klopb->itemNumber);
-}
-
-
-
-/* GetNthRealmMap
- yields the Nth mapping of a net or host to a Kerberos realm
- -> itemNumber which mapping, traditionally the first
- -> host host or net
- -> uRealm pointer to buffer that will receive realm name
-*/
-
-OSErr INTERFACE
-GetNthRealmMap(n, netorhost, realm)
- int n;
- char *netorhost;
- char *realm;
-{
- int s;
- memset(klopb, 0, sizeof(*klopb));
- klopb->itemNumber = &n;
- klopb->host = netorhost;
- klopb->uRealm = realm;
-
- s = lowcall (cKrbGetNthRealmMap, klopb, kdriver);
- return s;
-}
-
-/* GetNthServerMap
- yields Nth realm-server mapping
- -> itemNumber which mapping should be returned
- -> uRealm pointer to buffer that will receive realm name
- -> host pointer to buffer that will receive server name
- -> admin pointer to admin flag
- */
-
-OSErr INTERFACE
-GetNthServerMap(n, realm, server, admin)
- int n;
- char *realm;
- char *server;
- int *admin;
-{
- int s;
- memset(klopb, 0, sizeof(*klopb));
- klopb->itemNumber = &n;
- klopb->uRealm = realm;
- klopb->host = server;
- klopb->adminReturn = admin;
-
- s = lowcall (cKrbGetNthServerMap, klopb, kdriver);
- return s;
-}
-
-
-
-/* krb_get_ticket_for_service
- * Gets a ticket and returns it to application in buf
- -> service Formal Kerberos name of service
- -> buf Buffer to receive ticket
- -> checksum checksum for this service
- <-> buflen length of ticket buffer (must be at least
- 1258 bytes)
- <- sessionKey for internal use
- <- schedule for internal use
-
- * Result is:
- * GC_NOTKT if there is no matching TGT in the cache
- * MK_AP_TGTEXP if the matching TGT is expired
- * Other errors possible. These could cause a dialogue with the user
- * to get a new TGT.
- */
-
-int INTERFACE
-krb_get_ticket_for_service (serviceName, buf, buflen, checksum, sessionKey,
- schedule, version, includeVersion)
- char *serviceName;
- char *buf;
- unsigned KRB4_32 *buflen;
- int checksum;
- des_cblock sessionKey;
- Key_schedule schedule;
- char *version;
- int includeVersion;
-{
- short s;
-
- if (includeVersion)
- return KFAILURE; /* Not implmented in the kclient driver iface */
-
- memset(khipb, 0, sizeof(*khipb));
- khipb->service = serviceName;
- khipb->buf = buf;
- khipb->buflen = *buflen;
- khipb->checksum = checksum;
-
- s = hicall (cKrbGetTicketForService, khipb, kdriver);
- /* These are ARRAYS in the hiparmblock, for some reason! */
- memcpy (sessionKey, khipb->sessionKey, sizeof (khipb[0].sessionKey));
- memcpy (schedule, khipb->schedule, sizeof (khipb[0].schedule));
- *buflen = khipb->buflen;
- return s;
-}
-
-
-/* krb_get_tf_fullname -- return name, instance and realm of the
- principal in the current ticket file. The ticket file name is not
- currently used for anything since there is only one credentials
- cache/ticket file
-*/
-
-int INTERFACE
-krb_get_tf_fullname (tktfile, name, instance, realm)
- char *tktfile;
- char *name;
- char *instance;
- char *realm;
-
-{
- short s;
- memset (klopb, 0, sizeof(*klopb));
- klopb->fullname = tktfile;
- klopb->uName = name;
- klopb->uInstance = instance;
- klopb->uRealm = realm;
-
- s = lowcall (cKrbGetTfFullname, klopb, kdriver);
- return s;
-}
-
-
-
-#if 0
- xbzero(khipb, sizeof(krbHiParmBlock));
- khipb->service = (char *)cannon;
- khipb->buf = (char *)buf; /* where to build it */
- khipb->checksum = 0;
- khipb->buflen = sizeof(buf);
- if (s = hicall(cKrbGetTicketForService, khipb, kdriver))
- return s;
- xbcopy(khipb->sessionKey, sessionKey, sizeof(sessionKey)); /* save the session key */
- /*
- * cKrbGetTicketForService put a longword buffer length into the buffer
- * which we don't want, so we ignore it.
- * Make room for first 3 bytes which preceed the auth data.
- */
- cp = &buf[4-3]; /* skip long, make room for 3 bytes */
- cp[0] = tp[0]; /* copy type and modifier */
- cp[1] = tp[1];
- cp[2] = KRB_AUTH; /* suboption command */
- len = khipb->buflen - sizeof(long) + 3; /* data - 4 + 3 */
-
-#endif /* 0 */
Deleted: branches/mskrb-integ/src/lib/krb4/mac_time.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/mac_time.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/mac_time.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,152 +0,0 @@
-/*
- * mac_time.c
- * (Originally time_stuff.c)
- *
- * Copyright 1989 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- * Macintosh ooperating system interface for Kerberos.
- */
-
-#include "mit-copyright.h"
-#include "krb.h"
-#include "des.h"
-#include "AddressXlation.h" /* for ip_addr */
-#include <time.h>
-#include <sys/time.h>
-
-#include <script.h> /* Defines MachineLocation, used by getTimeZoneOffset */
-#include <ToolUtils.h> /* Defines BitTst(), called by getTimeZoneOffset() */
-#include <OSUtils.h> /* Defines GetDateTime */
-
-/* Mac Cincludes */
-#include <string.h>
-#include <stddef.h>
-
-
- /*******************************
- The Unix epoch is 1/1/70, the Mac epoch is 1/1/04.
-
- 70 - 4 = 66 year differential
-
- Thus the offset is:
-
- (66 yrs) * (365 days/yr) * (24 hours/day) * (60 mins/hour) * (60 secs/min)
- plus
- (17 leap days) * (24 hours/day) * (60 mins/hour) * (60 secs/min)
-
- Don't forget the offset from GMT.
- *******************************/
-
-
-/* returns the offset in hours between the mac local time and the GMT */
-
-unsigned long
-getTimeZoneOffset()
-{
- MachineLocation macLocation;
- long gmtDelta;
-
- macLocation.gmtFlags.gmtDelta=0L;
- ReadLocation(&macLocation);
- gmtDelta=macLocation.gmtFlags.gmtDelta & 0x00FFFFFF;
- if (BitTst((void *)&gmtDelta,23L)) gmtDelta |= 0xFF000000;
- gmtDelta /= 3600L;
- return(gmtDelta);
-}
-
-
-/* Returns the GMT in seconds using the Unix epoch, ie. Net time */
-
-static unsigned long
-gettimeofdaynet_no_offset()
-{
- time_t the_time;
-
- GetDateTime (&the_time);
- the_time = the_time -
- ((66 * 365 * 24 * 60 * 60) +
- (17 * 24 * 60 * 60) +
- (getTimeZoneOffset() * 60 * 60));
- return the_time;
-}
-
-
-
-int
-gettimeofdaynet (struct timeval *tp, struct timezone *tz)
-{
- tp->tv_sec = gettimeofdaynet_no_offset();
- return 0;
-}
-
-
-#if 0
-
-int
-gettimeofdaynet (struct timeval *tp, struct timezone *tz)
-{
- int result;
-
- if (!net_got_offset)
- result = get_net_offset();
- else result = 0;
-
- time ((time_t *) &(tp->tv_sec));
-
- tp->tv_sec = tp->tv_sec - (66 * 365 * 24 * 60 * 60
- + 17 * 60 * 60 * 24) + net_offset;
-
- return (result);
-}
-
-
-#define TIME_PORT 37
-#define TM_OFFSET 2208988800
-
-/*
- *
- * get_net_offset () -- Use UDP time protocol to figure out the
- * offset between what the Mac thinks the time is an what
- * the network thinks.
- *
- */
-int
-get_net_offset()
-{
- time_t tv;
- char buf[512],ts[256];
- long *nettime;
- int attempts, cc, time_port;
- long unixtime;
- char realm[REALM_SZ];
- ip_addr fromaddr;
- unsigned short fromport;
- int result;
-
- nettime = (long *)buf;
- time_port = TIME_PORT;
-
- cc = sizeof(buf);
- result = hosts_send_recv(ts, 1, buf, &cc, "", time_port);
- time (&tv);
-
- if (result!=KSUCCESS || cc<4) {
- net_offset = 0;
- if (!result) result = 100;
- return result;
- }
-
- unixtime = (long) ntohl(*nettime) - TM_OFFSET;
-
- tv -= 66 * 365 * 24 * 60 * 60
- + 17 * 60 * 60 * 24; /* Convert to unix time w/o offset */
- net_offset = unixtime - tv;
- net_got_offset = 1;
-
- return 0;
-}
-
-#endif
Deleted: branches/mskrb-integ/src/lib/krb4/memcache.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/memcache.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/memcache.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,891 +0,0 @@
-/*
- * memcache.c
- *
- * Kerberos credential cache
- * Originally coded by Tim Miller / Brown University as KRB_Store.c
- * Mods 1/92 By Peter Bosanko
- *
- * Modified May-June 1994 by Julia Menapace and John Gilmore
- * of Cygnus Support.
- *
- * This file incorporates replacements for the Unix files
- * in_tkt.c, dest_tkt.c, tf_util.c, and tkt_string.c.
- */
-
-#include "krb.h"
-#include "krb4int.h"
-#include "autoconf.h"
-
-#ifdef _WIN32
-#include <errno.h>
-
-typedef DWORD OSErr;
-#define noErr 0
-#define cKrbCredsDontExist 12001
-#define cKrbSessDoesntExist 12002
-#define memFullErr ENOMEM
-#endif
-
-#ifndef unix
-#ifdef _AIX
-#define unix
-#endif
-#endif
-
-#ifdef unix
-/* Unix interface to memory cache Mac functions. */
-
-#include <stdio.h>
-#include <errno.h>
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>
-#else
-extern char *malloc (), *realloc ();
-#endif
-
-typedef int OSErr;
-#define noErr 0
-#define memFullErr ENOMEM
-
-#endif /* unix */
-
-#include "memcache.h"
-
-
-/* Lower level data structures */
-
-static int fNumSessions = 0;
-static Session **fSessions = 0;
-
-#ifndef _WIN32
-#define change_cache()
-#endif
-
-#if defined (_WIN32) || defined (unix)
-/* Fake Mac handles up for general use. */
-#define Handle char **
-#define Size int
-
-static OSErr memerror = noErr;
-
-/*
- * Simulates Macintosh routine by allocating a block of memory
- * and a pointer to that block of memory. If the requested block
- * size is 0, then we just allocate the indirect pointer and 0
- * it, otherwise we allocate an indirect pointer and place a pointer
- * to the actual allocated block in the indirect pointer location.
- */
-Handle
-NewHandleSys(s)
- int s;
-{
- Handle h;
-
- h = (char **) malloc(sizeof(char *));
-
- if (h == NULL) {
- memerror = memFullErr;
- return (NULL);
- }
-
- if (s > 0) {
- *h = malloc(s);
-
- if (*h == NULL) {
- free(h);
- memerror = memFullErr;
- return (NULL);
- }
- }
- else
- *h = NULL;
-
- memerror = noErr;
-
- return h;
-}
-
-/*
- * Frees allocated indirect pointer and the block of memory it points
- * to. If the indirect pointer is NULL, then the block is considered
- * to have 0 length.
- */
-void
-DisposHandle(h)
- Handle h;
-{
- if (*h != NULL)
- free(*h);
- free(h);
-}
-
-/*
- * Resizes a block of memory pointed to by and indirect pointer. The
- * indirect pointer is updated when the block of memory is reallocated.
- * If the indirect pointer is 0, then the block of memory is allocated
- * rather than reallocated. If the size requested is 0, then the block
- * is deallcated rather than reallocated.
- */
-void
-SetHandleSize(h, s)
- Handle h;
- int s;
-{
- if (*h != NULL) {
- if (s > 0) {
- *h = realloc(*h, s);
- if (*h == NULL) {
- memerror = memFullErr;
- return;
- }
- }
- else {
- free(*h);
- *h = NULL;
- }
- }
-
- else {
- if (s > 0) {
- *h = malloc(s);
- if (*h == NULL) {
- memerror = memFullErr;
- return;
- }
- }
- }
-
- memerror = noErr;
-}
-
-OSErr
-MemError()
-{
- return memerror;
-}
-
-#endif /* Windows || unix */
-
-#ifdef _WIN32
-
-/*
- * change_cache should be called after the cache changes.
- * If the session count is > 0 it forces the DLL to stay in
- * memory even after the calling program exits providing cross
- * session ticket cacheing. Also a notification message is
- * is posted out to all top level Windows so that they may
- * recheck the cache based on the changes made. The
- * krb_get_notifcation_message routine will return the
- * current notificaiton message for the system which an
- * application can expect to get.
- */
-void
-change_cache()
-{
- char fname[260];
- static BOOL locked = FALSE;
-
- if (fNumSessions > 0 && !locked) {
- GetModuleFileName(get_lib_instance(), fname, sizeof(fname));
- LoadLibrary(fname);
- locked = TRUE;
- }
-
- else if (fNumSessions == 0 && locked) {
- FreeLibrary(get_lib_instance());
- locked = FALSE;
- }
-
- PostMessage(HWND_BROADCAST, krb_get_notification_message(), 0, 0);
-}
-
-
-/*
- * Returns a system wide unique notification message. This
- * message will be broadcast to all top level windows when
- * the credential cache changes.
- */
-unsigned int
-krb_get_notification_message(void)
-{
- static UINT message = 0;
-
- if (message == 0)
- message = RegisterWindowMessage(WM_KERBEROS_CHANGED);
-
- return message;
-}
-
-
-#endif /* Windows */
-
-
-/* The low level routines in this file are capable of storing
- tickets for multiple "sessions", each led by a different
- ticket-granting ticket. For now, since the top level code
- doesn't know how to handle that, we are short-cutting all
- that with a fixed top level identifying tag for the (one)
- session supported.
-
- FIXME jcm - Force one named cache for now for compatibility with
- Cygnus source tree. Figure out later how to access the multiple
- cache functionality in KClient.
- */
-
-char uname[] = "Fixed User";
-char uinstance[] = "Fixed Instance";
-char urealm[] = "Fixed Realm";
-
-static char curr_auth_uname [ANAME_SZ];
-static char curr_auth_uinst [INST_SZ];
-
-
-/*
- in_tkt() is used to initialize the ticket cache.
- It inits the driver's credentials storage, by deleting any tickets.
- in_tkt() returns KSUCCESS on success, or KFAILURE if something goes wrong.
-
- User name, instance and realm are not currently being stored in
- the credentials cache because currently we are forcing a single
- named cache by using a fixed user name,inst,and realm in the
- memcache accessor routines.
-
- FIXME jcm - needed while stubbing out multi-caching with fixed
- user etc... Store currently authenticated user name and instance
- in this file. We will use this information to fill out the p_user
- and p_inst fields in the credential.
-
- FIXME jcm - more kludges: make sure default user name matches the
- current credentials cache. Telnet asks for default user name. It
- may have last been set to another user name programmatically or
- via ResEdit.
-
- */
-int KRB5_CALLCONV
-in_tkt(pname,pinst)
- char *pname;
- char *pinst;
-{
- int retval;
-
- strncpy (curr_auth_uname, pname, ANAME_SZ);
- strncpy (curr_auth_uinst, pinst, INST_SZ);
-
- krb_set_default_user (pname);
-
- retval = dest_tkt();
- if (!retval)
- return retval;
- else
- return KSUCCESS;
-
-}
-
-int KRB5_CALLCONV
-krb_in_tkt(pname, pinst, prealm)
- char *pname;
- char *pinst;
- char *prealm;
-{
- return in_tkt(pname, pinst);
-}
-
-/*
- * dest_tkt() is used to destroy the ticket store upon logout.
- * If the ticket file does not exist, dest_tkt() returns RET_TKFIL.
- * Otherwise the function returns RET_OK on success, KFAILURE on
- * failure.
- *
- */
-int KRB5_CALLCONV
-dest_tkt()
-{
- /*
- FIXME jcm - Force one named cache for now for
- compatibility with Cygnus source tree. Figure out
- later how to access the multiple cache functionality in
- KClient.
- */
- OSErr err;
-
- err = DeleteSession(uname, uinstance, urealm);
-
- change_cache();
-
- switch(err) {
- case noErr:
- return RET_OK;
- case cKrbSessDoesntExist:
- return RET_TKFIL;
- default:
- return KFAILURE;
- }
- }
-
-
-int dest_all_tkts()
-{
- int i=0;
- char name[ANAME_SZ], inst[INST_SZ], realm[REALM_SZ];
- int ndeletes=0;
- int err=0;
-
- (void) GetNumSessions(&i);
- if(!i) return RET_TKFIL;
-
- for( ; i; i--) {
- if(!GetNthSession(i, name, inst, realm)) {
- if (err = DeleteSession(name, inst, realm))
- break;
- ndeletes++;
- }
- else {
- err = KFAILURE;
- break;
- }
- }
-
- if (ndeletes > 0)
- change_cache();
-
- if (err)
- return KFAILURE;
- else
- return KSUCCESS;
- }
-
-
-/* krb_get_tf_realm -- return the realm of the current ticket file. */
-int KRB5_CALLCONV
-krb_get_tf_realm (tktfile, lrealm)
- char *tktfile;
- char *lrealm; /* Result stored through here */
-{
-
- return krb_get_tf_fullname(tktfile, (char*) 0, (char*) 0 , lrealm);
-}
-
-
-/* krb_get_tf_fullname -- return name, instance and realm of the
-principal in the current ticket file. */
-int KRB5_CALLCONV
-krb_get_tf_fullname (tktfile, name, instance, realm)
- char *tktfile;
- char *name;
- char *instance;
- char *realm;
-
-{
- OSErr err;
-
-/*
- Explaining this ugly hack:
- uname, uinstance, and urealm in the session record are "fixed"
- to short circuit multicache functionality, yielding only one
- session/cache for all cases. This was done under protest to remain
- API compatable with UNIX. The principal's and service realm are
- always the same and are stored in the same field of the credential.
- Principal's name and instance are stored neither in the session
- record or the credentials cache but in the file static variables
- curr_auth_uname, and curr_auth_uinst as set by in_tkt from its
- arguments pname and pinst.
-
- FIXME for multiple sessions -- keep track of which one is
- the "current" session, as picked by the user. tktfile not
- used for anything right now...
-*/
-
- err = GetNthCredentials(uname, uinstance, urealm, name,
- instance, realm, 1);
-
- if (err != noErr)
- return NO_TKT_FIL;
-
- if (name)
- strcpy(name, curr_auth_uname);
- if (instance)
- strcpy(instance, curr_auth_uinst);
-
- return KSUCCESS;
-
-}
-
-
-/*
- * krb_get_cred takes a service name, instance, and realm, and a
- * structure of type CREDENTIALS to be filled in with ticket
- * information. It then searches the ticket file for the appropriate
- * ticket and fills in the structure with the corresponding
- * information from the file. If successful, it returns KSUCCESS.
- * On failure it returns a Kerberos error code.
- */
-int KRB5_CALLCONV
-krb_get_cred (service, instance, realm, c)
- char *service; /* Service name */
- char *instance; /* Instance */
- char *realm; /* Authorization domain */
- CREDENTIALS *c; /* Credentials struct */
-{
- strcpy(c->service, service);
- strcpy(c->instance, instance);
- strcpy(c->realm, realm);
-
- /*
- FIXME jcm - Force one named cache for now for
- compatibility with Cygnus source tree. Figure out
- later how to access the multiple cache functionality
- from KClient.
- */
-
- switch(GetCredentials(uname, uinstance, urealm, c)) {
- case noErr:
- return KSUCCESS;
- case cKrbCredsDontExist:
- case cKrbSessDoesntExist:
- return GC_NOTKT;
- default:
- return KFAILURE;
- }
-}
-
-/*
- * This routine takes a ticket and associated info and
- * stores them in the ticket cache. The peer
- * routine for extracting a ticket and associated info from the
- * ticket cache is krb_get_cred(). When changes are made to
- * this routine, the corresponding changes should be made
- * in krb_get_cred() as well.
- *
- * Returns KSUCCESS if all goes well, otherwise KFAILURE.
- */
-
-int
-krb4int_save_credentials_addr(sname, sinst, srealm, session,
- lifetime, kvno, ticket, issue_date, laddr)
-
- char* sname; /* Service name */
- char* sinst; /* Instance */
- char* srealm; /* Auth domain */
- C_Block session; /* Session key */
- int lifetime; /* Lifetime */
- int kvno; /* Key version number */
- KTEXT ticket; /* The ticket itself */
- KRB4_32 issue_date; /* The issue time */
- KRB_UINT32 laddr;
-{
- CREDENTIALS cr;
-
- strcpy(cr.service, sname);
- strcpy(cr.instance, sinst);
- strcpy(cr.realm, srealm);
- memcpy((void*)cr.session, (void*)session, sizeof(C_Block));
- cr.lifetime = lifetime;
- cr.kvno = kvno;
- cr.ticket_st = *ticket;
- cr.issue_date = issue_date;
- strcpy(cr.pname, curr_auth_uname); /* FIXME for mult sessions */
- strcpy(cr.pinst, curr_auth_uinst); /* FIXME for mult sessions */
-
- if(AddCredentials(uname, uinstance, urealm, &cr)) return KFAILURE;
- change_cache();
- return KSUCCESS;
-}
-
-int KRB5_CALLCONV
-krb_save_credentials(
- char *name,
- char *inst,
- char *realm,
- C_Block session,
- int lifetime,
- int kvno,
- KTEXT ticket,
- KRB4_32 issue_date)
-{
- return krb4int_save_credentials_addr(name, inst, realm, session,
- lifetime, kvno, ticket,
- issue_date, 0);
-}
-
-
-int
-krb_delete_cred (sname, sinstance, srealm)
- char *sname;
- char *sinstance;
- char *srealm;
-{
-
- if (DeleteCredentials (uname, uinstance, urealm, sname, sinstance, srealm))
- return KFAILURE;
-
- change_cache();
-
- return KSUCCESS;
-
- /*
- FIXME jcm - translate better between KClient internal OSErr errors
- (eg. cKrbCredsDontExist) and kerberos error codes (eg. GC_NOTKT)
- */
-}
-
-int
-krb_get_nth_cred (sname, sinstance, srealm, n)
- char *sname;
- char *sinstance;
- char *srealm;
- int n;
-{
- if (GetNthCredentials(uname, uinstance, urealm, sname, sinstance, srealm, n))
- return KFAILURE;
- else
- return KSUCCESS;
-}
-
-/*
- * Return the number of credentials in the current credential cache (ticket cache).
- * On error, returns -1.
- */
-int
-krb_get_num_cred ()
-{
- int n;
- int s;
-
- s = GetNumCredentials(uname, uinstance, urealm, &n);
- if (s) return -1;
- else return n;
-}
-
-
-
-/* Lower level routines */
-
-OSErr GetNumSessions(n)
- int *n;
-{
- *n = fNumSessions;
- return 0;
- }
-
-/* n starts at 1, not 0 */
-OSErr
-GetNthSession(n, name, instance, realm)
- const int n;
- char *name;
- char *instance;
- char *realm;
-{
- Session *sptr;
-
- if(n > fNumSessions || !fSessions) return cKrbSessDoesntExist;
-
- sptr = (*fSessions) + n-1;
- if (name) strcpy(name, sptr->name);
- if (instance) strcpy(instance, sptr->instance);
- if (realm) strcpy(realm, sptr->realm);
-
- return noErr;
- }
-
-OSErr DeleteSession(name, instance, realm)
- const char *name;
- const char *instance;
- const char *realm;
-{
- int i;
- Session *sptr;
- Handle creds;
-
- if(!fNumSessions || !fSessions) return cKrbSessDoesntExist;
-
- sptr = *fSessions;
-
- for(i = 0; i < fNumSessions; i++) {
- if(!strcmp(sptr[i].name, name) &&
- !strcmp(sptr[i].instance, instance) &&
- !strcmp(sptr[i].realm, realm)) {
- break;
- }
- }
-
- if(i == fNumSessions) return cKrbSessDoesntExist;
-
- fNumSessions--;
-
- creds = (Handle) sptr[i].creds;
-
- for( ; i < fNumSessions; i++) {
- strcpy(sptr[i].name, sptr[i+1].name);
- strcpy(sptr[i].instance, sptr[i+1].instance);
- strcpy(sptr[i].realm, sptr[i+1].realm);
- }
-
- SetHandleSize((Handle) fSessions, fNumSessions * sizeof(Session));
- if(creds) DisposHandle(creds);
-
- return MemError();
- }
-
-OSErr GetCredentials(name, instance, realm, cr)
- const char *name;
- const char *instance;
- const char *realm;
- CREDENTIALS *cr;
-{
- int i;
- Session *sptr;
- CREDENTIALS *cptr;
-
- if(!fNumSessions || !fSessions) return cKrbSessDoesntExist;
-
- sptr = *fSessions;
-
- for(i = 0; i < fNumSessions; i++) {
- if(!strcmp(sptr[i].name, name) &&
- !strcmp(sptr[i].instance, instance) &&
- !strcmp(sptr[i].realm, realm)) {
- break;
- }
- }
-
- if(i == fNumSessions) return cKrbSessDoesntExist;
-
- sptr = sptr + i;
-
- if(!sptr->numcreds || !sptr->creds) return cKrbCredsDontExist;
-
- cptr = *(sptr->creds);
-
- for(i = 0; i < sptr->numcreds; i++) {
- if(!strcmp(cptr[i].service, cr->service) &&
- !strcmp(cptr[i].instance, cr->instance) &&
- !strcmp(cptr[i].realm, cr->realm)) {
- break;
- }
- }
-
- if(i == sptr->numcreds) return cKrbCredsDontExist;
-
- *cr = cptr[i];
- return noErr;
- }
-
-OSErr AddCredentials(name, instance, realm, cr)
- const char *name;
- const char *instance;
- const char *realm;
- const CREDENTIALS *cr;
-{
- Session *sptr;
- Handle creds;
- int i, thesess;
- CREDENTIALS *cptr;
-
- /* find the appropriate session, or create it if it doesn't exist */
- if(!fSessions) {
- fSessions = (Session**) NewHandleSys(0);
- if(MemError()) return MemError();
- fNumSessions = 0;
- }
-
- sptr = *fSessions;
-
- for(thesess = 0; thesess < fNumSessions; thesess++) {
- if(!strcmp(sptr[thesess].name, name) &&
- !strcmp(sptr[thesess].instance, instance) &&
- !strcmp(sptr[thesess].realm, realm)) {
- break;
- }
- }
-
- sptr = (*fSessions) + thesess;
-
- if(thesess == fNumSessions) { /* doesn't exist, create it */
- fNumSessions++;
- SetHandleSize((Handle) fSessions, fNumSessions * sizeof(Session));
- if(MemError()) return MemError();
-
- /* fSessions may have been moved, so redereference */
- sptr = (*fSessions) + thesess;
- strcpy(sptr->name, (char *)name);
- strcpy(sptr->instance, (char *)instance);
- strcpy(sptr->realm, (char *)realm);
- sptr->numcreds = 0;
- sptr->creds = 0;
- }
-
- /* if the session has no assoc creds, create storage for them so rest of algorithm
- doesn't break */
- if(!sptr->numcreds || !sptr->creds) {
- creds = NewHandleSys((Size) 0);
- if(MemError()) return MemError();
-
- /* rederef */
- sptr = (*fSessions) + thesess;
- sptr->creds = (CREDENTIALS **)creds;
- sptr->numcreds = 0;
- }
-
- /* find creds if we already have an instance of them, or create a new slot for them
- if we don't */
- cptr = *(sptr->creds);
-
- for(i = 0; i < sptr->numcreds; i++) {
- if(!strcmp(cptr[i].service, cr->service) &&
- !strcmp(cptr[i].instance, cr->instance) &&
- !strcmp(cptr[i].realm, cr->realm)) {
- break;
- }
- }
-
- if(i == sptr->numcreds) {
- sptr->numcreds++;
- SetHandleSize((Handle)sptr->creds, sptr->numcreds * sizeof(CREDENTIALS));
- if(MemError()) return MemError();
-
- /* rederef */
- sptr = (*fSessions) + thesess;
- cptr = *(sptr->creds);
- }
-
- /* store them (possibly replacing previous creds if they already exist) */
- cptr[i] = *cr;
- return noErr;
- }
-
-OSErr
-DeleteCredentials (uname, uinst, urealm, sname, sinst, srealm)
- const char *uname;
- const char *uinst;
- const char *urealm;
- const char *sname;
- const char *sinst;
- const char *srealm;
-{
- int i;
- Session *sptr;
- CREDENTIALS *cptr;
-
- if(!fNumSessions || !fSessions) return cKrbSessDoesntExist;
-
- sptr = *fSessions;
-
- for(i = 0; i < fNumSessions; i++) {
- if(!strcmp(sptr[i].name, uname) &&
- !strcmp(sptr[i].instance, uinstance) &&
- !strcmp(sptr[i].realm, urealm)) {
- break;
- }
- }
-
- if(i == fNumSessions) return cKrbSessDoesntExist;
-
- sptr = sptr + i;
-
- if(!sptr->numcreds || !sptr->creds) return cKrbCredsDontExist;
-
- cptr = *(sptr->creds);
-
- for(i = 0; i < sptr->numcreds; i++) {
- if(!strcmp(cptr[i].service, sname) &&
- !strcmp(cptr[i].instance, sinst) &&
- !strcmp(cptr[i].realm, srealm)) {
- break;
- }
- }
-
- if(i == sptr->numcreds) return cKrbCredsDontExist;
-
- sptr->numcreds--;
-
- for( ; i < sptr->numcreds; i++) {
- cptr[i] = cptr[i+1];
- }
-
- SetHandleSize((Handle) sptr->creds, sptr->numcreds * sizeof(CREDENTIALS));
-
- return MemError();
- }
-
-OSErr GetNumCredentials(name, instance, realm, n)
- const char *name;
- const char *instance;
- const char *realm;
- int *n;
-{
- int i;
- Session *sptr;
-
- if(!fNumSessions || !fSessions) {
- *n = 0;
- return cKrbSessDoesntExist;
- }
-
- sptr = *fSessions;
-
- for(i = 0; i < fNumSessions; i++) {
- if(!strcmp(sptr[i].name, name) &&
- !strcmp(sptr[i].instance, instance) &&
- !strcmp(sptr[i].realm, realm)) {
- break;
- }
- }
-
- if(i == fNumSessions) {
- *n = 0;
- return cKrbCredsDontExist;
- }
-
- *n = sptr[i].numcreds;
- return noErr;
- }
-
-/* returns service name, service instance and realm of the nth credential. */
-/* n starts at 1, not 0 */
-OSErr
-GetNthCredentials(uname, uinstance, urealm, sname, sinst, srealm, n)
- const char *uname;
- const char *uinstance;
- const char *urealm;
- char *sname;
- char *sinst;
- char *srealm;
- const int n;
-{
- int i;
- Session *sptr;
- CREDENTIALS *cptr;
-
- if(!fNumSessions || !fSessions) return cKrbSessDoesntExist;
-
- sptr = *fSessions;
-
- for(i = 0; i < fNumSessions; i++) {
- if(!strcmp(sptr[i].name, uname) &&
- !strcmp(sptr[i].instance, uinstance) &&
- !strcmp(sptr[i].realm, urealm)) {
- break;
- }
- }
-
- if(i == fNumSessions) return cKrbSessDoesntExist;
-
- sptr = (*fSessions) + i;
-
- if(n > sptr->numcreds || !sptr->creds) return cKrbCredsDontExist;
-
- cptr = (*(sptr->creds)) + n-1;
-
- /*
- check for null pointers cuz. some callers don't provide
- storage for all this info, eg. Kerb_get_tf_fullname.
- */
-
- if (sname)
- strcpy(sname, cptr->service);
- if (sinst)
- strcpy(sinst, cptr->instance);
- if (srealm)
- strcpy(srealm, cptr->realm);
- return noErr;
-}
Deleted: branches/mskrb-integ/src/lib/krb4/memcache.h
===================================================================
--- branches/mskrb-integ/src/lib/krb4/memcache.h 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/memcache.h 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,36 +0,0 @@
-/*
- memcache.h
- Kerberos credential store in memory
- Originally coded by Tim Miller / Brown University
- Mods 1/92 By Peter Bosanko
-
- Modified May-June 1994 by Julia Menapace and John Gilmore,
- Cygnus Support.
-*/
-
-struct Session {
- char name[ANAME_SZ];
- char instance[INST_SZ];
- char realm[REALM_SZ];
- int numcreds;
- CREDENTIALS **creds;
-};
-typedef struct Session Session;
-
-OSErr GetNumSessions(int *n);
-OSErr GetNthSession(const int n, char *name, char *instance, char *realm);
-OSErr DeleteSession(const char *name, const char *instance, const char *realm);
-OSErr GetCredentials(const char *name, const char *instance, const char *realm,
- CREDENTIALS *cr);
-/* name, instance, and realm of service wanted should be set in *cr
- before calling */
-OSErr AddCredentials(const char *name, const char *instance, const char *realm,
- const CREDENTIALS *cr);
-OSErr DeleteCredentials(const char *uname, const char *uinst,
- const char *urealm, const char *sname,
- const char *sinst, const char *srealm);
-OSErr GetNumCredentials(const char *name, const char *instance,
- const char *realm, int *n);
-OSErr GetNthCredentials(const char *uname, const char *uinst,
- const char *urealm, char *sname, char *sinst,
- char *srealm, const int n);
Deleted: branches/mskrb-integ/src/lib/krb4/mk_auth.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/mk_auth.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/mk_auth.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,249 +0,0 @@
-/*
- * lib/krb4/mk_auth.c
- *
- * Copyright 1987, 1988, 2000, 2001 by the Massachusetts Institute of
- * Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * Derived from sendauth.c by John Gilmore, 10 October 1994.
- */
-
-#include <stdio.h>
-#include "krb.h"
-#include "prot.h"
-#include <errno.h>
-#include <string.h>
-
-#define KRB_SENDAUTH_VERS "AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN chars */
-/*
- * If the protocol changes, you will need to change the version string
- * and make appropriate changes in recvauth.c and sendauth.c.
- */
-
-/*
- * This file contains two routines: krb_mk_auth() and krb_check_auth().
- *
- * krb_mk_auth() packages a ticket for transmission to an application
- * server.
- *
- * krb_krb_check_auth() validates a mutual-authentication response from
- * the application server.
- *
- * These routines are portable versions that implement a protocol
- * compatible with the original Unix "sendauth".
- */
-
-/*
- * The first argument to krb_mk_auth() contains a bitfield of
- * options (the options are defined in "krb.h"):
- *
- * KOPT_DONT_CANON Don't canonicalize instance as a hostname.
- * (If this option is not chosen, krb_get_phost()
- * is called to canonicalize it.)
- *
- * KOPT_DONT_MK_REQ Don't request server ticket from Kerberos.
- * A ticket must be supplied in the "ticket"
- * argument.
- * (If this option is not chosen, and there
- * is no ticket for the given server in the
- * ticket cache, one will be fetched using
- * krb_mk_req() and returned in "ticket".)
- *
- * KOPT_DO_MUTUAL Do mutual authentication, requiring that the
- * receiving server return the checksum+1 encrypted
- * in the session key. The mutual authentication
- * is done using krb_mk_priv() on the other side
- * (see "recvauth.c") and krb_rd_priv() on this
- * side.
- *
- * The "ticket" argument is used to store the new ticket
- * from the krb_mk_req() call. If the KOPT_DONT_MK_REQ options is
- * chosen, the ticket must be supplied in the "ticket" argument.
- * The "service", "inst", and "realm" arguments identify the ticket.
- * If "realm" is null, the local realm is used.
- *
- * The following argument is only needed if the KOPT_DO_MUTUAL option
- * is chosen:
- *
- * The "checksum" argument is a number that the server will add 1 to
- * to authenticate itself back to the client.
- *
- * The application protocol version number (of up to KRB_SENDAUTH_VLEN
- * characters) is passed in "version".
- *
- * The ticket is packaged into a message in the buffer pointed to by
- * the argument "buf".
- *
- * If all goes well, KSUCCESS is returned, otherwise some error code.
- *
- * The format of the message packaged to send to the application server is:
- *
- * Size Variable Field
- * ---- -------- -----
- *
- * KRB_SENDAUTH_VLEN KRB_SENDAUTH_VER sendauth protocol
- * bytes version number
- *
- * KRB_SENDAUTH_VLEN version application protocol
- * bytes version number
- *
- * 4 bytes ticket->length length of ticket
- *
- * ticket->length ticket->dat ticket itself
- */
-
-/*
- * Build a "sendauth" packet compatible with Unix sendauth/recvauth.
- */
-int KRB5_CALLCONV
-krb_mk_auth(options, ticket, service, inst, realm, checksum, version, buf)
- long options; /* bit-pattern of options */
- KTEXT ticket; /* where to put ticket (return); or
- supplied in case of KOPT_DONT_MK_REQ */
- char *service; /* service name */
- char *inst; /* instance (OUTPUT canonicalized) */
- char *realm; /* realm */
- unsigned KRB4_32 checksum; /* checksum to include in request */
- char *version; /* version string */
- KTEXT buf; /* Output buffer to fill */
-{
- int rem;
- char krb_realm[REALM_SZ];
- char *phost;
- int phostlen;
- unsigned char *p;
-
- rem = KSUCCESS;
-
- /* get current realm if not passed in */
- if (!realm) {
- rem = krb_get_lrealm(krb_realm,1);
- if (rem != KSUCCESS)
- return rem;
- realm = krb_realm;
- }
-
- if (!(options & KOPT_DONT_CANON)) {
- phost = krb_get_phost(inst);
- phostlen = krb4int_strnlen(phost, INST_SZ) + 1;
- if (phostlen <= 0 || phostlen > INST_SZ)
- return KFAILURE;
- memcpy(inst, phost, (size_t)phostlen);
- }
-
- /* get the ticket if desired */
- if (!(options & KOPT_DONT_MK_REQ)) {
- rem = krb_mk_req(ticket, service, inst, realm, (KRB4_32)checksum);
- if (rem != KSUCCESS)
- return rem;
- }
-
-#ifdef ATHENA_COMPAT
- /* this is only for compatibility with old servers */
- if (options & KOPT_DO_OLDSTYLE) {
- (void) snprintf(buf->dat, sizeof(buf->dat), "%d ",ticket->length);
- (void) write(fd, buf, strlen(buf));
- (void) write(fd, (char *) ticket->dat, ticket->length);
- return(rem);
- }
-#endif /* ATHENA_COMPAT */
-
- /* Check buffer size */
- if (sizeof(buf->dat) < (KRB_SENDAUTH_VLEN + KRB_SENDAUTH_VLEN
- + 4 + ticket->length)
- || ticket->length < 0)
- return KFAILURE;
-
- /* zero the buffer */
- memset(buf->dat, 0, sizeof(buf->dat));
- p = buf->dat;
-
- /* insert version strings */
- strncpy((char *)p, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN);
- p += KRB_SENDAUTH_VLEN;
- strncpy((char *)p, version, KRB_SENDAUTH_VLEN);
- p += KRB_SENDAUTH_VLEN;
-
- /* put ticket length into buffer */
- KRB4_PUT32BE(p, ticket->length);
-
- /* put ticket into buffer */
- memcpy(p, ticket->dat, (size_t)ticket->length);
- p += ticket->length;
-
- buf->length = p - buf->dat;
- return KSUCCESS;
-}
-
-/*
- * For mutual authentication using mk_auth, check the server's response
- * to validate that we're really talking to the server which holds the
- * key that we obtained from the Kerberos key server.
- *
- * The "buf" argument is the response we received from the app server.
- * The "checksum" argument is a number that the server has added 1 to
- * to authenticate itself back to the client (us); the "msg_data" argument
- * returns the returned mutual-authentication message from the server
- * (i.e., the checksum+1); "session" holds the
- * session key of the server, extracted from the ticket file, for use
- * in decrypting the mutual authentication message from the server;
- * and "schedule" returns the key schedule for that decryption. The
- * the local and server addresses are given in "laddr" and "faddr".
- */
-int KRB5_CALLCONV
-krb_check_auth (buf, checksum, msg_data, session, schedule, laddr, faddr)
- KTEXT buf; /* The response we read from app server */
- unsigned KRB4_32 checksum; /* checksum we included in request */
- MSG_DAT *msg_data; /* mutual auth MSG_DAT (return) */
- C_Block session; /* credentials (input) */
- Key_schedule schedule; /* key schedule (return) */
- struct sockaddr_in *laddr; /* local address */
- struct sockaddr_in *faddr; /* address of foreign host on fd */
-{
- int cc;
- unsigned KRB4_32 cksum;
- unsigned char *p;
-
- /* decrypt it */
-#ifndef NOENCRYPTION
- key_sched(session, schedule);
-#endif /* !NOENCRYPTION */
- if (buf->length < 0)
- return KFAILURE;
- cc = krb_rd_priv(buf->dat, (unsigned KRB4_32)buf->length, schedule,
- (C_Block *)session, faddr, laddr, msg_data);
- if (cc)
- return cc;
-
- /*
- * Fetch the (incremented) checksum that we supplied in the
- * request.
- */
- if (msg_data->app_length < 4)
- return KFAILURE;
- p = msg_data->app_data;
- KRB4_GET32BE(cksum, p);
-
- /* if it doesn't match, fail -- reply wasn't from our real server. */
- if (cksum != checksum + 1)
- return KFAILURE; /* XXX */
- return KSUCCESS;
-}
Deleted: branches/mskrb-integ/src/lib/krb4/mk_err.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/mk_err.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/mk_err.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,83 +0,0 @@
-/*
- * lib/krb4/mk_err.c
- *
- * Copyright 1985, 1986, 1987, 1988, 2000 by the Massachusetts
- * Institute of Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include "prot.h"
-#include <string.h>
-
-/*
- * This routine creates a general purpose error reply message. It
- * doesn't use KTEXT because application protocol may have long
- * messages, and may want this part of buffer contiguous to other
- * stuff.
- *
- * The error reply is built in "p", using the error code "e" and
- * error text "e_string" given. The length of the error reply is
- * returned.
- *
- * The error reply is in the following format:
- *
- * unsigned char KRB_PROT_VERSION protocol version no.
- * unsigned char AUTH_MSG_APPL_ERR message type
- * (least significant
- * bit of above) HOST_BYTE_ORDER local byte order
- * 4 bytes e given error code
- * string e_string given error text
- */
-
-long KRB5_CALLCONV
-krb_mk_err(p, e, e_string)
- u_char *p; /* Where to build error packet */
- KRB4_32 e; /* Error code */
- char *e_string; /* Text of error */
-{
- u_char *start;
- size_t e_len;
-
- e_len = strlen(e_string) + 1;
-
- /* Just return the buffer length if p is NULL, because writing to the
- * buffer would be a bad idea. Note that this feature is a change from
- * previous versions, and can therefore only be used safely in this
- * source tree, where we know this function supports it. */
- if (p == NULL) {
- return 1 + 1 + 4 + e_len;
- }
-
- start = p;
-
- /* Create fixed part of packet */
- *p++ = KRB_PROT_VERSION;
- *p++ = AUTH_MSG_APPL_ERR;
-
- /* Add the basic info */
- KRB4_PUT32BE(p, e);
- memcpy(p, e_string, e_len); /* err text */
- p += e_len;
-
- /* And return the length */
- return p - start;
-}
Deleted: branches/mskrb-integ/src/lib/krb4/mk_preauth.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/mk_preauth.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/mk_preauth.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,78 +0,0 @@
-/* mk_preauth.c */
-/* part of Cygnus Network Security */
-/* Copyright 1994 Cygnus Support */
-/*
- * Permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation.
- * Cygnus Support makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include <string.h>
-
-#include "autoconf.h"
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>
-#else
-extern char *malloc(), *calloc(), *realloc();
-#endif
-
-int
-krb_mk_preauth(preauth_p, preauth_len,
- key_proc, aname, inst, realm, password, key)
- char **preauth_p;
- int *preauth_len;
- key_proc_type key_proc;
- char *aname;
- char *inst;
- char *realm;
- char *password;
- C_Block key;
-{
-#ifdef NOENCRYPTION
- *preauth_len = strlen(aname) + 1; /* include the trailing 0 */
- *preauth_p = malloc(*preauth_len);
- strcpy(*preauth_p, aname); /* this will copy the trailing 0 */
-#else
- des_key_schedule key_s;
- int sl = strlen(aname);
-#endif
-
- (*key_proc)(aname, inst, realm, password, key);
-
-#ifndef NOENCRYPTION
- /*
- * preauth_len is set to a length greater than sl + 1
- * and a multpile of 8
- */
- *preauth_len = (((sl + 1) / 8) + 1) * 8;
- /* allocate memory for preauth_p and fill it with 0 */
- *preauth_p = malloc((size_t)*preauth_len);
- /* create the key schedule */
- if (des_key_sched(key, key_s)) {
- return 1;
- }
- /*
- * encrypt aname using key_s as the key schedule and key as the
- * initialization vector.
- */
- des_pcbc_encrypt((des_cblock *)aname, (des_cblock *)*preauth_p,
- (long)(sl + 1), key_s, (des_cblock *)key, DES_ENCRYPT);
- memset(key_s, 0, sizeof(key_s));
-#endif
- return 0;
-}
-
-void
-krb_free_preauth(preauth_p, preauth_len)
- char *preauth_p;
- int preauth_len;
-{
- free(preauth_p);
- return;
-}
Deleted: branches/mskrb-integ/src/lib/krb4/mk_priv.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/mk_priv.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/mk_priv.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,301 +0,0 @@
-/*
- * lib/krb4/mk_priv.c
- *
- * Copyright 1986, 1987, 1988, 2000 by the Massachusetts Institute of
- * Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * This routine constructs a Kerberos 'private msg', i.e.
- * cryptographically sealed with a private session key.
- *
- * Returns either < 0 ===> error, or resulting size of message
- *
- * Steve Miller Project Athena MIT/DEC
- */
-
-#include <stdio.h>
-#include <string.h>
-
-#include "krb.h"
-#include "prot.h"
-#include "des.h"
-#include "lsb_addr_cmp.h"
-#include "port-sockets.h"
-
-extern int krb_debug;
-
-/*
- * krb_mk_priv() constructs an AUTH_MSG_PRIVATE message. It takes
- * some user data "in" of "length" bytes and creates a packet in "out"
- * consisting of the user data, a timestamp, and the sender's network
- * address.
-#ifndef NOENCRYTION
- * The packet is encrypted by pcbc_encrypt(), using the given
- * "key" and "schedule".
-#endif
- * The length of the resulting packet "out" is
- * returned.
- *
- * It is similar to krb_mk_safe() except for the additional key
- * schedule argument "schedule" and the fact that the data is encrypted
- * rather than appended with a checksum. Also, the protocol version
- * number is "private_msg_ver", defined in krb_rd_priv.c, rather than
- * KRB_PROT_VERSION, defined in "krb.h".
- *
- * The "out" packet consists of:
- *
- * Size Variable Field
- * ---- -------- -----
- *
- * 1 byte private_msg_ver protocol version number
- * 1 byte AUTH_MSG_PRIVATE | message type plus local
- * HOST_BYTE_ORDER byte order in low bit
- *
-#ifdef NOENCRYPTION
- * 4 bytes c_length length of data
-#else
- * 4 bytes c_length length of encrypted data
- *
- * ===================== begin encrypt ================================
-#endif
- *
- * 4 bytes length length of user data
- * length in user data
- * 1 byte msg_time_5ms timestamp milliseconds
- * 4 bytes sender->sin.addr.s_addr sender's IP address
- *
- * 4 bytes msg_time_sec or timestamp seconds with
- * -msg_time_sec direction in sign bit
- *
- * 0<=n<=7 bytes pad to 8 byte multiple zeroes
-#ifndef NOENCRYPTION
- * (done by pcbc_encrypt())
- *
- * ======================= end encrypt ================================
-#endif
- */
-
-/* Utility function:
-
- Determine order of addresses, if SENDER less than RECEIVER return 1
- so caller will negate timestamp. Return -1 for failure. */
-int
-krb4int_address_less (struct sockaddr_in *sender, struct sockaddr_in *receiver)
-{
- unsigned long sender_addr, receiver_addr;
- unsigned short sender_port, receiver_port;
- switch (sender->sin_family) {
- case AF_INET:
- sender_addr = sender->sin_addr.s_addr;
- sender_port = sender->sin_port;
- break;
-#ifdef KRB5_USE_INET6
- case AF_INET6:
- {
- struct sockaddr_in6 *s6 = (struct sockaddr_in6 *) sender;
- if (IN6_IS_ADDR_V4MAPPED (&s6->sin6_addr)) {
- struct sockaddr_in sintmp = { 0 };
- memcpy (&sintmp.sin_addr.s_addr,
- 12+(char*)&s6->sin6_addr.s6_addr,
- 4);
- sender_addr = sintmp.sin_addr.s_addr;
- } else
- return -1;
- sender_port = s6->sin6_port;
- break;
- }
-#endif
- default:
- return -1;
- }
- switch (receiver->sin_family) {
- case AF_INET:
- receiver_addr = receiver->sin_addr.s_addr;
- receiver_port = receiver->sin_port;
- break;
-#ifdef KRB5_USE_INET6
- case AF_INET6:
- {
- struct sockaddr_in6 *s6 = (struct sockaddr_in6 *) receiver;
- if (IN6_IS_ADDR_V4MAPPED (&s6->sin6_addr)) {
- struct sockaddr_in sintmp = { 0 };
- memcpy (&sintmp.sin_addr.s_addr,
- 12+(char*)&s6->sin6_addr.s6_addr,
- 4);
- receiver_addr = sintmp.sin_addr.s_addr;
- } else
- return -1;
- receiver_port = s6->sin6_port;
- break;
- }
-#endif
- default:
- return -1;
- }
- /* For compatibility with broken old code, compares are done in
- VAX byte order (LSBFIRST). */
- if (lsb_net_ulong_less(sender_addr, receiver_addr) == -1
- || (lsb_net_ulong_less(sender_addr, receiver_addr) == 0
- && lsb_net_ushort_less(sender_port, receiver_port) == -1))
- return 1;
- return 0;
- /*
- * all that for one tiny bit! Heaven help those that talk to
- * themselves.
- */
-}
-
-long KRB5_CALLCONV
-krb_mk_priv(in, out, length, schedule, key, sender, receiver)
- u_char *in; /* application data */
- u_char *out; /* put msg here, leave room for
- * header! breaks if in and out
- * (header stuff) overlap */
- unsigned KRB4_32 length; /* of in data */
- Key_schedule schedule; /* precomputed key schedule */
- C_Block *key; /* encryption key for seed and ivec */
- struct sockaddr_in *sender; /* sender address */
- struct sockaddr_in *receiver; /* receiver address */
-{
- register u_char *p,*q;
- u_char *c_length_ptr;
- extern int private_msg_ver; /* in krb_rd_priv.c */
-
- unsigned KRB4_32 c_length, c_length_raw;
- u_char msg_time_5ms;
- unsigned KRB4_32 msg_time_sec;
- unsigned KRB4_32 msg_time_usec;
-
- /* Be really paranoid. */
- if (sizeof(sender->sin_addr.s_addr) != 4)
- return -1;
- /*
- * get the current time to use instead of a sequence #, since
- * process lifetime may be shorter than the lifetime of a session
- * key.
- */
- msg_time_sec = TIME_GMT_UNIXSEC_US(&msg_time_usec);
- msg_time_5ms = msg_time_usec / 5000; /* 5ms quanta */
-
- p = out;
-
- /* Cruftiness below! */
- *p++ = private_msg_ver ? private_msg_ver : KRB_PROT_VERSION;
- *p++ = AUTH_MSG_PRIVATE;
-
- /* save ptr to cipher length */
- c_length_ptr = p;
- p += 4;
-
-#ifndef NOENCRYPTION
- /* start for encrypted stuff */
-#endif
- q = p;
-
- /* stuff input length */
- KRB4_PUT32BE(p, length);
-
-#ifdef NOENCRYPTION
- /* make all the stuff contiguous for checksum */
-#else
- /* make all the stuff contiguous for checksum and encryption */
-#endif
- memcpy(p, in, (size_t)length);
- p += length;
-
- /* stuff time 5ms */
- *p++ = msg_time_5ms;
-
- /* stuff source address */
- if (sender->sin_family == AF_INET)
- memcpy(p, &sender->sin_addr.s_addr, sizeof(sender->sin_addr.s_addr));
-#ifdef KRB5_USE_INET6
- else if (sender->sin_family == AF_INET6
- && IN6_IS_ADDR_V4MAPPED (&((struct sockaddr_in6 *)sender)->sin6_addr))
- memcpy(p, 12+(char*)&((struct sockaddr_in6 *)sender)->sin6_addr, 4);
-#endif
- else
- /* The address isn't one we can encode in 4 bytes -- but
- that's okay if the receiver doesn't care. */
- memset(p, 0, 4);
- p += sizeof(sender->sin_addr.s_addr);
-
- /*
- * direction bit is the sign bit of the timestamp. Ok
- * until 2038??
- */
- switch (krb4int_address_less (sender, receiver)) {
- case 1:
- msg_time_sec = -msg_time_sec;
- break;
- case -1:
- /* Which way should we go in this case? */
- case 0:
- break;
- }
-
- /* stuff time sec */
- KRB4_PUT32BE(p, msg_time_sec);
-
- /*
- * All that for one tiny bit! Heaven help those that talk to
- * themselves.
- */
-
-#ifdef notdef
- /*
- * calculate the checksum of the length, address, sequence, and
- * inp data
- */
- cksum = quad_cksum(q,NULL,p-q,0,key);
- DEB (("\ncksum = %u",cksum));
- /* stuff checksum */
- memcpy(p, &cksum, sizeof(cksum));
- p += sizeof(cksum);
-#endif
-
-#ifdef NOENCRYPTION
- /*
- * All the data have been assembled, compute length
- */
-#else
- /*
- * All the data have been assembled, compute length and encrypt
- * starting with the length, data, and timestamps use the key as
- * an ivec.
- */
-#endif
-
- c_length_raw = p - q;
- c_length = ((c_length_raw + sizeof(C_Block) -1)
- / sizeof(C_Block)) * sizeof(C_Block);
- /* stuff the length */
- p = c_length_ptr;
- KRB4_PUT32BE(p, c_length);
-
-#ifndef NOENCRYPTION
- /* pcbc encrypt, pad as needed, use key as ivec */
- pcbc_encrypt((C_Block *)q,(C_Block *)q, (long)c_length_raw,
- schedule, key, ENCRYPT);
-#endif /* NOENCRYPTION */
-
- return q - out + c_length; /* resulting size */
-}
Deleted: branches/mskrb-integ/src/lib/krb4/mk_req.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/mk_req.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/mk_req.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,285 +0,0 @@
-/*
- * lib/krb4/mk_req.c
- *
- * Copyright 1985, 1986, 1987, 1988, 2000, 2002 by the Massachusetts
- * Institute of Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include "prot.h"
-#include "des.h"
-#include <string.h>
-#include "krb4int.h"
-
-extern int krb_ap_req_debug;
-static int lifetime = 255; /* Default based on the TGT */
-
-static int krb_mk_req_creds_prealm(KTEXT, CREDENTIALS *, KRB4_32, char *);
-
-/*
- * krb_mk_req takes a text structure in which an authenticator is to
- * be built, the name of a service, an instance, a realm,
- * and a checksum. It then retrieves a ticket for
- * the desired service and creates an authenticator in the text
- * structure passed as the first argument. krb_mk_req returns
- * KSUCCESS on success and a Kerberos error code on failure.
- *
- * The peer procedure on the other end is krb_rd_req. When making
- * any changes to this routine it is important to make corresponding
- * changes to krb_rd_req.
- *
- * The authenticator consists of the following:
- *
- * authent->dat
- *
- * unsigned char KRB_PROT_VERSION protocol version no.
- * unsigned char AUTH_MSG_APPL_REQUEST message type
- * (least significant
- * bit of above) HOST_BYTE_ORDER local byte ordering
- * unsigned char kvno from ticket server's key version
- * string realm server's realm
- * unsigned char tl ticket length
- * unsigned char idl request id length
- * text ticket->dat ticket for server
- * text req_id->dat request id
- *
- * The ticket information is retrieved from the ticket cache or
- * fetched from Kerberos. The request id (called the "authenticator"
-#ifdef NOENCRYPTION
- * in the papers on Kerberos) contains the following:
-#else
- * in the papers on Kerberos) contains information encrypted in the session
- * key for the client and ticket-granting service: {req_id}Kc,tgs
- * Before encryption, it contains the following:
-#endif
- *
- * req_id->dat
- *
- * string cr.pname {name, instance, and
- * string cr.pinst realm of principal
- * string myrealm making this request}
- * 4 bytes checksum checksum argument given
- * unsigned char time_usecs time (microseconds)
- * 4 bytes time_secs time (seconds)
- *
- * req_id->length = 3 strings + 3 terminating nulls + 5 bytes for time,
- * all rounded up to multiple of 8.
- */
-
-static int
-krb_mk_req_creds_prealm(authent, creds, checksum, myrealm)
- register KTEXT authent; /* Place to build the authenticator */
- CREDENTIALS *creds;
- KRB4_32 checksum; /* Checksum of data (optional) */
- char *myrealm; /* Client's realm */
-{
- KTEXT_ST req_st; /* Temp storage for req id */
- KTEXT req_id = &req_st;
- unsigned char *p, *q, *reqid_lenp;
- int tl; /* Tkt len */
- int idl; /* Reqid len */
- register KTEXT ticket; /* Pointer to tkt_st */
- Key_schedule key_s;
- size_t realmlen, pnamelen, pinstlen, myrealmlen;
- unsigned KRB4_32 time_secs;
- unsigned KRB4_32 time_usecs;
-
- /* Don't risk exposing stack garbage to correspondent, even if
- encrypted from other prying eyes. */
- memset(&req_st, 0x69, sizeof(req_st));
-
- ticket = &creds->ticket_st;
- /* Get the ticket and move it into the authenticator */
- if (krb_ap_req_debug)
- DEB (("Realm: %s\n", creds->realm));
-
- realmlen = strlen(creds->realm) + 1;
- if (sizeof(authent->dat) < (1 + 1 + 1
- + realmlen
- + 1 + 1 + ticket->length)
- || ticket->length < 0 || ticket->length > 255) {
- authent->length = 0;
- return KFAILURE;
- }
-
- if (krb_ap_req_debug)
- DEB (("%s %s %s %s %s\n", creds->service, creds->instance,
- creds->realm, creds->pname, creds->pinst));
-
- p = authent->dat;
-
- /* The fixed parts of the authenticator */
- *p++ = KRB_PROT_VERSION;
- *p++ = AUTH_MSG_APPL_REQUEST;
- *p++ = creds->kvno;
-
- memcpy(p, creds->realm, realmlen);
- p += realmlen;
-
- tl = ticket->length;
- *p++ = tl;
- /* Save ptr to where req_id->length goes. */
- reqid_lenp = p;
- p++;
- memcpy(p, ticket->dat, (size_t)tl);
- p += tl;
-
- if (krb_ap_req_debug)
- DEB (("Ticket->length = %d\n",ticket->length));
- if (krb_ap_req_debug)
- DEB (("Issue date: %d\n",creds->issue_date));
-
- pnamelen = strlen(creds->pname) + 1;
- pinstlen = strlen(creds->pinst) + 1;
- myrealmlen = strlen(myrealm) + 1;
- if (sizeof(req_id->dat) / 8 < (pnamelen + pinstlen + myrealmlen
- + 4 + 1 + 4 + 7) / 8) {
- return KFAILURE;
- }
-
- q = req_id->dat;
-
- /* Build request id */
- /* Auth name */
- memcpy(q, creds->pname, pnamelen);
- q += pnamelen;
- /* Principal's instance */
- memcpy(q, creds->pinst, pinstlen);
- q += pinstlen;
- /* Authentication domain */
- memcpy(q, myrealm, myrealmlen);
- q += myrealmlen;
- /* Checksum */
- KRB4_PUT32BE(q, checksum);
-
- /* Fill in the times on the request id */
- time_secs = TIME_GMT_UNIXSEC_US (&time_usecs);
- *q++ = time_usecs; /* time_usecs % 255 */
- /* Time (coarse) */
- KRB4_PUT32BE(q, time_secs);
-
- /* Fill to a multiple of 8 bytes for DES */
- req_id->length = ((q - req_id->dat + 7) / 8) * 8;
-
-#ifndef NOENCRYPTION
- /* Encrypt the request ID using the session key */
- key_sched(creds->session, key_s);
- pcbc_encrypt((C_Block *)req_id->dat, (C_Block *)req_id->dat,
- (long)req_id->length, key_s, &creds->session, 1);
- /* clean up */
- memset(key_s, 0, sizeof(key_s));
-#endif /* NOENCRYPTION */
-
- /* Copy it into the authenticator */
- idl = req_id->length;
- if (idl > 255)
- return KFAILURE;
- *reqid_lenp = idl;
- memcpy(p, req_id->dat, (size_t)idl);
- p += idl;
-
- authent->length = p - authent->dat;
-
- /* clean up */
- memset(req_id, 0, sizeof(*req_id));
-
- if (krb_ap_req_debug)
- DEB (("Authent->length = %d\n",authent->length));
- if (krb_ap_req_debug)
- DEB (("idl = %d, tl = %d\n", idl, tl));
-
- return KSUCCESS;
-}
-
-int KRB5_CALLCONV
-krb_mk_req(authent, service, instance, realm, checksum)
- register KTEXT authent; /* Place to build the authenticator */
- char *service; /* Name of the service */
- char *instance; /* Service instance */
- char *realm; /* Authentication domain of service */
- KRB4_32 checksum; /* Checksum of data (optional) */
-{
- char krb_realm[REALM_SZ]; /* Our local realm, if not specified */
- char myrealm[REALM_SZ]; /* Realm of initial TGT. */
- int retval;
- CREDENTIALS creds;
-
- /* get current realm if not passed in */
- if (realm == NULL) {
- retval = krb_get_lrealm(krb_realm, 1);
- if (retval != KSUCCESS)
- return retval;
- realm = krb_realm;
- }
- /*
- * Determine realm of these tickets. We will send this to the
- * KDC from which we are requesting tickets so it knows what to
- * with our session key.
- */
- retval = krb_get_tf_realm(TKT_FILE, myrealm);
- if (retval != KSUCCESS)
- retval = krb_get_lrealm(myrealm, 1);
- if (retval != KSUCCESS)
- return retval;
-
- retval = krb_get_cred(service, instance, realm, &creds);
- if (retval == RET_NOTKT) {
- retval = get_ad_tkt(service, instance, realm, lifetime);
- if (retval)
- return retval;
- retval = krb_get_cred(service, instance, realm, &creds);
- if (retval)
- return retval;
- }
- if (retval != KSUCCESS)
- return retval;
-
- retval = krb_mk_req_creds_prealm(authent, &creds, checksum, myrealm);
- memset(&creds.session, 0, sizeof(creds.session));
- return retval;
-}
-
-int KRB5_CALLCONV
-krb_mk_req_creds(authent, creds, checksum)
- register KTEXT authent; /* Place to build the authenticator */
- CREDENTIALS *creds;
- KRB4_32 checksum; /* Checksum of data (optional) */
-{
- return krb_mk_req_creds_prealm(authent, creds, checksum, creds->realm);
-}
-
-/*
- * krb_set_lifetime sets the default lifetime for additional tickets
- * obtained via krb_mk_req().
- *
- * It returns the previous value of the default lifetime.
- */
-
-int KRB5_CALLCONV
-krb_set_lifetime(newval)
-int newval;
-{
- int olife = lifetime;
-
- lifetime = newval;
- return olife;
-}
Deleted: branches/mskrb-integ/src/lib/krb4/mk_safe.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/mk_safe.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/mk_safe.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,167 +0,0 @@
-/*
- * lib/krb4/mk_req.c
- *
- * Copyright 1986, 1987, 1988, 2000 by the Massachusetts Institute of
- * Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * This routine constructs a Kerberos 'safe msg', i.e. authenticated
- * using a private session key to seed a checksum. Msg is NOT
- * encrypted.
- *
- * Returns either <0 ===> error, or resulting size of message
- *
- * Steve Miller Project Athena MIT/DEC
- */
-
-#include <stdio.h>
-#include <string.h>
-
-#include "krb.h"
-#include "des.h"
-#include "prot.h"
-#include "lsb_addr_cmp.h"
-#include "port-sockets.h"
-
-extern int krb_debug;
-
-/*
- * krb_mk_safe() constructs an AUTH_MSG_SAFE message. It takes some
- * user data "in" of "length" bytes and creates a packet in "out"
- * consisting of the user data, a timestamp, and the sender's network
- * address, followed by a checksum computed on the above, using the
- * given "key". The length of the resulting packet is returned.
- *
- * The "out" packet consists of:
- *
- * Size Variable Field
- * ---- -------- -----
- *
- * 1 byte KRB_PROT_VERSION protocol version number
- * 1 byte AUTH_MSG_SAFE | message type plus local
- * HOST_BYTE_ORDER byte order in low bit
- *
- * ===================== begin checksum ================================
- *
- * 4 bytes length length of user data
- * length in user data
- * 1 byte msg_time_5ms timestamp milliseconds
- * 4 bytes sender->sin.addr.s_addr sender's IP address
- *
- * 4 bytes msg_time_sec or timestamp seconds with
- * -msg_time_sec direction in sign bit
- *
- * ======================= end checksum ================================
- *
- * 16 bytes big_cksum quadratic checksum of
- * above using "key"
- */
-
-long KRB5_CALLCONV
-krb_mk_safe(in, out, length, key, sender, receiver)
- u_char *in; /* application data */
- u_char *out; /*
- * put msg here, leave room for header!
- * breaks if in and out (header stuff)
- * overlap
- */
- unsigned KRB4_32 length; /* of in data */
- C_Block *key; /* encryption key for seed and ivec */
- struct sockaddr_in *sender; /* sender address */
- struct sockaddr_in *receiver; /* receiver address */
-{
- register u_char *p,*q;
-
- unsigned KRB4_32 cksum;
- unsigned KRB4_32 big_cksum[4];
- unsigned KRB4_32 msg_secs;
- unsigned KRB4_32 msg_usecs;
- u_char msg_time_5ms;
- KRB4_32 msg_time_sec;
- int i;
-
- /* Be really paranoid. */
- if (sizeof(sender->sin_addr.s_addr) != 4)
- return -1;
- /*
- * get the current time to use instead of a sequence #, since
- * process lifetime may be shorter than the lifetime of a session
- * key.
- */
- msg_secs = TIME_GMT_UNIXSEC_US(&msg_usecs);
- msg_time_sec = msg_secs;
- msg_time_5ms = msg_usecs / 5000; /* 5ms quanta */
-
- p = out;
-
- *p++ = KRB_PROT_VERSION;
- *p++ = AUTH_MSG_SAFE;
-
- q = p; /* start for checksum stuff */
- /* stuff input length */
- KRB4_PUT32BE(p, length);
-
- /* make all the stuff contiguous for checksum */
- memcpy(p, in, length);
- p += length;
-
- /* stuff time 5ms */
- *p++ = msg_time_5ms;
-
- /* stuff source address */
- if (sender->sin_family == AF_INET)
- memcpy(p, &sender->sin_addr.s_addr, sizeof(sender->sin_addr.s_addr));
-#ifdef KRB5_USE_INET6
- else if (sender->sin_family == AF_INET6
- && IN6_IS_ADDR_V4MAPPED (&((struct sockaddr_in6 *)sender)->sin6_addr))
- memcpy(p, 12+(char*)&((struct sockaddr_in6 *)sender)->sin6_addr, 4);
-#endif
- else
- /* The address isn't one we can encode in 4 bytes -- but
- that's okay if the receiver doesn't care. */
- memset(p, 0, 4);
- p += sizeof(sender->sin_addr.s_addr);
-
- /*
- * direction bit is the sign bit of the timestamp. Ok until
- * 2038??
- */
- if (krb4int_address_less (sender, receiver) == 1)
- msg_time_sec = -msg_time_sec;
- /* stuff time sec */
- KRB4_PUT32BE(p, msg_time_sec);
-
-#ifdef NOENCRYPTION
- cksum = 0;
- memset(big_cksum, 0, sizeof(big_cksum));
-#else /* Do encryption */
- /* calculate the checksum of length, timestamps, and input data */
- cksum = quad_cksum(q, (unsigned KRB4_32 *)big_cksum,
- p - q, 2, key);
-#endif /* NOENCRYPTION */
- DEB(("\ncksum = %u",cksum));
-
- /* stuff checksum */
- for (i = 0; i < 4; i++)
- KRB4_PUT32BE(p, big_cksum[i]);
-
- return p - out; /* resulting size */
-}
Deleted: branches/mskrb-integ/src/lib/krb4/month_sname.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/month_sname.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/month_sname.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,28 +0,0 @@
-/*
- * month_sname.c
- *
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- */
-
-/*
- * Given an integer 1-12, month_sname() returns a string
- * containing the first three letters of the corresponding
- * month. Returns 0 if the argument is out of range.
- */
-
-#include <krb.h>
-#include "krb4int.h"
-
-const char *month_sname(n)
- int n;
-{
- static const char name[][4] = {
- "Jan","Feb","Mar","Apr","May","Jun",
- "Jul","Aug","Sep","Oct","Nov","Dec"
- };
- return((n < 1 || n > 12) ? 0 : name [n-1]);
-}
Deleted: branches/mskrb-integ/src/lib/krb4/netread.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/netread.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/netread.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,69 +0,0 @@
-/*
- * lib/krb4/netwrite.c
- *
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include <errno.h>
-#include "krb.h"
-#include "autoconf.h"
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include "port-sockets.h"
-
-/*
- * krb_net_read() reads from the file descriptor "fd" to the buffer
- * "buf", until either 1) "len" bytes have been read or 2) cannot
- * read anymore from "fd". It returns the number of bytes read
- * or a read() error. (The calling interface is identical to
- * read(2).)
- *
- * XXX must not use non-blocking I/O
- */
-int
-krb_net_read(fd, buf, len)
-int fd;
-register char *buf;
-register int len;
-{
- int cc, len2 = 0;
-
- do {
- cc = SOCKET_READ(fd, buf, len);
- if (cc < 0)
- {
- if (SOCKET_ERRNO == SOCKET_EINTR)
- continue;
- return(cc); /* errno is already set */
- }
- else if (cc == 0) {
- return(len2);
- } else {
- buf += cc;
- len2 += cc;
- len -= cc;
- }
- } while (len > 0);
- return(len2);
-}
Deleted: branches/mskrb-integ/src/lib/krb4/netwrite.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/netwrite.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/netwrite.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,65 +0,0 @@
-/*
- * lib/krb4/netwrite.c
- *
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include <errno.h>
-#include "krb.h"
-#include "autoconf.h"
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include "port-sockets.h"
-
-/*
- * krb_net_write() writes "len" bytes from "buf" to the file
- * descriptor "fd". It returns the number of bytes written or
- * a write() error. (The calling interface is identical to
- * write(2).)
- *
- * XXX must not use non-blocking I/O
- */
-int
-krb_net_write(fd, buf, len)
-int fd;
-register char *buf;
-int len;
-{
- int cc;
- register int wrlen = len;
- do {
- cc = SOCKET_WRITE(fd, buf, wrlen);
- if (cc < 0)
- {
- if (SOCKET_ERRNO == SOCKET_EINTR)
- continue;
- return(cc);
- }
- else {
- buf += cc;
- wrlen -= cc;
- }
- } while (wrlen > 0);
- return(len);
-}
Deleted: branches/mskrb-integ/src/lib/krb4/password_to_key.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/password_to_key.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/password_to_key.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,152 +0,0 @@
-/*
- * lib/krb4/password_to_key.c
- *
- * Copyright 1999, 2002 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * password_to_key functions merged from KfM
- */
-
-#include <string.h>
-#include <stdlib.h>
-
-#ifdef USE_CCAPI
-#include <CredentialsCache.h>
-#endif
-#include "krb.h"
-#include "krb4int.h"
-
-#include "k5-platform.h"
-
-/*
- * passwd_to_key(): given a password, return a DES key.
- * There are extra arguments here which (used to be?)
- * used by srvtab_to_key().
- *
- * If the "passwd" argument is not null, generate a DES
- * key from it, using string_to_key().
- *
- * If the "passwd" argument is null, then on a Unix system we call
- * des_read_password() to prompt for a password and then convert it
- * into a DES key. But "prompting" the user is harder in a Windows or
- * Macintosh environment, so we rely on our caller to explicitly do
- * that now.
- *
- * In either case, the resulting key is put in the "key" argument,
- * and 0 is returned.
- */
-
-
-key_proc_type *krb_get_keyprocs (key_proc_type keyproc)
-{
- static key_proc_type default_keyprocs[4] = { mit_passwd_to_key,
- afs_passwd_to_key,
- krb5_passwd_to_key,
- NULL };
-
- static key_proc_type user_keyprocs[2] = { NULL, NULL };
-
- /* generate the list of key procs */
- if (keyproc == NULL) {
- return default_keyprocs; /* use the default */
- } else {
- user_keyprocs[0] = keyproc;
- return user_keyprocs; /* use the caller provided keyprocs */
- }
-}
-
-int KRB5_CALLCONV
-mit_passwd_to_key(
- char *user,
- char *instance,
- char *realm,
- char *passwd,
- C_Block key)
-{
-#if 0 /* what system? */
-#pragma unused(user)
-#pragma unused(instance)
-#pragma unused(realm)
-#endif
-
- if (passwd) {
- des_string_to_key(passwd, key);
- } else {
-#if !(defined(_WIN32) || defined(USE_LOGIN_LIBRARY))
- des_read_password((des_cblock *)key, "Password", 0);
-#else
- return (-1);
-#endif
- }
- return (0);
-}
-
-/* So we can use a v4 kinit against a v5 kdc with no krb4 salted key */
-int KRB5_CALLCONV
-krb5_passwd_to_key(
- char *user,
- char *instance,
- char *realm,
- char *passwd,
- C_Block key)
-{
- char *p;
-
- if (user && instance && realm && passwd) {
- if (strlen(realm) + strlen(user) + strlen(instance) > MAX_K_NAME_SZ)
- /* XXX Is this right? The old code returned 0, which is
- also what it returns after sucessfully generating a
- key. The other error path returns -1. */
- return 0;
- if (asprintf(&p, "%s%s%s%s", passwd, realm, user, instance) >= 0) {
- des_string_to_key (p, key);
- free (p);
- return 0;
- }
- }
- return -1;
-}
-
-int KRB5_CALLCONV
-afs_passwd_to_key(
- char *user,
- char *instance,
- char *realm,
- char *passwd,
- C_Block key)
-{
-#if 0 /* what system? */
-#pragma unused(user)
-#pragma unused(instance)
-#endif
-
- if (passwd) {
- afs_string_to_key(passwd, realm, key);
- } else {
-#if !(defined(_WIN32) || defined(USE_LOGIN_LIBRARY))
- des_read_password((des_cblock *)key, "Password", 0);
-#else
- return (-1);
-#endif
- }
- return (0);
-}
Deleted: branches/mskrb-integ/src/lib/krb4/pkt_cipher.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/pkt_cipher.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/pkt_cipher.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,35 +0,0 @@
-/*
- * pkt_cipher.c
- *
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- */
-
-#include "mit-copyright.h"
-#include <string.h>
-#include "krb.h"
-#include "prot.h"
-
-
-/*
- * This routine takes a reply packet from the Kerberos ticket-granting
- * service and returns a pointer to the beginning of the ciphertext in it.
- *
- * See "prot.h" for packet format.
- */
-
-KTEXT
-pkt_cipher(packet)
- KTEXT packet;
-{
- unsigned char *ptr = pkt_a_realm(packet) + 6
- + strlen((char *)pkt_a_realm(packet));
- /* Skip a few more fields */
- ptr += 3 + 4; /* add 4 for exp_date */
-
- /* And return the pointer */
- return((KTEXT) ptr);
-}
Deleted: branches/mskrb-integ/src/lib/krb4/pkt_clen.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/pkt_clen.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/pkt_clen.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,47 +0,0 @@
-/*
- * pkt_clen.c
- *
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- */
-
-#include "mit-copyright.h"
-#include <string.h>
-#include "krb.h"
-#include "prot.h"
-
-extern int krb_debug;
-int swap_bytes=0;
-
-/*
- * Given a pointer to an AUTH_MSG_KDC_REPLY packet, return the length of
- * its ciphertext portion. The external variable "swap_bytes" is assumed
- * to have been set to indicate whether or not the packet is in local
- * byte order. pkt_clen() takes this into account when reading the
- * ciphertext length out of the packet.
- */
-
-int
-pkt_clen(pkt)
- KTEXT pkt;
-{
- static unsigned short temp;
- int clen = 0;
-
- /* Start of ticket list */
- unsigned char *ptr = pkt_a_realm(pkt) + 10
- + strlen((char *)pkt_a_realm(pkt));
-
- /* Finally the length */
- memcpy((char *)&temp, (char *)(++ptr), 2); /* alignment */
- if (swap_bytes)
- temp = krb4_swab16(temp);
-
- clen = (int) temp;
-
- DEB (("Clen is %d\n",clen));
- return(clen);
-}
Deleted: branches/mskrb-integ/src/lib/krb4/prot_client.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/prot_client.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/prot_client.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,370 +0,0 @@
-/*
- * lib/krb4/prot_client.c
- *
- * Copyright 2001 by the Massachusetts Institute of Technology. All
- * Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * Contains protocol encoders and decoders used by a krb4 client.
- */
-
-#include "krb.h"
-#include "prot.h"
-#include <string.h>
-
-/*
- * encode_kdc_request
- *
- * Packet format is originally from g_in_tkt.c.
- *
- * Size Variable Field
- * ---- -------- -----
- * 1 byte KRB_PROT_VERSION protocol version number
- * 1 byte AUTH_MSG_KDC_REQUEST | message type
- * HOST_BYTE_ORDER local byte order in lsb
- * string user client's name
- * string instance client's instance
- * string realm client's realm
- * 4 bytes tlocal.tv_sec timestamp in seconds
- * 1 byte life desired lifetime
- * string service service's name
- * string sinstance service's instance
- */
-int KRB5_CALLCONV
-krb4prot_encode_kdc_request(char *pname, char *pinst, char *prealm,
- KRB4_32 tlocal, int life,
- char *sname, char *sinst,
- char *preauth, int preauthlen,
- int chklen, /* check input str len? */
- int le, /* little-endian? */
- KTEXT pkt)
-{
- unsigned char *p;
- int ret;
- size_t snamelen, sinstlen;
-
- p = pkt->dat;
-
- *p++ = KRB_PROT_VERSION;
- *p++ = AUTH_MSG_KDC_REQUEST | !!le;
-
- ret = krb4prot_encode_naminstrlm(pname, pinst, prealm, chklen,
- pkt, &p);
- if (ret)
- return ret;
-
- snamelen = strlen(sname) + 1;
- sinstlen = strlen(sinst) + 1;
- if (chklen && (snamelen > ANAME_SZ || sinstlen > INST_SZ))
- return KRB4PROT_ERR_OVERRUN;
- if ((sizeof(pkt->dat) - (p - pkt->dat))
- < (4 + 1 + snamelen + sinstlen + preauthlen))
- return KRB4PROT_ERR_OVERRUN;
-
- /* timestamp */
- KRB4_PUT32(p, tlocal, le);
-
- *p++ = life;
-
- memcpy(p, sname, snamelen);
- p += snamelen;
- memcpy(p, sinst, sinstlen);
- p += sinstlen;
-
- if (preauthlen)
- memcpy(p, preauth, (size_t)preauthlen);
- p += preauthlen;
-
- pkt->length = p - pkt->dat;
- return KRB4PROT_OK;
-}
-
-/*
- * decode_kdc_reply
- */
-int KRB5_CALLCONV
-krb4prot_decode_kdc_reply(KTEXT pkt,
- int *le,
- char *pname, char *pinst, char *prealm,
- long *time_ws, int *n,
- unsigned long *x_date, int *kvno,
- KTEXT ciph)
-{
- unsigned char *p;
- int msg_type;
- int ret;
- unsigned int ciph_len;
-
- p = pkt->dat;
- if (pkt->length < 2)
- return KRB4PROT_ERR_UNDERRUN;
- if (*p++ != KRB_PROT_VERSION)
- return KRB4PROT_ERR_PROT_VERS;
- msg_type = *p++;
- *le = msg_type & 1;
- msg_type &= ~1;
- if (msg_type != AUTH_MSG_KDC_REPLY)
- return KRB4PROT_ERR_MSG_TYPE;
-
- ret = krb4prot_decode_naminstrlm(ciph, &p, pname, pinst, prealm);
- if (ret)
- return ret;
-
-#define PKT_REMAIN (pkt->length - (p - pkt->dat))
-
- if (PKT_REMAIN < (4 /* time */
- + 1 /* number of tickets */
- + 4 /* exp date */
- + 1 /* kvno */
- + 2)) /* ciph length */
- return KRB4PROT_ERR_UNDERRUN;
- if (time_ws != NULL)
- KRB4_GET32(*time_ws, p, *le); /* XXX signed/unsigned */
- else
- p += 4;
- if (n != NULL)
- *n = *p++;
- else
- p++;
- if (x_date != NULL)
- KRB4_GET32(*x_date, p, *le);
- else
- p += 4;
- if (kvno != NULL)
- *kvno = *p++;
- else
- p++;
- KRB4_GET16(ciph_len, p, *le);
- if (PKT_REMAIN < ciph_len)
- return KRB4PROT_ERR_UNDERRUN;
- ciph->length = ciph_len;
- memcpy(ciph->dat, p, (size_t)ciph->length);
- return KRB4PROT_OK;
-#undef PKT_REMAIN
-}
-
-int KRB5_CALLCONV
-krb4prot_decode_ciph(KTEXT ciph, int le,
- C_Block session,
- char *name, char *inst, char *realm,
- int *life, int *kvno,
- KTEXT tkt, unsigned long *kdc_time)
-{
- unsigned char *p;
- int ret;
-
- p = ciph->dat;
- if (ciph->length < 8)
- return KRB4PROT_ERR_UNDERRUN;
- memcpy(session, p, 8);
- p += 8;
- ret = krb4prot_decode_naminstrlm(ciph, &p, name, inst, realm);
- if (ret)
- return ret;
-#define CIPH_REMAIN (ciph->length - (p - ciph->dat))
- if (CIPH_REMAIN < (1 /* life */
- + 1 /* kvno */
- + 1)) /* tkt->length */
- return KRB4PROT_ERR_UNDERRUN;
- if (life != NULL)
- *life = *p++;
- else
- p++;
- if (kvno != NULL)
- *kvno = *p++;
- else
- p++;
- tkt->length = *p++;
- if (CIPH_REMAIN < (tkt->length
- + 4)) /* kdc_time */
- return KRB4PROT_ERR_UNDERRUN;
- memcpy(tkt->dat, p, (size_t)tkt->length);
- p += tkt->length;
-
- if (kdc_time != NULL)
- KRB4_GET32(*kdc_time, p, le);
-
- return KRB4PROT_OK;
-#undef CIPH_REMAIN
-}
-
-/*
- * encode_apreq
- *
- * The following was originally from mk_req.c.
- *
- * unsigned char KRB_PROT_VERSION protocol version no.
- * unsigned char AUTH_MSG_APPL_REQUEST message type
- * (least significant
- * bit of above) HOST_BYTE_ORDER local byte ordering
- * unsigned char kvno from ticket server's key version
- * string realm server's realm
- * unsigned char tl ticket length
- * unsigned char idl request id length
- * binary ticket->dat ticket for server
- * binary req_id->dat request id
- */
-int KRB5_CALLCONV
-krb4prot_encode_apreq(int kvno, char *realm,
- KTEXT tkt, KTEXT req_id,
- int chklen, /* check str len? */
- int le, /* little-endian? */
- KTEXT pkt)
-{
- unsigned char *p;
- size_t realmlen;
-
- p = pkt->dat;
- /* Assume >= 3 bytes in a KTEXT. */
- *p++ = KRB_PROT_VERSION;
- *p++ = AUTH_MSG_APPL_REQUEST | !!le;
-
- *p++ = kvno;
-
- realmlen = strlen(realm) + 1;
- if (chklen && realmlen > REALM_SZ)
- return KRB4PROT_ERR_OVERRUN;
- if (tkt->length > 255 || req_id->length > 255)
- return KRB4PROT_ERR_OVERRUN;
- if ((sizeof(pkt->dat) - (p - pkt->dat))
- < (realmlen
- + 1 /* tkt->length */
- + 1 /* req_id->length */
- + tkt->length + req_id->length))
- return KRB4PROT_ERR_OVERRUN;
-
- memcpy(p, realm, realmlen);
- p += realmlen;
-
- *p++ = tkt->length;
- *p++ = req_id->length;
- memcpy(p, tkt->dat, (size_t)tkt->length);
- p += tkt->length;
- memcpy(p, req_id->dat, (size_t)req_id->length);
- p += req_id->length;
-
- pkt->length = p - pkt->dat;
- return KRB4PROT_OK;
-}
-
-/*
- * encode_authent
- *
- * Encodes an authenticator (called req_id in some of the code for
- * some weird reason). Does not encrypt.
- *
- * The following packet layout is originally from mk_req.c. It is
- * rounded up to the next multiple of 8 bytes.
- *
- * string cr.pname {name, instance, and
- * string cr.pinst realm of principal
- * string myrealm making this request}
- * 4 bytes checksum checksum argument given
- * unsigned char time_usecs time (microseconds)
- * 4 bytes time_secs time (seconds)
- */
-int KRB5_CALLCONV
-krb4prot_encode_authent(char *pname, char *pinst, char *prealm,
- KRB4_32 checksum,
- int time_usec, long time_sec,
- int chklen, /* check str lens? */
- int le, /* little-endian? */
- KTEXT pkt)
-{
- unsigned char *p;
- int ret;
-
- p = pkt->dat;
- ret = krb4prot_encode_naminstrlm(pname, pinst, prealm, chklen,
- pkt, &p);
- if (ret)
- return ret;
- if ((sizeof(pkt->dat) - (p - pkt->dat)) / 8
- < (4 /* checksum */
- + 1 /* microsec */
- + 4 /* time */
- + 7) / 8) /* roundoff */
- return KRB4PROT_ERR_OVERRUN;
-
- KRB4_PUT32(p, checksum, le);
- *p++ = time_usec;
- KRB4_PUT32(p, time_sec, le);
-
- memset(p, 0, 7); /* nul-pad */
- pkt->length = (((p - pkt->dat) + 7) / 8) * 8;
- return KRB4PROT_OK;
-}
-
-/*
- * decode_error
- *
- * Decodes an error reply from the KDC.
- */
-int KRB5_CALLCONV
-krb4prot_decode_error(KTEXT pkt, int *le,
- char *pname, char *pinst, char *prealm,
- unsigned long *time_ws,
- unsigned long *err, char *err_string)
-{
- unsigned char *p;
- int msg_type, ret, errstrlen;
-
- p = pkt->dat;
- if (pkt->length < 2)
- return KRB4PROT_ERR_UNDERRUN;
- if (*p++ != KRB_PROT_VERSION)
- return KRB4PROT_ERR_PROT_VERS;
- msg_type = *p++;
- *le = msg_type & 1;
- msg_type &= ~1;
- if (msg_type != AUTH_MSG_ERR_REPLY)
- return KRB4PROT_ERR_MSG_TYPE;
-
- ret = krb4prot_decode_naminstrlm(pkt, &p, pname, pinst, prealm);
- if (ret)
- return ret;
-
-#define PKT_REMAIN (pkt->length - (p - pkt->dat))
- if (PKT_REMAIN < (4 /* time */
- + 4)) /* err code */
- return KRB4PROT_ERR_UNDERRUN;
-
- if (time_ws != NULL)
- KRB4_GET32(*time_ws, p, le);
- else
- p += 4;
- if (err != NULL)
- KRB4_GET32(*err, p, le);
- else
- p += 4;
-
- if (PKT_REMAIN <= 0) /* allow for missing error string */
- return KRB4PROT_OK;
-
- errstrlen = krb4int_strnlen((char *)p, PKT_REMAIN) + 1;
- if (errstrlen <= 0) /* If it's there, it must be nul-terminated. */
- return KRB4PROT_ERR_OVERRUN;
- if (err_string != NULL)
- memcpy(err_string, p, (size_t)errstrlen);
-
- return KRB4PROT_OK;
-#undef PKT_REMAIN
-}
Deleted: branches/mskrb-integ/src/lib/krb4/prot_common.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/prot_common.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/prot_common.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,136 +0,0 @@
-/*
- * lib/krb4/prot_common.c
- *
- * Copyright 2001 by the Massachusetts Institute of Technology. All
- * Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * Contains some common code used by multiple encoders/decoders.
- */
-
-#include "krb.h"
-#include "prot.h"
-#include <string.h>
-
-/*
- * encode_naminstrlm
- *
- * Takes input string triplet of a principal, encodes into PKT.
- * Assumes that input strings are properly terminated. If CHKLEN is
- * non-zero, validate input string lengths against their respective
- * limits. The pointer P is the address of the moving pointer used by
- * the caller, and is updated here.
- *
- * Returns zero on success, non-zero on failure.
- *
- * PKT->LENGTH is NOT updated. The caller must update it.
- */
-int KRB5_CALLCONV
-krb4prot_encode_naminstrlm(char *name, char *inst, char *realm,
- int chklen, /* check input str len? */
- KTEXT pkt, /* buffer to encode into */
- unsigned char **p /* moving pointer */)
-{
- size_t namelen, instlen, realmlen;
-
- namelen = strlen(name) + 1;
- instlen = strlen(inst) + 1;
- realmlen = strlen(realm) + 1;
- if (chklen && (namelen > ANAME_SZ || instlen > INST_SZ
- || realmlen > REALM_SZ))
- return KRB4PROT_ERR_OVERRUN;
- if (*p - pkt->dat < namelen + instlen + realmlen)
- return KRB4PROT_ERR_OVERRUN;
- memcpy(*p, name, namelen);
- *p += namelen;
- memcpy(*p, inst, instlen);
- *p += namelen;
- memcpy(*p, realm, realmlen);
- *p += namelen;
- return KRB4PROT_OK;
-}
-
-/*
- * decode_naminstrlm
- *
- * Grabs a string triplet corresponding to a principal. The input
- * buffer PKT should have its length properly set. The pointer P is
- * the address of the moving pointer used by the caller, and will be
- * updated. If any input pointer is NULL, merely skip the string.
- *
- * The output strings NAME, INST, and REALM are assumed to be of the
- * correct sizes (ANAME_SZ, INST_SZ, REALM_SZ).
- *
- * Returns 0 on success, non-zero on failure.
- */
-int KRB5_CALLCONV
-krb4prot_decode_naminstrlm(KTEXT pkt, /* buffer to decode from */
- unsigned char **p, /* moving pointer */
- char *name, char *inst, char *realm)
-{
- int len;
-
-#define PKT_REMAIN (pkt->length - (*p - pkt->dat))
- if (PKT_REMAIN <= 0)
- return KRB4PROT_ERR_UNDERRUN;
- len = krb4int_strnlen((char *)*p, PKT_REMAIN) + 1;
- if (len == 0 || len > ANAME_SZ)
- return KRB4PROT_ERR_OVERRUN;
- if (name != NULL)
- memcpy(name, *p, (size_t)len);
- *p += len;
-
- if (PKT_REMAIN <= 0)
- return KRB4PROT_ERR_UNDERRUN;
- len = krb4int_strnlen((char *)*p, PKT_REMAIN) + 1;
- if (len <= 0 || len > INST_SZ)
- return KRB4PROT_ERR_OVERRUN;
- if (name != NULL)
- memcpy(inst, *p, (size_t)len);
- *p += len;
-
- if (PKT_REMAIN <= 0)
- return KRB4PROT_ERR_UNDERRUN;
- len = krb4int_strnlen((char *)*p, PKT_REMAIN) + 1;
- if (len <= 0 || len > REALM_SZ)
- return KRB4PROT_ERR_OVERRUN;
- if (realm != NULL)
- memcpy(realm, *p, (size_t)len);
- *p += len;
- return KRB4PROT_OK;
-#undef PKT_REMAIN
-}
-
-int KRB5_CALLCONV
-krb4prot_decode_header(KTEXT pkt,
- int *pver, int *msgtype, int *le)
-{
- unsigned char *p;
-
- p = pkt->dat;
- if (pkt->length < 2)
- return KRB4PROT_ERR_UNDERRUN;
- *pver = *p++;
- *msgtype = *p++;
- *le = *msgtype & 1;
- *msgtype &= ~1;
- return KRB4PROT_OK;
-}
Deleted: branches/mskrb-integ/src/lib/krb4/prot_kdc.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/prot_kdc.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/prot_kdc.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,461 +0,0 @@
-/*
- * lib/krb4/prot_kdc.c
- *
- * Copyright 1985--1988, 2000, 2001 by the Massachusetts Institute of
- * Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * Contains the protocol encoders and decoders used by the KDC.
- */
-
-#include "krb.h"
-#include "prot.h"
-#include <string.h>
-#include "port-sockets.h"
-
-/*
- * encode_kdc_reply
- *
- * Encodes a reply from the KDC to the client.
- *
- * Returns KRB4PROT_OK on success, non-zero on failure.
- *
- * Caller is responsible for cleaning up OUTBUF.
- *
- * This packet layout description was originally in cr_auth_repl.c:
- *
- * variable
- * type or constant data
- * ---- ----------- ----
- * unsigned char KRB_PROT_VERSION protocol version number
- *
- * unsigned char AUTH_MSG_KDC_REPLY protocol message type
- *
- * [least significant HOST_BYTE_ORDER sender's (server's) byte
- * bit of above field] order
- *
- * string pname principal's name
- *
- * string pinst principal's instance
- *
- * string prealm principal's realm
- *
- * unsigned long time_ws client's timestamp
- *
- * unsigned char n number of tickets
- *
- * unsigned long x_date expiration date
- *
- * unsigned char kvno master key version
- *
- * short cipher->length cipher length
- *
- * binary cipher->dat cipher data
- */
-int KRB5_CALLCONV
-krb4prot_encode_kdc_reply(char *pname, char *pinst, char *prealm,
- long time_ws,
- int n, /* Number of tickets; 0 for krb4 (!) */
- unsigned long x_date, /* exp date */
- int kvno,
- KTEXT cipher, /* encrypted ticket */
- int chklen, /* check input str len? */
- int le, /* little-endian? */
- KTEXT outbuf)
-{
- unsigned char *p;
- int ret;
-
- p = outbuf->dat;
- /* This is really crusty. */
- if (n != 0)
- *p++ = 3;
- else
- *p++ = KRB_PROT_VERSION;
- /* little-endianness based on input, usually big-endian, though. */
- *p++ = AUTH_MSG_KDC_REPLY | !!le;
-
- ret = krb4prot_encode_naminstrlm(pname, pinst, prealm, chklen,
- outbuf, &p);
- if (ret)
- return ret;
-
- /* Check lengths */
- if (cipher->length > 65535 || cipher->length < 0)
- return KRB4PROT_ERR_OVERRUN;
- if ((sizeof(outbuf->dat) - (p - outbuf->dat)
- < (4 /* timestamp */
- + 1 /* num of tickets */
- + 4 /* exp date */
- + 1 /* kvno */
- + 2 /* cipher->length */
- + cipher->length))) /* cipher->dat */
- return KRB4PROT_ERR_OVERRUN;
-
- /* Workstation timestamp */
- KRB4_PUT32(p, time_ws, le);
-
- /* Number of tickets */
- *p++ = n;
-
- /* Expiration date */
- KRB4_PUT32(p, x_date, le);
-
- /* Now send the ciphertext and info to help decode it */
- *p++ = kvno;
- KRB4_PUT16(p, cipher->length, le);
- memcpy(p, cipher->dat, (size_t)cipher->length);
- p += cipher->length;
-
- /* And return the packet */
- outbuf->length = p - outbuf->dat;
- return KRB4PROT_OK;
-}
-
-/*
- * encode_ciph
- *
- * Encodes a "cipher" that is to be included in a KDC reply message.
- *
- * Caller is responsible for cleaning up CIPH.
- *
- * Returns KRB4PROT_OK on success, non-zero on failure.
- *
- * Packet format below is originally from cr_ciph.c:
- *
- * variable
- * type or constant data
- * ---- ----------- ----
- * 8 bytes session session key for client, service
- *
- * string service service name
- *
- * string instance service instance
- *
- * string realm KDC realm
- *
- * unsigned char life ticket lifetime
- *
- * unsigned char kvno service key version number
- *
- * unsigned char tkt->length length of following ticket
- *
- * data tkt->dat ticket for service
- *
- * 4 bytes kdc_time KDC's timestamp
- *
- * <=7 bytes null null pad to 8 byte multiple
- */
-int KRB5_CALLCONV
-krb4prot_encode_ciph(C_Block session,
- char *name, char *inst, char *realm,
- unsigned long life, int kvno,
- KTEXT tkt, /* ticket */
- unsigned long kdc_time,
- int chklen, /* check str lens? */
- int le, /* little-endian? */
- KTEXT ciph) /* output buffer */
-{
- unsigned char *p;
- int ret;
-
- p = ciph->dat;
- /*
- * Assume that there will be >= 8 bytes in a KTEXT. If there
- * aren't, we have worse problems.
- */
- memcpy(p, session, 8);
- p += 8;
-
- ret = krb4prot_encode_naminstrlm(name, inst, realm, chklen,
- ciph, &p);
- if (ret)
- return ret;
- if (tkt->length > 255 || tkt->length < 0)
- return KRB4PROT_ERR_OVERRUN;
- if ((sizeof(ciph->dat) - (p - ciph->dat)) / 8
- < (1 /* life */
- + 1 /* kvno */
- + 1 /* tkt->length */
- + tkt->length /* tkt->dat */
- + 4 /* kdc_time */
- + 7) / 8) /* roundoff */
- return KRB4PROT_ERR_OVERRUN;
-
- *p++ = life;
- *p++ = kvno;
- *p++ = tkt->length;
-
- memcpy(p, tkt->dat, (size_t)tkt->length);
- p += tkt->length;
-
- KRB4_PUT32(p, kdc_time, le);
-
- /* Guarantee null pad to multiple of 8 bytes */
- memset(p, 0, 7);
- ciph->length = (((p - ciph->dat) + 7) / 8) * 8;
- return KRB4PROT_OK;
-}
-
-/*
- * encode_tkt
- *
- * Encode ticket to include in a "cipher". Does not encrypt.
- *
- * Caller is responsible for cleaning TKT.
- *
- * The length of the ticket is a multiple of
- * eight bytes and is in tkt->length.
- *
- * If the ticket is not a multiple of eight bytes long, the ticket
- * will contain nulls.
- *
- * Returns KRB4PROT_OK on success, non-zero on failure.
- *
- * The following packet layout is from cr_tkt.c:
- *
- * variable
- * type or constant data
- * ---- ----------- ----
- * unsigned char flags namely, HOST_BYTE_ORDER
- *
- * string pname client's name
- *
- * string pinstance client's instance
- *
- * string prealm client's realm
- *
- * 4 bytes paddress client's address
- *
- * 8 bytes session session key
- *
- * 1 byte life ticket lifetime
- *
- * 4 bytes time_sec KDC timestamp
- *
- * string sname service's name
- *
- * string sinstance service's instance
- *
- * <=7 bytes null null pad to 8 byte multiple
- */
-int KRB5_CALLCONV
-krb4prot_encode_tkt(unsigned int flags,
- char *pname, char *pinst, char *prealm,
- unsigned long paddress,
- char *session,
- int life, long time_sec,
- char *sname, char *sinst,
- int chklen, /* check str lens? */
- int le, /* little-endian? */
- KTEXT tkt) /* output buf */
-{
- struct in_addr paddr;
- unsigned char *p;
- size_t snamelen, sinstlen;
-
- /* Be really paranoid. */
- if (sizeof(paddr.s_addr) != 4)
- return KFAILURE;
-
- p = tkt->dat;
- /*
- * Assume at least one byte in a KTEXT. If not, we have bigger
- * problems. Also, bitwise-OR in the little-endian flag.
- */
- *p++ = flags | !!le;
-
- if (krb4prot_encode_naminstrlm(pname, pinst, prealm, chklen,
- tkt, &p))
- return KFAILURE;
-
- snamelen = strlen(sname) + 1;
- sinstlen = strlen(sinst) + 1;
- if (life > 255 || life < 0)
- return KFAILURE;
- if (chklen && (snamelen > ANAME_SZ || sinstlen > INST_SZ))
- return KFAILURE;
- if ((sizeof(tkt->dat) - (p - tkt->dat)) / 8
- < (4 /* address */
- + 8 /* session */
- + 1 /* life */
- + 4 /* issue time */
- + snamelen + sinstlen
- + 7) / 8) /* roundoff */
- return KFAILURE;
-
- paddr.s_addr = paddress;
- memcpy(p, &paddr.s_addr, sizeof(paddr.s_addr));
- p += sizeof(paddr.s_addr);
-
- memcpy(p, session, 8);
- p += 8;
- *p++ = life;
- /* issue time */
- KRB4_PUT32(p, time_sec, le);
-
- memcpy(p, sname, snamelen);
- p += snamelen;
- memcpy(p, sinst, sinstlen);
- p += sinstlen;
-
- /* guarantee null padded ticket to multiple of 8 bytes */
- memset(p, 0, 7);
- tkt->length = ((p - tkt->dat + 7) / 8) * 8;
- return KSUCCESS;
-}
-
-/*
- * encode_err_reply
- *
- * Encode an error reply message from the KDC to the client.
- *
- * Returns KRB4PROT_OK on success, non-zero on error.
- *
- * The following packet layout description is from cr_err_repl.c:
- *
- * type variable data
- * or constant
- * ---- ----------- ----
- * unsigned char req_ack_vno protocol version number
- *
- * unsigned char AUTH_MSG_ERR_REPLY protocol message type
- *
- * [least significant HOST_BYTE_ORDER sender's (server's) byte
- * bit of above field] order
- *
- * string pname principal's name
- *
- * string pinst principal's instance
- *
- * string prealm principal's realm
- *
- * unsigned long time_ws client's timestamp
- *
- * unsigned long e error code
- *
- * string e_string error text
- */
-int KRB5_CALLCONV
-krb4prot_encode_err_reply(char *pname, char *pinst, char *prealm,
- unsigned long time_ws,
- unsigned long err, /* error code */
- char *err_string, /* error text */
- int chklen, /* check str lens? */
- int le, /* little-endian? */
- KTEXT pkt) /* output buf */
-{
- unsigned char *p;
- size_t err_stringlen;
-
- p = pkt->dat;
- /* Assume >= 2 bytes in KTEXT. */
- *p++ = KRB_PROT_VERSION;
- *p++ = AUTH_MSG_ERR_REPLY | !!le;
-
- if (krb4prot_encode_naminstrlm(pname, pinst, prealm, chklen,
- pkt, &p))
- return KFAILURE;
-
- err_stringlen = strlen(err_string) + 1;
- if ((sizeof(pkt->dat) - (p - pkt->dat))
- < (4 /* timestamp */
- + 4 /* err code */
- + err_stringlen))
- return KFAILURE;
- /* ws timestamp */
- KRB4_PUT32(p, time_ws, le);
- /* err code */
- KRB4_PUT32(p, err, le);
- /* err text */
- memcpy(p, err_string, err_stringlen);
- p += err_stringlen;
-
- /* And return */
- pkt->length = p - pkt->dat;
- return KSUCCESS;
-}
-
-/*
- * decode_kdc_request
- *
- * Decode an initial ticket request sent from the client to the KDC.
- *
- * Packet format is described in g_in_tkt.c.
- *
- * Returns KRB4PROT_OK on success, non-zero on failure.
- */
-int KRB5_CALLCONV
-krb4prot_decode_kdc_request(KTEXT pkt,
- int *le,
- char *pname, char *pinst, char *prealm,
- long *req_time, int *life,
- char *sname, char *sinst)
-{
- unsigned char *p;
- int msg_type, ret, len;
-
- p = pkt->dat;
-
- /* Get prot vers and msg type */
- if (pkt->length < 2)
- return KRB4PROT_ERR_UNDERRUN;
- if (*p++ != KRB_PROT_VERSION)
- return KRB4PROT_ERR_PROT_VERS;
- msg_type = *p++;
- *le = msg_type & 1;
- msg_type &= ~1;
- if (msg_type != AUTH_MSG_KDC_REQUEST)
- return KRB4PROT_ERR_MSG_TYPE;
-
- ret = krb4prot_decode_naminstrlm(pkt, &p, pname, pinst, prealm);
- if (ret)
- return ret;
-
-#define PKT_REMAIN (pkt->length - (p - pkt->dat))
-
- if (PKT_REMAIN < (4 /* time */
- + 1)) /* life */
- return KRB4PROT_ERR_UNDERRUN;
-
- KRB4_GET32(*req_time, p, *le);
-
- *life = *p++;
-
- if (PKT_REMAIN <= 0)
- return KRB4PROT_ERR_UNDERRUN;
- len = krb4int_strnlen((char *)p, PKT_REMAIN) + 1;
- if (len <= 0 || len > ANAME_SZ)
- return KRB4PROT_ERR_OVERRUN;
- memcpy(sname, p, (size_t)len);
- p += len;
-
- if (PKT_REMAIN <= 0)
- return KRB4PROT_ERR_UNDERRUN;
- len = krb4int_strnlen((char *)p, PKT_REMAIN) + 1;
- if (len <= 0 || len > INST_SZ)
- return KRB4PROT_ERR_OVERRUN;
- memcpy(sinst, p, (size_t)len);
- p += len;
-
- /* XXX krb4 preauth? */
- return KRB4PROT_OK;
-}
Deleted: branches/mskrb-integ/src/lib/krb4/put_svc_key.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/put_svc_key.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/put_svc_key.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,96 +0,0 @@
-/* lib/krb/put_svc_key.c */
-/* Copyright 1994 Cygnus Support */
-/* Mark W. Eichin */
-/*
- * Permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation.
- * Cygnus Support makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-/*
- * put_svc_key is a simple version of what 'ksrvutil add' provides, for some
- * circumstances when service keys are distributed by applictions.
- *
- * Caveats: currently uses UNIX I/O (open, read) rather than stdio - this
- * should be fixed.
- * It could probably be made more general (and then actually be used
- * by ksrvutil.) This version supports just enough to be useful.
- */
-
-#include "krb.h"
-#include "krb4int.h"
-
-#include <string.h>
-#include <stdio.h>
-#include <fcntl.h>
-#include "autoconf.h"
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include "k5-platform.h"
-
-#define KEYSZ sizeof(C_Block)
-/* strict put_svc_key.
- The srvtab must already exist;
- The key (exact match) must already be in the file;
- version numbers are not checked.
- */
-int KRB5_CALLCONV
-put_svc_key(sfile,name,inst,realm,newvno,key)
- char *sfile;
- char *name;
- char *inst;
- char *realm;
- int newvno;
- char *key;
-{
- int fd;
- char fname[SNAME_SZ], finst[INST_SZ], frlm[REALM_SZ];
- unsigned char fvno;
- char fkey[KEYSZ];
-
- if (!sfile)
- sfile = KEYFILE;
-
- if ((fd = open(sfile, O_RDWR)) < 0)
- return KFAILURE;
- set_cloexec_fd(fd);
-
- while(getst(fd,fname,SNAME_SZ) > 0) {
- getst(fd,finst,INST_SZ);
- getst(fd,frlm,REALM_SZ);
- if (!strcmp(fname,name)
- && !strcmp(finst,inst)
- && !strcmp(frlm,realm)) {
- /* all matched, so write new data */
- fvno = newvno;
- lseek(fd,0,SEEK_CUR);
- if (write(fd,&fvno,1) != 1) {
- close(fd);
- return KFAILURE;
- }
- if (write(fd,key,KEYSZ) != KEYSZ) {
- close(fd);
- return KFAILURE;
- }
- close(fd);
- return KSUCCESS;
- }
- if (read(fd,&fvno,1) != 1) {
- close(fd);
- return KFAILURE;
- }
- if (read(fd,fkey,KEYSZ) != KEYSZ) {
- close(fd);
- return KFAILURE;
- }
- }
- /* never found it */
- close(fd);
- return KFAILURE;
-}
Deleted: branches/mskrb-integ/src/lib/krb4/rd_err.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/rd_err.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/rd_err.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,78 +0,0 @@
-/*
- * lib/krb4/rd_err.c
- *
- * Copyright 1986, 1987, 1988, 2000 by the Massachusetts Institute of
- * Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * Steve Miller Project Athena MIT/DEC
- */
-
-#include <string.h>
-
-#include "krb.h"
-#include "prot.h"
-
-/*
- * Given an AUTH_MSG_APPL_ERR message, "in" and its length "in_length",
- * return the error code from the message in "code" and the text in
- * "m_data" as follows:
- *
- * m_data->app_data points to the error text
- * m_data->app_length points to the length of the error text
- *
- * If all goes well, return RD_AP_OK. If the version number
- * is wrong, return RD_AP_VERSION, and if it's not an AUTH_MSG_APPL_ERR
- * type message, return RD_AP_MSG_TYPE.
- *
- * The AUTH_MSG_APPL_ERR message format can be found in mk_err.c
- */
-
-int KRB5_CALLCONV
-krb_rd_err(in, in_length, code, m_data)
- u_char *in; /* pointer to the msg received */
- u_long in_length; /* of in msg */
- long *code; /* received error code */
- MSG_DAT *m_data;
-{
- register u_char *p;
- int le;
- unsigned KRB4_32 raw_code;
-
- p = in; /* beginning of message */
-
- if (in_length < 1 + 1 + 4)
- return RD_AP_MODIFIED; /* XXX should have better error code */
- if (*p++ != KRB_PROT_VERSION)
- return RD_AP_VERSION;
- if (((*p) & ~1) != AUTH_MSG_APPL_ERR)
- return RD_AP_MSG_TYPE;
- le = *p++ & 1;
-
- KRB4_GET32(raw_code, p, le);
- *code = raw_code; /* XXX unsigned->signed conversion! */
-
- m_data->app_data = p; /* we're now at the error text
- * message */
- m_data->app_length = p - in;
-
- return RD_AP_OK; /* OK == 0 */
-}
Deleted: branches/mskrb-integ/src/lib/krb4/rd_preauth.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/rd_preauth.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/rd_preauth.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,62 +0,0 @@
-/* rd_preauth.c */
-/* part of Cygnus Network Security */
-/* Copyright 1994 Cygnus Support */
-/*
- * Permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation.
- * Cygnus Support makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include "krb_db.h"
-#include "prot.h"
-#include "des.h"
-#include "krb4int.h"
-#include <string.h>
-
-/* #define KERB_ERR_PREAUTH_SHORT 11 */
-/* #define KERB_ERR_PREAUTH_MISMATCH 12 */
-
-
-int
-krb_rd_preauth(pkt, preauth_p, preauth_len, auth_pr, key)
- KTEXT pkt;
- char *preauth_p;
- int preauth_len;
- Principal *auth_pr;
- des_cblock key;
-{
- int st;
- char *name_p;
-
- name_p = auth_pr->name;
-
-#ifndef NOENCRYPTION
- /* Decrypt preauth_p using key as the key and initialization vector. */
- /* check preauth_len */
- if ((((strlen(name_p) + 1) / 8) + 1) * 8 != preauth_len)
- return KERB_ERR_PREAUTH_SHORT;
- else {
- des_key_schedule key_s;
-
- if (des_key_sched(key, key_s)) {
- return 1;
- }
- des_pcbc_encrypt((des_cblock *)preauth_p, (des_cblock *)preauth_p,
- (long)preauth_len, key_s, (des_cblock *)key,
- DES_DECRYPT);
- memset(key_s, 0, sizeof(key_s));
- }
-#endif /* R3_NO_MODIFICATIONS */
-
- /* since the preauth data has the trailing 0, this just works */
- st = strcmp(preauth_p, name_p);
- if (st)
- return KERB_ERR_PREAUTH_MISMATCH;
- return 0;
-}
Deleted: branches/mskrb-integ/src/lib/krb4/rd_priv.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/rd_priv.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/rd_priv.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,233 +0,0 @@
-/*
- * lib/krb4/rd_priv.c
- *
- * Copyright 1986, 1987, 1988, 2000 by the Massachusetts Institute of
- * Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * This routine dissects a a Kerberos 'private msg', decrypting it,
- * checking its integrity, and returning a pointer to the application
- * data contained and its length.
- *
- * Returns 0 (RD_AP_OK) for success or an error code (RD_AP_...). If
- * the return value is RD_AP_TIME, then either the times are too far
- * out of synch, OR the packet was modified.
- *
- * Steve Miller Project Athena MIT/DEC
- */
-
-/* system include files */
-#include <stdio.h>
-#include <string.h>
-
-/* application include files */
-#include "krb.h"
-#include "prot.h"
-#include "des.h"
-#include "lsb_addr_cmp.h"
-#include "port-sockets.h"
-
-extern int krb_debug;
-
-/* This one is exported, for use by krb_mk_priv. */
-int private_msg_ver = KRB_PROT_VERSION;
-
-/*
-#ifdef NOENCRPYTION
- * krb_rd_priv() checks the integrity of an
-#else
- * krb_rd_priv() decrypts and checks the integrity of an
-#endif
- * AUTH_MSG_PRIVATE message. Given the message received, "in",
- * the length of that message, "in_length", the key "schedule"
-#ifdef NOENCRYPTION
- * and "key", and the network addresses of the
-#else
- * and "key" to decrypt with, and the network addresses of the
-#endif
- * "sender" and "receiver" of the message, krb_rd_safe() returns
- * RD_AP_OK if the message is okay, otherwise some error code.
- *
- * The message data retrieved from "in" are returned in the structure
-#ifdef NOENCRYPTION
- * "m_data". The pointer to the application data
-#else
- * "m_data". The pointer to the decrypted application data
-#endif
- * (m_data->app_data) refers back to the appropriate place in "in".
- *
- * See the file "mk_priv.c" for the format of the AUTH_MSG_PRIVATE
- * message. The structure containing the extracted message
- * information, MSG_DAT, is defined in "krb.h".
- */
-
-long KRB5_CALLCONV
-krb_rd_priv(in, in_length, schedule, key, sender, receiver, m_data)
- u_char *in; /* pointer to the msg received */
- unsigned KRB4_32 in_length; /* length of "in" msg */
- Key_schedule schedule; /* precomputed key schedule */
- C_Block *key; /* encryption key for seed and ivec */
- struct sockaddr_in *sender;
- struct sockaddr_in *receiver;
- MSG_DAT *m_data; /*various input/output data from msg */
-{
- register u_char *p,*q;
- int v, t, le;
- struct in_addr src_addr;
- unsigned KRB4_32 c_length;
- int swap_bytes;
- unsigned KRB4_32 t_local;
- KRB4_32 delta_t; /* Difference between timestamps */
-
- p = in; /* beginning of message */
-#define IN_REMAIN (in_length - (p - in))
- swap_bytes = 0;
-
- if (IN_REMAIN < 1 + 1 + 4)
- return RD_AP_MODIFIED;
- v = *p++;
- if (v != KRB_PROT_VERSION && v != 3)
- return RD_AP_VERSION;
- private_msg_ver = v;
- t = *p++;
- if ((t & ~1) != AUTH_MSG_PRIVATE)
- return RD_AP_MSG_TYPE;
- le = t & 1;
-
- /* get cipher length */
- KRB4_GET32(c_length, p, le);
- /* check for rational length so we don't go comatose */
- if (IN_REMAIN < c_length)
- return RD_AP_MODIFIED;
-
-#ifndef NOENCRYPTION
- /*
- * decrypt to obtain length, timestamps, app_data, and checksum
- * use the session key as an ivec
- */
-#endif
-
- q = p; /* mark start of encrypted stuff */
-
-#ifndef NOENCRYPTION
- /* pcbc decrypt, use key as ivec */
- pcbc_encrypt((C_Block *)q, (C_Block *)q, (long)c_length,
- schedule, key, DECRYPT);
-#endif
-
- /* safely get application data length */
- KRB4_GET32(m_data->app_length, p, le);
-
- if (IN_REMAIN < m_data->app_length + 4 + 1 + 4)
- return RD_AP_MODIFIED;
-
-#ifndef NOENCRYPTION
- /* we're now at the decrypted application data */
-#endif
- m_data->app_data = p;
-
- p += m_data->app_length;
-
- /* safely get time_5ms */
- m_data->time_5ms = *p++;
-
- /* safely get src address */
- memcpy(&src_addr.s_addr, p, sizeof(src_addr.s_addr));
- /* don't swap, net order always */
- p += sizeof(src_addr.s_addr);
-
- if (!krb_ignore_ip_address) {
- switch (sender->sin_family) {
- case AF_INET:
- if (src_addr.s_addr != sender->sin_addr.s_addr)
- return RD_AP_MODIFIED;
- break;
-#ifdef KRB5_USE_INET6
- case AF_INET6:
- if (IN6_IS_ADDR_V4MAPPED (&((struct sockaddr_in6 *)sender)->sin6_addr)
- && !memcmp (&src_addr.s_addr,
- 12 + (char *) &((struct sockaddr_in6 *)sender)->sin6_addr,
- 4))
- break;
- /* Not v4 mapped? Not ignoring addresses? You lose. */
- return RD_AP_MODIFIED;
-#endif
- default:
- return RD_AP_MODIFIED;
- }
- }
-
- /* safely get time_sec */
- KRB4_GET32(m_data->time_sec, p, le);
-
- /* check direction bit is the sign bit */
- /* For compatibility with broken old code, compares are done in VAX
- byte order (LSBFIRST) */
- /* However, if we don't have good ip addresses anyhow, just clear
- the bit. This makes it harder to detect replay of sent packets
- back to the receiver, but most higher level protocols can deal
- with that more directly. */
- if (krb_ignore_ip_address) {
- if (m_data->time_sec < 0)
- m_data->time_sec = -m_data->time_sec;
- } else
- switch (krb4int_address_less (sender, receiver)) {
- case 1:
- m_data->time_sec = -m_data->time_sec;
- break;
- case -1:
- if (m_data->time_sec < 0)
- m_data->time_sec = -m_data->time_sec;
- break;
- }
-
- /* check the time integrity of the msg */
- t_local = TIME_GMT_UNIXSEC;
- delta_t = t_local - m_data->time_sec;
- if (delta_t < 0)
- delta_t = -delta_t; /* Absolute value of difference */
- if (delta_t > CLOCK_SKEW)
- return RD_AP_TIME; /* XXX should probably be better code */
- DEB(("\ndelta_t = %d", delta_t));
-
- /*
- * caller must check timestamps for proper order and
- * replays, since server might have multiple clients
- * each with its own timestamps and we don't assume
- * tightly synchronized clocks.
- */
-
-#ifdef notdef
- memcpy((char *)&cksum, (char *) p, sizeof(cksum));
- if (swap_bytes) cksum = krb4_swab32(cksum)
- /*
- * calculate the checksum of the length, sequence,
- * and input data, on the sending byte order!!
- */
- calc_cksum = quad_cksum(q, NULL, p-q, 0, key);
-
- DEB (("\ncalc_cksum = %u, received cksum = %u",
- calc_cksum, cksum));
- if (cksum != calc_cksum)
- return RD_AP_MODIFIED;
-#endif
- return RD_AP_OK; /* OK == 0 */
-}
Deleted: branches/mskrb-integ/src/lib/krb4/rd_req.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/rd_req.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/rd_req.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,543 +0,0 @@
-/*
- * lib/krb4/rd_req.c
- *
- * Copyright 1985, 1986, 1987, 1988, 2000, 2001, 2002 by the
- * Massachusetts Institute of Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "des.h"
-#include "krb.h"
-#include "prot.h"
-#include <string.h>
-#include <krb5.h>
-#include <krb54proto.h>
-
-extern int krb_ap_req_debug;
-
-static int
-krb_rd_req_with_key(KTEXT, char *, char *, KRB_UINT32, AUTH_DAT *,
- Key_schedule, krb5_keyblock *);
-
-/* declared in krb.h */
-int krb_ignore_ip_address = 0;
-
-/*
- * Keep the following information around for subsequent calls
- * to this routine by the same server using the same key.
- */
-
-static Key_schedule serv_key; /* Key sched to decrypt ticket */
-static C_Block ky; /* Initialization vector */
-static int st_kvno; /* version number for this key */
-static char st_rlm[REALM_SZ]; /* server's realm */
-static char st_nam[ANAME_SZ]; /* service name */
-static char st_inst[INST_SZ]; /* server's instance */
-static int krb5_key; /* whether krb5 key is used for decrypt */
-
-/*
- * This file contains two functions. krb_set_key() takes a DES
- * key or password string and returns a DES key (either the original
- * key, or the password converted into a DES key) and a key schedule
- * for it.
- *
- * krb_rd_req() reads an authentication request and returns information
- * about the identity of the requestor, or an indication that the
- * identity information was not authentic.
- */
-
-/*
- * krb_set_key() takes as its first argument either a DES key or a
- * password string. The "cvt" argument indicates how the first
- * argument "key" is to be interpreted: if "cvt" is null, "key" is
- * taken to be a DES key; if "cvt" is non-null, "key" is taken to
- * be a password string, and is converted into a DES key using
- * string_to_key(). In either case, the resulting key is returned
- * in the external static variable "ky". A key schedule is
- * generated for "ky" and returned in the external static variable
- * "serv_key".
- *
- * This routine returns the return value of des_key_sched.
- *
- * krb_set_key() needs to be in the same .o file as krb_rd_req() so that
- * the key set by krb_set_key() is available in private storage for
- * krb_rd_req().
- */
-
-static krb5_keyblock srv_k5key;
-
-int
-krb_set_key(key, cvt)
- char *key;
- int cvt;
-{
- if (krb5_key)
- /* XXX assumes that context arg is ignored */
- krb5_free_keyblock_contents(NULL, &srv_k5key);
- krb5_key = 0;
-#ifdef NOENCRYPTION
- memset(ky, 0, sizeof(ky));
- return KSUCCESS;
-#else /* Encrypt */
- if (cvt)
- string_to_key(key, ky);
- else
- memcpy((char *)ky, key, 8);
- return des_key_sched(ky,serv_key);
-#endif /* NOENCRYPTION */
-}
-
-int
-krb_set_key_krb5(ctx, key)
- krb5_context ctx;
- krb5_keyblock *key;
-{
- if (krb5_key)
- krb5_free_keyblock_contents(ctx, &srv_k5key);
- krb5_key = 1;
- return krb5_copy_keyblock_contents(ctx, key, &srv_k5key);
-}
-
-void
-krb_clear_key_krb5(ctx)
- krb5_context ctx;
-{
- if (krb5_key)
- krb5_free_keyblock_contents(ctx, &srv_k5key);
- krb5_key = 0;
-}
-
-/*
- * krb_rd_req() takes an AUTH_MSG_APPL_REQUEST or
- * AUTH_MSG_APPL_REQUEST_MUTUAL message created by krb_mk_req(),
- * checks its integrity and returns a judgement as to the requestor's
- * identity.
- *
- * The "authent" argument is a pointer to the received message.
- * The "service" and "instance" arguments name the receiving server,
- * and are used to get the service's ticket to decrypt the ticket
- * in the message, and to compare against the server name inside the
- * ticket. "from_addr" is the network address of the host from which
- * the message was received; this is checked against the network
- * address in the ticket. If "from_addr" is zero, the check is not
- * performed. "ad" is an AUTH_DAT structure which is
- * filled in with information about the sender's identity according
- * to the authenticator and ticket sent in the message. Finally,
- * "fn" contains the name of the file containing the server's key.
- * (If "fn" is NULL, the server's key is assumed to have been set
- * by krb_set_key(). If "fn" is the null string ("") the default
- * file KEYFILE, defined in "krb.h", is used.)
- *
- * krb_rd_req() returns RD_AP_OK if the authentication information
- * was genuine, or one of the following error codes (defined in
- * "krb.h"):
- *
- * RD_AP_VERSION - wrong protocol version number
- * RD_AP_MSG_TYPE - wrong message type
- * RD_AP_UNDEC - couldn't decipher the message
- * RD_AP_INCON - inconsistencies found
- * RD_AP_BADD - wrong network address
- * RD_AP_TIME - client time (in authenticator)
- * too far off server time
- * RD_AP_NYV - Kerberos time (in ticket) too
- * far off server time
- * RD_AP_EXP - ticket expired
- *
- * For the message format, see krb_mk_req().
- *
- * Mutual authentication is not implemented.
- */
-
-static int
-krb_rd_req_with_key(authent, service, instance, from_addr, ad, ks, k5key)
- register KTEXT authent; /* The received message */
- char *service; /* Service name */
- char *instance; /* Service instance */
- unsigned KRB4_32 from_addr; /* Net address of originating host */
- AUTH_DAT *ad; /* Structure to be filled in */
- Key_schedule ks;
- krb5_keyblock *k5key;
-{
- KTEXT_ST ticket; /* Temp storage for ticket */
- KTEXT tkt = &ticket;
- KTEXT_ST req_id_st; /* Temp storage for authenticator */
- register KTEXT req_id = &req_id_st;
-
- char realm[REALM_SZ]; /* Realm of issuing kerberos */
- Key_schedule seskey_sched; /* Key sched for session key */
- char sname[SNAME_SZ]; /* Service name from ticket */
- char iname[INST_SZ]; /* Instance name from ticket */
- char r_aname[ANAME_SZ]; /* Client name from authenticator */
- char r_inst[INST_SZ]; /* Client instance from authenticator */
- char r_realm[REALM_SZ]; /* Client realm from authenticator */
- unsigned int r_time_ms; /* Fine time from authenticator */
- unsigned KRB4_32 r_time_sec; /* Coarse time from authenticator */
- register unsigned char *ptr; /* For stepping through */
- unsigned KRB4_32 t_local; /* Local time on our side of the protocol */
- KRB4_32 delta_t; /* Time in authenticator minus local time */
-#ifdef KRB_CRYPT_DEBUG
- KRB4_32 tkt_age; /* Age of ticket */
-#endif
- int le; /* is little endian? */
- int mutual; /* Mutual authentication requested? */
- int t; /* msg type */
- unsigned char s_kvno; /* Version number of the server's key
- Kerberos used to encrypt ticket */
- int ret;
- int len;
-
- tkt->mbz = req_id->mbz = 0;
-
- if (authent->length < 1 + 1 + 1)
- return RD_AP_MODIFIED;
-
- ptr = authent->dat;
-#define AUTHENT_REMAIN (authent->length - (ptr - authent->dat))
-
- /* get msg version, type and byte order, and server key version */
-
- /* check version */
- if (KRB_PROT_VERSION != *ptr++)
- return RD_AP_VERSION;
-
- /* byte order */
- t = *ptr++;
- le = t & 1;
-
- /* check msg type */
- mutual = 0;
- switch (t & ~1) {
- case AUTH_MSG_APPL_REQUEST:
- break;
- case AUTH_MSG_APPL_REQUEST_MUTUAL:
- mutual++;
- break;
- default:
- return RD_AP_MSG_TYPE;
- }
-
-#ifdef lint
- /* XXX mutual is set but not used; why??? */
- /* this is a crock to get lint to shut up */
- if (mutual)
- mutual = 0;
-#endif /* lint */
- s_kvno = *ptr++; /* get server key version */
- len = krb4int_strnlen((char *)ptr, AUTHENT_REMAIN) + 1;
- if (len <= 0 || len > sizeof(realm)) {
- return RD_AP_MODIFIED; /* must have been modified, the client wouldn't
- try to trick us with wacky data */
- }
- /* And the realm of the issuing KDC */
- (void)memcpy(realm, ptr, (size_t)len);
- ptr += len; /* skip the realm "hint" */
-
- /* Get ticket length */
- tkt->length = *ptr++;
- /* Get authenticator length while we're at it. */
- req_id->length = *ptr++;
- if (AUTHENT_REMAIN < tkt->length + req_id->length)
- return RD_AP_MODIFIED;
- /* Copy ticket */
- memcpy(tkt->dat, ptr, (size_t)tkt->length);
- ptr += tkt->length;
-
-#ifdef KRB_CRYPT_DEBUG
- if (krb_ap_req_debug)
- log("ticket->length: %d",tkt->length);
- if (krb_ap_req_debug)
- log("authent->length: %d", authent->length);
-#endif
-
-#ifndef NOENCRYPTION
- /* Decrypt and take apart ticket */
-#endif
-
- if (k5key == NULL) {
- if (decomp_ticket(tkt,&ad->k_flags,ad->pname,ad->pinst,ad->prealm,
- &(ad->address),ad->session, &(ad->life),
- &(ad->time_sec),sname,iname,ky,ks)) {
-#ifdef KRB_CRYPT_DEBUG
- log("Can't decode ticket");
-#endif
- return(RD_AP_UNDEC);
- }
- } else {
- if (decomp_tkt_krb5(tkt, &ad->k_flags, ad->pname, ad->pinst,
- ad->prealm, &ad->address, ad->session,
- &ad->life, &ad->time_sec, sname, iname,
- k5key)) {
- return RD_AP_UNDEC;
- }
- }
-
-#ifdef KRB_CRYPT_DEBUG
- if (krb_ap_req_debug) {
- log("Ticket Contents.");
- log(" Aname: %s%s%s@%s",ad->pname,
- ((int)*(ad->pinst) ? "." : ""), ad->pinst,
- ((int)*(ad->prealm) ? ad->prealm : "Athena"));
- log(" Service: %s%s%s",sname,((int)*iname ? "." : ""),iname);
- log(" sname=%s, sinst=%s", sname, iname);
- }
-#endif
-
- /* Extract the authenticator */
- memcpy(req_id->dat, ptr, (size_t)req_id->length);
-
-#ifndef NOENCRYPTION
- /* And decrypt it with the session key from the ticket */
-#ifdef KRB_CRYPT_DEBUG
- if (krb_ap_req_debug) log("About to decrypt authenticator");
-#endif
-
- key_sched(ad->session, seskey_sched);
- pcbc_encrypt((C_Block *)req_id->dat, (C_Block *)req_id->dat,
- (long)req_id->length,
- seskey_sched, &ad->session, DES_DECRYPT);
- memset(seskey_sched, 0, sizeof(seskey_sched));
-
-#ifdef KRB_CRYPT_DEBUG
- if (krb_ap_req_debug) log("Done.");
-#endif
-#endif /* NOENCRYPTION */
-
- ptr = req_id->dat;
-#define REQID_REMAIN (req_id->length - (ptr - req_id->dat))
-
- ret = RD_AP_MODIFIED;
-
- len = krb4int_strnlen((char *)ptr, REQID_REMAIN) + 1;
- if (len <= 0 || len > ANAME_SZ)
- goto cleanup;
- memcpy(r_aname, ptr, (size_t)len); /* Authentication name */
- ptr += len;
- len = krb4int_strnlen((char *)ptr, REQID_REMAIN) + 1;
- if (len <= 0 || len > INST_SZ)
- goto cleanup;
- memcpy(r_inst, ptr, (size_t)len); /* Authentication instance */
- ptr += len;
- len = krb4int_strnlen((char *)ptr, REQID_REMAIN) + 1;
- if (len <= 0 || len > REALM_SZ)
- goto cleanup;
- memcpy(r_realm, ptr, (size_t)len); /* Authentication name */
- ptr += len;
-
- if (REQID_REMAIN < 4 + 1 + 4)
- goto cleanup;
- KRB4_GET32(ad->checksum, ptr, le);
- r_time_ms = *ptr++; /* Time (fine) */
-#ifdef lint
- /* XXX r_time_ms is set but not used. why??? */
- /* this is a crock to get lint to shut up */
- if (r_time_ms)
- r_time_ms = 0;
-#endif /* lint */
- /* Time (coarse) */
- KRB4_GET32(r_time_sec, ptr, le);
-
- /* Check for authenticity of the request */
-#ifdef KRB_CRYPT_DEBUG
- if (krb_ap_req_debug)
- log("Pname: %s %s",ad->pname,r_aname);
-#endif
-
- ret = RD_AP_INCON;
- if (strcmp(ad->pname,r_aname) != 0)
- goto cleanup;
- if (strcmp(ad->pinst,r_inst) != 0)
- goto cleanup;
-
-#ifdef KRB_CRYPT_DEBUG
- if (krb_ap_req_debug)
- log("Realm: %s %s",ad->prealm,r_realm);
-#endif
-
- if (strcmp(ad->prealm,r_realm) != 0)
- goto cleanup;
-
- /* check the time integrity of the msg */
- ret = RD_AP_TIME;
- t_local = TIME_GMT_UNIXSEC;
- delta_t = t_local - r_time_sec;
- if (delta_t < 0) delta_t = -delta_t; /* Absolute value of difference */
- if (delta_t > CLOCK_SKEW) {
-#ifdef KRB_CRYPT_DEBUG
- if (krb_ap_req_debug)
- log("Time out of range: %d - %d = %d",
- time_secs, r_time_sec, delta_t);
-#endif
- goto cleanup;
- }
-
- /* Now check for expiration of ticket */
-
- ret = RD_AP_NYV;
-#ifdef KRB_CRYPT_DEBUG
- tkt_age = t_local - ad->time_sec;
- if (krb_ap_req_debug)
- log("Time: %d Issue Date: %d Diff: %d Life %x",
- time_secs, ad->time_sec, tkt_age, ad->life);
-#endif
- if (t_local < ad->time_sec) {
- if ((ad->time_sec - t_local) > CLOCK_SKEW)
- goto cleanup;
- } else if (krb_life_to_time((KRB4_32)ad->time_sec, ad->life)
- < t_local + CLOCK_SKEW) {
- /*
- * This calculation is different than the same expiration
- * calculation in krb5. In krb5 the ticket lasts for
- * clock_skew seconds longer than its expiration; in krb4 it
- * lasts clock_skew seconds less. This difference is
- * necessary to avoid using an almost expired tgt to get a new
- * tgt that will last for another 5 minutes. This code
- * interacts with the login in src/kdc/kerberos_v4.c to
- * back-date tickets to avoid them expiring late. The
- * combination may be overly conservative, but I'm fairly sure
- * either removing the kerberos_v4 backdating or replacing
- * this check with the krb5 check is sufficient to create a
- * security problem.
- */
- ret = RD_AP_EXP;
- goto cleanup;
- }
-
-#ifdef KRB_CRYPT_DEBUG
- if (krb_ap_req_debug)
- log("Address: %d %d",ad->address,from_addr);
-#endif
-
- if (!krb_ignore_ip_address
- && from_addr && (ad->address != from_addr)) {
- ret = RD_AP_BADD;
- goto cleanup;
- }
-
- /* All seems OK */
- ad->reply.length = 0;
- ret = 0;
-
-cleanup:
- if (ret) {
- /* Stomp on session key if there is an error. */
- memset(ad->session, 0, sizeof(ad->session));
- return ret;
- }
-
- return RD_AP_OK;
-}
-
-int KRB5_CALLCONV
-krb_rd_req_int(authent, service, instance, from_addr, ad, key)
- KTEXT authent; /* The received message */
- char *service; /* Service name */
- char *instance; /* Service instance */
- KRB_UINT32 from_addr; /* Net address of originating host */
- AUTH_DAT *ad; /* Structure to be filled in */
- C_Block key; /* Key to decrypt ticket with */
-{
- Key_schedule ks;
- int ret;
-
- do {
- ret = des_key_sched(key, ks);
- if (ret) break;
- ret = krb_rd_req_with_key(authent, service, instance,
- from_addr, ad, ks, NULL);
- } while (0);
- memset(ks, 0, sizeof(ks));
- return ret;
-}
-
-int KRB5_CALLCONV
-krb_rd_req(authent, service, instance, from_addr, ad, fn)
- register KTEXT authent; /* The received message */
- char *service; /* Service name */
- char *instance; /* Service instance */
- unsigned KRB4_32 from_addr; /* Net address of originating host */
- AUTH_DAT *ad; /* Structure to be filled in */
- char *fn; /* Filename to get keys from */
-{
- unsigned char *ptr;
- unsigned char s_kvno;
- char realm[REALM_SZ];
- unsigned char skey[KKEY_SZ];
-#ifdef KRB4_USE_KEYTAB
- krb5_keyblock keyblock;
-#endif
- int len;
- int status;
-
-#define AUTHENT_REMAIN (authent->length - (ptr - authent->dat))
- if (authent->length < 3)
- return RD_AP_MODIFIED;
- ptr = authent->dat + 2;
- s_kvno = *ptr++; /* get server key version */
- len = krb4int_strnlen((char *)ptr, AUTHENT_REMAIN) + 1;
- if (len <= 0 || len > sizeof(realm))
- return RD_AP_MODIFIED;
- (void)memcpy(realm, ptr, (size_t)len);
-#undef AUTHENT_REMAIN
- /*
- * If "fn" is NULL, key info should already be set; don't
- * bother with ticket file. Otherwise, check to see if we
- * already have key info for the given server and key version
- * (saved in the static st_* variables). If not, go get it
- * from the ticket file. If "fn" is the null string, use the
- * default ticket file.
- */
- if (fn && (strcmp(st_nam,service) || strcmp(st_inst,instance)
- || strcmp(st_rlm,realm) || (st_kvno != s_kvno))) {
- if (*fn == 0)
- fn = KEYFILE;
- st_kvno = s_kvno;
- if (read_service_key(service,instance,realm, (int)s_kvno,
- fn, (char *)skey) == 0) {
- if ((status = krb_set_key((char *)skey,0)))
- return(status);
-#ifdef KRB4_USE_KEYTAB
- } else if (krb54_get_service_keyblock(service, instance,
- realm, (int)s_kvno,
- fn, &keyblock) == 0) {
- krb_set_key_krb5(krb5__krb4_context, &keyblock);
- krb5_free_keyblock_contents(krb5__krb4_context, &keyblock);
-#endif
- } else
- return RD_AP_UNDEC;
-
- len = krb4int_strnlen(realm, sizeof(st_rlm)) + 1;
- if (len <= 0)
- return KFAILURE;
- memcpy(st_rlm, realm, (size_t)len);
- len = krb4int_strnlen(service, sizeof(st_nam)) + 1;
- if (len <= 0)
- return KFAILURE;
- memcpy(st_nam, service, (size_t)len);
- len = krb4int_strnlen(instance, sizeof(st_inst)) + 1;
- if (len <= 0)
- return KFAILURE;
- memcpy(st_inst, instance, (size_t)len);
- }
- return krb_rd_req_with_key(authent, service, instance,
- from_addr, ad,
- krb5_key ? NULL : serv_key,
- krb5_key ? &srv_k5key : NULL);
-}
Deleted: branches/mskrb-integ/src/lib/krb4/rd_safe.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/rd_safe.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/rd_safe.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,208 +0,0 @@
-/*
- * lib/krb4/rd_safe.c
- *
- * Copyright 1986, 1987, 1988, 2000 by the Massachusetts Institute of
- * Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * This routine dissects a a Kerberos 'safe msg', checking its
- * integrity, and returning a pointer to the application data
- * contained and its length.
- *
- * Returns 0 (RD_AP_OK) for success or an error code (RD_AP_...)
- *
- * Steve Miller Project Athena MIT/DEC
- */
-
-/* system include files */
-#include <stdio.h>
-#include <string.h>
-
-/* application include files */
-#include "krb.h"
-#include "prot.h"
-#include "des.h"
-#include "lsb_addr_cmp.h"
-#include "port-sockets.h"
-
-extern int krb_debug;
-
-/*
- * krb_rd_safe() checks the integrity of an AUTH_MSG_SAFE message.
- * Given the message received, "in", the length of that message,
- * "in_length", the "key" to compute the checksum with, and the
- * network addresses of the "sender" and "receiver" of the message,
- * krb_rd_safe() returns RD_AP_OK if message is okay, otherwise
- * some error code.
- *
- * The message data retrieved from "in" is returned in the structure
- * "m_data". The pointer to the application data (m_data->app_data)
- * refers back to the appropriate place in "in".
- *
- * See the file "mk_safe.c" for the format of the AUTH_MSG_SAFE
- * message. The structure containing the extracted message
- * information, MSG_DAT, is defined in "krb.h".
- */
-
-long KRB5_CALLCONV
-krb_rd_safe(in,in_length,key,sender,receiver,m_data)
- u_char *in; /* pointer to the msg received */
- unsigned KRB4_32 in_length; /* length of "in" msg */
- C_Block *key; /* encryption key for seed and ivec */
- struct sockaddr_in *sender; /* sender's address */
- struct sockaddr_in *receiver; /* receiver's address -- me */
- MSG_DAT *m_data; /* where to put message information */
-{
- int i;
- unsigned KRB4_32 calc_cksum[4];
- unsigned KRB4_32 big_cksum[4];
- int le;
-
- u_char *p,*q;
- int t;
- struct in_addr src_addr;
- unsigned KRB4_32 t_local; /* Local time in our machine */
- KRB4_32 delta_t; /* Difference between timestamps */
-
- /* Be very conservative */
- if (sizeof(src_addr.s_addr) != 4) {
-#ifdef DEBUG
- fprintf(stderr, "\nkrb_rd_safe protocol err "
- "sizeof(src_addr.s_addr) != 4\n");
-#endif
- return RD_AP_VERSION;
- }
-
- p = in; /* beginning of message */
-#define IN_REMAIN (in_length - (p - in))
- if (IN_REMAIN < 1 + 1 + 4)
- return RD_AP_MODIFIED;
-
- if (*p++ != KRB_PROT_VERSION)
- return RD_AP_VERSION;
- t = *p++;
- if ((t & ~1) != AUTH_MSG_SAFE)
- return RD_AP_MSG_TYPE;
- le = t & 1;
-
- q = p; /* mark start of cksum stuff */
-
- /* safely get length */
- KRB4_GET32(m_data->app_length, p, le);
-
- if (IN_REMAIN < m_data->app_length + 1 + 4 + 4 + 4 * 4)
- return RD_AP_MODIFIED;
-
- m_data->app_data = p; /* we're now at the application data */
-
- /* skip app data */
- p += m_data->app_length;
-
- /* safely get time_5ms */
- m_data->time_5ms = *p++;
-
- /* safely get src address */
- (void)memcpy(&src_addr.s_addr, p, sizeof(src_addr.s_addr));
- /* don't swap, net order always */
- p += sizeof(src_addr.s_addr);
-
- if (!krb_ignore_ip_address) {
- switch (sender->sin_family) {
- case AF_INET:
- if (src_addr.s_addr != sender->sin_addr.s_addr)
- return RD_AP_MODIFIED;
- break;
-#ifdef KRB5_USE_INET6
- case AF_INET6:
- if (IN6_IS_ADDR_V4MAPPED (&((struct sockaddr_in6 *)sender)->sin6_addr)
- && !memcmp (&src_addr.s_addr,
- 12 + (char *) &((struct sockaddr_in6 *)sender)->sin6_addr,
- 4))
- break;
- /* Not v4 mapped? Not ignoring addresses? You lose. */
- return RD_AP_MODIFIED;
-#endif
- default:
- return RD_AP_MODIFIED;
- }
- }
-
- /* safely get time_sec */
- KRB4_GET32(m_data->time_sec, p, le);
-
- /* check direction bit is the sign bit */
- /* For compatibility with broken old code, compares are done in VAX
- byte order (LSBFIRST) */
- /* However, if we don't have good ip addresses anyhow, just clear
- the bit. This makes it harder to detect replay of sent packets
- back to the receiver, but most higher level protocols can deal
- with that more directly. */
- if (krb_ignore_ip_address) {
- if (m_data->time_sec < 0)
- m_data->time_sec = -m_data->time_sec;
- } else
- switch (krb4int_address_less (sender, receiver)) {
- case 1:
- m_data->time_sec = -m_data->time_sec;
- break;
- case -1:
- if (m_data->time_sec < 0)
- m_data->time_sec = -m_data->time_sec;
- break;
- }
-
- /* check the time integrity of the msg */
- t_local = TIME_GMT_UNIXSEC;
- delta_t = t_local - m_data->time_sec;
- if (delta_t < 0) delta_t = -delta_t; /* Absolute value of difference */
- if (delta_t > CLOCK_SKEW) {
- return(RD_AP_TIME); /* XXX should probably be better
- code */
- }
-
- /*
- * caller must check timestamps for proper order and replays, since
- * server might have multiple clients each with its own timestamps
- * and we don't assume tightly synchronized clocks.
- */
-
-#ifdef NOENCRYPTION
- memset(calc_cksum, 0, sizeof(calc_cksum));
-#else /* Do encryption */
- /* calculate the checksum of the length, timestamps, and
- * input data, on the sending byte order !! */
- quad_cksum(q,calc_cksum,p-q,2,key);
-#endif /* NOENCRYPTION */
-
- for (i = 0; i < 4; i++)
- KRB4_GET32(big_cksum[i], p, le);
-
- DEB (("\n0: calc %l big %lx\n1: calc %lx big %lx\n2: calc %lx big %lx\n3: calc %lx big %lx\n",
- calc_cksum[0], big_cksum[0],
- calc_cksum[1], big_cksum[1],
- calc_cksum[2], big_cksum[2],
- calc_cksum[3], big_cksum[3]));
- for (i = 0; i < 4; i++)
- if (big_cksum[i] != calc_cksum[i])
- return RD_AP_MODIFIED;
-
- return RD_AP_OK; /* OK == 0 */
-}
Deleted: branches/mskrb-integ/src/lib/krb4/rd_svc_key.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/rd_svc_key.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/rd_svc_key.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,345 +0,0 @@
-/*
- * rd_svc_key.c
- *
- * Copyright 1985, 1986, 1987, 1988, 2007 by the Massachusetts Institute
- * of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- */
-
-#include "mit-copyright.h"
-#include "krb.h"
-#include "krb4int.h"
-#include <stdio.h>
-#include <string.h>
-
-#include "k5-int.h"
-#include <krb54proto.h>
-#include "prot.h"
-
-/*
- * The private keys for servers on a given host are stored in a
- * "srvtab" file (typically "/etc/srvtab"). This routine extracts
- * a given server's key from the file.
- *
- * read_service_key() takes the server's name ("service"), "instance",
- * and "realm" and a key version number "kvno", and looks in the given
- * "file" for the corresponding entry, and if found, returns the entry's
- * key field in "key".
- *
- * If "instance" contains the string "*", then it will match
- * any instance, and the chosen instance will be copied to that
- * string. For this reason it is important that the there is enough
- * space beyond the "*" to receive the entry.
- *
- * If "kvno" is 0, it is treated as a wild card and the first
- * matching entry regardless of the "vno" field is returned.
- *
- * This routine returns KSUCCESS on success, otherwise KFAILURE.
- *
- * The format of each "srvtab" entry is as follows:
- *
- * Size Variable Field in file
- * ---- -------- -------------
- * string serv server name
- * string inst server instance
- * string realm server realm
- * 1 byte vno server key version #
- * 8 bytes key server's key
- * ... ... ...
- */
-
-#ifdef __i960__
-/* special hack to use a global srvtab variable... */
-#define open vxworks_srvtab_open
-#define close vxworks_srvtab_close
-#define getst vxworks_srvtab_getst
-#define read vxworks_srvtab_read
-
-extern char *vxworks_srvtab_base;
-char *vxworks_srvtab_ptr;
-int vxworks_srvtab_getchar(s)
- char *s;
-{
- int tmp1;
- if(vxworks_srvtab_ptr >= (vxworks_srvtab_base + strlen(vxworks_srvtab_base)))
- return 0;
-
- sscanf(vxworks_srvtab_ptr, "%2x", &tmp1);
-
- *s = tmp1;
- vxworks_srvtab_ptr+=2;
- return 1;
-}
-
-int vxworks_srvtab_getst(fd,s,n)
- int fd;
- register char *s;
- int n;
-{
- register count = n;
- while (vxworks_srvtab_getchar(s) && --count)
- if (*s++ == '\0')
- return (n - count);
- *s = '\0';
- return (n - count);
-}
-
-int vxworks_srvtab_open(s, n, m)
- char *s;
- int n, m;
-{
- vxworks_srvtab_ptr = vxworks_srvtab_base;
- return 1;
-}
-
-int vxworks_srvtab_close(fd)
- int fd;
-{
- vxworks_srvtab_ptr = 0;
- return 0;
-}
-
-int vxworks_srvtab_read(fd, s, n)
- int fd;
- char *s;
- int n;
-{
- int count = n;
- /* we want to get exactly n chars. */
- while(vxworks_srvtab_getchar(s) && --count)
- s++;
- return (n-count);
-}
-#endif
-
-#ifdef KRB4_USE_KEYTAB
-/*
- * This function looks up the requested Krb4 srvtab key using the krb5
- * keytab format, if possible.
- */
-extern krb5_error_code
-krb54_get_service_keyblock(service,instance,realm,kvno,file,keyblock)
- char *service; /* Service Name */
- char *instance; /* Instance name or "*" */
- char *realm; /* Realm */
- int kvno; /* Key version number */
- char *file; /* Filename */
- krb5_keyblock * keyblock;
-{
- krb5_error_code retval;
- krb5_principal princ = NULL;
- krb5_keytab kt_id;
- krb5_keytab_entry kt_entry;
- char sname[ANAME_SZ+1];
- char sinst[INST_SZ+1];
- char srealm[REALM_SZ+1];
- char keytabname[MAX_KEYTAB_NAME_LEN + 1]; /* + 1 for NULL termination */
-
- if (!krb5__krb4_context) {
- retval = krb5_init_context(&krb5__krb4_context);
- if (retval)
- return retval;
- }
-
- if (!strcmp(instance, "*")) {
- if ((retval = krb5_sname_to_principal(krb5__krb4_context, NULL, NULL,
- KRB5_NT_SRV_HST, &princ)))
- goto errout;
-
- if ((retval = krb5_524_conv_principal(krb5__krb4_context, princ,
- sname, sinst, srealm)))
- goto errout;
-
- instance = sinst;
- krb5_free_principal(krb5__krb4_context, princ);
- princ = 0;
- }
-
- if ((retval = krb5_425_conv_principal(krb5__krb4_context, service,
- instance, realm, &princ)))
- goto errout;
-
- /*
- * Figure out what name to use; if the name is one of the standard
- * /etc/srvtab, /etc/athena/srvtab, etc., use the default keytab
- * name. Otherwise, append .krb5 to the filename and try to use
- * that.
- */
- if (file &&
- strcmp(file, "/etc/srvtab") &&
- strcmp(file, "/etc/athena/srvtab") &&
- strcmp(file, KEYFILE)) {
- strncpy(keytabname, file, sizeof(keytabname));
- keytabname[sizeof(keytabname)-1] = 0;
- if (strlen(keytabname)+6 < sizeof(keytabname))
- strcat(keytabname, ".krb5");
- } else {
- if ((retval = krb5_kt_default_name(krb5__krb4_context,
- (char *)keytabname, sizeof(keytabname)-1)))
- goto errout;
- }
-
- if ((retval = krb5_kt_resolve(krb5__krb4_context, keytabname, &kt_id)))
- goto errout;
-
- if ((retval = krb5_kt_get_entry(krb5__krb4_context, kt_id, princ, kvno,
- 0, &kt_entry))) {
- krb5_kt_close(krb5__krb4_context, kt_id);
- goto errout;
- }
-
- retval = krb5_copy_keyblock_contents(krb5__krb4_context,
- &kt_entry.key, keyblock);
- /* Bash types */
- /* KLUDGE! If it's a non-raw des3 key, bash its enctype */
- /* See kdc/kerberos_v4.c */
- if (keyblock->enctype == ENCTYPE_DES3_CBC_SHA1 )
- keyblock->enctype = ENCTYPE_DES3_CBC_RAW;
-
- krb5_kt_free_entry(krb5__krb4_context, &kt_entry);
- krb5_kt_close (krb5__krb4_context, kt_id);
-
-errout:
- if (princ)
- krb5_free_principal(krb5__krb4_context, princ);
- return retval;
-}
-#endif
-
-
-int KRB5_CALLCONV
-read_service_key(service,instance,realm,kvno,file,key)
- char *service; /* Service Name */
- char *instance; /* Instance name or "*" */
- char *realm; /* Realm */
- int kvno; /* Key version number */
- char *file; /* Filename */
- char *key; /* Pointer to key to be filled in */
-{
- int kret;
-
-#ifdef KRB4_USE_KEYTAB
- krb5_error_code retval;
- krb5_keyblock keyblock;
-#endif
-
- kret = get_service_key(service,instance,realm,&kvno,file,key);
-
- if (! kret)
- return KSUCCESS;
-
-#ifdef KRB4_USE_KEYTAB
- kret = KFAILURE;
- keyblock.magic = KV5M_KEYBLOCK;
- keyblock.contents = 0;
-
- retval = krb54_get_service_keyblock(service,instance,realm,kvno,file,
- &keyblock);
- if (retval)
- goto errout;
-
- if ((keyblock.length != sizeof(C_Block)) ||
- ((keyblock.enctype != ENCTYPE_DES_CBC_CRC) &&
- (keyblock.enctype != ENCTYPE_DES_CBC_MD4) &&
- (keyblock.enctype != ENCTYPE_DES_CBC_MD5))) {
- goto errout;
- }
- (void) memcpy(key, keyblock.contents, sizeof(C_Block));
- kret = KSUCCESS;
-
-errout:
- if (keyblock.contents)
- krb5_free_keyblock_contents(krb5__krb4_context, &keyblock);
-#endif
-
- return kret;
-}
-
-/* kvno is passed by reference, so that if it is zero, and we find a match,
- the match gets written back into *kvno so the caller can find it.
- */
-int KRB5_CALLCONV
-get_service_key(service,instance,realm,kvno,file,key)
- char *service; /* Service Name */
- char *instance; /* Instance name or "*" */
- char *realm; /* Realm */
- int *kvno; /* Key version number */
- char *file; /* Filename */
- char *key; /* Pointer to key to be filled in */
-{
- char serv[SNAME_SZ];
- char inst[INST_SZ];
- char rlm[REALM_SZ];
- unsigned char vno; /* Key version number */
- int wcard;
- char krb_realm[REALM_SZ];
-
- int stab;
-
- if (!file)
- file = KEYFILE;
-
- if ((stab = open(file, 0, 0)) < 0)
- return(KFAILURE);
- set_cloexec_fd(stab);
-
- wcard = (instance[0] == '*') && (instance[1] == '\0');
- /* get current realm if not passed in */
- if (!realm) {
- int rem;
-
- rem = krb_get_lrealm(krb_realm,1);
- if (rem != KSUCCESS)
- return(rem);
- realm = krb_realm;
- }
-
- while(getst(stab,serv,SNAME_SZ) > 0) { /* Read sname */
- (void) getst(stab,inst,INST_SZ); /* Instance */
- (void) getst(stab,rlm,REALM_SZ); /* Realm */
- /* Vers number */
- if (read(stab,(char *)&vno,1) != 1) {
- close(stab);
- return(KFAILURE);
- }
- /* Key */
- if (read(stab,key,8) != 8) {
- close(stab);
- return(KFAILURE);
- }
- /* Is this the right service */
- if (strcmp(serv,service))
- continue;
- /* How about instance */
- if (!wcard && strcmp(inst,instance))
- continue;
- if (wcard)
- (void) strncpy(instance,inst,INST_SZ);
- /* Is this the right realm */
-#if defined(ATHENA_COMPAT) || defined(ATHENA_OLD_SRVTAB)
- /* XXX For backward compatibility: if keyfile says "Athena"
- and caller wants "ATHENA.MIT.EDU", call it a match */
- if (strcmp(rlm,realm) &&
- (strcmp(rlm,"Athena") ||
- strcmp(realm,"ATHENA.MIT.EDU")))
- continue;
-#else /* ! ATHENA_COMPAT */
- if (strcmp(rlm,realm))
- continue;
-#endif /* ATHENA_COMPAT */
-
- /* How about the key version number */
- if (*kvno && *kvno != (int) vno)
- continue;
-
- (void) close(stab);
- *kvno = vno;
- return(KSUCCESS);
- }
-
- /* Can't find the requested service */
- (void) close(stab);
- return(KFAILURE);
-}
Deleted: branches/mskrb-integ/src/lib/krb4/recvauth.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/recvauth.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/recvauth.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,308 +0,0 @@
-/*
- * lib/krb4/recvauth.c
- *
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include <errno.h>
-#include <stdio.h>
-#include <string.h>
-#include "autoconf.h"
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include "port-sockets.h"
-
-
-#define KRB_SENDAUTH_VERS "AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN
- chars */
-
-/*
- * If the protocol changes, you will need to change the version string
- * and make appropriate changes in krb_sendauth.c
- * be sure to support old versions of krb_sendauth!
- */
-
-/*
- * krb_recvauth() reads (and optionally responds to) a message sent
- * using krb_sendauth(). The "options" argument is a bit-field of
- * selected options (see "sendauth.c" for options description).
- * The only option relevant to krb_recvauth() is KOPT_DO_MUTUAL
- * (mutual authentication requested). The "fd" argument supplies
- * a file descriptor to read from (and write to, if mutual authenti-
- * cation is requested).
- *
- * Part of the received message will be a Kerberos ticket sent by the
- * client; this is read into the "ticket" argument. The "service" and
- * "instance" arguments supply the server's Kerberos name. If the
- * "instance" argument is the string "*", it is treated as a wild card
- * and filled in during the krb_rd_req() call (see read_service_key()).
- *
- * The "faddr" and "laddr" give the sending (client) and receiving
- * (local server) network addresses. ("laddr" may be left NULL unless
- * mutual authentication is requested, in which case it must be set.)
- *
- * The authentication information extracted from the message is returned
- * in "kdata". The "filename" argument indicates the file where the
- * server's key can be found. (It is passed on to krb_rd_req().) If
- * left null, the default "/etc/srvtab" will be used.
- *
- * If mutual authentication is requested, the session key schedule must
- * be computed in order to reply; this schedule is returned in the
- * "schedule" argument. A string containing the application version
- * number from the received message is returned in "version", which
- * should be large enough to hold a KRB_SENDAUTH_VLEN-character string.
- *
- * See krb_sendauth() for the format of the received client message.
- *
- * This routine supports another client format, for backward
- * compatibility, consisting of:
- *
- * Size Variable Field
- * ---- -------- -----
- *
- * string tmp_buf, tkt_len length of ticket, in
- * ascii
- *
- * char ' ' (space char) separator
- *
- * tkt_len ticket->dat the ticket
- *
- * This old-style version does not support mutual authentication.
- *
- * krb_recvauth() first reads the protocol version string from the
- * given file descriptor. If it doesn't match the current protocol
- * version (KRB_SENDAUTH_VERS), the old-style format is assumed. In
- * that case, the string of characters up to the first space is read
- * and interpreted as the ticket length, then the ticket is read.
- *
- * If the first string did match KRB_SENDAUTH_VERS, krb_recvauth()
- * next reads the application protocol version string. Then the
- * ticket length and ticket itself are read.
- *
- * The ticket is decrypted and checked by the call to krb_rd_req().
- * If no mutual authentication is required, the result of the
- * krb_rd_req() call is retured by this routine. If mutual authenti-
- * cation is required, a message in the following format is returned
- * on "fd":
- *
- * Size Variable Field
- * ---- -------- -----
- *
- * 4 bytes tkt_len length of ticket or -1
- * if error occurred
- *
- * priv_len tmp_buf "private" message created
- * by krb_mk_priv() which
- * contains the incremented
- * checksum sent by the client
- * encrypted in the session
- * key. (This field is not
- * present in case of error.)
- *
- * If all goes well, KSUCCESS is returned; otherwise KFAILURE or some
- * other error code is returned.
- */
-
-#ifndef max
-#define max(a,b) (((a) > (b)) ? (a) : (b))
-#endif /* max */
-
-int KRB5_CALLCONV
-krb_recvauth(options, fd, ticket, service, instance, faddr, laddr, kdata,
- filename, schedule, version)
- long options; /* bit-pattern of options */
- int fd; /* file descr. to read from */
- KTEXT ticket; /* storage for client's ticket */
- char *service; /* service expected */
- char *instance; /* inst expected (may be filled in) */
- struct sockaddr_in *faddr; /* address of foreign host on fd */
- struct sockaddr_in *laddr; /* local address */
- AUTH_DAT *kdata; /* kerberos data (returned) */
- char *filename; /* name of file with service keys */
- Key_schedule schedule; /* key schedule (return) */
- char *version; /* version string (filled in) */
-{
-
- int i, cc, old_vers = 0;
- char krb_vers[KRB_SENDAUTH_VLEN + 1]; /* + 1 for the null terminator */
- char *cp = NULL;
- int rem;
- KRB4_32 tkt_len, priv_len;
- unsigned KRB4_32 cksum;
- u_char tmp_buf[MAX_KTXT_LEN+max(KRB_SENDAUTH_VLEN+1,21)] = { 0 };
-
- /* read the protocol version number */
- if (krb_net_read(fd, krb_vers, KRB_SENDAUTH_VLEN) !=
- KRB_SENDAUTH_VLEN)
- return(errno);
- krb_vers[KRB_SENDAUTH_VLEN] = '\0';
-
- /* check version string */
- if (strcmp(krb_vers,KRB_SENDAUTH_VERS)) {
- /* Assume the old version of sendkerberosdata: send ascii
- length, ' ', and ticket. */
- if (options & KOPT_DO_MUTUAL)
- return(KFAILURE); /* XXX can't do old style with mutual auth */
- old_vers = 1;
-
- /* copy what we have read into tmp_buf */
- (void) memcpy((char *) tmp_buf, krb_vers, KRB_SENDAUTH_VLEN);
-
- /* search for space, and make it a null */
- for (i = 0; i < KRB_SENDAUTH_VLEN; i++)
- if (tmp_buf[i]== ' ') {
- tmp_buf[i] = '\0';
- /* point cp to the beginning of the real ticket */
- cp = (char *) &tmp_buf[i+1];
- break;
- }
-
- if (i == KRB_SENDAUTH_VLEN)
- /* didn't find the space, keep reading to find it */
- for (; i<20; i++) {
- if (read(fd, (char *)&tmp_buf[i], 1) != 1) {
- return(KFAILURE);
- }
- if (tmp_buf[i] == ' ') {
- tmp_buf[i] = '\0';
- /* point cp to the beginning of the real ticket */
- cp = (char *) &tmp_buf[i+1];
- break;
- }
- }
-
- if (i==20)
- return(KFAILURE);
-
- tkt_len = (KRB4_32) atoi((char *) tmp_buf);
-
- /* sanity check the length */
- /* These conditions make sure that cp got initialized */
- if ((tkt_len<=0)||(tkt_len>MAX_KTXT_LEN))
- return(KFAILURE);
-
- if (i < KRB_SENDAUTH_VLEN) {
- /* since we already got the space, and part of the ticket,
- we read fewer bytes to get the rest of the ticket */
- int len_to_read = tkt_len - KRB_SENDAUTH_VLEN + 1 + i;
- if (len_to_read <= 0)
- return KFAILURE;
- if (krb_net_read(fd, (char *)(tmp_buf+KRB_SENDAUTH_VLEN),
- len_to_read)
- != len_to_read)
- return(errno);
- } else {
- if (krb_net_read(fd, (char *)(tmp_buf+i), (int)tkt_len) !=
- (int) tkt_len)
- return(errno);
- }
- ticket->length = tkt_len;
- /* copy the ticket into the struct */
- (void) memcpy((char *) ticket->dat, cp, ticket->length);
-
- } else {
- /* read the application version string */
- if (krb_net_read(fd, version, KRB_SENDAUTH_VLEN) !=
- KRB_SENDAUTH_VLEN)
- return(errno);
- version[KRB_SENDAUTH_VLEN] = '\0';
-
- /* get the length of the ticket */
- if (krb_net_read(fd, (char *)&tkt_len, sizeof(tkt_len)) !=
- sizeof(tkt_len))
- return(errno);
-
- /* sanity check */
- ticket->length = ntohl((unsigned KRB4_32)tkt_len);
- if ((ticket->length <= 0) || (ticket->length > MAX_KTXT_LEN)) {
- if (options & KOPT_DO_MUTUAL) {
- rem = KFAILURE;
- goto mutual_fail;
- } else
- return(KFAILURE); /* XXX there may still be junk on the fd? */
- }
-
- /* read the ticket */
- if (krb_net_read(fd, (char *) ticket->dat, ticket->length)
- != ticket->length)
- return(errno);
- }
- /*
- * now have the ticket. decrypt it to get the authenticated
- * data.
- */
- rem = krb_rd_req(ticket,service,instance,faddr->sin_addr.s_addr,
- kdata,filename);
-
- if (old_vers) return(rem); /* XXX can't do mutual with old client */
-
- /* if we are doing mutual auth, compose a response */
- if (options & KOPT_DO_MUTUAL) {
- if (rem != KSUCCESS)
- /* the krb_rd_req failed */
- goto mutual_fail;
-
- /* add one to the (formerly) sealed checksum, and re-seal it
- for return to the client */
- cksum = kdata->checksum + 1;
- cksum = htonl(cksum);
-#ifndef NOENCRYPTION
- key_sched(kdata->session,schedule);
-#endif /* !NOENCRYPTION */
- priv_len = krb_mk_priv((unsigned char *)&cksum,
- tmp_buf,
- (unsigned KRB4_32) sizeof(cksum),
- schedule,
- &kdata->session,
- laddr,
- faddr);
- if (priv_len < 0) {
- /* re-sealing failed; notify the client */
- rem = KFAILURE; /* XXX */
-mutual_fail:
- priv_len = -1;
- tkt_len = htonl((unsigned KRB4_32) priv_len);
- /* a length of -1 is interpreted as an authentication
- failure by the client */
- if ((cc = krb_net_write(fd, (char *)&tkt_len, sizeof(tkt_len)))
- != sizeof(tkt_len))
- return(cc);
- return(rem);
- } else {
- /* re-sealing succeeded, send the private message */
- tkt_len = htonl((unsigned KRB4_32)priv_len);
- if ((cc = krb_net_write(fd, (char *)&tkt_len, sizeof(tkt_len)))
- != sizeof(tkt_len))
- return(cc);
- if ((cc = krb_net_write(fd, (char *)tmp_buf, (int) priv_len))
- != (int) priv_len)
- return(cc);
- }
- }
- return(rem);
-}
Deleted: branches/mskrb-integ/src/lib/krb4/ren-cyg.sh
===================================================================
--- branches/mskrb-integ/src/lib/krb4/ren-cyg.sh 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/ren-cyg.sh 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,11 +0,0 @@
-#!/bin/sh
-# Rename Kerberos Cygnus V4 filenames to proposed names
-# for converting old trees.
-awk '/^@ / { if ($6 != "")
- if ($6 != $4)
- print "mv " $6 " " $4
- else ;
- else if ($2 != $4 && $2 != "-")
- print "mv " $2 " " $4
- }
- ' <ren.msg | grep -v '(gone)' | sh -x
Deleted: branches/mskrb-integ/src/lib/krb4/ren-pc.bat
===================================================================
(Binary files differ)
Deleted: branches/mskrb-integ/src/lib/krb4/ren-pc.sh
===================================================================
--- branches/mskrb-integ/src/lib/krb4/ren-pc.sh 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/ren-pc.sh 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,7 +0,0 @@
-# Rename Kerberos V4 MIT PC-port filenames to proposed names
-# for converting old PC trees on Unix systems.
-awk '/^@ / {
- if ($3 != $4 && $3 != "-")
- print "mv " $3 " " $4
- }
- ' <ren.msg | grep -v '(gone)' | sh -x
Deleted: branches/mskrb-integ/src/lib/krb4/ren-pl10.sh
===================================================================
--- branches/mskrb-integ/src/lib/krb4/ren-pl10.sh 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/ren-pl10.sh 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,7 +0,0 @@
-# Rename Kerberos V4 pl10 filenames to proposed names
-# for converting old trees.
-awk '/^@ / {
- if ($2 != $4 && $2 != "-")
- print "mv " $2 " " $4
- }
- ' <ren.msg | grep -v '(gone)' | sh -x
Deleted: branches/mskrb-integ/src/lib/krb4/ren.msg
===================================================================
--- branches/mskrb-integ/src/lib/krb4/ren.msg 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/ren.msg 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,117 +0,0 @@
-Subject: Kerberos file renaming for short DOS names
-Date: Tue, 19 Apr 1994 13:34:28 -0700
-From: John Gilmore <gnu at cygnus.com>
-
-[edited since sending, to bring it up to date with what actually happened.]
-
-I'd like to come up with some file naming and configuration
-conventions that will work in DOS, Unix, and Mac environments. At
-Cygnus, we are creating a single freely available K4 source tree that
-works on many Unixes, Windows, and Mac. It currently works on Unixes.
-(To get a copy, send mail to info at cygnus.com requesting our Kerberos
-release. It's in a hidden FTP location due to export control.)
-
-I diffed the current MIT release of Kerberos for PC and Windows
-against the V4 patchlevel 10 release, and identified some 30 files in
-lib/krb that have been renamed between Unix and PC. Comparing source
-trees becomes much more painful when files are renamed. If we don't
-come to sync on the file names, it will be very hard to collaborate,
-which would make more work for all of us.
-
-My plan, which we have used successfully in the GNU software, is to
-make sure that all filenames are unique if you take the first 8 chars
-and the first 3 after the dot. No files have more than a single dot
-in them. We don't restrict file names to just 8.3 characters, since
-doing so would impact readability for the (99.9%) of the developers
-who are on Unix or Mac, where long file names are fine.
-
-There's an additional complication that names longer than 14
-characters present problems to old System V Unix and to `ar' on Unix.
-DJ Delorie's excellent `doschk' program points out all these problems.
-(prep.ai.mit.edu:/pub/gnu/doschk-1.1.tar.gz).
-
-Here's my proposal for the lib/krb directory. In general, I tried to
-regularize the names, turning get_ into g_, removing krb_, turning
-reply into repl, turning ticket into tkt, keeping all file names
-unique across the various libraries, and making a file name more like
-the function name contained in it when there were conflicts. Some
-resulting truncated names are more readable than in the current MIT K4
-PC, some are less readable -- but the overall advantage is that the
-new names should be acceptable to Unix/Mac developers, while the old
-ones weren't.
-
- MIT K4 patch10 MIT K4 PC PROPOSED NAME (trunc to 8.3) old Cyg
-$1 $2 $3 $4 $5 $6
-
-@ add_ticket.c (gone) add_tkt.c add_tkt.c
-@ - - ChangeLog changelo
-@ cr_err_reply.c crerrep.c cr_err_repl.c cr_err_r.c
-@ create_auth_reply.c crauthre.c cr_auth_repl.c cr_auth_.c cr_auth_reply.c
-@ create_ciph.c cr_ciph.c cr_ciph.c cr_ciph.c
-@ create_death_packet.c cr_death.c cr_death_pkt.c cr_death.c cr_death_pkt.c
-@ create_ticket.c crticket.c cr_tkt.c cr_tkt.c
-@ debug_decl.c debug.c debug.c debug.c
-@ decomp_ticket.c decomtkt.c decomp_tkt.c decomp_t.c
-@ - - DNR.c dnr.c
-@ extract_ticket.c ext_tkt.c ext_tkt.c ext_tkt.c extract_tkt.c
-@ - - g_cnffile.c g_cnffil.c
-@ get_ad_tkt.c getadtkt.c g_ad_tkt.c g_ad_tkt.c
-@ get_admhst.c getadmhs.c g_admhst.c g_admhst.c
-@ get_cred.c get_cred.c g_cred.c g_cred.c
-@ get_in_tkt.c getintkt.c g_pw_in_tkt.c g_pw_in_.c
-@ get_krbhst.c getkrbhs.c g_krbhst.c g_krbhst.c
-@ get_krbrlm.c g_krbrlm.c g_krbrlm.c g_krbrlm.c
-@ get_phost.c getphost.c g_phost.c g_phost.c
-@ get_pw_tkt.c getpwtkt.c g_pw_tkt.c g_pw_tkt.c
-@ get_request.c get_req.c (gone) (gone)
-@ get_svc_in_tkt.c g_svctkt.c g_svc_in_tkt.c g_svc_in.c get_svc_in.c
-@ get_tf_fullname.c gettfnam.c g_tf_fname.c g_tf_fna.c get_tf_fname.c
-@ get_tf_realm.c gettfrlm.c g_tf_realm.c g_tf_rea.c
-@ - - g_tkt_svc.c g_tkt_sv.c
-@ getrealm.c getrealm.c realmofhost.c realmofh.c
-@ k_gethostname.c k_gethst.c gethostname.c gethostn.c
-@ kname_parse.c knm_pars.c kname_parse.c kname_pa.c
-@ krb_err_txt.c k_errtxt.c err_txt.c err_txt.c
-@ krb_get_in_tkt.c k_gettkt.c g_in_tkt.c g_in_tkt.c krb_get_in.c
-@ - - mac_store.c mac_stor.c
-@ - - mac_store.h mac_stor.h
-@ - - mac_stubs.c mac_stub.c
-@ - - Makefile.in makefile.in
-@ - - mk_preauth.c mk_preau.c
-@ month_sname.c mth_snam.c month_sname.c month_sn.c
-@ pkt_cipher.c pkt_ciph.c pkt_cipher.c pkt_ciph.c
-@ - - Password.c password.c
-@ - - rd_preauth.c rd_preau.c
-@ - - put_svc_key.c put_svc_.c
-@ read_service_key.c rdservky.c rd_svc_key.c rd_svc_k.c read_svc_key.c
-@ save_credentials.c savecred.c save_creds.c save_cre.c save_creds.c
-@ send_to_kdc.c send_kdc.c send_to_kdc.c send_to_.c
-@ strcasecmp.c s_cascmp.c strcasecmp.c strcasec.c
-@ tkt_string.c tkt_strg.c tkt_string.c tkt_stri.c
-@ - - unix_glue.c unix_glu.c
-@ util.c util.c ad_print.c ad_print.c
-@ - - win_store.c win_stor.c
-# Cleanup for simplified sed scripts that use this table
- at sed s/tf_ad_print\./tf_util\./g
-
-I've supplied Unix shell scripts in the distribution for moving:
-ren-pl10.sh V4 pl10 filenames to proposed names for converting old trees
-ren-pc.sh V4 MIT PC names to proposed names for converting old trees
-ren2long.sh truncated names to proposed names for moving DOS->unix
-ren2dos.sh proposed names to truncated names for unix->DOS names
-
-There's also shell scripts to produce sed scripts for converting Makefiles
-and documentation. You use them like:
- ./sed-pl10.sh >/tmp/sed
- sed -f /tmp/sed <Makefile >newMakefile
-sed-pl10.sh V4 pl10 filenames to proposed names for converting old trees
-sed-pc.sh V4 MIT PC names to proposed names for converting old trees
-
-I'll also supply a DOS script for moving:
-ren-pc.bat V4 MIT PC names to proposed names for converting old trees
-
-And an MPW script for moving
-ren-pl10.mpw V4 pl10 filenames to proposed names for converting old trees
-
- John Gilmore
- Cygnus Support
Deleted: branches/mskrb-integ/src/lib/krb4/ren2dos.sh
===================================================================
--- branches/mskrb-integ/src/lib/krb4/ren2dos.sh 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/ren2dos.sh 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,7 +0,0 @@
-# Rename Unix filenames to DOS-truncated filenames for KRB library.
-# for converting Unix distributions to DOS distributions
-awk '/^@ / {
- if ($4 != $5)
- print "mv " $4 " " $5
- }
- ' <ren.msg | sh -x
Deleted: branches/mskrb-integ/src/lib/krb4/ren2long.sh
===================================================================
--- branches/mskrb-integ/src/lib/krb4/ren2long.sh 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/ren2long.sh 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,7 +0,0 @@
-# Rename DOS-truncated filenames to Unix filenames for KRB library.
-# for converting DOS distributions to Unix distributions
-awk '/^@ / {
- if ($4 != $5)
- print "mv " $5 " " $4
- }
- ' <ren.msg | sh -x
Deleted: branches/mskrb-integ/src/lib/krb4/save_creds.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/save_creds.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/save_creds.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,87 +0,0 @@
-/*
- * save_creds.c
- *
- * Copyright 1985, 1986, 1987, 1988, 2002 by the Massachusetts
- * Institute of Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include <stdio.h>
-#include "krb.h"
-#include "krb4int.h"
-
-/*
- * This routine takes a ticket and associated info and calls
- * tf_save_cred() to store them in the ticket cache. The peer
- * routine for extracting a ticket and associated info from the
- * ticket cache is krb_get_cred(). When changes are made to
- * this routine, the corresponding changes should be made
- * in krb_get_cred() as well.
- *
- * Returns KSUCCESS if all goes well, otherwise an error returned
- * by the tf_init() or tf_save_cred() routines.
- *
- * This used to just be called save_credentials, but when we formalized
- * the DOS/Mac interface, we created and exported krb_save_credentials
- * to avoid namespace pollution.
- */
-
-int
-krb4int_save_credentials_addr(service, instance, realm, session, lifetime, kvno,
- ticket, issue_date, local_addr)
- char *service; /* Service name */
- char *instance; /* Instance */
- char *realm; /* Auth domain */
- C_Block session; /* Session key */
- int lifetime; /* Lifetime */
- int kvno; /* Key version number */
- KTEXT ticket; /* The ticket itself */
- KRB4_32 issue_date; /* The issue time */
- KRB_UINT32 local_addr;
-{
- int tf_status; /* return values of the tf_util calls */
-
- /* Open and lock the ticket file for writing */
- if ((tf_status = tf_init(TKT_FILE, W_TKT_FIL)) != KSUCCESS)
- return(tf_status);
-
- /* Save credentials by appending to the ticket file */
- tf_status = tf_save_cred(service, instance, realm, session,
- lifetime, kvno, ticket, issue_date);
- (void) tf_close();
- return (tf_status);
-}
-
-int KRB5_CALLCONV
-krb_save_credentials(
- char *service,
- char *instance,
- char *realm,
- C_Block session,
- int lifetime,
- int kvno,
- KTEXT ticket,
- long issue_date)
-{
- return krb4int_save_credentials_addr(service, instance, realm,
- session, lifetime, kvno,
- ticket, (KRB4_32)issue_date, 0);
-}
Deleted: branches/mskrb-integ/src/lib/krb4/sed-cyg.sh
===================================================================
--- branches/mskrb-integ/src/lib/krb4/sed-cyg.sh 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/sed-cyg.sh 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,13 +0,0 @@
-#!/bin/sh
-# Produce a sed script for converting Kerberos Cygnus V4 filenames to proposed
-# names -- for converting old makefiles and doc.
-# We fix any "oldfoo." into "newfoo." including .c and .o and .h files.
-awk '/^@ / { if ($6 != "")
- if ($6 != $4)
- print "s/" $6 "/" $4 "/g"
- else ;
- else if ($2 != $4 && $2 != "-")
- print "s/" $2 "/" $4 "/g"
- }
- /^@sed / { print $2 }
- ' <ren.msg | grep -v '(gone)' | sed 's/\.c/\\./g'
Deleted: branches/mskrb-integ/src/lib/krb4/sed-pc.sh
===================================================================
--- branches/mskrb-integ/src/lib/krb4/sed-pc.sh 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/sed-pc.sh 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,11 +0,0 @@
-#!/bin/sh
-# Produce a sed script for converting Kerberos V4 MIT PC filenames to proposed
-# names -- for converting old makefiles and doc.
-# We fix any "oldfoo." into "newfoo." including .c and .o and .h files.
-awk '/^@ / {
- if ($3 != $4)
- print "s/" $3 "/" $4 "/g"
- }
- /^@sed / { print $2 }
- ' <ren.msg | grep -v '(gone)' | sed 's/\.c/\\./g'
-
Deleted: branches/mskrb-integ/src/lib/krb4/sed-pl10.sh
===================================================================
--- branches/mskrb-integ/src/lib/krb4/sed-pl10.sh 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/sed-pl10.sh 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,10 +0,0 @@
-#!/bin/sh
-# Produce a sed script for converting Kerberos V4 pl10 filenames to proposed
-# names -- for converting old makefiles and doc.
-# We fix any "oldfoo." into "newfoo." including .c and .o and .h files.
-awk '/^@ / {
- if ($2 != $4)
- print "s/" $2 "/" $4 "/g"
- }
- /^@sed / { print $2 }
- ' <ren.msg | sed 's/\.c/\\./g'
Deleted: branches/mskrb-integ/src/lib/krb4/send_to_kdc.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/send_to_kdc.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/send_to_kdc.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,206 +0,0 @@
-/*
- * lib/krb4/send_to_kdc.c
- *
- * Copyright 1987-2002 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include "krbports.h"
-#include "prot.h"
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "autoconf.h"
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include "port-sockets.h"
-#include "fake-addrinfo.h"
-#include "k5-int.h"
-#include "krb4int.h"
-
-#define S_AD_SZ sizeof(struct sockaddr_in)
-
-/* These are really defaults from getservbyname() or hardcoded. */
-static int cached_krb_udp_port = 0;
-static int cached_krbsec_udp_port = 0;
-
-int krb4int_send_to_kdc_addr(KTEXT, KTEXT, char *,
- struct sockaddr *, socklen_t *);
-
-#ifdef DEBUG
-static char *prog = "send_to_kdc";
-#endif
-
-/*
- * send_to_kdc() sends a message to the Kerberos authentication
- * server(s) in the given realm and returns the reply message.
- * The "pkt" argument points to the message to be sent to Kerberos;
- * the "rpkt" argument will be filled in with Kerberos' reply.
- * The "realm" argument indicates the realm of the Kerberos server(s)
- * to transact with. If the realm is null, the local realm is used.
- *
- * If more than one Kerberos server is known for a given realm,
- * different servers will be queried until one of them replies.
- * Several attempts (retries) are made for each server before
- * giving up entirely.
- *
- * The following results can be returned:
- *
- * KSUCCESS - an answer was received from a Kerberos host
- *
- * SKDC_CANT - can't get local realm
- * - can't find "kerberos" in /etc/services database
- * - can't open socket
- * - can't bind socket
- * - all ports in use
- * - couldn't find any Kerberos host
- *
- * SKDC_RETRY - couldn't get an answer from any Kerberos server,
- * after several retries
- */
-
-int
-krb4int_send_to_kdc_addr(
- KTEXT pkt, KTEXT rpkt, char *realm,
- struct sockaddr *addr, socklen_t *addrlen)
-{
- struct addrlist al = ADDRLIST_INIT;
- char lrealm[REALM_SZ];
- krb5int_access internals;
- krb5_error_code retval;
- struct servent *sp;
- int krb_udp_port = 0;
- int krbsec_udp_port = 0;
- char krbhst[MAXHOSTNAMELEN];
- char *scol;
- int i;
- int err;
- krb5_data message, reply;
-
- /*
- * If "realm" is non-null, use that, otherwise get the
- * local realm.
- */
- if (realm)
- strncpy(lrealm, realm, sizeof(lrealm) - 1);
- else {
- if (krb_get_lrealm(lrealm, 1)) {
- DEB (("%s: can't get local realm\n", prog));
- return SKDC_CANT;
- }
- }
- lrealm[sizeof(lrealm) - 1] = '\0';
- DEB (("lrealm is %s\n", lrealm));
-
- retval = krb5int_accessor(&internals, KRB5INT_ACCESS_VERSION);
- if (retval)
- return KFAILURE;
-
- /* The first time, decide what port to use for the KDC. */
- if (cached_krb_udp_port == 0) {
- sp = getservbyname("kerberos","udp");
- if (sp)
- cached_krb_udp_port = sp->s_port;
- else
- cached_krb_udp_port = htons(KERBEROS_PORT); /* kerberos/udp */
- DEB (("cached_krb_udp_port is %d\n", cached_krb_udp_port));
- }
- /* If kerberos/udp isn't 750, try using kerberos-sec/udp (or 750)
- as a fallback. */
- if (cached_krbsec_udp_port == 0 &&
- cached_krb_udp_port != htons(KERBEROS_PORT)) {
- sp = getservbyname("kerberos-sec","udp");
- if (sp)
- cached_krbsec_udp_port = sp->s_port;
- else
- cached_krbsec_udp_port = htons(KERBEROS_PORT); /* kerberos/udp */
- DEB (("cached_krbsec_udp_port is %d\n", cached_krbsec_udp_port));
- }
-
- for (i = 1; krb_get_krbhst(krbhst, lrealm, i) == KSUCCESS; ++i) {
-#ifdef DEBUG
- if (krb_debug) {
- DEB (("Getting host entry for %s...",krbhst));
- (void) fflush(stdout);
- }
-#endif
- if (0 != (scol = strchr(krbhst,':'))) {
- krb_udp_port = htons(atoi(scol+1));
- *scol = 0;
- if (krb_udp_port == 0) {
-#ifdef DEBUG
- if (krb_debug) {
- DEB (("bad port number %s\n",scol+1));
- (void) fflush(stdout);
- }
-#endif
- continue;
- }
- krbsec_udp_port = 0;
- } else {
- krb_udp_port = cached_krb_udp_port;
- krbsec_udp_port = cached_krbsec_udp_port;
- }
- err = internals.add_host_to_list(&al, krbhst,
- krb_udp_port, krbsec_udp_port,
- SOCK_DGRAM, PF_INET);
- if (err) {
- retval = SKDC_CANT;
- goto free_al;
- }
- }
- if (al.naddrs == 0) {
- DEB (("%s: can't find any Kerberos host.\n", prog));
- retval = SKDC_CANT;
- }
-
- message.length = pkt->length;
- message.data = (char *)pkt->dat; /* XXX yuck */
- retval = internals.sendto_udp(NULL, &message, &al, NULL, &reply, addr,
- addrlen, NULL, 0, NULL, NULL, NULL);
- DEB(("sendto_udp returns %d\n", retval));
-free_al:
- internals.free_addrlist(&al);
- if (retval)
- return SKDC_CANT;
- DEB(("reply.length=%d\n", reply.length));
- if (reply.length > sizeof(rpkt->dat))
- retval = SKDC_CANT;
- rpkt->length = 0;
- if (!retval) {
- memcpy(rpkt->dat, reply.data, reply.length);
- rpkt->length = reply.length;
- }
- krb5_free_data_contents(NULL, &reply);
- return retval;
-}
-
-int
-send_to_kdc(KTEXT pkt, KTEXT rpkt, char *realm)
-{
- return krb4int_send_to_kdc_addr(pkt, rpkt, realm, NULL, NULL);
-}
Deleted: branches/mskrb-integ/src/lib/krb4/sendauth.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/sendauth.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/sendauth.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,282 +0,0 @@
-/*
- * sendauth.c
- *
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- */
-
-#include "mit-copyright.h"
-
-#include "krb.h"
-#include "krb4int.h"
-#include <errno.h>
-#include <stdio.h>
-#include <string.h>
-#include "port-sockets.h"
-
-#define KRB_SENDAUTH_VERS "AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN chars */
-/*
- * If the protocol changes, you will need to change the version string
- * and make appropriate changes in krb_recvauth.c
- */
-
-/*
- * This file contains two routines: krb_sendauth() and krb_sendsrv().
- *
- * krb_sendauth() transmits a ticket over a file descriptor for a
- * desired service, instance, and realm, doing mutual authentication
- * with the server if desired.
- *
- * Most of the real work of krb_sendauth() has been moved into mk_auth.c
- * for portability; sendauth takes a Unix file descriptor as argument,
- * which doesn't work on other operating systems.
- *
- * krb_sendsvc() sends a service name to a remote knetd server, and is
- * only for Athena compatability.
- */
-
-/*
- * The first argument to krb_sendauth() contains a bitfield of
- * options (the options are defined in "krb.h"):
- *
- * KOPT_DONT_CANON Don't canonicalize instance as a hostname.
- * (If this option is not chosen, krb_get_phost()
- * is called to canonicalize it.)
- *
- * KOPT_DONT_MK_REQ Don't request server ticket from Kerberos.
- * A ticket must be supplied in the "ticket"
- * argument.
- * (If this option is not chosen, and there
- * is no ticket for the given server in the
- * ticket cache, one will be fetched using
- * krb_mk_req() and returned in "ticket".)
- *
- * KOPT_DO_MUTUAL Do mutual authentication, requiring that the
- * receiving server return the checksum+1 encrypted
- * in the session key. The mutual authentication
- * is done using krb_mk_priv() on the other side
- * (see "recvauth.c") and krb_rd_priv() on this
- * side.
- *
- * The "fd" argument is a file descriptor to write to the remote
- * server on. The "ticket" argument is used to store the new ticket
- * from the krb_mk_req() call. If the KOPT_DONT_MK_REQ options is
- * chosen, the ticket must be supplied in the "ticket" argument.
- * The "service", "inst", and "realm" arguments identify the ticket.
- * If "realm" is null, the local realm is used.
- *
- * The following arguments are only needed if the KOPT_DO_MUTUAL option
- * is chosen:
- *
- * The "checksum" argument is a number that the server will add 1 to
- * to authenticate itself back to the client; the "msg_data" argument
- * holds the returned mutual-authentication message from the server
- * (i.e., the checksum+1); the "cred" structure is used to hold the
- * session key of the server, extracted from the ticket file, for use
- * in decrypting the mutual authentication message from the server;
- * and "schedule" holds the key schedule for that decryption. The
- * the local and server addresses are given in "laddr" and "faddr".
- *
- * The application protocol version number (of up to KRB_SENDAUTH_VLEN
- * characters) is passed in "version".
- *
- * If all goes well, KSUCCESS is returned, otherwise some error code.
- *
- * The format of the message sent to the server is:
- *
- * Size Variable Field
- * ---- -------- -----
- *
- * KRB_SENDAUTH_VLEN KRB_SENDAUTH_VER sendauth protocol
- * bytes version number
- *
- * KRB_SENDAUTH_VLEN version application protocol
- * bytes version number
- *
- * 4 bytes ticket->length length of ticket
- *
- * ticket->length ticket->dat ticket itself
- */
-
-/*
- * XXX: Note that krb_rd_priv() is coded in such a way that
- * "msg_data->app_data" will be pointing into "packet", which
- * will disappear when krb_sendauth() returns.
- *
- * See FIXME KLUDGE code in appl/bsd/kcmd.c.
- */
-KRB4_32 __krb_sendauth_hidden_tkt_len=0;
-#define raw_tkt_len __krb_sendauth_hidden_tkt_len
-
-
-/*
- * Read a server's sendauth response out of a file descriptor.
- * Returns a Kerberos error code.
- *
- * Note sneaky code using raw_tkt_len to stash away a bit of info
- * for use by appl/bsd/kcmd.c. Now that krb_net_rd_sendauth is
- * a separate function, kcmd should call it directly to get this
- * sneaky info.
- */
-int
-krb_net_rd_sendauth (fd, reply, raw_len)
- int fd; /* file descriptor to write onto */
- KTEXT reply; /* Where we put the reply message */
- KRB4_32 *raw_len; /* Where to read the length field info */
-{
- KRB4_32 tkt_len;
- int got;
-
- reply->length = 0; /* Nothing read from net yet */
- reply->mbz = 0;
-
- /* get the length of the reply */
- reread:
- got = krb_net_read(fd, (char *)raw_len, sizeof(KRB4_32));
- if (got != sizeof(KRB4_32))
- return KFAILURE;
-
- /* Here's an amazing hack. If we are contacting an rlogin server,
- and it is running on a Sun4, and it was compiled with the wrong
- shared libary version, it will print an ld.so warning message
- when it starts up. We just ignore any such message and keep
- going. This doesn't affect security: we just require the
- ticket to follow the warning message. */
- if (!memcmp("ld.s", raw_len, 4)) {
- char c;
-
- while (krb_net_read(fd, &c, 1) == 1 && c != '\n')
- ;
- goto reread;
- }
-
- tkt_len = ntohl(*raw_len);
-
- /* if the length is negative, the server failed to recognize us. */
- if ((tkt_len < 0) || (tkt_len > sizeof(reply->dat)))
- return KFAILURE; /* XXX */
- /* read the reply... */
- got = krb_net_read(fd, (char *)reply->dat, (int) tkt_len);
- if (got != (int) tkt_len)
- return KFAILURE;
-
- reply->length = tkt_len;
- reply->mbz = 0;
- return KSUCCESS;
-}
-
-
-/*
- * krb_sendauth
- *
- * The original routine, provided on Unix.
- * Obtains a service ticket using the ticket-granting ticket,
- * uses it to stuff an authorization request down a Unix socket to the
- * end-user application server, sucks a response out of the socket,
- * and decodes it to verify mutual authentication.
- */
-int KRB5_CALLCONV
-krb_sendauth(options, fd, ticket, service, inst, realm, checksum,
- msg_data, cred, schedule, laddr, faddr, version)
- long options; /* bit-pattern of options */
- int fd; /* file descriptor to write onto */
- KTEXT ticket; /* where to put ticket (return); or
- supplied in case of KOPT_DONT_MK_REQ */
- char *service; /* service name */
- char *inst; /* service instance */
- char *realm; /* service realm */
- unsigned KRB4_32 checksum; /* checksum to include in request */
- MSG_DAT *msg_data; /* mutual auth MSG_DAT (return) */
- CREDENTIALS *cred; /* credentials (return) */
- Key_schedule schedule; /* key schedule (return) */
- struct sockaddr_in *laddr; /* local address */
- struct sockaddr_in *faddr; /* address of foreign host on fd */
- char *version; /* version string */
-{
- int rem, cc;
- char srv_inst[INST_SZ];
- char krb_realm[REALM_SZ];
- KTEXT_ST packet[1]; /* Re-use same one for msg and reply */
-
- /* get current realm if not passed in */
- if (!realm) {
- rem = krb_get_lrealm(krb_realm,1);
- if (rem != KSUCCESS)
- return(rem);
- realm = krb_realm;
- }
-
- /* copy instance into local storage, so mk_auth can canonicalize */
- (void) strncpy(srv_inst, inst, INST_SZ-1);
- srv_inst[INST_SZ-1] = 0;
- rem = krb_mk_auth (options, ticket, service, srv_inst, realm, checksum,
- version, packet);
- if (rem != KSUCCESS)
- return rem;
-
-#ifdef ATHENA_COMPAT
- /* this is only for compatibility with old servers */
- if (options & KOPT_DO_OLDSTYLE) {
- (void) sprintf(buf,"%d ",ticket->length);
- (void) write(fd, buf, strlen(buf));
- (void) write(fd, (char *) ticket->dat, ticket->length);
- return(rem);
- }
-#endif /* ATHENA_COMPAT */
-
- /* write the request to the server */
- if ((cc = krb_net_write(fd, packet->dat, packet->length)) != packet->length)
- return(cc);
-
- /* mutual authentication, if desired */
- if (options & KOPT_DO_MUTUAL) {
- /* get credentials so we have service session
- key for decryption below */
- cc = krb_get_cred(service, srv_inst, realm, cred);
- if (cc)
- return(cc);
-
- /* Get the reply out of the socket. */
- cc = krb_net_rd_sendauth (fd, packet, &raw_tkt_len);
- if (cc != KSUCCESS)
- return cc;
-
- /* Check the reply to verify that server is really who we expect. */
- cc = krb_check_auth (packet, checksum,
- msg_data, cred->session, schedule, laddr, faddr);
- if (cc != KSUCCESS)
- return cc;
- }
- return(KSUCCESS);
-}
-
-
-#ifdef ATHENA_COMPAT
-/*
- * krb_sendsvc
- */
-
-int
-krb_sendsvc(fd, service)
- int fd;
- char *service;
-{
- /* write the service name length and then the service name to
- the fd */
- KRB4_32 serv_length;
- int cc;
-
- serv_length = htonl((unsigned long)strlen(service));
- if ((cc = krb_net_write(fd, (char *) &serv_length,
- sizeof(serv_length)))
- != sizeof(serv_length))
- return(cc);
- if ((cc = krb_net_write(fd, service, strlen(service)))
- != strlen(service))
- return(cc);
- return(KSUCCESS);
-}
-#endif /* ATHENA_COMPAT */
Deleted: branches/mskrb-integ/src/lib/krb4/setenv.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/setenv.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/setenv.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,164 +0,0 @@
-/*
- * Copyright (c) 1987 Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms are permitted
- * provided that the above copyright notice and this paragraph are
- * duplicated in all such forms and that any documentation,
- * advertising materials, and other materials related to such
- * distribution and use acknowledge that the software was developed
- * by the University of California, Berkeley. The name of the
- * University may not be used to endorse or promote products derived
- * from this software without specific prior written permission.
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#if defined(LIBC_SCCS) && !defined(lint)
-static char sccsid[] = "@(#)setenv.c 5.2 (Berkeley) 6/27/88";
-#endif /* LIBC_SCCS and not lint */
-
-#include "conf.h"
-#include <stdio.h>
-#include <string.h>
-
-/*
- * setenv --
- * Set the value of the environmental variable "name" to be
- * "value". If rewrite is set, replace any current value.
- */
-int setenv(name, value, rewrite)
- register char *name, *value;
- int rewrite;
-{
- extern char **environ;
- static int alloced; /* if allocated space before */
- register char *C;
- int l_value, offset;
- char *malloc(), *realloc(), *_findenv();
-
- if (*value == '=') /* no `=' in value */
- ++value;
- l_value = strlen(value);
- if ((C = _findenv(name, &offset))) { /* find if already exists */
- if (!rewrite)
- return(0);
- if (strlen(C) >= l_value) { /* old larger; copy over */
- while (*C++ = *value++);
- return(0);
- }
- }
- else { /* create new slot */
- register int cnt;
- register char **P;
-
- for (P = environ, cnt = 0; *P; ++P, ++cnt);
- if (alloced) { /* just increase size */
- environ = (char **)realloc((char *)environ,
- (u_int)(sizeof(char *) * (cnt + 2)));
- if (!environ)
- return(-1);
- }
- else { /* get new space */
- alloced = 1; /* copy old entries into it */
- P = (char **)malloc((u_int)(sizeof(char *) *
- (cnt + 2)));
- if (!P)
- return(-1);
- memcpy(P, environ, cnt * sizeof(char *));
- environ = P;
- }
- environ[cnt + 1] = NULL;
- offset = cnt;
- }
- for (C = name; *C && *C != '='; ++C); /* no `=' in name */
- if (!(environ[offset] = /* name + `=' + value */
- malloc((u_int)((int)(C - name) + l_value + 2))))
- return(-1);
- for (C = environ[offset]; (*C = *name++) && *C != '='; ++C);
- for (*C++ = '='; *C++ = *value++;);
- return(0);
-}
-
-/*
- * unsetenv(name) --
- * Delete environmental variable "name".
- */
-void
-unsetenv(name)
- char *name;
-{
- extern char **environ;
- register char **P;
- int offset;
- char *_findenv();
-
- while (_findenv(name, &offset)) /* if set multiple times */
- for (P = &environ[offset];; ++P)
- if (!(*P = *(P + 1)))
- break;
-}
-/*
- * Copyright (c) 1987 Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms are permitted
- * provided that the above copyright notice and this paragraph are
- * duplicated in all such forms and that any documentation,
- * advertising materials, and other materials related to such
- * distribution and use acknowledge that the software was developed
- * by the University of California, Berkeley. The name of the
- * University may not be used to endorse or promote products derived
- * from this software without specific prior written permission.
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#ifndef HAVE_GETENV
-#if defined(LIBC_SCCS) && !defined(lint)
-static char sccsid[] = "@(#)getenv.c 5.5 (Berkeley) 6/27/88";
-#endif /* LIBC_SCCS and not lint */
-
-/*
- * getenv --
- * Returns ptr to value associated with name, if any, else NULL.
- */
-char *
-getenv(name)
- char *name;
-{
- int offset;
- char *_findenv();
-
- return(_findenv(name, &offset));
-}
-#endif
-/*
- * _findenv --
- * Returns pointer to value associated with name, if any, else NULL.
- * Sets offset to be the offset of the name/value combination in the
- * environmental array, for use by setenv(3) and unsetenv(3).
- * Explicitly removes '=' in argument name.
- *
- * This routine *should* be a static; don't use it.
- */
-char *
-_findenv(name, offset)
- register char *name;
- int *offset;
-{
- extern char **environ;
- register int len;
- register char **P, *C;
-
- for (C = name, len = 0; *C && *C != '='; ++C, ++len);
- for (P = environ; *P; ++P)
- if (!strncmp(*P, name, len))
- if (*(C = *P + len) == '=') {
- *offset = P - environ;
- return(++C);
- }
- return(NULL);
-}
Deleted: branches/mskrb-integ/src/lib/krb4/stime.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/stime.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/stime.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,57 +0,0 @@
-/*
- * lib/krb4/stime.c
- *
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute of
- * Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include "krb4int.h"
-#include <stdio.h> /* for sprintf() */
-#ifndef _WIN32
-#include <time.h>
-#include <sys/time.h>
-#endif
-
-/*
- * Given a pointer to a long containing the number of seconds
- * since the beginning of time (midnight 1 Jan 1970 GMT), return
- * a string containing the local time in the form:
- *
- * "25-Jan-88 10:17:56"
- */
-
-char *krb_stime(t)
- long *t;
-{
- static char st[40];
- static time_t adjusted_time;
- struct tm *tm;
-
- adjusted_time = *t - CONVERT_TIME_EPOCH;
- tm = localtime(&adjusted_time);
- (void) snprintf(st,sizeof(st),"%2d-%s-%d %02d:%02d:%02d",tm->tm_mday,
- month_sname(tm->tm_mon + 1),1900+tm->tm_year,
- tm->tm_hour, tm->tm_min, tm->tm_sec);
- return st;
-}
-
Deleted: branches/mskrb-integ/src/lib/krb4/strcasecmp.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/strcasecmp.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/strcasecmp.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,83 +0,0 @@
-/*
- * Copyright (c) 1987 Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms are permitted
- * provided that the above copyright notice and this paragraph are
- * duplicated in all such forms and that any documentation,
- * advertising materials, and other materials related to such
- * distribution and use acknowledge that the software was developed
- * by the University of California, Berkeley. The name of the
- * University may not be used to endorse or promote products derived
- * from this software without specific prior written permission.
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-/*
- * This array is designed for mapping upper and lower case letter
- * together for a case independent comparison. The mappings are
- * based upon ascii character sequences.
- */
-static unsigned char charmap[] = {
- '\000', '\001', '\002', '\003', '\004', '\005', '\006', '\007',
- '\010', '\011', '\012', '\013', '\014', '\015', '\016', '\017',
- '\020', '\021', '\022', '\023', '\024', '\025', '\026', '\027',
- '\030', '\031', '\032', '\033', '\034', '\035', '\036', '\037',
- '\040', '\041', '\042', '\043', '\044', '\045', '\046', '\047',
- '\050', '\051', '\052', '\053', '\054', '\055', '\056', '\057',
- '\060', '\061', '\062', '\063', '\064', '\065', '\066', '\067',
- '\070', '\071', '\072', '\073', '\074', '\075', '\076', '\077',
- '\100', '\141', '\142', '\143', '\144', '\145', '\146', '\147',
- '\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157',
- '\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167',
- '\170', '\171', '\172', '\133', '\134', '\135', '\136', '\137',
- '\140', '\141', '\142', '\143', '\144', '\145', '\146', '\147',
- '\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157',
- '\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167',
- '\170', '\171', '\172', '\173', '\174', '\175', '\176', '\177',
- '\200', '\201', '\202', '\203', '\204', '\205', '\206', '\207',
- '\210', '\211', '\212', '\213', '\214', '\215', '\216', '\217',
- '\220', '\221', '\222', '\223', '\224', '\225', '\226', '\227',
- '\230', '\231', '\232', '\233', '\234', '\235', '\236', '\237',
- '\240', '\241', '\242', '\243', '\244', '\245', '\246', '\247',
- '\250', '\251', '\252', '\253', '\254', '\255', '\256', '\257',
- '\260', '\261', '\262', '\263', '\264', '\265', '\266', '\267',
- '\270', '\271', '\272', '\273', '\274', '\275', '\276', '\277',
- '\300', '\341', '\342', '\343', '\344', '\345', '\346', '\347',
- '\350', '\351', '\352', '\353', '\354', '\355', '\356', '\357',
- '\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367',
- '\370', '\371', '\372', '\333', '\334', '\335', '\336', '\337',
- '\340', '\341', '\342', '\343', '\344', '\345', '\346', '\347',
- '\350', '\351', '\352', '\353', '\354', '\355', '\356', '\357',
- '\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367',
- '\370', '\371', '\372', '\373', '\374', '\375', '\376', '\377',
-};
-
-strcasecmp(s1, s2)
- char *s1, *s2;
-{
- register unsigned char *cm = charmap,
- *us1 = (unsigned char *)s1,
- *us2 = (unsigned char *)s2;
-
- while (cm[*us1] == cm[*us2++])
- if (*us1++ == '\0')
- return(0);
- return(cm[*us1] - cm[*--us2]);
-}
-
-strncasecmp(s1, s2, n)
- char *s1, *s2;
- register int n;
-{
- register unsigned char *cm = charmap,
- *us1 = (unsigned char *)s1,
- *us2 = (unsigned char *)s2;
-
- while (--n >= 0 && cm[*us1] == cm[*us2++])
- if (*us1++ == '\0')
- return(0);
- return(n < 0 ? 0 : cm[*us1] - cm[*--us2]);
-}
Deleted: branches/mskrb-integ/src/lib/krb4/strnlen.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/strnlen.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/strnlen.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,50 +0,0 @@
-/*
- * lib/krb4/strnlen.c
- *
- * Copyright 2000, 2001 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include <stddef.h>
-#include "krb.h"
-#include "prot.h"
-
-/*
- * krb4int_strnlen()
- *
- * Return the length of the string if a NUL is found in the first n
- * bytes, otherwise, -1.
- */
-
-int KRB5_CALLCONV
-krb4int_strnlen(const char *s, int n)
-{
- int i = 0;
-
- for (i = 0; i < n; i++) {
- if (s[i] == '\0') {
- return i;
- }
- }
- return -1;
-}
Deleted: branches/mskrb-integ/src/lib/krb4/swab.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/swab.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/swab.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,18 +0,0 @@
-/* simple implementation of swab. */
-
-swab(from,to,nbytes)
- char *from;
- char *to;
- int nbytes;
-{
- char tmp;
- while ( (nbytes-=2) >= 0 ) {
- tmp = from[1];
- to[1] = from[0];
- to[0] = tmp;
- to++; to++;
- from++; from++;
- }
-}
-
-
Deleted: branches/mskrb-integ/src/lib/krb4/tf_shm.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/tf_shm.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/tf_shm.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,173 +0,0 @@
-/*
- * tf_shm.c
- *
- * Copyright 1988, 2007 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- * Shared memory segment functions for session keys. Derived from code
- * contributed by Dan Kolkowitz (kolk at jessica.stanford.edu).
- */
-
-#include "mit-copyright.h"
-
-#include <stdio.h>
-#include <sys/ipc.h>
-#include <sys/shm.h>
-#include "krb.h"
-#include "des.h"
-#include <sys/stat.h>
-#include <fcntl.h>
-
-#define MAX_BUFF sizeof(des_cblock)*1000 /* room for 1k keys */
-
-extern int krb_debug;
-
-/*
- * krb_create_shmtkt:
- *
- * create a shared memory segment for session keys, leaving its id
- * in the specified filename.
- */
-
-int
-krb_shm_create(file_name)
-char *file_name;
-{
- int retval;
- int shmid;
- struct shmid_ds shm_buf;
- FILE *sfile;
- uid_t me, metoo, getuid(), geteuid();
-
- (void) krb_shm_dest(file_name); /* nuke it if it exists...
- this cleans up to make sure we
- don't slowly lose memory. */
-
- shmid = shmget((long)IPC_PRIVATE,MAX_BUFF, IPC_CREAT);
- if (shmid == -1) {
- if (krb_debug)
- perror("krb_shm_create shmget");
- return(KFAILURE); /* XXX */
- }
- me = getuid();
- metoo = geteuid();
- /*
- * now set up the buffer so that we can modify it
- */
- shm_buf.shm_perm.uid = me;
- shm_buf.shm_perm.gid = getgid();
- shm_buf.shm_perm.mode = 0600;
- if (shmctl(shmid,IPC_SET,&shm_buf) < 0) { /*can now map it */
- if (krb_debug)
- perror("krb_shm_create shmctl");
- (void) shmctl(shmid, IPC_RMID, 0);
- return(KFAILURE); /* XXX */
- }
-#if !defined(_AIX)
- (void) shmctl(shmid, SHM_LOCK, 0); /* attempt to lock-in-core */
-#endif
- /* arrange so the file is owned by the ruid
- (swap real & effective uid if necessary). */
- if (me != metoo) {
- if (setreuid(metoo, me) < 0) {
- /* can't switch??? barf! */
- if (krb_debug)
- perror("krb_shm_create: setreuid");
- (void) shmctl(shmid, IPC_RMID, 0);
- return(KFAILURE);
- } else
- if (krb_debug)
- printf("swapped UID's %d and %d\n",metoo,me);
- }
- if ((sfile = fopen(file_name,"w")) == 0) {
- if (krb_debug)
- perror("krb_shm_create file");
- (void) shmctl(shmid, IPC_RMID, 0);
- return(KFAILURE); /* XXX */
- }
- set_cloexec_file(sfile);
- if (fchmod(fileno(sfile),0600) < 0) {
- if (krb_debug)
- perror("krb_shm_create fchmod");
- (void) shmctl(shmid, IPC_RMID, 0);
- return(KFAILURE); /* XXX */
- }
- if (me != metoo) {
- if (setreuid(me, metoo) < 0) {
- /* can't switch??? barf! */
- if (krb_debug)
- perror("krb_shm_create: setreuid2");
- (void) shmctl(shmid, IPC_RMID, 0);
- return(KFAILURE);
- } else
- if (krb_debug)
- printf("swapped UID's %d and %d\n",me,metoo);
- }
-
- (void) fprintf(sfile,"%d",shmid);
- (void) fflush(sfile);
- (void) fclose(sfile);
- return(KSUCCESS);
-}
-
-
-/*
- * krb_is_diskless:
- *
- * check / to see if file .diskless exists. If so it is diskless.
- * Do it this way now to avoid dependencies on a particular routine.
- * Choose root file system since that will be private to the client.
- */
-
-int krb_is_diskless()
-{
- struct stat buf;
- if (stat("/.diskless",&buf) < 0)
- return(0);
- else return(1);
-}
-
-/*
- * krb_shm_dest: destroy shared memory segment with session keys, and remove
- * file pointing to it.
- */
-
-int krb_shm_dest(file)
-char *file;
-{
- int shmid;
- FILE *sfile;
- struct stat st_buf;
-
- if (stat(file,&st_buf) == 0) {
- /* successful stat */
- if ((sfile = fopen(file,"r")) == 0) {
- if (krb_debug)
- perror("cannot open shared memory file");
- return(KFAILURE); /* XXX */
- }
- set_cloexec_file(sfile);
- if (fscanf(sfile,"%d",&shmid) == 1) {
- if (shmctl(shmid,IPC_RMID,0) != 0) {
- if (krb_debug)
- perror("krb_shm_dest: cannot delete shm segment");
- (void) fclose(sfile);
- return(KFAILURE); /* XXX */
- }
- } else {
- if (krb_debug)
- fprintf(stderr, "bad format in shmid file\n");
- (void) fclose(sfile);
- return(KFAILURE); /* XXX */
- }
- (void) fclose(sfile);
- (void) unlink(file);
- return(KSUCCESS);
- } else
- return(RET_TKFIL); /* XXX */
-}
-
-
-
Deleted: branches/mskrb-integ/src/lib/krb4/tf_util.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/tf_util.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/tf_util.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,1103 +0,0 @@
-/*
- * lib/krb4/tf_util.c
- *
- * Copyright 1985, 1986, 1987, 1988, 2000, 2001, 2007 by the Massachusetts
- * Institute of Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include "k5-int.h"
-#include "krb4int.h"
-
-
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include <sys/stat.h>
-#include <fcntl.h>
-
-#ifdef TKT_SHMEM
-#include <sys/param.h>
-#include <sys/ipc.h>
-#include <sys/shm.h>
-#endif /* TKT_SHMEM */
-
-
-
-#define TOO_BIG -1
-#define TF_LCK_RETRY ((unsigned)2) /* seconds to sleep before
- * retry if ticket file is
- * locked */
-extern int krb_debug;
-
-void tf_close();
-
-#ifdef TKT_SHMEM
-char *krb_shm_addr;
-static char *tmp_shm_addr;
-static const char krb_dummy_skey[8];
-
-char *shmat();
-#endif /* TKT_SHMEM */
-
-#ifdef NEED_UTIMES
-
-#include <sys/time.h>
-#ifdef __SCO__
-#include <utime.h>
-#endif
-#if defined(__svr4__) || defined(__SVR4)
-#include <utime.h>
-#endif
-int utimes(path, times)
- char* path;
- struct timeval times[2];
-{
- struct utimbuf tv;
- tv.actime = times[0].tv_sec;
- tv.modtime = times[1].tv_sec;
- return utime(path,&tv);
-}
-#endif
-
-#ifdef HAVE_SETEUID
-#define do_seteuid(e) seteuid((e))
-#else
-#ifdef HAVE_SETRESUID
-#define do_seteuid(e) setresuid(-1, (e), -1)
-#else
-#ifdef HAVE_SETREUID
-#define do_seteuid(e) setreuid(geteuid(), (e))
-#else
-#define do_seteuid(e) (errno = EPERM, -1)
-#endif
-#endif
-#endif
-
-
-#ifdef K5_LE
-/* This was taken from jhutz's patch for heimdal krb4. It only
- * applies to little endian systems. Big endian systems have a
- * less elegant solution documented below.
- *
- * This record is written after every real ticket, to ensure that
- * both 32- and 64-bit readers will perceive the next real ticket
- * as starting in the same place. This record looks like a ticket
- * with the following properties:
- * Field 32-bit 64-bit
- * ============ ================= =================
- * sname "." "."
- * sinst "" ""
- * srealm ".." ".."
- * session key 002E2E00 xxxxxxxx xxxxxxxx 00000000
- * lifetime 0 0
- * kvno 0 12
- * ticket 12 nulls 4 nulls
- * issue 0 0
- *
- * Our code always reads and writes the 32-bit format, but knows
- * to skip 00000000 at the front of a record, and to completely
- * ignore tickets for the special alignment principal.
- */
-static unsigned char align_rec[] = {
- 0x2e, 0x00, 0x00, 0x2e, 0x2e, 0x00, 0x00, 0x2e,
- 0x2e, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x00,
- 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00
-};
-
-#else /* Big Endian */
-
-/* These alignment records are for big endian systems. We need more
- * of them because the portion of the 64-bit issue_date that overlaps
- * with the start of a ticket on 32-bit systems contains an unpredictable
- * number of NULL bytes. Preceeding these records is a second copy of the
- * 32-bit issue_date. The srealm for the alignment records is always one of
- * ".." or "?.."
- */
-
-/* No NULL bytes
- * This is actually two alignment records since both 32- and 64-bit
- * readers will agree on everything in the first record up through the
- * issue_date size, except where sname starts.
- * Field (1) 32-bit 64-bit
- * ============ ================= =================
- * sname "????." "."
- * sinst "" ""
- * srealm ".." ".."
- * session key 00000000 xxxxxxxx 00000000 xxxxxxxx
- * lifetime 0 0
- * kvno 0 0
- * ticket 4 nulls 4 nulls
- * issue 0 0
- *
- * Field (2) 32-bit 64-bit
- * ============ ================= =================
- * sname "." "."
- * sinst "" ""
- * srealm ".." ".."
- * session key 002E2E00 xxxxxxxx xxxxxxxx 00000000
- * lifetime 0 0
- * kvno 0 12
- * ticket 12 nulls 4 nulls
- * issue 0 0
- *
- */
-static unsigned char align_rec_0[] = {
- 0x2e, 0x00, 0x00, 0x2e, 0x2e, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x2e, 0x00, 0x00, 0x2e, 0x2e, 0x00,
- 0x00, 0x2e, 0x2e, 0x00, 0xff, 0xff, 0xff, 0xff,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x04,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00
-};
-
-/* One NULL byte
- * Field 32-bit 64-bit
- * ============ ================= =================
- * sname "x" |"xx"|"xxx" "."
- * sinst "xx."|"x."|"." ".."
- * srealm ".." "..."
- * session key 2E2E2E00 xxxxxxxx xxxxxxxx 00000000
- * lifetime 0 0
- * kvno 0 12
- * ticket 12 nulls 4 nulls
- * issue 0 0
- */
-static unsigned char align_rec_1[] = {
- 0x2e, 0x00, 0x2e, 0x2e, 0x00, 0x2e, 0x2e, 0x2e,
- 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x0c, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00
-};
-
-/* Two NULL bytes
- * Field 32-bit 64-bit
- * ============ ================= =================
- * sname "x" |"x" |"xx" ".."
- * sinst "" |"x" |"" ""
- * srealm "x.."|".."|".." ".."
- * session key 002E2E00 xxxxxxxx xxxxxxxx 00000000
- * lifetime 0 0
- * kvno 0 12
- * ticket 12 nulls 4 nulls
- * issue 0 0
- */
- static unsigned char align_rec_2[] = {
- 0x2e, 0x2e, 0x00, 0x00, 0x2e, 0x2e, 0x00, 0xff,
- 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x00,
- 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-};
-
-/* Three NULL bytes
- * Things break here for 32-bit krb4 libraries that don't
- * understand this alignment record. We can't really do
- * anything about the fact that the three strings ended
- * in the duplicate timestamp. The good news is that this
- * only happens once every 0x1000000 seconds, once roughly
- * every six and a half months. We'll live.
- *
- * Discussion on the krbdev list has suggested the
- * issue_date be incremented by one in this case to avoid
- * the problem. I'm leaving this here just in case.
- *
- * Field 32-bit 64-bit
- * ============ ================= =================
- * sname "" "."
- * sinst "" ""
- * srealm "" ".."
- * session key 2E00002E 2E00FFFF xxxx0000 0000xxxx
- * lifetime 0 0
- * kvno 4294901760 917504
- * ticket 14 nulls 4 nulls
- * issue 0 0
- */
-/*
-static unsigned char align_rec_3[] = {
- 0x2e, 0x00, 0x00, 0x2e, 0x2e, 0x00, 0xff, 0xff,
- 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x0e, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-};
-*/
-#endif /* K5_LE*/
-
-/*
- * fd must be initialized to something that won't ever occur as a real
- * file descriptor. Since open(2) returns only non-negative numbers as
- * valid file descriptors, and tf_init always stuffs the return value
- * from open in here even if it is an error flag, we must
- * a. Initialize fd to a negative number, to indicate that it is
- * not initially valid.
- * b. When checking for a valid fd, assume that negative values
- * are invalid (ie. when deciding whether tf_init has been
- * called.)
- * c. In tf_close, be sure it gets reinitialized to a negative
- * number.
- */
-static int fd = -1;
-static int curpos; /* Position in tfbfr */
-static int lastpos; /* End of tfbfr */
-static char tfbfr[BUFSIZ]; /* Buffer for ticket data */
-
-static int tf_gets (char *, int), tf_read (char *, int);
-
-/*
- * This file contains routines for manipulating the ticket cache file.
- *
- * The ticket file is in the following format:
- *
- * principal's name (null-terminated string)
- * principal's instance (null-terminated string)
- * CREDENTIAL_1
- * CREDENTIAL_2
- * ...
- * CREDENTIAL_n
- * EOF
- *
- * Where "CREDENTIAL_x" consists of the following fixed-length
- * fields from the CREDENTIALS structure (see "krb.h"):
- *
- * string service[ANAME_SZ]
- * string instance[INST_SZ]
- * string realm[REALM_SZ]
- * C_Block session
- * int lifetime
- * int kvno
- * KTEXT_ST ticket_st
- * KRB4_32 issue_date
- *
- * Strings are stored NUL-terminated, and read back until a NUL is
- * found or the indicated number of bytes have been read. (So if you
- * try to store a string exactly that long or longer, reading them
- * back will not work.) The KTEXT_ST structure is stored as an int
- * length followed by that many data bytes. All ints are stored using
- * host size and byte order for "int".
- *
- * Short description of routines:
- *
- * tf_init() opens the ticket file and locks it.
- *
- * tf_get_pname() returns the principal's name.
- *
- * tf_get_pinst() returns the principal's instance (may be null).
- *
- * tf_get_cred() returns the next CREDENTIALS record.
- *
- * tf_save_cred() appends a new CREDENTIAL record to the ticket file.
- *
- * tf_close() closes the ticket file and releases the lock.
- *
- * tf_gets() returns the next null-terminated string. It's an internal
- * routine used by tf_get_pname(), tf_get_pinst(), and tf_get_cred().
- *
- * tf_read() reads a given number of bytes. It's an internal routine
- * used by tf_get_cred().
- */
-
-/*
- * tf_init() should be called before the other ticket file routines.
- * It takes the name of the ticket file to use, "tf_name", and a
- * read/write flag "rw" as arguments.
- *
- * It tries to open the ticket file, checks the mode, and if everything
- * is okay, locks the file. If it's opened for reading, the lock is
- * shared. If it's opened for writing, the lock is exclusive.
- *
- * Returns KSUCCESS if all went well, otherwise one of the following:
- *
- * NO_TKT_FIL - file wasn't there
- * TKT_FIL_ACC - file was in wrong mode, etc.
- * TKT_FIL_LCK - couldn't lock the file, even after a retry
- */
-
-int KRB5_CALLCONV tf_init(tf_name, rw)
- const char *tf_name;
- int rw;
-{
- int wflag;
- uid_t me, metoo;
- struct stat stat_buf, stat_buffd;
-#ifdef TKT_SHMEM
- char shmidname[MAXPATHLEN];
- FILE *sfp;
- int shmid;
-#endif
-
- if (!krb5__krb4_context) {
- if (krb5_init_context(&krb5__krb4_context))
- return TKT_FIL_LCK;
- }
-
- me = getuid();
- metoo = geteuid();
-
- switch (rw) {
- case R_TKT_FIL:
- wflag = 0;
- break;
- case W_TKT_FIL:
- wflag = 1;
- break;
- default:
- if (krb_debug) fprintf(stderr, "tf_init: illegal parameter\n");
- return TKT_FIL_ACC;
- }
-
- /* If ticket cache selector is null, use default cache. */
- if (tf_name == 0)
- tf_name = tkt_string();
-
-#ifdef TKT_SHMEM
- (void) strncpy(shmidname, tf_name, sizeof(shmidname) - 1);
- shmidname[sizeof(shmidname) - 1] = '\0';
- (void) strncat(shmidname, ".shm", sizeof(shmidname) - 1 - strlen(shmidname));
-#endif /* TKT_SHMEM */
-
- /*
- * If "wflag" is set, open the ticket file in append-writeonly mode
- * and lock the ticket file in exclusive mode. If unable to lock
- * the file, sleep and try again. If we fail again, return with the
- * proper error message.
- */
-
- curpos = sizeof(tfbfr);
-
-#ifdef TKT_SHMEM
- if (lstat(shmidname, &stat_buf) < 0) {
- switch (errno) {
- case ENOENT:
- return NO_TKT_FIL;
- default:
- return TKT_FIL_ACC;
- }
- }
- if (stat_buf.st_uid != me || !(stat_buf.st_mode & S_IFREG)
- || stat_buf.st_nlink != 1 || stat_buf.st_mode & 077) {
- return TKT_FIL_ACC;
- }
-
- /*
- * Yes, we do uid twiddling here. It's not optimal, but some
- * applications may expect that the ruid is what should really own
- * the ticket file, e.g. setuid applications.
- */
- if (me != metoo && do_seteuid(me) < 0)
- return KFAILURE;
- sfp = fopen(shmidname, "r"); /* only need read/write on the
- actual tickets */
- if (sfp != 0)
- set_cloexec_file(sfp);
- if (me != metoo && do_seteuid(metoo) < 0)
- return KFAILURE;
- if (sfp == 0) {
- switch(errno) {
- case ENOENT:
- return NO_TKT_FIL;
- default:
- return TKT_FIL_ACC;
- }
- }
-
- /*
- * fstat() the file to check that the file we opened is the one we
- * think it is.
- */
- if (fstat(fileno(sfp), &stat_buffd) < 0) {
- (void) close(fd);
- fd = -1;
- switch(errno) {
- case ENOENT:
- return NO_TKT_FIL;
- default:
- return TKT_FIL_ACC;
- }
- }
- /* Check that it's the right file */
- if ((stat_buf.st_ino != stat_buffd.st_ino) ||
- (stat_buf.st_dev != stat_buffd.st_dev)) {
- (void) close(fd);
- fd = -1;
- return TKT_FIL_ACC;
- }
- /* Check ownership */
- if ((stat_buffd.st_uid != me && me != 0) ||
- ((stat_buffd.st_mode & S_IFMT) != S_IFREG)) {
- (void) close(fd);
- fd = -1;
- return TKT_FIL_ACC;
- }
-
-
-
- shmid = -1;
- {
- char buf[BUFSIZ];
- int val; /* useful for debugging fscanf */
- /* We provide our own buffer here since some STDIO libraries
- barf on unbuffered input with fscanf() */
- setbuf(sfp, buf);
- if ((val = fscanf(sfp,"%d",&shmid)) != 1) {
- (void) fclose(sfp);
- return TKT_FIL_ACC;
- }
- if (shmid < 0) {
- (void) fclose(sfp);
- return TKT_FIL_ACC;
- }
- (void) fclose(sfp);
- }
- /*
- * global krb_shm_addr is initialized to 0. Ultrix bombs when you try and
- * attach the same segment twice so we need this check.
- */
- if (!krb_shm_addr) {
- if ((krb_shm_addr = shmat(shmid,0,0)) == -1){
- if (krb_debug)
- fprintf(stderr,
- "cannot attach shared memory for segment %d\n",
- shmid);
- krb_shm_addr = 0; /* reset so we catch further errors */
- return TKT_FIL_ACC;
- }
- }
- tmp_shm_addr = krb_shm_addr;
-#endif /* TKT_SHMEM */
-
- if (lstat(tf_name, &stat_buf) < 0) {
- switch (errno) {
- case ENOENT:
- return NO_TKT_FIL;
- default:
- return TKT_FIL_ACC;
- }
- }
- if (stat_buf.st_uid != me || !(stat_buf.st_mode & S_IFREG)
- || stat_buf.st_nlink != 1 || stat_buf.st_mode & 077) {
- return TKT_FIL_ACC;
- }
-
- if (wflag) {
- if (me != metoo && do_seteuid(me) < 0)
- return KFAILURE;
- fd = open(tf_name, O_RDWR, 0600);
- if (fd >= 0)
- set_cloexec_fd(fd);
- if (me != metoo && do_seteuid(metoo) < 0)
- return KFAILURE;
- if (fd < 0) {
- switch(errno) {
- case ENOENT:
- return NO_TKT_FIL;
- default:
- return TKT_FIL_ACC;
- }
- }
- /*
- * fstat() the file to check that the file we opened is the
- * one we think it is, and to check ownership.
- */
- if (fstat(fd, &stat_buffd) < 0) {
- (void) close(fd);
- fd = -1;
- switch(errno) {
- case ENOENT:
- return NO_TKT_FIL;
- default:
- return TKT_FIL_ACC;
- }
- }
- /* Check that it's the right file */
- if ((stat_buf.st_ino != stat_buffd.st_ino) ||
- (stat_buf.st_dev != stat_buffd.st_dev)) {
- (void) close(fd);
- fd = -1;
- return TKT_FIL_ACC;
- }
- /* Check ownership */
- if ((stat_buffd.st_uid != me && me != 0) ||
- ((stat_buffd.st_mode & S_IFMT) != S_IFREG)) {
- (void) close(fd);
- fd = -1;
- return TKT_FIL_ACC;
- }
- if (krb5_lock_file(krb5__krb4_context, fd,
- KRB5_LOCKMODE_EXCLUSIVE |
- KRB5_LOCKMODE_DONTBLOCK) < 0) {
- sleep(TF_LCK_RETRY);
- if (krb5_lock_file(krb5__krb4_context, fd,
- KRB5_LOCKMODE_EXCLUSIVE |
- KRB5_LOCKMODE_DONTBLOCK) < 0) {
- (void) close(fd);
- fd = -1;
- return TKT_FIL_LCK;
- }
- }
- return KSUCCESS;
- }
- /*
- * Otherwise "wflag" is not set and the ticket file should be opened
- * for read-only operations and locked for shared access.
- */
-
- if (me != metoo && do_seteuid(me) < 0)
- return KFAILURE;
- fd = open(tf_name, O_RDONLY, 0600);
- if (fd >= 0)
- set_cloexec_fd(fd);
- if (me != metoo && do_seteuid(metoo) < 0)
- return KFAILURE;
- if (fd < 0) {
- switch(errno) {
- case ENOENT:
- return NO_TKT_FIL;
- default:
- return TKT_FIL_ACC;
- }
- }
- /*
- * fstat() the file to check that the file we opened is the one we
- * think it is, and to check ownership.
- */
- if (fstat(fd, &stat_buffd) < 0) {
- (void) close(fd);
- fd = -1;
- switch(errno) {
- case ENOENT:
- return NO_TKT_FIL;
- default:
- return TKT_FIL_ACC;
- }
- }
- /* Check that it's the right file */
- if ((stat_buf.st_ino != stat_buffd.st_ino) ||
- (stat_buf.st_dev != stat_buffd.st_dev)) {
- (void) close(fd);
- fd = -1;
- return TKT_FIL_ACC;
- }
- /* Check ownership */
- if ((stat_buffd.st_uid != me && me != 0) ||
- ((stat_buffd.st_mode & S_IFMT) != S_IFREG)) {
- (void) close(fd);
- fd = -1;
- return TKT_FIL_ACC;
- }
- if (krb5_lock_file(krb5__krb4_context, fd,
- KRB5_LOCKMODE_SHARED |
- KRB5_LOCKMODE_DONTBLOCK) < 0) {
- sleep(TF_LCK_RETRY);
- if (krb5_lock_file(krb5__krb4_context, fd,
- KRB5_LOCKMODE_SHARED |
- KRB5_LOCKMODE_DONTBLOCK) < 0) {
- (void) close(fd);
- fd = -1;
- return TKT_FIL_LCK;
- }
- }
- return KSUCCESS;
-}
-
-/*
- * tf_get_pname() reads the principal's name from the ticket file. It
- * should only be called after tf_init() has been called. The
- * principal's name is filled into the "p" parameter. If all goes well,
- * KSUCCESS is returned. If tf_init() wasn't called, TKT_FIL_INI is
- * returned. If the name was null, or EOF was encountered, or the name
- * was longer than ANAME_SZ, TKT_FIL_FMT is returned.
- */
-
-int KRB5_CALLCONV tf_get_pname(p)
- char *p;
-{
- if (fd < 0) {
- if (krb_debug)
- fprintf(stderr, "tf_get_pname called before tf_init.\n");
- return TKT_FIL_INI;
- }
- if (tf_gets(p, ANAME_SZ) < 2) /* can't be just a null */
- return TKT_FIL_FMT;
- return KSUCCESS;
-}
-
-/*
- * tf_get_pinst() reads the principal's instance from a ticket file.
- * It should only be called after tf_init() and tf_get_pname() have been
- * called. The instance is filled into the "inst" parameter. If all
- * goes well, KSUCCESS is returned. If tf_init() wasn't called,
- * TKT_FIL_INI is returned. If EOF was encountered, or the instance
- * was longer than ANAME_SZ, TKT_FIL_FMT is returned. Note that the
- * instance may be null.
- */
-
-int KRB5_CALLCONV tf_get_pinst(inst)
- char *inst;
-{
- if (fd < 0) {
- if (krb_debug)
- fprintf(stderr, "tf_get_pinst called before tf_init.\n");
- return TKT_FIL_INI;
- }
- if (tf_gets(inst, INST_SZ) < 1)
- return TKT_FIL_FMT;
- return KSUCCESS;
-}
-
-/*
- * tf_get_cred() reads a CREDENTIALS record from a ticket file and fills
- * in the given structure "c". It should only be called after tf_init(),
- * tf_get_pname(), and tf_get_pinst() have been called. If all goes well,
- * KSUCCESS is returned. Possible error codes are:
- *
- * TKT_FIL_INI - tf_init wasn't called first
- * TKT_FIL_FMT - bad format
- * EOF - end of file encountered
- */
-
-static int real_tf_get_cred(c)
- CREDENTIALS *c;
-{
- KTEXT ticket = &c->ticket_st; /* pointer to ticket */
- int k_errno;
- unsigned char nullbuf[3]; /* used for 64-bit issue_date tf compatibility */
-
- if (fd < 0) {
- if (krb_debug)
- fprintf(stderr, "tf_get_cred called before tf_init.\n");
- return TKT_FIL_INI;
- }
- if ((k_errno = tf_gets(c->service, SNAME_SZ)) < 2) {
-
-#ifdef K5_BE
- /* If we're big endian then we can have a null service name as part of
- * an alignment record. */
- if (k_errno < 2)
- switch (k_errno) {
- case TOO_BIG:
- tf_close();
- return TKT_FIL_FMT;
- case 0:
- return EOF;
- }
-#else /* Little Endian */
- /* If we read an empty service name, it's possible that's because
- * the file was written by someone who thinks issue_date should be
- * 64 bits. If that is the case, there will be three more zeros,
- * followed by the real record.*/
-
- if (k_errno == 1 &&
- tf_read(nullbuf, 3) == 3 &&
- !nullbuf[0] && !nullbuf[1] && !nullbuf[2])
- k_errno = tf_gets(c->service, SNAME_SZ);
-
- if (k_errno < 2)
- switch (k_errno) {
- case TOO_BIG:
- case 1: /* can't be just a null */
- tf_close();
- return TKT_FIL_FMT;
- case 0:
- return EOF;
- }
-#endif/*K5_BE*/
-
- }
- if ((k_errno = tf_gets(c->instance, INST_SZ)) < 1)
- switch (k_errno) {
- case TOO_BIG:
- return TKT_FIL_FMT;
- case 0:
- return EOF;
- }
- if ((k_errno = tf_gets(c->realm, REALM_SZ)) < 2) {
- switch (k_errno) {
- case TOO_BIG:
- case 1: /* can't be just a null */
- tf_close();
- return TKT_FIL_FMT;
- case 0:
- return EOF;
- }
- }
-
- if (
- tf_read((char *) (c->session), KEY_SZ) < 1 ||
- tf_read((char *) &(c->lifetime), sizeof(c->lifetime)) < 1 ||
- tf_read((char *) &(c->kvno), sizeof(c->kvno)) < 1 ||
- tf_read((char *) &(ticket->length), sizeof(ticket->length))
- < 1 ||
- /* don't try to read a silly amount into ticket->dat */
- ticket->length > MAX_KTXT_LEN ||
- tf_read((char *) (ticket->dat), ticket->length) < 1 ||
- tf_read((char *) &(c->issue_date), sizeof(c->issue_date)) < 1
- ) {
- tf_close();
- return TKT_FIL_FMT;
- }
-
-#ifdef K5_BE
- /* If the issue_date is 0 and we're not dealing with an alignment
- record, then it's likely we've run into an issue_date written by
- a 64-bit library that is using long instead of KRB4_32. Let's get
- the next four bytes instead.
- */
- if (0 == c->issue_date) {
- int len = strlen(c->realm);
- if (!(2 == len && 0 == strcmp(c->realm, "..")) &&
- !(3 == len && 0 == strcmp(c->realm + 1, ".."))) {
- if (tf_read((char *) &(c->issue_date), sizeof(c->issue_date)) < 1) {
- tf_close();
- return TKT_FIL_FMT;
- }
- }
- }
-
-#endif
-
- return KSUCCESS;
-}
-
-int KRB5_CALLCONV tf_get_cred(c)
- CREDENTIALS *c;
-{
- int k_errno;
- int fake;
-
- do {
- fake = 0;
- k_errno = real_tf_get_cred(c);
- if (k_errno)
- return k_errno;
-
-#ifdef K5_BE
- /* Here we're checking to see if the realm is one of the
- * alignment record realms, ".." or "?..", so we can skip it.
- * If it's not, then we need to verify that the service name
- * was not null as this should be a valid ticket.
- */
- {
- int len = strlen(c->realm);
- if (2 == len && 0 == strcmp(c->realm, ".."))
- fake = 1;
- if (3 == len && 0 == strcmp(c->realm + 1, ".."))
- fake = 1;
- if (!fake && 0 == strlen(c->service)) {
- tf_close();
- return TKT_FIL_FMT;
- }
- }
-#else /* Little Endian */
- /* Here we're checking to see if the service principal is the
- * special alignment record principal ". at ..", so we can skip it.
- */
- if (strcmp(c->service, ".") == 0 &&
- strcmp(c->instance, "") == 0 &&
- strcmp(c->realm, "..") == 0)
- fake = 1;
-#endif/*K5_BE*/
- } while (fake);
-
-#ifdef TKT_SHMEM
- memcpy(c->session, tmp_shm_addr, KEY_SZ);
- tmp_shm_addr += KEY_SZ;
-#endif /* TKT_SHMEM */
- return KSUCCESS;
-}
-
-/*
- * tf_close() closes the ticket file and sets "fd" to -1. If "fd" is
- * not a valid file descriptor, it just returns. It also clears the
- * buffer used to read tickets.
- *
- * The return value is not defined.
- */
-
-void KRB5_CALLCONV tf_close()
-{
- if (!(fd < 0)) {
-#ifdef TKT_SHMEM
- if (shmdt(krb_shm_addr)) {
- /* what kind of error? */
- if (krb_debug)
- fprintf(stderr, "shmdt 0x%x: errno %d",krb_shm_addr, errno);
- } else {
- krb_shm_addr = 0;
- }
-#endif /* TKT_SHMEM */
- if (!krb5__krb4_context)
- krb5_init_context(&krb5__krb4_context);
- (void) krb5_lock_file(krb5__krb4_context, fd, KRB5_LOCKMODE_UNLOCK);
- (void) close(fd);
- fd = -1; /* see declaration of fd above */
- }
- memset(tfbfr, 0, sizeof(tfbfr));
-}
-
-/*
- * tf_gets() is an internal routine. It takes a string "s" and a count
- * "n", and reads from the file until either it has read "n" characters,
- * or until it reads a null byte. When finished, what has been read exists
- * in "s". If it encounters EOF or an error, it closes the ticket file.
- *
- * Possible return values are:
- *
- * n the number of bytes read (including null terminator)
- * when all goes well
- *
- * 0 end of file or read error
- *
- * TOO_BIG if "count" characters are read and no null is
- * encountered. This is an indication that the ticket
- * file is seriously ill.
- */
-
-static int
-tf_gets(s, n)
- register char *s;
- int n;
-{
- register int count;
-
- if (fd < 0) {
- if (krb_debug)
- fprintf(stderr, "tf_gets called before tf_init.\n");
- return TKT_FIL_INI;
- }
- for (count = n - 1; count > 0; --count) {
- if (curpos >= sizeof(tfbfr)) {
- lastpos = read(fd, tfbfr, sizeof(tfbfr));
- curpos = 0;
- }
- if (curpos == lastpos) {
- tf_close();
- return 0;
- }
- *s = tfbfr[curpos++];
- if (*s++ == '\0')
- return (n - count);
- }
- tf_close();
- return TOO_BIG;
-}
-
-/*
- * tf_read() is an internal routine. It takes a string "s" and a count
- * "n", and reads from the file until "n" bytes have been read. When
- * finished, what has been read exists in "s". If it encounters EOF or
- * an error, it closes the ticket file.
- *
- * Possible return values are:
- *
- * n the number of bytes read when all goes well
- *
- * 0 on end of file or read error
- */
-
-static int
-tf_read(s, n)
- register char *s;
- register int n;
-{
- register int count;
-
- for (count = n; count > 0; --count) {
- if (curpos >= sizeof(tfbfr)) {
- lastpos = read(fd, tfbfr, sizeof(tfbfr));
- curpos = 0;
- }
- if (curpos == lastpos) {
- tf_close();
- return 0;
- }
- *s++ = tfbfr[curpos++];
- }
- return n;
-}
-
-/*
- * tf_save_cred() appends an incoming ticket to the end of the ticket
- * file. You must call tf_init() before calling tf_save_cred().
- *
- * The "service", "instance", and "realm" arguments specify the
- * server's name; "session" contains the session key to be used with
- * the ticket; "kvno" is the server key version number in which the
- * ticket is encrypted, "ticket" contains the actual ticket, and
- * "issue_date" is the time the ticket was requested (local host's time).
- *
- * Returns KSUCCESS if all goes well, TKT_FIL_INI if tf_init() wasn't
- * called previously, and KFAILURE for anything else that went wrong.
- */
-
-int tf_save_cred(service, instance, realm, session, lifetime, kvno,
- ticket, issue_date)
- char *service; /* Service name */
- char *instance; /* Instance */
- char *realm; /* Auth domain */
- C_Block session; /* Session key */
- int lifetime; /* Lifetime */
- int kvno; /* Key version number */
- KTEXT ticket; /* The ticket itself */
- KRB4_32 issue_date; /* The issue time */
-{
-
- off_t lseek();
- unsigned int count; /* count for write */
-#ifdef TKT_SHMEM
- int *skey_check;
-#endif /* TKT_SHMEM */
-
- if (fd < 0) { /* fd is ticket file as set by tf_init */
- if (krb_debug)
- fprintf(stderr, "tf_save_cred called before tf_init.\n");
- return TKT_FIL_INI;
- }
- /* Find the end of the ticket file */
- (void) lseek(fd, (off_t)0, 2);
-#ifdef TKT_SHMEM
- /* scan to end of existing keys: pick first 'empty' slot.
- we assume that no real keys will be completely zero (it's a weak
- key under DES) */
-
- skey_check = (int *) krb_shm_addr;
-
- while (*skey_check && *(skey_check+1))
- skey_check += 2;
- tmp_shm_addr = (char *)skey_check;
-#endif /* TKT_SHMEM */
-
- /* Write the ticket and associated data */
- /* Service */
- count = strlen(service) + 1;
- if (write(fd, service, count) != count)
- goto bad;
- /* Instance */
- count = strlen(instance) + 1;
- if (write(fd, instance, count) != count)
- goto bad;
- /* Realm */
- count = strlen(realm) + 1;
- if (write(fd, realm, count) != count)
- goto bad;
- /* Session key */
-#ifdef TKT_SHMEM
- memcpy(tmp_shm_addr, session, 8);
- tmp_shm_addr+=8;
- if (write(fd,krb_dummy_skey,8) != 8)
- goto bad;
-#else /* ! TKT_SHMEM */
- if (write(fd, (char *) session, 8) != 8)
- goto bad;
-#endif /* TKT_SHMEM */
- /* Lifetime */
- if (write(fd, (char *) &lifetime, sizeof(int)) != sizeof(int))
- goto bad;
- /* Key vno */
- if (write(fd, (char *) &kvno, sizeof(int)) != sizeof(int))
- goto bad;
- /* Tkt length */
- if (write(fd, (char *) &(ticket->length), sizeof(int)) !=
- sizeof(int))
- goto bad;
- /* Ticket */
- count = ticket->length;
- if (write(fd, (char *) (ticket->dat), count) != count)
- goto bad;
- /* Issue date */
- if (write(fd, (char *) &issue_date, sizeof(KRB4_32))
- != sizeof(KRB4_32))
- goto bad;
- /* Alignment Record */
-#ifdef K5_BE
- {
- int null_bytes = 0;
- if (0 == (issue_date & 0xff000000))
- ++null_bytes;
- if (0 == (issue_date & 0x00ff0000))
- ++null_bytes;
- if (0 == (issue_date & 0x0000ff00))
- ++null_bytes;
- if (0 == (issue_date & 0x000000ff))
- ++null_bytes;
-
- switch(null_bytes) {
- case 0:
- /* Issue date */
- if (write(fd, (char *) &issue_date, sizeof(KRB4_32))
- != sizeof(KRB4_32))
- goto bad;
- if (write(fd, align_rec_0, sizeof(align_rec_0))
- != sizeof(align_rec_0))
- goto bad;
- break;
-
- case 1:
- if (write(fd, (char *) &issue_date, sizeof(KRB4_32))
- != sizeof(KRB4_32))
- goto bad;
- if (write(fd, align_rec_1, sizeof(align_rec_1))
- != sizeof(align_rec_1))
- goto bad;
- break;
-
- case 3:
- /* Three NULLS are troublesome but rare. We'll just pretend
- * they don't exist by decrementing the issue_date.
- */
- --issue_date;
- case 2:
- if (write(fd, (char *) &issue_date, sizeof(KRB4_32))
- != sizeof(KRB4_32))
- goto bad;
- if (write(fd, align_rec_2, sizeof(align_rec_2))
- != sizeof(align_rec_2))
- goto bad;
- break;
-
- default:
- goto bad;
- }
-
- }
-#else
- if (write(fd, align_rec, sizeof(align_rec)) != sizeof(align_rec))
- goto bad;
-#endif
-
- /* Actually, we should check each write for success */
- return (KSUCCESS);
-bad:
- return (KFAILURE);
-}
Deleted: branches/mskrb-integ/src/lib/krb4/tkt_string.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/tkt_string.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/tkt_string.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,101 +0,0 @@
-/*
- * tkt_string.c
- *
- * Copyright 1985, 1986, 1987, 1988, 2002 by the Massachusetts
- * Institute of Technology. All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "krb.h"
-#include <stdio.h>
-#include <string.h>
-#include <sys/types.h>
-#include "autoconf.h"
-#include "port-sockets.h" /* XXX this gets us MAXPATHLEN but we should find
- a better way */
-
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>
-#else
-char *getenv();
-#endif
-
-
-#ifdef _WIN32
-typedef unsigned long uid_t;
-uid_t getuid(void) { return 0; }
-#endif /* _WIN32 */
-
-/*
- * This routine is used to generate the name of the file that holds
- * the user's cache of server tickets and associated session keys.
- *
- * If it is set, krb_ticket_string contains the ticket file name.
- * Otherwise, the filename is constructed as follows:
- *
- * If it is set, the environment variable "KRBTKFILE" will be used as
- * the ticket file name. Otherwise TKT_ROOT (defined in "krb.h") and
- * the user's uid are concatenated to produce the ticket file name
- * (e.g., "/tmp/tkt123"). A pointer to the string containing the ticket
- * file name is returned.
- */
-
-static char krb_ticket_string[MAXPATHLEN];
-
-const char *tkt_string()
-{
- char *env;
- uid_t getuid();
-
- if (!*krb_ticket_string) {
- env = getenv("KRBTKFILE");
- if (env) {
- (void) strncpy(krb_ticket_string, env,
- sizeof(krb_ticket_string)-1);
- krb_ticket_string[sizeof(krb_ticket_string)-1] = '\0';
- } else {
- /* 32 bits of signed integer will always fit in 11 characters
- (including the sign), so no need to worry about overflow */
- (void) snprintf(krb_ticket_string, sizeof(krb_ticket_string),
- "%s%d",TKT_ROOT,(int) getuid());
- }
- }
- return krb_ticket_string;
-}
-
-/*
- * This routine is used to set the name of the file that holds the user's
- * cache of server tickets and associated session keys.
- *
- * The value passed in is copied into local storage.
- *
- * NOTE: This routine should be called during initialization, before other
- * Kerberos routines are called; otherwise tkt_string() above may be called
- * and return an undesired ticket file name until this routine is called.
- */
-
-void KRB5_CALLCONV
-krb_set_tkt_string(val)
- const char *val;
-{
- (void) strncpy(krb_ticket_string, val, sizeof(krb_ticket_string)-1);
- krb_ticket_string[sizeof(krb_ticket_string)-1] = '\0';
-}
Deleted: branches/mskrb-integ/src/lib/krb4/unix_glue.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/unix_glue.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/unix_glue.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,40 +0,0 @@
-/*
- * unix_glue.c
- *
- * Glue code for pasting Kerberos into the Unix environment.
- *
- * Originally written by John Gilmore, Cygnus Support, May '94.
- * Public Domain.
- */
-
-#include "krb.h"
-#include <sys/time.h>
-#include "krb4int.h"
-
-/* Start and end Kerberos library access. On Unix, this is a No-op. */
-int
-krb_start_session (x)
- char *x;
-{
- return KSUCCESS;
-}
-
-int
-krb_end_session (x)
- char *x;
-{
- return KSUCCESS;
-}
-
-char *
-krb_get_default_user ()
-{
- return 0; /* FIXME */
-}
-
-int
-krb_set_default_user (x)
- char *x;
-{
- return KFAILURE; /* FIXME */
-}
Deleted: branches/mskrb-integ/src/lib/krb4/unix_time.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/unix_time.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/unix_time.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,26 +0,0 @@
-/*
- * unix_time.c
- *
- * Glue code for pasting Kerberos into the Unix environment.
- *
- * Originally written by John Gilmore, Cygnus Support, May '94.
- * Public Domain.
- */
-
-#include "krb.h"
-#include <sys/time.h>
-
-/* Time handling. Translate Unix time calls into Kerberos cnternal
- procedure calls. See ../../include/cc-unix.h. */
-
-unsigned KRB4_32 KRB5_CALLCONV
-unix_time_gmt_unixsec (usecptr)
- unsigned KRB4_32 *usecptr;
-{
- struct timeval now;
-
- (void) gettimeofday (&now, (struct timezone *)0);
- if (usecptr)
- *usecptr = now.tv_usec;
- return now.tv_sec;
-}
Deleted: branches/mskrb-integ/src/lib/krb4/vmslink.com
===================================================================
(Binary files differ)
Deleted: branches/mskrb-integ/src/lib/krb4/vmsswab.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/vmsswab.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/vmsswab.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,34 +0,0 @@
-/* Copyright 1994 Cygnus Support */
-/* Mark W. Eichin */
-/*
- * Permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation.
- * Cygnus Support makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-/* VMS doesn't have swab, but everything else does */
-/* so make this available anyway ... someday it might go
- into the VMS makefile fragment, but for now it is only
- referenced by l.com. */
-
-swab(from,to,nbytes)
- char *from;
- char *to;
- int nbytes;
-{
- char tmp;
-
- while ( (nbytes-=2) >= 0 ) {
- tmp = from[1];
- to[1] = from[0];
- to[0] = tmp;
- to++; to++;
- from++; from++;
- }
-}
-
Deleted: branches/mskrb-integ/src/lib/krb4/win_glue.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/win_glue.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/win_glue.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,51 +0,0 @@
-/*
- * win-glue.c
- *
- * Glue code for pasting Kerberos into the Windows environment.
- *
- * Originally written by John Gilmore, Cygnus Support, May '94.
- * Public Domain.
- */
-
-#include "krb.h"
-
-#include <sys/types.h>
-#include <stdio.h>
-#include <windows.h>
-
-
-/*
- * We needed a way to print out what might be FAR pointers on Windows,
- * but might be ordinary pointers on real machines. Printf modifiers
- * scattered through the code don't cut it,
- * since they might break on real machines. Microloss
- * didn't provide a function to print a char *, so we wrote one.
- * It gets #define'd to fputs on real machines.
- */
-int
-far_fputs(string, stream)
- char *string;
- FILE *stream;
-{
- return fprintf(stream, "%Fs", string);
-}
-
-int
-krb_start_session(x)
- char *x;
-{
- return KSUCCESS;
-}
-
-int
-krb_end_session(x)
- char *x;
-{
- return KSUCCESS;
-}
-
-void KRB5_CALLCONV
-krb_set_tkt_string(val)
-char *val;
-{
-}
Deleted: branches/mskrb-integ/src/lib/krb4/win_store.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/win_store.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/win_store.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,154 +0,0 @@
-/*
- * win_store.c
- *
- * Kerberos configuration storage management routines.
- *
- * Originally coded by John Rivlin / Fusion Software, Inc.
- *
- * This file incorporates replacements for the following Unix files:
- * g_cnffil.c
- */
-
-#include "krb.h"
-#include "k5-int.h"
-#include <stdio.h>
-#include <assert.h>
-
-krb5_context krb5__krb4_context = 0;
-
-char *
-krb__get_srvtabname(default_srvtabname)
- const char *default_srvtabname;
-{
- const char* names[3];
- char **full_name = 0, **cpp;
- krb5_error_code retval;
- char *retname;
-
- if (!krb5__krb4_context) {
- retval = krb5_init_context(&krb5__krb4_context);
- if (!retval)
- return NULL;
- }
- names[0] = "libdefaults";
- names[1] = "krb4_srvtab";
- names[2] = 0;
- retval = profile_get_values(krb5__krb4_context->profile, names,
- &full_name);
- if (retval == 0 && full_name && full_name[0]) {
- retname = strdup(full_name[0]);
- for (cpp = full_name; *cpp; cpp++)
- krb5_xfree(*cpp);
- krb5_xfree(full_name);
- } else {
- retname = strdup(default_srvtabname);
- }
- return retname;
-}
-
-/*
- * Returns an open file handle to the configuration file. This
- * file was called "krb.conf" on Unix. Here we search for the entry
- * "krb.conf=" in the "[FILES]" section of the "kerberos.ini" file
- * located in the Windows directory. If the entry doesn't exist in
- * the kerberos.ini file, then "krb.con" in the Windows directory is
- * used in its place.
- */
-FILE*
-krb__get_cnffile()
-{
- FILE *cnffile = 0;
- char cnfname[FILENAME_MAX];
- char defname[FILENAME_MAX];
- UINT rc;
-
- defname[sizeof(defname) - 1] = '\0';
- rc = GetWindowsDirectory(defname, sizeof(defname) - 1);
- assert(rc > 0);
-
- strncat(defname, "\\", sizeof(defname) - 1 - strlen(defname));
-
- strncat(defname, DEF_KRB_CONF, sizeof(defname) - 1 - strlen(defname));
-
- cnfname[sizeof(cnfname) - 1] = '\0';
- GetPrivateProfileString(INI_FILES, INI_KRB_CONF, defname,
- cnfname, sizeof(cnfname) - 1, KERBEROS_INI);
-
- cnffile = fopen(cnfname, "r");
- if (cnffile)
- set_cloexec_file(cnffile);
-
- return cnffile;
-}
-
-
-/*
- * Returns an open file handle to the realms file. This
- * file was called "krb.realms" on Unix. Here we search for the entry
- * "krb.realms=" in the "[FILES]" section of the "kerberos.ini" file
- * located in the Windows directory. If the entry doesn't exist in
- * the kerberos.ini file, then "krb.rea" in the Windows directory is
- * used in its place.
- */
-FILE*
-krb__get_realmsfile()
-{
- FILE *realmsfile = 0;
- char realmsname[FILENAME_MAX];
- char defname[FILENAME_MAX];
- UINT rc;
-
- defname[sizeof(defname) - 1] = '\0';
- rc = GetWindowsDirectory(defname, sizeof(defname) - 1);
- assert(rc > 0);
-
- strncat(defname, "\\", sizeof(defname) - 1 - strlen(defname));
-
- strncat(defname, DEF_KRB_REALMS, sizeof(defname) - 1 - strlen(defname));
-
- defname[sizeof(defname) - 1] = '\0';
- GetPrivateProfileString(INI_FILES, INI_KRB_REALMS, defname,
- realmsname, sizeof(realmsname) - 1, KERBEROS_INI);
-
- realmsfile = fopen(realmsname, "r");
- if (realmsfile)
- set_cloexec_file(realmsfile);
-
- return realmsfile;
-}
-
-
-/*
- * Returns the current default user. This information is stored in
- * the [DEFAULTS] section of the "kerberos.ini" file located in the
- * Windows directory.
- */
-char * KRB5_CALLCONV
-krb_get_default_user()
-{
- static char username[ANAME_SZ];
-
- GetPrivateProfileString(INI_DEFAULTS, INI_USER, "",
- username, sizeof(username), KERBEROS_INI);
-
- return username;
-}
-
-
-/*
- * Sets the default user name stored in the "kerberos.ini" file.
- */
-int KRB5_CALLCONV
-krb_set_default_user(username)
- char *username;
-{
- BOOL rc;
-
- rc = WritePrivateProfileString(INI_DEFAULTS, INI_USER,
- username, KERBEROS_INI);
-
- if (rc)
- return KSUCCESS;
- else
- return KFAILURE;
-}
Deleted: branches/mskrb-integ/src/lib/krb4/win_time.c
===================================================================
--- branches/mskrb-integ/src/lib/krb4/win_time.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb4/win_time.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,121 +0,0 @@
-/*
- * win_time.c
- *
- * Glue code for pasting Kerberos into the Windows environment.
- *
- * Originally written by John Gilmore, Cygnus Support, May '94.
- * Public Domain.
- */
-
-#include "krb.h"
-
-#include <sys/types.h>
-#include <time.h>
-#include <sys/timeb.h>
-#include <stdio.h>
-#include <windows.h>
-#include <dos.h>
-
-#ifdef _WIN32
-
-unsigned KRB4_32
-win_time_gmt_unixsec (usecptr)
- unsigned KRB4_32 *usecptr;
-{
- struct _timeb timeptr;
-
- _ftime(&timeptr); /* Get the current time */
-
- if (usecptr)
- *usecptr = timeptr.millitm * 1000;
-
- return timeptr.time + CONVERT_TIME_EPOCH;
-}
-
-#else
-
-/*
- * Time handling. Translate Unix time calls into Kerberos internal
- * procedure calls. See ../../include/c-win.h.
- *
- * Due to the fact that DOS time can be unreliable we have reverted
- * to using the AT hardware clock and converting it to Unix time.
- */
-
-unsigned KRB4_32
-win_time_gmt_unixsec (usecptr)
- unsigned KRB4_32 *usecptr;
-{
- struct tm tm;
- union _REGS inregs;
- union _REGS outregs;
- struct _timeb now;
- time_t time;
-
- _ftime(&now);
-
- #if 0
- if (usecptr)
- *usecptr = now.millitm * 1000;
- #endif
-
- /* Get time from AT hardware clock INT 0x1A, AH=2 */
- memset(&inregs, 0, sizeof(inregs));
- inregs.h.ah = 2;
-
- _int86(0x1a, &inregs, &outregs);
-
- /* 0x13 = decimal 13, hence the decoding below */
- tm.tm_sec = 10 * ((outregs.h.dh & 0xF0) >> 4) + (outregs.h.dh & 0x0F);
- tm.tm_min = 10 * ((outregs.h.cl & 0xF0) >> 4) + (outregs.h.cl & 0x0F);
- tm.tm_hour = 10 * ((outregs.h.ch & 0xF0) >> 4) + (outregs.h.ch & 0x0F);
-
- /* Get date from AT hardware clock INT 0x1A, AH=4 */
- memset(&inregs, 0, sizeof(inregs));
- inregs.h.ah = 4;
-
- _int86(0x1a, &inregs, &outregs);
-
- tm.tm_mday = 10 * ((outregs.h.dl & 0xF0) >> 4) + (outregs.h.dl & 0x0F);
- tm.tm_mon = 10 * ((outregs.h.dh & 0xF0) >> 4) + (outregs.h.dh & 0x0F) - 1;
- tm.tm_year = 10 * ((outregs.h.cl & 0xF0) >> 4) + (outregs.h.cl & 0x0F);
- tm.tm_year += 100 * ((10 * (outregs.h.ch & 0xF0) >> 4)
- + (outregs.h.ch & 0x0F) - 19);
-
- tm.tm_wday = 0;
- tm.tm_yday = 0;
- tm.tm_isdst = now.dstflag;
-
- time = mktime(&tm);
-
- if (usecptr)
- *usecptr = 0;
-
- return time + CONVERT_TIME_EPOCH;
-}
-
-#endif
-
-/*
- * This routine figures out the current time epoch and returns the
- * conversion factor. It exists because
- * Microloss screwed the pooch on the time() and _ftime() calls in
- * its release 7.0 libraries. They changed the epoch to Dec 31, 1899!
- * Idiots... We try to cope.
- */
-
-static struct tm jan_1_70 = {0, 0, 0, 1, 0, 70};
-static long epoch = 0;
-static int epoch_set = 0;
-
-long
-win_time_get_epoch()
-{
-
- if (!epoch_set) {
- epoch = - mktime (&jan_1_70); /* Seconds til 1970 localtime */
- epoch += timezone; /* Seconds til 1970 GMT */
- epoch_set = 1;
- }
- return epoch;
-}
Modified: branches/mskrb-integ/src/lib/krb5/ccache/ccdefault.c
===================================================================
--- branches/mskrb-integ/src/lib/krb5/ccache/ccdefault.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb5/ccache/ccdefault.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -112,7 +112,8 @@
if (!err) {
krb5_cc_set_default_name (context, name);
}
-
+
+ kim_identity_free (&identity);
kim_string_free (&name);
kim_ccache_free (&kimccache);
}
Modified: branches/mskrb-integ/src/lib/krb5/krb/Makefile.in
===================================================================
--- branches/mskrb-integ/src/lib/krb5/krb/Makefile.in 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb5/krb/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678)
@@ -297,7 +297,7 @@
COMERRLIB=$(TOPLIBD)/libcom_err.a
T_WALK_RTREE_OBJS= t_walk_rtree.o walk_rtree.o tgtname.o unparse.o \
- free_rtree.o bld_pr_ext.o
+ free_rtree.o bld_pr_ext.o copy_data.o
T_KERB_OBJS= t_kerb.o conv_princ.o unparse.o set_realm.o str_conv.o
@@ -354,8 +354,8 @@
$(RUN_SETUP) $(VALGRIND) ./t_ser
$(RUN_SETUP) $(VALGRIND) ./t_deltat
$(RUN_SETUP) $(VALGRIND) sh $(srcdir)/transit-tests
- : known to fail "http://krbdev.mit.edu/rt/Ticket/Display.html?id=5947"
- -$(RUN_SETUP) $(VALGRIND) sh $(srcdir)/walktree-tests
+ KRB5_CONFIG=$(srcdir)/t_krb5.conf ; export KRB5_CONFIG ;\
+ $(RUN_SETUP) $(VALGRIND) sh $(srcdir)/walktree-tests
clean::
$(RM) $(OUTPRE)t_walk_rtree$(EXEEXT) $(OUTPRE)t_walk_rtree.$(OBJEXT) \
Modified: branches/mskrb-integ/src/lib/krb5/krb/chk_trans.c
===================================================================
--- branches/mskrb-integ/src/lib/krb5/krb/chk_trans.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb5/krb/chk_trans.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -137,7 +137,7 @@
}
static krb5_error_code
-maybe_join (krb5_data *last, krb5_data *buf, size_t bufsiz)
+maybe_join (krb5_data *last, krb5_data *buf, unsigned int bufsiz)
{
if (buf->length == 0)
return 0;
Modified: branches/mskrb-integ/src/lib/krb5/krb/t_kerb.c
===================================================================
--- branches/mskrb-integ/src/lib/krb5/krb/t_kerb.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb5/krb/t_kerb.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -5,9 +5,6 @@
#include "krb5.h"
#include "autoconf.h"
-#ifdef KRB5_KRB4_COMPAT
-#include "kerberosIV/krb.h"
-#endif
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
@@ -68,11 +65,9 @@
{
krb5_principal princ = 0;
krb5_error_code retval;
-#ifndef KRB5_KRB4_COMPAT
#define ANAME_SZ 40
#define INST_SZ 40
#define REALM_SZ 40
-#endif
char aname[ANAME_SZ+1], inst[INST_SZ+1], realm[REALM_SZ+1];
aname[ANAME_SZ] = inst[INST_SZ] = realm[REALM_SZ] = 0;
Modified: branches/mskrb-integ/src/lib/krb5/krb/walk_rtree.c
===================================================================
--- branches/mskrb-integ/src/lib/krb5/krb/walk_rtree.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb5/krb/walk_rtree.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,14 +1,14 @@
/*
* lib/krb5/krb/walk_rtree.c
*
- * Copyright 1990,1991,2008 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991,2008,2009 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
- *
+ *
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
@@ -22,11 +22,104 @@
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
- *
*
* krb5_walk_realm_tree()
+ *
+ * internal function, used by krb5_get_cred_from_kdc()
*/
+#include "k5-int.h"
+#include "int-proto.h"
+
+/*
+ * Structure to help with finding the common suffix between client and
+ * server realm during hierarchical traversal.
+ */
+struct hstate {
+ char *str;
+ size_t len;
+ char *tail;
+ char *dot;
+};
+
+static krb5_error_code
+rtree_capath_tree(
+ krb5_context context,
+ const krb5_data *client,
+ const krb5_data *server,
+ char **vals,
+ krb5_principal **tree);
+
+static krb5_error_code
+rtree_capath_vals(
+ krb5_context context,
+ const krb5_data *client,
+ const krb5_data *server,
+ char ***vals);
+
+static krb5_error_code
+rtree_hier_tree(
+ krb5_context context,
+ const krb5_data *client,
+ const krb5_data *server,
+ krb5_principal **rettree,
+ int sep);
+
+static krb5_error_code
+rtree_hier_realms(
+ krb5_context context,
+ const krb5_data *client,
+ const krb5_data *server,
+ krb5_data **realms,
+ size_t *nrealms,
+ int sep);
+
+static krb5_error_code
+rtree_hier_tweens(
+ krb5_context context,
+ struct hstate *realm,
+ krb5_data **tweens,
+ size_t *ntweens,
+ int dotail,
+ int sep);
+
+static void
+adjtail(struct hstate *c, struct hstate *s, int sep);
+
+static void
+comtail(struct hstate *c, struct hstate *s, int sep);
+
+krb5_error_code
+krb5_walk_realm_tree(
+ krb5_context context,
+ const krb5_data *client,
+ const krb5_data *server,
+ krb5_principal **tree,
+ int realm_sep)
+{
+ krb5_error_code retval = 0;
+ char **capvals;
+
+ if (client->data == NULL || server->data == NULL)
+ return KRB5_NO_TKT_IN_RLM;
+
+ if (client->length == server->length &&
+ memcmp(client->data, server->data, server->length) == 0) {
+ return KRB5_NO_TKT_IN_RLM;
+ }
+ retval = rtree_capath_vals(context, client, server, &capvals);
+ if (retval)
+ return retval;
+
+ if (capvals != NULL) {
+ retval = rtree_capath_tree(context, client, server, capvals, tree);
+ return retval;
+ }
+
+ retval = rtree_hier_tree(context, client, server, tree, realm_sep);
+ return retval;
+}
+
/* ANL - Modified to allow Configurable Authentication Paths.
* This modification removes the restriction on the choice of realm
* names, i.e. they nolonger have to be hierarchical. This
@@ -52,8 +145,8 @@
* NERSC.GOV = ES.NET
* PNL.GOV = ES.NET
* ES.NET = .
- * HAL.COM = K5.MOON
- * HAL.COM = K5.JUPITER
+ * HAL.COM = K5.MOON
+ * HAL.COM = K5.JUPITER
* }
* NERSC.GOV = {
* ANL.GOV = ES.NET
@@ -62,7 +155,7 @@
* ANL.GOV = ES.NET
* }
* ES.NET = {
- * ANL.GOV = .
+ * ANL.GOV = .
* }
* HAL.COM = {
* ANL.GOV = K5.JUPITER
@@ -82,326 +175,384 @@
* will work together.
* DEE - 5/23/95
*/
-#include "k5-int.h"
-#include "int-proto.h"
-/* internal function, used by krb5_get_cred_from_kdc() */
+/*
+ * Build a tree given a set of profile values retrieved by
+ * walk_rtree_capath_vals().
+ */
+static krb5_error_code
+rtree_capath_tree(
+ krb5_context context,
+ const krb5_data *client,
+ const krb5_data *server,
+ char **vals,
+ krb5_principal **rettree)
+{
+ krb5_error_code retval = 0;
+ unsigned int nvals, nlinks, nprincs, i;
+ krb5_data srcrealm, dstrealm;
+ krb5_principal *tree, *pprinc;
-#ifndef min
-#define min(x,y) ((x) < (y) ? (x) : (y))
-#define max(x,y) ((x) > (y) ? (x) : (y))
-#endif
+ *rettree = NULL;
+ tree = pprinc = NULL;
+ for (nvals = 0; vals[nvals] != NULL; nvals++)
+ ;
+ if (vals[0] != NULL && *vals[0] == '.') {
+ nlinks = 0;
+ } else {
+ nlinks = nvals;
+ }
+ nprincs = nlinks + 2;
+ tree = calloc(nprincs + 1, sizeof(krb5_principal));
+ if (tree == NULL) {
+ retval = ENOMEM;
+ goto error;
+ }
+ for (i = 0; i < nprincs + 1; i++)
+ tree[i] = NULL;
+ /* Invariant: PPRINC points one past end of list. */
+ pprinc = &tree[0];
+ /* Local TGS name */
+ retval = krb5_tgtname(context, client, client, pprinc++);
+ if (retval) goto error;
+ srcrealm = *client;
+ for (i = 0; i < nlinks; i++) {
+ dstrealm.data = vals[i];
+ dstrealm.length = strcspn(vals[i], "\t ");
+ retval = krb5_tgtname(context, &dstrealm, &srcrealm, pprinc++);
+ if (retval) goto error;
+ srcrealm = dstrealm;
+ }
+ retval = krb5_tgtname(context, server, &srcrealm, pprinc++);
+ if (retval) goto error;
+ *rettree = tree;
+error:
+ profile_free_list(vals);
+ if (retval) {
+ while (pprinc != NULL && pprinc > &tree[0]) {
+ /* krb5_free_principal() correctly handles null input */
+ krb5_free_principal(context, *--pprinc);
+ *pprinc = NULL;
+ }
+ free(tree);
+ }
+ return retval;
+}
+
/*
- * xxx The following function is very confusing to read and probably
- * is buggy. It should be documented better. Here is what I've
- * learned about it doing a quick bug fixing walk through. The
- * function takes a client and server realm name and returns the set
- * of realms (in a field called tree) that you need to get tickets in
- * in order to get from the source realm to the destination realm. It
- * takes a realm separater character (normally ., but presumably there
- * for all those X.500 realms) . There are two modes it runs in: the
- * ANL krb5.conf mode and the hierarchy mode. The ANL mode is
- * fairly obvious. The hierarchy mode looks for common components in
- * both the client and server realms. In general, the pointer scp and
- * ccp are used to walk through the client and server realms. The
- * com_sdot and com_cdot pointers point to (I think) the beginning of
- * the common part of the realm names. I.E. strcmp(com_cdot,
- * com_sdot) ==0 is roughly an invarient. However, there are cases
- * where com_sdot and com_cdot are set to point before the start of
- * the client or server strings. I think this only happens when there
- * are no common components. --hartmans 2002/03/14
+ * Get realm list from "capaths" section of the profile. Deliberately
+ * returns success but leaves VALS null if profile_get_values() fails
+ * by not finding anything.
*/
-
-krb5_error_code
-krb5_walk_realm_tree(krb5_context context, const krb5_data *client, const krb5_data *server, krb5_principal **tree, int realm_branch_char)
+static krb5_error_code
+rtree_capath_vals(
+ krb5_context context,
+ const krb5_data *client,
+ const krb5_data *server,
+ char ***vals)
{
- krb5_error_code retval;
- krb5_principal *rettree;
- register char *ccp, *scp;
- register char *prevccp = 0, *prevscp = 0;
- char *com_sdot = 0, *com_cdot = 0;
- register int i, links = 0;
- int clen, slen = -1;
- krb5_data tmpcrealm, tmpsrealm;
- int nocommon = 1;
+ krb5_error_code retval = 0;
+ /* null-terminated realm names */
+ char *clientz = NULL, *serverz = NULL;
+ const char *key[4];
- const char *cap_names[4];
- char *cap_client, *cap_server;
- char **cap_nodes;
- krb5_error_code cap_code;
+ *vals = NULL;
-#ifdef DEBUG_REFERRALS
- printf("krb5_walk_realm_tree starting\n");
- printf(" client is %s\n",client->data);
- printf(" server is %s\n",server->data);
-#endif
+ clientz = calloc(client->length + 1, 1);
+ if (clientz == NULL) {
+ retval = ENOMEM;
+ goto error;
+ }
+ memcpy(clientz, client->data, client->length);
- if (!(client->data &&server->data))
- return KRB5_NO_TKT_IN_RLM;
- if ((cap_client = (char *)malloc(client->length + 1)) == NULL)
- return ENOMEM;
- strncpy(cap_client, client->data, client->length);
- cap_client[client->length] = '\0';
- if ((cap_server = (char *)malloc(server->length + 1)) == NULL) {
- krb5_xfree(cap_client);
- return ENOMEM;
+ serverz = calloc(server->length + 1, 1);
+ if (clientz == NULL) {
+ retval = ENOMEM;
+ goto error;
}
- strncpy(cap_server, server->data, server->length);
- cap_server[server->length] = '\0';
- cap_names[0] = "capaths";
- cap_names[1] = cap_client;
- cap_names[2] = cap_server;
- cap_names[3] = 0;
- cap_code = profile_get_values(context->profile, cap_names, &cap_nodes);
- krb5_xfree(cap_client); /* done with client string */
- cap_names[1] = 0;
- if (cap_code == 0) { /* found a path, so lets use it */
- links = 0;
- if (*cap_nodes[0] != '.') { /* a link of . means direct */
- while(cap_nodes[links]) {
- links++;
- }
- }
- if (cap_nodes[links] != NULL)
- krb5_xfree(cap_nodes[links]);
+ memcpy(serverz, server->data, server->length);
- cap_nodes[links] = cap_server; /* put server on end of list */
- /* this simplifies the code later and make */
- /* cleanup eaiser as well */
- links++; /* count the null entry at end */
- } else { /* no path use hierarchical method */
- krb5_xfree(cap_server); /* failed, don't need server string */
- cap_names[2] = 0;
+ key[0] = "capaths";
+ key[1] = clientz;
+ key[2] = serverz;
+ key[3] = NULL;
+ retval = profile_get_values(context->profile, key, vals);
+ switch (retval) {
+ case PROF_NO_SECTION:
+ case PROF_NO_RELATION:
+ /*
+ * Not found; don't return an error.
+ */
+ retval = 0;
+ break;
+ default:
+ break;
+ }
+error:
+ free(clientz);
+ free(serverz);
+ return retval;
+}
- clen = client->length;
- slen = server->length;
+/*
+ * Build tree by hierarchical traversal.
+ */
+static krb5_error_code
+rtree_hier_tree(
+ krb5_context context,
+ const krb5_data *client,
+ const krb5_data *server,
+ krb5_principal **rettree,
+ int sep)
+{
+ krb5_error_code retval;
+ krb5_data *realms;
+ const krb5_data *dstrealm, *srcrealm;
+ krb5_principal *tree, *pprinc;
+ size_t nrealms, nprincs, i;
- for (com_cdot = ccp = client->data + clen - 1,
- com_sdot = scp = server->data + slen - 1;
- clen && slen && *ccp == *scp ;
- ccp--, scp--, clen--, slen--) {
- if (*ccp == realm_branch_char) {
- com_cdot = ccp;
- com_sdot = scp;
- nocommon = 0;
- }
- }
+ *rettree = NULL;
+ retval = rtree_hier_realms(context, client, server,
+ &realms, &nrealms, sep);
+ if (retval)
+ return retval;
+ nprincs = nrealms;
+ pprinc = tree = calloc(nprincs + 1, sizeof(krb5_principal));
+ if (tree == NULL) {
+ retval = ENOMEM;
+ goto error;
+ }
+ for (i = 0; i < nrealms; i++)
+ tree[i] = NULL;
+ srcrealm = client;
+ for (i = 0; i < nrealms; i++) {
+ dstrealm = &realms[i];
+ retval = krb5_tgtname(context, dstrealm, srcrealm, pprinc++);
+ if (retval) goto error;
+ srcrealm = dstrealm;
+ }
+ *rettree = tree;
+ return 0;
+error:
+ while (pprinc != NULL && pprinc > tree) {
+ krb5_free_principal(context, *--pprinc);
+ *pprinc = NULL;
+ }
+ free(tree);
+ return retval;
+}
- /* ccp, scp point to common root.
- com_cdot, com_sdot point to common components. */
- /* handle case of one ran out */
- if (!clen) {
- /* construct path from client to server, down the tree */
- if (!slen)
- /* in the same realm--this means there is no ticket
- in this realm. */
- return KRB5_NO_TKT_IN_RLM;
- if (*scp == realm_branch_char) {
- /* one is a subdomain of the other */
- com_cdot = client->data;
- com_sdot = scp;
- nocommon = 0;
- } /* else normal case of two sharing parents */
- }
- if (!slen) {
- /* construct path from client to server, up the tree */
- if (*ccp == realm_branch_char) {
- /* one is a subdomain of the other */
- com_sdot = server->data;
- com_cdot = ccp;
- nocommon = 0;
- } /* else normal case of two sharing parents */
- }
- /* determine #links to/from common ancestor */
- if (nocommon)
- links = 1;
- else
- links = 2;
- /* if no common ancestor, artificially set up common root at the last
- component, then join with special code */
- for (ccp = client->data; ccp < com_cdot; ccp++) {
- if (*ccp == realm_branch_char) {
- links++;
- if (nocommon)
- prevccp = ccp;
- }
- }
+/*
+ * Construct list of realms between client and server.
+ */
+static krb5_error_code
+rtree_hier_realms(
+ krb5_context context,
+ const krb5_data *client,
+ const krb5_data *server,
+ krb5_data **realms,
+ size_t *nrealms,
+ int sep)
+{
+ krb5_error_code retval;
+ struct hstate c, s;
+ krb5_data *ctweens, *stweens, *twp, *r, *rp;
+ size_t nctween, nstween;
- for (scp = server->data; scp < com_sdot; scp++) {
- if (*scp == realm_branch_char) {
- links++;
- if (nocommon)
- prevscp = scp;
- }
- }
- if (nocommon) {
- if (prevccp)
- com_cdot = prevccp;
- if (prevscp)
- com_sdot = prevscp;
+ r = rp = NULL;
+ c.str = client->data;
+ c.len = client->length;
+ c.dot = c.tail = NULL;
+ s.str = server->data;
+ s.len = server->length;
+ s.dot = s.tail = NULL;
- if(com_cdot == client->data + client->length -1)
- com_cdot = client->data - 1 ;
- if(com_sdot == server->data + server->length -1)
- com_sdot = server->data - 1 ;
- }
- } /* end of if use hierarchical method */
+ comtail(&c, &s, sep);
+ adjtail(&c, &s, sep);
- if (!(rettree = (krb5_principal *)calloc((size_t)links+2,
- sizeof(krb5_principal)))) {
- return ENOMEM;
+ retval = rtree_hier_tweens(context, &c, &ctweens, &nctween, 1, sep);
+ if (retval) goto error;
+ retval = rtree_hier_tweens(context, &s, &stweens, &nstween, 0, sep);
+ if (retval) goto error;
+
+ *nrealms = nctween + nstween;
+ rp = r = calloc(*nrealms, sizeof(krb5_data));
+ if (r == NULL) {
+ retval = ENOMEM;
+ goto error;
}
- i = 1;
- if ((retval = krb5_tgtname(context, client, client, &rettree[0]))) {
- krb5_xfree(rettree);
- return retval;
+ /* Copy client realm "tweens" forward. */
+ for (twp = ctweens; twp < &ctweens[nctween]; twp++) {
+ retval = krb5int_copy_data_contents(context, twp, rp++);
+ if (retval) goto error;
}
- links--; /* dont count the null entry on end */
- if (cap_code == 0) { /* found a path above */
- tmpcrealm.data = client->data;
- tmpcrealm.length = client->length;
- while( i-1 <= links) {
-
- tmpsrealm.data = cap_nodes[i-1];
- /* don't count trailing whitespace from profile_get */
- tmpsrealm.length = strcspn(cap_nodes[i-1],"\t ");
- if ((retval = krb5_tgtname(context,
- &tmpsrealm,
- &tmpcrealm,
- &rettree[i]))) {
- while (i) {
- krb5_free_principal(context, rettree[i-1]);
- i--;
- }
- krb5_xfree(rettree);
- /* cleanup the cap_nodes from profile_get */
- for (i = 0; i<=links; i++) {
- krb5_xfree(cap_nodes[i]);
- }
- krb5_xfree((char *)cap_nodes);
- return retval;
- }
- tmpcrealm.data = tmpsrealm.data;
- tmpcrealm.length = tmpsrealm.length;
- i++;
+ /* Copy server realm "tweens" backward. */
+ for (twp = &stweens[nstween]; twp-- > stweens;) {
+ krb5int_copy_data_contents(context, twp, rp++);
+ if (retval) goto error;
+ }
+error:
+ if (retval) {
+ *nrealms = 0;
+ while (rp > r) {
+ krb5_free_data_contents(context, --rp);
}
- /* cleanup the cap_nodes from profile_get last one has server */
- for (i = 0; i<=links; i++) {
- krb5_xfree(cap_nodes[i]);
- }
- krb5_xfree((char *)cap_nodes);
- } else { /* if not cap then use hierarchical method */
- for (prevccp = ccp = client->data;
- ccp <= com_cdot;
- ccp++) {
- if (*ccp != realm_branch_char)
- continue;
- ++ccp; /* advance past dot */
- tmpcrealm.data = prevccp;
- tmpcrealm.length = client->length -
- (prevccp - client->data);
- tmpsrealm.data = ccp;
- tmpsrealm.length = client->length -
- (ccp - client->data);
- if ((retval = krb5_tgtname(context, &tmpsrealm, &tmpcrealm,
- &rettree[i]))) {
- while (i) {
- krb5_free_principal(context, rettree[i-1]);
- i--;
- }
- krb5_xfree(rettree);
- return retval;
- }
- prevccp = ccp;
- i++;
- }
- if (nocommon) {
- tmpcrealm.data = com_cdot + 1;
- tmpcrealm.length = client->length -
- (com_cdot + 1 - client->data);
- tmpsrealm.data = com_sdot + 1;
- tmpsrealm.length = server->length -
- (com_sdot + 1 - server->data);
- if ((retval = krb5_tgtname(context, &tmpsrealm, &tmpcrealm,
- &rettree[i]))) {
- while (i) {
- krb5_free_principal(context, rettree[i-1]);
- i--;
- }
- krb5_xfree(rettree);
- return retval;
- }
- i++;
- }
+ free(r);
+ r = NULL;
+ }
+ free(ctweens);
+ free(stweens);
+ *realms = r;
+ return retval;
+}
- for (prevscp = com_sdot + 1, scp = com_sdot - 1;
- scp > server->data;
- scp--) {
- if (*scp != realm_branch_char)
- continue;
- if (scp - 1 < server->data)
- break; /* XXX only if . starts realm? */
- tmpcrealm.data = prevscp;
- tmpcrealm.length = server->length -
- (prevscp - server->data);
- tmpsrealm.data = scp + 1;
- tmpsrealm.length = server->length -
- (scp + 1 - server->data);
- if ((retval = krb5_tgtname(context, &tmpsrealm, &tmpcrealm,
- &rettree[i]))) {
- while (i) {
- krb5_free_principal(context, rettree[i-1]);
- i--;
- }
- krb5_xfree(rettree);
- return retval;
- }
- prevscp = scp + 1;
- i++;
+/*
+ * Build a list of realms between a given realm and the common
+ * suffix. The original realm is included, but the "tail" is only
+ * included if DOTAIL is true.
+ *
+ * Warning: This function intentionally aliases memory. Caller must
+ * make copies as needed and not call krb5_free_data_contents, etc.
+ */
+static krb5_error_code
+rtree_hier_tweens(
+ krb5_context context,
+ struct hstate *realm,
+ krb5_data **tweens,
+ size_t *ntweens,
+ int dotail,
+ int sep)
+{
+ char *p, *r, *rtail, *lp;
+ size_t rlen, n;
+ krb5_data *tws, *ntws;
+
+ r = realm->str;
+ rlen = realm->len;
+ rtail = realm->tail;
+ *tweens = ntws = tws = NULL;
+ *ntweens = n = 0;
+
+ for (lp = p = r; p < &r[rlen]; p++) {
+ if (*p != sep && &p[1] != &r[rlen])
+ continue;
+ if (lp == rtail && !dotail)
+ break;
+ ntws = realloc(tws, (n + 1) * sizeof(krb5_data));
+ if (ntws == NULL) {
+ free(tws);
+ return ENOMEM;
}
- if (slen && com_sdot >= server->data) {
- /* only necessary if building down tree from ancestor or client */
- /* however, we can get here if we have only one component
- in the server realm name, hence we make sure we found a component
- separator there... */
- tmpcrealm.data = prevscp;
- tmpcrealm.length = server->length -
- (prevscp - server->data);
- if ((retval = krb5_tgtname(context, server, &tmpcrealm,
- &rettree[i]))) {
- while (i) {
- krb5_free_principal(context, rettree[i-1]);
- i--;
- }
- krb5_xfree(rettree);
- return retval;
- }
- }
+ tws = ntws;
+ tws[n].data = lp;
+ tws[n].length = &r[rlen] - lp;
+ n++;
+ if (lp == rtail)
+ break;
+ lp = &p[1];
}
- *tree = rettree;
+ *tweens = tws;
+ *ntweens = n;
+ return 0;
+}
-#ifdef DEBUG_REFERRALS
- printf("krb5_walk_realm_tree ending; tree (length %d) is:\n",links);
- for(i=0;i<links+2;i++) {
- if ((*tree)[i])
- krb5int_dbgref_dump_principal("krb5_walk_realm_tree tree",(*tree)[i]);
- else
- printf("tree element %i null\n");
+/*
+ * Adjust suffixes that each starts at the beginning of a component,
+ * to avoid the problem where "BC.EXAMPLE.COM" is erroneously reported
+ * as a parent of "ABC.EXAMPLE.COM".
+ */
+static void
+adjtail(struct hstate *c, struct hstate *s, int sep)
+{
+ int cfull, sfull;
+ char *cp, *sp;
+
+ cp = c->tail;
+ sp = s->tail;
+ if (cp == NULL || sp == NULL)
+ return;
+ /*
+ * Is it a full component? Yes, if it's the beginning of the
+ * string or there's a separator to the left.
+ *
+ * The index of -1 is valid because it only gets evaluated if the
+ * pointer is not at the beginning of the string.
+ */
+ cfull = (cp == c->str || cp[-1] == sep);
+ sfull = (sp == s->str || sp[-1] == sep);
+ /*
+ * If they're both full components, we're done.
+ */
+ if (cfull && sfull) {
+ return;
+ } else if (c->dot != NULL && s->dot != NULL) {
+ cp = c->dot + 1;
+ sp = s->dot + 1;
+ /*
+ * Out of bounds? Can only happen if there are trailing dots.
+ */
+ if (cp >= &c->str[c->len] || sp >= &s->str[s->len]) {
+ cp = sp = NULL;
+ }
+ } else {
+ cp = sp = NULL;
}
-#endif
- return 0;
+ c->tail = cp;
+ s->tail = sp;
}
-#ifdef DEBUG_REFERRALS
-void krb5int_dbgref_dump_principal(char *d, krb5_principal p)
+/*
+ * Find common suffix of C and S.
+ *
+ * C->TAIL and S->TAIL will point to the respective suffixes. C->DOT
+ * and S->DOT will point to the nearest instances of SEP to the right
+ * of the start of each suffix. Caller must initialize TAIL and DOT
+ * pointers to null.
+ */
+static void
+comtail(struct hstate *c, struct hstate *s, int sep)
{
- int n;
-
- printf(" **%s: ",d);
- for (n=0;n<p->length;n++)
- printf("%s<%.*s>",(n>0)?"/":"",p->data[n].length,p->data[n].data);
- printf("@<%.*s> (length %d, type %d)\n",p->realm.length,p->realm.data,
- p->length, p->type);
+ char *cp, *sp, *cdot, *sdot;
+
+ if (c->len == 0 || s->len == 0)
+ return;
+
+ cdot = sdot = NULL;
+ /*
+ * ANSI/ISO C allows a pointer one past the end but not one
+ * before the beginning of an array.
+ */
+ cp = &c->str[c->len];
+ sp = &s->str[s->len];
+ /*
+ * Set CP and SP to point to the common suffix of each string.
+ * When we run into separators (dots, unless someone has a X.500
+ * style realm), keep pointers to the latest pair.
+ */
+ while (cp > c->str && sp > s->str) {
+ if (*--cp != *--sp) {
+ /*
+ * Didn't match, so most recent match is one byte to the
+ * right (or not at all).
+ */
+ cp++;
+ sp++;
+ break;
+ }
+ /*
+ * Keep track of matching dots.
+ */
+ if (*cp == sep) {
+ cdot = cp;
+ sdot = sp;
+ }
+ }
+ /* No match found at all. */
+ if (cp == &c->str[c->len])
+ return;
+ c->tail = cp;
+ s->tail = sp;
+ c->dot = cdot;
+ s->dot = sdot;
}
-#endif
Modified: branches/mskrb-integ/src/lib/krb5/krb/walktree-tests
===================================================================
--- branches/mskrb-integ/src/lib/krb5/krb/walktree-tests 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb5/krb/walktree-tests 2009-01-03 03:00:25 UTC (rev 21678)
@@ -68,4 +68,12 @@
set A.EXAMPLE.COM EXAMPLE.COM "A.EXAMPLE.COM at A.EXAMPLE.COM EXAMPLE.COM at A.EXAMPLE.COM"
eval $check
+echo CAPATH test
+set ATHENA.MIT.EDU KERBEROS.COM "ATHENA.MIT.EDU at ATHENA.MIT.EDU KERBEROS.COM at ATHENA.MIT.EDU"
+eval $check
+
+echo CAPATH test
+set LCS.MIT.EDU KABLOOEY.KERBEROS.COM "LCS.MIT.EDU at LCS.MIT.EDU ATHENA.MIT.EDU at LCS.MIT.EDU KERBEROS.COM at ATHENA.MIT.EDU KABLOOEY.KERBEROS.COM at KERBEROS.COM"
+eval $check
+
exit $err
Modified: branches/mskrb-integ/src/lib/krb5/libkrb5.exports
===================================================================
--- branches/mskrb-integ/src/lib/krb5/libkrb5.exports 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb5/libkrb5.exports 2009-01-03 03:00:25 UTC (rev 21678)
@@ -274,6 +274,7 @@
krb5_get_default_in_tkt_ktypes
krb5_get_default_realm
krb5_get_error_message
+krb5_get_fallback_host_realm
krb5_get_host_realm
krb5_get_in_tkt
krb5_get_in_tkt_with_keytab
Modified: branches/mskrb-integ/src/lib/krb5/os/hst_realm.c
===================================================================
--- branches/mskrb-integ/src/lib/krb5/os/hst_realm.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb5/os/hst_realm.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -78,6 +78,10 @@
#include "fake-addrinfo.h"
+static krb5_error_code
+domain_heuristic(krb5_context context, const char *domain,
+ char **realm, int limit);
+
#ifdef KRB5_DNS_LOOKUP
#include "dnsglue.h"
@@ -334,7 +338,7 @@
krb5_get_fallback_host_realm(krb5_context context, krb5_data *hdata, char ***realmsp)
{
char **retrealms;
- char *default_realm, *realm, *cp, *temp_realm;
+ char *realm, *cp;
krb5_error_code retval;
char local_host[MAXDNAME+1], host[MAXDNAME+1];
@@ -348,71 +352,71 @@
krb5int_clean_hostname(context, host, local_host, sizeof local_host);
- /* Scan hostname for DNS realm, and save as last-ditch realm
- assumption. */
- cp = local_host;
-#ifdef DEBUG_REFERRALS
- printf(" local_host: %s\n",local_host);
-#endif
- realm = default_realm = (char *)NULL;
- temp_realm = 0;
- while (cp && !default_realm) {
- if (*cp == '.') {
- cp++;
- if (default_realm == (char *)NULL) {
- /* If nothing else works, use the host's domain */
- default_realm = cp;
- }
- } else {
- cp = strchr(cp, '.');
- }
+ /*
+ * Try looking up a _kerberos.<hostname> TXT record in DNS. This
+ * heuristic is turned off by default since, in the absence of
+ * secure DNS, it can allow an attacker to control the realm used
+ * for a host.
+ */
+ realm = (char *)NULL;
+#ifdef KRB5_DNS_LOOKUP
+ if (_krb5_use_dns_realm(context)) {
+ cp = local_host;
+ do {
+ retval = krb5_try_realm_txt_rr("_kerberos", cp, &realm);
+ cp = strchr(cp,'.');
+ if (cp)
+ cp++;
+ } while (retval && cp && cp[0]);
}
-#ifdef DEBUG_REFERRALS
- printf(" done finding DNS-based default realm: >%s<\n",default_realm);
-#endif
+#endif /* KRB5_DNS_LOOKUP */
-#ifdef KRB5_DNS_LOOKUP
+ /*
+ * Next try searching the domain components as realms. This
+ * heuristic is also turned off by default. If DNS lookups for
+ * KDCs are enabled (as they are by default), an attacker could
+ * control which domain component is used as the realm for a host.
+ */
if (realm == (char *)NULL) {
- int use_dns = _krb5_use_dns_realm(context);
- if ( use_dns ) {
- /*
- * Since this didn't appear in our config file, try looking
- * it up via DNS. Look for a TXT records of the form:
- *
- * _kerberos.<hostname>
- *
- */
- cp = local_host;
- do {
- retval = krb5_try_realm_txt_rr("_kerberos", cp, &realm);
- cp = strchr(cp,'.');
- if (cp)
- cp++;
- } while (retval && cp && cp[0]);
- }
+ int limit;
+ errcode_t code;
+
+ code = profile_get_integer(context->profile, "libdefaults",
+ "realm_try_domains", 0, -1, &limit);
+ if (code == 0) {
+ retval = domain_heuristic(context, local_host, &realm, limit);
+ if (retval)
+ return retval;
+ }
}
-#endif /* KRB5_DNS_LOOKUP */
-
+ /*
+ * The next fallback--and the first one to apply with default
+ * configuration--is to use the upper-cased parent domain of the
+ * hostname, regardless of whether we can actually look it up as a
+ * realm.
+ */
if (realm == (char *)NULL) {
- if (default_realm != (char *)NULL) {
- /* We are defaulting to the realm of the host */
- if (!(cp = strdup(default_realm)))
- return ENOMEM;
- realm = cp;
-
- /* Assume the realm name is upper case */
+ cp = strchr(local_host, '.');
+ if (cp) {
+ if (!(realm = strdup(cp + 1)))
+ return ENOMEM;
for (cp = realm; *cp; cp++)
if (islower((int) (*cp)))
*cp = toupper((int) *cp);
- } else {
- /* We are defaulting to the local realm */
- retval = krb5_get_default_realm(context, &realm);
- if (retval) {
- return retval;
- }
- }
+ }
}
+
+ /*
+ * The final fallback--used when the fully-qualified hostname has
+ * only one component--is to use the local default realm.
+ */
+ if (realm == (char *)NULL) {
+ retval = krb5_get_default_realm(context, &realm);
+ if (retval)
+ return retval;
+ }
+
if (!(retrealms = (char **)calloc(2, sizeof(*retrealms)))) {
if (realm != (char *)NULL)
free(realm);
@@ -488,3 +492,70 @@
#endif
return 0;
}
+
+/*
+ * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
+ * Use is subject to license terms.
+ */
+
+/*
+ * Walk through the components of a domain. At each stage determine
+ * if a KDC can be located for that domain. Return a realm
+ * corresponding to the upper-cased domain name for which a KDC was
+ * found or NULL if no KDC was found. Stop searching after limit
+ * labels have been removed from the domain (-1 means don't search at
+ * all, 0 means try only the full domain itself, 1 means also try the
+ * parent domain, etc.) or when we reach a parent with only one label.
+ */
+static krb5_error_code
+domain_heuristic(krb5_context context, const char *domain,
+ char **realm, int limit)
+{
+ krb5_error_code retval = 0, r;
+ struct addrlist alist;
+ krb5_data drealm;
+ char *cp = NULL;
+ char *fqdn = NULL;
+
+ *realm = NULL;
+ if (limit < 0)
+ return 0;
+
+ memset(&drealm, 0, sizeof (drealm));
+ if (!(fqdn = strdup(domain))) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+
+ /* Upper case the domain (for use as a realm) */
+ for (cp = fqdn; *cp; cp++)
+ if (islower((int)(*cp)))
+ *cp = toupper((int)*cp);
+
+ /* Search up to limit parents, as long as we have multiple labels. */
+ cp = fqdn;
+ while (limit-- >= 0 && strchr(cp, '.') != NULL) {
+
+ drealm.length = strlen(cp);
+ drealm.data = cp;
+
+ /* Find a kdc based on this part of the domain name. */
+ r = krb5_locate_kdc(context, &drealm, &alist, 0, SOCK_DGRAM, 0);
+ if (!r) { /* Found a KDC! */
+ krb5int_free_addrlist(&alist);
+ if (!(*realm = strdup(cp))) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+ break;
+ }
+
+ cp = strchr(cp, '.');
+ cp++;
+ }
+
+cleanup:
+ if (fqdn)
+ free(fqdn);
+ return retval;
+}
Modified: branches/mskrb-integ/src/lib/krb5/rcache/rc-int.h
===================================================================
--- branches/mskrb-integ/src/lib/krb5/rcache/rc-int.h 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb5/rcache/rc-int.h 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
/*
* lib/krb5/keytab/rc-int.h
*
@@ -8,7 +9,7 @@
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
- *
+ *
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
@@ -22,8 +23,8 @@
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
- *
*
+ *
* This file contains constant and function declarations used in the
* file-based replay cache routines.
*/
@@ -46,25 +47,25 @@
krb5_magic magic;
char *type;
krb5_error_code (KRB5_CALLCONV *init)
- (krb5_context, krb5_rcache,krb5_deltat); /* create */
+ (krb5_context, krb5_rcache,krb5_deltat); /* create */
krb5_error_code (KRB5_CALLCONV *recover)
- (krb5_context, krb5_rcache); /* open */
+ (krb5_context, krb5_rcache); /* open */
krb5_error_code (KRB5_CALLCONV *recover_or_init)
- (krb5_context, krb5_rcache,krb5_deltat);
+ (krb5_context, krb5_rcache,krb5_deltat);
krb5_error_code (KRB5_CALLCONV *destroy)
- (krb5_context, krb5_rcache);
+ (krb5_context, krb5_rcache);
krb5_error_code (KRB5_CALLCONV *close)
- (krb5_context, krb5_rcache);
+ (krb5_context, krb5_rcache);
krb5_error_code (KRB5_CALLCONV *store)
- (krb5_context, krb5_rcache,krb5_donot_replay *);
+ (krb5_context, krb5_rcache,krb5_donot_replay *);
krb5_error_code (KRB5_CALLCONV *expunge)
- (krb5_context, krb5_rcache);
+ (krb5_context, krb5_rcache);
krb5_error_code (KRB5_CALLCONV *get_span)
- (krb5_context, krb5_rcache,krb5_deltat *);
+ (krb5_context, krb5_rcache,krb5_deltat *);
char *(KRB5_CALLCONV *get_name)
- (krb5_context, krb5_rcache);
+ (krb5_context, krb5_rcache);
krb5_error_code (KRB5_CALLCONV *resolve)
- (krb5_context, krb5_rcache, char *);
+ (krb5_context, krb5_rcache, char *);
};
typedef struct _krb5_rc_ops krb5_rc_ops;
Modified: branches/mskrb-integ/src/lib/krb5/rcache/rc_base.c
===================================================================
--- branches/mskrb-integ/src/lib/krb5/rcache/rc_base.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb5/rcache/rc_base.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
/*
* lib/krb5/rcache/rc_base.c
*
@@ -6,7 +7,6 @@
*
*/
-
/*
* Base "glue" functions for the replay cache.
*/
@@ -35,29 +35,29 @@
struct krb5_rc_typelist *t, *t_next;
k5_mutex_destroy(&rc_typelist_lock);
for (t = typehead; t != &krb5_rc_typelist_dfl; t = t_next) {
- t_next = t->next;
- free(t);
+ t_next = t->next;
+ free(t);
}
}
krb5_error_code krb5_rc_register_type(krb5_context context,
- const krb5_rc_ops *ops)
+ const krb5_rc_ops *ops)
{
struct krb5_rc_typelist *t;
krb5_error_code err;
err = k5_mutex_lock(&rc_typelist_lock);
if (err)
- return err;
+ return err;
for (t = typehead;t && strcmp(t->ops->type,ops->type);t = t->next)
- ;
+ ;
if (t) {
- k5_mutex_unlock(&rc_typelist_lock);
- return KRB5_RC_TYPE_EXISTS;
+ k5_mutex_unlock(&rc_typelist_lock);
+ return KRB5_RC_TYPE_EXISTS;
}
t = (struct krb5_rc_typelist *) malloc(sizeof(struct krb5_rc_typelist));
if (t == NULL) {
- k5_mutex_unlock(&rc_typelist_lock);
- return KRB5_RC_MALLOC;
+ k5_mutex_unlock(&rc_typelist_lock);
+ return KRB5_RC_MALLOC;
}
t->next = typehead;
t->ops = ops;
@@ -67,18 +67,18 @@
}
krb5_error_code krb5_rc_resolve_type(krb5_context context, krb5_rcache *id,
- char *type)
+ char *type)
{
struct krb5_rc_typelist *t;
krb5_error_code err;
err = k5_mutex_lock(&rc_typelist_lock);
if (err)
- return err;
+ return err;
for (t = typehead;t && strcmp(t->ops->type,type);t = t->next)
- ;
+ ;
if (!t) {
- k5_mutex_unlock(&rc_typelist_lock);
- return KRB5_RC_TYPE_NOTFOUND;
+ k5_mutex_unlock(&rc_typelist_lock);
+ return KRB5_RC_TYPE_NOTFOUND;
}
/* allocate *id? nah */
(*id)->ops = t->ops;
@@ -95,18 +95,18 @@
{
char *s;
if ((s = getenv("KRB5RCACHETYPE")))
- return s;
+ return s;
else
- return "dfl";
+ return "dfl";
}
char * krb5_rc_default_name(krb5_context context)
{
char *s;
if ((s = getenv("KRB5RCACHENAME")))
- return s;
+ return s;
else
- return (char *) 0;
+ return (char *) 0;
}
krb5_error_code
@@ -115,18 +115,18 @@
krb5_error_code retval;
if (!(*id = (krb5_rcache )malloc(sizeof(**id))))
- return KRB5_RC_MALLOC;
+ return KRB5_RC_MALLOC;
- if ((retval = krb5_rc_resolve_type(context, id,
- krb5_rc_default_type(context)))) {
- FREE(*id);
- return retval;
+ if ((retval = krb5_rc_resolve_type(context, id,
+ krb5_rc_default_type(context)))) {
+ FREE(*id);
+ return retval;
}
- if ((retval = krb5_rc_resolve(context, *id,
- krb5_rc_default_name(context)))) {
- k5_mutex_destroy(&(*id)->lock);
- FREE(*id);
- return retval;
+ if ((retval = krb5_rc_resolve(context, *id,
+ krb5_rc_default_name(context)))) {
+ k5_mutex_destroy(&(*id)->lock);
+ FREE(*id);
+ return retval;
}
(*id)->magic = KV5M_RCACHE;
return retval;
@@ -141,31 +141,30 @@
unsigned int diff;
if (!(residual = strchr(string_name,':')))
- return KRB5_RC_PARSE;
-
+ return KRB5_RC_PARSE;
+
diff = residual - string_name;
if (!(type = malloc(diff + 1)))
- return KRB5_RC_MALLOC;
+ return KRB5_RC_MALLOC;
(void) strncpy(type, string_name, diff);
type[residual - string_name] = '\0';
if (!(*id = (krb5_rcache) malloc(sizeof(**id)))) {
- FREE(type);
- return KRB5_RC_MALLOC;
+ FREE(type);
+ return KRB5_RC_MALLOC;
}
if ((retval = krb5_rc_resolve_type(context, id,type))) {
- FREE(type);
- FREE(*id);
- return retval;
+ FREE(type);
+ FREE(*id);
+ return retval;
}
FREE(type);
if ((retval = krb5_rc_resolve(context, *id,residual + 1))) {
- k5_mutex_destroy(&(*id)->lock);
- FREE(*id);
- return retval;
+ k5_mutex_destroy(&(*id)->lock);
+ FREE(*id);
+ return retval;
}
(*id)->magic = KV5M_RCACHE;
return retval;
}
-
Modified: branches/mskrb-integ/src/lib/krb5/rcache/rc_base.h
===================================================================
--- branches/mskrb-integ/src/lib/krb5/rcache/rc_base.h 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb5/rcache/rc_base.h 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
/*
* lib/krb5/rcache/rc_base.h
*
Modified: branches/mskrb-integ/src/lib/krb5/rcache/rc_conv.c
===================================================================
--- branches/mskrb-integ/src/lib/krb5/rcache/rc_conv.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb5/rcache/rc_conv.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
/*
* lib/krb5/rcache/rc_conv.c
*
@@ -6,7 +7,6 @@
*
*/
-
/*
* An implementation for the default replay cache type.
*/
@@ -16,23 +16,23 @@
#include "rc_base.h"
/*
-Local stuff:
- krb5_auth_to_replay(context, krb5_tkt_authent *auth,krb5_donot_replay *rep)
+ Local stuff:
+ krb5_auth_to_replay(context, krb5_tkt_authent *auth,krb5_donot_replay *rep)
given auth, take important information and make rep; return -1 if failed
*/
krb5_error_code
krb5_auth_to_rep(krb5_context context, krb5_tkt_authent *auth, krb5_donot_replay *rep)
{
- krb5_error_code retval;
- rep->cusec = auth->authenticator->cusec;
- rep->ctime = auth->authenticator->ctime;
- if ((retval = krb5_unparse_name(context, auth->ticket->server, &rep->server)))
- return retval; /* shouldn't happen */
- if ((retval = krb5_unparse_name(context, auth->authenticator->client,
- &rep->client))) {
- FREE(rep->server);
- return retval; /* shouldn't happen. */
- }
- return 0;
+ krb5_error_code retval;
+ rep->cusec = auth->authenticator->cusec;
+ rep->ctime = auth->authenticator->ctime;
+ if ((retval = krb5_unparse_name(context, auth->ticket->server, &rep->server)))
+ return retval; /* shouldn't happen */
+ if ((retval = krb5_unparse_name(context, auth->authenticator->client,
+ &rep->client))) {
+ FREE(rep->server);
+ return retval; /* shouldn't happen. */
+ }
+ return 0;
}
Modified: branches/mskrb-integ/src/lib/krb5/rcache/rc_dfl.c
===================================================================
--- branches/mskrb-integ/src/lib/krb5/rcache/rc_dfl.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb5/rcache/rc_dfl.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
/*
* lib/krb5/rcache/rc_dfl.c
*
@@ -6,7 +7,6 @@
*
*/
-
/*
* An implementation for the default replay cache type.
*/
@@ -22,23 +22,23 @@
*/
/*
-Local stuff:
+ Local stuff:
-static int hash(krb5_donot_replay *rep, int hsize)
+ static int hash(krb5_donot_replay *rep, int hsize)
returns hash value of *rep, between 0 and hsize - 1
-HASHSIZE
+ HASHSIZE
size of hash table (constant), can be preset
-static int cmp(krb5_donot_replay *old, krb5_donot_replay *new, krb5_deltat t)
+ static int cmp(krb5_donot_replay *old, krb5_donot_replay *new, krb5_deltat t)
compare old and new; return CMP_REPLAY or CMP_HOHUM
-static int alive(krb5_context, krb5_donot_replay *new, krb5_deltat t)
+ static int alive(krb5_context, krb5_donot_replay *new, krb5_deltat t)
see if new is still alive; return CMP_EXPIRED or CMP_HOHUM
-CMP_MALLOC, CMP_EXPIRED, CMP_REPLAY, CMP_HOHUM
+ CMP_MALLOC, CMP_EXPIRED, CMP_REPLAY, CMP_HOHUM
return codes from cmp(), alive(), and store()
-struct dfl_data
+ struct dfl_data
data stored in this cache type, namely "dfl"
-struct authlist
+ struct authlist
multilinked list of reps
-static int rc_store(context, krb5_rcache id, krb5_donot_replay *rep)
+ static int rc_store(context, krb5_rcache id, krb5_donot_replay *rep)
store rep in cache id; return CMP_REPLAY if replay, else CMP_MALLOC/CMP_HOHUM
*/
@@ -83,10 +83,10 @@
cmp(krb5_donot_replay *old, krb5_donot_replay *new1, krb5_deltat t)
{
if ((old->cusec == new1->cusec) && /* most likely to distinguish */
- (old->ctime == new1->ctime) &&
- (strcmp(old->client, new1->client) == 0) &&
- (strcmp(old->server, new1->server) == 0)) /* always true */
- return CMP_REPLAY;
+ (old->ctime == new1->ctime) &&
+ (strcmp(old->client, new1->client) == 0) &&
+ (strcmp(old->server, new1->server) == 0)) /* always true */
+ return CMP_REPLAY;
return CMP_HOHUM;
}
@@ -94,10 +94,10 @@
alive(krb5_int32 mytime, krb5_donot_replay *new1, krb5_deltat t)
{
if (mytime == 0)
- return CMP_HOHUM; /* who cares? */
+ return CMP_HOHUM; /* who cares? */
/* I hope we don't have to worry about overflow */
if (new1->ctime + t < mytime)
- return CMP_EXPIRED;
+ return CMP_EXPIRED;
return CMP_HOHUM;
}
@@ -128,7 +128,7 @@
static int
rc_store(krb5_context context, krb5_rcache id, krb5_donot_replay *rep,
- krb5_int32 now)
+ krb5_int32 now)
{
struct dfl_data *t = (struct dfl_data *)id->data;
unsigned int rephash;
@@ -137,34 +137,34 @@
rephash = hash(rep, t->hsize);
for (ta = t->h[rephash]; ta; ta = ta->nh) {
- switch(cmp(&ta->rep, rep, t->lifespan))
- {
- case CMP_REPLAY:
- return CMP_REPLAY;
- case CMP_HOHUM:
- if (alive(now, &ta->rep, t->lifespan) == CMP_EXPIRED)
- t->nummisses++;
- else
- t->numhits++;
- break;
- default:
- ; /* wtf? */
- }
+ switch(cmp(&ta->rep, rep, t->lifespan))
+ {
+ case CMP_REPLAY:
+ return CMP_REPLAY;
+ case CMP_HOHUM:
+ if (alive(now, &ta->rep, t->lifespan) == CMP_EXPIRED)
+ t->nummisses++;
+ else
+ t->numhits++;
+ break;
+ default:
+ ; /* wtf? */
+ }
}
if (!(ta = (struct authlist *) malloc(sizeof(struct authlist))))
- return CMP_MALLOC;
+ return CMP_MALLOC;
ta->na = t->a; t->a = ta;
ta->nh = t->h[rephash]; t->h[rephash] = ta;
ta->rep = *rep;
if (!(ta->rep.client = strdup(rep->client))) {
- FREE(ta);
- return CMP_MALLOC;
+ FREE(ta);
+ return CMP_MALLOC;
}
if (!(ta->rep.server = strdup(rep->server))) {
- FREE(ta->rep.client);
- FREE(ta);
- return CMP_MALLOC;
+ FREE(ta->rep.client);
+ FREE(ta);
+ return CMP_MALLOC;
}
return CMP_HOHUM;
@@ -178,14 +178,14 @@
krb5_error_code KRB5_CALLCONV
krb5_rc_dfl_get_span(krb5_context context, krb5_rcache id,
- krb5_deltat *lifespan)
+ krb5_deltat *lifespan)
{
krb5_error_code err;
struct dfl_data *t;
err = k5_mutex_lock(&id->lock);
if (err)
- return err;
+ return err;
t = (struct dfl_data *) id->data;
*lifespan = t->lifespan;
k5_mutex_unlock(&id->lock);
@@ -202,12 +202,12 @@
/* default to clockskew from the context */
#ifndef NOIOSTUFF
if ((retval = krb5_rc_io_creat(context, &t->d, &t->name))) {
- return retval;
+ return retval;
}
if ((krb5_rc_io_write(context, &t->d,
- (krb5_pointer) &t->lifespan, sizeof(t->lifespan))
- || krb5_rc_io_sync(context, &t->d))) {
- return KRB5_RC_IO;
+ (krb5_pointer) &t->lifespan, sizeof(t->lifespan))
+ || krb5_rc_io_sync(context, &t->d))) {
+ return KRB5_RC_IO;
}
#endif
return 0;
@@ -220,7 +220,7 @@
retval = k5_mutex_lock(&id->lock);
if (retval)
- return retval;
+ return retval;
retval = krb5_rc_dfl_init_locked(context, id, lifespan);
k5_mutex_unlock(&id->lock);
return retval;
@@ -235,13 +235,13 @@
FREE(t->h);
if (t->name)
- FREE(t->name);
+ FREE(t->name);
while ((q = t->a))
{
- t->a = q->na;
- FREE(q->rep.client);
- FREE(q->rep.server);
- FREE(q);
+ t->a = q->na;
+ FREE(q->rep.client);
+ FREE(q->rep.server);
+ FREE(q);
}
#ifndef NOIOSTUFF
(void) krb5_rc_io_close(context, &t->d);
@@ -256,7 +256,7 @@
krb5_error_code retval;
retval = k5_mutex_lock(&id->lock);
if (retval)
- return retval;
+ return retval;
krb5_rc_dfl_close_no_free(context, id);
k5_mutex_unlock(&id->lock);
k5_mutex_destroy(&id->lock);
@@ -269,7 +269,7 @@
{
#ifndef NOIOSTUFF
if (krb5_rc_io_destroy(context, &((struct dfl_data *) (id->data))->d))
- return KRB5_RC_IO;
+ return KRB5_RC_IO;
#endif
return krb5_rc_dfl_close(context, id);
}
@@ -282,22 +282,22 @@
/* allocate id? no */
if (!(t = (struct dfl_data *) calloc(1, sizeof(struct dfl_data))))
- return KRB5_RC_MALLOC;
+ return KRB5_RC_MALLOC;
id->data = (krb5_pointer) t;
if (name) {
- t->name = strdup(name);
- if (!t->name) {
- retval = KRB5_RC_MALLOC;
- goto cleanup;
- }
+ t->name = strdup(name);
+ if (!t->name) {
+ retval = KRB5_RC_MALLOC;
+ goto cleanup;
+ }
} else
- t->name = 0;
+ t->name = 0;
t->numhits = t->nummisses = 0;
t->hsize = HASHSIZE; /* no need to store---it's memory-only */
t->h = (struct authlist **) malloc(t->hsize*sizeof(struct authlist *));
if (!t->h) {
- retval = KRB5_RC_MALLOC;
- goto cleanup;
+ retval = KRB5_RC_MALLOC;
+ goto cleanup;
}
memset(t->h, 0, t->hsize*sizeof(struct authlist *));
t->a = (struct authlist *) 0;
@@ -309,11 +309,11 @@
cleanup:
if (t) {
- if (t->name)
- krb5_xfree(t->name);
- if (t->h)
- krb5_xfree(t->h);
- krb5_xfree(t);
+ if (t->name)
+ krb5_xfree(t->name);
+ if (t->h)
+ krb5_xfree(t->h);
+ krb5_xfree(t);
}
return retval;
}
@@ -326,20 +326,20 @@
*rep = NULL;
if (rp)
{
- if (rp->client)
- free(rp->client);
+ if (rp->client)
+ free(rp->client);
- if (rp->server)
- free(rp->server);
- rp->client = NULL;
- rp->server = NULL;
- free(rp);
+ if (rp->server)
+ free(rp->server);
+ rp->client = NULL;
+ rp->server = NULL;
+ free(rp);
}
}
static krb5_error_code
krb5_rc_io_fetch(krb5_context context, struct dfl_data *t,
- krb5_donot_replay *rep, int maxlen)
+ krb5_donot_replay *rep, int maxlen)
{
int len2;
unsigned int len;
@@ -348,60 +348,60 @@
rep->client = rep->server = 0;
retval = krb5_rc_io_read(context, &t->d, (krb5_pointer) &len2,
- sizeof(len2));
+ sizeof(len2));
if (retval)
- return retval;
+ return retval;
if ((len2 <= 0) || (len2 >= maxlen))
- return KRB5_RC_IO_EOF;
+ return KRB5_RC_IO_EOF;
len = len2;
rep->client = malloc (len);
if (!rep->client)
- return KRB5_RC_MALLOC;
+ return KRB5_RC_MALLOC;
retval = krb5_rc_io_read(context, &t->d, (krb5_pointer) rep->client, len);
if (retval)
- goto errout;
+ goto errout;
- retval = krb5_rc_io_read(context, &t->d, (krb5_pointer) &len2,
- sizeof(len2));
+ retval = krb5_rc_io_read(context, &t->d, (krb5_pointer) &len2,
+ sizeof(len2));
if (retval)
- goto errout;
+ goto errout;
if ((len2 <= 0) || (len2 >= maxlen)) {
- retval = KRB5_RC_IO_EOF;
- goto errout;
+ retval = KRB5_RC_IO_EOF;
+ goto errout;
}
len = len2;
rep->server = malloc (len);
if (!rep->server) {
- retval = KRB5_RC_MALLOC;
- goto errout;
+ retval = KRB5_RC_MALLOC;
+ goto errout;
}
retval = krb5_rc_io_read(context, &t->d, (krb5_pointer) rep->server, len);
if (retval)
- goto errout;
+ goto errout;
retval = krb5_rc_io_read(context, &t->d, (krb5_pointer) &rep->cusec,
- sizeof(rep->cusec));
+ sizeof(rep->cusec));
if (retval)
- goto errout;
+ goto errout;
retval = krb5_rc_io_read(context, &t->d, (krb5_pointer) &rep->ctime,
- sizeof(rep->ctime));
+ sizeof(rep->ctime));
if (retval)
- goto errout;
+ goto errout;
return 0;
errout:
if (rep->client)
- krb5_xfree(rep->client);
+ krb5_xfree(rep->client);
if (rep->server)
- krb5_xfree(rep->server);
+ krb5_xfree(rep->server);
rep->client = rep->server = 0;
return retval;
}
@@ -425,7 +425,7 @@
krb5_int32 now;
if ((retval = krb5_rc_io_open(context, &t->d, t->name))) {
- return retval;
+ return retval;
}
t->recovering = 1;
@@ -434,50 +434,50 @@
rep = NULL;
if (krb5_rc_io_read(context, &t->d, (krb5_pointer) &t->lifespan,
- sizeof(t->lifespan))) {
- retval = KRB5_RC_IO;
- goto io_fail;
+ sizeof(t->lifespan))) {
+ retval = KRB5_RC_IO;
+ goto io_fail;
}
if (!(rep = (krb5_donot_replay *) malloc(sizeof(krb5_donot_replay)))) {
- retval = KRB5_RC_MALLOC;
- goto io_fail;
+ retval = KRB5_RC_MALLOC;
+ goto io_fail;
}
rep->client = NULL;
rep->server = NULL;
if (krb5_timeofday(context, &now))
- now = 0;
+ now = 0;
/* now read in each auth_replay and insert into table */
for (;;) {
- if (krb5_rc_io_mark(context, &t->d)) {
- retval = KRB5_RC_IO;
- goto io_fail;
- }
+ if (krb5_rc_io_mark(context, &t->d)) {
+ retval = KRB5_RC_IO;
+ goto io_fail;
+ }
- retval = krb5_rc_io_fetch(context, t, rep, (int) max_size);
+ retval = krb5_rc_io_fetch(context, t, rep, (int) max_size);
- if (retval == KRB5_RC_IO_EOF)
- break;
- else if (retval != 0)
- goto io_fail;
+ if (retval == KRB5_RC_IO_EOF)
+ break;
+ else if (retval != 0)
+ goto io_fail;
- if (alive(now, rep, t->lifespan) != CMP_EXPIRED) {
- if (rc_store(context, id, rep, now) == CMP_MALLOC) {
- retval = KRB5_RC_MALLOC; goto io_fail;
- }
- } else {
- expired_entries++;
- }
- /*
- * free fields allocated by rc_io_fetch
- */
- FREE(rep->server);
- FREE(rep->client);
- rep->server = 0;
- rep->client = 0;
+ if (alive(now, rep, t->lifespan) != CMP_EXPIRED) {
+ if (rc_store(context, id, rep, now) == CMP_MALLOC) {
+ retval = KRB5_RC_MALLOC; goto io_fail;
+ }
+ } else {
+ expired_entries++;
+ }
+ /*
+ * free fields allocated by rc_io_fetch
+ */
+ FREE(rep->server);
+ FREE(rep->client);
+ rep->server = 0;
+ rep->client = 0;
}
retval = 0;
krb5_rc_io_unmark(context, &t->d);
@@ -488,9 +488,9 @@
io_fail:
krb5_rc_free_entry(context, &rep);
if (retval)
- krb5_rc_io_close(context, &t->d);
+ krb5_rc_io_close(context, &t->d);
else if (expired_entries > EXCESSREPS)
- retval = krb5_rc_dfl_expunge_locked(context, id);
+ retval = krb5_rc_dfl_expunge_locked(context, id);
t->recovering = 0;
return retval;
@@ -503,7 +503,7 @@
krb5_error_code ret;
ret = k5_mutex_lock(&id->lock);
if (ret)
- return ret;
+ return ret;
ret = krb5_rc_dfl_recover_locked(context, id);
k5_mutex_unlock(&id->lock);
return ret;
@@ -511,23 +511,23 @@
krb5_error_code KRB5_CALLCONV
krb5_rc_dfl_recover_or_init(krb5_context context, krb5_rcache id,
- krb5_deltat lifespan)
+ krb5_deltat lifespan)
{
krb5_error_code retval;
retval = k5_mutex_lock(&id->lock);
if (retval)
- return retval;
+ return retval;
retval = krb5_rc_dfl_recover_locked(context, id);
if (retval)
- retval = krb5_rc_dfl_init_locked(context, id, lifespan);
+ retval = krb5_rc_dfl_init_locked(context, id, lifespan);
k5_mutex_unlock(&id->lock);
return retval;
}
static krb5_error_code
krb5_rc_io_store(krb5_context context, struct dfl_data *t,
- krb5_donot_replay *rep)
+ krb5_donot_replay *rep)
{
unsigned int clientlen, serverlen, len;
char *buf, *ptr;
@@ -536,10 +536,10 @@
clientlen = strlen(rep->client) + 1;
serverlen = strlen(rep->server) + 1;
len = sizeof(clientlen) + clientlen + sizeof(serverlen) + serverlen +
- sizeof(rep->cusec) + sizeof(rep->ctime);
+ sizeof(rep->cusec) + sizeof(rep->ctime);
buf = malloc(len);
if (buf == 0)
- return KRB5_RC_MALLOC;
+ return KRB5_RC_MALLOC;
ptr = buf;
memcpy(ptr, &clientlen, sizeof(clientlen)); ptr += sizeof(clientlen);
memcpy(ptr, rep->client, clientlen); ptr += clientlen;
@@ -564,19 +564,19 @@
ret = krb5_timeofday(context, &now);
if (ret)
- return ret;
+ return ret;
ret = k5_mutex_lock(&id->lock);
if (ret)
- return ret;
+ return ret;
switch(rc_store(context, id, rep, now)) {
case CMP_MALLOC:
- k5_mutex_unlock(&id->lock);
- return KRB5_RC_MALLOC;
+ k5_mutex_unlock(&id->lock);
+ return KRB5_RC_MALLOC;
case CMP_REPLAY:
- k5_mutex_unlock(&id->lock);
- return KRB5KRB_AP_ERR_REPEAT;
+ k5_mutex_unlock(&id->lock);
+ return KRB5KRB_AP_ERR_REPEAT;
case 0: break;
default: /* wtf? */ ;
}
@@ -584,24 +584,24 @@
#ifndef NOIOSTUFF
ret = krb5_rc_io_store(context, t, rep);
if (ret) {
- k5_mutex_unlock(&id->lock);
- return ret;
+ k5_mutex_unlock(&id->lock);
+ return ret;
}
#endif
/* Shall we automatically expunge? */
if (t->nummisses > t->numhits + EXCESSREPS)
{
- ret = krb5_rc_dfl_expunge_locked(context, id);
- k5_mutex_unlock(&id->lock);
- return ret;
+ ret = krb5_rc_dfl_expunge_locked(context, id);
+ k5_mutex_unlock(&id->lock);
+ return ret;
}
#ifndef NOIOSTUFF
else
{
- if (krb5_rc_io_sync(context, &t->d)) {
- k5_mutex_unlock(&id->lock);
- return KRB5_RC_IO;
- }
+ if (krb5_rc_io_sync(context, &t->d)) {
+ k5_mutex_unlock(&id->lock);
+ return KRB5_RC_IO;
+ }
}
#endif
k5_mutex_unlock(&id->lock);
@@ -621,24 +621,24 @@
krb5_int32 now;
if (krb5_timestamp(context, &now))
- now = 0;
+ now = 0;
for (q = &t->a; *q; q = qt) {
- qt = &(*q)->na;
- if (alive(now, &(*q)->rep, t->lifespan) == CMP_EXPIRED) {
- FREE((*q)->rep.client);
- FREE((*q)->rep.server);
- FREE(*q);
- *q = *qt; /* why doesn't this feel right? */
- }
+ qt = &(*q)->na;
+ if (alive(now, &(*q)->rep, t->lifespan) == CMP_EXPIRED) {
+ FREE((*q)->rep.client);
+ FREE((*q)->rep.server);
+ FREE(*q);
+ *q = *qt; /* why doesn't this feel right? */
+ }
}
for (i = 0; i < t->hsize; i++)
- t->h[i] = (struct authlist *) 0;
+ t->h[i] = (struct authlist *) 0;
for (r = t->a; r; r = r->na) {
- i = hash(&r->rep, t->hsize);
- rt = t->h[i];
- t->h[i] = r;
- r->nh = rt;
+ i = hash(&r->rep, t->hsize);
+ rt = t->h[i];
+ t->h[i] = r;
+ r->nh = rt;
}
return 0;
#else
@@ -649,22 +649,22 @@
krb5_deltat lifespan = t->lifespan; /* save original lifespan */
if (! t->recovering) {
- name = t->name;
- t->name = 0; /* Clear name so it isn't freed */
- (void) krb5_rc_dfl_close_no_free(context, id);
- retval = krb5_rc_dfl_resolve(context, id, name);
- free(name);
- if (retval)
- return retval;
- retval = krb5_rc_dfl_recover_locked(context, id);
- if (retval)
- return retval;
- t = (struct dfl_data *)id->data; /* point to recovered cache */
+ name = t->name;
+ t->name = 0; /* Clear name so it isn't freed */
+ (void) krb5_rc_dfl_close_no_free(context, id);
+ retval = krb5_rc_dfl_resolve(context, id, name);
+ free(name);
+ if (retval)
+ return retval;
+ retval = krb5_rc_dfl_recover_locked(context, id);
+ if (retval)
+ return retval;
+ t = (struct dfl_data *)id->data; /* point to recovered cache */
}
tmp = (krb5_rcache) malloc(sizeof(*tmp));
if (!tmp)
- return ENOMEM;
+ return ENOMEM;
retval = krb5_rc_resolve_type(context, &tmp, "dfl");
if (retval) {
free(tmp);
@@ -677,7 +677,7 @@
if (retval)
goto cleanup;
for (q = t->a; q; q = q->na) {
- if (krb5_rc_io_store(context, (struct dfl_data *)tmp->data, &q->rep)) {
+ if (krb5_rc_io_store(context, (struct dfl_data *)tmp->data, &q->rep)) {
retval = KRB5_RC_IO;
goto cleanup;
}
@@ -691,7 +691,7 @@
if (krb5_rc_io_move(context, &t->d, &((struct dfl_data *)tmp->data)->d))
goto cleanup;
retval = 0;
- cleanup:
+cleanup:
(void) krb5_rc_dfl_close(context, tmp);
return retval;
#endif
@@ -703,7 +703,7 @@
krb5_error_code ret;
ret = k5_mutex_lock(&id->lock);
if (ret)
- return ret;
+ return ret;
ret = krb5_rc_dfl_expunge_locked(context, id);
k5_mutex_unlock(&id->lock);
return ret;
Modified: branches/mskrb-integ/src/lib/krb5/rcache/rc_dfl.h
===================================================================
--- branches/mskrb-integ/src/lib/krb5/rcache/rc_dfl.h 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb5/rcache/rc_dfl.h 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
/*
* lib/krb5/rcache/rc_dfl.h
*
@@ -13,44 +14,43 @@
#ifndef KRB5_RC_DFL_H
#define KRB5_RC_DFL_H
-krb5_error_code KRB5_CALLCONV krb5_rc_dfl_init
- (krb5_context,
- krb5_rcache,
- krb5_deltat);
-krb5_error_code KRB5_CALLCONV krb5_rc_dfl_recover
- (krb5_context,
- krb5_rcache);
+krb5_error_code KRB5_CALLCONV krb5_rc_dfl_init
+ (krb5_context,
+ krb5_rcache,
+ krb5_deltat);
+krb5_error_code KRB5_CALLCONV krb5_rc_dfl_recover
+ (krb5_context,
+ krb5_rcache);
krb5_error_code KRB5_CALLCONV krb5_rc_dfl_recover_or_init
- (krb5_context, krb5_rcache, krb5_deltat);
-krb5_error_code KRB5_CALLCONV krb5_rc_dfl_destroy
- (krb5_context,
- krb5_rcache);
-krb5_error_code KRB5_CALLCONV krb5_rc_dfl_close
- (krb5_context,
- krb5_rcache);
-krb5_error_code KRB5_CALLCONV krb5_rc_dfl_store
- (krb5_context,
- krb5_rcache,
- krb5_donot_replay *);
-krb5_error_code KRB5_CALLCONV krb5_rc_dfl_expunge
- (krb5_context,
- krb5_rcache);
-krb5_error_code KRB5_CALLCONV krb5_rc_dfl_get_span
- (krb5_context,
- krb5_rcache,
- krb5_deltat *);
-char * KRB5_CALLCONV krb5_rc_dfl_get_name
- (krb5_context,
- krb5_rcache);
-krb5_error_code KRB5_CALLCONV krb5_rc_dfl_resolve
- (krb5_context,
- krb5_rcache,
- char *);
+ (krb5_context, krb5_rcache, krb5_deltat);
+krb5_error_code KRB5_CALLCONV krb5_rc_dfl_destroy
+ (krb5_context,
+ krb5_rcache);
+krb5_error_code KRB5_CALLCONV krb5_rc_dfl_close
+ (krb5_context,
+ krb5_rcache);
+krb5_error_code KRB5_CALLCONV krb5_rc_dfl_store
+ (krb5_context,
+ krb5_rcache,
+ krb5_donot_replay *);
+krb5_error_code KRB5_CALLCONV krb5_rc_dfl_expunge
+ (krb5_context,
+ krb5_rcache);
+krb5_error_code KRB5_CALLCONV krb5_rc_dfl_get_span
+ (krb5_context,
+ krb5_rcache,
+ krb5_deltat *);
+char * KRB5_CALLCONV krb5_rc_dfl_get_name
+ (krb5_context,
+ krb5_rcache);
+krb5_error_code KRB5_CALLCONV krb5_rc_dfl_resolve
+ (krb5_context,
+ krb5_rcache,
+ char *);
krb5_error_code krb5_rc_dfl_close_no_free
- (krb5_context,
- krb5_rcache);
-void krb5_rc_free_entry
- (krb5_context,
- krb5_donot_replay **);
+ (krb5_context,
+ krb5_rcache);
+void krb5_rc_free_entry
+ (krb5_context,
+ krb5_donot_replay **);
#endif
-
Modified: branches/mskrb-integ/src/lib/krb5/rcache/rc_io.c
===================================================================
--- branches/mskrb-integ/src/lib/krb5/rcache/rc_io.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb5/rcache/rc_io.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
/*
* lib/krb5/rcache/rc_io.c
*
@@ -6,7 +7,6 @@
*
*/
-
/*
* I/O functions for the replay cache default implementation.
*/
@@ -17,7 +17,7 @@
# define PATH_SEPARATOR "/"
#endif
-#define KRB5_RC_VNO 0x0501 /* krb5, rcache v 1 */
+#define KRB5_RC_VNO 0x0501 /* krb5, rcache v 1 */
#if HAVE_SYS_STAT_H
#include <sys/stat.h>
@@ -52,17 +52,17 @@
if (!(dir = getenv("KRB5RCACHEDIR"))) {
#if defined(_WIN32)
- if (!(dir = getenv("TEMP")))
- if (!(dir = getenv("TMP")))
- dir = "C:";
+ if (!(dir = getenv("TEMP")))
+ if (!(dir = getenv("TMP")))
+ dir = "C:";
#else
- if (!(dir = getenv("TMPDIR"))) {
+ if (!(dir = getenv("TMPDIR"))) {
#ifdef RCTMPDIR
- dir = RCTMPDIR;
+ dir = RCTMPDIR;
#else
- dir = "/tmp";
+ dir = "/tmp";
#endif
- }
+ }
#endif
}
return dir;
@@ -85,17 +85,17 @@
memset(&stbuf, 0, sizeof(stbuf));
if (asprintf(&d->fn, "%s%skrb5_RCXXXXXX",
- dir, PATH_SEPARATOR) < 0) {
- d->fn = NULL;
- return KRB5_RC_IO_MALLOC;
+ dir, PATH_SEPARATOR) < 0) {
+ d->fn = NULL;
+ return KRB5_RC_IO_MALLOC;
}
d->fd = mkstemp(d->fn);
if (d->fd == -1) {
- /*
- * This return value is deliberate because d->fd == -1 causes
- * caller to go into errno interpretation code.
- */
- return 0;
+ /*
+ * This return value is deliberate because d->fd == -1 causes
+ * caller to go into errno interpretation code.
+ */
+ return 0;
}
#if HAVE_SYS_STAT_H
/*
@@ -104,18 +104,18 @@
*/
retval = fstat(d->fd, &stbuf);
if (retval) {
- krb5_set_error_message(context, retval,
- "Cannot fstat replay cache file %s: %s",
- d->fn, strerror(errno));
- return KRB5_RC_IO_UNKNOWN;
+ krb5_set_error_message(context, retval,
+ "Cannot fstat replay cache file %s: %s",
+ d->fn, strerror(errno));
+ return KRB5_RC_IO_UNKNOWN;
}
if (stbuf.st_mode & 077) {
- krb5_set_error_message(context, retval,
- "Insecure mkstemp() file mode "
- "for replay cache file %s; "
- "try running this program "
- "with umask 077 ", d->fn);
- return KRB5_RC_IO_UNKNOWN;
+ krb5_set_error_message(context, retval,
+ "Insecure mkstemp() file mode "
+ "for replay cache file %s; "
+ "try running this program "
+ "with umask 077 ", d->fn);
+ return KRB5_RC_IO_UNKNOWN;
}
#endif
return 0;
@@ -127,7 +127,7 @@
static krb5_error_code
rc_map_errno (krb5_context context, int e, const char *fn,
- const char *operation)
+ const char *operation)
{
switch (e) {
case EFBIG:
@@ -135,25 +135,25 @@
case EDQUOT:
#endif
case ENOSPC:
- return KRB5_RC_IO_SPACE;
+ return KRB5_RC_IO_SPACE;
case EIO:
- return KRB5_RC_IO_IO;
+ return KRB5_RC_IO_IO;
case EPERM:
case EACCES:
case EROFS:
case EEXIST:
- krb5_set_error_message(context, KRB5_RC_IO_PERM,
- "Cannot %s replay cache file %s: %s",
- operation, fn, strerror(e));
- return KRB5_RC_IO_PERM;
+ krb5_set_error_message(context, KRB5_RC_IO_PERM,
+ "Cannot %s replay cache file %s: %s",
+ operation, fn, strerror(e));
+ return KRB5_RC_IO_PERM;
default:
- krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN,
- "Cannot %s replay cache: %s",
- operation, strerror(e));
- return KRB5_RC_IO_UNKNOWN;
+ krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN,
+ "Cannot %s replay cache: %s",
+ operation, strerror(e));
+ return KRB5_RC_IO_UNKNOWN;
}
}
@@ -169,55 +169,55 @@
GETDIR;
if (fn && *fn) {
- if (asprintf(&d->fn, "%s%s%s", dir, PATH_SEPARATOR, *fn) < 0)
- return KRB5_RC_IO_MALLOC;
- unlink(d->fn);
- d->fd = THREEPARAMOPEN(d->fn, O_WRONLY | O_CREAT | O_TRUNC | O_EXCL |
- O_BINARY, 0600);
+ if (asprintf(&d->fn, "%s%s%s", dir, PATH_SEPARATOR, *fn) < 0)
+ return KRB5_RC_IO_MALLOC;
+ unlink(d->fn);
+ d->fd = THREEPARAMOPEN(d->fn, O_WRONLY | O_CREAT | O_TRUNC | O_EXCL |
+ O_BINARY, 0600);
} else {
- retval = krb5_rc_io_mkstemp(context, d, dir);
- if (retval)
- goto cleanup;
- if (d->fd != -1 && fn) {
- *fn = strdup(d->fn + dirlen);
- if (*fn == NULL) {
- free(d->fn);
- return KRB5_RC_IO_MALLOC;
- }
- }
+ retval = krb5_rc_io_mkstemp(context, d, dir);
+ if (retval)
+ goto cleanup;
+ if (d->fd != -1 && fn) {
+ *fn = strdup(d->fn + dirlen);
+ if (*fn == NULL) {
+ free(d->fn);
+ return KRB5_RC_IO_MALLOC;
+ }
+ }
}
if (d->fd == -1) {
- retval = rc_map_errno(context, errno, d->fn, "create");
- if (retval == KRB5_RC_IO_PERM)
- do_not_unlink = 1;
- goto cleanup;
+ retval = rc_map_errno(context, errno, d->fn, "create");
+ if (retval == KRB5_RC_IO_PERM)
+ do_not_unlink = 1;
+ goto cleanup;
}
set_cloexec_fd(d->fd);
retval = krb5_rc_io_write(context, d, (krb5_pointer)&rc_vno,
- sizeof(rc_vno));
+ sizeof(rc_vno));
if (retval)
- goto cleanup;
+ goto cleanup;
retval = krb5_rc_io_sync(context, d);
- cleanup:
+cleanup:
if (retval) {
- if (d->fn) {
- if (!do_not_unlink)
- (void) unlink(d->fn);
- FREE(d->fn);
- d->fn = NULL;
- }
- if (d->fd != -1) {
- (void) close(d->fd);
- }
+ if (d->fn) {
+ if (!do_not_unlink)
+ (void) unlink(d->fn);
+ FREE(d->fn);
+ d->fn = NULL;
+ }
+ if (d->fd != -1) {
+ (void) close(d->fd);
+ }
}
return retval;
}
static krb5_error_code
krb5_rc_io_open_internal(krb5_context context, krb5_rc_iostuff *d, char *fn,
- char* full_pathname)
+ char* full_pathname)
{
krb5_int16 rc_vno;
krb5_error_code retval = 0;
@@ -230,54 +230,54 @@
GETDIR;
if (full_pathname) {
- if (!(d->fn = strdup(full_pathname)))
- return KRB5_RC_IO_MALLOC;
+ if (!(d->fn = strdup(full_pathname)))
+ return KRB5_RC_IO_MALLOC;
} else {
- if (asprintf(&d->fn, "%s%s%s", dir, PATH_SEPARATOR, fn) < 0)
- return KRB5_RC_IO_MALLOC;
+ if (asprintf(&d->fn, "%s%s%s", dir, PATH_SEPARATOR, fn) < 0)
+ return KRB5_RC_IO_MALLOC;
}
#ifdef NO_USERID
d->fd = THREEPARAMOPEN(d->fn, O_RDWR | O_BINARY, 0600);
#else
if ((d->fd = stat(d->fn, &statb)) != -1) {
- uid_t me;
+ uid_t me;
- me = geteuid();
- /* must be owned by this user, to prevent some security problems with
- * other users modifying replay cache stufff */
- if ((statb.st_uid != me) || ((statb.st_mode & S_IFMT) != S_IFREG)) {
- FREE(d->fn);
- return KRB5_RC_IO_PERM;
- }
- d->fd = THREEPARAMOPEN(d->fn, O_RDWR | O_BINARY, 0600);
+ me = geteuid();
+ /* must be owned by this user, to prevent some security problems with
+ * other users modifying replay cache stufff */
+ if ((statb.st_uid != me) || ((statb.st_mode & S_IFMT) != S_IFREG)) {
+ FREE(d->fn);
+ return KRB5_RC_IO_PERM;
+ }
+ d->fd = THREEPARAMOPEN(d->fn, O_RDWR | O_BINARY, 0600);
}
#endif
if (d->fd == -1) {
- retval = rc_map_errno(context, errno, d->fn, "open");
- goto cleanup;
+ retval = rc_map_errno(context, errno, d->fn, "open");
+ goto cleanup;
}
set_cloexec_fd(d->fd);
do_not_unlink = 0;
retval = krb5_rc_io_read(context, d, (krb5_pointer) &rc_vno,
- sizeof(rc_vno));
+ sizeof(rc_vno));
if (retval)
- goto cleanup;
+ goto cleanup;
if (ntohs(rc_vno) != KRB5_RC_VNO)
- retval = KRB5_RCACHE_BADVNO;
+ retval = KRB5_RCACHE_BADVNO;
- cleanup:
+cleanup:
if (retval) {
- if (d->fn) {
- if (!do_not_unlink)
- (void) unlink(d->fn);
- FREE(d->fn);
- d->fn = NULL;
- }
- if (d->fd >= 0)
- (void) close(d->fd);
+ if (d->fn) {
+ if (!do_not_unlink)
+ (void) unlink(d->fn);
+ FREE(d->fn);
+ d->fn = NULL;
+ }
+ if (d->fd >= 0)
+ (void) close(d->fd);
}
return retval;
}
@@ -290,7 +290,7 @@
krb5_error_code
krb5_rc_io_move(krb5_context context, krb5_rc_iostuff *new1,
- krb5_rc_iostuff *old)
+ krb5_rc_iostuff *old)
{
#if defined(_WIN32) || defined(__CYGWIN__)
char *new_fn = NULL;
@@ -334,29 +334,29 @@
old->fd = -1;
if (rename(old_fn, new_fn) == -1) { /* MUST be atomic! */
- retval = KRB5_RC_IO_UNKNOWN;
- goto cleanup;
+ retval = KRB5_RC_IO_UNKNOWN;
+ goto cleanup;
}
retval = krb5_rc_io_open_internal(context, new1, 0, new_fn);
if (retval)
- goto cleanup;
+ goto cleanup;
if (lseek(new1->fd, offset, SEEK_SET) == -1) {
- retval = KRB5_RC_IO_UNKNOWN;
- goto cleanup;
+ retval = KRB5_RC_IO_UNKNOWN;
+ goto cleanup;
}
- cleanup:
+cleanup:
free(new_fn);
free(old_fn);
return retval;
#else
char *fn = NULL;
if (rename(old->fn, new1->fn) == -1) /* MUST be atomic! */
- return KRB5_RC_IO_UNKNOWN;
+ return KRB5_RC_IO_UNKNOWN;
fn = new1->fn;
- new1->fn = NULL; /* avoid clobbering */
+ new1->fn = NULL; /* avoid clobbering */
(void) krb5_rc_io_close(context, new1);
new1->fn = fn;
new1->fd = dup(old->fd);
@@ -367,32 +367,32 @@
krb5_error_code
krb5_rc_io_write(krb5_context context, krb5_rc_iostuff *d, krb5_pointer buf,
- unsigned int num)
+ unsigned int num)
{
if (write(d->fd, (char *) buf, num) == -1)
- switch(errno)
- {
+ switch(errno)
+ {
#ifdef EDQUOT
- case EDQUOT:
+ case EDQUOT:
#endif
- case EFBIG:
- case ENOSPC:
- krb5_set_error_message (context, KRB5_RC_IO_SPACE,
- "Can't write to replay cache: %s",
- strerror(errno));
- return KRB5_RC_IO_SPACE;
- case EIO:
- krb5_set_error_message (context, KRB5_RC_IO_IO,
- "Can't write to replay cache: %s",
- strerror(errno));
- return KRB5_RC_IO_IO;
- case EBADF:
- default:
- krb5_set_error_message (context, KRB5_RC_IO_UNKNOWN,
- "Can't write to replay cache: %s",
- strerror(errno));
- return KRB5_RC_IO_UNKNOWN;
- }
+ case EFBIG:
+ case ENOSPC:
+ krb5_set_error_message (context, KRB5_RC_IO_SPACE,
+ "Can't write to replay cache: %s",
+ strerror(errno));
+ return KRB5_RC_IO_SPACE;
+ case EIO:
+ krb5_set_error_message (context, KRB5_RC_IO_IO,
+ "Can't write to replay cache: %s",
+ strerror(errno));
+ return KRB5_RC_IO_IO;
+ case EBADF:
+ default:
+ krb5_set_error_message (context, KRB5_RC_IO_UNKNOWN,
+ "Can't write to replay cache: %s",
+ strerror(errno));
+ return KRB5_RC_IO_UNKNOWN;
+ }
return 0;
}
@@ -405,38 +405,38 @@
#endif
#endif
if (fsync(d->fd) == -1) {
- switch(errno)
- {
- case EBADF: return KRB5_RC_IO_UNKNOWN;
- case EIO: return KRB5_RC_IO_IO;
- default:
- krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN,
- "Cannot sync replay cache file: %s",
- strerror(errno));
- return KRB5_RC_IO_UNKNOWN;
- }
+ switch(errno)
+ {
+ case EBADF: return KRB5_RC_IO_UNKNOWN;
+ case EIO: return KRB5_RC_IO_IO;
+ default:
+ krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN,
+ "Cannot sync replay cache file: %s",
+ strerror(errno));
+ return KRB5_RC_IO_UNKNOWN;
+ }
}
return 0;
}
krb5_error_code
krb5_rc_io_read(krb5_context context, krb5_rc_iostuff *d, krb5_pointer buf,
- unsigned int num)
+ unsigned int num)
{
int count;
if ((count = read(d->fd, (char *) buf, num)) == -1)
- switch(errno)
- {
- case EIO: return KRB5_RC_IO_IO;
- case EBADF:
- default:
- krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN,
- "Can't read from replay cache: %s",
- strerror(errno));
- return KRB5_RC_IO_UNKNOWN;
- }
+ switch(errno)
+ {
+ case EIO: return KRB5_RC_IO_IO;
+ case EBADF:
+ default:
+ krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN,
+ "Can't read from replay cache: %s",
+ strerror(errno));
+ return KRB5_RC_IO_UNKNOWN;
+ }
if (count < 0 || (unsigned int)count != num)
- return KRB5_RC_IO_EOF;
+ return KRB5_RC_IO_EOF;
return 0;
}
@@ -444,13 +444,13 @@
krb5_rc_io_close(krb5_context context, krb5_rc_iostuff *d)
{
if (d->fn != NULL) {
- FREE(d->fn);
- d->fn = NULL;
+ FREE(d->fn);
+ d->fn = NULL;
}
if (d->fd != -1) {
- if (close(d->fd) == -1) /* can't happen */
- return KRB5_RC_IO_UNKNOWN;
- d->fd = -1;
+ if (close(d->fd) == -1) /* can't happen */
+ return KRB5_RC_IO_UNKNOWN;
+ d->fd = -1;
}
return 0;
}
@@ -459,27 +459,27 @@
krb5_rc_io_destroy(krb5_context context, krb5_rc_iostuff *d)
{
if (unlink(d->fn) == -1)
- switch(errno)
- {
- case EIO:
- krb5_set_error_message(context, KRB5_RC_IO_IO,
- "Can't destroy replay cache: %s",
- strerror(errno));
- return KRB5_RC_IO_IO;
- case EPERM:
- case EBUSY:
- case EROFS:
- krb5_set_error_message(context, KRB5_RC_IO_PERM,
- "Can't destroy replay cache: %s",
- strerror(errno));
- return KRB5_RC_IO_PERM;
- case EBADF:
- default:
- krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN,
- "Can't destroy replay cache: %s",
- strerror(errno));
- return KRB5_RC_IO_UNKNOWN;
- }
+ switch(errno)
+ {
+ case EIO:
+ krb5_set_error_message(context, KRB5_RC_IO_IO,
+ "Can't destroy replay cache: %s",
+ strerror(errno));
+ return KRB5_RC_IO_IO;
+ case EPERM:
+ case EBUSY:
+ case EROFS:
+ krb5_set_error_message(context, KRB5_RC_IO_PERM,
+ "Can't destroy replay cache: %s",
+ strerror(errno));
+ return KRB5_RC_IO_PERM;
+ case EBADF:
+ default:
+ krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN,
+ "Can't destroy replay cache: %s",
+ strerror(errno));
+ return KRB5_RC_IO_UNKNOWN;
+ }
return 0;
}
@@ -503,7 +503,7 @@
struct stat statb;
if (fstat(d->fd, &statb) == 0)
- return statb.st_size;
+ return statb.st_size;
else
- return 0;
+ return 0;
}
Modified: branches/mskrb-integ/src/lib/krb5/rcache/rc_io.h
===================================================================
--- branches/mskrb-integ/src/lib/krb5/rcache/rc_io.h 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb5/rcache/rc_io.h 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
/*
* lib/krb5/rcache/rc_io.h
*
@@ -27,44 +28,44 @@
/* first argument is always iostuff for result file */
-krb5_error_code krb5_rc_io_creat
- (krb5_context,
- krb5_rc_iostuff *,
- char **);
-krb5_error_code krb5_rc_io_open
- (krb5_context,
- krb5_rc_iostuff *,
- char *);
-krb5_error_code krb5_rc_io_move
- (krb5_context,
- krb5_rc_iostuff *,
- krb5_rc_iostuff *);
-krb5_error_code krb5_rc_io_write
- (krb5_context,
- krb5_rc_iostuff *,
- krb5_pointer,
- unsigned int);
-krb5_error_code krb5_rc_io_read
- (krb5_context,
- krb5_rc_iostuff *,
- krb5_pointer,
- unsigned int);
-krb5_error_code krb5_rc_io_close
- (krb5_context,
- krb5_rc_iostuff *);
-krb5_error_code krb5_rc_io_destroy
- (krb5_context,
- krb5_rc_iostuff *);
-krb5_error_code krb5_rc_io_mark
- (krb5_context,
- krb5_rc_iostuff *);
-krb5_error_code krb5_rc_io_unmark
- (krb5_context,
- krb5_rc_iostuff *);
+krb5_error_code krb5_rc_io_creat
+ (krb5_context,
+ krb5_rc_iostuff *,
+ char **);
+krb5_error_code krb5_rc_io_open
+ (krb5_context,
+ krb5_rc_iostuff *,
+ char *);
+krb5_error_code krb5_rc_io_move
+ (krb5_context,
+ krb5_rc_iostuff *,
+ krb5_rc_iostuff *);
+krb5_error_code krb5_rc_io_write
+ (krb5_context,
+ krb5_rc_iostuff *,
+ krb5_pointer,
+ unsigned int);
+krb5_error_code krb5_rc_io_read
+ (krb5_context,
+ krb5_rc_iostuff *,
+ krb5_pointer,
+ unsigned int);
+krb5_error_code krb5_rc_io_close
+ (krb5_context,
+ krb5_rc_iostuff *);
+krb5_error_code krb5_rc_io_destroy
+ (krb5_context,
+ krb5_rc_iostuff *);
+krb5_error_code krb5_rc_io_mark
+ (krb5_context,
+ krb5_rc_iostuff *);
+krb5_error_code krb5_rc_io_unmark
+ (krb5_context,
+ krb5_rc_iostuff *);
krb5_error_code krb5_rc_io_sync
- (krb5_context,
- krb5_rc_iostuff *);
+ (krb5_context,
+ krb5_rc_iostuff *);
long krb5_rc_io_size
- (krb5_context,
- krb5_rc_iostuff *);
+ (krb5_context,
+ krb5_rc_iostuff *);
#endif
Modified: branches/mskrb-integ/src/lib/krb5/rcache/rc_none.c
===================================================================
--- branches/mskrb-integ/src/lib/krb5/rcache/rc_none.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb5/rcache/rc_none.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
/*
* lib/krb5/rcache/rc_none.c
*
@@ -8,7 +9,7 @@
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
- *
+ *
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
@@ -22,8 +23,8 @@
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
- *
*
+ *
* replay cache no-op implementation
*/
@@ -42,10 +43,10 @@
{
return 0;
}
-#define krb5_rc_none_recover krb5_rc_none_noargs
-#define krb5_rc_none_destroy krb5_rc_none_noargs
-#define krb5_rc_none_close krb5_rc_none_noargs
-#define krb5_rc_none_expunge krb5_rc_none_noargs
+#define krb5_rc_none_recover krb5_rc_none_noargs
+#define krb5_rc_none_destroy krb5_rc_none_noargs
+#define krb5_rc_none_close krb5_rc_none_noargs
+#define krb5_rc_none_expunge krb5_rc_none_noargs
static krb5_error_code KRB5_CALLCONV
krb5_rc_none_store(krb5_context ctx, krb5_rcache rc, krb5_donot_replay *r)
Modified: branches/mskrb-integ/src/lib/krb5/rcache/rcdef.c
===================================================================
--- branches/mskrb-integ/src/lib/krb5/rcache/rcdef.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb5/rcache/rcdef.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
/*
* lib/krb5/rcache/rcdef.c
*
@@ -32,18 +33,17 @@
#include "rc_dfl.h"
const krb5_rc_ops krb5_rc_dfl_ops =
- {
- 0,
- "dfl",
- krb5_rc_dfl_init,
- krb5_rc_dfl_recover,
- krb5_rc_dfl_recover_or_init,
- krb5_rc_dfl_destroy,
- krb5_rc_dfl_close,
- krb5_rc_dfl_store,
- krb5_rc_dfl_expunge,
- krb5_rc_dfl_get_span,
- krb5_rc_dfl_get_name,
- krb5_rc_dfl_resolve
- }
-;
+{
+ 0,
+ "dfl",
+ krb5_rc_dfl_init,
+ krb5_rc_dfl_recover,
+ krb5_rc_dfl_recover_or_init,
+ krb5_rc_dfl_destroy,
+ krb5_rc_dfl_close,
+ krb5_rc_dfl_store,
+ krb5_rc_dfl_expunge,
+ krb5_rc_dfl_get_span,
+ krb5_rc_dfl_get_name,
+ krb5_rc_dfl_resolve
+};
Modified: branches/mskrb-integ/src/lib/krb5/rcache/rcfns.c
===================================================================
--- branches/mskrb-integ/src/lib/krb5/rcache/rcfns.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb5/rcache/rcfns.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
/*
* lib/krb5/rcache/rcfns.c
*
@@ -8,7 +9,7 @@
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
- *
+ *
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
@@ -39,7 +40,7 @@
krb5_error_code KRB5_CALLCONV
krb5_rc_recover_or_initialize (krb5_context context, krb5_rcache id,
- krb5_deltat span)
+ krb5_deltat span)
{
return krb5_x(id->ops->recover_or_init,(context, id, span));
}
@@ -64,7 +65,7 @@
krb5_error_code KRB5_CALLCONV
krb5_rc_store (krb5_context context, krb5_rcache id,
- krb5_donot_replay *dontreplay)
+ krb5_donot_replay *dontreplay)
{
return krb5_x((id)->ops->store,(context, id, dontreplay));
}
@@ -77,7 +78,7 @@
krb5_error_code KRB5_CALLCONV
krb5_rc_get_lifespan (krb5_context context, krb5_rcache id,
- krb5_deltat *spanp)
+ krb5_deltat *spanp)
{
return krb5_x((id)->ops->get_span,(context, id, spanp));
}
Modified: branches/mskrb-integ/src/lib/krb5/rcache/ser_rc.c
===================================================================
--- branches/mskrb-integ/src/lib/krb5/rcache/ser_rc.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/krb5/rcache/ser_rc.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
/*
* lib/krb5/rcache/ser_rc.c
*
@@ -33,167 +34,167 @@
/*
* Routines to deal with externalizing krb5_rcache.
- * krb5_rcache_size();
- * krb5_rcache_externalize();
- * krb5_rcache_internalize();
+ * krb5_rcache_size();
+ * krb5_rcache_externalize();
+ * krb5_rcache_internalize();
*/
static krb5_error_code krb5_rcache_size
- (krb5_context, krb5_pointer, size_t *);
+ (krb5_context, krb5_pointer, size_t *);
static krb5_error_code krb5_rcache_externalize
- (krb5_context, krb5_pointer, krb5_octet **, size_t *);
+ (krb5_context, krb5_pointer, krb5_octet **, size_t *);
static krb5_error_code krb5_rcache_internalize
- (krb5_context,krb5_pointer *, krb5_octet **, size_t *);
+ (krb5_context,krb5_pointer *, krb5_octet **, size_t *);
/*
* Serialization entry for this type.
*/
static const krb5_ser_entry krb5_rcache_ser_entry = {
- KV5M_RCACHE, /* Type */
- krb5_rcache_size, /* Sizer routine */
- krb5_rcache_externalize, /* Externalize routine */
- krb5_rcache_internalize /* Internalize routine */
+ KV5M_RCACHE, /* Type */
+ krb5_rcache_size, /* Sizer routine */
+ krb5_rcache_externalize, /* Externalize routine */
+ krb5_rcache_internalize /* Internalize routine */
};
�
/*
- * krb5_rcache_size() - Determine the size required to externalize
- * this krb5_rcache variant.
+ * krb5_rcache_size() - Determine the size required to externalize
+ * this krb5_rcache variant.
*/
static krb5_error_code
krb5_rcache_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep)
{
- krb5_error_code kret;
- krb5_rcache rcache;
- size_t required;
+ krb5_error_code kret;
+ krb5_rcache rcache;
+ size_t required;
kret = EINVAL;
if ((rcache = (krb5_rcache) arg)) {
- /*
- * Saving FILE: variants of krb5_rcache requires at minimum:
- * krb5_int32 for KV5M_RCACHE
- * krb5_int32 for length of rcache name.
- * krb5_int32 for KV5M_RCACHE
- */
- required = sizeof(krb5_int32) * 3;
- if (rcache->ops && rcache->ops->type)
- required += (strlen(rcache->ops->type)+1);
+ /*
+ * Saving FILE: variants of krb5_rcache requires at minimum:
+ * krb5_int32 for KV5M_RCACHE
+ * krb5_int32 for length of rcache name.
+ * krb5_int32 for KV5M_RCACHE
+ */
+ required = sizeof(krb5_int32) * 3;
+ if (rcache->ops && rcache->ops->type)
+ required += (strlen(rcache->ops->type)+1);
- /*
- * The rcache name is formed as follows:
- * <type>:<name>
- */
- required += strlen(krb5_rc_get_name(kcontext, rcache));
+ /*
+ * The rcache name is formed as follows:
+ * <type>:<name>
+ */
+ required += strlen(krb5_rc_get_name(kcontext, rcache));
- kret = 0;
- *sizep += required;
+ kret = 0;
+ *sizep += required;
}
return(kret);
}
�
/*
- * krb5_rcache_externalize() - Externalize the krb5_rcache.
+ * krb5_rcache_externalize() - Externalize the krb5_rcache.
*/
static krb5_error_code
krb5_rcache_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain)
{
- krb5_error_code kret;
- krb5_rcache rcache;
- size_t required;
- krb5_octet *bp;
- size_t remain;
- char *rcname;
- size_t namelen;
- char *fnamep;
+ krb5_error_code kret;
+ krb5_rcache rcache;
+ size_t required;
+ krb5_octet *bp;
+ size_t remain;
+ char *rcname;
+ size_t namelen;
+ char *fnamep;
required = 0;
bp = *buffer;
remain = *lenremain;
kret = EINVAL;
if ((rcache = (krb5_rcache) arg)) {
- kret = ENOMEM;
- if (!krb5_rcache_size(kcontext, arg, &required) &&
- (required <= remain)) {
- /* Our identifier */
- (void) krb5_ser_pack_int32(KV5M_RCACHE, &bp, &remain);
+ kret = ENOMEM;
+ if (!krb5_rcache_size(kcontext, arg, &required) &&
+ (required <= remain)) {
+ /* Our identifier */
+ (void) krb5_ser_pack_int32(KV5M_RCACHE, &bp, &remain);
- /* Calculate the length of the name */
- namelen = (rcache->ops && rcache->ops->type) ?
- strlen(rcache->ops->type)+1 : 0;
- fnamep = krb5_rc_get_name(kcontext, rcache);
- namelen += (strlen(fnamep)+1);
+ /* Calculate the length of the name */
+ namelen = (rcache->ops && rcache->ops->type) ?
+ strlen(rcache->ops->type)+1 : 0;
+ fnamep = krb5_rc_get_name(kcontext, rcache);
+ namelen += (strlen(fnamep)+1);
- if (rcache->ops && rcache->ops->type) {
- if (asprintf(&rcname, "%s:%s", rcache->ops->type, fnamep) < 0)
- rcname = NULL;
- } else
- rcname = strdup(fnamep);
+ if (rcache->ops && rcache->ops->type) {
+ if (asprintf(&rcname, "%s:%s", rcache->ops->type, fnamep) < 0)
+ rcname = NULL;
+ } else
+ rcname = strdup(fnamep);
- if (rcname) {
- /* Put the length of the file name */
- (void) krb5_ser_pack_int32((krb5_int32) strlen(rcname),
- &bp, &remain);
-
- /* Put the name */
- (void) krb5_ser_pack_bytes((krb5_octet *) rcname,
- strlen(rcname),
- &bp, &remain);
+ if (rcname) {
+ /* Put the length of the file name */
+ (void) krb5_ser_pack_int32((krb5_int32) strlen(rcname),
+ &bp, &remain);
- /* Put the trailer */
- (void) krb5_ser_pack_int32(KV5M_RCACHE, &bp, &remain);
- kret = 0;
- *buffer = bp;
- *lenremain = remain;
- free(rcname);
- }
- }
+ /* Put the name */
+ (void) krb5_ser_pack_bytes((krb5_octet *) rcname,
+ strlen(rcname),
+ &bp, &remain);
+
+ /* Put the trailer */
+ (void) krb5_ser_pack_int32(KV5M_RCACHE, &bp, &remain);
+ kret = 0;
+ *buffer = bp;
+ *lenremain = remain;
+ free(rcname);
+ }
+ }
}
return(kret);
}
�
/*
- * krb5_rcache_internalize() - Internalize the krb5_rcache.
+ * krb5_rcache_internalize() - Internalize the krb5_rcache.
*/
static krb5_error_code
krb5_rcache_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet **buffer, size_t *lenremain)
{
- krb5_error_code kret;
- krb5_rcache rcache;
- krb5_int32 ibuf;
- krb5_octet *bp;
- size_t remain;
- char *rcname;
+ krb5_error_code kret;
+ krb5_rcache rcache;
+ krb5_int32 ibuf;
+ krb5_octet *bp;
+ size_t remain;
+ char *rcname;
bp = *buffer;
remain = *lenremain;
kret = EINVAL;
/* Read our magic number */
if (krb5_ser_unpack_int32(&ibuf, &bp, &remain))
- ibuf = 0;
+ ibuf = 0;
if (ibuf == KV5M_RCACHE) {
- kret = ENOMEM;
+ kret = ENOMEM;
- /* Get the length of the rcache name */
- kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+ /* Get the length of the rcache name */
+ kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
- if (!kret &&
- (rcname = (char *) malloc((size_t) (ibuf+1))) &&
- !(kret = krb5_ser_unpack_bytes((krb5_octet *) rcname,
- (size_t) ibuf,
- &bp, &remain))) {
- rcname[ibuf] = '\0';
- if (!(kret = krb5_rc_resolve_full(kcontext, &rcache, rcname))) {
- (void) krb5_rc_recover(kcontext, rcache);
- if (!kret &&
- !(kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)) &&
- (ibuf == KV5M_RCACHE)) {
- *buffer = bp;
- *lenremain = remain;
- *argp = (krb5_pointer) rcache;
- }
- else
- krb5_rc_close(kcontext, rcache);
- }
- free(rcname);
- }
+ if (!kret &&
+ (rcname = (char *) malloc((size_t) (ibuf+1))) &&
+ !(kret = krb5_ser_unpack_bytes((krb5_octet *) rcname,
+ (size_t) ibuf,
+ &bp, &remain))) {
+ rcname[ibuf] = '\0';
+ if (!(kret = krb5_rc_resolve_full(kcontext, &rcache, rcname))) {
+ (void) krb5_rc_recover(kcontext, rcache);
+ if (!kret &&
+ !(kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)) &&
+ (ibuf == KV5M_RCACHE)) {
+ *buffer = bp;
+ *lenremain = remain;
+ *argp = (krb5_pointer) rcache;
+ }
+ else
+ krb5_rc_close(kcontext, rcache);
+ }
+ free(rcname);
+ }
}
return(kret);
}
Modified: branches/mskrb-integ/src/lib/rpc/Makefile.in
===================================================================
--- branches/mskrb-integ/src/lib/rpc/Makefile.in 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/rpc/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678)
@@ -282,7 +282,7 @@
$(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
$(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
$(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
- $(SRCTOP)/include/krb5.h auth_gssapi.c
+ $(SRCTOP)/include/krb5.h auth_gssapi.c gssrpcint.h
auth_gssapi_misc.so auth_gssapi_misc.po $(OUTPRE)auth_gssapi_misc.$(OBJEXT): \
$(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
$(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
@@ -290,7 +290,7 @@
$(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
$(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
$(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
- $(SRCTOP)/include/gssrpc/xdr.h auth_gssapi_misc.c
+ $(SRCTOP)/include/gssrpc/xdr.h auth_gssapi_misc.c gssrpcint.h
bindresvport.so bindresvport.po $(OUTPRE)bindresvport.$(OBJEXT): \
$(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
$(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
@@ -495,7 +495,7 @@
$(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
$(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
$(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/krb5.h \
- svc_auth_gssapi.c
+ gssrpcint.h svc_auth_gssapi.c
svc_raw.so svc_raw.po $(OUTPRE)svc_raw.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
$(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \
$(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
Modified: branches/mskrb-integ/src/lib/rpc/auth_gssapi.c
===================================================================
--- branches/mskrb-integ/src/lib/rpc/auth_gssapi.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/rpc/auth_gssapi.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -16,6 +16,8 @@
#include <gssrpc/rpc.h>
#include <gssrpc/auth_gssapi.h>
+#include "gssrpcint.h"
+
#ifdef __CODECENTER__
#define DEBUG_GSSAPI 1
#endif
Modified: branches/mskrb-integ/src/lib/rpc/auth_gssapi_misc.c
===================================================================
--- branches/mskrb-integ/src/lib/rpc/auth_gssapi_misc.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/rpc/auth_gssapi_misc.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -9,6 +9,8 @@
#include <gssapi/gssapi.h>
#include <gssrpc/auth_gssapi.h>
+#include "gssrpcint.h"
+
#ifdef __CODECENTER__
#define DEBUG_GSSAPI 1
#endif
@@ -181,7 +183,7 @@
putc ('\n', stderr);
if (misc_debug_gssapi)
gssrpcint_printf("GSS-API authentication error %s: %*s\n",
- m, msg.length, msg.value);
+ m, msg.length, (char *) msg.value);
(void) gss_release_buffer(&minor_stat, &msg);
if (!msg_ctx)
Modified: branches/mskrb-integ/src/lib/rpc/clnt_perror.c
===================================================================
--- branches/mskrb-integ/src/lib/rpc/clnt_perror.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/rpc/clnt_perror.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -233,7 +233,7 @@
char *
clnt_sperrno(enum clnt_stat stat)
{
- int i;
+ unsigned int i;
for (i = 0; i < sizeof(rpc_errlist)/sizeof(struct rpc_errtab); i++) {
if (rpc_errlist[i].status == stat) {
@@ -339,7 +339,7 @@
static char *
auth_errmsg(enum auth_stat stat)
{
- int i;
+ unsigned int i;
for (i = 0; i < sizeof(auth_errlist)/sizeof(struct auth_errtab); i++) {
if (auth_errlist[i].status == stat) {
Modified: branches/mskrb-integ/src/lib/rpc/clnt_simple.c
===================================================================
--- branches/mskrb-integ/src/lib/rpc/clnt_simple.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/rpc/clnt_simple.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -51,7 +51,9 @@
static struct callrpc_private {
CLIENT *client;
SOCKET socket;
- int oldprognum, oldversnum, valid;
+ rpcprog_t oldprognum;
+ rpcvers_t oldversnum;
+ int valid;
char *oldhost;
} *callrpc_private;
Copied: branches/mskrb-integ/src/lib/rpc/gssrpcint.h (from rev 21677, branches/mskrb-integ/src/prototype/prototype.h)
===================================================================
--- branches/mskrb-integ/src/prototype/prototype.h 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/rpc/gssrpcint.h 2009-01-03 03:00:25 UTC (rev 21678)
@@ -0,0 +1,39 @@
+/*
+ * lib/rpc/gssrpcint.h
+ *
+ * Copyright (C) 2008 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ *
+ * <<< Description >>>
+ */
+
+#ifndef __GSSRPCINT_H__
+#define __GSSRPCINT_H__
+
+extern void gssrpcint_printf(const char *format, ...)
+#if !defined(__cplusplus) && (__GNUC__ > 2)
+ __attribute__((__format__(__printf__, 1, 2)))
+#endif
+ ;
+
+#endif /* __GSSRPCINT_H__ */
Modified: branches/mskrb-integ/src/lib/rpc/svc_auth_gssapi.c
===================================================================
--- branches/mskrb-integ/src/lib/rpc/svc_auth_gssapi.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/lib/rpc/svc_auth_gssapi.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -24,6 +24,8 @@
#include <gssapi/gssapi_krb5.h>
#endif
+#include "gssrpcint.h"
+
#ifdef GSSAPI_KRB5
/* This is here for the krb5_error_code typedef and the
KRB5KRB_AP_WRONG_PRINC #define.*/
@@ -403,7 +405,7 @@
break;
PRINTF(("accept_sec_context returned 0x%x 0x%x wrong-princ=%#x\n",
- call_res.gss_major, call_res.gss_minor, KRB5KRB_AP_WRONG_PRINC));
+ call_res.gss_major, call_res.gss_minor, (int) KRB5KRB_AP_WRONG_PRINC));
if (call_res.gss_major == GSS_S_COMPLETE ||
call_res.gss_major == GSS_S_CONTINUE_NEEDED) {
/* server_creds was right, set it! */
@@ -950,7 +952,7 @@
in_buf.value = names[i].name;
in_buf.length = strlen(in_buf.value) + 1;
- PRINTF(("svcauth_gssapi_set_names: importing %s\n", in_buf.value));
+ PRINTF(("svcauth_gssapi_set_names: importing %s\n", names[i].name));
gssstat = gss_import_name(&minor_stat, &in_buf, names[i].type,
&server_name_list[i]);
Modified: branches/mskrb-integ/src/plugins/kdb/ldap/ldap_util/Makefile.in
===================================================================
--- branches/mskrb-integ/src/plugins/kdb/ldap/ldap_util/Makefile.in 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/plugins/kdb/ldap/ldap_util/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678)
@@ -4,7 +4,7 @@
BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
DEFINES = -DKDB4_DISABLE
DEFS=
-LOCALINCLUDES = -I. @KRB4_INCLUDES@ -I$(srcdir)/../libkdb_ldap -I$(SRCTOP)/lib/kdb
+LOCALINCLUDES = -I. -I$(srcdir)/../libkdb_ldap -I$(SRCTOP)/lib/kdb
PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH)
PROG_RPATH=$(KRB5_LIBDIR)
#KDB_DEP_LIB=$(DL_LIB) $(THREAD_LINKOPTS)
@@ -17,9 +17,9 @@
all:: $(PROG)
-$(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB4COMPAT_DEPLIBS) $(GETDATE)
+$(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIB) $(GETDATE)
$(CC_LINK) -o $(PROG) $(OBJS) $(GETDATE) \
- $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB4COMPAT_LIBS)
+ $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS)
install::
$(INSTALL_PROGRAM) $(PROG) ${DESTDIR}$(ADMIN_BINDIR)/$(PROG)
Modified: branches/mskrb-integ/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
===================================================================
--- branches/mskrb-integ/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -87,6 +87,7 @@
#include <stdio.h>
#include <k5-int.h>
#include <kadm5/admin.h>
+#include <adm_proto.h>
#include "kdb5_ldap_util.h"
#include "kdb5_ldap_list.h"
#include <ldap_principal.h>
@@ -2004,7 +2005,7 @@
static void print_realm_params(krb5_ldap_realm_params *rparams, int mask)
{
char **slist = NULL;
- int num_entry_printed = 0, i = 0;
+ unsigned int num_entry_printed = 0, i = 0;
/* Print the Realm Attributes on the standard output */
printf("%25s: %-50s\n", "Realm Name", global_params.realm);
Modified: branches/mskrb-integ/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c
===================================================================
--- branches/mskrb-integ/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -104,7 +104,7 @@
* This function prints the usage of kdb5_ldap_util, which is
* the LDAP configuration utility.
*/
-void usage()
+void usage(void)
{
fprintf(stderr, "Usage: "
"kdb5_ldap_util [-D user_dn [-w passwd]] [-H ldapuri]\n"
@@ -420,7 +420,6 @@
* we will print the help corresponding to the sub-command.
*/
if (print_help_message) {
- char *cmd_name = cmd_argv[0];
free(cmd_argv);
cmd_argv = NULL;
usage();
Modified: branches/mskrb-integ/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.h
===================================================================
--- branches/mskrb-integ/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.h 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.h 2009-01-03 03:00:25 UTC (rev 21678)
@@ -63,10 +63,10 @@
extern int exit_status;
extern krb5_context util_context;
-extern void usage();
+extern void usage(void);
extern void db_usage(int);
-#define ARG_VAL (--argc > 0 ? (koptarg = *(++argv)) : (char *)(usage(MAIN_HELP), NULL))
+#define ARG_VAL (--argc > 0 ? (koptarg = *(++argv)) : (char *)(db_usage(MAIN_HELP), NULL))
/* Following are the bitmaps that indicate which of the options among -D, -w, -h, -p & -t
* were specified on the command line.
Modified: branches/mskrb-integ/src/slave/kpropd.c
===================================================================
--- branches/mskrb-integ/src/slave/kpropd.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/slave/kpropd.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -249,7 +249,7 @@
exit(ret);
}
-void resync_alarm(int sn)
+static void resync_alarm(int sn)
{
close (gfd);
if (debug)
@@ -458,7 +458,7 @@
fprintf(stderr, "doit: setting resync alarm to 5s\n");
signal(SIGALRM, resync_alarm);
gfd = fd;
- if (alarm(5) != 0) {
+ if (alarm(INITIAL_TIMER) != 0) {
if (debug) {
fprintf(stderr,
_("%s: alarm already set\n"), progname);
@@ -508,6 +508,7 @@
* Turn off alarm upon successful authentication from master.
*/
alarm(0);
+ gfd = -1;
if (!authorized_principal(kpropd_context, client, etype)) {
char *name;
@@ -638,8 +639,9 @@
params.realm = def_realm;
if (master_svc_princstr == NULL) {
- if (retval = kadm5_get_kiprop_host_srv_name(kpropd_context,
- def_realm, &master_svc_princstr)) {
+ if ((retval = kadm5_get_kiprop_host_srv_name(kpropd_context,
+ def_realm,
+ &master_svc_princstr))) {
com_err(progname, retval,
_("%s: unable to get kiprop host based "
"service name for realm %s\n"),
@@ -651,7 +653,7 @@
/*
* Set cc to the default credentials cache
*/
- if (retval = krb5_cc_default(kpropd_context, &cc)) {
+ if ((retval = krb5_cc_default(kpropd_context, &cc))) {
com_err(progname, retval,
_("while opening default "
"credentials cache"));
@@ -681,8 +683,8 @@
}
/* XXX Memory leak: Old r->data value. */
}
- if (retval = krb5_unparse_name(kpropd_context, iprop_svc_principal,
- &iprop_svc_princstr)) {
+ if ((retval = krb5_unparse_name(kpropd_context, iprop_svc_principal,
+ &iprop_svc_princstr))) {
com_err(progname, retval,
_("while canonicalizing principal name"));
krb5_free_principal(kpropd_context, iprop_svc_principal);
@@ -824,6 +826,7 @@
syslog(LOG_WARNING,
_("kpropd: Full resync, invalid return."));
frdone = 0;
+ backoff_cnt++;
} else
frdone = 1;
break;
@@ -949,7 +952,7 @@
free(iprop_svc_princstr);
if (master_svc_princstr)
free(master_svc_princstr);
- if (retval = krb5_cc_close(kpropd_context, cc)) {
+ if ((retval = krb5_cc_close(kpropd_context, cc))) {
com_err(progname, retval,
_("while closing default ccache"));
exit(1);
@@ -983,23 +986,21 @@
return (btime);
}
+static void
+kpropd_com_err_proc(const char *whoami,
+ long code,
+ const char *fmt,
+ va_list args)
+#if !defined(__cplusplus) && (__GNUC__ > 2)
+ __attribute__((__format__(__printf__, 3, 0)))
+#endif
+ ;
-static char *
-copy_leading_substring(char *src, size_t len)
-{
- char *result;
- result = malloc((len + 1) * sizeof(char));
- (void) strncpy(result, src, len+1);
- result[len] = 0;
- return result;
-}
-
static void
-kpropd_com_err_proc(whoami, code, fmt, args)
- const char *whoami;
- long code;
- const char *fmt;
- va_list args;
+kpropd_com_err_proc(const char *whoami,
+ long code,
+ const char *fmt,
+ va_list args)
{
char error_buf[8096];
@@ -1668,7 +1669,6 @@
const char *realm,
char **host_service_name)
{
- kadm5_ret_t ret;
char *name;
char *host;
Modified: branches/mskrb-integ/src/slave/kproplog.c
===================================================================
--- branches/mskrb-integ/src/slave/kproplog.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/slave/kproplog.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,5 +1,5 @@
/*
- * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -28,77 +28,340 @@
static void
usage()
{
- (void) fprintf(stderr, _("\nUsage: %s [-h] [-v] [-e num]\n\n"),
+ (void) fprintf(stderr, _("\nUsage: %s [-h] [-v] [-v] [-e num]\n\n"),
progname);
exit(1);
}
/*
+ * Print the attribute flags of principal in human readable form.
+ */
+static void
+print_flags(unsigned int flags)
+{
+ unsigned int i;
+ static char *prflags[] = {
+ "DISALLOW_POSTDATED", /* 0x00000001 */
+ "DISALLOW_FORWARDABLE", /* 0x00000002 */
+ "DISALLOW_TGT_BASED", /* 0x00000004 */
+ "DISALLOW_RENEWABLE", /* 0x00000008 */
+ "DISALLOW_PROXIABLE", /* 0x00000010 */
+ "DISALLOW_DUP_SKEY", /* 0x00000020 */
+ "DISALLOW_ALL_TIX", /* 0x00000040 */
+ "REQUIRES_PRE_AUTH", /* 0x00000080 */
+ "REQUIRES_HW_AUTH", /* 0x00000100 */
+ "REQUIRES_PWCHANGE", /* 0x00000200 */
+ "UNKNOWN_0x00000400", /* 0x00000400 */
+ "UNKNOWN_0x00000800", /* 0x00000800 */
+ "DISALLOW_SVR", /* 0x00001000 */
+ "PWCHANGE_SERVICE", /* 0x00002000 */
+ "SUPPORT_DESMD5", /* 0x00004000 */
+ "NEW_PRINC", /* 0x00008000 */
+ };
+
+ for (i = 0; i < sizeof (prflags) / sizeof (char *); i++) {
+ if (flags & (krb5_flags) 1 << i)
+ printf("\t\t\t%s\n", prflags[i]);
+ }
+}
+
+/*
+ * Display time information.
+ */
+static void
+print_time(unsigned int *timep)
+{
+ if (*timep == 0L)
+ printf("\t\t\tNone\n");
+ else {
+ time_t ltime = *timep;
+ printf("\t\t\t%s", ctime(<ime));
+ }
+}
+
+/*
+ * Display string in hex primitive.
+ */
+static void
+print_hex(const char *tag, utf8str_t *str)
+{
+ unsigned int i;
+ unsigned int len;
+
+ len = str->utf8str_t_len;
+
+ (void) printf("\t\t\t%s(%d): 0x", tag, len);
+ for (i = 0; i < len; i++) {
+ printf("%02x", (krb5_octet) str->utf8str_t_val[i]);
+ }
+ (void) printf("\n");
+}
+
+/*
+ * Display string primitive.
+ */
+static void
+print_str(const char *tag, utf8str_t *str)
+{
+ char *dis;
+ unsigned int len;
+
+ /* + 1 for null byte */
+ len = str->utf8str_t_len + 1;
+ dis = (char *) malloc(len);
+
+ if (!dis) {
+ (void) fprintf(stderr, _("\nCouldn't allocate memory"));
+ exit(1);
+ }
+
+ (void) snprintf(dis, len, "%s", str->utf8str_t_val);
+
+ (void) printf("\t\t\t%s(%d): %s\n", tag, len - 1, dis);
+
+ free(dis);
+}
+
+/*
+ * Display data components.
+ */
+static void
+print_data(const char *tag, kdbe_data_t *data)
+{
+
+ (void) printf("\t\t\tmagic: 0x%x\n", data->k_magic);
+
+ (void) print_str(tag, &data->k_data);
+}
+
+/*
+ * Display the principal components.
+ */
+static void
+print_princ(kdbe_princ_t *princ)
+{
+ int i, len;
+ kdbe_data_t *data;
+
+ print_str("realm", &princ->k_realm);
+
+ len = princ->k_components.k_components_len;
+ data = princ->k_components.k_components_val;
+
+ for (i = 0; i < len; i++, data++) {
+
+ print_data("princ", data);
+ }
+}
+
+/*
+ * Display individual key.
+ */
+static void
+print_key(kdbe_key_t *k)
+{
+ unsigned int i;
+ utf8str_t *str;
+
+ printf("\t\t\tver: %d\n", k->k_ver);
+
+ printf("\t\t\tkvno: %d\n", k->k_kvno);
+
+ for (i = 0; i < k->k_enctype.k_enctype_len; i++) {
+ printf("\t\t\tenc type: 0x%x\n",
+ k->k_enctype.k_enctype_val[i]);
+ }
+
+ str = k->k_contents.k_contents_val;
+ for (i = 0; i < k->k_contents.k_contents_len; i++, str++) {
+ print_hex("key", str);
+ }
+}
+
+/*
+ * Display all key data.
+ */
+static void
+print_keydata(kdbe_key_t *keys, unsigned int len)
+{
+ unsigned int i;
+
+ for (i = 0; i < len; i++, keys++) {
+ print_key(keys);
+ }
+}
+
+/*
+ * Display TL item.
+ */
+static void
+print_tl(kdbe_tl_t *tl)
+{
+ int i, len;
+
+ printf("\t\t\ttype: 0x%x\n", tl->tl_type);
+
+ len = tl->tl_data.tl_data_len;
+
+ printf("\t\t\tvalue(%d): 0x", len);
+ for (i = 0; i < len; i++) {
+ printf("%02x", (krb5_octet) tl->tl_data.tl_data_val[i]);
+ }
+ printf("\n");
+}
+
+/*
+ * Display TL data items.
+ */
+static void
+print_tldata(kdbe_tl_t *tldata, int len)
+{
+ int i;
+
+ printf("\t\t\titems: %d\n", len);
+
+ for (i = 0; i < len; i++, tldata++) {
+ print_tl(tldata);
+ }
+}
+
+/*
* Print the individual types if verbose mode was specified.
+ * If verbose-verbose then print types along with respective values.
*/
static void
-print_attr(kdbe_attr_type_t type)
+print_attr(kdbe_val_t *val, int vverbose)
{
- switch (type) {
+ switch (val->av_type) {
case AT_ATTRFLAGS:
(void) printf(_("\t\tAttribute flags\n"));
+ if (vverbose) {
+ print_flags(val->kdbe_val_t_u.av_attrflags);
+ }
break;
case AT_MAX_LIFE:
(void) printf(_("\t\tMaximum ticket life\n"));
+ if (vverbose) {
+ print_time(&val->kdbe_val_t_u.av_max_life);
+ }
break;
case AT_MAX_RENEW_LIFE:
(void) printf(_("\t\tMaximum renewable life\n"));
+ if (vverbose) {
+ print_time(&val->kdbe_val_t_u.av_max_renew_life);
+ }
break;
case AT_EXP:
(void) printf(_("\t\tPrincipal expiration\n"));
+ if (vverbose) {
+ print_time(&val->kdbe_val_t_u.av_exp);
+ }
break;
case AT_PW_EXP:
(void) printf(_("\t\tPassword expiration\n"));
+ if (vverbose) {
+ print_time(&val->kdbe_val_t_u.av_pw_exp);
+ }
break;
case AT_LAST_SUCCESS:
(void) printf(_("\t\tLast successful auth\n"));
+ if (vverbose) {
+ print_time(&val->kdbe_val_t_u.av_last_success);
+ }
break;
case AT_LAST_FAILED:
(void) printf(_("\t\tLast failed auth\n"));
+ if (vverbose) {
+ print_time(&val->kdbe_val_t_u.av_last_failed);
+ }
break;
case AT_FAIL_AUTH_COUNT:
(void) printf(_("\t\tFailed passwd attempt\n"));
+ if (vverbose) {
+ (void) printf("\t\t\t%d\n",
+ val->kdbe_val_t_u.av_fail_auth_count);
+ }
break;
case AT_PRINC:
(void) printf(_("\t\tPrincipal\n"));
+ if (vverbose) {
+ print_princ(&val->kdbe_val_t_u.av_princ);
+ }
break;
case AT_KEYDATA:
(void) printf(_("\t\tKey data\n"));
+ if (vverbose) {
+ print_keydata(
+ val->kdbe_val_t_u.av_keydata.av_keydata_val,
+ val->kdbe_val_t_u.av_keydata.av_keydata_len);
+ }
break;
case AT_TL_DATA:
(void) printf(_("\t\tTL data\n"));
+ if (vverbose) {
+ print_tldata(
+ val->kdbe_val_t_u.av_tldata.av_tldata_val,
+ val->kdbe_val_t_u.av_tldata.av_tldata_len);
+ }
break;
case AT_LEN:
(void) printf(_("\t\tLength\n"));
+ if (vverbose) {
+ (void) printf("\t\t\t%d\n",
+ val->kdbe_val_t_u.av_len);
+ }
break;
+ case AT_PW_LAST_CHANGE:
+ (void) printf(_("\t\tPassword last changed\n"));
+ if (vverbose) {
+ print_time(&val->kdbe_val_t_u.av_pw_last_change);
+ }
+ break;
case AT_MOD_PRINC:
(void) printf(_("\t\tModifying principal\n"));
+ if (vverbose) {
+ print_princ(&val->kdbe_val_t_u.av_mod_princ);
+ }
break;
case AT_MOD_TIME:
(void) printf(_("\t\tModification time\n"));
+ if (vverbose) {
+ print_time(&val->kdbe_val_t_u.av_mod_time);
+ }
break;
case AT_MOD_WHERE:
(void) printf(_("\t\tModified where\n"));
+ if (vverbose) {
+ print_str("where",
+ &val->kdbe_val_t_u.av_mod_where);
+ }
break;
- case AT_PW_LAST_CHANGE:
- (void) printf(_("\t\tPassword last changed\n"));
- break;
case AT_PW_POLICY:
(void) printf(_("\t\tPassword policy\n"));
+ if (vverbose) {
+ print_str("policy",
+ &val->kdbe_val_t_u.av_pw_policy);
+ }
break;
case AT_PW_POLICY_SWITCH:
(void) printf(_("\t\tPassword policy switch\n"));
+ if (vverbose) {
+ (void) printf("\t\t\t%d\n",
+ val->kdbe_val_t_u.av_pw_policy_switch);
+ }
break;
case AT_PW_HIST_KVNO:
(void) printf(_("\t\tPassword history KVNO\n"));
+ if (vverbose) {
+ (void) printf("\t\t\t%d\n",
+ val->kdbe_val_t_u.av_pw_hist_kvno);
+ }
break;
case AT_PW_HIST:
(void) printf(_("\t\tPassword history\n"));
+ if (vverbose) {
+ (void) printf("\t\t\tPW history elided\n");
+ }
break;
} /* switch */
@@ -107,7 +370,7 @@
* Print the update entry information
*/
static void
-print_update(kdb_hlog_t *ulog, uint32_t entry, bool_t verbose)
+print_update(kdb_hlog_t *ulog, uint32_t entry, unsigned int verbose)
{
XDR xdrs;
uint32_t start_sno, i, j, indx;
@@ -182,8 +445,8 @@
if (verbose)
for (j = 0; j < upd.kdb_update.kdbe_t_len; j++)
- print_attr(
- upd.kdb_update.kdbe_t_val[j].av_type);
+ print_attr(&upd.kdb_update.kdbe_t_val[j],
+ verbose > 1 ? 1 : 0);
xdr_free(xdr_kdb_incr_update_t, (char *)&upd);
free(dbprinc);
@@ -194,7 +457,7 @@
main(int argc, char **argv)
{
int c;
- bool_t verbose = FALSE;
+ unsigned int verbose = 0;
bool_t headeronly = FALSE;
uint32_t entry = 0;
krb5_context context;
@@ -222,7 +485,7 @@
entry = atoi(optarg);
break;
case 'v':
- verbose = TRUE;
+ verbose++;
break;
default:
usage();
Modified: branches/mskrb-integ/src/tests/asn.1/krb5_decode_test.c
===================================================================
--- branches/mskrb-integ/src/tests/asn.1/krb5_decode_test.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/tests/asn.1/krb5_decode_test.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -881,7 +881,9 @@
setup(ldap_seqof_key_data,"ldap_seqof_key_data",
ktest_make_sample_ldap_seqof_key_data);
decode_run("ldap_seqof_key_data","","30 81 87 A0 03 02 01 01 A1 03 02 01 01 A2 03 02 01 2A A3 03 02 01 0E A4 71 30 6F 30 23 A0 10 30 0E A0 03 02 01 00 A1 07 04 05 73 61 6C 74 30 A1 0F 30 0D A0 03 02 01 02 A1 06 04 04 6B 65 79 30 30 23 A0 10 30 0E A0 03 02 01 01 A1 07 04 05 73 61 6C 74 31 A1 0F 30 0D A0 03 02 01 02 A1 06 04 04 6B 65 79 31 30 23 A0 10 30 0E A0 03 02 01 02 A1 07 04 05 73 61 6C 74 32 A1 0F 30 0D A0 03 02 01 02 A1 06 04 04 6B 65 79 32",acc.asn1_ldap_decode_sequence_of_keys,ktest_equal_ldap_sequence_of_keys,ktest_empty_ldap_seqof_key_data);
+ ktest_empty_ldap_seqof_key_data(test_context, &ref);
}
+
#endif
krb5_free_context(test_context);
Modified: branches/mskrb-integ/src/tests/asn.1/krb5_encode_test.c
===================================================================
--- branches/mskrb-integ/src/tests/asn.1/krb5_encode_test.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/tests/asn.1/krb5_encode_test.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -662,6 +662,7 @@
ktest_make_sample_enc_sam_response_enc);
encode_run(sam_ch,krb5_enc_sam_response_enc,"enc_sam_response_enc","",
encode_krb5_enc_sam_response_enc);
+ ktest_empty_enc_sam_response_enc(&sam_ch);
}
/****************************************************************/
/* encode_krb5_predicted_sam_response */
@@ -671,6 +672,7 @@
ktest_make_sample_predicted_sam_response);
encode_run(sam_ch,krb5_predicted_sam_response,"predicted_sam_response","",
encode_krb5_predicted_sam_response);
+ ktest_empty_predicted_sam_response(&sam_ch);
}
/****************************************************************/
/* encode_krb5_sam_response_2 */
Modified: branches/mskrb-integ/src/tests/asn.1/ktest.c
===================================================================
--- branches/mskrb-integ/src/tests/asn.1/ktest.c 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/tests/asn.1/ktest.c 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1394,13 +1394,30 @@
free(p->sam_key.contents);
}
+void ktest_empty_predicted_sam_response(p)
+ krb5_predicted_sam_response *p;
+{
+ ktest_empty_keyblock(&p->sam_key);
+ ktest_destroy_principal(&p->client);
+ ktest_empty_data(&p->msd);
+}
+
+void ktest_empty_enc_sam_response_enc(p)
+ krb5_enc_sam_response_enc *p;
+{
+ ktest_empty_data(&p->sam_sad);
+}
+
void ktest_empty_sam_response_2(p)
krb5_sam_response_2 *p;
{
+ ktest_empty_data(&p->sam_track_id);
+ ktest_empty_data(&p->sam_enc_nonce_or_sad.ciphertext);
}
void ktest_empty_enc_sam_response_enc_2(p)
krb5_enc_sam_response_enc_2 *p;
{
+ ktest_empty_data(&p->sam_sad);
}
#ifdef ENABLE_LDAP
@@ -1413,5 +1430,6 @@
free(p->key_data[i].key_data_contents[0]);
free(p->key_data[i].key_data_contents[1]);
}
+ free(p->key_data);
}
#endif
Modified: branches/mskrb-integ/src/tests/asn.1/ktest.h
===================================================================
--- branches/mskrb-integ/src/tests/asn.1/ktest.h 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/tests/asn.1/ktest.h 2009-01-03 03:00:25 UTC (rev 21678)
@@ -210,6 +210,8 @@
void ktest_empty_sam_response
(krb5_sam_response * p);
void ktest_empty_sam_key(krb5_sam_key *p);
+void ktest_empty_enc_sam_response_enc(krb5_enc_sam_response_enc *p);
+void ktest_empty_predicted_sam_response(krb5_predicted_sam_response *p);
void ktest_empty_sam_response_2(krb5_sam_response_2 *p);
void ktest_empty_enc_sam_response_enc_2(krb5_enc_sam_response_enc_2 *p);
Modified: branches/mskrb-integ/src/tests/dejagnu/Makefile.in
===================================================================
--- branches/mskrb-integ/src/tests/dejagnu/Makefile.in 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/tests/dejagnu/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678)
@@ -7,7 +7,6 @@
KRB5_RUN_ENV= @KRB5_RUN_ENV@
PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
-KRB4_RUNTESTFLAGS=@KRB4_DEJAGNU_TEST@
SRCS=$(srcdir)/t_inetd.c
@@ -47,7 +46,6 @@
sed -e 's%=\.%='`pwd`'/.%g' > site.exp
echo "set KRB5_DB_MODULE_DIR {$(KRB5_DB_MODULE_DIR)}" >> site.exp
echo "set PRIOCNTL_HACK @PRIOCNTL_HACK@" >> site.exp
- echo set $(KRB4_RUNTESTFLAGS) | sed -e 's/=/ /' >> site.exp
# +++ Dependency line eater +++
#
Modified: branches/mskrb-integ/src/tests/dejagnu/config/default.exp
===================================================================
--- branches/mskrb-integ/src/tests/dejagnu/config/default.exp 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/tests/dejagnu/config/default.exp 2009-01-03 03:00:25 UTC (rev 21678)
@@ -821,7 +821,6 @@
# kadmind +4
# kpasswd +5
# (nothing) +6
-# krb524 +7
# application servers (krlogind, telnetd, krshd, ftpd, etc) +8
# iprop +9 (if enabled)
# kpropd +10
@@ -1039,7 +1038,6 @@
}
puts $conffile " krb4_config = $tmppwd/krb.conf"
puts $conffile " krb4_realms = $tmppwd/krb.realms"
- puts $conffile " krb4_srvtab = $tmppwd/v4srvtab"
if { $mode == "tcp" } {
puts $conffile " udp_preference_limit = 1"
}
@@ -1058,7 +1056,6 @@
puts $conffile " admin_server = $hostname:[expr 4 + $portbase]"
puts $conffile " kpasswd_server = $hostname:[expr 5 + $portbase]"
puts $conffile " default_domain = $domain"
- puts $conffile " krb524_server = $hostname:[expr 7 + $portbase]"
puts $conffile " database_module = foo_db2"
puts $conffile " \}"
puts $conffile ""
@@ -1131,10 +1128,6 @@
set env(KRB5CCNAME) $tmppwd/tkt
verbose "KRB5CCNAME=$env(KRB5CCNAME)"
- # Direct the Kerberos programs at a local ticket file.
- set env(KRBTKFILE) $tmppwd/tktv4
- verbose "KRBTKFILE=$env(KRBTKFILE)"
-
# Direct the Kerberos server at a cache file stored in the
# temporary directory.
set env(KRB5RCACHEDIR) $tmppwd
@@ -1762,7 +1755,7 @@
envstack_push
setup_kerberos_env kdc
- spawn $KRB5KDC -r $REALMNAME -n -4 full
+ spawn $KRB5KDC -r $REALMNAME -n full
envstack_pop
set kdc_pid [exp_pid]
set kdc_spawn_id $spawn_id
@@ -2439,171 +2432,6 @@
}
}
-# kinit
-# Use kinit to get a ticket. If the argument is non-zero, call pass
-# at relevant points. Returns 1 on success, 0 on failure.
-
-proc v4kinit { name pass standalone } {
- global REALMNAME
- global KINIT
- global spawn_id
- global des3_krbtgt
-
- # Use kinit to get a ticket.
- #
- # For now always get forwardable tickets. Later when we need to make
- # tests that distiguish between forwardable tickets and otherwise
- # we should but another option to this proc. --proven
- #
- spawn $KINIT -4 $name@$REALMNAME
- expect {
- "Password for $name@$REALMNAME:" {
- verbose "v4kinit started"
- }
- timeout {
- fail "v4kinit"
- return 0
- }
- eof {
- fail "v4kinit"
- return 0
- }
- }
- send "$pass\r"
- expect eof
- if {$des3_krbtgt == 0} {
- if ![check_exit_status v4kinit] {
- return 0
- }
- } else {
- # Fail if kinit is successful with a des3 TGT.
- set status_list [wait -i $spawn_id]
- set testname v4kinit
- verbose "wait -i $spawn_id returned $status_list ($testname)"
- if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 1 } {
- verbose -log "exit status: $status_list"
- fail "$testname (exit status)"
- }
- }
- if {$standalone} {
- pass "v4kinit"
- }
-
- return 1
-}
-
-proc v4kinit_kt { name keytab standalone } {
- global REALMNAME
- global KINIT
- global spawn_id
-
- # Use kinit to get a ticket.
- #
- # For now always get forwardable tickets. Later when we need to make
- # tests that distiguish between forwardable tickets and otherwise
- # we should but another option to this proc. --proven
- #
- spawn $KINIT -4 -k -t $keytab $name@$REALMNAME
- expect {
- timeout {
- fail "v4kinit"
- return 0
- }
- eof { }
- }
- if ![check_exit_status kinit] {
- return 0
- }
-
- if {$standalone} {
- pass "v4kinit"
- }
-
- return 1
-}
-
-# List v4 tickets.
-# Client and server are regular expressions.
-proc v4klist { client server testname } {
- global KLIST
- global tmppwd
-
- spawn $KLIST -4
- expect {
- -re "Kerberos 4 ticket cache:\[ \]*(.+:)?$tmppwd/tkt.*Principal:\[ \]*$client.*$server\r\n" {
- verbose "klist started"
- }
- timeout {
- fail $testname
- return 0
- }
- eof {
- fail $testname
- return 0
- }
- }
-
- expect eof
-
- if ![check_exit_status $testname] {
- return 0
- }
- pass $testname
- return 1
-}
-
-# Destroy tickets.
-proc v4kdestroy { testname } {
- global KDESTROY
- spawn $KDESTROY -4
- if ![check_exit_status $testname] {
- return 0
- }
- pass $testname
- return 1
-}
-
-# Try to list the krb4 tickets -- there shouldn't be any ticket file.
-proc v4klist_none { testname } {
- global KLIST
- global tmppwd
-
- # Double check that the ticket was destroyed.
- spawn $KLIST -4
- expect {
- -re "Kerberos 4 ticket cache:\[ \]*(.+:)?$tmppwd/tkt.*klist: You have no tickets cached.*\r\n" {
- verbose "v4klist started"
- pass "$testname (output)"
- }
- timeout {
- fail "$testname (output)"
- # Skip the 'wait' below, if it's taking too long.
- untested "$testname (exit status)"
- return 0
- }
- eof {
- fail "$testname (output)"
- }
- }
- # We can't use check_exit_status, because we expect an exit status
- # of 1.
- expect eof
- set status_list [wait -i $spawn_id]
- verbose "wait -i $spawn_id returned $status_list (v4klist)"
- if { [lindex $status_list 2] != 0 } {
- fail "$testname (exit status)"
- return 0
- } else {
- if { [lindex $status_list 3] != 1 } {
- fail "$testname (exit status)"
- return 0
- } else {
- pass "$testname (exit status)"
- }
- }
- return 1
-}
-
# Set up a root shell using rlogin $hostname -l root. This is used
# when testing the daemons that must be run as root, such as telnetd
# or rlogind. This sets the global variables rlogin_spawn_id and
Modified: branches/mskrb-integ/src/tests/dejagnu/krb-root/telnet.exp
===================================================================
--- branches/mskrb-integ/src/tests/dejagnu/krb-root/telnet.exp 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/tests/dejagnu/krb-root/telnet.exp 2009-01-03 03:00:25 UTC (rev 21678)
@@ -47,7 +47,7 @@
# we don't need to use inetd. The portbase+8 is the port to listen at.
# Note that tmppwd here is a shell variable, which is set in
# setup_root_shell, not a TCL variable.
- send -i $rlogin_spawn_id "sh -c \"$TELNETD $args -debug -t \$tmppwd/srvtab -R $REALMNAME -L $tmppwd/login.wrap -X KERBEROS_V4 [expr 8 + $portbase]\" &\r"
+ send -i $rlogin_spawn_id "sh -c \"$TELNETD $args -debug -t \$tmppwd/srvtab -R $REALMNAME -L $tmppwd/login.wrap [expr 8 + $portbase]\" &\r"
expect {
-i $rlogin_spawn_id
-re "$ROOT_PROMPT" { }
Modified: branches/mskrb-integ/src/tests/dejagnu/krb-standalone/standalone.exp
===================================================================
--- branches/mskrb-integ/src/tests/dejagnu/krb-standalone/standalone.exp 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/tests/dejagnu/krb-standalone/standalone.exp 2009-01-03 03:00:25 UTC (rev 21678)
@@ -175,47 +175,6 @@
kinit_kt "foo/bar" $tmppwd/fookeytab 1 "kt kvno $vno"
do_klist "foo/bar" "krbtgt/$REALMNAME@$REALMNAME" "klist kt foo/bar vno $vno"
do_kdestroy "kdestroy foo/bar vno $vno"
-
- if {[info exists KRBIV] && $KRBIV &&
- [regexp {des-cbc-[a-z0-9-]*:v4} [lindex $supported_enctypes 0]]} {
- catch "exec rm -f $tmppwd/foosrvtab"
- spawn $KTUTIL
- expect_after {
- timeout { fail "ktutil converting keytab to srvtab" ; set ok 0 }
- eof { fail "ktutil converting keytab to srvtab" ; set ok 0 }
- }
- expect "ktutil: "
- send "rkt $tmppwd/fookeytab\r"
- expect -ex "rkt $tmppwd/fookeytab\r"
- expect "ktutil: "
-# for debugging, just log this
-# send "list\r"
-# expect "ktutil: "
- #
- send "wst $tmppwd/foosrvtab\r"
- expect -ex "wst $tmppwd/foosrvtab\r"
- expect "ktutil: "
-# for debugging, just log this
-# send "clear\r"
-# expect "ktutil: "
-# send "rst $tmppwd/foosrvtab\r"
-# expect "ktutil: "
-# send "list\r"
-# expect "ktutil: "
- # okay, now quit and finish testing
- send "quit\r"
- expect eof
- catch expect_after
- if [check_exit_status "ktutil converting keytab to srvtab (vno $vno)"] {
- pass "ktutil converting keytab to srvtab (vno $vno)"
- do_klist_kt $tmppwd/fookeytab "klist srvtab foo/bar vno $vno"
- kinit_kt "foo/bar" "SRVTAB:$tmppwd/foosrvtab" 1 "st kvno $vno"
- do_klist "foo/bar" "krbtgt/$REALMNAME@$REALMNAME" "klist st foo/bar vno $vno"
- do_kdestroy "kdestroy st foo/bar vno $vno"
- }
- } else {
- verbose "skipping v5kinit/srvtab tests because of non-v4 enctype"
- }
}
catch "exec rm -f $keytab"
# Check that kadmin.local can actually read the correct kvno, even
Deleted: branches/mskrb-integ/src/tests/dejagnu/krb-standalone/v4gssftp.exp
===================================================================
--- branches/mskrb-integ/src/tests/dejagnu/krb-standalone/v4gssftp.exp 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/tests/dejagnu/krb-standalone/v4gssftp.exp 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,508 +0,0 @@
-# Kerberos ftp test.
-# This is a DejaGnu test script.
-# This script tests Kerberos ftp.
-# Originally written by Ian Lance Taylor, Cygnus Support, <ian at cygnus.com>.
-# Modified bye Ezra Peisach for GSSAPI support.
-
-# Find the programs we need. We use the binaries from the build tree
-# if they exist. If they do not, then they must be in PATH. We
-# expect $objdir to be .../kerberos/build/tests/dejagnu
-
-if ![info exists FTP] {
- set FTP [findfile $objdir/../../appl/gssftp/ftp/ftp]
-}
-
-if ![info exists FTPD] {
- set FTPD [findfile $objdir/../../appl/gssftp/ftpd/ftpd]
-}
-
-# If we do not have what is for a V4 test - return
-if ![v4_compatible_enctype] {
- return
-}
-
-# A procedure to start up the ftp daemon.
-
-proc start_ftp_daemon { } {
- global FTPD
- global tmppwd
- global ftpd_spawn_id
- global ftpd_pid
- global portbase
-
- # The -p argument tells it to accept a single connection, so we
- # don't need to use inetd. Portbase+8 is the port to listen at.
- # We rely on KRB5_KTNAME being set to the proper keyfile as there is
- # no way to cleanly set it with the gssapi API.
- # The -U argument tells it to use an alternate ftpusers file (using
- # /dev/null will allow root to login regardless of /etc/ftpusers).
- # The -a argument requires authorization, to mitigate any
- # vulnerability introduced by circumventing ftpusers.
- spawn $FTPD -p [expr 8 + $portbase] -a -U /dev/null -r $tmppwd/krb.conf
- set ftpd_spawn_id $spawn_id
- set ftpd_pid [exp_pid]
-
- # Give the ftp daemon a few seconds to get set up.
- sleep 2
-}
-
-# A procedure to stop the ftp daemon.
-
-proc stop_ftp_daemon { } {
- global ftpd_spawn_id
- global ftpd_pid
-
- if [info exists ftpd_pid] {
- catch "close -i $ftpd_spawn_id"
- catch "exec kill $ftpd_pid"
- catch "wait -i $ftpd_spawn_id"
- unset ftpd_pid
- }
-}
-
-# Test that a file was copied correctly.
-proc check_file { filename {bigfile 0}} {
- if ![file exists $filename] {
- verbose "$filename does not exist"
- send_log "$filename does not exist\n"
- return 0
- }
-
- set file [open $filename r]
- if { [gets $file line] == -1 } {
- verbose "$filename is empty"
- send_log "$filename is empty\n"
- close $file
- return 0
- }
-
- if ![string match "This file is used for ftp testing." $line] {
- verbose "$filename contains $line"
- send_log "$filename contains $line\n"
- close $file
- return 0
- }
-
- if {$bigfile} {
- # + 1 for the newline
- seek $file 1048577 current
- if { [gets $file line] == -1 } {
- verbose "$filename is truncated"
- send_log "$filename is truncated\n"
- close $file
- return 0
- }
-
- if ![string match "This file is used for ftp testing." $line] {
- verbose "$filename contains $line"
- send_log "$filename contains $line\n"
- close $file
- return 0
- }
- }
-
- if { [gets $file line] != -1} {
- verbose "$filename is too long ($line)"
- send_log "$filename is too long ($line)\n"
- close $file
- return 0
- }
-
- close $file
-
- return 1
-}
-
-#
-# Restore environment variables possibly set.
-#
-proc ftp_restore_env { } {
- global env
- global ftp_save_ktname
- global ftp_save_ccname
-
- catch "unset env(KRB5_KTNAME)"
- if [info exists ftp_save_ktname] {
- set env(KRB5_KTNAME) $ftp_save_ktname
- unset ftp_save_ktname
- }
-
- catch "unset env(KRB5CCNAME)"
- if [info exists ftp_save_ccname] {
- set env(KRB5CCNAME) $ftp_save_ccname
- unset ftp_save_ccname
- }
-}
-
-# Wrap the tests in a procedure, so that we can kill the daemons if
-# we get some sort of error.
-
-proc v4ftp_test { } {
- global FTP
- global KEY
- global REALMNAME
- global hostname
- global localhostname
- global env
- global ftpd_spawn_id
- global ftpd_pid
- global spawn_id
- global tmppwd
- global ftp_save_ktname
- global ftp_save_ccname
- global des3_krbtgt
- global portbase
-
- if {$des3_krbtgt} {
- return
- }
- # Start up the kerberos and kadmind daemons and get a srvtab and a
- # ticket file.
- if {![start_kerberos_daemons 0] \
- || ![add_random_key ftp/$hostname 0] \
- || ![setup_srvtab 0 ftp] \
- || ![add_kerberos_key $env(USER) 0] \
- || ![v4kinit $env(USER) $env(USER)$KEY 0]} {
- return
- }
-
- #
- # Save settings of KRB5_KTNAME
- #
- if [info exists env(KRB5_KTNAME)] {
- set ftp_save_ktname $env(KRB5_KTNAME)
- }
-
- #
- # set KRB5_KTNAME
- #
- set env(KRB5_KTNAME) FILE:$tmppwd/srvtab
- verbose "KRB5_KTNAME=$env(KRB5_KTNAME)"
-
- #
- # Save settings of KRB5CCNAME
- # These tests fail if the krb5 cache happens to have a valid credential
- # which can result from running the gssftp.exp test immediately
- # preceeding these tests.
- #
- if [info exists env(KRB5CCNAME)] {
- set ftp_save_ccname $env(KRB5CCNAME)
- }
-
- #
- # set KRB5_KTNAME
- #
- set env(KRB5CCNAME) FILE:$tmppwd/non-existant-cache
- verbose "KRB5CCNAME=$env(KRB5CCNAME)"
-
- # Start the ftp daemon.
- start_ftp_daemon
-
- # Make an ftp client connection to it.
- spawn $FTP $hostname [expr 8 + $portbase]
-
- expect_after {
- timeout {
- fail "$testname (timeout)"
- catch "expect_after"
- return
- }
- eof {
- fail "$testname (eof)"
- catch "expect_after"
- return
- }
- }
-
- set testname "ftp connection(v4)"
- expect -nocase "connected to $hostname"
- expect -nocase -re "$localhostname.*ftp server .version \[0-9.\]*. ready."
- expect -re "Using authentication type GSSAPI; ADAT must follow"
- expect "GSSAPI accepted as authentication type"
- expect -re "GSSAPI error major: (Unspecified GSS|Miscellaneous) failure"
- expect {
- "GSSAPI error minor: Unsupported credentials cache format version number" {}
- "GSSAPI error minor: No credentials cache found" {}
- -re "GSSAPI error minor: Credentials cache file '.*' not found" {}
- "GSSAPI error minor: Decrypt integrity check failed" {}
- }
- expect "GSSAPI error: initializing context"
- expect "GSSAPI authentication failed"
- expect -re "Using authentication type KERBEROS_V4; ADAT must follow"
- expect {
- "Kerberos V4 authentication succeeded" { pass "ftp authentication" }
- eof { fail "ftp authentication" ; catch "expect_after" ; return }
- -re "Kerberos V4 .* failed.*\r" {
- fail "ftp authentication";
- send "quit\r"; catch "expect_after";
- return
- }
- }
- expect -nocase "name ($hostname:$env(USER)): "
- send "$env(USER)\r"
- expect "Kerberos user $env(USER)@$REALMNAME is authorized as $env(USER)"
- expect "Remote system type is UNIX."
- expect "Using binary mode to transfer files."
- expect "ftp> " {
- pass $testname
- }
-
- set testname "binary(v4)"
- send "binary\r"
- expect "ftp> " {
- pass $testname
- }
-
- set testname "status(v4)"
- send "status\r"
- expect -nocase "connected to $hostname."
- expect "Authentication type: KERBEROS_V4"
- expect "ftp> " {
- pass $testname
- }
-
- set testname "ls(v4)"
- send "ls $tmppwd/ftp-test\r"
- expect -re "Opening ASCII mode data connection for .*ls."
- expect -re ".* $tmppwd/ftp-test"
- expect "ftp> " {
- pass $testname
- }
-
- set testname "nlist(v4)"
- send "nlist $tmppwd/ftp-test\r"
- expect -re "Opening ASCII mode data connection for file list."
- expect -re "$tmppwd/ftp-test"
- expect -re ".* Transfer complete."
- expect "ftp> " {
- pass $testname
- }
-
- set testname "ls missing(v4)"
- send "ls $tmppwd/ftp-testmiss\r"
- expect -re "Opening ASCII mode data connection for .*ls."
- expect {
- -re "$tmppwd/ftp-testmiss not found" {}
- -re "$tmppwd/ftp-testmiss: No such file or directory"
- }
- expect "ftp> " {
- pass $testname
- }
-
-
- set testname "get(v4)"
- catch "exec rm -f $tmppwd/copy"
- send "get $tmppwd/ftp-test $tmppwd/copy\r"
- expect "Opening BINARY mode data connection for $tmppwd/ftp-test"
- expect "Transfer complete"
- expect -re "\[0-9\]+ bytes received in \[0-9.e-\]+ seconds"
- expect "ftp> "
- if [check_file $tmppwd/copy] {
- pass $testname
- } else {
- fail $testname
- }
-
- set testname "put(v4)"
- catch "exec rm -f $tmppwd/copy"
- send "put $tmppwd/ftp-test $tmppwd/copy\r"
- expect "Opening BINARY mode data connection for $tmppwd/copy"
- expect "Transfer complete"
- expect -re "\[0-9\]+ bytes sent in \[0-9.e-\]+ seconds"
- expect "ftp> "
- if [check_file $tmppwd/copy] {
- pass $testname
- } else {
- fail $testname
- }
-
- set testname "cd(v4)"
- send "cd $tmppwd\r"
- expect "CWD command successful."
- expect "ftp> " {
- pass $testname
- }
-
- set testname "lcd(v4)"
- send "lcd $tmppwd\r"
- expect "Local directory now $tmppwd"
- expect "ftp> " {
- pass $testname
- }
-
- set testname "local get(v4)"
- catch "exec rm -f $tmppwd/copy"
- send "get ftp-test copy\r"
- expect "Opening BINARY mode data connection for ftp-test"
- expect "Transfer complete"
- expect -re "\[0-9\]+ bytes received in \[0-9.e-\]+ seconds"
- expect "ftp> "
- if [check_file $tmppwd/copy] {
- pass $testname
- } else {
- fail $testname
- }
-
- set testname "big local get(v4)"
- catch "exec rm -f $tmppwd/copy"
- send "get bigftp-test copy\r"
- expect "Opening BINARY mode data connection for bigftp-test"
- expect "Transfer complete"
- expect -re "\[0-9\]+ bytes received in \[0-9.e-\]+ seconds"
- expect "ftp> "
- if [check_file $tmppwd/copy 1] {
- pass $testname
- } else {
- fail $testname
- }
-
- set testname "start encryption(v4)"
- send "private\r"
- expect "Data channel protection level set to private"
- expect "ftp> " {
- pass $testname
- }
-
- set testname "status(v4)"
- send "status\r"
- expect "Protection Level: private"
- expect "ftp> " {
- pass $testname
- }
-
- set testname "encrypted get(v4)"
- catch "exec rm -f $tmppwd/copy"
- send "get ftp-test copy\r"
- expect "Opening BINARY mode data connection for ftp-test"
- expect "Transfer complete"
- expect {
- -re "\[0-9\]+ bytes received in \[0-9.e-\]+ seconds" {}
- -re "krb_rd_priv failed for KERBEROS_V4" {
- fail $testname
- send "quit\r"
- catch "expect_after"
- return
- }
- }
- expect "ftp> "
- if [check_file $tmppwd/copy] {
- pass $testname
- } else {
- fail $testname
- }
-
-
- # Test a large file that will overflow PBSZ size
- set testname "big encrypted get(v4)"
- catch "exec rm -f $tmppwd/copy"
- send "get bigftp-test copy\r"
- expect "Opening BINARY mode data connection for bigftp-test"
- expect "Transfer complete"
- expect {
- -re "\[0-9\]+ bytes received in \[0-9.e+-\]+ seconds" {}
- -re "krb_rd_priv failed for KERBEROS_V4" {
- fail $testname
- send "quit\r"
- catch "expect_after"
- return
- }
- }
- expect "ftp> "
- if [check_file $tmppwd/copy 1] {
- pass $testname
- } else {
- fail $testname
- }
-
- set testname "close(v4)"
- send "close\r"
- expect "Goodbye."
- expect "ftp> "
- set status_list [wait -i $ftpd_spawn_id]
- verbose "wait -i $ftpd_spawn_id returned $status_list ($testname)"
- catch "close -i $ftpd_spawn_id"
- if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 0 } {
- send_log "exit status: $status_list\n"
- verbose "exit status: $status_list"
- fail $testname
- } else {
- pass $testname
- unset ftpd_pid
- }
-
- set testname "quit(v4)"
- send "quit\r"
- expect_after
- expect eof
- if [check_exit_status $testname] {
- pass $testname
- }
-
-}
-
-run_once v4gssftp {
- # Make sure .klogin is reasonable.
- if ![check_k5login ftp] {
- return
- }
-
- if ![check_klogin ftp] {
- return
- }
-
- # Set up the kerberos database.
- if {![get_hostname] \
- || ![setup_kerberos_files] \
- || ![setup_kerberos_env] \
- || ![setup_kerberos_db 0]} {
- return
- }
-
- # Create a file to use for ftp testing.
- set file [open $tmppwd/ftp-test w]
- puts $file "This file is used for ftp testing."
- close $file
-
- # Create a large file to use for ftp testing. File needs to be
- # larger that 2^20 or 1MB for PBSZ testing.
- set file [open $tmppwd/bigftp-test w]
- puts $file "This file is used for ftp testing.\n"
- seek $file 1048576 current
- puts $file "This file is used for ftp testing."
- close $file
-
- # The ftp client will look in $HOME/.netrc for the user name to use.
- # To avoid confusing the testsuite, point $HOME at a directory where
- # we know there is no .netrc file.
- if [info exists env(HOME)] {
- set home $env(HOME)
- } elseif [info exists home] {
- unset home
- }
- set env(HOME) $tmppwd
-
- # Run the test. Logging in sometimes takes a while, so increase the
- # timeout.
- set oldtimeout $timeout
- set timeout 60
- set status [catch v4ftp_test msg]
- set timeout $oldtimeout
-
- # Shut down the kerberos daemons and the ftp daemon.
- stop_kerberos_daemons
-
- stop_ftp_daemon
-
- ftp_restore_env
-
- # Reset $HOME, for safety in case we are going to run more tests.
- if [info exists home] {
- set env(HOME) $home
- } else {
- unset env(HOME)
- }
-
- if { $status != 0 } {
- perror "error in v4gssftp.exp: $msg"
- }
-}
Deleted: branches/mskrb-integ/src/tests/dejagnu/krb-standalone/v4krb524d.exp
===================================================================
--- branches/mskrb-integ/src/tests/dejagnu/krb-standalone/v4krb524d.exp 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/tests/dejagnu/krb-standalone/v4krb524d.exp 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,168 +0,0 @@
-# Standalone Kerberos test.
-# This is a DejaGnu test script.
-# This script tests that the Kerberos tools can talk to each other.
-
-# This mostly just calls procedures in testsuite/config/default.exp.
-
-if ![info exists K524INIT] {
- set K524INIT [findfile $objdir/../../krb524/k524init]
-}
-
-if ![info exists KRB524D] {
- set KRB524D [findfile $objdir/../../krb524/krb524d]
-}
-
-if ![info exists KLIST] {
- set KLIST [findfile $objdir/../../clients/klist/klist]
-}
-
-if ![info exists KDESTROY] {
- set KDESTROY [findfile $objdir/../../clients/kdestroy/kdestroy]
-}
-
-# Set up the Kerberos files and environment.
-if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
- return
-}
-
-# If we do not have what is for a V4 test - return
-if ![v4_compatible_enctype] {
- return
-}
-
-# Initialize the Kerberos database. The argument tells
-# setup_kerberos_db that it is being called from here.
-if ![setup_kerberos_db 1] {
- return
-}
-
-# A procedure to stop the krb524 daemon.
-proc start_k524_daemon { } {
- global KRB524D
- global k524d_spawn_id
- global k524d_pid
- global REALMNAME
- global portbase
-
- spawn $KRB524D -m -p [expr 7 + $portbase] -r $REALMNAME -nofork
- set k524d_spawn_id $spawn_id
- set k524d_pid [exp_pid]
-
- # Give the krb524d daemon a few seconds to get set up.
- sleep 2
-}
-
-# A procedure to stop the krb524 daemon.
-proc stop_k524_daemon { } {
- global k524d_spawn_id
- global k524d_pid
-
- if [info exists k524d_pid] {
- catch "close -i $k524d_spawn_id"
- catch "exec kill $k524d_pid"
- catch "wait -i $k524d_spawn_id"
- unset k524d_pid
- }
-}
-
-# We are about to start up a couple of daemon processes. We do all
-# the rest of the tests inside a proc, so that we can easily kill the
-# processes when the procedure ends.
-
-proc doit { } {
- global env
- global KEY
- global K524INIT
- # To pass spawn_id to the wait process
- global spawn_id
- global KLIST
- global KDESTROY
- global tmppwd
- global REALMNAME
- global des3_krbtgt
-
- if {$des3_krbtgt} {
- return
- }
- # Start up the kerberos and kadmind daemons.
- if ![start_kerberos_daemons 1] {
- return
- }
-
- # Add a user key and get a V5 ticket
- if {![add_kerberos_key $env(USER) 0] \
- || ![kinit $env(USER) $env(USER)$KEY 0]} {
- return
- }
-
- # Start the krb524d daemon.
- start_k524_daemon
-
- # The k524init program does not advertise anything on success -
- #only failure.
- spawn $K524INIT
- expect {
- -timeout 10
- -re "k524init: .*\r" {
- fail "k524init"
- return
- }
- eof {}
- timeout {}
- }
-
-
- if ![check_exit_status "k524init"] {
- return
- }
- pass "k524init"
-
- # Make sure that klist can see the ticket.
- spawn $KLIST -4
- expect {
- -re "Kerberos 4 ticket cache:\[ \]*(.+:)?$tmppwd/tkt.*Principal:\[ \]*$env(USER)@$REALMNAME.*krbtgt\.$REALMNAME@$REALMNAME\r\n" {
- verbose "klist started"
- }
- timeout {
- fail "v4klist"
- return
- }
- eof {
- fail "v4klist"
- return
- }
- }
-
- expect {
- "\r" { }
- eof { }
- }
-
- if ![check_exit_status "klist"] {
- return
- }
- pass "krb524d: v4klist"
-
- # Destroy the ticket.
- spawn $KDESTROY -4
- if ![check_exit_status "kdestroy"] {
- return
- }
- pass "krb524d: v4kdestroy"
-
- pass "krb524d: krb524d"
-}
-
-set status [catch doit msg]
-
-stop_kerberos_daemons
-
-stop_k524_daemon
-
-if { $status != 0 } {
- send_error "ERROR: error in v4krb524d.exp\n"
- send_error "$msg\n"
- exit 1
-}
-
-
Deleted: branches/mskrb-integ/src/tests/dejagnu/krb-standalone/v4standalone.exp
===================================================================
--- branches/mskrb-integ/src/tests/dejagnu/krb-standalone/v4standalone.exp 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/tests/dejagnu/krb-standalone/v4standalone.exp 2009-01-03 03:00:25 UTC (rev 21678)
@@ -1,95 +0,0 @@
-# Standalone Kerberos test.
-# This is a DejaGnu test script.
-# This script tests that the Kerberos tools can talk to each other.
-
-# This mostly just calls procedures in testsuite/config/default.exp.
-
-# Set up the Kerberos files and environment.
-if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
- return
-}
-
-# If we do not have what is for a V4 test - return
-if ![v4_compatible_enctype] {
- return
-}
-
-# Initialize the Kerberos database. The argument tells
-# setup_kerberos_db that it is being called from here.
-if ![setup_kerberos_db 1] {
- return
-}
-
-# We are about to start up a couple of daemon processes. We do all
-# the rest of the tests inside a proc, so that we can easily kill the
-# processes when the procedure ends.
-
-proc check_and_destroy_v4_tix { client server } {
- global REALMNAME
- global des3_krbtgt
-
- # Skip this if we're using a des3 TGT, since that's supposed to fail.
- if {$des3_krbtgt} {
- return
- }
- # Make sure that klist can see the ticket.
- if ![v4klist "$client" "$server" "v4klist"] {
- return
- }
-
- # Destroy the ticket.
- if ![v4kdestroy "v4kdestroy"] {
- return
- }
-
- if ![v4klist_none "v4klist no tix 1"] {
- return
- }
-}
-
-proc doit { } {
- global REALMNAME
- global KLIST
- global KDESTROY
- global KEY
- global hostname
- global spawn_id
- global tmppwd
-
- # Start up the kerberos and kadmind daemons.
- if ![start_kerberos_daemons 1] {
- return
- }
-
- # Use kadmin to add an host key.
- if ![add_random_key host/$hostname 1] {
- return
- }
-
- # Use ksrvutil to create a srvtab entry.
- if ![setup_srvtab 1] {
- return
- }
-
- # Use kinit to get a ticket.
- if [v4kinit krbtest.admin adminpass$KEY 1] {
- check_and_destroy_v4_tix krbtest.admin@$REALMNAME krbtgt.$REALMNAME@$REALMNAME
- }
-
- # Use kinit with srvtab to get a ticket.
- # XXX - Currently kinit doesn't support "-4 -k"!
-# set shorthost [string range $hostname 0 [expr [string first . $hostname] - 1]]
-# if [v4kinit_kt host.$shorthost SRVTAB:$tmppwd/srvtab 1] {
-# check_and_destroy_v4_tix host.$shorthost@$REALMNAME krbtgt.$REALMNAME@$REALMNAME
-# }
-}
-
-set status [catch doit msg]
-
-stop_kerberos_daemons
-
-if { $status != 0 } {
- send_error "ERROR: error in v4standalone.exp\n"
- send_error "$msg\n"
- exit 1
-}
Modified: branches/mskrb-integ/src/util/depfix.pl
===================================================================
--- branches/mskrb-integ/src/util/depfix.pl 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/util/depfix.pl 2009-01-03 03:00:25 UTC (rev 21678)
@@ -162,10 +162,6 @@
$_ = &uniquify($_);
- # Some krb4 dependencies should only be present if building with krb4
- # enabled.
- s;\$\(BUILDTOP\)/include/kerberosIV/krb_err.h ;\$(KRB_ERR_H_DEP) ;g;
-
# Delete trailing whitespace.
s; *$;;g;
Modified: branches/mskrb-integ/src/util/ss/Makefile.in
===================================================================
--- branches/mskrb-integ/src/util/ss/Makefile.in 2009-01-03 01:28:31 UTC (rev 21677)
+++ branches/mskrb-integ/src/util/ss/Makefile.in 2009-01-03 03:00:25 UTC (rev 21678)
@@ -233,7 +233,7 @@
utils.c
options.so options.po $(OUTPRE)options.$(OBJEXT): $(BUILDTOP)/include/ss/ss_err.h \
$(COM_ERR_DEPS) copyright.h options.c ss.h
-cmd_tbl.lex.o: cmd_tbl.lex.c ct.tab.h
+cmd_tbl.lex.o: cmd_tbl.lex.c
ct.tab.o: $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) \
ct.tab.c ss.h
ss_err.so ss_err.po $(OUTPRE)ss_err.$(OBJEXT): $(COM_ERR_DEPS) \
More information about the cvs-krb5
mailing list