[7150] in Kerberos
Kerberos 5 & X11R6
daemon@ATHENA.MIT.EDU (Tomasz Krupa - Junior System Engin)
Wed Apr 24 04:33:21 1996
From: Tomasz.Krupa@Poland.Sun.COM (Tomasz Krupa - Junior System Engineer - Sun Poland )
To: kerberos@MIT.EDU
Date: Mon, 22 Apr 1996 17:05:21 +0200 (MET DST)
Cc: J.Sobczyk@ia.pw.edu.pl
Subject: K5 BETA 5 & X11R6
Newsgroups: comp.protocols.kerberos
Summary: Kerberos 5 Beta 5 patches for X11R6
Keywords: Kerberos X11R6
X-Newsreader: TIN [version 1.2 PL2]
Hello,
I made some changes to X11R6 patch level 12 code allowing the use of
Kerberos 5 BETA 5. It seems to work, but it hasn't been tested
extensively yet. I compiled and run it on Solaris 2.5 sparc only.
Note: All the Kerberos libraries must be dynamic.
If you are using Kerberos 4 backward compatibility
libkrb5.so has to be relinked with libkrb4 dependence.
Any comments are highly appreciated.
Tomasz
diff -ru /tmp/X11R6pl12/xc/config/cf/site.def X11R6/xc/config/cf/site.def
--- /tmp/X11R6pl12/xc/config/cf/site.def Fri Apr 8 23:02:23 1994
+++ X11R6/xc/config/cf/site.def Mon Apr 22 16:32:46 1996
@@ -21,6 +21,21 @@
* *
*****************************************************************************/
+/* 2 lines below for debugging only */
+/* #define CcCmd gcc -g */
+/* #define OptimizedCDebugFlags */ /* -O2 */
+
+/* Local config */
+#define HasGcc2 YES
+#define OSMajorVersion 5
+#define OSMinorVersion 5
+#define SystemV4 YES
+#define HasSecureRPC YES
+#define HasKrb5 YES
+#define Krb5Includes -I/usr/local/include
+#define Krb5Libraries -L/usr/local/lib -lkrb5 -lcrypto -lcom_err
+#define SharedX11Reqs -L/usr/local/lib -lkrb5 -lcrypto -lcom_err
+
/* if you want host-specific customization, this is one way to do it */
/*
#ifndef SiteIConfigFiles
@@ -47,9 +62,9 @@
#ifdef AfterVendorCF
-#define ProjectRoot /usr/X11R6
+#define ProjectRoot /usr/local/X11R6
-/* #define HasXdmAuth YES */
+#define HasXdmAuth YES
/* #define BuildXKB YES */
diff -ru /tmp/X11R6pl12/xc/config/cf/sun.cf X11R6/xc/config/cf/sun.cf
--- /tmp/X11R6pl12/xc/config/cf/sun.cf Mon Apr 22 16:03:21 1996
+++ X11R6/xc/config/cf/sun.cf Mon Apr 22 16:32:46 1996
@@ -3,28 +3,28 @@
#ifdef SVR4Architecture
#ifdef i386Architecture
#ifndef OSName
-#define OSName SunOS 5.1 x86
+#define OSName SunOS 5.4 x86
#endif
XCOMM operating system: OSName
#ifndef OSMajorVersion
#define OSMajorVersion 5
#endif
#ifndef OSMinorVersion
-#define OSMinorVersion 1
+#define OSMinorVersion 4
#endif
#ifndef OSTeenyVersion
#define OSTeenyVersion 0
#endif
#else
#ifndef OSName
-#define OSName SunOS 5.3
+#define OSName SunOS 5.4
#endif
XCOMM operating system: OSName
#ifndef OSMajorVersion
#define OSMajorVersion 5
#endif
#ifndef OSMinorVersion
-#define OSMinorVersion 3
+#define OSMinorVersion 4
#endif
#ifndef OSTeenyVersion
#define OSTeenyVersion 0
diff -ru /tmp/X11R6pl12/xc/config/cf/sunLib.tmpl X11R6/xc/config/cf/sunLib.tmpl
--- /tmp/X11R6pl12/xc/config/cf/sunLib.tmpl Mon Apr 22 16:03:21 1996
+++ X11R6/xc/config/cf/sunLib.tmpl Mon Apr 22 16:32:46 1996
@@ -39,7 +39,7 @@
#if ThreadedX
#if OSMinorVersion > 3
-#define SharedX11Reqs /**/
+/* #define SharedX11Reqs */ /**/
#endif
#endif
#define SharedXmuReqs $(LDPRELIB) $(XTOOLLIB) $(XLIB)
diff -ru /tmp/X11R6pl12/xc/lib/X11/ConnDis.c X11R6/xc/lib/X11/ConnDis.c
--- /tmp/X11R6pl12/xc/lib/X11/ConnDis.c Mon Apr 22 16:02:38 1996
+++ X11R6/xc/lib/X11/ConnDis.c Mon Apr 22 16:32:45 1996
@@ -665,7 +665,7 @@
#endif
#ifdef K5AUTH
-#include <com_err.h>
+#include <krb5/com_err.h>
extern krb5_flags krb5_kdc_default_options;
@@ -686,11 +686,14 @@
CARD16 plen, tlen;
krb5_data kbuf;
krb5_ccache cc;
- krb5_creds creds;
+ krb5_creds creds, *out_creds;
krb5_principal cprinc, sprinc;
krb5_ap_rep_enc_part *repl;
+ krb5_context context;
+ krb5_auth_context *auth_context = NULL;
- krb5_init_ets();
+ krb5_init_context(&context);
+ krb5_init_ets(context);
/*
* stage 0: get encoded principal and tgt from server
*/
@@ -742,7 +745,7 @@
kbuf.data = buf;
kbuf.length = tlen;
}
- if (XauKrb5Decode(kbuf, &sprinc))
+ if (XauKrb5Decode(context, kbuf, &sprinc))
{
free(buf);
fprintf(stderr, "Xlib: XauKrb5Decode bombed\n");
@@ -752,18 +755,18 @@
{
char *sname, *hostname = NULL;
- sname = (char *)malloc(krb5_princ_component(sprinc, 0)->length + 1);
+ sname = (char *)malloc(krb5_princ_component(context,sprinc, 0)->length + 1);
if (sname == NULL)
{
free(buf);
- krb5_free_principal(sprinc);
+ krb5_free_principal(context,sprinc);
fprintf(stderr, "Xlib: malloc bombed in Krb5 auth\n");
return -1;
}
- memcpy(sname, krb5_princ_component(sprinc, 0)->data,
- krb5_princ_component(sprinc, 0)->length);
- sname[krb5_princ_component(sprinc, 0)->length] = '\0';
- krb5_free_principal(sprinc);
+ memcpy(sname, krb5_princ_component(context,sprinc, 0)->data,
+ krb5_princ_component(context,sprinc, 0)->length);
+ sname[krb5_princ_component(context,sprinc, 0)->length] = '\0';
+ krb5_free_principal(context,sprinc);
if (dpy->display_name[0] != ':') /* hunt for a hostname */
{
char *t;
@@ -791,7 +794,7 @@
t++;
*t = '\0'; /* truncate the dpy number out */
}
- retval = krb5_sname_to_principal(hostname, sname,
+ retval = krb5_sname_to_principal(context, hostname, sname,
KRB5_NT_SRV_HST, &sprinc);
free(sname);
if (hostname)
@@ -804,20 +807,20 @@
return -1;
}
}
- if (retval = krb5_cc_default(&cc))
+ if (retval = krb5_cc_default(context,&cc))
{
free(buf);
- krb5_free_principal(sprinc);
+ krb5_free_principal(context,sprinc);
fprintf(stderr, "Xlib: krb5_cc_default failed: %s\n",
error_message(retval));
return -1;
}
- if (retval = krb5_cc_get_principal(cc, &cprinc))
+ if (retval = krb5_cc_get_principal(context,cc, &cprinc))
{
free(buf);
- krb5_free_principal(sprinc);
+ krb5_free_principal(context,sprinc);
fprintf(stderr, "Xlib: cannot get Kerberos principal from \"%s\": %s\n",
- krb5_cc_default_name(), error_message(retval));
+ krb5_cc_default_name(context), error_message(retval));
return -1;
}
bzero((char *)&creds, sizeof(creds));
@@ -827,37 +830,56 @@
{
creds.second_ticket.length = tlen - plen - 2;
creds.second_ticket.data = buf + 2 + plen;
- retval = krb5_get_credentials(KRB5_GC_USER_USER |
+ retval = krb5_get_credentials(context, KRB5_GC_USER_USER |
krb5_kdc_default_options,
- cc, &creds);
+ cc, &creds, &out_creds);
+ creds.second_ticket.length = 0; /* to avoid freeing */
+ creds.second_ticket.data = NULL;
}
else
- retval = krb5_get_credentials(krb5_kdc_default_options,
- cc, &creds);
+ retval = krb5_get_credentials(context, krb5_kdc_default_options,
+ cc, &creds, &out_creds);
if (retval)
{
free(buf);
- krb5_free_cred_contents(&creds);
+ krb5_free_cred_contents(context, &creds);
fprintf(stderr, "Xlib: cannot get Kerberos credentials: %s\n",
error_message(retval));
return -1;
}
+
+ krb5_free_cred_contents(context, &creds);
+
+ /*
+ * Prepare auth context (TJK)
+ */
+ if (krb5_auth_con_init(context, &auth_context))
+ {
+ krb5_free_creds(context, out_creds);
+ krb5_auth_con_free(context, auth_context);
+ krb5_free_context(context);
+ fprintf(stderr, "Xlib: krb5_auth_con_init failed: %s\n",
+ error_message(retval));
+ return -1;
+ }
/*
* now format the ap_req to send to the server
*/
if (prefix.reqType == 2)
- retval = krb5_mk_req_extended(AP_OPTS_USE_SESSION_KEY |
- AP_OPTS_MUTUAL_REQUIRED, NULL,
- 0, 0, NULL, cc,
- &creds, NULL, &kbuf);
+ retval = krb5_mk_req_extended(context, &auth_context,
+ AP_OPTS_USE_SESSION_KEY |
+ AP_OPTS_MUTUAL_REQUIRED,
+ NULL, out_creds, &kbuf);
else
- retval = krb5_mk_req_extended(AP_OPTS_MUTUAL_REQUIRED, NULL,
- 0, 0, NULL, cc, &creds, NULL,
- &kbuf);
+ retval = krb5_mk_req_extended(context, &auth_context,
+ AP_OPTS_MUTUAL_REQUIRED,
+ NULL, out_creds, &kbuf);
free(buf);
if (retval) /* Some manner of Kerberos lossage */
{
- krb5_free_cred_contents(&creds);
+ krb5_free_creds(context, out_creds);
+ krb5_auth_con_free(context, auth_context);
+ krb5_free_context(context);
fprintf(stderr, "Xlib: krb5_mk_req_extended failed: %s\n",
error_message(retval));
return -1;
@@ -900,7 +922,17 @@
return -1;
}
_XRead(dpy, (char *)kbuf.data, kbuf.length);
- retval = krb5_rd_rep(&kbuf, &creds.keyblock, &repl);
+
+ retval = krb5_auth_con_setuseruserkey(context, auth_context,
+ &(out_creds->keyblock));
+ if(retval)
+ {
+ free(kbuf.data);
+ fprintf(stderr, "Xlib: krb5_auth_con_setuseruserkey failed: %s\n",
+ error_message(retval));
+ return -1;
+ }
+ retval = krb5_rd_rep(context, auth_context, &kbuf, &repl);
if (retval)
{
free(kbuf.data);
@@ -916,6 +948,9 @@
prefix.data = 0;
prefix.length = sz_xReq >> 2;
_XSend(dpy, (char *)&prefix, sz_xReq);
+ krb5_free_creds(context, out_creds);
+ krb5_auth_con_free(context, auth_context);
+ krb5_free_context(context);
return 0;
}
#endif /* K5AUTH */
diff -ru /tmp/X11R6pl12/xc/lib/Xau/Xauth.h X11R6/xc/lib/Xau/Xauth.h
--- /tmp/X11R6pl12/xc/lib/Xau/Xauth.h Mon Apr 18 02:15:47 1994
+++ X11R6/xc/lib/Xau/Xauth.h Mon Apr 22 16:32:45 1996
@@ -144,13 +144,14 @@
);
#ifdef K5AUTH
-#include <krb5/krb5.h>
+#include <krb5.h>
/* 9/93: krb5.h leaks some symbols */
#undef BITS32
#undef xfree
int XauKrb5Encode(
#if NeedFunctionPrototypes
+ krb5_context /* context */,
krb5_principal /* princ */,
krb5_data * /* outbuf */
#endif
@@ -158,6 +159,7 @@
int XauKrb5Decode(
#if NeedFunctionPrototypes
+ krb5_context /* context */,
krb5_data /* inbuf */,
krb5_principal * /* princ */
#endif
diff -ru /tmp/X11R6pl12/xc/lib/Xau/k5encode.c X11R6/xc/lib/Xau/k5encode.c
--- /tmp/X11R6pl12/xc/lib/Xau/k5encode.c Mon Apr 18 02:15:47 1994
+++ X11R6/xc/lib/Xau/k5encode.c Mon Apr 22 16:32:45 1996
@@ -38,7 +38,7 @@
* about that later.
*/
-#include <krb5/krb5.h>
+#include <krb5.h>
/* 9/93: krb5.h leaks some symbols */
#undef BITS32
#undef xfree
@@ -69,33 +69,36 @@
* always do the right thing. Don't have to frob with alignment that way.
*/
int
-XauKrb5Encode(princ, outbuf)
+XauKrb5Encode(context, princ, outbuf)
+ krb5_context context; /* Kerberos context */
krb5_principal princ; /* principal to encode */
krb5_data *outbuf; /* output buffer */
{
CARD16 i, numparts, totlen = 0, plen, rlen;
char *cp, *pdata;
- rlen = krb5_princ_realm(princ)->length;
- numparts = krb5_princ_size(princ);
+ rlen = krb5_princ_realm(context,princ)->length;
+ numparts = krb5_princ_size(context,princ);
totlen = 2 + rlen + 2; /* include room for realm length
and component count */
for (i = 0; i < numparts; i++)
- totlen += krb5_princ_component(princ, i)->length + 2;
+ totlen += krb5_princ_component(context,princ, i)->length + 2;
/* add 2 bytes each time for length */
if ((outbuf->data = (char *)malloc(totlen)) == NULL)
+ {
return -1;
+ }
cp = outbuf->data;
*cp++ = (char)((int)(0xff00 & rlen) >> 8);
*cp++ = (char)(0x00ff & rlen);
- memcpy(cp, krb5_princ_realm(princ)->data, rlen);
+ memcpy(cp, krb5_princ_realm(context,princ)->data, rlen);
cp += rlen;
*cp++ = (char)((int)(0xff00 & numparts) >> 8);
*cp++ = (char)(0x00ff & numparts);
for (i = 0; i < numparts; i++)
{
- plen = krb5_princ_component(princ, i)->length;
- pdata = krb5_princ_component(princ, i)->data;
+ plen = krb5_princ_component(context,princ, i)->length;
+ pdata = krb5_princ_component(context,princ, i)->data;
*cp++ = (char)((int)(0xff00 & plen) >> 8);
*cp++ = (char)(0x00ff & plen);
memcpy(cp, pdata, plen);
@@ -111,16 +114,17 @@
* this function essentially reverses what XauKrb5Encode does
*/
int
-XauKrb5Decode(inbuf, princ)
+XauKrb5Decode(context, inbuf, princ)
+ krb5_context context;
krb5_data inbuf;
krb5_principal *princ;
{
CARD16 i, numparts, plen, rlen;
CARD8 *cp, *pdata;
-
+
if (inbuf.length < 4)
{
- krb5_free_principal(*princ);
+ /* krb5_free_principal(context,*princ); */
return -1;
}
*princ = (krb5_principal)malloc(sizeof (krb5_principal_data));
@@ -132,48 +136,48 @@
rlen |= *cp++;
if (inbuf.length < 4 + (int)rlen + 2)
{
- krb5_free_principal(*princ);
+ krb5_free_principal(context,*princ);
return -1;
}
- krb5_princ_realm(*princ)->data = (char *)malloc(rlen);
- if (krb5_princ_realm(*princ)->data == NULL)
+ krb5_princ_realm(context,*princ)->data = (char *)malloc(rlen);
+ if (krb5_princ_realm(context,*princ)->data == NULL)
{
- krb5_free_principal(*princ);
+ krb5_free_principal(context,*princ);
return -1;
}
- krb5_princ_realm(*princ)->length = rlen;
- memcpy(krb5_princ_realm(*princ)->data, cp, rlen);
+ krb5_princ_realm(context,*princ)->length = rlen;
+ memcpy(krb5_princ_realm(context,*princ)->data, cp, rlen);
cp += rlen;
numparts = *cp++ << 8;
numparts |= *cp++;
- krb5_princ_name(*princ) =
+ krb5_princ_name(context,*princ) =
(krb5_data *)malloc(numparts * sizeof (krb5_data));
- krb5_princ_size(*princ) = 0;
+ krb5_princ_size(context,*princ) = 0;
for (i = 0; i < numparts; i++)
{
if (cp + 2 > (CARD8 *)inbuf.data + inbuf.length)
{
- krb5_free_principal(*princ);
+ krb5_free_principal(context,*princ);
return -1;
}
plen = *cp++ << 8;
plen |= *cp++;
if (cp + plen > (CARD8 *)inbuf.data + inbuf.length)
{
- krb5_free_principal(*princ);
+ krb5_free_principal(context,*princ);
return -1;
}
pdata = (CARD8 *)malloc(plen);
if (pdata == NULL)
{
- krb5_free_principal(*princ);
+ krb5_free_principal(context,*princ);
return -1;
}
- krb5_princ_component(*princ, i)->data = (char *)pdata;
- krb5_princ_component(*princ, i)->length = plen;
+ krb5_princ_component(context,*princ, i)->data = (char *)pdata;
+ krb5_princ_component(context,*princ, i)->length = plen;
memcpy(pdata, cp, plen);
cp += plen;
- krb5_princ_size(*princ)++;
+ krb5_princ_size(context,*princ)++;
}
return 0;
}
diff -ru /tmp/X11R6pl12/xc/programs/Xserver/os/access.c X11R6/xc/programs/Xserver/os/access.c
--- /tmp/X11R6pl12/xc/programs/Xserver/os/access.c Mon Apr 22 16:03:06 1996
+++ X11R6/xc/programs/Xserver/os/access.c Mon Apr 22 16:32:46 1996
@@ -663,6 +663,7 @@
struct dn_naddr dnaddr, *dnaddrp, *dnet_addr();
#endif
#ifdef K5AUTH
+ krb5_context context;
krb5_principal princ;
krb5_data kbuf;
#endif
@@ -755,10 +756,12 @@
#ifdef K5AUTH
if (family == FamilyKrb5Principal)
{
- krb5_parse_name(hostname, &princ);
- XauKrb5Encode(princ, &kbuf);
+ krb5_init_context(&context);
+ krb5_parse_name(context, hostname, &princ);
+ XauKrb5Encode(context, princ, &kbuf);
(void) NewHost(FamilyKrb5Principal, kbuf.data, kbuf.length);
- krb5_free_principal(princ);
+ krb5_free_principal(context, princ);
+ krb5_free_context(context);
}
else
#endif
diff -ru /tmp/X11R6pl12/xc/programs/Xserver/os/k5auth.c X11R6/xc/programs/Xserver/os/k5auth.c
--- /tmp/X11R6pl12/xc/programs/Xserver/os/k5auth.c Mon Apr 22 16:03:07 1996
+++ X11R6/xc/programs/Xserver/os/k5auth.c Mon Apr 22 16:32:46 1996
@@ -46,7 +46,8 @@
#include <netdnet/dn.h>
#endif
#include <arpa/inet.h>
-#include <krb5/krb5.h>
+#include <krb5.h>
+#include <krb5/auth_con.h>
/* 9/93: krb5.h leaks some symbols */
#undef BITS32
#undef xfree
@@ -57,7 +58,7 @@
#include "Xproto.h"
#include "Xfuncs.h"
#include "dixstruct.h"
-#include <com_err.h>
+#include <krb5/com_err.h>
#include "Xauth.h"
extern int (*k5_Vector[256])();
@@ -68,23 +69,14 @@
static krb5_principal srvname = NULL; /* service name */
static char *ccname = NULL;
static char *ktname = NULL; /* key table name */
-static char kerror[256];
+static krb5_context context = NULL; /* krb5_context is already a pointer */
+static char kerror[260];
/*
* tgt_keyproc:
*
* extract session key from a credentials struct
*/
-krb5_error_code tgt_keyproc(keyprocarg, principal, vno, key)
- krb5_pointer keyprocarg;
- krb5_principal principal;
- krb5_kvno vno;
- krb5_keyblock **key;
-{
- krb5_creds *creds = (krb5_creds *)keyprocarg;
-
- return krb5_copy_keyblock(&creds->keyblock, key);
-}
/*
* k5_cmpenc:
@@ -132,9 +124,10 @@
{
krb5_error_code retval;
CARD16 tlen;
+ CARD16 plen;
krb5_principal sprinc, cprinc;
krb5_ccache cc;
- krb5_creds *creds;
+ krb5_creds *creds, *new_creds;
char *outbuf, *cp;
krb5_data princ;
register char n;
@@ -144,44 +137,53 @@
return ~0L;
if (!ccname && !srvname)
return ~0L;
+
if (ccname)
{
if ((creds = (krb5_creds *)malloc(sizeof(krb5_creds))) == NULL)
return ~0L;
- if (retval = krb5_cc_resolve(ccname, &cc))
+ if (retval = krb5_cc_resolve(context, ccname, &cc))
return ~0L;
bzero((char*)creds, sizeof (krb5_creds));
- if (retval = krb5_cc_get_principal(cc, &cprinc))
+ if (retval = krb5_cc_get_principal(context, cc, &cprinc))
{
- krb5_free_creds(creds);
- krb5_cc_close(cc);
+ krb5_free_creds(context, creds);
+ krb5_cc_close(context, cc);
return ~0L;
}
creds->client = cprinc;
if (retval =
- krb5_build_principal_ext(&sprinc,
- krb5_princ_realm(creds->client)->length,
- krb5_princ_realm(creds->client)->data,
+ krb5_build_principal_ext(context, &sprinc,
+ krb5_princ_realm(context, creds->client)->length,
+ krb5_princ_realm(context, creds->client)->data,
6, "krbtgt",
- krb5_princ_realm(creds->client)->length,
- krb5_princ_realm(creds->client)->data,
+ krb5_princ_realm(context, creds->client)->length,
+ krb5_princ_realm(context, creds->client)->data,
0))
{
- krb5_free_creds(creds);
- krb5_cc_close(cc);
+ krb5_free_creds(context, creds);
+ krb5_cc_close(context, cc);
return ~0L;
}
creds->server = sprinc;
- retval = krb5_get_credentials(KRB5_GC_CACHED, cc, creds);
- krb5_cc_close(cc);
+ retval = krb5_get_credentials(context, KRB5_GC_CACHED, cc,
+ creds, &new_creds);
+ krb5_cc_close(context, cc);
+
+ /* Input creds not needed now replace them with output ones */
+ cprinc = new_creds->client;
+ sprinc = new_creds->server;
+ krb5_free_creds(context, creds);
+ creds = new_creds;
+
if (retval)
{
- krb5_free_creds(creds);
+ /* krb5_free_creds(context, creds); */
return ~0L;
}
- if (retval = XauKrb5Encode(cprinc, &princ))
+ if (retval = XauKrb5Encode(context, cprinc, &princ))
{
- krb5_free_creds(creds);
+ krb5_free_creds(context, creds);
return ~0L;
}
tlen = sz_xReq + 2 + princ.length + creds->ticket.length;
@@ -189,7 +191,7 @@
}
else if (srvname)
{
- if (retval = XauKrb5Encode(srvname, &princ))
+ if (retval = XauKrb5Encode(context, srvname, &princ))
{
return ~0L;
}
@@ -207,7 +209,7 @@
{
if (ccname)
{
- krb5_free_creds(creds);
+ krb5_free_creds(context, creds);
}
free(princ.data);
return ~0L;
@@ -216,7 +218,8 @@
cp += sz_xReq;
if (ccname)
{
- memcpy(cp, &princ.length, 2);
+ plen = princ.length; /* convert to CARD16 */
+ memcpy(cp, &plen, 2);
if (client->swapped)
{
swaps((CARD16 *)cp, n);
@@ -232,6 +235,7 @@
free(outbuf);
client->requestVector = k5_Vector; /* hack in our dispatch vector */
client->clientState = ClientStateAuthenticating;
+
if (ccname)
{
((OsCommPtr)client->osPrivate)->authstate.srvcreds = (pointer)creds; /* save tgt creds */
@@ -245,7 +249,6 @@
((OsCommPtr)client->osPrivate)->authstate.srvname = (pointer)srvname;
}
((OsCommPtr)client->osPrivate)->authstate.stageno = 1; /* next stage is 1 */
- return krb5_id;
}
/*
@@ -283,17 +286,24 @@
krb5_creds *creds = (krb5_creds *)((OsCommPtr)client->osPrivate)->authstate.srvcreds;
krb5_keyblock *skey;
krb5_address cli_addr, **localaddrs = NULL;
- krb5_tkt_authent *authdat;
- krb5_ap_rep_enc_part rep;
- krb5_int32 ctime, cusec;
+ krb5_auth_context *auth_context = NULL;
+ krb5_ticket *ticket = NULL;
+ /* krb5_tkt_authent *authdat; */
+ /* krb5_ap_rep_enc_part rep; */
+ /* krb5_int32 ctime, cusec; */
+ krb5_keytab keytabid;
+ krb5_flags ap_options;
krb5_rcache rcache = NULL;
char *cachename = NULL, *rc_type = NULL, *rc_base = "rcX", *kt = NULL;
REQUEST(xReq);
+ if(context == NULL)
+ return(SendConnSetup(client, "Unexpected NULL Krb5 context"));
+
if (((OsCommPtr)client->osPrivate)->authstate.stageno != 1)
{
if (creds)
- krb5_free_creds(creds);
+ krb5_free_creds(context, creds);
return(SendConnSetup(client, "expected Krb5 stage1 packet"));
}
addrlen = sizeof (cli_net_addr);
@@ -301,7 +311,7 @@
&cli_net_addr, &addrlen) == -1)
{
if (creds)
- krb5_free_creds(creds);
+ krb5_free_creds(context, creds);
return(SendConnSetup(client, "Krb5 stage1: getpeername failed"));
}
if (cli_net_addr.sa_family == AF_UNSPEC
@@ -314,7 +324,7 @@
if (!localaddrs || !localaddrs[0])
{
if (creds)
- krb5_free_creds(creds);
+ krb5_free_creds(context, creds);
return(SendConnSetup(client, "Krb5 failed to get localaddrs"));
}
cli_addr.addrtype = localaddrs[0]->addrtype;
@@ -343,9 +353,9 @@
#endif
default:
if (localaddrs)
- krb5_free_addresses(localaddrs);
+ krb5_free_addresses(context, localaddrs);
if (creds)
- krb5_free_creds(creds);
+ krb5_free_creds(context, creds);
sprintf(kerror, "Krb5 stage1: unknown address family %d from getpeername",
cli_net_addr.sa_family);
return(SendConnSetup(client, kerror));
@@ -354,19 +364,19 @@
if ((rcache = (krb5_rcache)malloc(sizeof(*rcache))) == NULL)
{
if (localaddrs)
- krb5_free_addresses(localaddrs);
+ krb5_free_addresses(context, localaddrs);
if (creds)
- krb5_free_creds(creds);
+ krb5_free_creds(context, creds);
return(SendConnSetup(client, "malloc bombed for krb5_rcache"));
}
- if ((rc_type = krb5_rc_default_type()) == NULL)
+ if ((rc_type = krb5_rc_default_type(context)) == NULL)
rc_type = "dfl";
- if (retval = krb5_rc_resolve_type(&rcache, rc_type))
+ if (retval = krb5_rc_resolve_type(context, &rcache, rc_type))
{
if (localaddrs)
- krb5_free_addresses(localaddrs);
+ krb5_free_addresses(context, localaddrs);
if (creds)
- krb5_free_creds(creds);
+ krb5_free_creds(context, creds);
free(rcache);
strcpy(kerror, "krb5_rc_resolve_type failed: ");
strncat(kerror, error_message(retval), 231);
@@ -376,20 +386,20 @@
== NULL)
{
if (localaddrs)
- krb5_free_addresses(localaddrs);
+ krb5_free_addresses(context, localaddrs);
if (creds)
- krb5_free_creds(creds);
+ krb5_free_creds(context, creds);
free(rcache);
return(SendConnSetup(client, "Krb5: malloc bombed for cachename"));
}
strcpy(cachename, rc_base);
strcat(cachename, display);
- if (retval = krb5_rc_resolve(rcache, cachename))
+ if (retval = krb5_rc_resolve(context, rcache, cachename))
{
if (localaddrs)
- krb5_free_addresses(localaddrs);
+ krb5_free_addresses(context, localaddrs);
if (creds)
- krb5_free_creds(creds);
+ krb5_free_creds(context, creds);
free(rcache);
free(cachename);
strcpy(kerror, "krb5_rc_resolve failed: ");
@@ -397,16 +407,16 @@
return(SendConnSetup(client, kerror));
}
free(cachename);
- if (krb5_rc_recover(rcache))
+ if (krb5_rc_recover(context, rcache))
{
extern krb5_deltat krb5_clockskew;
- if (retval = krb5_rc_initialize(rcache, krb5_clockskew))
+ if (retval = krb5_rc_initialize(context, rcache, krb5_clockskew))
{
if (localaddrs)
- krb5_free_addresses(localaddrs);
+ krb5_free_addresses(context, localaddrs);
if (creds)
- krb5_free_creds(creds);
- if (retval2 = krb5_rc_close(rcache))
+ krb5_free_creds(context, creds);
+ if (retval2 = krb5_rc_close(context, rcache))
{
strcpy(kerror, "krb5_rc_close failed: ");
strncat(kerror, error_message(retval2), 238);
@@ -418,39 +428,109 @@
return(SendConnSetup(client, kerror));
}
}
+
+ if (retval = krb5_auth_con_init(context, &auth_context))
+ {
+ if (localaddrs)
+ krb5_free_addresses(context, localaddrs);
+ if (creds)
+ krb5_free_creds(context, creds);
+ strcpy(kerror, "krb5_auth_con_init failed: ");
+ strncat(kerror, error_message(retval), 233);
+ return(SendConnSetup(client, kerror));
+ }
+
+ if (retval = krb5_auth_con_setaddrs(context, auth_context,
+ NULL, &cli_addr))
+ {
+ if (localaddrs)
+ krb5_free_addresses(context, localaddrs);
+ if (creds)
+ krb5_free_creds(context, creds);
+ krb5_auth_con_free(context, auth_context);
+ strcpy(kerror, "krb5_auth_con_setaddrs failed: ");
+ strncat(kerror, error_message(retval), 229);
+ return(SendConnSetup(client, kerror));
+ }
+
+ if (retval = krb5_auth_con_setflags(context, auth_context,
+ KRB5_AUTH_CONTEXT_DO_SEQUENCE))
+ {
+ if (localaddrs)
+ krb5_free_addresses(context, localaddrs);
+ if (creds)
+ krb5_free_creds(context, creds);
+ krb5_auth_con_free(context, auth_context);
+ strcpy(kerror, "krb5_auth_con_setflags failed: ");
+ strncat(kerror, error_message(retval), 229);
+ return(SendConnSetup(client, kerror));
+ }
+
+ if (retval = krb5_auth_con_setrcache(context, auth_context, rcache))
+ {
+ if (localaddrs)
+ krb5_free_addresses(context, localaddrs);
+ if (creds)
+ krb5_free_creds(context, creds);
+ krb5_auth_con_free(context, auth_context);
+ strcpy(kerror, "krb5_set_rcache failed: ");
+ strncat(kerror, error_message(retval), 236);
+ return(SendConnSetup(client, kerror));
+ }
+
buf.length = (stuff->length << 2) - sz_xReq;
buf.data = (char *)stuff + sz_xReq;
if (creds)
{
- retval = krb5_rd_req(&buf,
- NULL, /* don't bother with server name */
- &cli_addr,
- NULL, /* no fetchfrom */
- tgt_keyproc,
- creds, /* credentials as arg to
- keyproc */
- rcache,
- &authdat);
- krb5_free_creds(creds);
+ if (retval = krb5_auth_con_setuseruserkey(context, auth_context,
+ &creds->keyblock))
+ {
+ krb5_auth_con_free(context, auth_context);
+ strcpy(kerror, "krb5_auth_con_setuseruserkey failed: ");
+ strncat(kerror, error_message(retval), 223);
+ return(SendConnSetup(client, kerror));
+ }
+
+ retval = krb5_rd_req(context, &auth_context, &buf,
+ NULL,
+ NULL,
+ &ap_options,
+ &ticket);
+
+ /* krb5_free_creds(creds); */
}
else if (kt = (char *)((OsCommPtr)client->osPrivate)->authstate.ktname)
{
- retval = krb5_rd_req(&buf, srvname, &cli_addr, kt, NULL, NULL,
- rcache, &authdat);
+ if (retval = krb5_kt_resolve(context, kt, &keytabid))
+ {
+ krb5_auth_con_free(context, auth_context);
+ strcpy(kerror, "krb5_kt_resolve failed: ");
+ strncat(kerror, error_message(retval), 236);
+ return(SendConnSetup(client, kerror));
+ }
+ retval = krb5_rd_req(context, &auth_context, &buf,
+ srvname,
+ keytabid,
+ &ap_options,
+ &ticket);
+ /* #TJK# do we need free for keytab ??? */
+
((OsCommPtr)client->osPrivate)->authstate.ktname = NULL;
}
else
{
if (localaddrs)
- krb5_free_addresses(localaddrs);
+ krb5_free_addresses(context, localaddrs);
+ krb5_auth_con_free(context, auth_context);
return(SendConnSetup(client, "Krb5: neither srvcreds nor ktname set"));
}
if (localaddrs)
- krb5_free_addresses(localaddrs);
+ krb5_free_addresses(context, localaddrs);
if (rcache)
{
- if (retval2 = krb5_rc_close(rcache))
+ if (retval2 = krb5_rc_close(context, rcache))
{
+ krb5_auth_con_free(context, auth_context);
strcpy(kerror, "krb5_rc_close failed (2): ");
strncat(kerror, error_message(retval2), 230);
return(SendConnSetup(client, kerror));
@@ -459,15 +539,16 @@
}
if (retval)
{
+ krb5_auth_con_free(context, auth_context);
strcpy(kerror, "Krb5: Bad application request: ");
strncat(kerror, error_message(retval), 224);
return(SendConnSetup(client, kerror));
}
- cprinc = authdat->ticket->enc_part2->client;
- skey = authdat->ticket->enc_part2->session;
- if (XauKrb5Encode(cprinc, &buf))
+ cprinc = ticket->enc_part2->client;
+ skey = ticket->enc_part2->session;
+ if (XauKrb5Encode(context, cprinc, &buf))
{
- krb5_free_tkt_authent(authdat);
+ krb5_auth_con_free(context, auth_context);
return(SendConnSetup(client, "XauKrb5Encode bombed"));
}
/*
@@ -481,25 +562,28 @@
* achieve mutual authentication. The client sends back a stage 3
* packet if all is ok.
*/
- if (authdat->ap_options | AP_OPTS_MUTUAL_REQUIRED)
+ if (ap_options & AP_OPTS_MUTUAL_REQUIRED)
{
/*
* stage 2: send ap_rep to client
*/
- if (retval = krb5_us_timeofday(&ctime, &cusec))
+ /* #TJK# Commented out, needed ??? */
+/*
+ if (retval = krb5_us_timeofday(context, &ctime, &cusec))
{
- krb5_free_tkt_authent(authdat);
+ krb5_auth_con_free(context, auth_context);
strcpy(kerror, "error in krb5_us_timeofday: ");
strncat(kerror, error_message(retval), 234);
return(SendConnSetup(client, kerror));
}
- rep.ctime = ctime;
- rep.cusec = cusec;
- rep.subkey = NULL;
- rep.seq_number = 0;
- if (retval = krb5_mk_rep(&rep, skey, &buf))
+ auth_context->authentp->ctime = ctime;
+ auth_context->authentp->cusec = cusec;
+ auth_context->authentp->subkey = NULL;
+ auth_context->local_seq_number = 0;
+*/
+ if (retval = krb5_mk_rep(context, auth_context, &buf))
{
- krb5_free_tkt_authent(authdat);
+ krb5_auth_con_free(context, auth_context);
strcpy(kerror, "error in krb5_mk_rep: ");
strncat(kerror, error_message(retval), 238);
return(SendConnSetup(client, kerror));
@@ -514,14 +598,14 @@
WriteToClient(client, sz_xReq, (char *)&prefix);
WriteToClient(client, buf.length, buf.data);
free(buf.data);
- krb5_free_tkt_authent(authdat);
+ krb5_auth_con_free(context, auth_context);
((OsCommPtr)client->osPrivate)->authstate.stageno = 3; /* expect stage3 packet */
return(Success);
}
else
{
free(buf.data);
- krb5_free_tkt_authent(authdat);
+ krb5_auth_con_free(context, auth_context);
return(SendConnSetup(client, NULL)); /* success! */
}
}
@@ -529,9 +613,9 @@
{
char *kname;
- krb5_free_tkt_authent(authdat);
+ krb5_auth_con_free(context, auth_context);
free(buf.data);
- retval = krb5_unparse_name(cprinc, &kname);
+ retval = krb5_unparse_name(context, cprinc, &kname);
if (retval == 0)
{
sprintf(kerror, "Principal \"%s\" is not authorized to connect",
@@ -574,7 +658,7 @@
register ClientPtr client;
{
if (((OsCommPtr)client->osPrivate)->authstate.srvcreds)
- krb5_free_creds((krb5_creds *)((OsCommPtr)client->osPrivate)->authstate.srvcreds);
+ krb5_free_creds(context, (krb5_creds *)((OsCommPtr)client->osPrivate)->authstate.srvcreds);
sprintf(kerror, "unrecognized Krb5 auth packet %d, expecting %d",
((xReq *)client->requestBuffer)->reqType,
((OsCommPtr)client->osPrivate)->authstate.stageno);
@@ -598,13 +682,19 @@
krb5_error_code retval;
krb5_keytab_entry tmp_entry;
krb5_keytab keytab;
+ krb5_keytype keytype;
krb5_kvno kvno = 0;
krb5_ccache cc;
char *nbuf, *cp;
krb5_data kbuf;
int i, ktlen;
-
- krb5_init_ets(); /* can't think of a better place to put it */
+
+ if ((context==NULL) && (retval=krb5_init_context(&context)))
+ {
+ ErrorF("K5Add: krb5_init_context failed: %s\n", error_message(retval));
+ return 0;
+ }
+ krb5_init_ets(context); /* can't think of a better place to put it */
krb5_id = ~0L;
if (data_length < 3)
return 0;
@@ -619,7 +709,7 @@
}
if (srvname)
{
- krb5_free_principal(srvname);
+ krb5_free_principal(context, srvname);
srvname = NULL;
}
if (ktname)
@@ -629,26 +719,26 @@
}
if (!strncmp(data, "UU:", 3))
{
- if (retval = krb5_cc_resolve(nbuf, &cc))
+ if (retval = krb5_cc_resolve(context, nbuf, &cc))
{
ErrorF("K5Add: krb5_cc_resolve of \"%s\" failed: %s\n",
nbuf, error_message(retval));
free(nbuf);
return 0;
}
- if (cc && !(retval = krb5_cc_get_principal(cc, &princ)))
+ if (cc && !(retval = krb5_cc_get_principal(context, cc, &princ)))
{
- if (XauKrb5Encode(princ, &kbuf))
+ if (XauKrb5Encode(context, princ, &kbuf))
{
free(nbuf);
- krb5_free_principal(princ);
- krb5_cc_close(cc);
+ krb5_free_principal(context, princ);
+ krb5_cc_close(context, cc);
return 0;
}
- if (krb5_cc_close(cc))
+ if (krb5_cc_close(context, cc))
return 0;
AddHost(NULL, FamilyKrb5Principal, kbuf.length, kbuf.data);
- krb5_free_principal(princ);
+ krb5_free_principal(context, princ);
free(kbuf.data);
ccname = nbuf;
krb5_id = id;
@@ -675,40 +765,50 @@
return 0;
}
strcpy(ktname, cp + 1);
- retval = krb5_sname_to_principal(NULL, /* NULL for hostname uses
- local host name*/
+ retval = krb5_sname_to_principal(context,
+ NULL, /* NULL for hostname uses
+ local host name */
nbuf, KRB5_NT_SRV_HST,
&srvname);
free(nbuf);
if (retval)
{
+ ErrorF("K5Add: krb5_sname_to_principal \"%s\" sname failed: %s\n",
+ nbuf, error_message(retval));
free(ktname);
ktname = NULL;
return 0;
}
- if (retval = krb5_kt_resolve(ktname, &keytab))
+ if (retval = krb5_kt_resolve(context, ktname, &keytab))
{
+ ErrorF("K5Add: krb5_kt_resolve \"%s\" ktname failed: %s\n",
+ ktname, error_message(retval));
free(ktname);
ktname = NULL;
- krb5_free_principal(srvname);
+ krb5_free_principal(context, srvname);
srvname = NULL;
return 0;
}
- retval = krb5_kt_get_entry(keytab, srvname, kvno, &tmp_entry);
- krb5_kt_free_entry(&tmp_entry);
+ keytype = ETYPE_DES_CBC_CRC; /* #TJK# to be fixed !!! */
+ /* #TJK# commented out, needed ??? */
+/*
+ retval = krb5_kt_get_entry(context, keytab, srvname, kvno,
+ keytype, &tmp_entry);
+ krb5_kt_free_entry(context, &tmp_entry);
if (retval)
{
free(ktname);
ktname = NULL;
- krb5_free_principal(srvname);
+ krb5_free_principal(context, srvname);
srvname = NULL;
return 0;
}
- if (XauKrb5Encode(srvname, &kbuf))
+*/
+ if (XauKrb5Encode(context, srvname, &kbuf))
{
free(ktname);
ktname = NULL;
- krb5_free_principal(srvname);
+ krb5_free_principal(context, srvname);
srvname = NULL;
return 0;
}
@@ -736,22 +836,22 @@
krb5_ccache cc;
krb5_data kbuf;
int i;
-
+
if (ccname)
{
- if (retval = krb5_cc_resolve(ccname, &cc))
+ if (retval = krb5_cc_resolve(context, ccname, &cc))
{
free(ccname);
ccname = NULL;
}
- if (cc && !(retval = krb5_cc_get_principal(cc, &princ)))
+ if (cc && !(retval = krb5_cc_get_principal(context, cc, &princ)))
{
- if (XauKrb5Encode(princ, &kbuf))
+ if (XauKrb5Encode(context, princ, &kbuf))
return 1;
RemoveHost(NULL, FamilyKrb5Principal, kbuf.length, kbuf.data);
- krb5_free_principal(princ);
+ krb5_free_principal(context, princ);
free(kbuf.data);
- if (krb5_cc_close(cc))
+ if (krb5_cc_close(context, cc))
return 1;
free(ccname);
ccname = NULL;
@@ -759,10 +859,10 @@
}
if (srvname)
{
- if (XauKrb5Encode(srvname, &kbuf))
+ if (XauKrb5Encode(context, srvname, &kbuf))
return 1;
RemoveHost(NULL, FamilyKrb5Principal, kbuf.length, kbuf.data);
- krb5_free_principal(srvname);
+ krb5_free_principal(context, srvname);
free(kbuf.data);
srvname = NULL;
}
@@ -770,6 +870,11 @@
{
free(ktname);
ktname = NULL;
+ }
+ if (context)
+ {
+ krb5_free_context(context);
+ context = NULL;
}
krb5_id = ~0L;
return 0;
diff -ru /tmp/X11R6pl12/xc/programs/xdm/krb5auth.c X11R6/xc/programs/xdm/krb5auth.c
--- /tmp/X11R6pl12/xc/programs/xdm/krb5auth.c Mon Apr 18 02:03:40 1994
+++ X11R6/xc/programs/xdm/krb5auth.c Mon Apr 22 16:32:45 1996
@@ -43,15 +43,19 @@
#include "dm.h"
#include <sys/types.h>
#include <sys/stat.h>
-#include <krb5/krb5.h>
+#include <krb5.h>
#include <krb5/kdb.h> /* for TGTNAME */
+krb5_context k5context = NULL;
+
/*ARGSUSED*/
Krb5InitAuth (name_len, name)
unsigned short name_len;
char *name;
{
- krb5_init_ets(); /* initialize error_message() tables */
+ if (k5context == NULL)
+ krb5_init_context(&k5context);
+ krb5_init_ets(k5context); /* initialize error_message() tables */
}
/*
@@ -88,7 +92,7 @@
if (!name)
return ENOMEM;
Debug("resolving Kerberos cache %s\n", name);
- code = krb5_cc_resolve(name, ccache_return);
+ code = krb5_cc_resolve(k5context, name, ccache_return);
free(name);
return code;
}
@@ -154,8 +158,8 @@
return Krb5GetAuthFor(namelen, name, NULL);
}
-int preauth_search_list[] = {
- 0,
+krb5_preauthtype preauth_list[] = {
+ 0,
KRB5_PADATA_ENC_TIMESTAMP,
-1
};
@@ -176,26 +180,35 @@
krb5_principal me;
krb5_creds my_creds;
krb5_principal server;
- krb5_address **my_addresses;
+ /* krb5_address **my_addresses; */
krb5_timestamp now;
+ int options = 0;
int i;
+ if (k5context == NULL) {
+ if (code = krb5_init_context(&k5context)) {
+ LogError("%s while initializing Krb5 context\n",
+ error_message(code));
+ return 1;
+ }
+ }
+
if (code = Krb5DisplayCCache(d->name, &ccache)) {
LogError("%s while getting Krb5 ccache for \"%s\"\n",
error_message(code), d->name);
return 1;
}
- if (code = krb5_parse_name (name, &me)) {
+ if (code = krb5_parse_name (k5context, name, &me)) {
LogError("%s while parsing Krb5 name \"%s\"\n",
error_message(code), name);
return 1;
}
- code = krb5_cc_initialize (ccache, me);
+ code = krb5_cc_initialize (k5context, ccache, me);
if (code != 0) {
LogError("%s while initializing Krb5 cache \"%s\"\n",
- error_message(code), krb5_cc_default_name());
+ error_message(code), krb5_cc_default_name(k5context));
return 1;
}
@@ -203,12 +216,12 @@
my_creds.client = me;
- if (code = krb5_build_principal_ext(&server,
- krb5_princ_realm(me)->length,
- krb5_princ_realm(me)->data,
+ if (code = krb5_build_principal_ext(k5context, &server,
+ krb5_princ_realm(k5context,me)->length,
+ krb5_princ_realm(k5context,me)->data,
6, "krbtgt",
- krb5_princ_realm(me)->length,
- krb5_princ_realm(me)->data,
+ krb5_princ_realm(k5context,me)->length,
+ krb5_princ_realm(k5context,me)->data,
0)) {
LogError("%s while building Krb5 TGT server name\n",
error_message(code));
@@ -217,13 +230,15 @@
my_creds.server = server;
- code = krb5_os_localaddr(&my_addresses);
+/*
+ code = krb5_os_localaddr(k5context, &my_addresses);
if (code != 0) {
LogError("%s while getting my address for Krb5\n",
error_message(code));
return 1;
}
- if (code = krb5_timeofday(&now)) {
+*/
+ if (code = krb5_timeofday(k5context, &now)) {
LogError("%s while getting time of day for Krb5\n",
error_message(code));
return 1;
@@ -233,25 +248,18 @@
my_creds.times.endtime = now + 60*60*8; /* 8 hours */
my_creds.times.renew_till = 0;
- for (i = 0; preauth_search_list[i] >= 0; i++) {
- code = krb5_get_in_tkt_with_password(0, my_addresses,
- preauth_search_list[i],
- ETYPE_DES_CBC_CRC,
- KEYTYPE_DES,
- passwd,
- ccache,
- &my_creds, 0);
- if (code != KRB5KDC_PREAUTH_FAILED &&
- code != KRB5KRB_ERR_GENERIC)
- break;
- }
+ code = krb5_get_in_tkt_with_password(k5context, options,
+ 0, NULL,
+ /* preauth_list */ NULL,
+ passwd, ccache,
+ &my_creds, 0);
- krb5_free_principal(server);
- krb5_free_addresses(my_addresses);
+ krb5_free_principal(k5context, server);
+ /* krb5_free_addresses(k5context, my_addresses); */
if (code) {
char *my_name = NULL;
- int code2 = krb5_unparse_name(me, &my_name);
+ int code2 = krb5_unparse_name(k5context, me, &my_name);
if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
LogError ("password incorrect for Krb5 principal \"%s\"\n",
code2 ? name : my_name);
@@ -263,6 +271,6 @@
free (my_name);
return 1;
}
- krb5_cc_close(ccache);
+ krb5_cc_close(k5context, ccache);
return 0;
}
diff -ru /tmp/X11R6pl12/xc/programs/xdm/session.c X11R6/xc/programs/xdm/session.c
--- /tmp/X11R6pl12/xc/programs/xdm/session.c Mon Apr 22 16:03:15 1996
+++ X11R6/xc/programs/xdm/session.c Mon Apr 22 16:32:45 1996
@@ -52,7 +52,7 @@
# include <rpc/key_prot.h>
#endif
#ifdef K5AUTH
-# include <krb5/krb5.h>
+# include <krb5.h>
#endif
#ifndef GREET_USER_STATIC
@@ -62,6 +62,10 @@
#endif
#endif
+#ifdef K5AUTH
+extern krb5_context k5context; /* Kerberos 5 context */
+#endif
+
extern int PingServer();
extern int SessionPingFailed();
extern int Debug();
@@ -469,7 +473,7 @@
LogError("%s while getting Krb5 ccache to destroy\n",
error_message(code));
else {
- code = krb5_cc_destroy(ccache);
+ code = krb5_cc_destroy(k5context, ccache);
if (code) {
if (code == KRB5_FCC_NOFILE) {
Debug ("No Kerberos ccache file found to destroy\n");
@@ -478,7 +482,7 @@
error_message(code));
} else
Debug ("Kerberos ccache destroyed\n");
- krb5_cc_close(ccache);
+ krb5_cc_close(k5context, ccache);
}
}
#endif /* K5AUTH */
@@ -564,15 +568,14 @@
{
char netname[MAXNETNAMELEN+1], secretkey[HEXKEYBYTES+1];
int nameret, keyret;
- int len;
int key_set_ok = 0;
+ char shortpasswd[9];
nameret = getnetname (netname);
Debug ("User netname: %s\n", netname);
- len = strlen (passwd);
- if (len > 8)
- bzero (passwd + 8, len - 8);
- keyret = getsecretkey(netname,secretkey,passwd);
+ strncpy(shortpasswd, passwd, 8);
+ shortpasswd[8] = '\0'; /* Full passwd required below in Kerberos */
+ keyret = getsecretkey(netname,secretkey,shortpasswd);
Debug ("getsecretkey returns %d, key length %d\n",
keyret, strlen (secretkey));
/* is there a key, and do we have the right password? */
diff -ru /tmp/X11R6pl12/xc/programs/xhost/xhost.c X11R6/xc/programs/xhost/xhost.c
--- /tmp/X11R6pl12/xc/programs/xhost/xhost.c Mon Apr 22 16:03:16 1996
+++ X11R6/xc/programs/xhost/xhost.c Mon Apr 22 16:32:46 1996
@@ -113,6 +113,10 @@
#define NAMESERVER_TIMEOUT 5 /* time to wait for nameserver */
+#ifdef K5AUTH
+ krb5_context context;
+#endif
+
int nameserver_timedout;
char *ProgramName;
@@ -162,12 +166,19 @@
struct dn_naddr *nlist, dnaddr, *dnaddrp, *dnet_addr();
char *cp;
#endif
-
+
ProgramName = argv[0];
+#ifdef K5AUTH
+ krb5_init_context(&context);
+#endif
+
if ((dpy = XOpenDisplay(NULL)) == NULL) {
fprintf(stderr, "%s: unable to open display \"%s\"\n",
ProgramName, XDisplayName (NULL));
+#ifdef K5AUTH
+ krb5_free_context(context);
+#endif
exit(1);
}
@@ -221,11 +232,17 @@
free(list);
endhostent();
}
+#ifdef K5AUTH
+ krb5_free_context(context);
+#endif
exit(0);
}
if (argc == 2 && !strcmp(argv[1], "-help")) {
fprintf(stderr, "usage: %s [[+-]hostname ...]\n", argv[0]);
+#ifdef K5AUTH
+ krb5_free_context(context);
+#endif
exit(1);
}
@@ -261,6 +278,9 @@
}
}
XCloseDisplay (dpy); /* does an XSync first */
+#ifdef K5AUTH
+ krb5_free_context(context);
+#endif
exit(nfailed);
}
@@ -387,14 +407,14 @@
if (family == FamilyKrb5Principal) {
krb5_error_code retval;
- retval = krb5_parse_name(name, &princ);
+ retval = krb5_parse_name(context, name, &princ);
if (retval) {
- krb5_init_ets(); /* init krb errs for error_message() */
+ krb5_init_ets(context); /* init krb errs for error_message() */
fprintf(stderr, "%s: cannot parse Kerberos name: %s\n",
ProgramName, error_message(retval));
return 0;
}
- XauKrb5Encode(princ, &kbuf);
+ XauKrb5Encode(context, princ, &kbuf);
ha.length = kbuf.length;
ha.address = kbuf.data;
ha.family = family;
@@ -402,7 +422,7 @@
XAddHost(dpy, &ha);
else
XRemoveHost(dpy, &ha);
- krb5_free_principal(princ);
+ krb5_free_principal(context, princ);
free(kbuf.data);
printf( "%s %s\n", name, add ? add_msg : remove_msg);
return 1;
@@ -609,9 +629,9 @@
if (ha->family == FamilyKrb5Principal) {
kbuf.data = ha->address;
kbuf.length = ha->length;
- XauKrb5Decode(kbuf, &princ);
- krb5_unparse_name(princ, &kname);
- krb5_free_principal(princ);
+ XauKrb5Decode(context, kbuf, &princ);
+ krb5_unparse_name(context, princ, &kname);
+ krb5_free_principal(context, princ);
strncpy(kname_out, kname, sizeof (kname_out));
free(kname);
return kname_out;
