[1467] in Kerberos-V5-bugs
k5.5 krb524 diffs
daemon@ATHENA.MIT.EDU (Jonathan Brown)
Mon Jun 12 16:13:23 1995
Date: Mon, 12 Jun 95 13:12:47 PDT
From: u751@nersc.gov (Jonathan Brown)
To: krb5-bugs@MIT.EDU
Hi,
I modified krb524 to work with k5.5. Most of the changes are to add
the new context argument. I am including my diffs below in case
someone finds them to be useful.
Jonathan Brown
jonathan@nersc.gov
*** ./krb524/,cnv_tkt_skey.c Mon Mar 27 21:17:54 1995
--- ./krb524/cnv_tkt_skey.c Thu Jun 8 14:28:45 1995
***************
*** 29,35 ****
* Convert a v5 ticket for server to a v4 ticket, using service key
* skey for both.
*/
! int krb524_convert_tkt_skey(krb5_ticket *v5tkt, KTEXT_ST *v4tkt,
krb5_keyblock *skey)
{
char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ];
--- 29,36 ----
* Convert a v5 ticket for server to a v4 ticket, using service key
* skey for both.
*/
! int krb524_convert_tkt_skey(krb5_context context,
! krb5_ticket *v5tkt, KTEXT_ST *v4tkt,
krb5_keyblock *skey)
{
char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ];
***************
*** 39,54 ****
int ret, lifetime;
v5tkt->enc_part2 = NULL;
! if (ret = krb5_decrypt_tkt_part(skey, v5tkt)) {
! krb5_free_ticket(v5tkt);
return ret;
}
v5etkt = v5tkt->enc_part2;
! if (ret = krb524_convert_princs(v5etkt->client, v5tkt->server,
pname, pinst, prealm, sname,
sinst)) {
! krb5_free_enc_tkt_part(v5etkt);
v5tkt->enc_part2 = NULL;
return ret;
}
--- 40,56 ----
int ret, lifetime;
v5tkt->enc_part2 = NULL;
! if (ret = krb5_decrypt_tkt_part(context, skey, v5tkt)) {
! krb5_free_ticket(context, v5tkt);
return ret;
}
v5etkt = v5tkt->enc_part2;
! if (ret = krb524_convert_princs(context,
! v5etkt->client, v5tkt->server,
pname, pinst, prealm, sname,
sinst)) {
! krb5_free_enc_tkt_part(context, v5etkt);
v5tkt->enc_part2 = NULL;
return ret;
}
***************
*** 60,66 ****
"C_Block size %d\n", v5etkt->session->keytype,
v5etkt->session->length,
sizeof(C_Block));
! krb5_free_enc_tkt_part(v5etkt);
v5tkt->enc_part2 = NULL;
return KRB524_BADKEY;
}
--- 62,68 ----
"C_Block size %d\n", v5etkt->session->keytype,
v5etkt->session->length,
sizeof(C_Block));
! krb5_free_enc_tkt_part(context, v5etkt);
v5tkt->enc_part2 = NULL;
return KRB524_BADKEY;
}
***************
*** 79,85 ****
v5etkt->caddrs[0]->addrtype != ADDRTYPE_INET) {
if (krb524_debug)
fprintf(stderr, "Invalid v5creds address information.\n");
! krb5_free_enc_tkt_part(v5etkt);
v5tkt->enc_part2 = NULL;
return KRB524_BADADDR;
}
--- 81,87 ----
v5etkt->caddrs[0]->addrtype != ADDRTYPE_INET) {
if (krb524_debug)
fprintf(stderr, "Invalid v5creds address information.\n");
! krb5_free_enc_tkt_part(context, v5etkt);
v5tkt->enc_part2 = NULL;
return KRB524_BADADDR;
}
***************
*** 105,111 ****
sinst,
skey->contents);
! krb5_free_enc_tkt_part(v5etkt);
v5tkt->enc_part2 = NULL;
if (ret == KSUCCESS)
return 0;
--- 107,113 ----
sinst,
skey->contents);
! krb5_free_enc_tkt_part(context, v5etkt);
v5tkt->enc_part2 = NULL;
if (ret == KSUCCESS)
return 0;
*** ./krb524/,conv_creds.c Tue Feb 28 02:33:18 1995
--- ./krb524/conv_creds.c Thu Jun 8 14:32:43 1995
***************
*** 29,40 ****
#include "krb524.h"
! int krb524_convert_creds_addr(krb5_creds *v5creds, CREDENTIALS *v4creds,
struct sockaddr *saddr)
{
int ret;
! if (ret = krb524_convert_creds_plain(v5creds, v4creds))
return ret;
return krb524_convert_tkt(v5creds->server, &v5creds->ticket,
--- 29,41 ----
#include "krb524.h"
! int krb524_convert_creds_addr(krb5_context context,
! krb5_creds *v5creds, CREDENTIALS *v4creds,
struct sockaddr *saddr)
{
int ret;
! if (ret = krb524_convert_creds_plain(context, v5creds, v4creds))
return ret;
return krb524_convert_tkt(v5creds->server, &v5creds->ticket,
***************
*** 43,60 ****
saddr);
}
! int krb524_convert_creds_kdc(krb5_creds *v5creds, CREDENTIALS *v4creds)
{
struct sockaddr_in *addrs;
int ret, naddrs;
! if (ret = krb5_locate_kdc(&v5creds->server->realm, &addrs, &naddrs))
return ret;
if (naddrs == 0)
ret = KRB5_KDC_UNREACH;
else {
addrs[0].sin_port = 0; /* use krb524 default port */
! ret = krb524_convert_creds_addr(v5creds, v4creds,
(struct sockaddr *) &addrs[0]);
}
--- 44,63 ----
saddr);
}
! int krb524_convert_creds_kdc(krb5_context context,
! krb5_creds *v5creds, CREDENTIALS *v4creds)
{
struct sockaddr_in *addrs;
int ret, naddrs;
! if (ret = krb5_locate_kdc(context, &v5creds->server->realm,
! &addrs, &naddrs))
return ret;
if (naddrs == 0)
ret = KRB5_KDC_UNREACH;
else {
addrs[0].sin_port = 0; /* use krb524 default port */
! ret = krb524_convert_creds_addr(context, v5creds, v4creds,
(struct sockaddr *) &addrs[0]);
}
***************
*** 62,68 ****
return ret;
}
! int krb524_convert_creds_plain(krb5_creds *v5creds, CREDENTIALS *v4creds)
{
unsigned long addr;
krb5_data *comp;
--- 65,72 ----
return ret;
}
! int krb524_convert_creds_plain(krb5_context context,
! krb5_creds *v5creds, CREDENTIALS *v4creds)
{
unsigned long addr;
krb5_data *comp;
***************
*** 70,76 ****
memset((char *) v4creds, 0, sizeof(CREDENTIALS));
! if (ret = krb524_convert_princs(v5creds->client, v5creds->server,
v4creds->pname, v4creds->pinst,
v4creds->realm, v4creds->service,
v4creds->instance))
--- 74,81 ----
memset((char *) v4creds, 0, sizeof(CREDENTIALS));
! if (ret = krb524_convert_princs(context,
! v5creds->client, v5creds->server,
v4creds->pname, v4creds->pinst,
v4creds->realm, v4creds->service,
v4creds->instance))
*** ./krb524/,conv_princ.c Tue Feb 28 02:33:19 1995
--- ./krb524/conv_princ.c Thu Jun 8 14:33:13 1995
***************
*** 26,32 ****
#include "krb524.h"
! int krb524_convert_princs(krb5_principal client, krb5_principal
server, char *pname, char *pinst, char
*prealm, char *sname, char *sinst)
{
--- 26,33 ----
#include "krb524.h"
! int krb524_convert_princs(krb5_context context,
! krb5_principal client, krb5_principal
server, char *pname, char *pinst, char
*prealm, char *sname, char *sinst)
{
***************
*** 33,40 ****
char dummy[REALM_SZ];
int ret;
! if (ret = krb5_524_conv_principal(client, pname, pinst, prealm))
return ret;
! return krb5_524_conv_principal(server, sname, sinst, dummy);
}
--- 34,41 ----
char dummy[REALM_SZ];
int ret;
! if (ret = krb5_524_conv_principal(context, client, pname, pinst, prealm))
return ret;
! return krb5_524_conv_principal(context, server, sname, sinst, dummy);
}
*** ./krb524/,encode.c Tue Feb 28 02:33:23 1995
--- ./krb524/encode.c Fri Jun 9 11:07:34 1995
***************
*** 21,26 ****
--- 21,28 ----
*/
#include <stdio.h>
+ #include <sys/types.h>
+ #include <netinet/in.h>
#include "krb5.h"
#include <krb.h>
#include "krb524.h"
*** ./krb524/,getcred.c Tue Feb 28 02:33:24 1995
--- ./krb524/getcred.c Thu Jun 8 10:11:37 1995
***************
*** 26,63 ****
main(int argc, char **argv)
{
krb5_principal client, server;
krb5_ccache cc;
! krb5_creds v5creds;
CREDENTIALS v4creds;
int i, ret;
! krb524_init_ets();
! if (ret = krb5_parse_name(argv[1], &client)) {
com_err("getcred", ret, "parsing client name");
exit(1);
}
! if (ret = krb5_parse_name(argv[2], &server)) {
com_err("getcred", ret, "parsing server name");
exit(1);
}
! if (ret = krb5_cc_default(&cc)) {
com_err("getcred", ret, "opening default credentials cache");
exit(1);
}
! memset((char *) &v5creds, 0, sizeof(v5creds));
! v5creds.client = client;
! v5creds.server = server;
! v5creds.times.endtime = 0;
! v5creds.keyblock.keytype = KEYTYPE_DES;
! if (ret = krb5_get_credentials(0, cc, &v5creds)) {
com_err("getcred", ret, "getting V5 credentials");
exit(1);
}
! if (ret = krb524_convert_creds_kdc(&v5creds, &v4creds)) {
com_err("getcred", ret, "converting to V4 credentials");
exit(1);
}
--- 26,65 ----
main(int argc, char **argv)
{
+ krb5_context context;
krb5_principal client, server;
krb5_ccache cc;
! krb5_creds increds, *v5creds;
CREDENTIALS v4creds;
int i, ret;
! krb5_init_context(&context);
! krb524_init_ets(context);
! if (ret = krb5_parse_name(context, argv[1], &client)) {
com_err("getcred", ret, "parsing client name");
exit(1);
}
! if (ret = krb5_parse_name(context, argv[2], &server)) {
com_err("getcred", ret, "parsing server name");
exit(1);
}
! if (ret = krb5_cc_default(context, &cc)) {
com_err("getcred", ret, "opening default credentials cache");
exit(1);
}
! memset((char *) &increds, 0, sizeof(increds));
! increds.client = client;
! increds.server = server;
! increds.times.endtime = 0;
! increds.keyblock.keytype = KEYTYPE_DES;
! if (ret = krb5_get_credentials(context, 0, cc, &increds, &v5creds)) {
com_err("getcred", ret, "getting V5 credentials");
exit(1);
}
! if (ret = krb524_convert_creds_kdc(context, v5creds, &v4creds)) {
com_err("getcred", ret, "converting to V4 credentials");
exit(1);
}
*** ./krb524/,k524init.c Tue Feb 28 02:33:25 1995
--- ./krb524/k524init.c Thu Jun 8 10:13:27 1995
***************
*** 29,37 ****
main(int argc, char **argv)
{
krb5_principal client, server;
krb5_ccache cc;
! krb5_creds v5creds;
CREDENTIALS v4creds;
int code;
int option;
--- 29,38 ----
main(int argc, char **argv)
{
+ krb5_context context;
krb5_principal client, server;
krb5_ccache cc;
! krb5_creds increds, *v5creds;
CREDENTIALS v4creds;
int code;
int option;
***************
*** 58,86 ****
exit(1);
}
! krb524_init_ets();
! if (code = krb5_cc_default(&cc)) {
com_err("k524init", code, "opening default credentials cache");
exit(1);
}
! if (code = krb5_cc_get_principal(cc, &client)) {
com_err("k524init", code, "while retrieving user principal name");
exit(1);
}
if (princ) {
! if (code = krb5_parse_name(princ, &server)) {
com_err("k524init", code, "while parsing service principal name");
exit(1);
}
} else {
! if (code = krb5_build_principal(&server,
! krb5_princ_realm(client)->length,
! krb5_princ_realm(client)->data,
"krbtgt",
! krb5_princ_realm(client)->data,
NULL)) {
com_err("k524init", code, "while creating service principal name");
exit(1);
--- 59,88 ----
exit(1);
}
! krb5_init_context(&context);
! krb524_init_ets(context);
! if (code = krb5_cc_default(context, &cc)) {
com_err("k524init", code, "opening default credentials cache");
exit(1);
}
! if (code = krb5_cc_get_principal(context, cc, &client)) {
com_err("k524init", code, "while retrieving user principal name");
exit(1);
}
if (princ) {
! if (code = krb5_parse_name(context, princ, &server)) {
com_err("k524init", code, "while parsing service principal name");
exit(1);
}
} else {
! if (code = krb5_build_principal(context, &server,
! krb5_princ_realm(context, client)->length,
! krb5_princ_realm(context, client)->data,
"krbtgt",
! krb5_princ_realm(context, client)->data,
NULL)) {
com_err("k524init", code, "while creating service principal name");
exit(1);
***************
*** 87,103 ****
}
}
! memset((char *) &v5creds, 0, sizeof(v5creds));
! v5creds.client = client;
! v5creds.server = server;
! v5creds.times.endtime = 0;
! v5creds.keyblock.keytype = KEYTYPE_DES;
! if (code = krb5_get_credentials(0, cc, &v5creds)) {
com_err("k524init", code, "getting V5 credentials");
exit(1);
}
! if (code = krb524_convert_creds_kdc(&v5creds, &v4creds)) {
com_err("k524init", code, "converting to V4 credentials");
exit(1);
}
--- 89,105 ----
}
}
! memset((char *) &increds, 0, sizeof(increds));
! increds.client = client;
! increds.server = server;
! increds.times.endtime = 0;
! increds.keyblock.keytype = KEYTYPE_DES;
! if (code = krb5_get_credentials(context, 0, cc, &increds, &v5creds)) {
com_err("k524init", code, "getting V5 credentials");
exit(1);
}
! if (code = krb524_convert_creds_kdc(context, v5creds, &v4creds)) {
com_err("k524init", code, "converting to V4 credentials");
exit(1);
}
***************
*** 113,119 ****
}
/* stash ticket, session key, etc. for future use */
! if (code = save_credentials(v4creds.service, v4creds.instance,
v4creds.realm, v4creds.session,
v4creds.lifetime, v4creds.kvno,
&(v4creds.ticket_st), v4creds.issue_date)) {
--- 115,121 ----
}
/* stash ticket, session key, etc. for future use */
! if (code = krb_save_credentials(v4creds.service, v4creds.instance,
v4creds.realm, v4creds.session,
v4creds.lifetime, v4creds.kvno,
&(v4creds.ticket_st), v4creds.issue_date)) {
*** ./krb524/,krb524d.c Tue Feb 28 02:33:28 1995
--- ./krb524/krb524d.c Fri Jun 9 11:05:22 1995
***************
*** 29,34 ****
--- 29,38 ----
#include <netinet/in.h>
#include <netdb.h>
+ #ifndef FD_SET
+ #include <sys/select.h>
+ #endif
+
#include "k5-int.h"
#include <krb.h>
#include "krb524.h"
***************
*** 50,55 ****
--- 54,61 ----
krb5_encrypt_block master_encblock;
krb5_keyblock master_keyblock;
+ krb5_context k524_context;
+
void init_keytab(), init_master();
krb5_error_code do_connection(), lookup_service_key(), kdc_get_server_key();
***************
*** 79,85 ****
int ret, s, conn;
fd_set rfds;
! krb5_init_ets();
whoami = ((whoami = strrchr(argv[0], '/')) ? whoami + 1 : argv[0]);
--- 85,92 ----
int ret, s, conn;
fd_set rfds;
! krb5_init_context(&k524_context);
! krb5_init_ets(k524_context);
whoami = ((whoami = strrchr(argv[0], '/')) ? whoami + 1 : argv[0]);
***************
*** 138,144 ****
cleanup_and_exit(0);
else if (ret == 0) {
if (use_master) {
! ret = krb5_dbm_db_fini();
if (ret && ret != KRB5_KDB_DBNOTINITED) {
com_err(whoami, ret, "closing kerberos database");
cleanup_and_exit(1);
--- 145,151 ----
cleanup_and_exit(0);
else if (ret == 0) {
if (use_master) {
! ret = krb5_dbm_db_fini(k524_context);
if (ret && ret != KRB5_KDB_DBNOTINITED) {
com_err(whoami, ret, "closing kerberos database");
cleanup_and_exit(1);
***************
*** 163,171 ****
int cleanup_and_exit(int ret)
{
if (use_master) {
! krb5_finish_key(&master_encblock);
memset((char *)&master_encblock, 0, sizeof(master_encblock));
! (void) krb5_db_fini();
}
exit(ret);
}
--- 170,178 ----
int cleanup_and_exit(int ret)
{
if (use_master) {
! krb5_finish_key(k524_context, &master_encblock);
memset((char *)&master_encblock, 0, sizeof(master_encblock));
! (void) krb5_db_fini(k524_context);
}
exit(ret);
}
***************
*** 174,185 ****
{
int ret;
if (keytab == NULL) {
! if (ret = krb5_kt_default(&kt)) {
com_err(whoami, ret, "while opening default keytab");
cleanup_and_exit(1);
}
} else {
! if (ret = krb5_kt_resolve(keytab, &kt)) {
com_err(whoami, ret, "while resolving keytab %s",
keytab);
cleanup_and_exit(1);
--- 181,192 ----
{
int ret;
if (keytab == NULL) {
! if (ret = krb5_kt_default(k524_context, &kt)) {
com_err(whoami, ret, "while opening default keytab");
cleanup_and_exit(1);
}
} else {
! if (ret = krb5_kt_resolve(k524_context, keytab, &kt)) {
com_err(whoami, ret, "while resolving keytab %s",
keytab);
cleanup_and_exit(1);
***************
*** 192,202 ****
int ret;
char *realm;
! if (ret = krb5_get_default_realm(&realm)) {
com_err(whoami, ret, "getting default realm");
cleanup_and_exit(1);
}
! if (ret = krb5_db_setup_mkey_name(NULL, realm, (char **) 0,
&master_princ)) {
com_err(whoami, ret, "while setting up master key name");
cleanup_and_exit(1);
--- 199,210 ----
int ret;
char *realm;
! if (ret = krb5_get_default_realm(k524_context, &realm)) {
com_err(whoami, ret, "getting default realm");
cleanup_and_exit(1);
}
! if (ret = krb5_db_setup_mkey_name(k524_context,
! NULL, realm, (char **) 0,
&master_princ)) {
com_err(whoami, ret, "while setting up master key name");
cleanup_and_exit(1);
***************
*** 203,215 ****
}
#ifdef PROVIDE_DES_CBC_CRC
! master_encblock.crypto_entry = &mit_des_cryptosystem_entry;
#else
error(You gotta figure out what cryptosystem to use in the KDC);
#endif
master_keyblock.keytype = KEYTYPE_DES;
! if (ret = krb5_db_fetch_mkey(master_princ, &master_encblock,
FALSE, /* non-manual type-in */
FALSE, /* irrelevant, given prev. arg */
0, &master_keyblock)) {
--- 211,224 ----
}
#ifdef PROVIDE_DES_CBC_CRC
! krb5_use_cstype(kdc_context, &master_encblock, DEFAULT_KDC_ETYPE);
#else
error(You gotta figure out what cryptosystem to use in the KDC);
#endif
master_keyblock.keytype = KEYTYPE_DES;
! if (ret = krb5_db_fetch_mkey(k524_context,
! master_princ, &master_encblock,
FALSE, /* non-manual type-in */
FALSE, /* irrelevant, given prev. arg */
0, &master_keyblock)) {
***************
*** 217,228 ****
cleanup_and_exit(1);
}
! if (ret = krb5_db_init()) {
com_err(whoami, ret, "while initializing master database");
cleanup_and_exit(1);
}
! if (ret = krb5_process_key(&master_encblock, &master_keyblock)) {
! krb5_db_fini();
com_err(whoami, ret, "while processing master key");
cleanup_and_exit(1);
}
--- 226,238 ----
cleanup_and_exit(1);
}
! if (ret = krb5_db_init(k524_context)) {
com_err(whoami, ret, "while initializing master database");
cleanup_and_exit(1);
}
! if (ret = krb5_process_key(k524_context,
! &master_encblock, &master_keyblock)) {
! krb5_db_fini(k524_context);
com_err(whoami, ret, "while processing master key");
cleanup_and_exit(1);
}
***************
*** 260,270 ****
if (debug)
printf("service key retrieved\n");
! ret = krb524_convert_tkt_skey(v5tkt, &v4tkt, &service_key);
if (ret)
goto error;
krb5_free_keyblock_contents(&service_key);
! krb5_free_ticket(v5tkt);
if (debug)
printf("credentials converted\n");
--- 270,281 ----
if (debug)
printf("service key retrieved\n");
! ret = krb524_convert_tkt_skey(k524_context,
! v5tkt, &v4tkt, &service_key);
if (ret)
goto error;
krb5_free_keyblock_contents(&service_key);
! krb5_free_ticket(k524_context, v5tkt);
if (debug)
printf("credentials converted\n");
***************
*** 316,327 ****
krb5_keytab_entry entry;
if (use_keytab) {
! if (ret = krb5_kt_get_entry(kt, p, 0, &entry))
return ret;
memcpy(key, (char *) &entry.key, sizeof(krb5_keyblock));
return 0;
} else if (use_master) {
! if (ret = krb5_dbm_db_init())
return ret;
return kdc_get_server_key(p, key, NULL);
}
--- 327,338 ----
krb5_keytab_entry entry;
if (use_keytab) {
! if (ret = krb5_kt_get_entry(k524_context, kt, p, 0, 0, &entry))
return ret;
memcpy(key, (char *) &entry.key, sizeof(krb5_keyblock));
return 0;
} else if (use_master) {
! if (ret = krb5_dbm_db_init(k524_context))
return ret;
return kdc_get_server_key(p, key, NULL);
}
***************
*** 339,352 ****
krb5_boolean more;
nprincs = 1;
! if (ret = krb5_db_get_principal(service, &server, &nprincs, &more))
return(ret);
if (more) {
! krb5_db_free_principal(&server, nprincs);
return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE);
} else if (nprincs != 1) {
! krb5_db_free_principal(&server, nprincs);
return(KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN);
}
--- 350,364 ----
krb5_boolean more;
nprincs = 1;
! if (ret = krb5_db_get_principal(k524_context,
! service, &server, &nprincs, &more))
return(ret);
if (more) {
! krb5_db_free_principal(k524_context, &server, nprincs);
return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE);
} else if (nprincs != 1) {
! krb5_db_free_principal(k524_context, &server, nprincs);
return(KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN);
}
***************
*** 354,362 ****
* convert server.key into a real key (it is encrypted in the
* database)
*/
! ret = KDB_CONVERT_KEY_OUTOF_DB(&server.key, key);
if (kvno)
*kvno = server.kvno;
! krb5_db_free_principal(&server, nprincs);
return ret;
}
--- 366,374 ----
* convert server.key into a real key (it is encrypted in the
* database)
*/
! ret = KDB_CONVERT_KEY_OUTOF_DB(k524_context, &server.key, key);
if (kvno)
*kvno = server.kvno;
! krb5_db_free_principal(k524_context, &server, nprincs);
return ret;
}
*** ./krb524/,misc.c Thu Sep 15 07:51:06 1994
--- ./krb524/misc.c Tue Jun 6 10:41:27 1995
***************
*** 21,30 ****
*/
#include <stdio.h>
#include "krb524.h"
! void krb524_init_ets()
{
! krb5_init_ets();
initialize_k524_error_table();
}
--- 21,32 ----
*/
#include <stdio.h>
+ #include "krb5.h"
#include "krb524.h"
! void krb524_init_ets(context)
! krb5_context context;
{
! krb5_init_ets(context);
initialize_k524_error_table();
}
*** ./krb524/,sendmsg.c Tue Feb 28 02:33:29 1995
--- ./krb524/sendmsg.c Thu Jun 8 11:11:58 1995
***************
*** 24,29 ****
--- 24,30 ----
#include "krb5.h"
+ #include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/time.h>
***************
*** 50,61 ****
extern int krb5_skdc_timeout_shift;
extern int krb5_skdc_timeout_1;
! int krb524_send_message (DECLARG(const struct sock addr *, addr),
! DECLARG(const krb5_data *, message),
! DECLARG(krb5_data *, reply))
! OLDDECLARG(const struct sockaddr *, addr)
! OLDDECLARG(const krb5_data *, message)
! OLDDECLARG(krb5_data *, reply)
{
register int timeout;
int nready, received;
--- 51,60 ----
extern int krb5_skdc_timeout_shift;
extern int krb5_skdc_timeout_1;
! int krb524_send_message (addr, message, reply)
! const struct sockaddr *addr;
! const krb5_data *message;
! krb5_data *reply;
{
register int timeout;
int nready, received;
***************
*** 64,70 ****
struct timeval waitlen;
int s, cc;
! if ((reply->data = malloc(krb5_max_dgram_size)) == NULL)
return ENOMEM;
reply->length = krb5_max_dgram_size;
--- 63,69 ----
struct timeval waitlen;
int s, cc;
! if ((reply->data = (char FAR *)malloc(krb5_max_dgram_size)) == NULL)
return ENOMEM;
reply->length = krb5_max_dgram_size;
*** ./krb524/,test.c Tue Feb 28 02:33:30 1995
--- ./krb524/test.c Thu Jun 8 14:38:30 1995
***************
*** 37,44 ****
#define krb5_print_addrs
void do_local(krb5_creds *, krb5_keyblock *),
! do_remote(krb5_creds *, char *, krb5_keyblock *);
void print_key(char *msg, char *key)
{
--- 37,62 ----
#define krb5_print_addrs
+ /* this function was copied from lib/crypto/des/destest.c */
+ void
+ des_cblock_print_file(x, fp)
+ mit_des_cblock x;
+ FILE *fp;
+ {
+ unsigned char *y = (unsigned char *) x;
+ register int i = 0;
+ fprintf(fp," 0x { ");
+
+ while (i++ < 8) {
+ fprintf(fp,"%x",*y++);
+ if (i < 8)
+ fprintf(fp,", ");
+ }
+ fprintf(fp," }");
+ }
+
void do_local(krb5_creds *, krb5_keyblock *),
! do_remote(krb5_context, krb5_creds *, char *, krb5_keyblock *);
void print_key(char *msg, char *key)
{
***************
*** 69,75 ****
printf("\n");
}
! void krb5_print_ticket(krb5_data *ticket_data, krb5_keyblock *key)
{
char *p;
krb5_ticket *tkt;
--- 87,94 ----
printf("\n");
}
! void krb5_print_ticket(krb5_context context,
! krb5_data *ticket_data, krb5_keyblock *key)
{
char *p;
krb5_ticket *tkt;
***************
*** 79,90 ****
com_err("test", ret, "decoding ticket");
exit(1);
}
! if (ret = krb5_decrypt_tkt_part(key, tkt)) {
com_err("test", ret, "decrypting V5 ticket for print");
exit(1);
}
! krb5_unparse_name(tkt->server, &p);
printf("Ticket: Server: %s\n", p);
free(p);
printf("Ticket: EType: %d\n", tkt->enc_part.etype);
--- 98,109 ----
com_err("test", ret, "decoding ticket");
exit(1);
}
! if (ret = krb5_decrypt_tkt_part(context, key, tkt)) {
com_err("test", ret, "decrypting V5 ticket for print");
exit(1);
}
! krb5_unparse_name(context, tkt->server, &p);
printf("Ticket: Server: %s\n", p);
free(p);
printf("Ticket: EType: %d\n", tkt->enc_part.etype);
***************
*** 92,98 ****
printf("Ticket: Flags: 0x%08x\n", tkt->enc_part2->flags);
krb5_print_keyblock("Ticket: Session Keyblock",
tkt->enc_part2->session);
! krb5_unparse_name(tkt->enc_part2->client, &p);
printf("Ticket: Client: %s\n", p);
free(p);
krb5_print_times("Ticket: Times", &tkt->enc_part2->times);
--- 111,117 ----
printf("Ticket: Flags: 0x%08x\n", tkt->enc_part2->flags);
krb5_print_keyblock("Ticket: Session Keyblock",
tkt->enc_part2->session);
! krb5_unparse_name(context, tkt->enc_part2->client, &p);
printf("Ticket: Client: %s\n", p);
free(p);
krb5_print_times("Ticket: Times", &tkt->enc_part2->times);
***************
*** 99,115 ****
printf("Ticket: Address 0: %08x\n",
*((unsigned long *) tkt->enc_part2->caddrs[0]->contents));
! krb5_free_ticket(tkt);
}
! void krb5_print_creds(krb5_creds *creds, krb5_keyblock *secret_key)
{
char *p, buf[BUFSIZ];
! krb5_unparse_name(creds->client, &p);
printf("Client: %s\n", p);
free(p);
! krb5_unparse_name(creds->server, &p);
printf("Server: %s\n", p);
free(p);
krb5_print_keyblock("Session key", &creds->keyblock);
--- 118,135 ----
printf("Ticket: Address 0: %08x\n",
*((unsigned long *) tkt->enc_part2->caddrs[0]->contents));
! krb5_free_ticket(context, tkt);
}
! void krb5_print_creds(krb5_context context,
! krb5_creds *creds, krb5_keyblock *secret_key)
{
char *p, buf[BUFSIZ];
! krb5_unparse_name(context, creds->client, &p);
printf("Client: %s\n", p);
free(p);
! krb5_unparse_name(context, creds->server, &p);
printf("Server: %s\n", p);
free(p);
krb5_print_keyblock("Session key", &creds->keyblock);
***************
*** 117,123 ****
printf("is_skey: %s\n", creds->is_skey ? "True" : "False");
printf("Flags: 0x%08x\n", creds->ticket_flags);
krb5_print_addrs(creds->addresses);
! krb5_print_ticket(&creds->ticket, secret_key);
/* krb5_print_ticket(&creds->second_ticket, secret_key); */
}
--- 137,143 ----
printf("is_skey: %s\n", creds->is_skey ? "True" : "False");
printf("Flags: 0x%08x\n", creds->ticket_flags);
krb5_print_addrs(creds->addresses);
! krb5_print_ticket(context, &creds->ticket, secret_key);
/* krb5_print_ticket(&creds->second_ticket, secret_key); */
}
***************
*** 174,182 ****
main(int argc, char **argv)
{
krb5_principal client, server;
krb5_ccache cc;
! krb5_creds v5creds;
krb5_keyblock key;
char keybuf[KEYSIZE], buf[BUFSIZ];
int i, ret, local;
--- 194,203 ----
main(int argc, char **argv)
{
+ krb5_context context;
krb5_principal client, server;
krb5_ccache cc;
! krb5_creds increds, *v5creds;
krb5_keyblock key;
char keybuf[KEYSIZE], buf[BUFSIZ];
int i, ret, local;
***************
*** 184,190 ****
krb524_debug = 1;
! krb524_init_ets();
local = 0;
remote = NULL;
--- 205,212 ----
krb524_debug = 1;
! krb5_init_context(&context);
! krb524_init_ets(context);
local = 0;
remote = NULL;
***************
*** 205,229 ****
if (argc != 2)
usage();
! if (ret = krb5_parse_name(argv[0], &client)) {
com_err("test", ret, "parsing client name");
exit(1);
}
! if (ret = krb5_parse_name(argv[1], &server)) {
com_err("test", ret, "parsing server name");
exit(1);
}
! if (ret = krb5_cc_default(&cc)) {
com_err("test", ret, "opening default credentials cache");
exit(1);
}
! memset((char *) &v5creds, 0, sizeof(v5creds));
! v5creds.client = client;
! v5creds.server = server;
! v5creds.times.endtime = 0;
! v5creds.keyblock.keytype = KEYTYPE_DES;
! if (ret = krb5_get_credentials(0, cc, &v5creds)) {
com_err("test", ret, "getting V5 credentials");
exit(1);
}
--- 227,251 ----
if (argc != 2)
usage();
! if (ret = krb5_parse_name(context, argv[0], &client)) {
com_err("test", ret, "parsing client name");
exit(1);
}
! if (ret = krb5_parse_name(context, argv[1], &server)) {
com_err("test", ret, "parsing server name");
exit(1);
}
! if (ret = krb5_cc_default(context, &cc)) {
com_err("test", ret, "opening default credentials cache");
exit(1);
}
! memset((char *) &increds, 0, sizeof(increds));
! increds.client = client;
! increds.server = server;
! increds.times.endtime = 0;
! increds.keyblock.keytype = KEYTYPE_DES;
! if (ret = krb5_get_credentials(context, 0, cc, &increds, &v5creds)) {
com_err("test", ret, "getting V5 credentials");
exit(1);
}
***************
*** 253,262 ****
key.length = KEYSIZE; /* presumably */
key.contents = keybuf;
! do_remote(&v5creds, remote, &key);
}
! void do_remote(krb5_creds *v5creds, char *server, krb5_keyblock *key)
{
struct sockaddr_in saddr;
struct hostent *hp;
--- 275,285 ----
key.length = KEYSIZE; /* presumably */
key.contents = keybuf;
! do_remote(context, v5creds, remote, &key);
}
! void do_remote(krb5_context context,
! krb5_creds *v5creds, char *server, krb5_keyblock *key)
{
struct sockaddr_in saddr;
struct hostent *hp;
***************
*** 264,270 ****
int ret;
printf("\nV5 credentials:\n");
! krb5_print_creds(v5creds, key);
if (strcmp(server, "kdc") != 0) {
hp = gethostbyname(server);
--- 287,293 ----
int ret;
printf("\nV5 credentials:\n");
! krb5_print_creds(context, v5creds, key);
if (strcmp(server, "kdc") != 0) {
hp = gethostbyname(server);
***************
*** 277,289 ****
memcpy((char *) &saddr.sin_addr.s_addr, hp->h_addr,
sizeof(struct in_addr));
! if (ret = krb524_convert_creds_addr(v5creds, &v4creds, &saddr)) {
com_err("test", ret, "converting credentials on %s",
server);
exit(1);
}
} else {
! if (ret = krb524_convert_creds_kdc(v5creds, &v4creds)) {
com_err("test", ret, "converting credentials via kdc");
exit(1);
}
--- 300,313 ----
memcpy((char *) &saddr.sin_addr.s_addr, hp->h_addr,
sizeof(struct in_addr));
! if (ret = krb524_convert_creds_addr(context,
! v5creds, &v4creds, &saddr)) {
com_err("test", ret, "converting credentials on %s",
server);
exit(1);
}
} else {
! if (ret = krb524_convert_creds_kdc(context, v5creds, &v4creds)) {
com_err("test", ret, "converting credentials via kdc");
exit(1);
}
