[1773] in Kerberos-V5-bugs
Windows and Kerberos snapshot of 120195
daemon@ATHENA.MIT.EDU (Doug Engert)
Wed Jan 10 15:15:42 1996
Date: Wed, 10 Jan 1996 14:15:27 -0600
From: Doug Engert <DEEngert@anl.gov>
To: krb5-bugs@MIT.EDU
Ted,
I have been working with the 120195 snapshot of the Kerberos 5 code,
under windows over the holidays. I would like to submit the following
changes and additions.
Most of these changes were to export additional entry points in the
DLL so it could be used with the rlogin protocol including
encryption and forwarding.
I now have a home grown terminal emulator which does the rlogin with
encryption and forwarding. I also have a modified version of the
WINQvt program which does rlogin and forwarding. And I can use a cache
created by the Gradient PC DCE product.
--- ./appl/bsd/forward.c Mon Jan 8 16:39:32 1996
Added #ifdefs for _WINDOWS so the get_for_creds routine could
be added to the DLL. Added INTERFACE and FAR where needed.
(This routine should be part of the library. For Windows, I
sym-linked it into the lib\krb5\krb so it would be ziped,
and modified the makefile.in by hand on the PC after the unzip.)
--- ./include/krb5.hin Mon Jan 8 14:44:34 1996
Added INTERFACE and/or FAR as required to definitions of:
krb5_set_config_files
krb5_sendauth
krb5_auth_con_init
krb5_auth_con_setflags
Removed the INTERFACE from the definitions of:
krb5_mk_ncred
krb5_mk_1cred
since they are not exported.
Added deifinitions for:
get_for_creds
krb5_dll_use_enctype
krb5_dll_process_key
krb5_dll_encrypt
krb5_dll_decrypt
krb5_dll_malloc
krb5_dll_xfree
--- ./lib/krb5/ccache/file/fcc_read.c Tue Jan 9 10:24:52 1996
Added code which would allow a cache created by the Gradient
PC DCE package to be used. The Gradient code writes out some
int32s with garbage in the last two bytes. (It also has the
flags backwards. Gradient needs to fix these.)
--- ./lib/krb5/krb/auth_con.c Mon Jan 8 10:53:50 1996
Add INTERFACE to krb5_auth_con_init and
krb5_auth_con_setflags which are needed for rlogin. .
--- ./lib/krb5/krb/mk_cred.c Mon Jan 8 10:59:47 1996
Redefine nppcreds as in int rather then a int32 since there is
no prototype, for function.
Removed the INTERFACE from the krb5_mk_1cred and krb5_mk_ncred
since they were never exported, and only called within the
DLL and the prototypes were not setup for export either.
--- ./lib/krb5/krb/sendauth.c Mon Jan 8 11:01:24 1996
Added INTERFACE This routine is needed by the rlogin protocol.
--- ./lib/krb5/os/ccdefname.c Tue Jan 9 10:58:50 1996
Added code to find the PC DCE created cache. This is found by
looking in the DCE.INI file in the DCE directory. DCELOGIN
changes the name of this file when it is called.
If DCE is not on the PC, or the DCELOGIN did not create a
cache the standard location is used. (Clumsy, at best.)
--- ./lib/win_glue.c Mon Jan 8 10:50:03 1996
Added entry points which match the encryption macros. These
macro can not be called directly from an application since the
function pointers in the crypto_entry are not exported
functions. This lets the application call these _dll_ routines
which get to the DLL, which has no problems with the non
exported functions. The alloc and free routines get around
problems of the application trying to free memory in the DLL's
heap or the DLL trying to free the applicaitons memory.
--- ./lib/libkrb5.def Mon Jan 8 11:30:49 1996
Added the new exported functions to the list.
Following is the context diff file for these changes. A complete diff
file of all my changes so far can be found at
ftp://achilles.ctd.anl.gov/pub/kerberos.v5/k56.cdiff.960110
Douglas E. Engert
Systems Programming
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(708) 252-5444
Internet: DEEngert@anl.gov
*** ./appl/bsd/,forward.c Sun Jun 11 01:19:23 1995
--- ./appl/bsd/forward.c Mon Jan 8 16:39:32 1996
***************
*** 22,34 ****
/* General-purpose forwarding routines. These routines may be put into */
/* libkrb5.a to allow widespread use */
! #if defined(KERBEROS) || defined(KRB5)
#include <stdio.h>
#include <pwd.h>
#include <netdb.h>
#include "k5-int.h"
/* Decode, decrypt and store the forwarded creds in the local ccache. */
krb5_error_code
rd_and_store_for_creds(context, auth_context, inbuf, ticket, lusername)
--- 22,40 ----
/* General-purpose forwarding routines. These routines may be put into */
/* libkrb5.a to allow widespread use */
! #if defined(KERBEROS) || defined(KRB5) || defined(_WINDOWS)
#include <stdio.h>
+
+ #ifndef _WINDOWS
#include <pwd.h>
#include <netdb.h>
+ #endif /* _WINDOWS */
+ #define NEED_WINDOWS
+ #define NEED_SOCKETS
#include "k5-int.h"
+ #ifndef _WINDOWS
/* Decode, decrypt and store the forwarded creds in the local ccache. */
krb5_error_code
rd_and_store_for_creds(context, auth_context, inbuf, ticket, lusername)
***************
*** 74,79 ****
--- 80,87 ----
return retval;
}
+ #endif /* _WINDOWS */
+
#ifndef MAXHOSTNAMELEN
#define MAXHOSTNAMELEN 64
#endif
***************
*** 83,101 ****
#define flags2options(flags) (flags & KDC_TKT_COMMON_MASK)
/* Get a TGT for use at the remote host */
! krb5_error_code
get_for_creds(context, auth_context, rhost, client, forwardable, out_buf)
krb5_context context;
krb5_auth_context auth_context;
! char *rhost;
krb5_principal client;
int forwardable; /* Should forwarded TGT also be forwardable? */
! krb5_data *out_buf;
{
krb5_replay_data replaydata;
! krb5_data * scratch;
struct hostent *hp;
! krb5_address **addrs;
krb5_error_code retval;
krb5_creds tgt, creds, *pcreds;
krb5_ccache cc;
--- 91,109 ----
#define flags2options(flags) (flags & KDC_TKT_COMMON_MASK)
/* Get a TGT for use at the remote host */
! krb5_error_code INTERFACE
get_for_creds(context, auth_context, rhost, client, forwardable, out_buf)
krb5_context context;
krb5_auth_context auth_context;
! char FAR *rhost;
krb5_principal client;
int forwardable; /* Should forwarded TGT also be forwardable? */
! krb5_data FAR *out_buf;
{
krb5_replay_data replaydata;
! krb5_data * scratch = 0;
struct hostent *hp;
! krb5_address **addrs = 0;
krb5_error_code retval;
krb5_creds tgt, creds, *pcreds;
krb5_ccache cc;
*** ./include/,krb5.hin Mon Nov 27 19:25:49 1995
--- ./include/krb5.hin Mon Jan 8 14:44:34 1996
***************
*** 1625,1631 ****
krb5_principal FAR *));
krb5_error_code INTERFACE krb5_set_config_files
! KRB5_PROTOTYPE ((krb5_context, krb5_const char **));
krb5_error_code INTERFACE krb5_secure_config_files
KRB5_PROTOTYPE ((krb5_context));
--- 1625,1631 ----
krb5_principal FAR *));
krb5_error_code INTERFACE krb5_set_config_files
! KRB5_PROTOTYPE ((krb5_context, krb5_const char FAR * FAR *));
krb5_error_code INTERFACE krb5_secure_config_files
KRB5_PROTOTYPE ((krb5_context));
***************
*** 1746,1765 ****
krb5_cc_ops *,
krb5_boolean ));
! krb5_error_code krb5_sendauth
KRB5_PROTOTYPE((krb5_context,
krb5_auth_context *,
krb5_pointer,
! char *,
krb5_principal,
krb5_principal,
krb5_flags,
! krb5_data *,
! krb5_creds *,
krb5_ccache,
! krb5_error **,
! krb5_ap_rep_enc_part **,
! krb5_creds **));
krb5_error_code krb5_recvauth KRB5_PROTOTYPE((krb5_context,
krb5_auth_context *,
--- 1746,1765 ----
krb5_cc_ops *,
krb5_boolean ));
! krb5_error_code INTERFACE krb5_sendauth
KRB5_PROTOTYPE((krb5_context,
krb5_auth_context *,
krb5_pointer,
! char FAR *,
krb5_principal,
krb5_principal,
krb5_flags,
! krb5_data FAR *,
! krb5_creds FAR *,
krb5_ccache,
! krb5_error FAR * FAR *,
! krb5_ap_rep_enc_part FAR * FAR *,
! krb5_creds FAR * FAR *));
krb5_error_code krb5_recvauth KRB5_PROTOTYPE((krb5_context,
krb5_auth_context *,
***************
*** 1777,1790 ****
krb5_principal **,
int));
! krb5_error_code INTERFACE krb5_mk_ncred
KRB5_PROTOTYPE((krb5_context,
krb5_auth_context,
krb5_creds **,
krb5_data **,
krb5_replay_data *));
! krb5_error_code INTERFACE krb5_mk_1cred
KRB5_PROTOTYPE((krb5_context,
krb5_auth_context,
krb5_creds *,
--- 1777,1790 ----
krb5_principal **,
int));
! krb5_error_code krb5_mk_ncred
KRB5_PROTOTYPE((krb5_context,
krb5_auth_context,
krb5_creds **,
krb5_data **,
krb5_replay_data *));
! krb5_error_code krb5_mk_1cred
KRB5_PROTOTYPE((krb5_context,
krb5_auth_context,
krb5_creds *,
***************
*** 1798,1804 ****
krb5_creds ***,
krb5_replay_data *));
! krb5_error_code krb5_auth_con_init
KRB5_PROTOTYPE((krb5_context,
krb5_auth_context *));
--- 1798,1804 ----
krb5_creds ***,
krb5_replay_data *));
! krb5_error_code INTERFACE krb5_auth_con_init
KRB5_PROTOTYPE((krb5_context,
krb5_auth_context *));
***************
*** 1806,1812 ****
KRB5_PROTOTYPE((krb5_context,
krb5_auth_context));
! krb5_error_code krb5_auth_con_setflags
KRB5_PROTOTYPE((krb5_context,
krb5_auth_context,
krb5_int32));
--- 1806,1812 ----
KRB5_PROTOTYPE((krb5_context,
krb5_auth_context));
! krb5_error_code INTERFACE krb5_auth_con_setflags
KRB5_PROTOTYPE((krb5_context,
krb5_auth_context,
krb5_int32));
***************
*** 1968,1973 ****
--- 1968,2023 ----
/*
* end stuff from libos.h
*/
+
+ #ifdef _WINDOWS
+ /*
+ * begin "forward.c"
+ *
+ * (When forward is added to the library for general use, and not
+ * just for the windows, the ifdef can be removed. The name should
+ * also be changed to something like krb5_get_for_creds
+ */
+
+ krb5_error_code INTERFACE get_for_creds
+ KRB5_PROTOTYPE((krb5_context, krb5_auth_context, char FAR *,
+ krb5_principal, int, krb5_data FAR *));
+
+
+ /*
+ * end stuff from "forward.c"
+ */
+ #endif /* _WINDOWS */
+
+ #ifdef _WINDOWS
+ /*
+ * begin "win_glue.c"
+ */
+
+ krb5_error_code INTERFACE krb5_dll_use_enctype
+ KRB5_PROTOTYPE((krb5_context, krb5_encrypt_block FAR *, krb5_enctype));
+
+ krb5_error_code INTERFACE krb5_dll_process_key
+ KRB5_PROTOTYPE((krb5_context, krb5_encrypt_block FAR *, krb5_keyblock FAR *));
+
+ krb5_error_code INTERFACE krb5_dll_encrypt
+ KRB5_PROTOTYPE((krb5_context, krb5_pointer, krb5_pointer, krb5_const,
+ krb5_encrypt_block FAR *, krb5_pointer));
+
+ krb5_error_code INTERFACE krb5_dll_decrypt
+ KRB5_PROTOTYPE((krb5_context, krb5_pointer, krb5_pointer, krb5_const,
+ krb5_encrypt_block FAR *, krb5_pointer));
+
+ void FAR * INTERFACE krb5_dll_malloc
+ KRB5_PROTOTYPE((int));
+
+ void INTERFACE krb5_dll_xfree
+ KRB5_PROTOTYPE((void FAR *));
+
+ /*
+ * end stuff from "win_glue.c"
+ */
+ #endif
+
/*
* begin "k5-free.h"
*** ./lib/krb5/ccache/file/,fcc_read.c Mon Sep 11 20:14:10 1995
--- ./lib/krb5/ccache/file/fcc_read.c Tue Jan 9 10:24:52 1996
***************
*** 214,219 ****
--- 214,222 ----
kret = krb5_fcc_read_int32(context, id, &int32);
CHECK(kret);
+ #ifdef _WINDOWS
+ int32 &= VALID_INT_BITS; /* Gradient does not write correctly */
+ #endif /* _WINDOWS */
if ((int32 & VALID_INT_BITS) != int32) /* Overflow size_t??? */
return KRB5_CC_NOMEM;
keyblock->length = (int) int32;
***************
*** 249,254 ****
--- 252,260 ----
kret = krb5_fcc_read_int32(context, id, &len);
CHECK(kret);
+ #ifdef _WINDOWS
+ len &= VALID_INT_BITS; /* Gradient PD DCE stores garbage in upper bytes */
+ #endif /* _WINDOWS */
if ((len & VALID_INT_BITS) != len)
return KRB5_CC_NOMEM;
data->length = (int) len;
***************
*** 292,297 ****
--- 298,306 ----
kret = krb5_fcc_read_int32(context, id, &int32);
CHECK(kret);
+ #ifdef _WINDOWS
+ int32 &= VALID_INT_BITS; /* Assume Gradient did this wrong as well */
+ #endif /* _WINDOWS */
if ((int32 & VALID_INT_BITS) != int32) /* Overflow int??? */
return KRB5_CC_NOMEM;
addr->length = (int) int32;
***************
*** 471,476 ****
--- 480,488 ----
a->ad_type = (krb5_authdatatype)ui2;
kret = krb5_fcc_read_int32(context, id, &int32);
CHECK(kret);
+ #ifdef _WINDOWS
+ int32 &= VALID_INT_BITS; /* Assume Gradient did this wrong */
+ #endif /* _WINDOWS */
if ((int32 & VALID_INT_BITS) != int32) /* Overflow int??? */
return KRB5_CC_NOMEM;
a->length = (int) int32;
*** ./lib/krb5/krb/,auth_con.c Tue Sep 12 11:42:31 1995
--- ./lib/krb5/krb/auth_con.c Mon Jan 8 10:53:50 1996
***************
*** 26,32 ****
return 0;
}
! krb5_error_code
krb5_auth_con_init(context, auth_context)
krb5_context context;
krb5_auth_context * auth_context;
--- 26,32 ----
return 0;
}
! krb5_error_code INTERFACE
krb5_auth_con_init(context, auth_context)
krb5_context context;
krb5_auth_context * auth_context;
***************
*** 297,303 ****
return 0;
}
! krb5_error_code
krb5_auth_con_setflags(context, auth_context, flags)
krb5_context context;
krb5_auth_context auth_context;
--- 297,303 ----
return 0;
}
! krb5_error_code INTERFACE
krb5_auth_con_setflags(context, auth_context, flags)
krb5_context context;
krb5_auth_context auth_context;
*** ./lib/krb5/krb/,mk_cred.c Tue Sep 12 11:43:01 1995
--- ./lib/krb5/krb/mk_cred.c Mon Jan 8 10:59:47 1996
***************
*** 100,106 ****
replaydata, local_addr, remote_addr, pcred)
krb5_context context;
krb5_creds ** ppcreds;
! krb5_int32 nppcreds;
krb5_keyblock * keyblock;
krb5_replay_data * replaydata;
krb5_address * local_addr;
--- 100,106 ----
replaydata, local_addr, remote_addr, pcred)
krb5_context context;
krb5_creds ** ppcreds;
! int nppcreds;
krb5_keyblock * keyblock;
krb5_replay_data * replaydata;
krb5_address * local_addr;
***************
*** 185,191 ****
* This functions takes as input an array of krb5_credentials, and
* outputs an encoded KRB_CRED message suitable for krb5_rd_cred
*/
! krb5_error_code INTERFACE
krb5_mk_ncred(context, auth_context, ppcreds, ppdata, outdata)
krb5_context context;
--- 185,191 ----
* This functions takes as input an array of krb5_credentials, and
* outputs an encoded KRB_CRED message suitable for krb5_rd_cred
*/
! krb5_error_code
krb5_mk_ncred(context, auth_context, ppcreds, ppdata, outdata)
krb5_context context;
***************
*** 344,350 ****
/*
* A convenience function that calls krb5_mk_ncred.
*/
! krb5_error_code INTERFACE
krb5_mk_1cred(context, auth_context, pcreds, ppdata, outdata)
krb5_context context;
krb5_auth_context auth_context;
--- 344,350 ----
/*
* A convenience function that calls krb5_mk_ncred.
*/
! krb5_error_code
krb5_mk_1cred(context, auth_context, pcreds, ppdata, outdata)
krb5_context context;
krb5_auth_context auth_context;
*** ./lib/krb5/krb/,sendauth.c Sat Sep 16 02:00:30 1995
--- ./lib/krb5/krb/sendauth.c Mon Jan 8 11:01:24 1996
***************
*** 39,45 ****
static char *sendauth_version = "KRB5_SENDAUTH_V1.0";
! krb5_error_code
krb5_sendauth(context, auth_context,
/* IN */
fd, appl_version, client, server, ap_req_options, in_data,
--- 39,45 ----
static char *sendauth_version = "KRB5_SENDAUTH_V1.0";
! krb5_error_code INTERFACE
krb5_sendauth(context, auth_context,
/* IN */
fd, appl_version, client, server, ap_req_options, in_data,
*** ./lib/krb5/os/,ccdefname.c Mon Sep 11 14:05:26 1995
--- ./lib/krb5/os/ccdefname.c Tue Jan 9 10:58:50 1996
***************
*** 111,121 ****
--- 111,152 ----
{
char defname[160]; /* Default value */
+ /* Test version of code to use a ccache on a PC created by the
+ * Gradient PC-DCE package. It has a DOS SET DCEDIR= to point at
+ * the directory which has the DCE.INI file. The DCELOGIN changes the
+ * KRB5CCNAME variable in the file to point at the cache. If the
+ * DCEDIR or DCE.INI are not found or the KRB5CCNAME returns zero,
+ * fall back and use the original code. This is not the best apporoach
+ * but will work for testing. Watch out and don't set the KRB5CCNAME
+ * under DOS, since the code above will use it, but the PC DCE code
+ * will not.
+ *
+ * D. Engert 1/9/96
+ */
+ #define USE_PCDCE_CCACHE
+ #ifdef USE_PCDCE_CCACHE
+ char dceini[160];
+ int dcelen = 0;
+ char * dcedir;
+ #endif /* USE_PCDCE_CCACHE */
+
GetWindowsDirectory (defname, sizeof(defname)-7);
strcat (defname, "\\krb5cc");
+ #ifdef USE_PCDCE_CCACHE
+ if ((dcedir = getenv("DCEDIR"))) {
+ strcpy (dceini, dcedir);
+ strcat (dceini,"\\DCE.INI");
+ dcelen = GetPrivateProfileString("pcdce", "KRB5CCNAME", NULL,
+ name_buf, sizeof(name_buf), dceini);
+ }
+ if (dcelen == 0) {
+ #endif /* USE_PCDCE_CCACHE */
strcpy (name_buf, "FILE:");
GetPrivateProfileString(INI_FILES, INI_KRB_CCACHE, defname,
name_buf+5, sizeof(name_buf)-5, KERBEROS_INI);
+ #ifdef USE_PCDCE_CCACHE
+ }
+ #endif /* USE_PCDCE_CCACHE */
}
#else
sprintf(name_buf, "FILE:/tmp/krb5cc_%d", getuid());
*** ./lib/,win_glue.c Thu Apr 20 15:01:40 1995
--- ./lib/win_glue.c Mon Jan 8 10:50:03 1996
***************
*** 52,54 ****
--- 52,126 ----
{
return 1;
}
+ /* There are needed to get at the encryption routines, which
+ * are accessed via loading the entry point from a table. Since
+ * these routines are in the DLL, and are not exported, and are NEAR
+ * pointers, we need to get to the DLL, then we can load and call them.
+ *
+ * The alloc and free routines were also added here, since the DLL
+ * has its own heap. Tring to free storage in the application which
+ * is in the DLL's heap, causes problems. These allow the application
+ * to get storage in the DLL's heap, and to free it. The kcmd routine
+ * needs this, and the outbuf from get_for_creds also has the
+ * problem since the application needs to free this area.
+ *
+ * Doug Engert ANL 1/96
+ */
+
+ krb5_error_code INTERFACE
+ krb5_dll_use_enctype(context, eblock, enctype)
+ krb5_context context;
+ krb5_encrypt_block FAR * eblock;
+ krb5_enctype enctype;
+ {
+ krb5_use_enctype(context, eblock, enctype);
+ return 0;
+ }
+
+ krb5_error_code INTERFACE
+ krb5_dll_process_key(context, eblock, keyblock)
+ krb5_context context;
+ krb5_encrypt_block FAR * eblock;
+ krb5_keyblock FAR * keyblock;
+ {
+ return krb5_process_key(context, eblock, keyblock);
+ }
+
+ krb5_error_code INTERFACE
+ krb5_dll_encrypt(context, inptr, outptr, size, eblock, ivec)
+ krb5_context context;
+ krb5_pointer inptr;
+ krb5_pointer outptr;
+ krb5_const size;
+ krb5_encrypt_block FAR * eblock;
+ krb5_pointer ivec;
+ {
+ return krb5_encrypt(context, inptr, outptr, size, eblock, ivec);
+ }
+
+ krb5_error_code INTERFACE
+ krb5_dll_decrypt(context, inptr, outptr, size, eblock, ivec)
+ krb5_context context;
+ krb5_pointer inptr;
+ krb5_pointer outptr;
+ krb5_const size;
+ krb5_encrypt_block FAR * eblock;
+ krb5_pointer ivec;
+ {
+ return krb5_decrypt(context, inptr, outptr, size, eblock, ivec);
+ }
+
+ void FAR * INTERFACE
+ krb5_dll_malloc(size)
+ int size;
+ {
+ return (void FAR *)malloc(size);
+ }
+
+ void INTERFACE
+ krb5_dll_xfree(val)
+ void FAR * val;
+ {
+ krb5_xfree(val);
+ }
+
*** ./lib/,libkrb5.def Tue May 30 19:39:52 1995
--- ./lib/libkrb5.def Mon Jan 8 11:30:49 1996
***************
*** 63,65 ****
--- 63,77 ----
;Com_err routines
_com_err
ERROR_MESSAGE
+ ;DEE added
+ GET_FOR_CREDS
+ KRB5_SENDAUTH
+ KRB5_AUTH_CON_GENADDRS
+ KRB5_AUTH_CON_SETFLAGS
+ KRB5_AUTH_CON_INIT
+ KRB5_DLL_USE_ENCTYPE
+ KRB5_DLL_PROCESS_KEY
+ KRB5_DLL_ENCRYPT
+ KRB5_DLL_DECRYPT
+ KRB5_DLL_MALLOC
+ KRB5_DLL_XFREE
