[2080] in Kerberos-V5-bugs
K5b6 and Windows FAR pointers
daemon@ATHENA.MIT.EDU (Doug Engert)
Mon Jul 8 13:56:09 1996
Date: Mon, 8 Jul 1996 12:55:49 -0500
From: Doug Engert <DEEngert@anl.gov>
To: krb5-bugs@MIT.EDU
When compiling the Kerberos 5b6 code on Windows 3.1 in 16 bit mode, I
was under the impression that all pointers which might get passed
between the application and the libkrb5.dll needed to be FAR
pointers. This was the case in previous versions.
It appears that in defining some of the newer functions which
are exported from the libkrb5.dll, that the pointers have not been
qualified with the FAR designation.
Did I miss some change in the makefile, or options to the complier?
I have taken the liberty of going thru the code and adding the FAR
designation to thoes routines which need them. I have the CNS.EXE
including password changing, and the TELENT.EXE working with these
changes, as well as a home grown terminal emulator using the rlogin
protocol. (Forwarding use to work. I am still looking at the new
fwd_tgt.c and the kcmd.c changes.)
I had to export a number of additional routines which are used by
kcmd.c with rlogin processing, and which also allow access to the
encryption routines within the 16 bit DLL. These are needed if you
want an rlogin terminal emulator with encryption and forwarded
tickets.
KRB5_FWD_TGT_CREDS
KRB5_SENDAUTH
KRB5_AUTH_CON_GENADDRS
KRB5_AUTH_CON_SETFLAGS
KRB5_AUTH_CON_INIT
KRB5_DLL_USE_ENCTYPE
KRB5_DLL_PROCESS_KEY
KRB5_DLL_ENCRYPT
KRB5_DLL_DECRYPT
KRB5_DLL_MALLOC
KRB5_DLL_XFREE
The KRB5_DLL_* were added to the win_glue.c. These are the files
changed. In effect they add the INTERFACE if not already present, and
add FAR to any pointers. The previous mod I sent in today in
./lib/kadm/adm_conn.c is also included.
(Most of these changes were submitted in January, but never included,
so I will submit them again.)
--- ./include/krb5/adm_proto.h Wed Jul 3 16:35:22 1996
--- ./include/krb5.hin Mon Jul 8 11:34:03 1996
--- ./lib/kadm/adm_conn.c Mon Jul 8 08:57:19 1996
--- ./lib/kadm/adm_rw.c Wed Jul 3 16:33:45 1996
--- ./lib/krb5/krb/fwd_tgt.c Thu Jun 20 13:03:07 1996
--- ./lib/krb5/krb/sendauth.c Thu Jun 20 14:02:03 1996
--- ./lib/krb5/krb/auth_con.c Mon Jul 8 11:36:10 1996
--- ./lib/libkrb5.def Thu Jun 20 12:51:46 1996
--- ./lib/win_glue.c Thu Jun 20 12:43:55 1996
--- ./windows/cns/makefile Fri Jun 21 14:08:20 1996
*** ./include/krb5/,adm_proto.h Mon Dec 11 12:30:09 1995
--- ./include/krb5/adm_proto.h Wed Jul 3 16:35:22 1996
***************
*** 48,64 ****
/* adm_conn.c */
krb5_error_code INTERFACE krb5_adm_connect
KRB5_PROTOTYPE((krb5_context,
! char *,
! char *,
! char *,
! int *,
! krb5_auth_context *,
! krb5_ccache *,
! char *,
krb5_timestamp));
void INTERFACE krb5_adm_disconnect
KRB5_PROTOTYPE((krb5_context,
! int *,
krb5_auth_context,
krb5_ccache));
--- 48,64 ----
/* adm_conn.c */
krb5_error_code INTERFACE krb5_adm_connect
KRB5_PROTOTYPE((krb5_context,
! char FAR *,
! char FAR *,
! char FAR *,
! int FAR *,
! krb5_auth_context FAR *,
! krb5_ccache FAR *,
! char FAR * ,
krb5_timestamp));
void INTERFACE krb5_adm_disconnect
KRB5_PROTOTYPE((krb5_context,
! int FAR *,
krb5_auth_context,
krb5_ccache));
***************
*** 100,113 ****
void INTERFACE krb5_free_adm_data
KRB5_PROTOTYPE((krb5_context,
krb5_int32,
! krb5_data *));
krb5_error_code INTERFACE krb5_send_adm_cmd
KRB5_PROTOTYPE((krb5_context,
krb5_pointer,
krb5_auth_context,
krb5_int32,
! krb5_data *));
krb5_error_code krb5_send_adm_reply
KRB5_PROTOTYPE((krb5_context,
krb5_pointer,
--- 100,113 ----
void INTERFACE krb5_free_adm_data
KRB5_PROTOTYPE((krb5_context,
krb5_int32,
! krb5_data FAR *));
krb5_error_code INTERFACE krb5_send_adm_cmd
KRB5_PROTOTYPE((krb5_context,
krb5_pointer,
krb5_auth_context,
krb5_int32,
! krb5_data FAR *));
krb5_error_code krb5_send_adm_reply
KRB5_PROTOTYPE((krb5_context,
krb5_pointer,
***************
*** 125,133 ****
KRB5_PROTOTYPE((krb5_context,
krb5_pointer,
krb5_auth_context,
! krb5_int32 *,
! krb5_int32 *,
! krb5_data **));
/* logger.c */
krb5_error_code krb5_klog_init
--- 125,133 ----
KRB5_PROTOTYPE((krb5_context,
krb5_pointer,
krb5_auth_context,
! krb5_int32 FAR *,
! krb5_int32 FAR *,
! krb5_data FAR * FAR *));
/* logger.c */
krb5_error_code krb5_klog_init
*** ./include/,krb5.hin Thu Jun 6 13:31:24 1996
--- ./include/krb5.hin Mon Jul 8 11:34:03 1996
***************
*** 1671,1677 ****
krb5_principal FAR *));
krb5_error_code INTERFACE krb5_set_config_files
! KRB5_PROTOTYPE ((krb5_context, krb5_const char **));
krb5_error_code INTERFACE krb5_secure_config_files
KRB5_PROTOTYPE ((krb5_context));
--- 1671,1677 ----
krb5_principal FAR *));
krb5_error_code INTERFACE krb5_set_config_files
! KRB5_PROTOTYPE ((krb5_context, krb5_const char FAR * FAR *));
krb5_error_code INTERFACE krb5_secure_config_files
KRB5_PROTOTYPE ((krb5_context));
***************
*** 1801,1820 ****
krb5_cc_ops *,
krb5_boolean ));
! krb5_error_code krb5_sendauth
KRB5_PROTOTYPE((krb5_context,
krb5_auth_context *,
krb5_pointer,
! char *,
krb5_principal,
krb5_principal,
krb5_flags,
! krb5_data *,
! krb5_creds *,
krb5_ccache,
! krb5_error **,
! krb5_ap_rep_enc_part **,
! krb5_creds **));
krb5_error_code krb5_recvauth KRB5_PROTOTYPE((krb5_context,
krb5_auth_context *,
--- 1801,1820 ----
krb5_cc_ops *,
krb5_boolean ));
! krb5_error_code INTERFACE krb5_sendauth
KRB5_PROTOTYPE((krb5_context,
krb5_auth_context *,
krb5_pointer,
! char FAR *,
krb5_principal,
krb5_principal,
krb5_flags,
! krb5_data FAR *,
! krb5_creds FAR *,
krb5_ccache,
! krb5_error FAR * FAR *,
! krb5_ap_rep_enc_part FAR * FAR *,
! krb5_creds FAR * FAR *));
krb5_error_code krb5_recvauth KRB5_PROTOTYPE((krb5_context,
krb5_auth_context *,
***************
*** 1853,1877 ****
krb5_creds ***,
krb5_replay_data *));
! krb5_error_code krb5_fwd_tgt_creds
KRB5_PROTOTYPE((krb5_context,
krb5_auth_context,
! char *,
krb5_principal,
krb5_principal,
krb5_ccache,
int forwardable,
! krb5_data *));
! krb5_error_code krb5_auth_con_init
KRB5_PROTOTYPE((krb5_context,
! krb5_auth_context *));
krb5_error_code krb5_auth_con_free
KRB5_PROTOTYPE((krb5_context,
krb5_auth_context));
! krb5_error_code krb5_auth_con_setflags
KRB5_PROTOTYPE((krb5_context,
krb5_auth_context,
krb5_int32));
--- 1853,1877 ----
krb5_creds ***,
krb5_replay_data *));
! krb5_error_code INTERFACE krb5_fwd_tgt_creds
KRB5_PROTOTYPE((krb5_context,
krb5_auth_context,
! char FAR *,
krb5_principal,
krb5_principal,
krb5_ccache,
int forwardable,
! krb5_data FAR *));
! krb5_error_code INTERFACE krb5_auth_con_init
KRB5_PROTOTYPE((krb5_context,
! krb5_auth_context FAR *));
krb5_error_code krb5_auth_con_free
KRB5_PROTOTYPE((krb5_context,
krb5_auth_context));
! krb5_error_code INTERFACE krb5_auth_con_setflags
KRB5_PROTOTYPE((krb5_context,
krb5_auth_context,
krb5_int32));
***************
*** 2089,2093 ****
--- 2089,2124 ----
/* flags for recvauth */
#define KRB5_RECVAUTH_SKIP_VERSION 0x0001
#define KRB5_RECVAUTH_BADAUTHVERS 0x0002
+
+
+ #ifdef _WINDOWS
+ /*
+ * begin "win_glue.c"
+ */
+
+ krb5_error_code INTERFACE krb5_dll_use_enctype
+ KRB5_PROTOTYPE((krb5_context, krb5_encrypt_block FAR *, krb5_enctype));
+
+ krb5_error_code INTERFACE krb5_dll_process_key
+ KRB5_PROTOTYPE((krb5_context, krb5_encrypt_block FAR *, krb5_keyblock FAR *));
+
+ krb5_error_code INTERFACE krb5_dll_encrypt
+ KRB5_PROTOTYPE((krb5_context, krb5_pointer, krb5_pointer, krb5_const,
+ krb5_encrypt_block FAR *, krb5_pointer));
+
+ krb5_error_code INTERFACE krb5_dll_decrypt
+ KRB5_PROTOTYPE((krb5_context, krb5_pointer, krb5_pointer, krb5_const,
+ krb5_encrypt_block FAR *, krb5_pointer));
+
+ void FAR * INTERFACE krb5_dll_malloc
+ KRB5_PROTOTYPE((int));
+
+ void INTERFACE krb5_dll_xfree
+ KRB5_PROTOTYPE((void FAR *));
+
+ /*
+ * end stuff from "win_glue.c"
+ */
+ #endif
#endif /* KRB5_GENERAL__ */
*** ./lib/kadm/,adm_conn.c Mon Oct 2 14:33:06 1995
--- ./lib/kadm/adm_conn.c Mon Jul 8 08:57:19 1996
***************
*** 145,152 ****
* We only need to resolve the credentials cache if one hasn't
* been supplied to us.
*/
! if (!(*ccache) && (kret = krb5_cc_resolve(kcontext, new_cache, ccache)))
! goto cleanup;
/* XXX assumes a file ccache */
if ((kret = krb5_cc_get_principal(kcontext, *ccache, &tprinc)) ==
--- 145,157 ----
* We only need to resolve the credentials cache if one hasn't
* been supplied to us.
*/
! if (!(*ccache)) {
! if (kret = krb5_cc_resolve(kcontext, new_cache, ccache))
! goto cleanup;
! if (kret = krb5_cc_initialize(kcontext, *ccache, *client))
! goto cleanup;
! }
! else
/* XXX assumes a file ccache */
if ((kret = krb5_cc_get_principal(kcontext, *ccache, &tprinc)) ==
***************
*** 606,618 ****
krb5_adm_connect(kcontext, user, prompt, opassword, sockp, ctxp,
ccachep, ccname, tlife)
krb5_context kcontext; /* Context handle (In ) */
! char *user; /* User specified (In ) */
! char *prompt; /* Old password prompt (In ) */
! char *opassword; /* Old Password (I/O) */
! int *sockp; /* Socket for conn. (Out) */
! krb5_auth_context *ctxp; /* Auth context (Out) */
! krb5_ccache *ccachep; /* Credentials cache (I/O) */
! char *ccname; /* Cred cache name (In ) */
krb5_timestamp tlife; /* Ticket lifetime (In ) */
{
krb5_error_code kret;
--- 611,623 ----
krb5_adm_connect(kcontext, user, prompt, opassword, sockp, ctxp,
ccachep, ccname, tlife)
krb5_context kcontext; /* Context handle (In ) */
! char FAR *user; /* User specified (In ) */
! char FAR *prompt; /* Old password prompt (In ) */
! char FAR *opassword; /* Old Password (I/O) */
! int FAR *sockp; /* Socket for conn. (Out) */
! krb5_auth_context FAR *ctxp; /* Auth context (Out) */
! krb5_ccache FAR *ccachep; /* Credentials cache (I/O) */
! char FAR *ccname; /* Cred cache name (In ) */
krb5_timestamp tlife; /* Ticket lifetime (In ) */
{
krb5_error_code kret;
***************
*** 748,754 ****
void INTERFACE
krb5_adm_disconnect(kcontext, socketp, auth_context, ccache)
krb5_context kcontext;
! int *socketp;
krb5_auth_context auth_context;
krb5_ccache ccache;
{
--- 753,759 ----
void INTERFACE
krb5_adm_disconnect(kcontext, socketp, auth_context, ccache)
krb5_context kcontext;
! int FAR *socketp;
krb5_auth_context auth_context;
krb5_ccache ccache;
{
*** ./lib/kadm/,adm_rw.c Sun Jun 11 01:27:25 1995
--- ./lib/kadm/adm_rw.c Wed Jul 3 16:33:45 1996
***************
*** 72,78 ****
krb5_free_adm_data(kcontext, ncomp, datap)
krb5_context kcontext;
krb5_int32 ncomp;
! krb5_data *datap;
{
int i;
--- 72,78 ----
krb5_free_adm_data(kcontext, ncomp, datap)
krb5_context kcontext;
krb5_int32 ncomp;
! krb5_data FAR *datap;
{
int i;
***************
*** 102,108 ****
krb5_pointer sock; /* Socket to write to (In ) */
krb5_auth_context ctx; /* Auth context (In ) */
krb5_int32 nargs; /* Number of arguments (In ) */
! krb5_data *arglist; /* Components to write (In ) */
{
int writebufsize;
int i;
--- 102,108 ----
krb5_pointer sock; /* Socket to write to (In ) */
krb5_auth_context ctx; /* Auth context (In ) */
krb5_int32 nargs; /* Number of arguments (In ) */
! krb5_data FAR *arglist; /* Components to write (In ) */
{
int writebufsize;
int i;
***************
*** 417,425 ****
krb5_context kcontext; /* Context handle (In ) */
krb5_pointer sock; /* Socket to read from (In ) */
krb5_auth_context ctx; /* Auth context (In ) */
! krb5_int32 *cmd_stat; /* Command status (Out) */
! krb5_int32 *ncomps; /* # of reply components(Out) */
! krb5_data **complist; /* List of components (Out) */
{
krb5_data read_data;
krb5_error_code ret;
--- 417,425 ----
krb5_context kcontext; /* Context handle (In ) */
krb5_pointer sock; /* Socket to read from (In ) */
krb5_auth_context ctx; /* Auth context (In ) */
! krb5_int32 FAR *cmd_stat; /* Command status (Out) */
! krb5_int32 FAR *ncomps; /* # of reply components(Out) */
! krb5_data FAR * FAR *complist; /* List of components (Out) */
{
krb5_data read_data;
krb5_error_code ret;
*** ./lib/krb5/krb/,fwd_tgt.c Sun Apr 28 09:22:54 1996
--- ./lib/krb5/krb/fwd_tgt.c Thu Jun 20 13:03:07 1996
***************
*** 29,45 ****
#define flags2options(flags) (flags & KDC_TKT_COMMON_MASK)
/* Get a TGT for use at the remote host */
! krb5_error_code
krb5_fwd_tgt_creds(context, auth_context, rhost, client, server, cc,
forwardable, outbuf)
krb5_context context;
krb5_auth_context auth_context;
! char *rhost;
krb5_principal client;
krb5_principal server;
krb5_ccache cc;
int forwardable; /* Should forwarded TGT also be forwardable? */
! krb5_data *outbuf;
{
krb5_replay_data replaydata;
krb5_data * scratch = 0;
--- 29,45 ----
#define flags2options(flags) (flags & KDC_TKT_COMMON_MASK)
/* Get a TGT for use at the remote host */
! krb5_error_code INTERFACE
krb5_fwd_tgt_creds(context, auth_context, rhost, client, server, cc,
forwardable, outbuf)
krb5_context context;
krb5_auth_context auth_context;
! char FAR *rhost;
krb5_principal client;
krb5_principal server;
krb5_ccache cc;
int forwardable; /* Should forwarded TGT also be forwardable? */
! krb5_data FAR *outbuf;
{
krb5_replay_data replaydata;
krb5_data * scratch = 0;
*** ./lib/krb5/krb/,sendauth.c Fri Jan 19 22:20:00 1996
--- ./lib/krb5/krb/sendauth.c Thu Jun 20 14:02:03 1996
***************
*** 35,41 ****
static char *sendauth_version = "KRB5_SENDAUTH_V1.0";
! krb5_error_code
krb5_sendauth(context, auth_context,
/* IN */
fd, appl_version, client, server, ap_req_options, in_data,
--- 35,41 ----
static char *sendauth_version = "KRB5_SENDAUTH_V1.0";
! krb5_error_code INTERFACE
krb5_sendauth(context, auth_context,
/* IN */
fd, appl_version, client, server, ap_req_options, in_data,
***************
*** 47,62 ****
krb5_context context;
krb5_auth_context * auth_context;
krb5_pointer fd;
! char * appl_version;
krb5_principal client;
krb5_principal server;
krb5_flags ap_req_options;
! krb5_data * in_data;
! krb5_creds * in_creds;
krb5_ccache ccache;
! krb5_error ** error;
! krb5_ap_rep_enc_part ** rep_result;
! krb5_creds ** out_creds;
{
krb5_octet result;
krb5_creds creds;
--- 47,62 ----
krb5_context context;
krb5_auth_context * auth_context;
krb5_pointer fd;
! char FAR * appl_version;
krb5_principal client;
krb5_principal server;
krb5_flags ap_req_options;
! krb5_data FAR * in_data;
! krb5_creds FAR * in_creds;
krb5_ccache ccache;
! krb5_error FAR * FAR * error;
! krb5_ap_rep_enc_part FAR * FAR * rep_result;
! krb5_creds FAR * FAR * out_creds;
{
krb5_octet result;
krb5_creds creds;
*** ./lib/krb5/krb/,auth_con.c Tue May 14 03:41:22 1996
--- ./lib/krb5/krb/auth_con.c Mon Jul 8 11:36:10 1996
***************
*** 26,35 ****
return 0;
}
! krb5_error_code
krb5_auth_con_init(context, auth_context)
krb5_context context;
! krb5_auth_context * auth_context;
{
*auth_context =
(krb5_auth_context)malloc(sizeof(struct _krb5_auth_context));
--- 26,35 ----
return 0;
}
! krb5_error_code INTERFACE
krb5_auth_con_init(context, auth_context)
krb5_context context;
! krb5_auth_context FAR * auth_context;
{
*auth_context =
(krb5_auth_context)malloc(sizeof(struct _krb5_auth_context));
***************
*** 307,313 ****
return 0;
}
! krb5_error_code
krb5_auth_con_setflags(context, auth_context, flags)
krb5_context context;
krb5_auth_context auth_context;
--- 307,313 ----
return 0;
}
! krb5_error_code INTERFACE
krb5_auth_con_setflags(context, auth_context, flags)
krb5_context context;
krb5_auth_context auth_context;
*** ./lib/,libkrb5.def Tue May 30 19:39:52 1995
--- ./lib/libkrb5.def Thu Jun 20 12:51:46 1996
***************
*** 63,65 ****
--- 63,77 ----
;Com_err routines
_com_err
ERROR_MESSAGE
+ ;DEE added
+ KRB5_FWD_TGT_CREDS
+ KRB5_SENDAUTH
+ KRB5_AUTH_CON_GENADDRS
+ KRB5_AUTH_CON_SETFLAGS
+ KRB5_AUTH_CON_INIT
+ KRB5_DLL_USE_ENCTYPE
+ KRB5_DLL_PROCESS_KEY
+ KRB5_DLL_ENCRYPT
+ KRB5_DLL_DECRYPT
+ KRB5_DLL_MALLOC
+ KRB5_DLL_XFREE
*** ./lib/,win_glue.c Thu Feb 29 18:45:50 1996
--- ./lib/win_glue.c Thu Jun 20 12:43:55 1996
***************
*** 60,62 ****
--- 60,134 ----
WSACleanup();
return 1;
}
+
+ /* There are needed to get at the encryption routines, which
+ * are accessed via loading the entry point from a table. Since
+ * these routines are in the DLL, and are not exported, and are NEAR
+ * pointers, we need to get to the DLL, then we can load and call them.
+ *
+ * The alloc and free routines were also added here, since the DLL
+ * has its own heap. Tring to free storage in the application which
+ * is in the DLL's heap, causes problems. These allow the application
+ * to get storage in the DLL's heap, and to free it. The kcmd routine
+ * needs this, and the outbuf from get_for_creds also has the
+ * problem since the application needs to free this area.
+ *
+ * Doug Engert ANL 1/96
+ */
+
+ krb5_error_code INTERFACE
+ krb5_dll_use_enctype(context, eblock, enctype)
+ krb5_context context;
+ krb5_encrypt_block FAR * eblock;
+ krb5_enctype enctype;
+ {
+ krb5_use_enctype(context, eblock, enctype);
+ return 0;
+ }
+
+ krb5_error_code INTERFACE
+ krb5_dll_process_key(context, eblock, keyblock)
+ krb5_context context;
+ krb5_encrypt_block FAR * eblock;
+ krb5_keyblock FAR * keyblock;
+ {
+ return krb5_process_key(context, eblock, keyblock);
+ }
+
+ krb5_error_code INTERFACE
+ krb5_dll_encrypt(context, inptr, outptr, size, eblock, ivec)
+ krb5_context context;
+ krb5_pointer inptr;
+ krb5_pointer outptr;
+ krb5_const size;
+ krb5_encrypt_block FAR * eblock;
+ krb5_pointer ivec;
+ {
+ return krb5_encrypt(context, inptr, outptr, size, eblock, ivec);
+ }
+
+ krb5_error_code INTERFACE
+ krb5_dll_decrypt(context, inptr, outptr, size, eblock, ivec)
+ krb5_context context;
+ krb5_pointer inptr;
+ krb5_pointer outptr;
+ krb5_const size;
+ krb5_encrypt_block FAR * eblock;
+ krb5_pointer ivec;
+ {
+ return krb5_decrypt(context, inptr, outptr, size, eblock, ivec);
+ }
+
+ void FAR * INTERFACE
+ krb5_dll_malloc(size)
+ int size;
+ {
+ return (void FAR *)malloc(size);
+ }
+
+ void INTERFACE
+ krb5_dll_xfree(val)
+ void FAR * val;
+ {
+ krb5_xfree(val);
+ }
*** ./windows/cns/,makefile Fri Jun 2 13:55:07 1995
--- ./windows/cns/makefile Fri Jun 21 14:08:20 1996
***************
*** 41,47 ****
##### RC Compiler
RC = rc
! RFLAGS = /nologo /D$(KRB)=1 $(INCLUDES)
##### Linker
LINK = link
--- 41,47 ----
##### RC Compiler
RC = rc
! RFLAGS = /nologo /D$(KRB)=1 $(INCLUDES) /DENABLE_LC_REALMS
##### Linker
LINK = link
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(708) 252-5444
PGP Key fingerprint = 20 2B 0C 78 43 8A 9C A6 29 F7 A3 6D 5E 30 A6 7F
