diff options
| author | markm <markm@FreeBSD.org> | 2000-01-09 20:58:00 +0000 |
|---|---|---|
| committer | markm <markm@FreeBSD.org> | 2000-01-09 20:58:00 +0000 |
| commit | 4ecbd6db44d79348bc815f31096e53104f50838b (patch) | |
| tree | 36fa73706fa0587a390c45a3fbf17c9523cb0e35 /crypto/heimdal/kuser | |
| download | FreeBSD-src-4ecbd6db44d79348bc815f31096e53104f50838b.zip FreeBSD-src-4ecbd6db44d79348bc815f31096e53104f50838b.tar.gz | |
Import KTH Heimdal, which will be the core of our Kerberos5.
Userland to follow.
Diffstat (limited to 'crypto/heimdal/kuser')
| -rw-r--r-- | crypto/heimdal/kuser/Makefile.am | 37 | ||||
| -rw-r--r-- | crypto/heimdal/kuser/Makefile.in | 777 | ||||
| -rw-r--r-- | crypto/heimdal/kuser/kauth_options.c | 40 | ||||
| -rw-r--r-- | crypto/heimdal/kuser/kdecode_ticket.c | 160 | ||||
| -rw-r--r-- | crypto/heimdal/kuser/kdestroy.1 | 34 | ||||
| -rw-r--r-- | crypto/heimdal/kuser/kdestroy.c | 125 | ||||
| -rw-r--r-- | crypto/heimdal/kuser/kgetcred.1 | 41 | ||||
| -rw-r--r-- | crypto/heimdal/kuser/kgetcred.c | 121 | ||||
| -rw-r--r-- | crypto/heimdal/kuser/kinit.1 | 175 | ||||
| -rw-r--r-- | crypto/heimdal/kuser/kinit.c | 391 | ||||
| -rw-r--r-- | crypto/heimdal/kuser/kinit_options.c | 40 | ||||
| -rw-r--r-- | crypto/heimdal/kuser/klist.1 | 37 | ||||
| -rw-r--r-- | crypto/heimdal/kuser/klist.c | 445 | ||||
| -rw-r--r-- | crypto/heimdal/kuser/kuser_locl.h | 89 | ||||
| -rw-r--r-- | crypto/heimdal/kuser/kverify.c | 82 |
15 files changed, 2594 insertions, 0 deletions
diff --git a/crypto/heimdal/kuser/Makefile.am b/crypto/heimdal/kuser/Makefile.am new file mode 100644 index 0000000..4faed9a --- /dev/null +++ b/crypto/heimdal/kuser/Makefile.am @@ -0,0 +1,37 @@ +# $Id: Makefile.am,v 1.25 1999/09/21 05:12:29 assar Exp $ + +include $(top_srcdir)/Makefile.am.common + +INCLUDES += $(INCLUDE_krb4) + +man_MANS = kinit.1 klist.1 kdestroy.1 kgetcred.1 + +bin_PROGRAMS = kinit kauth klist kdestroy kgetcred + +kinit_SOURCES = kinit.c kinit_options.c + +kauth_SOURCES = kinit.c kauth_options.c + +noinst_PROGRAMS = kverify kdecode_ticket + +CHECK_LOCAL = $(bin_PROGRAMS) + +kauth_LDADD = \ + $(LIB_kafs) \ + $(top_builddir)/lib/krb5/libkrb5.la \ + $(LIB_krb4) \ + $(top_builddir)/lib/des/libdes.la \ + $(top_builddir)/lib/asn1/libasn1.la \ + $(LIB_roken) + +kinit_LDADD = $(kauth_LDADD) + +kdestroy_LDADD = $(kauth_LDADD) + +klist_LDADD = $(kauth_LDADD) + +LDADD = \ + $(top_builddir)/lib/krb5/libkrb5.la \ + $(top_builddir)/lib/des/libdes.la \ + $(top_builddir)/lib/asn1/libasn1.la \ + $(LIB_roken) diff --git a/crypto/heimdal/kuser/Makefile.in b/crypto/heimdal/kuser/Makefile.in new file mode 100644 index 0000000..06ec4716 --- /dev/null +++ b/crypto/heimdal/kuser/Makefile.in @@ -0,0 +1,777 @@ +# Makefile.in generated automatically by automake 1.4 from Makefile.am + +# Copyright (C) 1994, 1995-8, 1999 Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +# $Id: Makefile.am,v 1.25 1999/09/21 05:12:29 assar Exp $ + + +# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ + + +# $Id: Makefile.am.common,v 1.13 1999/11/01 03:19:58 assar Exp $ + + +SHELL = @SHELL@ + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +VPATH = @srcdir@ +prefix = @prefix@ +exec_prefix = @exec_prefix@ + +bindir = @bindir@ +sbindir = @sbindir@ +libexecdir = @libexecdir@ +datadir = @datadir@ +sysconfdir = @sysconfdir@ +sharedstatedir = @sharedstatedir@ +localstatedir = @localstatedir@ +libdir = @libdir@ +infodir = @infodir@ +mandir = @mandir@ +includedir = @includedir@ +oldincludedir = /usr/include + +DESTDIR = + +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ + +top_builddir = .. + +ACLOCAL = @ACLOCAL@ +AUTOCONF = @AUTOCONF@ +AUTOMAKE = @AUTOMAKE@ +AUTOHEADER = @AUTOHEADER@ + +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ $(AM_INSTALL_PROGRAM_FLAGS) +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +transform = @program_transform_name@ + +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +host_alias = @host_alias@ +host_triplet = @host@ +AFS_EXTRA_LD = @AFS_EXTRA_LD@ +AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ +AWK = @AWK@ +CANONICAL_HOST = @CANONICAL_HOST@ +CATMAN = @CATMAN@ +CATMANEXT = @CATMANEXT@ +CC = @CC@ +DBLIB = @DBLIB@ +EXEEXT = @EXEEXT@ +EXTRA_LIB45 = @EXTRA_LIB45@ +GROFF = @GROFF@ +INCLUDE_ = @INCLUDE_@ +LD = @LD@ +LEX = @LEX@ +LIBOBJS = @LIBOBJS@ +LIBTOOL = @LIBTOOL@ +LIB_ = @LIB_@ +LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@ +LIB_kdb = @LIB_kdb@ +LIB_otp = @LIB_otp@ +LIB_roken = @LIB_roken@ +LIB_security = @LIB_security@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MAKE_X_PROGS_BIN_PROGS = @MAKE_X_PROGS_BIN_PROGS@ +MAKE_X_PROGS_BIN_SCRPTS = @MAKE_X_PROGS_BIN_SCRPTS@ +MAKE_X_PROGS_LIBEXEC_PROGS = @MAKE_X_PROGS_LIBEXEC_PROGS@ +NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ +NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ +NM = @NM@ +NROFF = @NROFF@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +RANLIB = @RANLIB@ +VERSION = @VERSION@ +VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ +WFLAGS = @WFLAGS@ +WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ +WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ +YACC = @YACC@ + +AUTOMAKE_OPTIONS = foreign no-dependencies + +SUFFIXES = .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x + +INCLUDES = -I$(top_builddir)/include $(INCLUDE_krb4) + +AM_CFLAGS = $(WFLAGS) + +COMPILE_ET = $(top_builddir)/lib/com_err/compile_et + +buildinclude = $(top_builddir)/include + +LIB_XauReadAuth = @LIB_XauReadAuth@ +LIB_crypt = @LIB_crypt@ +LIB_dbm_firstkey = @LIB_dbm_firstkey@ +LIB_dbopen = @LIB_dbopen@ +LIB_dlopen = @LIB_dlopen@ +LIB_dn_expand = @LIB_dn_expand@ +LIB_el_init = @LIB_el_init@ +LIB_getattr = @LIB_getattr@ +LIB_gethostbyname = @LIB_gethostbyname@ +LIB_getpwent_r = @LIB_getpwent_r@ +LIB_getpwnam_r = @LIB_getpwnam_r@ +LIB_getsockopt = @LIB_getsockopt@ +LIB_logout = @LIB_logout@ +LIB_logwtmp = @LIB_logwtmp@ +LIB_odm_initialize = @LIB_odm_initialize@ +LIB_readline = @LIB_readline@ +LIB_res_search = @LIB_res_search@ +LIB_setpcred = @LIB_setpcred@ +LIB_setsockopt = @LIB_setsockopt@ +LIB_socket = @LIB_socket@ +LIB_syslog = @LIB_syslog@ +LIB_tgetent = @LIB_tgetent@ + +HESIODLIB = @HESIODLIB@ +HESIODINCLUDE = @HESIODINCLUDE@ +INCLUDE_hesiod = @INCLUDE_hesiod@ +LIB_hesiod = @LIB_hesiod@ + +INCLUDE_krb4 = @INCLUDE_krb4@ +LIB_krb4 = @LIB_krb4@ + +INCLUDE_readline = @INCLUDE_readline@ + +LEXLIB = @LEXLIB@ + +cat1dir = $(mandir)/cat1 +cat3dir = $(mandir)/cat3 +cat5dir = $(mandir)/cat5 +cat8dir = $(mandir)/cat8 + +MANRX = \(.*\)\.\([0-9]\) +CATSUFFIX = @CATSUFFIX@ + +NROFF_MAN = groff -mandoc -Tascii + +@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) + +@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la $(top_builddir)/lib/asn1/libasn1.la +@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la + +CHECK_LOCAL = $(bin_PROGRAMS) + +man_MANS = kinit.1 klist.1 kdestroy.1 kgetcred.1 + +bin_PROGRAMS = kinit kauth klist kdestroy kgetcred + +kinit_SOURCES = kinit.c kinit_options.c + +kauth_SOURCES = kinit.c kauth_options.c + +noinst_PROGRAMS = kverify kdecode_ticket + +kauth_LDADD = $(LIB_kafs) $(top_builddir)/lib/krb5/libkrb5.la $(LIB_krb4) $(top_builddir)/lib/des/libdes.la $(top_builddir)/lib/asn1/libasn1.la $(LIB_roken) + + +kinit_LDADD = $(kauth_LDADD) + +kdestroy_LDADD = $(kauth_LDADD) + +klist_LDADD = $(kauth_LDADD) + +LDADD = $(top_builddir)/lib/krb5/libkrb5.la $(top_builddir)/lib/des/libdes.la $(top_builddir)/lib/asn1/libasn1.la $(LIB_roken) + +mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +CONFIG_HEADER = ../include/config.h +CONFIG_CLEAN_FILES = +bin_PROGRAMS = kinit$(EXEEXT) kauth$(EXEEXT) klist$(EXEEXT) \ +kdestroy$(EXEEXT) kgetcred$(EXEEXT) +noinst_PROGRAMS = kverify$(EXEEXT) kdecode_ticket$(EXEEXT) +PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS) + + +DEFS = @DEFS@ -I. -I$(srcdir) -I../include +CPPFLAGS = @CPPFLAGS@ +LDFLAGS = @LDFLAGS@ +LIBS = @LIBS@ +X_CFLAGS = @X_CFLAGS@ +X_LIBS = @X_LIBS@ +X_EXTRA_LIBS = @X_EXTRA_LIBS@ +X_PRE_LIBS = @X_PRE_LIBS@ +kinit_OBJECTS = kinit.$(OBJEXT) kinit_options.$(OBJEXT) +@KRB4_TRUE@kinit_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \ +@KRB4_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ +@KRB4_TRUE@$(top_builddir)/lib/des/libdes.la \ +@KRB4_TRUE@$(top_builddir)/lib/asn1/libasn1.la +@KRB4_FALSE@kinit_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \ +@KRB4_FALSE@$(top_builddir)/lib/des/libdes.la \ +@KRB4_FALSE@$(top_builddir)/lib/asn1/libasn1.la +kinit_LDFLAGS = +kauth_OBJECTS = kinit.$(OBJEXT) kauth_options.$(OBJEXT) +@KRB4_TRUE@kauth_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \ +@KRB4_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ +@KRB4_TRUE@$(top_builddir)/lib/des/libdes.la \ +@KRB4_TRUE@$(top_builddir)/lib/asn1/libasn1.la +@KRB4_FALSE@kauth_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \ +@KRB4_FALSE@$(top_builddir)/lib/des/libdes.la \ +@KRB4_FALSE@$(top_builddir)/lib/asn1/libasn1.la +kauth_LDFLAGS = +klist_SOURCES = klist.c +klist_OBJECTS = klist.$(OBJEXT) +@KRB4_TRUE@klist_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \ +@KRB4_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ +@KRB4_TRUE@$(top_builddir)/lib/des/libdes.la \ +@KRB4_TRUE@$(top_builddir)/lib/asn1/libasn1.la +@KRB4_FALSE@klist_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \ +@KRB4_FALSE@$(top_builddir)/lib/des/libdes.la \ +@KRB4_FALSE@$(top_builddir)/lib/asn1/libasn1.la +klist_LDFLAGS = +kdestroy_SOURCES = kdestroy.c +kdestroy_OBJECTS = kdestroy.$(OBJEXT) +@KRB4_TRUE@kdestroy_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \ +@KRB4_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ +@KRB4_TRUE@$(top_builddir)/lib/des/libdes.la \ +@KRB4_TRUE@$(top_builddir)/lib/asn1/libasn1.la +@KRB4_FALSE@kdestroy_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \ +@KRB4_FALSE@$(top_builddir)/lib/des/libdes.la \ +@KRB4_FALSE@$(top_builddir)/lib/asn1/libasn1.la +kdestroy_LDFLAGS = +kgetcred_SOURCES = kgetcred.c +kgetcred_OBJECTS = kgetcred.$(OBJEXT) +kgetcred_LDADD = $(LDADD) +kgetcred_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \ +$(top_builddir)/lib/des/libdes.la $(top_builddir)/lib/asn1/libasn1.la +kgetcred_LDFLAGS = +kverify_SOURCES = kverify.c +kverify_OBJECTS = kverify.$(OBJEXT) +kverify_LDADD = $(LDADD) +kverify_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \ +$(top_builddir)/lib/des/libdes.la $(top_builddir)/lib/asn1/libasn1.la +kverify_LDFLAGS = +kdecode_ticket_SOURCES = kdecode_ticket.c +kdecode_ticket_OBJECTS = kdecode_ticket.$(OBJEXT) +kdecode_ticket_LDADD = $(LDADD) +kdecode_ticket_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \ +$(top_builddir)/lib/des/libdes.la $(top_builddir)/lib/asn1/libasn1.la +kdecode_ticket_LDFLAGS = +CFLAGS = @CFLAGS@ +COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(LDFLAGS) -o $@ +man1dir = $(mandir)/man1 +MANS = $(man_MANS) +DIST_COMMON = Makefile.am Makefile.in + + +DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST) + +TAR = tar +GZIP_ENV = --best +SOURCES = $(kinit_SOURCES) $(kauth_SOURCES) klist.c kdestroy.c kgetcred.c kverify.c kdecode_ticket.c +OBJECTS = $(kinit_OBJECTS) $(kauth_OBJECTS) klist.$(OBJEXT) kdestroy.$(OBJEXT) kgetcred.$(OBJEXT) kverify.$(OBJEXT) kdecode_ticket.$(OBJEXT) + +all: all-redirect +.SUFFIXES: +.SUFFIXES: .1 .3 .5 .8 .S .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .s .x +$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common + cd $(top_srcdir) && $(AUTOMAKE) --foreign kuser/Makefile + +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + cd $(top_builddir) \ + && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status + + +mostlyclean-binPROGRAMS: + +clean-binPROGRAMS: + -test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS) + +distclean-binPROGRAMS: + +maintainer-clean-binPROGRAMS: + +install-binPROGRAMS: $(bin_PROGRAMS) + @$(NORMAL_INSTALL) + $(mkinstalldirs) $(DESTDIR)$(bindir) + @list='$(bin_PROGRAMS)'; for p in $$list; do \ + if test -f $$p; then \ + echo " $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(bindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`"; \ + $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(bindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \ + else :; fi; \ + done + +uninstall-binPROGRAMS: + @$(NORMAL_UNINSTALL) + list='$(bin_PROGRAMS)'; for p in $$list; do \ + rm -f $(DESTDIR)$(bindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \ + done + +mostlyclean-noinstPROGRAMS: + +clean-noinstPROGRAMS: + -test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS) + +distclean-noinstPROGRAMS: + +maintainer-clean-noinstPROGRAMS: + +.c.o: + $(COMPILE) -c $< + +# FIXME: We should only use cygpath when building on Windows, +# and only if it is available. +.c.obj: + $(COMPILE) -c `cygpath -w $<` + +.s.o: + $(COMPILE) -c $< + +.S.o: + $(COMPILE) -c $< + +mostlyclean-compile: + -rm -f *.o core *.core + -rm -f *.$(OBJEXT) + +clean-compile: + +distclean-compile: + -rm -f *.tab.c + +maintainer-clean-compile: + +.c.lo: + $(LIBTOOL) --mode=compile $(COMPILE) -c $< + +.s.lo: + $(LIBTOOL) --mode=compile $(COMPILE) -c $< + +.S.lo: + $(LIBTOOL) --mode=compile $(COMPILE) -c $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +distclean-libtool: + +maintainer-clean-libtool: + +kinit$(EXEEXT): $(kinit_OBJECTS) $(kinit_DEPENDENCIES) + @rm -f kinit$(EXEEXT) + $(LINK) $(kinit_LDFLAGS) $(kinit_OBJECTS) $(kinit_LDADD) $(LIBS) + +kauth$(EXEEXT): $(kauth_OBJECTS) $(kauth_DEPENDENCIES) + @rm -f kauth$(EXEEXT) + $(LINK) $(kauth_LDFLAGS) $(kauth_OBJECTS) $(kauth_LDADD) $(LIBS) + +klist$(EXEEXT): $(klist_OBJECTS) $(klist_DEPENDENCIES) + @rm -f klist$(EXEEXT) + $(LINK) $(klist_LDFLAGS) $(klist_OBJECTS) $(klist_LDADD) $(LIBS) + +kdestroy$(EXEEXT): $(kdestroy_OBJECTS) $(kdestroy_DEPENDENCIES) + @rm -f kdestroy$(EXEEXT) + $(LINK) $(kdestroy_LDFLAGS) $(kdestroy_OBJECTS) $(kdestroy_LDADD) $(LIBS) + +kgetcred$(EXEEXT): $(kgetcred_OBJECTS) $(kgetcred_DEPENDENCIES) + @rm -f kgetcred$(EXEEXT) + $(LINK) $(kgetcred_LDFLAGS) $(kgetcred_OBJECTS) $(kgetcred_LDADD) $(LIBS) + +kverify$(EXEEXT): $(kverify_OBJECTS) $(kverify_DEPENDENCIES) + @rm -f kverify$(EXEEXT) + $(LINK) $(kverify_LDFLAGS) $(kverify_OBJECTS) $(kverify_LDADD) $(LIBS) + +kdecode_ticket$(EXEEXT): $(kdecode_ticket_OBJECTS) $(kdecode_ticket_DEPENDENCIES) + @rm -f kdecode_ticket$(EXEEXT) + $(LINK) $(kdecode_ticket_LDFLAGS) $(kdecode_ticket_OBJECTS) $(kdecode_ticket_LDADD) $(LIBS) + +install-man1: + $(mkinstalldirs) $(DESTDIR)$(man1dir) + @list='$(man1_MANS)'; \ + l2='$(man_MANS)'; for i in $$l2; do \ + case "$$i" in \ + *.1*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ + else file=$$i; fi; \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \ + $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \ + done + +uninstall-man1: + @list='$(man1_MANS)'; \ + l2='$(man_MANS)'; for i in $$l2; do \ + case "$$i" in \ + *.1*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \ + rm -f $(DESTDIR)$(man1dir)/$$inst; \ + done +install-man: $(MANS) + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-man1 +uninstall-man: + @$(NORMAL_UNINSTALL) + $(MAKE) $(AM_MAKEFLAGS) uninstall-man1 + +tags: TAGS + +ID: $(HEADERS) $(SOURCES) $(LISP) + list='$(SOURCES) $(HEADERS)'; \ + unique=`for i in $$list; do echo $$i; done | \ + awk ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + here=`pwd` && cd $(srcdir) \ + && mkid -f$$here/ID $$unique $(LISP) + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS)'; \ + unique=`for i in $$list; do echo $$i; done | \ + awk ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ + || (cd $(srcdir) && etags $(ETAGS_ARGS) $$tags $$unique $(LISP) -o $$here/TAGS) + +mostlyclean-tags: + +clean-tags: + +distclean-tags: + -rm -f TAGS ID + +maintainer-clean-tags: + +distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir) + +subdir = kuser + +distdir: $(DISTFILES) + @for file in $(DISTFILES); do \ + d=$(srcdir); \ + if test -d $$d/$$file; then \ + cp -pr $$/$$file $(distdir)/$$file; \ + else \ + test -f $(distdir)/$$file \ + || ln $$d/$$file $(distdir)/$$file 2> /dev/null \ + || cp -p $$d/$$file $(distdir)/$$file || :; \ + fi; \ + done + $(MAKE) $(AM_MAKEFLAGS) top_distdir="$(top_distdir)" distdir="$(distdir)" dist-hook +info-am: +info: info-am +dvi-am: +dvi: dvi-am +check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) check-local +check: check-am +installcheck-am: +installcheck: installcheck-am +install-exec-am: install-binPROGRAMS + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-exec-hook +install-exec: install-exec-am + +install-data-am: install-man install-data-local +install-data: install-data-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am +install: install-am +uninstall-am: uninstall-binPROGRAMS uninstall-man +uninstall: uninstall-am +all-am: Makefile $(PROGRAMS) $(MANS) all-local +all-redirect: all-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) AM_INSTALL_PROGRAM_FLAGS=-s install +installdirs: + $(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1 + + +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -rm -f Makefile $(CONFIG_CLEAN_FILES) + -rm -f config.cache config.log stamp-h stamp-h[0-9]* + +maintainer-clean-generic: +mostlyclean-am: mostlyclean-binPROGRAMS mostlyclean-noinstPROGRAMS \ + mostlyclean-compile mostlyclean-libtool \ + mostlyclean-tags mostlyclean-generic + +mostlyclean: mostlyclean-am + +clean-am: clean-binPROGRAMS clean-noinstPROGRAMS clean-compile \ + clean-libtool clean-tags clean-generic mostlyclean-am + +clean: clean-am + +distclean-am: distclean-binPROGRAMS distclean-noinstPROGRAMS \ + distclean-compile distclean-libtool distclean-tags \ + distclean-generic clean-am + -rm -f libtool + +distclean: distclean-am + +maintainer-clean-am: maintainer-clean-binPROGRAMS \ + maintainer-clean-noinstPROGRAMS \ + maintainer-clean-compile maintainer-clean-libtool \ + maintainer-clean-tags maintainer-clean-generic \ + distclean-am + @echo "This command is intended for maintainers to use;" + @echo "it deletes files that may require special tools to rebuild." + +maintainer-clean: maintainer-clean-am + +.PHONY: mostlyclean-binPROGRAMS distclean-binPROGRAMS clean-binPROGRAMS \ +maintainer-clean-binPROGRAMS uninstall-binPROGRAMS install-binPROGRAMS \ +mostlyclean-noinstPROGRAMS distclean-noinstPROGRAMS \ +clean-noinstPROGRAMS maintainer-clean-noinstPROGRAMS \ +mostlyclean-compile distclean-compile clean-compile \ +maintainer-clean-compile mostlyclean-libtool distclean-libtool \ +clean-libtool maintainer-clean-libtool install-man1 uninstall-man1 \ +install-man uninstall-man tags mostlyclean-tags distclean-tags \ +clean-tags maintainer-clean-tags distdir info-am info dvi-am dvi \ +check-local check check-am installcheck-am installcheck install-exec-am \ +install-exec install-data-local install-data-am install-data install-am \ +install uninstall-am uninstall all-local all-redirect all-am all \ +installdirs mostlyclean-generic distclean-generic clean-generic \ +maintainer-clean-generic clean mostlyclean distclean maintainer-clean + + +install-suid-programs: + @foo='$(bin_SUIDS)'; \ + for file in $$foo; do \ + x=$(DESTDIR)$(bindir)/$$file; \ + if chown 0:0 $$x && chmod u+s $$x; then :; else \ + chmod 0 $$x; fi; done + +install-exec-hook: install-suid-programs + +install-build-headers:: $(include_HEADERS) $(build_HEADERZ) + @foo='$(include_HEADERS) $(build_HEADERZ)'; \ + for f in $$foo; do \ + f=`basename $$f`; \ + if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ + else file="$$f"; fi; \ + if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ + : ; else \ + echo " cp $$file $(buildinclude)/$$f"; \ + cp $$file $(buildinclude)/$$f; \ + fi ; \ + done + +all-local: install-build-headers +#NROFF_MAN = nroff -man +.1.cat1: + $(NROFF_MAN) $< > $@ +.3.cat3: + $(NROFF_MAN) $< > $@ +.5.cat5: + $(NROFF_MAN) $< > $@ +.8.cat8: + $(NROFF_MAN) $< > $@ + +dist-cat1-mans: + @foo='$(man1_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.1) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat3-mans: + @foo='$(man3_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.3) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat5-mans: + @foo='$(man5_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.5) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat8-mans: + @foo='$(man8_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.8) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans + +install-cat1-mans: + @ext=1;\ + foo='$(man1_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.1) foo="$$foo $$i";; \ + esac; done; \ + if test "$$foo"; then \ + $(mkinstalldirs) $(DESTDIR)$(cat1dir); \ + for x in $$foo; do \ + f=`echo $$x | sed 's/\.[^.]*$$/.cat1/'`; \ + if test -f "$(srcdir)/$$f"; then \ + b=`echo $$x | sed 's!$(MANRX)!\1!'`; \ + echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat1dir)/$$b.$(CATSUFFIX)";\ + $(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat1dir)/$$b.$(CATSUFFIX);\ + fi; \ + done ;\ + fi + +install-cat3-mans: + @ext=3;\ + foo='$(man3_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.3) foo="$$foo $$i";; \ + esac; done; \ + if test "$$foo"; then \ + $(mkinstalldirs) $(DESTDIR)$(cat3dir); \ + for x in $$foo; do \ + f=`echo $$x | sed 's/\.[^.]*$$/.cat3/'`; \ + if test -f "$(srcdir)/$$f"; then \ + b=`echo $$x | sed 's!$(MANRX)!\1!'`; \ + echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat3dir)/$$b.$(CATSUFFIX)";\ + $(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat3dir)/$$b.$(CATSUFFIX);\ + fi; \ + done ;\ + fi + +install-cat5-mans: + @ext=5;\ + foo='$(man5_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.5) foo="$$foo $$i";; \ + esac; done; \ + if test "$$foo"; then \ + $(mkinstalldirs) $(DESTDIR)$(cat5dir); \ + for x in $$foo; do \ + f=`echo $$x | sed 's/\.[^.]*$$/.cat5/'`; \ + if test -f "$(srcdir)/$$f"; then \ + b=`echo $$x | sed 's!$(MANRX)!\1!'`; \ + echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat5dir)/$$b.$(CATSUFFIX)";\ + $(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat5dir)/$$b.$(CATSUFFIX);\ + fi; \ + done ;\ + fi + +install-cat8-mans: + @ext=8;\ + foo='$(man8_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.8) foo="$$foo $$i";; \ + esac; done; \ + if test "$$foo"; then \ + $(mkinstalldirs) $(DESTDIR)$(cat8dir); \ + for x in $$foo; do \ + f=`echo $$x | sed 's/\.[^.]*$$/.cat8/'`; \ + if test -f "$(srcdir)/$$f"; then \ + b=`echo $$x | sed 's!$(MANRX)!\1!'`; \ + echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat8dir)/$$b.$(CATSUFFIX)";\ + $(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat8dir)/$$b.$(CATSUFFIX);\ + fi; \ + done ;\ + fi + +install-cat-mans: install-cat1-mans install-cat3-mans install-cat5-mans install-cat8-mans + +install-data-local: install-cat-mans + +.et.h: + $(COMPILE_ET) $< +.et.c: + $(COMPILE_ET) $< + +.x.c: + @cmp -s $< $@ 2> /dev/null || cp $< $@ + +check-local:: + @foo='$(CHECK_LOCAL)'; \ + if test "$$foo"; then \ + failed=0; all=0; \ + for i in $$foo; do \ + all=`expr $$all + 1`; \ + if ./$$i --version > /dev/null 2>&1; then \ + echo "PASS: $$i"; \ + else \ + echo "FAIL: $$i"; \ + failed=`expr $$failed + 1`; \ + fi; \ + done; \ + if test "$$failed" -eq 0; then \ + banner="All $$all tests passed"; \ + else \ + banner="$$failed of $$all tests failed"; \ + fi; \ + dashes=`echo "$$banner" | sed s/./=/g`; \ + echo "$$dashes"; \ + echo "$$banner"; \ + echo "$$dashes"; \ + test "$$failed" -eq 0; \ + fi + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/crypto/heimdal/kuser/kauth_options.c b/crypto/heimdal/kuser/kauth_options.c new file mode 100644 index 0000000..c432d32 --- /dev/null +++ b/crypto/heimdal/kuser/kauth_options.c @@ -0,0 +1,40 @@ +/* + * Copyright (c) 1998 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kuser_locl.h" +RCSID("$Id: kauth_options.c,v 1.2 1999/12/02 17:05:00 joda Exp $"); + +#ifdef KRB4 +int do_afslog = 1; +int get_v4_tgt = 1; +#endif diff --git a/crypto/heimdal/kuser/kdecode_ticket.c b/crypto/heimdal/kuser/kdecode_ticket.c new file mode 100644 index 0000000..dd365dc --- /dev/null +++ b/crypto/heimdal/kuser/kdecode_ticket.c @@ -0,0 +1,160 @@ +/* + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kuser_locl.h" + +RCSID("$Id: kdecode_ticket.c,v 1.2 1999/12/02 17:05:00 joda Exp $"); + +static char *etype_str; +static int version_flag; +static int help_flag; + +static void +print_and_decode_tkt (krb5_context context, + krb5_data *ticket, + krb5_principal server, + krb5_enctype enctype) +{ + krb5_error_code ret; + krb5_crypto crypto; + krb5_data dec_data; + size_t len; + EncTicketPart decr_part; + krb5_keyblock key; + Ticket tkt; + + ret = decode_Ticket (ticket->data, ticket->length, &tkt, &len); + if (ret) + krb5_err (context, 1, ret, "decode_Ticket"); + + ret = krb5_string_to_key (context, enctype, "foo", server, &key); + if (ret) + krb5_err (context, 1, ret, "krb5_string_to_key"); + + krb5_crypto_init(context, &key, 0, &crypto); + + ret = krb5_decrypt_EncryptedData (context, crypto, KRB5_KU_TICKET, + &tkt.enc_part, &dec_data); + krb5_crypto_destroy (context, crypto); + if (ret) + krb5_err (context, 1, ret, "krb5_decrypt_EncryptedData"); + ret = krb5_decode_EncTicketPart (context, dec_data.data, dec_data.length, + &decr_part, &len); + krb5_data_free (&dec_data); + if (ret) + krb5_err (context, 1, ret, "krb5_decode_EncTicketPart"); +} + +struct getargs args[] = { + { "enctype", 'e', arg_string, &etype_str, + "encryption type to use", "enctype"}, + { "version", 0, arg_flag, &version_flag }, + { "help", 0, arg_flag, &help_flag } +}; + +static void +usage (int ret) +{ + arg_printusage (args, + sizeof(args)/sizeof(*args), + NULL, + "service"); + exit (ret); +} + +int +main(int argc, char **argv) +{ + krb5_error_code ret; + krb5_context context; + krb5_ccache cache; + krb5_creds in, *out; + int optind = 0; + + set_progname (argv[0]); + + ret = krb5_init_context (&context); + if (ret) + errx(1, "krb5_init_context failed: %u", ret); + + if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind)) + usage(1); + + if (help_flag) + usage (0); + + if(version_flag) { + print_version(NULL); + exit(0); + } + + argc -= optind; + argv += optind; + + if (argc != 1) + usage (1); + + ret = krb5_cc_default(context, &cache); + if (ret) + krb5_err (context, 1, ret, "krb5_cc_default"); + + memset(&in, 0, sizeof(in)); + + if (etype_str) { + krb5_enctype enctype; + + ret = krb5_string_to_enctype(context, etype_str, &enctype); + if (ret) + krb5_errx (context, 1, "unrecognized enctype: %s", etype_str); + in.session.keytype = enctype; + } + + ret = krb5_cc_get_principal(context, cache, &in.client); + if (ret) + krb5_err (context, 1, ret, "krb5_cc_get_principal"); + + ret = krb5_parse_name(context, argv[0], &in.server); + if (ret) + krb5_err (context, 1, ret, "krb5_parse_name %s", argv[0]); + + in.times.endtime = 0; + ret = krb5_get_credentials(context, 0, cache, &in, &out); + if (ret) + krb5_err (context, 1, ret, "krb5_get_credentials"); + + print_and_decode_tkt (context, &out->ticket, out->server, + out->session.keytype); + + krb5_free_creds_contents(context, out); + return 0; +} diff --git a/crypto/heimdal/kuser/kdestroy.1 b/crypto/heimdal/kuser/kdestroy.1 new file mode 100644 index 0000000..18c5320 --- /dev/null +++ b/crypto/heimdal/kuser/kdestroy.1 @@ -0,0 +1,34 @@ +.\" $Id: kdestroy.1,v 1.2 1999/05/14 14:05:40 assar Exp $ +.\" +.Dd Aug 27, 1997 +.Dt KDESTROY 1 +.Os HEIMDAL +.Sh NAME +.Nm kdestroy +.Nd +destroy the current ticket file +.Sh SYNOPSIS +.Nm +.Op Fl c Ar cachefile +.Op Fl -cache= Ns Ar cachefile +.Op Fl -no-unlog +.Op Fl -no-delete-v4 +.Op Fl -version +.Op Fl -help +.Sh DESCRIPTION +.Nm +remove the current set of tickets. +.Pp +Supported options: +.Bl -tag -width Ds +.It Fl c Ar cachefile +.It Fl cache= Ns Ar cachefile +The cache file to remove. +.It Fl -no-unlog +Do not remove AFS tokens. +.It Fl -no-delete-v4 +Do not remove v4 tickets. +.El +.Sh SEE ALSO +.Xr kinit 1 , +.Xr klist 1 diff --git a/crypto/heimdal/kuser/kdestroy.c b/crypto/heimdal/kuser/kdestroy.c new file mode 100644 index 0000000..632d02e --- /dev/null +++ b/crypto/heimdal/kuser/kdestroy.c @@ -0,0 +1,125 @@ +/* + * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kuser_locl.h" +RCSID("$Id: kdestroy.c,v 1.11 1999/12/02 17:05:01 joda Exp $"); + +static const char *cache; +static int help_flag; +static int version_flag; +static int unlog_flag = 1; +static int dest_tkt_flag = 1; + +struct getargs args[] = { + { "cache", 'c', arg_string, &cache, "cache to destroy", "cache" }, + { "unlog", 0, arg_negative_flag, &unlog_flag, + "do not destroy tokens", NULL }, + { "delete-v4", 0, arg_negative_flag, &dest_tkt_flag, + "do not destroy v4 tickets", NULL }, + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 'h', arg_flag, &help_flag, NULL, NULL} +}; + +int num_args = sizeof(args) / sizeof(args[0]); + +static void +usage (int status) +{ + arg_printusage (args, num_args, NULL, ""); + exit (status); +} + +int +main (int argc, char **argv) +{ + krb5_error_code ret; + krb5_context context; + krb5_ccache ccache; + int optind = 0; + int exit_val = 0; + + set_progname (argv[0]); + + if(getarg(args, num_args, argc, argv, &optind)) + usage(1); + + if (help_flag) + usage (0); + + if(version_flag){ + print_version(NULL); + exit(0); + } + + argc -= optind; + argv += optind; + + if (argc != 0) + usage (1); + + ret = krb5_init_context (&context); + if (ret) + errx (1, "krb5_init_context: %s", krb5_get_err_text(context, ret)); + + if(cache == NULL) + cache = krb5_cc_default_name(context); + + ret = krb5_cc_resolve(context, + cache, + &ccache); + + if (ret == 0) { + ret = krb5_cc_destroy (context, ccache); + if (ret) { + warnx ("krb5_cc_destroy: %s", krb5_get_err_text(context, ret)); + exit_val = 1; + } + } else { + warnx ("krb5_cc_resolve(%s): %s", cache, + krb5_get_err_text(context, ret)); + exit_val = 1; + } + + krb5_free_context (context); + +#if KRB4 + if(dest_tkt_flag && dest_tkt ()) + exit_val = 1; + if (unlog_flag && k_hasafs ()) { + if (k_unlog ()) + exit_val = 1; + } +#endif + + return exit_val; +} diff --git a/crypto/heimdal/kuser/kgetcred.1 b/crypto/heimdal/kuser/kgetcred.1 new file mode 100644 index 0000000..0dbbbff --- /dev/null +++ b/crypto/heimdal/kuser/kgetcred.1 @@ -0,0 +1,41 @@ +.\" $Id: kgetcred.1,v 1.2 1999/05/13 22:26:35 assar Exp $ +.\" +.Dd May 14, 1999 +.Dt KGETCRED 1 +.Os HEIMDAL +.Sh NAME +.Nm kgetcred +.Nd +get a ticket for a particular service +.Sh SYNOPSIS +.Nm +.Oo Fl e Ar enctype \*(Ba Xo +.Fl -enctype= Ns Ar enctype Oc +.Xc +.Op Fl -version +.Op Fl -help +.Ar service +.Sh DESCRIPTION +.Nm +obtains a ticket for a service. +Usually tickets for services are obtained automatically when needed +but sometimes for some odd reason you want to obtain a particular +ticket or of a special type. +.Pp +Supported options: +.Bl -tag -width Ds +.It Xo +.Fl e Ar enctype Ns , +.Fl -enctype= Ns Ar enctype +.Xc +encryption type to use +.It Xo +.Fl -version +.Xc +.It Xo +.Fl -help +.Xc +.El +.Sh SEE ALSO +.Xr kinit 1 , +.Xr klist 1 diff --git a/crypto/heimdal/kuser/kgetcred.c b/crypto/heimdal/kuser/kgetcred.c new file mode 100644 index 0000000..644e69e --- /dev/null +++ b/crypto/heimdal/kuser/kgetcred.c @@ -0,0 +1,121 @@ +/* + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kuser_locl.h" + +RCSID("$Id: kgetcred.c,v 1.3 1999/12/02 17:05:01 joda Exp $"); + +static char *etype_str; +static int version_flag; +static int help_flag; + +struct getargs args[] = { + { "enctype", 'e', arg_string, &etype_str, + "encryption type to use", "enctype"}, + { "version", 0, arg_flag, &version_flag }, + { "help", 0, arg_flag, &help_flag } +}; + +static void +usage (int ret) +{ + arg_printusage (args, + sizeof(args)/sizeof(*args), + NULL, + "service"); + exit (ret); +} + +int +main(int argc, char **argv) +{ + krb5_error_code ret; + krb5_context context; + krb5_ccache cache; + krb5_creds in, *out; + int optind = 0; + + set_progname (argv[0]); + + ret = krb5_init_context (&context); + if (ret) + errx(1, "krb5_init_context failed: %u", ret); + + if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind)) + usage(1); + + if (help_flag) + usage (0); + + if(version_flag) { + print_version(NULL); + exit(0); + } + + argc -= optind; + argv += optind; + + if (argc != 1) + usage (1); + + ret = krb5_cc_default(context, &cache); + if (ret) + krb5_err (context, 1, ret, "krb5_cc_default"); + + memset(&in, 0, sizeof(in)); + + if (etype_str) { + krb5_enctype enctype; + + ret = krb5_string_to_enctype(context, etype_str, &enctype); + if (ret) + krb5_errx (context, 1, "unrecognized enctype: %s", etype_str); + in.session.keytype = enctype; + } + + ret = krb5_cc_get_principal(context, cache, &in.client); + if (ret) + krb5_err (context, 1, ret, "krb5_cc_get_principal"); + + ret = krb5_parse_name(context, argv[0], &in.server); + if (ret) + krb5_err (context, 1, ret, "krb5_parse_name %s", argv[0]); + + in.times.endtime = 0; + ret = krb5_get_credentials(context, 0, cache, &in, &out); + if (ret) + krb5_err (context, 1, ret, "krb5_get_credentials"); + + krb5_free_creds_contents(context, out); + return 0; +} diff --git a/crypto/heimdal/kuser/kinit.1 b/crypto/heimdal/kuser/kinit.1 new file mode 100644 index 0000000..d779365 --- /dev/null +++ b/crypto/heimdal/kuser/kinit.1 @@ -0,0 +1,175 @@ +.\" $Id: kinit.1,v 1.3 1999/05/14 14:02:49 assar Exp $ +.\" +.Dd May 29, 1998 +.Dt KAUTH 1 +.Os HEIMDAL +.Sh NAME +.Nm kauth +.Nd +acquire initial tickets +.Sh SYNOPSIS +.Nm +.Op Fl 4 +.Op Fl -524init +.Op Fl -afslog +.Op Fl c Ar cachename +.Op Fl -cache= Ns Ar cachename +.Op Fl c Ar cachename +.Op Fl -cache= Ns Ar cachename +.Op Fl f +.Op Fl -forwardable +.Op Fl t Ar keytabname +.Op Fl -keytab= Ns Ar keytabname +.Op Fl l Ar seconds +.Op Fl -lifetime= Ns Ar seconds +.Op Fl p +.Op Fl -proxiable +.Op Fl R +.Op Fl -renew +.Op Fl -renewable +.Op Fl r Ar seconds +.Op Fl -renewable-life= Ns Ar seconds +.Op Fl S Ar principal +.Op Fl -server= Ns Ar principal +.Op Fl s Ar seconds +.Op Fl -start-time= Ns Ar seconds +.Op Fl k +.Op Fl -use-keytab +.Op Fl v +.Op Fl -validate +.Op Fl e +.Op Fl -enctypes= Ns Ar enctypes +.Op Fl -fcache-version= Ns Ar version +.Op Fl -noaddresses +.Op Fl -version +.Op Fl -help +.Op Ar principal +.Sh DESCRIPTION +.Nm +is used to authenticate to the kerberos server as +.Ar principal , +or if none is given, a system generated default, and acquire a ticket +granting ticket that can later be used to obtain tickets for other +services. +Supported options: +.Bl -tag -width Ds +.It Xo +.Fl c Ar cachename +.Fl -cache= Ns Ar cachename +.Xc +The credentials cache to put the acquired ticket in, if other than +default. +.It Xo +.Fl f Ns , +.Fl -forwardable +.Xc +Get ticket that can be forwarded to another host. +.It Xo +.Fl t Ar keytabname Ns , +.Fl -keytab= Ns Ar keytabname +.Xc +Don't ask for a password, but instead get the key from the specified +keytab. +.It Xo +.Fl l Ar seconds Ns , +.Fl -lifetime= Ns Ar seconds +.Xc +Specifies the lifetime of the ticket. +.It Xo +.Fl p Ns , +.Fl -proxiable +.Xc +Request tickets with the proxiable flag set. +.It Xo +.Fl R Ns , +.Fl -renew +.Xc +Try to renew ticket. The ticket must have the +.Sq renewable +flag set, and must not be expired. +.It Fl -renewable +The same as +.Fl -renewable-life , +with an infinite time. +.It Xo +.Fl r Ar seconds Ns , +.Fl -renewable-life= Ns Ar seconds +.Xc +The max renewable ticket life. +.It Xo +.Fl S Ar principal Ns , +.Fl -server= Ns Ar principal +.Xc +Get a ticket for a service other than krbtgt/LOCAL.REALM. +.It Xo +.Fl s Ar seconds Ns , +.Fl -start-time= Ns Ar seconds +.Xc +Start time of ticket, if other than the current time. +.It Xo +.Fl k Ns , +.Fl -use-keytab +.Xc +The same as +.Fl -keytab , +but with the default keytab name (normally +.Ar FILE:/etc/krb5.keytab ) . +.It Xo +.Fl v Ns , +.Fl -validate +.Xc +Try to validate an invalid ticket. +.It Xo +.Fl e , +.Fl -enctypes= Ns Ar enctypes +.Xc +Request tickets with this particular enctype. +.It Xo +.Fl -fcache-version= Ns Ar version +.Xc +Create a credentials cache of version +.Nm version . +.It Xo +.Fl -noaddresses +.Xc +Request a ticket with no addresses. +.El + +The following options are only available if +.Nm +has been compiled with support for Kerberos 4. +.Bl -tag -width Ds +.It Xo +.Fl 4 Ns , +.Fl -524init +.Xc +Try to convert the obtained krbtgt to a version 4 compatible +ticket. It will store this ticket in the default Kerberos 4 ticket +file. +.It Fl -afslog +Gets AFS tickets, converts them to version 4 format, and stores them +in the kernel. Only useful if you have AFS. +.El +.Sh ENVIRONMENT +.Bl -tag -width Ds +.It Ev KRB5CCNAME +Specifies the default cache file. +.It Ev KRB5_CONFIG +The directory where the +.Pa krb5.conf +can be found, default is +.Pa /etc . +.It Ev KRBTKFILE +Specifies the Kerberos 4 ticket file to store version 4 tickets in. +.El +.\".Sh FILES +.\".Sh EXAMPLES +.\".Sh DIAGNOSTICS +.Sh SEE ALSO +.Xr krb5.conf 5 , +.Xr klist 1 , +.Xr kdestroy 1 +.\".Sh STANDARDS +.\".Sh HISTORY +.\".Sh AUTHORS +.\".Sh BUGS diff --git a/crypto/heimdal/kuser/kinit.c b/crypto/heimdal/kuser/kinit.c new file mode 100644 index 0000000..328a334 --- /dev/null +++ b/crypto/heimdal/kuser/kinit.c @@ -0,0 +1,391 @@ +/* + * Copyright (c) 1997-1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kuser_locl.h" +RCSID("$Id: kinit.c,v 1.59 1999/12/02 17:05:01 joda Exp $"); + +int forwardable = 0; +int proxiable = 0; +int renewable = 0; +int renew_flag = 0; +int validate_flag = 0; +int version_flag = 0; +int help_flag = 0; +int no_addrs_flag = 0; +char *lifetime = NULL; +char *renew_life = NULL; +char *server = NULL; +char *cred_cache = NULL; +char *start_str = NULL; +struct getarg_strings etype_str; +int use_keytab = 0; +char *keytab_str = NULL; +#ifdef KRB4 +extern int do_afslog; +extern int get_v4_tgt; +#endif +int fcache_version; + +struct getargs args[] = { +#ifdef KRB4 + { "524init", '4', arg_flag, &get_v4_tgt, + "obtain version 4 TGT" }, + + { "afslog", 0 , arg_flag, &do_afslog, + "obtain afs tokens" }, +#endif + { "cache", 'c', arg_string, &cred_cache, + "credentials cache", "cachename" }, + + { "forwardable", 'f', arg_flag, &forwardable, + "get forwardable tickets"}, + + { "keytab", 't', arg_string, &keytab_str, + "keytab to use", "keytabname" }, + + { "lifetime", 'l', arg_string, &lifetime, + "lifetime of tickets", "seconds"}, + + { "proxiable", 'p', arg_flag, &proxiable, + "get proxiable tickets" }, + + { "renew", 'R', arg_flag, &renew_flag, + "renew TGT" }, + + { "renewable", 0, arg_flag, &renewable, + "get renewable tickets" }, + + { "renewable-life", 'r', arg_string, &renew_life, + "renewable lifetime of tickets", "seconds" }, + + { "server", 'S', arg_string, &server, + "server to get ticket for", "principal" }, + + { "start-time", 's', arg_string, &start_str, + "when ticket gets valid", "seconds" }, + + { "use-keytab", 'k', arg_flag, &use_keytab, + "get key from keytab" }, + + { "validate", 'v', arg_flag, &validate_flag, + "validate TGT" }, + + { "enctypes", 'e', arg_strings, &etype_str, + "encryption type to use", "enctype" }, + + { "fcache-version", 0, arg_integer, &fcache_version, + "file cache version to create" }, + + { "noaddresses", 0, arg_flag, &no_addrs_flag, + "request a ticket with no addresses" }, + + { "version", 0, arg_flag, &version_flag }, + { "help", 0, arg_flag, &help_flag } +}; + +static void +usage (int ret) +{ + arg_printusage (args, + sizeof(args)/sizeof(*args), + NULL, + "[principal]"); + exit (ret); +} + +static int +renew_validate(krb5_context context, + int renew, + int validate, + krb5_ccache cache, + const char *server, + krb5_deltat life) +{ + krb5_error_code ret; + krb5_creds in, *out; + krb5_kdc_flags flags; + + memset(&in, 0, sizeof(in)); + + ret = krb5_cc_get_principal(context, cache, &in.client); + if(ret) { + krb5_warn(context, ret, "krb5_cc_get_principal"); + return ret; + } + if(server) { + ret = krb5_parse_name(context, server, &in.server); + if(ret) { + krb5_warn(context, ret, "krb5_parse_name"); + goto out; + } + } else { + krb5_realm *client_realm = krb5_princ_realm (context, in.client); + + ret = krb5_make_principal(context, &in.server, *client_realm, + KRB5_TGS_NAME, *client_realm, NULL); + if(ret) { + krb5_warn(context, ret, "krb5_make_principal"); + goto out; + } + } + flags.i = 0; + flags.b.renewable = flags.b.renew = renew; + flags.b.validate = validate; + flags.b.forwardable = forwardable; + flags.b.proxiable = proxiable; + if(life) + in.times.endtime = time(NULL) + life; + + ret = krb5_get_kdc_cred(context, + cache, + flags, + NULL, + NULL, + &in, + &out); + if(ret) { + krb5_warn(context, ret, "krb5_get_kdc_cred"); + goto out; + } + ret = krb5_cc_initialize(context, cache, in.client); + if(ret) { + krb5_free_creds (context, out); + krb5_warn(context, ret, "krb5_cc_initialize"); + goto out; + } + ret = krb5_cc_store_cred(context, cache, out); + krb5_free_creds (context, out); + if(ret) { + krb5_warn(context, ret, "krb5_cc_store_cred"); + goto out; + } +out: + krb5_free_creds_contents(context, &in); + return ret; +} + +int +main (int argc, char **argv) +{ + krb5_error_code ret; + krb5_context context; + krb5_ccache ccache; + krb5_principal principal; + krb5_creds cred; + int optind = 0; + krb5_get_init_creds_opt opt; + krb5_deltat start_time = 0; + krb5_deltat ticket_life = 0; + krb5_addresses no_addrs; + + set_progname (argv[0]); + memset(&cred, 0, sizeof(cred)); + + ret = krb5_init_context (&context); + if (ret) + errx(1, "krb5_init_context failed: %u", ret); + + forwardable = krb5_config_get_bool (context, NULL, + "libdefaults", + "forwardable", + NULL); + +#ifdef KRB4 + get_v4_tgt = krb5_config_get_bool_default (context, NULL, + get_v4_tgt, + "libdefaults", + "krb4_get_tickets", + NULL); +#endif + + if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind)) + usage(1); + + if (help_flag) + usage (0); + + if(version_flag) { + print_version(NULL); + exit(0); + } + + if(fcache_version) + krb5_set_fcache_version(context, fcache_version); + + if(cred_cache) + ret = krb5_cc_resolve(context, cred_cache, &ccache); + else + ret = krb5_cc_default (context, &ccache); + if (ret) + krb5_err (context, 1, ret, "resolving credentials cache"); + + if (lifetime) { + int tmp = parse_time (lifetime, "s"); + if (tmp < 0) + errx (1, "unparsable time: %s", lifetime); + + ticket_life = tmp; + } + if(renew_flag || validate_flag) { + ret = renew_validate(context, renew_flag, validate_flag, + ccache, server, ticket_life); + exit(ret != 0); + } + + krb5_get_init_creds_opt_init (&opt); + + krb5_get_init_creds_opt_set_forwardable (&opt, forwardable); + krb5_get_init_creds_opt_set_proxiable (&opt, proxiable); + + if (no_addrs_flag) { + no_addrs.len = 0; + no_addrs.val = NULL; + + krb5_get_init_creds_opt_set_address_list (&opt, &no_addrs); + } + + if(renew_life) { + int tmp = parse_time (renew_life, "s"); + if (tmp < 0) + errx (1, "unparsable time: %s", renew_life); + + krb5_get_init_creds_opt_set_renew_life (&opt, tmp); + } else if (renewable) + krb5_get_init_creds_opt_set_renew_life (&opt, 1 << 30); + + if(ticket_life != 0) + krb5_get_init_creds_opt_set_tkt_life (&opt, ticket_life); + + if(start_str) { + int tmp = parse_time (start_str, "s"); + if (tmp < 0) + errx (1, "unparsable time: %s", start_str); + + start_time = tmp; + } + + if(etype_str.num_strings) { + krb5_enctype *enctype = NULL; + int i; + enctype = malloc(etype_str.num_strings * sizeof(*enctype)); + if(enctype == NULL) + errx(1, "out of memory"); + for(i = 0; i < etype_str.num_strings; i++) { + ret = krb5_string_to_enctype(context, + etype_str.strings[i], + &enctype[i]); + if(ret) + errx(1, "unrecognized enctype: %s", etype_str.strings[i]); + } + krb5_get_init_creds_opt_set_etype_list(&opt, enctype, + etype_str.num_strings); + } + + argc -= optind; + argv += optind; + + if (argc > 1) + usage (1); + + if (argv[0]) { + ret = krb5_parse_name (context, argv[0], &principal); + if (ret) + krb5_err (context, 1, ret, "krb5_parse_name"); + } else + principal = NULL; + + if(use_keytab || keytab_str) { + krb5_keytab kt; + if(keytab_str) + ret = krb5_kt_resolve(context, keytab_str, &kt); + else + ret = krb5_kt_default(context, &kt); + if (ret) + krb5_err (context, 1, ret, "resolving keytab"); + ret = krb5_get_init_creds_keytab (context, + &cred, + principal, + kt, + start_time, + server, + &opt); + krb5_kt_close(context, kt); + } else + ret = krb5_get_init_creds_password (context, + &cred, + principal, + NULL, + krb5_prompter_posix, + NULL, + start_time, + server, + &opt); + switch(ret){ + case 0: + break; + case KRB5_LIBOS_PWDINTR: /* don't print anything if it was just C-c:ed */ + exit(1); + case KRB5KRB_AP_ERR_BAD_INTEGRITY: + case KRB5KRB_AP_ERR_MODIFIED: + krb5_errx(context, 1, "Password incorrect"); + break; + default: + krb5_err(context, 1, ret, "krb5_get_init_creds"); + } + + ret = krb5_cc_initialize (context, ccache, cred.client); + if (ret) + krb5_err (context, 1, ret, "krb5_cc_initialize"); + + ret = krb5_cc_store_cred (context, ccache, &cred); + if (ret) + krb5_err (context, 1, ret, "krb5_cc_store_cred"); + +#ifdef KRB4 + if(get_v4_tgt) { + CREDENTIALS c; + ret = krb524_convert_creds_kdc(context, ccache, &cred, &c); + if(ret) + krb5_warn(context, ret, "converting creds"); + else + tf_setup(&c, c.pname, c.pinst); + memset(&c, 0, sizeof(c)); + } + if(do_afslog && k_hasafs()) + krb5_afslog(context, ccache, NULL, NULL); +#endif + krb5_free_creds_contents (context, &cred); + krb5_cc_close (context, ccache); + krb5_free_context (context); + return 0; +} diff --git a/crypto/heimdal/kuser/kinit_options.c b/crypto/heimdal/kuser/kinit_options.c new file mode 100644 index 0000000..5a7dcd9 --- /dev/null +++ b/crypto/heimdal/kuser/kinit_options.c @@ -0,0 +1,40 @@ +/* + * Copyright (c) 1998 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kuser_locl.h" +RCSID("$Id: kinit_options.c,v 1.2 1999/12/02 17:05:01 joda Exp $"); + +#ifdef KRB4 +int do_afslog = 0; +int get_v4_tgt = 0; +#endif diff --git a/crypto/heimdal/kuser/klist.1 b/crypto/heimdal/kuser/klist.1 new file mode 100644 index 0000000..e875401 --- /dev/null +++ b/crypto/heimdal/kuser/klist.1 @@ -0,0 +1,37 @@ +.\" $Id: klist.1,v 1.4 1999/05/14 14:03:55 assar Exp $ +.\" +.Dd Aug 27, 1997 +.Dt KLIST 1 +.Os HEIMDAL +.Sh NAME +.Nm klist +.Nd +list the current tickets +.Sh SYNOPSIS +.Nm +.Op Fl t | Fl -test +.Op Fl v | Fl -verbose +.Op Fl -version +.Op Fl -help +.Sh DESCRIPTION +.Nm +reads and displays the current tickets in the crential cache (also +knows as the ticket file). +.Pp +Options supported: +.Bl -tag -width Ds +.It Xo +.Fl t Ns , +.Fl -test +.Xc +Test for there being an active and valid TGT for the local realm of +the user in the credential cache. +.It Xo +.Fl v Ns , +.Fl -verbose +.Xc +Verbose output. Include all information from tickets. +.El +.Sh SEE ALSO +.Xr kinit 1 , +.Xr kdestroy 1 diff --git a/crypto/heimdal/kuser/klist.c b/crypto/heimdal/kuser/klist.c new file mode 100644 index 0000000..9135d29 --- /dev/null +++ b/crypto/heimdal/kuser/klist.c @@ -0,0 +1,445 @@ +/* + * Copyright (c) 1997-1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kuser_locl.h" + +RCSID("$Id: klist.c,v 1.52 1999/12/02 17:05:01 joda Exp $"); + +static char* +printable_time(time_t t) +{ + static char s[128]; + strcpy(s, ctime(&t)+ 4); + s[15] = 0; + return s; +} + +static char* +printable_time_long(time_t t) +{ + static char s[128]; + strcpy(s, ctime(&t)+ 4); + s[20] = 0; + return s; +} + +static void +print_cred(krb5_context context, krb5_creds *cred) +{ + char *str; + krb5_error_code ret; + int32_t sec; + + krb5_timeofday (context, &sec); + + if(cred->times.starttime) + printf ("%s ", printable_time(cred->times.starttime)); + else + printf ("%s ", printable_time(cred->times.authtime)); + + if(cred->times.endtime > sec) + printf ("%s ", printable_time(cred->times.endtime)); + else + printf ("%-15s ", ">>>Expired<<<"); + ret = krb5_unparse_name (context, cred->server, &str); + if (ret) + krb5_err(context, 1, ret, "krb5_unparse_name"); + printf ("%s\n", str); + free (str); +} + +static void +print_cred_verbose(krb5_context context, krb5_creds *cred) +{ + int j; + char *str; + krb5_error_code ret; + int first_flag; + int32_t sec; + + krb5_timeofday (context, &sec); + + ret = krb5_unparse_name(context, cred->server, &str); + if(ret) + exit(1); + printf("Server: %s\n", str); + free (str); + { + Ticket t; + size_t len; + char *s; + + decode_Ticket(cred->ticket.data, cred->ticket.length, &t, &len); + ret = krb5_enctype_to_string(context, t.enc_part.etype, &s); + if (ret == 0) { + printf("Ticket etype: %s", s); + free(s); + } else { + printf("Unknown etype: %d", t.enc_part.etype); + } + if(t.enc_part.kvno) + printf(", kvno %d", *t.enc_part.kvno); + printf("\n"); + if(cred->session.keytype != t.enc_part.etype) { + ret = krb5_keytype_to_string(context, cred->session.keytype, &str); + if(ret == KRB5_PROG_KEYTYPE_NOSUPP) + ret = krb5_enctype_to_string(context, cred->session.keytype, + &str); + if(ret) + krb5_warn(context, ret, "session keytype"); + else { + printf("Session key: %s\n", str); + free(str); + } + } + free_Ticket(&t); + } + printf("Auth time: %s\n", printable_time_long(cred->times.authtime)); + if(cred->times.authtime != cred->times.starttime) + printf("Start time: %s\n", printable_time_long(cred->times.starttime)); + printf("End time: %s", printable_time_long(cred->times.endtime)); + if(sec > cred->times.endtime) + printf(" (expired)"); + printf("\n"); + if(cred->flags.b.renewable) + printf("Renew till: %s\n", + printable_time_long(cred->times.renew_till)); + printf("Ticket flags: "); +#define PRINT_FLAG2(f, s) if(cred->flags.b.f) { if(!first_flag) printf(", "); printf("%s", #s); first_flag = 0; } +#define PRINT_FLAG(f) PRINT_FLAG2(f, f) + first_flag = 1; + PRINT_FLAG(forwardable); + PRINT_FLAG(forwarded); + PRINT_FLAG(proxiable); + PRINT_FLAG(proxy); + PRINT_FLAG2(may_postdate, may-postdate); + PRINT_FLAG(postdated); + PRINT_FLAG(invalid); + PRINT_FLAG(renewable); + PRINT_FLAG(initial); + PRINT_FLAG2(pre_authent, pre-authenticated); + PRINT_FLAG2(hw_authent, hw-authenticated); + PRINT_FLAG2(transited_policy_checked, transited-policy-checked); + PRINT_FLAG2(ok_as_delegate, ok-as-delegate); + PRINT_FLAG(anonymous); + printf("\n"); + printf("Addresses: "); + for(j = 0; j < cred->addresses.len; j++){ + char buf[128]; + size_t len; + if(j) printf(", "); + ret = krb5_print_address(&cred->addresses.val[j], + buf, sizeof(buf), &len); + + if(ret == 0) + printf("%s", buf); + } + printf("\n\n"); +} + +/* + * Print all tickets in `ccache' on stdout, verbosily iff do_verbose. + */ + +static void +print_tickets (krb5_context context, + krb5_ccache ccache, + krb5_principal principal, + int do_verbose) +{ + krb5_error_code ret; + char *str; + krb5_cc_cursor cursor; + krb5_creds creds; + + ret = krb5_unparse_name (context, principal, &str); + if (ret) + krb5_err (context, 1, ret, "krb5_unparse_name"); + + printf ("%17s: %s:%s\n", + "Credentials cache", + krb5_cc_get_type(context, ccache), + krb5_cc_get_name(context, ccache)); + printf ("%17s: %s\n", "Principal", str); + free (str); + + if(do_verbose) + printf ("%17s: %d\n", "Cache version", + krb5_cc_get_version(context, ccache)); + + if (do_verbose && context->kdc_sec_offset) { + char buf[BUFSIZ]; + int val; + int sig; + + val = context->kdc_sec_offset; + sig = 1; + if (val < 0) { + sig = -1; + val = -val; + } + + unparse_time (val, buf, sizeof(buf)); + + printf ("%17s: %s%s\n", "KDC time offset", + sig == -1 ? "-" : "", buf); + } + + printf("\n"); + + ret = krb5_cc_start_seq_get (context, ccache, &cursor); + if (ret) + krb5_err(context, 1, ret, "krb5_cc_start_seq_get"); + + if(!do_verbose) + printf(" %-15s %-15s %s\n", "Issued", "Expires", "Principal"); + + while (krb5_cc_next_cred (context, + ccache, + &creds, + &cursor) == 0) { + if(do_verbose){ + print_cred_verbose(context, &creds); + }else{ + print_cred(context, &creds); + } + krb5_free_creds_contents (context, &creds); + } + ret = krb5_cc_end_seq_get (context, ccache, &cursor); + if (ret) + krb5_err (context, 1, ret, "krb5_cc_end_seq_get"); +} + +/* + * Check if there's a tgt for the realm of `principal' and ccache and + * if so return 0, else 1 + */ + +static int +check_for_tgt (krb5_context context, + krb5_ccache ccache, + krb5_principal principal) +{ + krb5_error_code ret; + krb5_creds pattern; + krb5_creds creds; + krb5_realm *client_realm; + int expired; + + client_realm = krb5_princ_realm (context, principal); + + ret = krb5_make_principal (context, &pattern.server, + *client_realm, KRB5_TGS_NAME, *client_realm, + NULL); + if (ret) + krb5_err (context, 1, ret, "krb5_make_principal"); + + ret = krb5_cc_retrieve_cred (context, ccache, 0, &pattern, &creds); + expired = time(NULL) > creds.times.endtime; + krb5_free_principal (context, pattern.server); + krb5_free_creds_contents (context, &creds); + if (ret) { + if (ret == KRB5_CC_END) + return 1; + krb5_err (context, 1, ret, "krb5_cc_retrieve_cred"); + } + return expired; +} + +#ifdef KRB4 +/* + * Print a list of all AFS tokens + */ + +static void +display_tokens(int do_verbose) +{ + u_int32_t i; + unsigned char t[128]; + struct ViceIoctl parms; + + parms.in = (void *)&i; + parms.in_size = sizeof(i); + parms.out = (void *)t; + parms.out_size = sizeof(t); + + for (i = 0; k_pioctl(NULL, VIOCGETTOK, &parms, 0) == 0; i++) { + int32_t size_secret_tok, size_public_tok; + unsigned char *cell; + struct ClearToken ct; + unsigned char *r = t; + struct timeval tv; + char buf1[20], buf2[20]; + + memcpy(&size_secret_tok, r, sizeof(size_secret_tok)); + /* dont bother about the secret token */ + r += size_secret_tok + sizeof(size_secret_tok); + memcpy(&size_public_tok, r, sizeof(size_public_tok)); + r += sizeof(size_public_tok); + memcpy(&ct, r, size_public_tok); + r += size_public_tok; + /* there is a int32_t with length of cellname, but we dont read it */ + r += sizeof(int32_t); + cell = r; + + gettimeofday (&tv, NULL); + strlcpy (buf1, printable_time(ct.BeginTimestamp), + sizeof(buf1)); + if (do_verbose || tv.tv_sec < ct.EndTimestamp) + strlcpy (buf2, printable_time(ct.EndTimestamp), + sizeof(buf2)); + else + strlcpy (buf2, ">>> Expired <<<", sizeof(buf2)); + + printf("%s %s ", buf1, buf2); + + if ((ct.EndTimestamp - ct.BeginTimestamp) & 1) + printf("User's (AFS ID %d) tokens for %s", ct.ViceId, cell); + else + printf("Tokens for %s", cell); + if (do_verbose) + printf(" (%d)", ct.AuthHandle); + putchar('\n'); + } +} +#endif + +static int version_flag = 0; +static int help_flag = 0; +static int do_verbose = 0; +static int do_test = 0; +#ifdef KRB4 +static int do_tokens = 0; +#endif +static char *cred_cache; + +static struct getargs args[] = { + { "cache", 'c', arg_string, &cred_cache, + "credentials cache to list", "cache" }, + { "test", 't', arg_flag, &do_test, + "test for having tickets", NULL }, +#ifdef KRB4 + { "tokens", 'T', arg_flag, &do_tokens, + "display AFS tokens", NULL }, +#endif + { "verbose", 'v', arg_flag, &do_verbose, + "Verbose output", NULL }, + { "version", 0, arg_flag, &version_flag, + "print version", NULL }, + { "help", 0, arg_flag, &help_flag, + NULL, NULL} +}; + +static void +usage (int ret) +{ + arg_printusage (args, + sizeof(args)/sizeof(*args), + NULL, + ""); + exit (ret); +} + +int +main (int argc, char **argv) +{ + krb5_error_code ret; + krb5_context context; + krb5_ccache ccache; + krb5_principal principal; + int optind = 0; + int exit_status = 0; + + set_progname (argv[0]); + + if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind)) + usage(1); + + if (help_flag) + usage (0); + + if(version_flag){ + print_version(NULL); + exit(0); + } + + argc -= optind; + argv += optind; + + if (argc != 0) + usage (1); + + ret = krb5_init_context (&context); + if (ret) + krb5_err(context, 1, ret, "krb5_init_context"); + + if(cred_cache) { + ret = krb5_cc_resolve(context, cred_cache, &ccache); + if (ret) + krb5_err (context, 1, ret, "%s", cred_cache); + } else { + ret = krb5_cc_default (context, &ccache); + if (ret) + krb5_err (context, 1, ret, "krb5_cc_resolve"); + } + + ret = krb5_cc_get_principal (context, ccache, &principal); + if (ret) { + if(ret == ENOENT) { + if (do_test) + return 1; + else + krb5_errx(context, 1, "No ticket file: %s", + krb5_cc_get_name(context, ccache)); + } else + krb5_err (context, 1, ret, "krb5_cc_get_principal"); + } + if (do_test) + exit_status = check_for_tgt (context, ccache, principal); + else + print_tickets (context, ccache, principal, do_verbose); + + ret = krb5_cc_close (context, ccache); + if (ret) + krb5_err (context, 1, ret, "krb5_cc_close"); + + krb5_free_principal (context, principal); + krb5_free_context (context); + +#ifdef KRB4 + if (!do_test && do_tokens && k_hasafs ()) + display_tokens (do_verbose); +#endif + + return exit_status; +} diff --git a/crypto/heimdal/kuser/kuser_locl.h b/crypto/heimdal/kuser/kuser_locl.h new file mode 100644 index 0000000..2010150 --- /dev/null +++ b/crypto/heimdal/kuser/kuser_locl.h @@ -0,0 +1,89 @@ +/* + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: kuser_locl.h,v 1.12 1999/12/02 17:05:01 joda Exp $ */ + +#ifndef __KUSER_LOCL_H__ +#define __KUSER_LOCL_H__ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <time.h> +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_PWD_H +#include <pwd.h> +#endif +#ifdef HAVE_SYS_TIME_H +#include <sys/time.h> +#endif +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif +#ifdef HAVE_NETINET_IN6_H +#include <netinet/in6.h> +#endif +#ifdef HAVE_NETINET6_IN6_H +#include <netinet6/in6.h> +#endif + +#ifdef HAVE_ARPA_INET_H +#include <arpa/inet.h> +#endif +#include <roken.h> +#include <getarg.h> +#include <parse_time.h> +#include <err.h> +#include <krb5.h> + +#ifdef KRB4 +#include <krb.h> +#endif +#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40 +#include <sys/ioctl.h> +#endif +#ifdef HAVE_SYS_IOCCOM_H +#include <sys/ioccom.h> +#endif +#include <kafs.h> + +#endif /* __KUSER_LOCL_H__ */ diff --git a/crypto/heimdal/kuser/kverify.c b/crypto/heimdal/kuser/kverify.c new file mode 100644 index 0000000..986d7c9 --- /dev/null +++ b/crypto/heimdal/kuser/kverify.c @@ -0,0 +1,82 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kuser_locl.h" + +RCSID("$Id: kverify.c,v 1.3 1999/12/02 17:05:01 joda Exp $"); + +int +main(int argc, char **argv) +{ + krb5_context context; + krb5_error_code ret; + krb5_creds cred; + krb5_preauthtype pre_auth_types[] = {KRB5_PADATA_ENC_TIMESTAMP}; + krb5_get_init_creds_opt get_options; + krb5_verify_init_creds_opt verify_options; + + krb5_init_context(&context); + + krb5_get_init_creds_opt_init (&get_options); + + krb5_get_init_creds_opt_set_preauth_list (&get_options, + pre_auth_types, + 1); + + krb5_verify_init_creds_opt_init (&verify_options); + + ret = krb5_get_init_creds_password (context, + &cred, + NULL, + NULL, + krb5_prompter_posix, + NULL, + 0, + NULL, + &get_options); + if (ret) + errx (1, "krb5_get_init_creds: %s", krb5_get_err_text(context, ret)); + + ret = krb5_verify_init_creds (context, + &cred, + NULL, + NULL, + NULL, + &verify_options); + if (ret) + errx (1, "krb5_verify_init_creds: %s", + krb5_get_err_text(context, ret)); + krb5_free_creds_contents (context, &cred); + krb5_free_context (context); + return 0; +} |
