diff options
author | markm <markm@FreeBSD.org> | 1999-09-19 14:19:32 +0000 |
---|---|---|
committer | markm <markm@FreeBSD.org> | 1999-09-19 14:19:32 +0000 |
commit | fe83e8abf357ee11114856a5278bb38431a9517c (patch) | |
tree | 36ce70fe2e8419130e546c38a7790e8ab224a362 /crypto/kerberosIV/lib/kafs | |
parent | a8a89cfaf983bc64f4b42f7c35209a5a36dd0fe8 (diff) | |
download | FreeBSD-src-fe83e8abf357ee11114856a5278bb38431a9517c.zip FreeBSD-src-fe83e8abf357ee11114856a5278bb38431a9517c.tar.gz |
Clean import of KTH krb4-0.10.1.
Diffstat (limited to 'crypto/kerberosIV/lib/kafs')
-rw-r--r-- | crypto/kerberosIV/lib/kafs/ChangeLog | 117 | ||||
-rw-r--r-- | crypto/kerberosIV/lib/kafs/Makefile.am | 69 | ||||
-rw-r--r-- | crypto/kerberosIV/lib/kafs/Makefile.in | 71 | ||||
-rw-r--r-- | crypto/kerberosIV/lib/kafs/README.dlfcn | 246 | ||||
-rw-r--r-- | crypto/kerberosIV/lib/kafs/afskrb.c | 374 | ||||
-rw-r--r-- | crypto/kerberosIV/lib/kafs/afskrb5.c | 177 | ||||
-rw-r--r-- | crypto/kerberosIV/lib/kafs/afssys.c | 265 | ||||
-rw-r--r-- | crypto/kerberosIV/lib/kafs/afssysdefs.h | 13 | ||||
-rw-r--r-- | crypto/kerberosIV/lib/kafs/common.c | 370 | ||||
-rw-r--r-- | crypto/kerberosIV/lib/kafs/dlfcn.c | 119 | ||||
-rw-r--r-- | crypto/kerberosIV/lib/kafs/kafs.h | 108 | ||||
-rw-r--r-- | crypto/kerberosIV/lib/kafs/kafs_locl.h | 49 |
12 files changed, 1506 insertions, 472 deletions
diff --git a/crypto/kerberosIV/lib/kafs/ChangeLog b/crypto/kerberosIV/lib/kafs/ChangeLog new file mode 100644 index 0000000..e32b7ed --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/ChangeLog @@ -0,0 +1,117 @@ +1999-07-22 Assar Westerlund <assar@sics.se> + + * afssysdefs.h: define AFS_SYSCALL to 73 for Solaris 2.7 + +1999-07-07 Assar Westerlund <assar@sics.se> + + * afskrb5.c (krb5_realm_of_cell): new function + + * afskrb.c (krb_realm_of_cell): new function + (afslog_uid_int): call krb_get_lrealm correctly + +1999-06-15 Assar Westerlund <assar@sics.se> + + * common.c (realm_of_cell): rename to _kafs_realm_of_cell and + un-staticize + +Fri Mar 19 14:52:29 1999 Johan Danielsson <joda@hella.pdc.kth.se> + + * Makefile.am: add version-info + +Thu Mar 18 11:24:02 1999 Johan Danielsson <joda@hella.pdc.kth.se> + + * Makefile.am: include Makefile.am.common + +Sat Feb 27 19:46:21 1999 Johan Danielsson <joda@hella.pdc.kth.se> + + * Makefile.am: remove EXTRA_DATA (as of autoconf 2.13/automake + 1.4) + +Thu Feb 11 22:57:37 1999 Johan Danielsson <joda@hella.pdc.kth.se> + + * Makefile.am: set AIX_SRC also if !AIX + +Tue Dec 1 14:45:15 1998 Johan Danielsson <joda@hella.pdc.kth.se> + + * Makefile.am: fix AIX linkage + +Sun Nov 22 10:40:44 1998 Assar Westerlund <assar@sics.se> + + * Makefile.in (WFLAGS): set + +Sat Nov 21 16:55:19 1998 Johan Danielsson <joda@hella.pdc.kth.se> + + * afskrb5.c: add homedir support + +Sun Sep 6 20:16:27 1998 Assar Westerlund <assar@sics.se> + + * add new functionality for specifying the homedir to krb_afslog + et al + +Thu Jul 16 01:27:19 1998 Assar Westerlund <assar@sics.se> + + * afssys.c: reorganize order of definitions. + (try_one, try_two): conditionalize + +Thu Jul 9 18:31:52 1998 Johan Danielsson <joda@emma.pdc.kth.se> + + * common.c (realm_of_cell): make the dns fallback work + +Wed Jul 8 01:39:44 1998 Assar Westerlund <assar@sics.se> + + * afssys.c (map_syscall_name_to_number): new function for finding + the number of a syscall given the name on solaris + (k_hasafs): try using map_syscall_name_to_number + +Tue Jun 30 17:19:00 1998 Assar Westerlund <assar@sics.se> + + * afssys.c: rewrite and add support for environment variable + AFS_SYSCALL + + * Makefile.in (distclean): don't remove roken_rename.h + +Fri May 29 19:03:20 1998 Assar Westerlund <assar@sics.se> + + * Makefile.in (roken_rename.h): remove dependency + +Mon May 25 05:25:54 1998 Assar Westerlund <assar@sics.se> + + * Makefile.in (clean): try to remove shared library debris + +Sun Apr 19 09:58:40 1998 Assar Westerlund <assar@sics.se> + + * Makefile.in: add symlink magic for linux + +Sat Apr 4 15:08:48 1998 Assar Westerlund <assar@sics.se> + + * kafs.h: add arla paths + + * common.c (_kafs_afslog_all_local_cells): Try _PATH_ARLA_* + (_realm_of_cell): Try _PATH_ARLA_CELLSERVDB + +Thu Feb 19 14:50:22 1998 Johan Danielsson <joda@emma.pdc.kth.se> + + * common.c: Don't store expired tokens (this broke when using + pag-less rsh-sessions, and `non-standard' ticket files). + +Thu Feb 12 11:20:15 1998 Johan Danielsson <joda@emma.pdc.kth.se> + + * Makefile.in: Install/uninstall one library at a time. + +Thu Feb 12 05:38:58 1998 Assar Westerlund <assar@sics.se> + + * Makefile.in (install): one library at a time. + +Mon Feb 9 23:40:32 1998 Assar Westerlund <assar@sics.se> + + * common.c (find_cells): ignore empty lines + +Tue Jan 6 04:25:58 1998 Assar Westerlund <assar@sics.se> + + * afssysdefs.h (AFS_SYSCALL): add FreeBSD + +Fri Jan 2 17:08:24 1998 Assar Westerlund <assar@sics.se> + + * kafs.h: new VICEIOCTL's. From <rb@stacken.kth.se> + + * afssysdefs.h: Add OpenBSD diff --git a/crypto/kerberosIV/lib/kafs/Makefile.am b/crypto/kerberosIV/lib/kafs/Makefile.am new file mode 100644 index 0000000..f6afbc7 --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/Makefile.am @@ -0,0 +1,69 @@ +# $Id: Makefile.am,v 1.13 1999/03/21 14:08:14 joda Exp $ + +include $(top_srcdir)/Makefile.am.common + +INCLUDES += $(INCLUDE_krb4) $(AFS_EXTRA_DEFS) + +if KRB4 +AFSLIBS = libkafs.la +else +AFSLIBS = +endif + +if AIX +AFSL_EXP = $(srcdir)/afsl.exp + +if AIX4 +AFS_EXTRA_LD = -bnoentry +else +AFS_EXTRA_LD = -e _nostart +endif + +if AIX_DYNAMIC_AFS +if HAVE_DLOPEN +AIX_SRC = +else +AIX_SRC = dlfcn.c +endif +AFS_EXTRA_LIBS = afslib.so +AFS_EXTRA_DEFS = +else +AIX_SRC = afslib.c +AFS_EXTRA_LIBS = +AFS_EXTRA_DEFS = -DSTATIC_AFS +endif + +else +AFSL_EXP = +AIX_SRC = +endif # AIX + + +lib_LTLIBRARIES = $(AFSLIBS) +libkafs_la_LDFLAGS = -version-info 0:0:0 +foodir = $(libdir) +foo_DATA = $(AFS_EXTRA_LIBS) +# EXTRA_DATA = afslib.so + +CLEANFILES= $(AFS_EXTRA_LIBS) + +include_HEADERS = kafs.h + +if KRB5 +afskrb5_c = afskrb5.c +endif + +libkafs_la_SOURCES = afssys.c afskrb.c $(afskrb5_c) common.c $(AIX_SRC) kafs_locl.h afssysdefs.h +#afslib_so_SOURCES = afslib.c + +EXTRA_libkafs_la_SOURCES = afskrb5.c dlfcn.c afslib.c dlfcn.h + +EXTRA_DIST = README.dlfcn afsl.exp afslib.exp + + +# AIX: this almost works with gcc, but somehow it fails to use the +# correct ld, use ld instead +afslib.so: afslib.o + ld -o $@ -bM:SRE -bI:$(srcdir)/afsl.exp -bE:$(srcdir)/afslib.exp $(AFS_EXTRA_LD) afslib.o -lc + +$(OBJECTS): ../../include/config.h diff --git a/crypto/kerberosIV/lib/kafs/Makefile.in b/crypto/kerberosIV/lib/kafs/Makefile.in index e9c9121..3a44f79 100644 --- a/crypto/kerberosIV/lib/kafs/Makefile.in +++ b/crypto/kerberosIV/lib/kafs/Makefile.in @@ -1,5 +1,5 @@ # -# $Id: Makefile.in,v 1.30 1997/05/06 03:47:35 assar Exp $ +# $Id: Makefile.in,v 1.49 1999/03/10 19:01:15 joda Exp $ # SHELL = /bin/sh @@ -8,10 +8,13 @@ srcdir = @srcdir@ VPATH = @srcdir@ CC = @CC@ +LINK = @LINK@ AR = ar RANLIB = @RANLIB@ -DEFS = @DEFS@ -DLIBDIR='"$(libdir)"' -CFLAGS = @CFLAGS@ +LN_S = @LN_S@ +DEFS = @DEFS@ -DROKEN_RENAME -DLIBDIR='"$(libdir)"' @AFS_EXTRA_DEFS@ +CFLAGS = @CFLAGS@ $(WFLAGS) +WFLAGS = @WFLAGS@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -23,17 +26,26 @@ libdir = @libdir@ PICFLAGS = @PICFLAGS@ +LIB_DEPS = @lib_deps_yes@ -lc +build_symlink_command = @build_symlink_command@ +install_symlink_command = @install_symlink_command@ + LIBNAME = $(LIBPREFIX)kafs LIBEXT = @LIBEXT@ SHLIBEXT = @SHLIBEXT@ LIBPREFIX = @LIBPREFIX@ LDSHARED = @LDSHARED@ +AFS_EXTRA_OBJS = @AFS_EXTRA_OBJS@ AFS_EXTRA_LIBS = @AFS_EXTRA_LIBS@ LIB = $(LIBNAME).$(LIBEXT) $(AFS_EXTRA_LIBS) -SOURCES = afssys.c afskrb.c afslib.c +SOURCES = afssys.c afskrb.c common.c afslib.c + +EXTRA_SOURCE = issuid.c strcpy_truncate.c strcat_truncate.c + +EXTRA_OBJECT = issuid.o strcpy_truncate.o strcat_truncate.o -OBJECTS = afssys.o afskrb.o +OBJECTS = afssys.o afskrb.o common.o $(EXTRA_OBJECT) $(AFS_EXTRA_OBJS) all: $(LIB) @@ -41,14 +53,19 @@ Wall: make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" .c.o: - $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $< + $(CC) -c $(DEFS) -I../../include -I$(srcdir) -I. $(CFLAGS) $(CPPFLAGS) $(PICFLAGS) $< install: all - $(MKINSTALLDIRS) $(libdir) - $(INSTALL_DATA) -m 0555 $(LIB) $(libdir) + $(MKINSTALLDIRS) $(DESTDIR)$(libdir) + @for i in $(LIB); do \ + echo "$(INSTALL) -m 0555 $$i $(DESTDIR)$(libdir)/$$i" ;\ + $(INSTALL) -m 0555 $$i $(DESTDIR)$(libdir)/$$i ; done + @install_symlink_command@ uninstall: - rm -f $(libdir)/$(LIB) + @for i in $(LIB); do \ + echo "rm -f $(DESTDIR)$(libdir)/$$i" ;\ + rm -f $(DESTDIR)$(libdir)/$$i ; done TAGS: $(SOURCES) etags $(SOURCES) @@ -56,35 +73,45 @@ TAGS: $(SOURCES) check: clean: - rm -f $(LIB) *.o *.a + rm -f $(LIB) *.o *.a *.so *.so.* so_locations $(EXTRA_SOURCE) mostlyclean: clean distclean: clean - rm -f Makefile *.tab.c *~ + rm -f Makefile *.tab.c *~ roken_rename.h realclean: distclean rm -f TAGS -dist: $(DISTFILES) - for file in $(DISTFILES); do \ - ln $$file ../`cat ../.fname`/lib \ - || cp -p $$file ../`cat ../.fname`/lib; \ - done - -$(LIBNAME).a: $(OBJECTS) @AFS_EXTRA_OBJS@ +$(LIBNAME).a: $(OBJECTS) rm -f $@ - $(AR) cr $@ $(OBJECTS) @AFS_EXTRA_OBJS@ + $(AR) cr $@ $(OBJECTS) -$(RANLIB) $@ $(LIBNAME).$(SHLIBEXT): $(OBJECTS) rm -f $@ - $(LDSHARED) -o $@ $(OBJECTS) + $(LDSHARED) -o $@ $(OBJECTS) $(LIB_DEPS) + @build_symlink_command@ # AIX: this almost works with gcc, but somehow it fails to use the # correct ld, use ld instead afslib.so: afslib.o - ld -o $@ -bM:SRE -bI:$(srcdir)/afsl.exp -bE:$(srcdir)/afslib.exp -bnoentry afslib.o + ld -o $@ -bM:SRE -bI:$(srcdir)/afsl.exp -bE:$(srcdir)/afslib.exp @AFS_EXTRA_LD@ afslib.o -lc + +$(OBJECTS): ../../include/config.h roken_rename.h + +roken_rename.h: + $(LN_S) $(srcdir)/../krb/roken_rename.h . + +.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean + +issuid.c: + $(LN_S) $(srcdir)/../roken/issuid.c . + +strcat_truncate.c: + $(LN_S) $(srcdir)/../roken/strcat_truncate.c . + +strcpy_truncate.c: + $(LN_S) $(srcdir)/../roken/strcpy_truncate.c . -$(OBJECTS): ../../include/config.h diff --git a/crypto/kerberosIV/lib/kafs/README.dlfcn b/crypto/kerberosIV/lib/kafs/README.dlfcn new file mode 100644 index 0000000..cee1b75 --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/README.dlfcn @@ -0,0 +1,246 @@ +Copyright (c) 1992,1993,1995,1996, Jens-Uwe Mager, Helios Software GmbH +Not derived from licensed software. + +Permission is granted to freely use, copy, modify, and redistribute +this software, provided that the author is not construed to be liable +for any results of using the software, alterations are clearly marked +as such, and this notice is not modified. + +libdl.a +------- + +This is an emulation library to emulate the SunOS/System V.4 functions +to access the runtime linker. The functions are emulated by using the +AIX load() function and by reading the .loader section of the loaded +module to find the exports. The to be loaded module should be linked as +follows (if using AIX 3): + + cc -o module.so -bM:SRE -bE:module.exp -e _nostart $(OBJS) + +For AIX 4: + + cc -o module.so -bM:SRE -bE:module.exp -bnoentry $(OBJS) + +If you want to reference symbols from the main part of the program in a +loaded module, you will have to link against the export file of the +main part: + + cc -o main -bE:main.exp $(MAIN_OBJS) + cc -o module.so -bM:SRE -bI:main.exp -bE:module.exp -bnoentry $(OBJS) + +Note that you explicitely have to specify what functions are supposed +to be accessible from your loaded modules, this is different from +SunOS/System V.4 where any global is automatically exported. If you +want to export all globals, the following script might be of help: + +#!/bin/sh +/usr/ucb/nm -g $* | awk '$2 == "B" || $2 == "D" { print $3 }' + +The module export file contains the symbols to be exported. Because +this library uses the loader section, the final module.so file can be +stripped. C++ users should build their shared objects using the script +makeC++SharedLib (part of the IBM C++ compiler), this will make sure +that constructors and destructors for static and global objects will be +called upon loading and unloading the module. GNU C++ users should use +the -shared option to g++ to link the shared object: + + g++ -o module.so -shared $(OBJS) + +If the shared object does have permissions for anybody, the shared +object will be loaded into the shared library segment and it will stay +there even if the main application terminates. If you rebuild your +shared object after a bugfix and you want to make sure that you really +get the newest version you will have to use the "slibclean" command +before starting the application again to garbage collect the shared +library segment. If the performance utilities (bosperf) are installed +you can use the following command to see what shared objects are +loaded: + +/usr/lpp/bosperf/genkld | sort | uniq + +For easier debugging you can avoid loading the shared object into the +shared library segment alltogether by removing permissions for others +from the module.so file: + +chmod o-rwx module.so + +This will ensure you get a fresh copy of the shared object for every +dlopen() call which is loaded into the application's data segment. + +Usage +----- + +void *dlopen(const char *path, int mode); + +This routine loads the module pointed to by path and reads its export +table. If the path does not contain a '/' character, dlopen will search +for the module using the LIBPATH environment variable. It returns an +opaque handle to the module or NULL on error. The mode parameter can be +either RTLD_LAZY (for lazy function binding) or RTLD_NOW for immediate +function binding. The AIX implementation currently does treat RTLD_NOW +the same as RTLD_LAZY. The flag RTLD_GLOBAL might be or'ed into the +mode parameter to allow loaded modules to bind to global variables or +functions in other loaded modules loaded by dlopen(). If RTLD_GLOBAL is +not specified, only globals from the main part of the executable or +shared libraries are used to look for undefined symbols in loaded +modules. + + +void *dlsym(void *handle, const char *symbol); + +This routine searches for the symbol in the module referred to by +handle and returns its address. If the symbol could not be found, the +function returns NULL. The return value must be casted to a proper +function pointer before it can be used. SunOS/System V.4 allows handle +to be a NULL pointer to refer to the module the call is made from, this +is not implemented. + +int dlclose(void *handle); + +This routine unloads the module referred to by the handle and disposes +of any local storage. this function returns -1 on failure. Any function +pointers obtained through dlsym() should be considered invalid after +closing a module. + +As AIX caches shared objects in the shared library segment, function +pointers obtained through dlsym() might still work even though the +module has been unloaded. This can introduce subtle bugs that will +segment fault later if AIX garbage collects or immediatly on +SunOS/System V.4 as the text segment is unmapped. + +char *dlerror(void); + +This routine can be used to retrieve a text message describing the most +recent error that occured on on of the above routines. This function +returns NULL if there is no error information. + +Initialization and termination handlers +--------------------------------------- + +The emulation provides for an initialization and a termination +handler. The dlfcn.h file contains a structure declaration named +dl_info with following members: + + void (*init)(void); + void (*fini)(void); + +The init function is called upon first referencing the library. The +fini function is called at dlclose() time or when the process exits. +The module should declare a variable named dl_info that contains this +structure which must be exported. These functions correspond to the +documented _init() and _fini() functions of SunOS 4.x, but these are +appearently not implemented in SunOS. When using SunOS 5.0, these +correspond to #pragma init and #pragma fini respectively. At the same +time any static or global C++ object's constructors or destructors will +be called. + +BUGS +---- + +Please note that there is currently a problem with implicitely loaded +shared C++ libaries: if you refer to a shared C++ library from a loaded +module that is not yet used by the main program, the dlopen() emulator +does not notice this and does not call the static constructors for the +implicitely loaded library. This can be easily demonstrated by +referencing the C++ standard streams from a loaded module if the main +program is a plain C program. + +Jens-Uwe Mager + +HELIOS Software GmbH +Lavesstr. 80 +30159 Hannover +Germany + +Phone: +49 511 36482-0 +FAX: +49 511 36482-69 +AppleLink: helios.de/jum +Internet: jum@helios.de + +Revison History +--------------- + +SCCS/s.dlfcn.h: + +D 1.4 95/04/25 09:36:52 jum 4 3 00018/00004/00028 +MRs: +COMMENTS: +added RTLD_GLOBAL, include and C++ guards + +D 1.3 92/12/27 20:58:32 jum 3 2 00001/00001/00031 +MRs: +COMMENTS: +we always have prototypes on RS/6000 + +D 1.2 92/08/16 17:45:11 jum 2 1 00009/00000/00023 +MRs: +COMMENTS: +added dl_info structure to implement initialize and terminate functions + +D 1.1 92/08/02 18:08:45 jum 1 0 00023/00000/00000 +MRs: +COMMENTS: +Erstellungsdatum und -uhrzeit 92/08/02 18:08:45 von jum + +SCCS/s.dlfcn.c: + +D 1.11 96/04/10 20:12:51 jum 13 12 00037/00000/00533 +MRs: +COMMENTS: +Integrated the changes from John W. Eaton <jwe@bevo.che.wisc.edu> to initialize +g++ generated shared objects. + +D 1.10 96/02/15 17:42:44 jum 12 10 00012/00007/00521 +MRs: +COMMENTS: +the C++ constructor and destructor chains are now called properly for either +xlC 2 or xlC 3 (CSet++). + +D 1.9 95/09/22 11:09:38 markus 10 9 00001/00008/00527 +MRs: +COMMENTS: +Fix version number + +D 1.8 95/09/22 10:14:34 markus 9 8 00008/00001/00527 +MRs: +COMMENTS: +Added version number for dl lib + +D 1.7 95/08/14 19:08:38 jum 8 6 00026/00004/00502 +MRs: +COMMENTS: +Integrated the fixes from Kirk Benell (kirk@rsinc.com) to allow loading of +shared objects generated under AIX 4. Fixed bug that symbols with exactly +8 characters would use garbage characters from the following symbol value. + +D 1.6 95/04/25 09:38:03 jum 6 5 00046/00006/00460 +MRs: +COMMENTS: +added handling of C++ static constructors and destructors, added RTLD_GLOBAL to bind against other loaded modules + +D 1.5 93/02/14 20:14:17 jum 5 4 00002/00000/00464 +MRs: +COMMENTS: +added path to dlopen error message to make clear where there error occured. + +D 1.4 93/01/03 19:13:56 jum 4 3 00061/00005/00403 +MRs: +COMMENTS: +to allow calling symbols in the main module call load with L_NOAUTODEFER and +do a loadbind later with the main module. + +D 1.3 92/12/27 20:59:55 jum 3 2 00066/00008/00342 +MRs: +COMMENTS: +added search by L_GETINFO if module got loaded by LIBPATH + +D 1.2 92/08/16 17:45:43 jum 2 1 00074/00006/00276 +MRs: +COMMENTS: +implemented initialize and terminate functions, added reference counting to avoid multiple loads of the same library + +D 1.1 92/08/02 18:08:45 jum 1 0 00282/00000/00000 +MRs: +COMMENTS: +Erstellungsdatum und -uhrzeit 92/08/02 18:08:45 von jum + diff --git a/crypto/kerberosIV/lib/kafs/afskrb.c b/crypto/kerberosIV/lib/kafs/afskrb.c index d979ac5..4da459c 100644 --- a/crypto/kerberosIV/lib/kafs/afskrb.c +++ b/crypto/kerberosIV/lib/kafs/afskrb.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -38,336 +38,104 @@ #include "kafs_locl.h" -RCSID("$Id: afskrb.c,v 1.6 1997/05/26 17:38:24 bg Exp $"); +RCSID("$Id: afskrb.c,v 1.11 1999/07/07 12:29:33 assar Exp $"); -#define AUTH_SUPERUSER "afs" - -/* - * Here only ASCII characters are relevant. - */ - -#define IsAsciiLower(c) ('a' <= (c) && (c) <= 'z') - -#define ToAsciiUpper(c) ((c) - 'a' + 'A') - -static void -foldup(char *a, const char *b) -{ - for (; *b; a++, b++) - if (IsAsciiLower(*b)) - *a = ToAsciiUpper(*b); - else - *a = *b; - *a = '\0'; -} +struct krb_kafs_data { + const char *realm; +}; static int -get_cred(const char *princ, const char *inst, const char *krealm, - CREDENTIALS *c, KTEXT_ST *tkt) +get_cred(kafs_data *data, const char *name, const char *inst, + const char *realm, CREDENTIALS *c) { - int k_errno = krb_get_cred((char*)princ, (char*)inst, (char*)krealm, c); - - if (k_errno != KSUCCESS) - { - k_errno = krb_mk_req(tkt, (char*)princ, (char*)inst, (char*)krealm, 0); - if (k_errno == KSUCCESS) - k_errno = krb_get_cred((char*)princ, (char*)inst, (char*)krealm, c); + KTEXT_ST tkt; + int ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, c); + + if (ret) { + ret = krb_mk_req(&tkt, (char*)name, (char*)inst, (char*)realm, 0); + if (ret == KSUCCESS) + ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, c); } - return k_errno; -} - - -/* Convert a string to a 32 bit ip number in network byte order. - Return 0 on error - */ - -static u_int32_t -ip_aton(char *ip) -{ - u_int32_t addr; - unsigned int a, b, c, d; - - if(sscanf(ip, "%u.%u.%u.%u", &a, &b, &c, &d) != 4) - return 0; - if((a | b | c | d) > 255) - return 0; - addr = (a << 24) | (b << 16) | (c << 8) | d; - addr = htonl(addr); - return addr; + return ret; } -/* Try to get a db-server for an AFS cell from a AFSDB record */ - static int -dns_find_cell(const char *cell, char *dbserver) +afslog_uid_int(kafs_data *data, const char *cell, uid_t uid, + const char *homedir) { - struct dns_reply *r; - int ok = -1; - r = dns_lookup(cell, "afsdb"); - if(r){ - struct resource_record *rr = r->head; - while(rr){ - if(rr->type == T_AFSDB && rr->u.afsdb->preference == 1){ - strncpy(dbserver, rr->u.afsdb->domain, MaxHostNameLen); - dbserver[MaxHostNameLen - 1] = 0; - ok = 0; - break; - } - rr = rr->next; - } - dns_free_data(r); - } - return ok; -} - + int ret; + CREDENTIALS c; + struct krb_kafs_data *d = data->data; + char realm[REALM_SZ], *lrealm; + + if (cell == 0 || cell[0] == 0) + return _kafs_afslog_all_local_cells (data, uid, homedir); -/* Find the realm associated with cell. Do this by opening - /usr/vice/etc/CellServDB and getting the realm-of-host for the - first VL-server for the cell. + ret = krb_get_lrealm(realm, 1); + if(ret == KSUCCESS && (d->realm == NULL || strcmp(d->realm, realm))) + lrealm = realm; + else + lrealm = NULL; - This does not work when the VL-server is living in one cell, but - the cell it is serving is living in another cell. - */ + ret = _kafs_get_cred(data, cell, d->realm, lrealm, &c); + + if(ret == 0) + ret = kafs_settoken(cell, uid, &c); + return ret; +} -static char* -realm_of_cell(const char *cell) +static char * +get_realm(kafs_data *data, const char *host) { - FILE *F; - char buf[1024]; - u_int32_t addr; - struct hostent *hp; - char *realm = NULL; - - if((F = fopen(_PATH_CELLSERVDB, "r"))){ - while(fgets(buf, sizeof(buf), F)){ - if(buf[0] != '>') - continue; - if(strncmp(buf + 1, cell, strlen(cell)) == 0){ - if(fgets(buf, sizeof(buf), F) == NULL) - break; - addr = ip_aton(buf); - if(addr == 0) - break; - hp = gethostbyaddr((char*)&addr, 4, AF_INET); - if(hp == NULL) - break; - strncpy (buf, hp->h_name, sizeof(buf)); - buf[sizeof(buf) - 1] = '\0'; - realm = krb_realmofhost(buf); - break; - } - } - fclose(F); - } - if(realm == NULL){ - if(dns_find_cell(cell, buf) == 0) - realm = krb_realmofhost(buf); - } - return realm; + char *r = krb_realmofhost(host); + if(r != NULL) + return strdup(r); + else + return NULL; } -/* - * Get tokens for all cells[] - */ -static int -k_afslog_cells(char *cells[], int max, const char *krealm, uid_t uid) +int +krb_afslog_uid_home(const char *cell, const char *realm, uid_t uid, + const char *homedir) { - int err = KSUCCESS; - int i; - for(i = 0; i < max; i++) - err = k_afsklog_uid(cells[i], krealm, uid); - return err; + kafs_data kd; + struct krb_kafs_data d; + + kd.afslog_uid = afslog_uid_int; + kd.get_cred = get_cred; + kd.get_realm = get_realm; + kd.data = &d; + d.realm = realm; + return afslog_uid_int(&kd, cell, uid, homedir); } -/* - * Try to find the cells we should try to klog to in "file". - */ -static void -k_find_cells(char *file, char *cells[], int size, int *index) +int +krb_afslog_uid(const char *cell, const char *realm, uid_t uid) { - FILE *f; - char cell[64]; - int i; - f = fopen(file, "r"); - if (f == NULL) - return; - while (*index < size && fgets(cell, sizeof(cell), f)) { - char *nl = strchr(cell, '\n'); - if (nl) *nl = 0; - for(i = 0; i < *index; i++) - if(strcmp(cells[i], cell) == 0) - break; - if(i == *index) - cells[(*index)++] = strdup(cell); - } - fclose(f); + return krb_afslog_uid_home (cell, realm, uid, NULL); } -static int -k_afsklog_all_local_cells(const char *krealm, uid_t uid) +int +krb_afslog(const char *cell, const char *realm) { - int err; - char *cells[32]; /* XXX */ - int num_cells = sizeof(cells) / sizeof(cells[0]); - int index = 0; - - char *p; - - if ((p = getenv("HOME"))) { - char home[MaxPathLen]; - - if (k_concat(home, sizeof(home), p, "/.TheseCells", NULL) == 0) - k_find_cells(home, cells, num_cells, &index); - } - k_find_cells(_PATH_THESECELLS, cells, num_cells, &index); - k_find_cells(_PATH_THISCELL, cells, num_cells, &index); - - err = k_afslog_cells(cells, index, krealm, uid); - while(index > 0) - free(cells[--index]); - return err; + return krb_afslog_uid (cell, realm, getuid()); } int -k_afsklog_uid(const char *cell, const char *krealm, uid_t uid) +krb_afslog_home(const char *cell, const char *realm, const char *homedir) { - int k_errno; - CREDENTIALS c; - KTEXT_ST ticket; - char realm[REALM_SZ]; - char *vl_realm; /* realm of vl-server */ - char *lrealm; /* local realm */ - char CELL[64]; - - if (cell == 0 || cell[0] == 0) - return k_afsklog_all_local_cells (krealm, uid); - foldup(CELL, cell); - - k_errno = krb_get_lrealm(realm , 0); - if(k_errno == KSUCCESS && (krealm == NULL || strcmp(krealm, realm))) - lrealm = realm; - else - lrealm = NULL; - - /* We're about to find the the realm that holds the key for afs in - * the specified cell. The problem is that null-instance - * afs-principals are common and that hitting the wrong realm might - * yield the wrong afs key. The following assumptions were made. - * - * Any realm passed to us is preferred. - * - * If there is a realm with the same name as the cell, it is most - * likely the correct realm to talk to. - * - * In most (maybe even all) cases the database servers of the cell - * will live in the realm we are looking for. - * - * Try the local realm, but if the previous cases fail, this is - * really a long shot. - * - */ - - /* comments on the ordering of these tests */ - - /* If the user passes a realm, she probably knows something we don't - * know and we should try afs@krealm (otherwise we're talking with a - * blondino and she might as well have it.) - */ - - k_errno = -1; - if(krealm){ - k_errno = get_cred(AUTH_SUPERUSER, cell, krealm, &c, &ticket); - if(k_errno) - k_errno = get_cred(AUTH_SUPERUSER, "", krealm, &c, &ticket); - } - - if(k_errno) - k_errno = get_cred(AUTH_SUPERUSER, cell, CELL, &c, &ticket); - if(k_errno) - k_errno = get_cred(AUTH_SUPERUSER, "", CELL, &c, &ticket); - - /* this might work in some conditions */ - if(k_errno && (vl_realm = realm_of_cell(cell))){ - k_errno = get_cred(AUTH_SUPERUSER, cell, vl_realm, &c, &ticket); - if(k_errno) - k_errno = get_cred(AUTH_SUPERUSER, "", vl_realm, &c, &ticket); - } - - if(k_errno && lrealm){ - k_errno = get_cred(AUTH_SUPERUSER, cell, lrealm, &c, &ticket); -#if 0 - /* this is most likely never right anyway, but won't fail */ - if(k_errno) - k_errno = get_cred(AUTH_SUPERUSER, "", lrealm, &c, &ticket); -#endif - } - - if (k_errno == KSUCCESS) - { - struct ViceIoctl parms; - struct ClearToken ct; - int32_t sizeof_x; - char buf[2048], *t; - - /* - * Build a struct ClearToken - */ - ct.AuthHandle = c.kvno; - memcpy (ct.HandShakeKey, c.session, sizeof(c.session)); - ct.ViceId = uid; /* is this always valid? */ - ct.BeginTimestamp = 1 + c.issue_date; - ct.EndTimestamp = krb_life_to_time(c.issue_date, c.lifetime); - -#define ODD(x) ((x) & 1) - /* If we don't know the numerical ID lifetime should be even? */ - if (uid == 0 && ODD(ct.EndTimestamp - ct.BeginTimestamp)) - ct.BeginTimestamp--; - - t = buf; - /* - * length of secret token followed by secret token - */ - sizeof_x = c.ticket_st.length; - memcpy(t, &sizeof_x, sizeof(sizeof_x)); - t += sizeof(sizeof_x); - memcpy(t, c.ticket_st.dat, sizeof_x); - t += sizeof_x; - /* - * length of clear token followed by clear token - */ - sizeof_x = sizeof(ct); - memcpy(t, &sizeof_x, sizeof(sizeof_x)); - t += sizeof(sizeof_x); - memcpy(t, &ct, sizeof_x); - t += sizeof_x; - - /* - * do *not* mark as primary cell - */ - sizeof_x = 0; - memcpy(t, &sizeof_x, sizeof(sizeof_x)); - t += sizeof(sizeof_x); - /* - * follow with cell name - */ - sizeof_x = strlen(cell) + 1; - memcpy(t, cell, sizeof_x); - t += sizeof_x; - - /* - * Build argument block - */ - parms.in = buf; - parms.in_size = t - buf; - parms.out = 0; - parms.out_size = 0; - k_pioctl(0, VIOCSETTOK, &parms, 0); - } - return k_errno; + return krb_afslog_uid_home (cell, realm, getuid(), homedir); } +/* + * + */ + int -k_afsklog(const char *cell, const char *krealm) +krb_realm_of_cell(const char *cell, char **realm) { - return k_afsklog_uid (cell, krealm, getuid()); + kafs_data kd; + + kd.get_realm = get_realm; + return _kafs_realm_of_cell(&kd, cell, realm); } diff --git a/crypto/kerberosIV/lib/kafs/afskrb5.c b/crypto/kerberosIV/lib/kafs/afskrb5.c new file mode 100644 index 0000000..a25dd7e --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/afskrb5.c @@ -0,0 +1,177 @@ +/* + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kafs_locl.h" + +RCSID("$Id: afskrb5.c,v 1.7 1999/07/07 12:30:06 assar Exp $"); + +struct krb5_kafs_data { + krb5_context context; + krb5_ccache id; + krb5_const_realm realm; +}; + +static int +get_cred(kafs_data *data, const char *name, const char *inst, + const char *realm, CREDENTIALS *c) +{ + krb5_error_code ret; + krb5_creds in_creds, *out_creds; + struct krb5_kafs_data *d = data->data; + + memset(&in_creds, 0, sizeof(in_creds)); + ret = krb5_425_conv_principal(d->context, name, inst, realm, + &in_creds.server); + if(ret) + return ret; + ret = krb5_cc_get_principal(d->context, d->id, &in_creds.client); + if(ret){ + krb5_free_principal(d->context, in_creds.server); + return ret; + } + ret = krb5_get_credentials(d->context, 0, d->id, &in_creds, &out_creds); + krb5_free_principal(d->context, in_creds.server); + krb5_free_principal(d->context, in_creds.client); + if(ret) + return ret; + ret = krb524_convert_creds_kdc(d->context, out_creds, c); + krb5_free_creds(d->context, out_creds); + return ret; +} + +static krb5_error_code +afslog_uid_int(kafs_data *data, const char *cell, uid_t uid, + const char *homedir) +{ + krb5_error_code ret; + CREDENTIALS c; + krb5_realm lrealm; /* local realm */ + struct krb5_kafs_data *d = data->data; + + if (cell == 0 || cell[0] == 0) + return _kafs_afslog_all_local_cells (data, uid, homedir); + + ret = krb5_get_default_realm(d->context, &lrealm); + if(ret || (d->realm && strcmp(d->realm, lrealm) == 0)){ + free(lrealm); + lrealm = NULL; + } + + ret = _kafs_get_cred(data, cell, d->realm, lrealm, &c); + if(lrealm) + free(lrealm); + + if(ret == 0) + ret = kafs_settoken(cell, uid, &c); + return ret; +} + +static char * +get_realm(kafs_data *data, const char *host) +{ + struct krb5_kafs_data *d = data->data; + krb5_realm *realms; + char *r; + if(krb5_get_host_realm(d->context, host, &realms)) + return NULL; + r = strdup(realms[0]); + krb5_free_host_realm(d->context, realms); + return r; +} + +krb5_error_code +krb5_afslog_uid_home(krb5_context context, + krb5_ccache id, + const char *cell, + krb5_const_realm realm, + uid_t uid, + const char *homedir) +{ + kafs_data kd; + struct krb5_kafs_data d; + kd.afslog_uid = afslog_uid_int; + kd.get_cred = get_cred; + kd.get_realm = get_realm; + kd.data = &d; + d.context = context; + d.id = id; + d.realm = realm; + return afslog_uid_int(&kd, cell, uid, homedir); +} + +krb5_error_code +krb5_afslog_uid(krb5_context context, + krb5_ccache id, + const char *cell, + krb5_const_realm realm, + uid_t uid) +{ + return krb5_afslog_uid_home (context, id, cell, realm, uid, NULL); +} + +krb5_error_code +krb5_afslog(krb5_context context, + krb5_ccache id, + const char *cell, + krb5_const_realm realm) +{ + return krb5_afslog_uid (context, id, cell, realm, getuid()); +} + +krb5_error_code +krb5_afslog_home(krb5_context context, + krb5_ccache id, + const char *cell, + krb5_const_realm realm, + const char *homedir) +{ + return krb5_afslog_uid_home (context, id, cell, realm, getuid(), homedir); +} + +/* + * + */ + +krb5_error_code +krb5_realm_of_cell(const char *cell, char **realm) +{ + kafs_data kd; + + kd.get_realm = get_realm; + return _kafs_realm_of_cell(&kd, cell, realm); +} diff --git a/crypto/kerberosIV/lib/kafs/afssys.c b/crypto/kerberosIV/lib/kafs/afssys.c index 741225c..2c6e3af 100644 --- a/crypto/kerberosIV/lib/kafs/afssys.c +++ b/crypto/kerberosIV/lib/kafs/afssys.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -38,28 +38,34 @@ #include "kafs_locl.h" -RCSID("$Id: afssys.c,v 1.53 1997/05/04 02:30:41 assar Exp $"); +RCSID("$Id: afssys.c,v 1.63 1999/05/08 02:24:32 assar Exp $"); + +int _kafs_debug; /* this should be done in a better way */ + +#define NO_ENTRY_POINT 0 +#define SINGLE_ENTRY_POINT 1 +#define MULTIPLE_ENTRY_POINT 2 +#define SINGLE_ENTRY_POINT2 3 +#define SINGLE_ENTRY_POINT3 4 +#define AIX_ENTRY_POINTS 5 +#define UNKNOWN_ENTRY_POINT 6 +static int afs_entry_point = UNKNOWN_ENTRY_POINT; +static int afs_syscalls[2]; /* Magic to get AIX syscalls to work */ #ifdef _AIX -static int (*Pioctl)(char*, int, void*, int); +static int (*Pioctl)(char*, int, struct ViceIoctl*, int); static int (*Setpag)(void); #include "dlfcn.h" -static int -isSuid() -{ - int uid = getuid(); - int gid = getgid(); - int euid = getegid(); - int egid = getegid(); - return (uid != euid) || (gid != egid); -} +/* + * + */ static int -aix_setup(void) +try_aix(void) { #ifdef STATIC_AFS_SYSCALLS Pioctl = aix_pioctl; @@ -70,30 +76,63 @@ aix_setup(void) /* * If we are root or running setuid don't trust AFSLIBPATH! */ - if (getuid() != 0 && !isSuid() && (p = getenv("AFSLIBPATH")) != NULL) - strcpy(path, p); + if (getuid() != 0 && !issuid() && (p = getenv("AFSLIBPATH")) != NULL) + strcpy_truncate(path, p, sizeof(path)); else snprintf(path, sizeof(path), "%s/afslib.so", LIBDIR); - ptr = dlopen(path, 0); - if(ptr){ - Setpag = (int (*)(void))dlsym(ptr, "aix_setpag"); - Pioctl = (int (*)(char*, int, void*, int))dlsym(ptr, "aix_pioctl"); + ptr = dlopen(path, RTLD_NOW); + if(ptr == NULL) { + if(_kafs_debug) { + if(errno == ENOEXEC && (p = dlerror()) != NULL) + fprintf(stderr, "dlopen(%s): %s\n", path, p); + else if (errno != ENOENT) + fprintf(stderr, "dlopen(%s): %s\n", path, strerror(errno)); + } + return 1; } + Setpag = (int (*)(void))dlsym(ptr, "aix_setpag"); + Pioctl = (int (*)(char*, int, + struct ViceIoctl*, int))dlsym(ptr, "aix_pioctl"); #endif + afs_entry_point = AIX_ENTRY_POINTS; + return 0; } #endif /* _AIX */ -#define NO_ENTRY_POINT 0 -#define SINGLE_ENTRY_POINT 1 -#define MULTIPLE_ENTRY_POINT 2 -#define SINGLE_ENTRY_POINT2 3 -#define SINGLE_ENTRY_POINT3 4 -#define AIX_ENTRY_POINTS 5 -#define UNKNOWN_ENTRY_POINT 6 -static int afs_entry_point = UNKNOWN_ENTRY_POINT; -static int afs_syscalls[2]; +/* + * This probably only works under Solaris and could get confused if + * there's a /etc/name_to_sysnum file. + */ + +#define _PATH_ETC_NAME_TO_SYSNUM "/etc/name_to_sysnum" +static int +map_syscall_name_to_number (const char *str, int *res) +{ + FILE *f; + char buf[256]; + size_t str_len = strlen (str); + + f = fopen (_PATH_ETC_NAME_TO_SYSNUM, "r"); + if (f == NULL) + return -1; + while (fgets (buf, sizeof(buf), f) != NULL) { + if (strncmp (str, buf, str_len) == 0) { + char *begptr = buf + str_len; + char *endptr; + long val = strtol (begptr, &endptr, 0); + + if (val != 0 && endptr != begptr) { + fclose (f); + *res = val; + return 0; + } + } + } + fclose (f); + return -1; +} int k_pioctl(char *a_path, @@ -191,12 +230,65 @@ SIGSYS_handler(int sig) #endif +/* + * Try to see if `syscall' is a pioctl. Return 0 iff succesful. + */ + +#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3) +static int +try_one (int syscall_num) +{ + struct ViceIoctl parms; + memset(&parms, 0, sizeof(parms)); + + if (setjmp(catch_SIGSYS) == 0) { + syscall(syscall_num, AFSCALL_PIOCTL, + 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); + if (errno == EINVAL) { + afs_entry_point = SINGLE_ENTRY_POINT; + afs_syscalls[0] = syscall_num; + return 0; + } + } + return 1; +} +#endif + +/* + * Try to see if `syscall_pioctl' is a pioctl syscall. Return 0 iff + * succesful. + * + */ + +#ifdef AFS_PIOCTL +static int +try_two (int syscall_pioctl, int syscall_setpag) +{ + struct ViceIoctl parms; + memset(&parms, 0, sizeof(parms)); + + if (setjmp(catch_SIGSYS) == 0) { + syscall(syscall_pioctl, + 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); + if (errno == EINVAL) { + afs_entry_point = MULTIPLE_ENTRY_POINT; + afs_syscalls[0] = syscall_pioctl; + afs_syscalls[1] = syscall_setpag; + return 0; + } + } + return 1; +} +#endif + int k_hasafs(void) { - int saved_errno; +#if !defined(NO_AFS) && defined(SIGSYS) RETSIGTYPE (*saved_func)(); - struct ViceIoctl parms; +#endif + int saved_errno; + char *env = getenv ("AFS_SYSCALL"); /* * Already checked presence of AFS syscalls? @@ -210,7 +302,6 @@ k_hasafs(void) * If the syscall is absent we recive a SIGSYS. */ afs_entry_point = NO_ENTRY_POINT; - memset(&parms, 0, sizeof(parms)); saved_errno = errno; #ifndef NO_AFS @@ -218,69 +309,85 @@ k_hasafs(void) saved_func = signal(SIGSYS, SIGSYS_handler); #endif -#ifdef AFS_SYSCALL - if (setjmp(catch_SIGSYS) == 0) - { - syscall(AFS_SYSCALL, AFSCALL_PIOCTL, - 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); - if (errno == EINVAL) - { - afs_entry_point = SINGLE_ENTRY_POINT; - afs_syscalls[0] = AFS_SYSCALL; +#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3) + { + int tmp; + + if (env != NULL) { + if (sscanf (env, "%d", &tmp) == 1) { + if (try_one (tmp) == 0) goto done; + } else { + char *end = NULL; + char *p; + char *s = strdup (env); + + if (s != NULL) { + for (p = strtok_r (s, ",", &end); + p != NULL; + p = strtok_r (NULL, ",", &end)) { + if (map_syscall_name_to_number (p, &tmp) == 0) + if (try_one (tmp) == 0) { + free (s); + goto done; + } + } + free (s); } + } } + } +#endif /* AFS_SYSCALL || AFS_SYSCALL2 || AFS_SYSCALL3 */ + +#ifdef AFS_SYSCALL + if (try_one (AFS_SYSCALL) == 0) + goto done; #endif /* AFS_SYSCALL */ #ifdef AFS_PIOCTL - if (setjmp(catch_SIGSYS) == 0) - { - syscall(AFS_PIOCTL, - 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); - if (errno == EINVAL) - { - afs_entry_point = MULTIPLE_ENTRY_POINT; - afs_syscalls[0] = AFS_PIOCTL; - afs_syscalls[1] = AFS_SETPAG; - goto done; - } - } + { + int tmp[2]; + + if (env != NULL && sscanf (env, "%d%d", &tmp[0], &tmp[1]) == 2) + if (try_two (tmp[0], tmp[1]) == 2) + goto done; + } +#endif /* AFS_PIOCTL */ + +#ifdef AFS_PIOCTL + if (try_two (AFS_PIOCTL, AFS_SETPAG) == 0) + goto done; #endif /* AFS_PIOCTL */ #ifdef AFS_SYSCALL2 - if (setjmp(catch_SIGSYS) == 0) - { - syscall(AFS_SYSCALL2, AFSCALL_PIOCTL, - 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); - if (errno == EINVAL) - { - afs_entry_point = SINGLE_ENTRY_POINT2; - afs_syscalls[0] = AFS_SYSCALL2; - goto done; - } - } -#endif /* AFS_SYSCALL */ + if (try_one (AFS_SYSCALL2) == 0) + goto done; +#endif /* AFS_SYSCALL2 */ #ifdef AFS_SYSCALL3 - if (setjmp(catch_SIGSYS) == 0) - { - syscall(AFS_SYSCALL3, AFSCALL_PIOCTL, - 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); - if (errno == EINVAL) - { - afs_entry_point = SINGLE_ENTRY_POINT3; - afs_syscalls[0] = AFS_SYSCALL3; + if (try_one (AFS_SYSCALL3) == 0) + goto done; +#endif /* AFS_SYSCALL3 */ + +#ifdef _AIX +#if 0 + if (env != NULL) { + char *pos = NULL; + char *pioctl_name; + char *setpag_name; + + pioctl_name = strtok_r (env, ", \t", &pos); + if (pioctl_name != NULL) { + setpag_name = strtok_r (NULL, ", \t", &pos); + if (setpag_name != NULL) + if (try_aix (pioctl_name, setpag_name) == 0) goto done; - } } -#endif /* AFS_SYSCALL */ + } +#endif -#ifdef _AIX - aix_setup(); - if(Pioctl != NULL && Setpag != NULL){ - afs_entry_point = AIX_ENTRY_POINTS; + if(try_aix() == 0) goto done; - } #endif done: diff --git a/crypto/kerberosIV/lib/kafs/afssysdefs.h b/crypto/kerberosIV/lib/kafs/afssysdefs.h index 028f9b3..7193eea 100644 --- a/crypto/kerberosIV/lib/kafs/afssysdefs.h +++ b/crypto/kerberosIV/lib/kafs/afssysdefs.h @@ -36,7 +36,7 @@ * SUCH DAMAGE. */ -/* $Id: afssysdefs.h,v 1.15 1997/04/01 08:18:12 joda Exp $ */ +/* $Id: afssysdefs.h,v 1.19.4.1 1999/07/22 03:21:43 assar Exp $ */ /* * This section is for machines using single entry point AFS syscalls! @@ -47,17 +47,22 @@ * entry point syscalls. */ -#if SunOS == 4 +#if SunOS == 40 #define AFS_SYSCALL 31 #endif -#if SunOS == 5 +#if SunOS >= 50 && SunOS < 57 #define AFS_SYSCALL 105 #endif +#if SunOS == 57 +#define AFS_SYSCALL 73 +#endif + #if defined(__hpux) #define AFS_SYSCALL 50 #define AFS_SYSCALL2 49 +#define AFS_SYSCALL3 48 #endif #if defined(_AIX) @@ -78,7 +83,7 @@ #define AFS_SYSCALL 31 #endif -#if defined(__NetBSD__) +#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) #define AFS_SYSCALL 210 #endif diff --git a/crypto/kerberosIV/lib/kafs/common.c b/crypto/kerberosIV/lib/kafs/common.c new file mode 100644 index 0000000..54d7b1b --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/common.c @@ -0,0 +1,370 @@ +/* + * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kafs_locl.h" + +RCSID("$Id: common.c,v 1.15 1999/06/09 22:41:41 assar Exp $"); + +#define AUTH_SUPERUSER "afs" + +/* + * Here only ASCII characters are relevant. + */ + +#define IsAsciiLower(c) ('a' <= (c) && (c) <= 'z') + +#define ToAsciiUpper(c) ((c) - 'a' + 'A') + +static void +foldup(char *a, const char *b) +{ + for (; *b; a++, b++) + if (IsAsciiLower(*b)) + *a = ToAsciiUpper(*b); + else + *a = *b; + *a = '\0'; +} + +int +kafs_settoken(const char *cell, uid_t uid, CREDENTIALS *c) +{ + struct ViceIoctl parms; + struct ClearToken ct; + int32_t sizeof_x; + char buf[2048], *t; + int ret; + + /* + * Build a struct ClearToken + */ + ct.AuthHandle = c->kvno; + memcpy (ct.HandShakeKey, c->session, sizeof(c->session)); + ct.ViceId = uid; + ct.BeginTimestamp = c->issue_date; + ct.EndTimestamp = krb_life_to_time(c->issue_date, c->lifetime); + if(ct.EndTimestamp < time(NULL)) + return 0; /* don't store tokens that has expired (and possibly + overwriting valid tokens)*/ + +#define ODD(x) ((x) & 1) + /* According to Transarc conventions ViceId is valid iff + * (EndTimestamp - BeginTimestamp) is odd. By decrementing EndTime + * the transformations: + * + * (issue_date, life) -> (StartTime, EndTime) -> (issue_date, life) + * preserves the original values. + */ + if (uid != 0) /* valid ViceId */ + { + if (!ODD(ct.EndTimestamp - ct.BeginTimestamp)) + ct.EndTimestamp--; + } + else /* not valid ViceId */ + { + if (ODD(ct.EndTimestamp - ct.BeginTimestamp)) + ct.EndTimestamp--; + } + + t = buf; + /* + * length of secret token followed by secret token + */ + sizeof_x = c->ticket_st.length; + memcpy(t, &sizeof_x, sizeof(sizeof_x)); + t += sizeof(sizeof_x); + memcpy(t, c->ticket_st.dat, sizeof_x); + t += sizeof_x; + /* + * length of clear token followed by clear token + */ + sizeof_x = sizeof(ct); + memcpy(t, &sizeof_x, sizeof(sizeof_x)); + t += sizeof(sizeof_x); + memcpy(t, &ct, sizeof_x); + t += sizeof_x; + + /* + * do *not* mark as primary cell + */ + sizeof_x = 0; + memcpy(t, &sizeof_x, sizeof(sizeof_x)); + t += sizeof(sizeof_x); + /* + * follow with cell name + */ + sizeof_x = strlen(cell) + 1; + memcpy(t, cell, sizeof_x); + t += sizeof_x; + + /* + * Build argument block + */ + parms.in = buf; + parms.in_size = t - buf; + parms.out = 0; + parms.out_size = 0; + ret = k_pioctl(0, VIOCSETTOK, &parms, 0); + return ret; +} + +/* Try to get a db-server for an AFS cell from a AFSDB record */ + +static int +dns_find_cell(const char *cell, char *dbserver, size_t len) +{ + struct dns_reply *r; + int ok = -1; + r = dns_lookup(cell, "afsdb"); + if(r){ + struct resource_record *rr = r->head; + while(rr){ + if(rr->type == T_AFSDB && rr->u.afsdb->preference == 1){ + strcpy_truncate(dbserver, + rr->u.afsdb->domain, + len); + ok = 0; + break; + } + rr = rr->next; + } + dns_free_data(r); + } + return ok; +} + + +/* + * Try to find the cells we should try to klog to in "file". + */ +static void +find_cells(char *file, char ***cells, int *index) +{ + FILE *f; + char cell[64]; + int i; + int ind = *index; + + f = fopen(file, "r"); + if (f == NULL) + return; + while (fgets(cell, sizeof(cell), f)) { + char *nl = strchr(cell, '\n'); + if (nl) + *nl = '\0'; + if (cell[0] == '\0') + continue; + for(i = 0; i < ind; i++) + if(strcmp((*cells)[i], cell) == 0) + break; + if(i == ind){ + char **tmp; + + tmp = realloc(*cells, (ind + 1) * sizeof(**cells)); + if (tmp == NULL) + break; + *cells = tmp; + (*cells)[ind] = strdup(cell); + if ((*cells)[ind] == NULL) + break; + ++ind; + } + } + fclose(f); + *index = ind; +} + +/* + * Get tokens for all cells[] + */ +static int +afslog_cells(kafs_data *data, char **cells, int max, uid_t uid, + const char *homedir) +{ + int ret = 0; + int i; + for(i = 0; i < max; i++) + ret = (*data->afslog_uid)(data, cells[i], uid, homedir); + return ret; +} + +int +_kafs_afslog_all_local_cells(kafs_data *data, uid_t uid, const char *homedir) +{ + int ret; + char **cells = NULL; + int index = 0; + + if (homedir == NULL) + homedir = getenv("HOME"); + if (homedir != NULL) { + char home[MaxPathLen]; + snprintf(home, sizeof(home), "%s/.TheseCells", homedir); + find_cells(home, &cells, &index); + } + find_cells(_PATH_THESECELLS, &cells, &index); + find_cells(_PATH_THISCELL, &cells, &index); + find_cells(_PATH_ARLA_THESECELLS, &cells, &index); + find_cells(_PATH_ARLA_THISCELL, &cells, &index); + + ret = afslog_cells(data, cells, index, uid, homedir); + while(index > 0) + free(cells[--index]); + free(cells); + return ret; +} + + +/* Find the realm associated with cell. Do this by opening + /usr/vice/etc/CellServDB and getting the realm-of-host for the + first VL-server for the cell. + + This does not work when the VL-server is living in one realm, but + the cell it is serving is living in another realm. + + Return 0 on success, -1 otherwise. + */ + +int +_kafs_realm_of_cell(kafs_data *data, const char *cell, char **realm) +{ + FILE *F; + char buf[1024]; + char *p; + int ret = -1; + + if ((F = fopen(_PATH_CELLSERVDB, "r")) + || (F = fopen(_PATH_ARLA_CELLSERVDB, "r"))) { + while (fgets(buf, sizeof(buf), F)) { + if (buf[0] != '>') + continue; /* Not a cell name line, try next line */ + if (strncmp(buf + 1, cell, strlen(cell)) == 0) { + /* + * We found the cell name we're looking for. + * Read next line on the form ip-address '#' hostname + */ + if (fgets(buf, sizeof(buf), F) == NULL) + break; /* Read failed, give up */ + p = strchr(buf, '#'); + if (p == NULL) + break; /* No '#', give up */ + p++; + if (buf[strlen(buf) - 1] == '\n') + buf[strlen(buf) - 1] = '\0'; + *realm = (*data->get_realm)(data, p); + if (*realm && **realm != '\0') + ret = 0; + break; /* Won't try any more */ + } + } + fclose(F); + } + if (*realm == NULL && dns_find_cell(cell, buf, sizeof(buf)) == 0) { + *realm = strdup(krb_realmofhost(buf)); + if(*realm != NULL) + ret = 0; + } + return ret; +} + +int +_kafs_get_cred(kafs_data *data, + const char *cell, + const char *krealm, + const char *lrealm, + CREDENTIALS *c) +{ + int ret = -1; + char *vl_realm; + char CELL[64]; + + /* We're about to find the the realm that holds the key for afs in + * the specified cell. The problem is that null-instance + * afs-principals are common and that hitting the wrong realm might + * yield the wrong afs key. The following assumptions were made. + * + * Any realm passed to us is preferred. + * + * If there is a realm with the same name as the cell, it is most + * likely the correct realm to talk to. + * + * In most (maybe even all) cases the database servers of the cell + * will live in the realm we are looking for. + * + * Try the local realm, but if the previous cases fail, this is + * really a long shot. + * + */ + + /* comments on the ordering of these tests */ + + /* If the user passes a realm, she probably knows something we don't + * know and we should try afs@krealm (otherwise we're talking with a + * blondino and she might as well have it.) + */ + + if (krealm) { + ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, krealm, c); + if (ret == 0) return 0; + ret = (*data->get_cred)(data, AUTH_SUPERUSER, "", krealm, c); + } + if (ret == 0) return 0; + + foldup(CELL, cell); + + ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, CELL, c); + if (ret == 0) return 0; + + ret = (*data->get_cred)(data, AUTH_SUPERUSER, "", CELL, c); + if (ret == 0) return 0; + + /* this might work in some cases */ + if (_kafs_realm_of_cell(data, cell, &vl_realm) == 0) { + ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, vl_realm, c); + if (ret) + ret = (*data->get_cred)(data, AUTH_SUPERUSER, "", vl_realm, c); + free(vl_realm); + if (ret == 0) return 0; + } + + if (lrealm) + ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, lrealm, c); + return ret; +} + + diff --git a/crypto/kerberosIV/lib/kafs/dlfcn.c b/crypto/kerberosIV/lib/kafs/dlfcn.c index 3f4de92..98e081c 100644 --- a/crypto/kerberosIV/lib/kafs/dlfcn.c +++ b/crypto/kerberosIV/lib/kafs/dlfcn.c @@ -115,14 +115,12 @@ void *dlopen(const char *path, int mode) } if ((mp = (ModulePtr)calloc(1, sizeof(*mp))) == NULL) { errvalid++; - strcpy(errbuf, "calloc: "); - strcat(errbuf, strerror(errno)); + snprintf (errbuf, "calloc: %s", strerror(errno)); return NULL; } if ((mp->name = strdup(path)) == NULL) { errvalid++; - strcpy(errbuf, "strdup: "); - strcat(errbuf, strerror(errno)); + snprintf (errbuf, "strdup: %s", strerror(errno)); free(mp); return NULL; } @@ -134,9 +132,8 @@ void *dlopen(const char *path, int mode) free(mp->name); free(mp); errvalid++; - strcpy(errbuf, "dlopen: "); - strcat(errbuf, path); - strcat(errbuf, ": "); + snprintf (errbuf, sizeof(errbuf), + "dlopen: %s: ", path); /* * If AIX says the file is not executable, the error * can be further described by querying the loader about @@ -145,14 +142,18 @@ void *dlopen(const char *path, int mode) if (errno == ENOEXEC) { char *tmp[BUFSIZ/sizeof(char *)]; if (loadquery(L_GETMESSAGES, tmp, sizeof(tmp)) == -1) - strcpy(errbuf, strerror(errno)); + strcpy_truncate(errbuf, + strerror(errno), + sizeof(errbuf)); else { char **p; for (p = tmp; *p; p++) caterr(*p); } } else - strcat(errbuf, strerror(errno)); + strcat_truncate(errbuf, + strerror(errno), + sizeof(errbuf)); return NULL; } mp->refCnt = 1; @@ -161,8 +162,8 @@ void *dlopen(const char *path, int mode) if (loadbind(0, mainModule, mp->entry) == -1) { dlclose(mp); errvalid++; - strcpy(errbuf, "loadbind: "); - strcat(errbuf, strerror(errno)); + snprintf (errbuf, sizeof(errbuf), + "loadbind: %s", strerror(errno)); return NULL; } /* @@ -175,8 +176,9 @@ void *dlopen(const char *path, int mode) if (loadbind(0, mp1->entry, mp->entry) == -1) { dlclose(mp); errvalid++; - strcpy(errbuf, "loadbind: "); - strcat(errbuf, strerror(errno)); + snprintf (errbuf, sizeof(errbuf), + "loadbind: %s", + strerror(errno)); return NULL; } } @@ -229,29 +231,29 @@ static void caterr(char *s) p++; switch(atoi(s)) { case L_ERROR_TOOMANY: - strcat(errbuf, "to many errors"); + strcat_truncate(errbuf, "to many errors", sizeof(errbuf)); break; case L_ERROR_NOLIB: - strcat(errbuf, "can't load library"); - strcat(errbuf, p); + strcat_truncate(errbuf, "can't load library", sizeof(errbuf)); + strcat_truncate(errbuf, p, sizeof(errbuf)); break; case L_ERROR_UNDEF: - strcat(errbuf, "can't find symbol"); - strcat(errbuf, p); + strcat_truncate(errbuf, "can't find symbol", sizeof(errbuf)); + strcat_truncate(errbuf, p, sizeof(errbuf)); break; case L_ERROR_RLDBAD: - strcat(errbuf, "bad RLD"); - strcat(errbuf, p); + strcat_truncate(errbuf, "bad RLD", sizeof(errbuf)); + strcat_truncate(errbuf, p, sizeof(errbuf)); break; case L_ERROR_FORMAT: - strcat(errbuf, "bad exec format in"); - strcat(errbuf, p); + strcat_truncate(errbuf, "bad exec format in", sizeof(errbuf)); + strcat_truncate(errbuf, p, sizeof(errbuf)); break; case L_ERROR_ERRNO: - strcat(errbuf, strerror(atoi(++p))); + strcat_truncate(errbuf, strerror(atoi(++p)), sizeof(errbuf)); break; default: - strcat(errbuf, s); + strcat_truncate(errbuf, s, sizeof(errbuf)); break; } } @@ -270,8 +272,8 @@ void *dlsym(void *handle, const char *symbol) if (strcmp(ep->name, symbol) == 0) return ep->addr; errvalid++; - strcpy(errbuf, "dlsym: undefined symbol "); - strcat(errbuf, symbol); + snprintf (errbuf, sizeof(errbuf), + "dlsym: undefined symbol %s", symbol); return NULL; } @@ -311,7 +313,8 @@ int dlclose(void *handle) result = unload(mp->entry); if (result == -1) { errvalid++; - strcpy(errbuf, strerror(errno)); + snprintf (errbuf, sizeof(errbuf), + "%s", strerror(errno)); } if (mp->exports) { ExportPtr ep; @@ -360,8 +363,9 @@ static int readExports(ModulePtr mp) int size = 4*1024; if (errno != ENOENT) { errvalid++; - strcpy(errbuf, "readExports: "); - strcat(errbuf, strerror(errno)); + snprintf(errbuf, sizeof(errbuf), + "readExports: %s", + strerror(errno)); return -1; } /* @@ -371,8 +375,9 @@ static int readExports(ModulePtr mp) */ if ((buf = malloc(size)) == NULL) { errvalid++; - strcpy(errbuf, "readExports: "); - strcat(errbuf, strerror(errno)); + snprintf(errbuf, sizeof(errbuf), + "readExports: %s", + strerror(errno)); return -1; } while ((i = loadquery(L_GETINFO, buf, size)) == -1 && errno == ENOMEM) { @@ -380,15 +385,17 @@ static int readExports(ModulePtr mp) size += 4*1024; if ((buf = malloc(size)) == NULL) { errvalid++; - strcpy(errbuf, "readExports: "); - strcat(errbuf, strerror(errno)); + snprintf(errbuf, sizeof(errbuf), + "readExports: %s", + strerror(errno)); return -1; } } if (i == -1) { errvalid++; - strcpy(errbuf, "readExports: "); - strcat(errbuf, strerror(errno)); + snprintf(errbuf, sizeof(errbuf), + "readExports: %s", + strerror(errno)); free(buf); return -1; } @@ -411,14 +418,14 @@ static int readExports(ModulePtr mp) free(buf); if (!ldp) { errvalid++; - strcpy(errbuf, "readExports: "); - strcat(errbuf, strerror(errno)); + snprintf (errbuf, sizeof(errbuf), + "readExports: %s", strerror(errno)); return -1; } } if (TYPE(ldp) != U802TOCMAGIC) { errvalid++; - strcpy(errbuf, "readExports: bad magic"); + snprintf(errbuf, sizeof(errbuf), "readExports: bad magic"); while(ldclose(ldp) == FAILURE) ; return -1; @@ -430,14 +437,16 @@ static int readExports(ModulePtr mp) */ if (ldnshread(ldp, _DATA, &shdata) != SUCCESS) { errvalid++; - strcpy(errbuf, "readExports: cannot read data section header"); + snprintf(errbuf, sizeof(errbuf), + "readExports: cannot read data section header"); while(ldclose(ldp) == FAILURE) ; return -1; } if (ldnshread(ldp, _LOADER, &sh) != SUCCESS) { errvalid++; - strcpy(errbuf, "readExports: cannot read loader section header"); + snprintf(errbuf, sizeof(errbuf), + "readExports: cannot read loader section header"); while(ldclose(ldp) == FAILURE) ; return -1; @@ -448,15 +457,16 @@ static int readExports(ModulePtr mp) */ if ((ldbuf = (char *)malloc(sh.s_size)) == NULL) { errvalid++; - strcpy(errbuf, "readExports: "); - strcat(errbuf, strerror(errno)); + snprintf (errbuf, sizeof(errbuf), + "readExports: %s", strerror(errno)); while(ldclose(ldp) == FAILURE) ; return -1; } if (FSEEK(ldp, sh.s_scnptr, BEGINNING) != OKFSEEK) { errvalid++; - strcpy(errbuf, "readExports: cannot seek to loader section"); + snprintf(errbuf, sizeof(errbuf), + "readExports: cannot seek to loader section"); free(ldbuf); while(ldclose(ldp) == FAILURE) ; @@ -464,7 +474,8 @@ static int readExports(ModulePtr mp) } if (FREAD(ldbuf, sh.s_size, 1, ldp) != 1) { errvalid++; - strcpy(errbuf, "readExports: cannot read loader section"); + snprintf(errbuf, sizeof(errbuf), + "readExports: cannot read loader section"); free(ldbuf); while(ldclose(ldp) == FAILURE) ; @@ -482,8 +493,8 @@ static int readExports(ModulePtr mp) } if ((mp->exports = (ExportPtr)calloc(mp->nExports, sizeof(*mp->exports))) == NULL) { errvalid++; - strcpy(errbuf, "readExports: "); - strcat(errbuf, strerror(errno)); + snprintf (errbuf, sizeof(errbuf), + "readExports: %s", strerror(errno)); free(ldbuf); while(ldclose(ldp) == FAILURE) ; @@ -508,8 +519,8 @@ static int readExports(ModulePtr mp) * must copy the first SYMNMLEN chars and make * sure we have a zero byte at the end. */ - strncpy(tmpsym, ls->l_name, SYMNMLEN); - tmpsym[SYMNMLEN] = '\0'; + strcpy_truncate (tmpsym, ls->l_name, + SYMNMLEN + 1); symname = tmpsym; } ep->name = strdup(symname); @@ -537,8 +548,8 @@ static void * findMain(void) if ((buf = malloc(size)) == NULL) { errvalid++; - strcpy(errbuf, "findMain: "); - strcat(errbuf, strerror(errno)); + snprintf (errbuf, sizeof(errbuf), + "findMail: %s", strerror(errno)); return NULL; } while ((i = loadquery(L_GETINFO, buf, size)) == -1 && errno == ENOMEM) { @@ -546,15 +557,15 @@ static void * findMain(void) size += 4*1024; if ((buf = malloc(size)) == NULL) { errvalid++; - strcpy(errbuf, "findMain: "); - strcat(errbuf, strerror(errno)); + snprintf (errbuf, sizeof(errbuf), + "findMail: %s", strerror(errno)); return NULL; } } if (i == -1) { errvalid++; - strcpy(errbuf, "findMain: "); - strcat(errbuf, strerror(errno)); + snprintf (errbuf, sizeof(errbuf), + "findMail: %s", strerror(errno)); free(buf); return NULL; } diff --git a/crypto/kerberosIV/lib/kafs/kafs.h b/crypto/kerberosIV/lib/kafs/kafs.h index b3c53b5..cdf23cb 100644 --- a/crypto/kerberosIV/lib/kafs/kafs.h +++ b/crypto/kerberosIV/lib/kafs/kafs.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -36,13 +36,13 @@ * SUCH DAMAGE. */ -/* $Id: kafs.h,v 1.19 1997/05/14 17:41:02 joda Exp $ */ +/* $Id: kafs.h,v 1.31 1999/07/07 12:30:40 assar Exp $ */ #ifndef __KAFS_H #define __KAFS_H -#include <ktypes.h> -#include <sys/cdefs.h> +/* XXX must include krb5.h or krb.h */ + /* sys/ioctl.h must be included manually before kafs.h */ /* @@ -54,10 +54,39 @@ #define _VICEIOCTL(id) ((unsigned int ) _IOW('V', id, struct ViceIoctl)) #endif /* _VICEIOCTL */ +#define VIOCSETAL _VICEIOCTL(1) +#define VIOCGETAL _VICEIOCTL(2) #define VIOCSETTOK _VICEIOCTL(3) +#define VIOCGETVOLSTAT _VICEIOCTL(4) +#define VIOCSETVOLSTAT _VICEIOCTL(5) +#define VIOCFLUSH _VICEIOCTL(6) #define VIOCGETTOK _VICEIOCTL(8) #define VIOCUNLOG _VICEIOCTL(9) +#define VIOCCKSERV _VICEIOCTL(10) +#define VIOCCKBACK _VICEIOCTL(11) +#define VIOCCKCONN _VICEIOCTL(12) +#define VIOCWHEREIS _VICEIOCTL(14) +#define VIOCACCESS _VICEIOCTL(20) +#define VIOCUNPAG _VICEIOCTL(21) +#define VIOCGETFID _VICEIOCTL(22) +#define VIOCSETCACHESIZE _VICEIOCTL(24) +#define VIOCFLUSHCB _VICEIOCTL(25) +#define VIOCNEWCELL _VICEIOCTL(26) +#define VIOCGETCELL _VICEIOCTL(27) +#define VIOC_AFS_DELETE_MT_PT _VICEIOCTL(28) +#define VIOC_AFS_STAT_MT_PT _VICEIOCTL(29) #define VIOC_FILE_CELL_NAME _VICEIOCTL(30) +#define VIOC_GET_WS_CELL _VICEIOCTL(31) +#define VIOC_AFS_MARINER_HOST _VICEIOCTL(32) +#define VIOC_GET_PRIMARY_CELL _VICEIOCTL(33) +#define VIOC_VENUSLOG _VICEIOCTL(34) +#define VIOC_GETCELLSTATUS _VICEIOCTL(35) +#define VIOC_SETCELLSTATUS _VICEIOCTL(36) +#define VIOC_FLUSHVOLUME _VICEIOCTL(37) +#define VIOC_AFS_SYSNAME _VICEIOCTL(38) +#define VIOC_EXPORTAFS _VICEIOCTL(39) +#define VIOCGETCACHEPARAMS _VICEIOCTL(40) +#define VIOC_GCPAGS _VICEIOCTL(48) struct ViceIoctl { caddr_t in, out; @@ -73,17 +102,34 @@ struct ClearToken { int32_t EndTimestamp; }; +#ifdef __STDC__ #ifndef __P #define __P(x) x #endif +#else +#ifndef __P +#define __P(x) () +#endif +#endif /* Use k_hasafs() to probe if the machine supports AFS syscalls. The other functions will generate a SIGSYS if AFS is not supported */ int k_hasafs __P((void)); -int k_afsklog __P((const char *cell, const char *realm)); -int k_afsklog_uid __P((const char *cell, const char *realm, uid_t uid)); +int krb_afslog __P((const char *cell, const char *realm)); +int krb_afslog_uid __P((const char *cell, const char *realm, uid_t uid)); +int krb_afslog_home __P((const char *cell, const char *realm, + const char *homedir)); +int krb_afslog_uid_home __P((const char *cell, const char *realm, uid_t uid, + const char *homedir)); + +int krb_realm_of_cell __P((const char *cell, char **realm)); + +/* compat */ +#define k_afsklog krb_afslog +#define k_afsklog_uid krb_afslog_uid + int k_pioctl __P((char *a_path, int o_opcode, struct ViceIoctl *a_paramsP, @@ -92,9 +138,59 @@ int k_unlog __P((void)); int k_setpag __P((void)); int k_afs_cell_of_file __P((const char *path, char *cell, int len)); + + +/* XXX */ +#ifdef KFAILURE +#define KRB_H_INCLUDED +#endif + +#ifdef KRB5_RECVAUTH_IGNORE_VERSION +#define KRB5_H_INCLUDED +#endif + +#ifdef KRB_H_INCLUDED +int kafs_settoken __P((const char*, uid_t, CREDENTIALS*)); +#endif + +#ifdef KRB5_H_INCLUDED +krb5_error_code krb5_afslog_uid __P((krb5_context context, + krb5_ccache id, + const char *cell, + krb5_const_realm realm, + uid_t uid)); +krb5_error_code krb5_afslog __P((krb5_context context, + krb5_ccache id, + const char *cell, + krb5_const_realm realm)); +krb5_error_code krb5_afslog_uid_home __P((krb5_context context, + krb5_ccache id, + const char *cell, + krb5_const_realm realm, + uid_t uid, + const char *homedir)); + +krb5_error_code krb5_afslog_home __P((krb5_context context, + krb5_ccache id, + const char *cell, + krb5_const_realm realm, + const char *homedir)); + +krb5_error_code krb5_realm_of_cell __P((const char *cell, char **realm)); + +#endif + + #define _PATH_VICE "/usr/vice/etc/" #define _PATH_THISCELL _PATH_VICE "ThisCell" #define _PATH_CELLSERVDB _PATH_VICE "CellServDB" #define _PATH_THESECELLS _PATH_VICE "TheseCells" +#define _PATH_ARLA_VICE "/usr/arla/etc/" +#define _PATH_ARLA_THISCELL _PATH_ARLA_VICE "ThisCell" +#define _PATH_ARLA_CELLSERVDB _PATH_ARLA_VICE "CellServDB" +#define _PATH_ARLA_THESECELLS _PATH_ARLA_VICE "TheseCells" + +extern int _kafs_debug; + #endif /* __KAFS_H */ diff --git a/crypto/kerberosIV/lib/kafs/kafs_locl.h b/crypto/kerberosIV/lib/kafs/kafs_locl.h index 6ada6ab..6174f74 100644 --- a/crypto/kerberosIV/lib/kafs/kafs_locl.h +++ b/crypto/kerberosIV/lib/kafs/kafs_locl.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -36,13 +36,14 @@ * SUCH DAMAGE. */ -/* $Id: kafs_locl.h,v 1.3 1997/05/04 23:04:44 assar Exp $ */ +/* $Id: kafs_locl.h,v 1.12.2.1 1999/07/22 03:22:05 assar Exp $ */ #ifndef __KAFS_LOCL_H__ #define __KAFS_LOCL_H__ +#ifdef HAVE_CONFIG_H #include <config.h> -#include <protos.h> +#endif #include <stdio.h> #include <stdlib.h> @@ -57,7 +58,7 @@ #ifdef HAVE_UNISTD_H #include <unistd.h> #endif -#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4 +#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40 #include <sys/ioctl.h> #endif #ifdef HAVE_SYS_FILIO_H @@ -73,6 +74,13 @@ #ifdef HAVE_NETINET_IN_H #include <netinet/in.h> #endif +#ifdef HAVE_NETINET_IN6_H +#include <netinet/in6.h> +#endif +#ifdef HAVE_NETINET6_IN6_H +#include <netinet6/in6.h> +#endif + #ifdef HAVE_NETDB_H #include <netdb.h> #endif @@ -85,12 +93,45 @@ #endif #include <roken.h> +#ifdef KRB5 +#include <krb5.h> +#endif +#ifdef KRB4 #include <krb.h> +#endif #include <kafs.h> #include <resolve.h> #include "afssysdefs.h" +struct kafs_data; +typedef int (*afslog_uid_func_t)(struct kafs_data*, const char*, uid_t, + const char *); + +typedef int (*get_cred_func_t)(struct kafs_data*, const char*, const char*, + const char*, CREDENTIALS*); + +typedef char* (*get_realm_func_t)(struct kafs_data*, const char*); + +typedef struct kafs_data { + afslog_uid_func_t afslog_uid; + get_cred_func_t get_cred; + get_realm_func_t get_realm; + void *data; +} kafs_data; + +int _kafs_afslog_all_local_cells(kafs_data*, uid_t, const char*); + +int _kafs_get_cred(kafs_data*, const char*, const char*, const char *, + CREDENTIALS*); + +int +_kafs_realm_of_cell(kafs_data *data, const char *cell, char **realm); + +#ifdef _AIX +int aix_pioctl(char*, int, struct ViceIoctl*, int); +int aix_setpag(void); +#endif #endif /* __KAFS_LOCL_H__ */ |