diff options
| author | markm <markm@FreeBSD.org> | 2000-01-09 08:31:47 +0000 |
|---|---|---|
| committer | markm <markm@FreeBSD.org> | 2000-01-09 08:31:47 +0000 |
| commit | ca616c603d9e06e51c9e23fab7536acbdac58331 (patch) | |
| tree | 20a735799ecd3b90df122d0a8042762dd62c6b0e /crypto/kerberosIV/lib/krb | |
| parent | fe83e8abf357ee11114856a5278bb38431a9517c (diff) | |
| download | FreeBSD-src-ca616c603d9e06e51c9e23fab7536acbdac58331.zip FreeBSD-src-ca616c603d9e06e51c9e23fab7536acbdac58331.tar.gz | |
Clean import of KTH Kerberos (eBones) v1.0.
Diffstat (limited to 'crypto/kerberosIV/lib/krb')
64 files changed, 741 insertions, 656 deletions
diff --git a/crypto/kerberosIV/lib/krb/Makefile.in b/crypto/kerberosIV/lib/krb/Makefile.in index 9697de6..301a9af 100644 --- a/crypto/kerberosIV/lib/krb/Makefile.in +++ b/crypto/kerberosIV/lib/krb/Makefile.in @@ -1,5 +1,5 @@ # -# $Id: Makefile.in,v 1.110 1999/03/10 19:01:16 joda Exp $ +# $Id: Makefile.in,v 1.113 1999/11/25 05:26:26 assar Exp $ # SHELL = /bin/sh @@ -61,6 +61,7 @@ SOURCES = \ create_ticket.c \ debug_decl.c \ decomp_ticket.c \ + defaults.c \ dest_tkt.c \ encrypt_ktext.c \ extra.c \ @@ -120,7 +121,8 @@ SOURCES = \ time.c \ tkt_string.c \ unparse_name.c \ - verify_user.c + verify_user.c \ + krb_ip_realm.c # these files reside in ../roken or ../com_err/ EXTRA_SOURCE = \ @@ -133,8 +135,8 @@ EXTRA_SOURCE = \ resolve.c \ snprintf.c \ strcasecmp.c \ - strcat_truncate.c \ - strcpy_truncate.c \ + strlcat.c \ + strlcpy.c \ strdup.c \ strncasecmp.c \ strnlen.c \ @@ -154,6 +156,7 @@ OBJECTS = \ create_ticket.o \ debug_decl.o \ decomp_ticket.o \ + defaults.o \ dest_tkt.o \ encrypt_ktext.o \ extra.o \ @@ -214,6 +217,7 @@ OBJECTS = \ tkt_string.o \ unparse_name.o \ verify_user.o \ + krb_ip_realm.o \ $(LIBADD) LIBADD = \ @@ -228,8 +232,8 @@ LIBADD = \ resolve.o \ snprintf.o \ strcasecmp.o \ - strcat_truncate.o \ - strcpy_truncate.o \ + strlcat.o \ + strlcpy.o \ strdup.o \ strncasecmp.o \ strnlen.o \ @@ -322,10 +326,10 @@ snprintf.c: $(LN_S) $(srcdir)/../roken/snprintf.c . strcasecmp.c: $(LN_S) $(srcdir)/../roken/strcasecmp.c . -strcat_truncate.c: - $(LN_S) $(srcdir)/../roken/strcat_truncate.c . -strcpy_truncate.c: - $(LN_S) $(srcdir)/../roken/strcpy_truncate.c . +strlcat.c: + $(LN_S) $(srcdir)/../roken/strlcat.c . +strlcpy.c: + $(LN_S) $(srcdir)/../roken/strlcpy.c . strncasecmp.c: $(LN_S) $(srcdir)/../roken/strncasecmp.c . strnlen.c: diff --git a/crypto/kerberosIV/lib/krb/check_time.c b/crypto/kerberosIV/lib/krb/check_time.c index 3c3e6c0..be028fa 100644 --- a/crypto/kerberosIV/lib/krb/check_time.c +++ b/crypto/kerberosIV/lib/krb/check_time.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: check_time.c,v 1.4 1997/04/01 08:18:18 joda Exp $"); +RCSID("$Id: check_time.c,v 1.5 1999/12/02 16:58:40 joda Exp $"); int krb_check_tm (struct tm tm) diff --git a/crypto/kerberosIV/lib/krb/cr_err_reply.c b/crypto/kerberosIV/lib/krb/cr_err_reply.c index 3e82659..3308529 100644 --- a/crypto/kerberosIV/lib/krb/cr_err_reply.c +++ b/crypto/kerberosIV/lib/krb/cr_err_reply.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: cr_err_reply.c,v 1.10 1998/06/09 19:25:16 joda Exp $"); +RCSID("$Id: cr_err_reply.c,v 1.11 1999/12/02 16:58:41 joda Exp $"); /* * This routine is used by the Kerberos authentication server to diff --git a/crypto/kerberosIV/lib/krb/create_auth_reply.c b/crypto/kerberosIV/lib/krb/create_auth_reply.c index f10d34c..7f6cf46 100644 --- a/crypto/kerberosIV/lib/krb/create_auth_reply.c +++ b/crypto/kerberosIV/lib/krb/create_auth_reply.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: create_auth_reply.c,v 1.14 1998/06/13 00:06:59 assar Exp $"); +RCSID("$Id: create_auth_reply.c,v 1.15 1999/12/02 16:58:41 joda Exp $"); /* * This routine is called by the Kerberos authentication server diff --git a/crypto/kerberosIV/lib/krb/create_ciph.c b/crypto/kerberosIV/lib/krb/create_ciph.c index c22f01e..f73e8d7 100644 --- a/crypto/kerberosIV/lib/krb/create_ciph.c +++ b/crypto/kerberosIV/lib/krb/create_ciph.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: create_ciph.c,v 1.12 1998/07/24 06:32:53 assar Exp $"); +RCSID("$Id: create_ciph.c,v 1.13 1999/12/02 16:58:41 joda Exp $"); /* * This routine is used by the authentication server to create diff --git a/crypto/kerberosIV/lib/krb/create_death_packet.c b/crypto/kerberosIV/lib/krb/create_death_packet.c index ddc4c9a..15e0267 100644 --- a/crypto/kerberosIV/lib/krb/create_death_packet.c +++ b/crypto/kerberosIV/lib/krb/create_death_packet.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: create_death_packet.c,v 1.9 1998/06/09 19:25:17 joda Exp $"); +RCSID("$Id: create_death_packet.c,v 1.10 1999/12/02 16:58:41 joda Exp $"); /* * This routine creates a packet to type AUTH_MSG_DIE which is sent to diff --git a/crypto/kerberosIV/lib/krb/create_ticket.c b/crypto/kerberosIV/lib/krb/create_ticket.c index 822cfbb..32cb0a0 100644 --- a/crypto/kerberosIV/lib/krb/create_ticket.c +++ b/crypto/kerberosIV/lib/krb/create_ticket.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: create_ticket.c,v 1.13 1998/06/09 19:25:17 joda Exp $"); +RCSID("$Id: create_ticket.c,v 1.14 1999/12/02 16:58:41 joda Exp $"); /* * Create ticket takes as arguments information that should be in a diff --git a/crypto/kerberosIV/lib/krb/decomp_ticket.c b/crypto/kerberosIV/lib/krb/decomp_ticket.c index b62e978..12bdf44 100644 --- a/crypto/kerberosIV/lib/krb/decomp_ticket.c +++ b/crypto/kerberosIV/lib/krb/decomp_ticket.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: decomp_ticket.c,v 1.19 1998/11/22 09:42:36 assar Exp $"); +RCSID("$Id: decomp_ticket.c,v 1.20 1999/12/02 16:58:41 joda Exp $"); /* * This routine takes a ticket and pointers to the variables that diff --git a/crypto/kerberosIV/lib/krb/defaults.c b/crypto/kerberosIV/lib/krb/defaults.c new file mode 100644 index 0000000..e4fe027 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/defaults.c @@ -0,0 +1,58 @@ +/* + * Copyright (c) 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: defaults.c,v 1.3 1999/12/02 16:58:41 joda Exp $"); + +const +char * +krb_get_default_tkt_root(void) +{ + const char *t = krb_get_config_string("krb_default_tkt_root"); + if (t) + return t; + else + return "/tmp/tkt"; +} + +const +char * +krb_get_default_keyfile(void) +{ + const char *t = krb_get_config_string("krb_default_keyfile"); + if (t) + return t; + else + return "/etc/srvtab"; +} diff --git a/crypto/kerberosIV/lib/krb/dllmain.c b/crypto/kerberosIV/lib/krb/dllmain.c index 9d653cd..4e22e9a 100644 --- a/crypto/kerberosIV/lib/krb/dllmain.c +++ b/crypto/kerberosIV/lib/krb/dllmain.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -45,7 +40,7 @@ #include "ticket_memory.h" #include <Windows.h> -RCSID("$Id: dllmain.c,v 1.8 1998/07/13 14:29:33 assar Exp $"); +RCSID("$Id: dllmain.c,v 1.9 1999/12/02 16:58:41 joda Exp $"); void msg(char *text, int error) diff --git a/crypto/kerberosIV/lib/krb/encrypt_ktext.c b/crypto/kerberosIV/lib/krb/encrypt_ktext.c index d97fcc7..dc5c60d 100644 --- a/crypto/kerberosIV/lib/krb/encrypt_ktext.c +++ b/crypto/kerberosIV/lib/krb/encrypt_ktext.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: encrypt_ktext.c,v 1.4 1997/04/01 08:18:26 joda Exp $"); +RCSID("$Id: encrypt_ktext.c,v 1.5 1999/12/02 16:58:41 joda Exp $"); void encrypt_ktext(KTEXT cip, des_cblock *key, int encrypt) diff --git a/crypto/kerberosIV/lib/krb/extra.c b/crypto/kerberosIV/lib/krb/extra.c index eb13c43..c90767e 100644 --- a/crypto/kerberosIV/lib/krb/extra.c +++ b/crypto/kerberosIV/lib/krb/extra.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: extra.c,v 1.6 1998/07/24 07:18:47 assar Exp $"); +RCSID("$Id: extra.c,v 1.7 1999/12/02 16:58:41 joda Exp $"); struct value { char *variable; diff --git a/crypto/kerberosIV/lib/krb/get_ad_tkt.c b/crypto/kerberosIV/lib/krb/get_ad_tkt.c index a10018e..56d7d56 100644 --- a/crypto/kerberosIV/lib/krb/get_ad_tkt.c +++ b/crypto/kerberosIV/lib/krb/get_ad_tkt.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: get_ad_tkt.c,v 1.20 1998/11/22 09:42:55 assar Exp $"); +RCSID("$Id: get_ad_tkt.c,v 1.22 1999/12/02 16:58:41 joda Exp $"); /* * get_ad_tkt obtains a new service ticket from Kerberos, using @@ -96,7 +91,7 @@ get_ad_tkt(char *service, char *sinstance, char *realm, int lifetime) kerror = krb_get_cred(KRB_TICKET_GRANTING_TICKET, realm, realm, &cr); if (kerror == KSUCCESS) { - strcpy_truncate(lrealm, realm, REALM_SZ); + strlcpy(lrealm, realm, REALM_SZ); } else kerror = krb_get_tf_realm(TKT_FILE, lrealm); diff --git a/crypto/kerberosIV/lib/krb/get_default_principal.c b/crypto/kerberosIV/lib/krb/get_default_principal.c index f9e18a1..47ad6b3 100644 --- a/crypto/kerberosIV/lib/krb/get_default_principal.c +++ b/crypto/kerberosIV/lib/krb/get_default_principal.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: get_default_principal.c,v 1.12 1999/03/13 21:24:51 assar Exp $"); +RCSID("$Id: get_default_principal.c,v 1.14 1999/12/02 16:58:41 joda Exp $"); int krb_get_default_principal(char *name, char *instance, char *realm) @@ -66,8 +61,8 @@ krb_get_default_principal(char *name, char *instance, char *realm) return -1; } - strcpy_truncate (name, pw->pw_name, ANAME_SZ); - strcpy_truncate (instance, "", INST_SZ); + strlcpy (name, pw->pw_name, ANAME_SZ); + strlcpy (instance, "", INST_SZ); krb_get_lrealm(realm, 1); if(strcmp(name, "root") == 0) { @@ -80,8 +75,8 @@ krb_get_default_principal(char *name, char *instance, char *realm) if(p == NULL) p = getenv("LOGNAME"); if(p){ - strcpy_truncate (name, p, ANAME_SZ); - strcpy_truncate (instance, "root", INST_SZ); + strlcpy (name, p, ANAME_SZ); + strlcpy (instance, "root", INST_SZ); } } return 1; diff --git a/crypto/kerberosIV/lib/krb/get_host.c b/crypto/kerberosIV/lib/krb/get_host.c index aa5fb51..0eb2224 100644 --- a/crypto/kerberosIV/lib/krb/get_host.c +++ b/crypto/kerberosIV/lib/krb/get_host.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: get_host.c,v 1.45 1999/06/29 21:18:02 bg Exp $"); +RCSID("$Id: get_host.c,v 1.48 1999/12/02 16:58:41 joda Exp $"); static struct host_list { struct krb_host *this; @@ -77,7 +72,7 @@ parse_address(char *address, enum krb_host_proto *proto, p = strchr(address, '/'); if(p){ char prot[32]; - strcpy_truncate (prot, address, + strlcpy (prot, address, min(p - address + 1, sizeof(prot))); if(strcasecmp(prot, "udp") == 0) *proto = PROTO_UDP; @@ -98,7 +93,7 @@ parse_address(char *address, enum krb_host_proto *proto, *host = malloc(q - p + 1); if (*host == NULL) return -1; - strcpy_truncate (*host, p, q - p + 1); + strlcpy (*host, p, q - p + 1); q++; { struct servent *sp = getservbyname(q, NULL); @@ -118,7 +113,7 @@ parse_address(char *address, enum krb_host_proto *proto, *host = malloc(q - p + 1); if (*host == NULL) return -1; - strcpy_truncate (*host, p, q - p + 1); + strlcpy (*host, p, q - p + 1); } else { *host = strdup(p); if(*host == NULL) @@ -307,7 +302,7 @@ srv_find_realm(char *realm, char *proto, char *service) } struct krb_host* -krb_get_host(int nth, char *realm, int admin) +krb_get_host(int nth, const char *realm, int admin) { struct host_list *p; static char orealm[REALM_SZ]; @@ -315,7 +310,7 @@ krb_get_host(int nth, char *realm, int admin) if(orealm[0] == 0 || strcmp(realm, orealm)){ /* quick optimization */ if(realm && realm[0]){ - strcpy_truncate (orealm, realm, sizeof(orealm)); + strlcpy (orealm, realm, sizeof(orealm)); }else{ int ret = krb_get_lrealm(orealm, 1); if(ret != KSUCCESS) @@ -377,7 +372,7 @@ krb_get_krbhst(char *host, char *realm, int nth) struct krb_host *p = krb_get_host(nth, realm, 0); if(p == NULL) return KFAILURE; - strcpy_truncate (host, p->host, MaxHostNameLen); + strlcpy (host, p->host, MaxHostNameLen); return KSUCCESS; } @@ -387,6 +382,6 @@ krb_get_admhst(char *host, char *realm, int nth) struct krb_host *p = krb_get_host(nth, realm, 1); if(p == NULL) return KFAILURE; - strcpy_truncate (host, p->host, MaxHostNameLen); + strlcpy (host, p->host, MaxHostNameLen); return KSUCCESS; } diff --git a/crypto/kerberosIV/lib/krb/get_in_tkt.c b/crypto/kerberosIV/lib/krb/get_in_tkt.c index 4336687..9b40508 100644 --- a/crypto/kerberosIV/lib/krb/get_in_tkt.c +++ b/crypto/kerberosIV/lib/krb/get_in_tkt.c @@ -21,7 +21,7 @@ or implied warranty. #include "krb_locl.h" -RCSID("$Id: get_in_tkt.c,v 1.23 1999/07/01 09:36:22 assar Exp $"); +RCSID("$Id: get_in_tkt.c,v 1.24 1999/11/25 05:22:43 assar Exp $"); /* * This file contains three routines: passwd_to_key() and @@ -164,6 +164,10 @@ krb_get_pw_in_tkt2(const char *user, return ret ? ret : code; code = tf_setup(&cred, user, instance); + if (code == KSUCCESS) { + if (krb_get_config_bool("nat_in_use")) + krb_add_our_ip_for_realm(user, instance, realm, password); + } } if (password == pword) memset(pword, 0, sizeof(pword)); diff --git a/crypto/kerberosIV/lib/krb/get_krbrlm.c b/crypto/kerberosIV/lib/krb/get_krbrlm.c index 9c675f6..a6b0ba9 100644 --- a/crypto/kerberosIV/lib/krb/get_krbrlm.c +++ b/crypto/kerberosIV/lib/krb/get_krbrlm.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: get_krbrlm.c,v 1.22.2.1 1999/09/02 08:51:04 joda Exp $"); +RCSID("$Id: get_krbrlm.c,v 1.25 1999/12/02 16:58:41 joda Exp $"); /* * krb_get_lrealm takes a pointer to a string, and a number, n. It fills @@ -130,13 +125,13 @@ krb_get_default_realm(void) if (local_realm[0] == 0) { char *t, hostname[MaxHostNameLen]; - strcpy_truncate(local_realm, no_default_realm, + strlcpy(local_realm, no_default_realm, sizeof(local_realm)); /* Provide default */ gethostname(hostname, sizeof(hostname)); t = krb_realmofhost(hostname); if (t && strcmp(t, no_default_realm) != 0) - strcpy_truncate(local_realm, t, sizeof(local_realm)); + strlcpy(local_realm, t, sizeof(local_realm)); } return local_realm; } diff --git a/crypto/kerberosIV/lib/krb/get_tf_fullname.c b/crypto/kerberosIV/lib/krb/get_tf_fullname.c index 7a103b6..75688b0 100644 --- a/crypto/kerberosIV/lib/krb/get_tf_fullname.c +++ b/crypto/kerberosIV/lib/krb/get_tf_fullname.c @@ -21,7 +21,7 @@ or implied warranty. #include "krb_locl.h" -RCSID("$Id: get_tf_fullname.c,v 1.7 1998/06/09 19:25:19 joda Exp $"); +RCSID("$Id: get_tf_fullname.c,v 1.8 1999/09/16 20:41:51 assar Exp $"); /* * This file contains a routine to extract the fullname of a user @@ -51,12 +51,12 @@ krb_get_tf_fullname(char *ticket_file, char *name, char *instance, char *realm) return (tf_status); if (name) - strcpy_truncate (name, c.pname, ANAME_SZ); + strlcpy (name, c.pname, ANAME_SZ); if (instance) - strcpy_truncate (instance, c.pinst, INST_SZ); + strlcpy (instance, c.pinst, INST_SZ); if ((tf_status = tf_get_cred(&c)) == KSUCCESS) { if (realm) - strcpy_truncate (realm, c.realm, REALM_SZ); + strlcpy (realm, c.realm, REALM_SZ); } else { if (tf_status == EOF) diff --git a/crypto/kerberosIV/lib/krb/getaddrs.c b/crypto/kerberosIV/lib/krb/getaddrs.c index 069b8b7..d157690 100644 --- a/crypto/kerberosIV/lib/krb/getaddrs.c +++ b/crypto/kerberosIV/lib/krb/getaddrs.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: getaddrs.c,v 1.26.2.1 1999/07/22 03:15:33 assar Exp $"); +RCSID("$Id: getaddrs.c,v 1.28 1999/12/02 16:58:42 joda Exp $"); #if defined(HAVE_SYS_IOCTL_H) && SunOS != 40 #include <sys/ioctl.h> diff --git a/crypto/kerberosIV/lib/krb/getfile.c b/crypto/kerberosIV/lib/krb/getfile.c index 15c5ed8..99d0c3f 100644 --- a/crypto/kerberosIV/lib/krb/getfile.c +++ b/crypto/kerberosIV/lib/krb/getfile.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: getfile.c,v 1.4 1998/06/09 19:25:19 joda Exp $"); +RCSID("$Id: getfile.c,v 1.5 1999/12/02 16:58:42 joda Exp $"); static int is_suid(void) diff --git a/crypto/kerberosIV/lib/krb/getrealm.c b/crypto/kerberosIV/lib/krb/getrealm.c index 16734c7..2dcb4cf 100644 --- a/crypto/kerberosIV/lib/krb/getrealm.c +++ b/crypto/kerberosIV/lib/krb/getrealm.c @@ -21,7 +21,7 @@ or implied warranty. #include "krb_locl.h" -RCSID("$Id: getrealm.c,v 1.35 1998/08/31 10:40:06 assar Exp $"); +RCSID("$Id: getrealm.c,v 1.36 1999/09/16 20:41:51 assar Exp $"); #ifndef MATCH_SUBDOMAINS #define MATCH_SUBDOMAINS 0 @@ -77,7 +77,7 @@ dns_find_realm(char *hostname, char *realm) struct resource_record *rr = r->head; while(rr){ if(rr->type == T_TXT){ - strcpy_truncate(realm, rr->u.txt, REALM_SZ); + strlcpy(realm, rr->u.txt, REALM_SZ); dns_free_data(r); return level; } @@ -131,7 +131,7 @@ file_find_realm(const char *phost, const char *domain, tmp_realm = tok; if (strcasecmp(tmp_host, phost) == 0) { /* exact match of hostname, so return the realm */ - strcpy_truncate(ret_realm, tmp_realm, ret_realm_sz); + strlcpy(ret_realm, tmp_realm, ret_realm_sz); ret = 0; break; } @@ -140,7 +140,7 @@ file_find_realm(const char *phost, const char *domain, do { if(strcasecmp(tmp_host, cp) == 0){ /* domain match, save for later */ - strcpy_truncate(ret_realm, tmp_realm, ret_realm_sz); + strlcpy(ret_realm, tmp_realm, ret_realm_sz); ret = 0; break; } @@ -174,7 +174,7 @@ krb_realmofhost(const char *host) if (domain) { char *cp; - strcpy_truncate(ret_realm, &domain[1], REALM_SZ); + strlcpy(ret_realm, &domain[1], REALM_SZ); /* Upper-case realm */ for (cp = ret_realm; *cp; cp++) *cp = toupper(*cp); diff --git a/crypto/kerberosIV/lib/krb/k_getport.c b/crypto/kerberosIV/lib/krb/k_getport.c index c5f9f15..063a0b2 100644 --- a/crypto/kerberosIV/lib/krb/k_getport.c +++ b/crypto/kerberosIV/lib/krb/k_getport.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: k_getport.c,v 1.10 1997/04/01 08:18:30 joda Exp $"); +RCSID("$Id: k_getport.c,v 1.11 1999/12/02 16:58:42 joda Exp $"); int k_getportbyname (const char *service, const char *proto, int default_port) diff --git a/crypto/kerberosIV/lib/krb/k_getsockinst.c b/crypto/kerberosIV/lib/krb/k_getsockinst.c index 6c3edb0..2b0453c 100644 --- a/crypto/kerberosIV/lib/krb/k_getsockinst.c +++ b/crypto/kerberosIV/lib/krb/k_getsockinst.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: k_getsockinst.c,v 1.11 1998/06/09 19:25:20 joda Exp $"); +RCSID("$Id: k_getsockinst.c,v 1.13 1999/12/02 16:58:42 joda Exp $"); /* * Return in inst the name of the local interface bound to socket @@ -61,7 +56,7 @@ k_getsockinst(int fd, char *inst, size_t inst_size) if (hnam == 0) goto fail; - strcpy_truncate (inst, hnam->h_name, inst_size); + strlcpy (inst, hnam->h_name, inst_size); k_ricercar(inst); /* Canonicalize name */ return 0; /* Success */ diff --git a/crypto/kerberosIV/lib/krb/k_localtime.c b/crypto/kerberosIV/lib/krb/k_localtime.c index a6ffb9b..e8cbdd6 100644 --- a/crypto/kerberosIV/lib/krb/k_localtime.c +++ b/crypto/kerberosIV/lib/krb/k_localtime.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: k_localtime.c,v 1.7 1997/04/01 08:18:31 joda Exp $"); +RCSID("$Id: k_localtime.c,v 1.8 1999/12/02 16:58:42 joda Exp $"); struct tm *k_localtime(u_int32_t *tp) { diff --git a/crypto/kerberosIV/lib/krb/kdc_reply.c b/crypto/kerberosIV/lib/krb/kdc_reply.c index 51675b0..7a069e4 100644 --- a/crypto/kerberosIV/lib/krb/kdc_reply.c +++ b/crypto/kerberosIV/lib/krb/kdc_reply.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: kdc_reply.c,v 1.11 1998/06/09 19:25:20 joda Exp $"); +RCSID("$Id: kdc_reply.c,v 1.12 1999/12/02 16:58:42 joda Exp $"); static int little_endian; /* XXX ugly */ diff --git a/crypto/kerberosIV/lib/krb/krb-protos.h b/crypto/kerberosIV/lib/krb/krb-protos.h index 965e4dc..bb385d6 100644 --- a/crypto/kerberosIV/lib/krb/krb-protos.h +++ b/crypto/kerberosIV/lib/krb/krb-protos.h @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -36,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb-protos.h,v 1.18 1999/06/29 21:18:05 bg Exp $ */ +/* $Id: krb-protos.h,v 1.24 1999/12/02 16:58:42 joda Exp $ */ #ifndef __krb_protos_h__ #define __krb_protos_h__ @@ -265,12 +260,18 @@ char * KRB_LIB_FUNCTION krb_get_default_realm __P((void)); const char * KRB_LIB_FUNCTION +krb_get_default_tkt_root __P((void)); + +const char * KRB_LIB_FUNCTION +krb_get_default_keyfile __P((void)); + +const char * KRB_LIB_FUNCTION krb_get_err_text __P((int code)); struct krb_host* KRB_LIB_FUNCTION krb_get_host __P(( int nth, - char *realm, + const char *realm, int admin)); int KRB_LIB_FUNCTION @@ -734,6 +735,9 @@ int KRB_LIB_FUNCTION tf_get_cred __P((CREDENTIALS *c)); int KRB_LIB_FUNCTION +tf_get_cred_addr __P((char *realm, size_t realm_sz, struct in_addr *addr)); + +int KRB_LIB_FUNCTION tf_get_pinst __P((char *inst)); int KRB_LIB_FUNCTION @@ -767,7 +771,19 @@ tf_setup __P(( const char *pname, const char *pinst)); +int KRB_LIB_FUNCTION +tf_get_addr __P(( + const char *realm, + struct in_addr *addr)); + +int KRB_LIB_FUNCTION +tf_store_addr __P((const char *realm, struct in_addr *addr)); + char * KRB_LIB_FUNCTION tkt_string __P((void)); +int KRB_LIB_FUNCTION +krb_add_our_ip_for_realm __P((const char *user, const char *instance, + const char *realm, const char *password)); + #endif /* __krb_protos_h__ */ diff --git a/crypto/kerberosIV/lib/krb/krb.h b/crypto/kerberosIV/lib/krb/krb.h index 11a11c1..fca0bba 100644 --- a/crypto/kerberosIV/lib/krb/krb.h +++ b/crypto/kerberosIV/lib/krb/krb.h @@ -1,5 +1,5 @@ /* - * $Id: krb.h,v 1.97 1999/06/29 21:18:06 bg Exp $ + * $Id: krb.h,v 1.99 1999/11/16 14:02:47 bg Exp $ * * Copyright 1987, 1988 by the Massachusetts Institute of Technology. * @@ -165,7 +165,7 @@ typedef struct ktext KTEXT_ST; #define CLOCK_SKEW 5*60 /* Filename for readservkey */ #ifndef KEYFILE -#define KEYFILE "/etc/srvtab" +#define KEYFILE (krb_get_default_keyfile()) #endif /* Structure definition for rd_ap_req */ @@ -225,7 +225,9 @@ struct krb_host { /* Location of ticket file for save_cred and get_cred */ #define TKT_FILE tkt_string() -#define TKT_ROOT "/tmp/tkt" +#ifndef TKT_ROOT +#define TKT_ROOT (krb_get_default_tkt_root()) +#endif /* Error codes returned from the KDC */ #define KDC_OK 0 /* Request OK */ diff --git a/crypto/kerberosIV/lib/krb/krb_check_auth.c b/crypto/kerberosIV/lib/krb/krb_check_auth.c index 8bddbf5..f20b5c2 100644 --- a/crypto/kerberosIV/lib/krb/krb_check_auth.c +++ b/crypto/kerberosIV/lib/krb/krb_check_auth.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: krb_check_auth.c,v 1.4 1997/04/01 08:18:33 joda Exp $"); +RCSID("$Id: krb_check_auth.c,v 1.5 1999/12/02 16:58:42 joda Exp $"); /* * diff --git a/crypto/kerberosIV/lib/krb/krb_equiv.c b/crypto/kerberosIV/lib/krb/krb_equiv.c index fab79e5..271d422 100644 --- a/crypto/kerberosIV/lib/krb/krb_equiv.c +++ b/crypto/kerberosIV/lib/krb/krb_equiv.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -56,7 +51,7 @@ */ #include "krb_locl.h" -RCSID("$Id: krb_equiv.c,v 1.14 1999/03/13 21:25:30 assar Exp $"); +RCSID("$Id: krb_equiv.c,v 1.15 1999/12/02 16:58:42 joda Exp $"); int krb_ignore_ip_address = 0; diff --git a/crypto/kerberosIV/lib/krb/krb_get_in_tkt.c b/crypto/kerberosIV/lib/krb/krb_get_in_tkt.c index 83848c8..46de59f 100644 --- a/crypto/kerberosIV/lib/krb/krb_get_in_tkt.c +++ b/crypto/kerberosIV/lib/krb/krb_get_in_tkt.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: krb_get_in_tkt.c,v 1.29 1999/06/29 21:18:07 bg Exp $"); +RCSID("$Id: krb_get_in_tkt.c,v 1.30 1999/12/02 16:58:42 joda Exp $"); /* * decrypt_tkt(): Given user, instance, realm, passwd, key_proc diff --git a/crypto/kerberosIV/lib/krb/krb_ip_realm.c b/crypto/kerberosIV/lib/krb/krb_ip_realm.c new file mode 100644 index 0000000..a9581f1 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb_ip_realm.c @@ -0,0 +1,104 @@ +/* + * Copyright (c) 1999 Thomas Nyström and Stacken Computer Club + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: krb_ip_realm.c,v 1.2.2.1 1999/12/06 23:01:12 assar Exp $"); + +/* + * Obtain a ticket for ourselves (`user.instance') in REALM and decrypt + * it using `password' to verify the address that the KDC got our + * request from. + * Store in the ticket cache. + */ + +int +krb_add_our_ip_for_realm(const char *user, const char *instance, + const char *realm, const char *password) +{ + des_cblock newkey; + des_key_schedule schedule; + char scrapbuf[1024]; + struct in_addr myAddr; + KTEXT_ST ticket; + CREDENTIALS c; + int err; + u_int32_t addr; + + if ((err = krb_mk_req(&ticket, (char *)user, (char *)instance, + (char *)realm, 0)) != KSUCCESS) + return err; + + if ((err = krb_get_cred((char *)user, (char *)instance, (char *)realm, + &c)) != KSUCCESS) + return err; + + des_string_to_key((char *)password, &newkey); + des_set_key(&newkey, schedule); + err = decomp_ticket(&c.ticket_st, + (unsigned char *)scrapbuf, /* Flags */ + scrapbuf, /* Authentication name */ + scrapbuf, /* Principal's instance */ + scrapbuf, /* Principal's authentication domain */ + /* The Address Of Me That Servers Sees */ + (u_int32_t *)&addr, + (unsigned char *)scrapbuf, /* Session key in ticket */ + (int *)scrapbuf, /* Lifetime of ticket */ + (u_int32_t *)scrapbuf, /* Issue time and date */ + scrapbuf, /* Service name */ + scrapbuf, /* Service instance */ + &newkey, /* Secret key */ + schedule /* Precomp. key schedule */ + ); + + if (err != KSUCCESS) { + memset(newkey, 0, sizeof(newkey)); + memset(schedule, 0, sizeof(schedule)); + return err; + } + + myAddr.s_addr = addr; + + err = tf_store_addr(realm, &myAddr); + + memset(newkey, 0, sizeof(newkey)); + memset(schedule, 0, sizeof(schedule)); + + return err; +} + +int +krb_get_our_ip_for_realm(const char *realm, struct in_addr *ip_addr) +{ + return tf_get_addr(realm, ip_addr); +} diff --git a/crypto/kerberosIV/lib/krb/krb_locl.h b/crypto/kerberosIV/lib/krb/krb_locl.h index f5792a8..02e7fa2 100644 --- a/crypto/kerberosIV/lib/krb/krb_locl.h +++ b/crypto/kerberosIV/lib/krb/krb_locl.h @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -36,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb_locl.h,v 1.49 1998/06/13 00:06:59 assar Exp $ */ +/* $Id: krb_locl.h,v 1.50 1999/12/02 16:58:42 joda Exp $ */ #ifndef __krb_locl_h #define __krb_locl_h diff --git a/crypto/kerberosIV/lib/krb/krb_log.h b/crypto/kerberosIV/lib/krb/krb_log.h index a760102..5155bc7 100644 --- a/crypto/kerberosIV/lib/krb/krb_log.h +++ b/crypto/kerberosIV/lib/krb/krb_log.h @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -36,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb_log.h,v 1.2 1997/09/26 17:40:33 joda Exp $ */ +/* $Id: krb_log.h,v 1.3 1999/12/02 16:58:42 joda Exp $ */ #include <krb.h> diff --git a/crypto/kerberosIV/lib/krb/krb_net_read.c b/crypto/kerberosIV/lib/krb/krb_net_read.c index 7459e2f..3830cf9 100644 --- a/crypto/kerberosIV/lib/krb/krb_net_read.c +++ b/crypto/kerberosIV/lib/krb/krb_net_read.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: krb_net_read.c,v 1.2 1999/03/17 16:18:37 joda Exp $"); +RCSID("$Id: krb_net_read.c,v 1.3 1999/12/02 16:58:42 joda Exp $"); int krb_net_read (int fd, void *buf, size_t nbytes) diff --git a/crypto/kerberosIV/lib/krb/krb_net_write.c b/crypto/kerberosIV/lib/krb/krb_net_write.c index e086ee1..0473685 100644 --- a/crypto/kerberosIV/lib/krb/krb_net_write.c +++ b/crypto/kerberosIV/lib/krb/krb_net_write.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: krb_net_write.c,v 1.2 1999/03/17 16:18:37 joda Exp $"); +RCSID("$Id: krb_net_write.c,v 1.3 1999/12/02 16:58:42 joda Exp $"); int krb_net_write (int fd, const void *buf, size_t nbytes) diff --git a/crypto/kerberosIV/lib/krb/kuserok.c b/crypto/kerberosIV/lib/krb/kuserok.c index 4a2be44..4913eaf 100644 --- a/crypto/kerberosIV/lib/krb/kuserok.c +++ b/crypto/kerberosIV/lib/krb/kuserok.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: kuserok.c,v 1.24 1999/06/23 10:12:37 assar Exp $"); +RCSID("$Id: kuserok.c,v 1.25 1999/12/02 16:58:42 joda Exp $"); #define OK 0 #define NOTOK 1 diff --git a/crypto/kerberosIV/lib/krb/logging.c b/crypto/kerberosIV/lib/krb/logging.c index 76965fd..bac1c18 100644 --- a/crypto/kerberosIV/lib/krb/logging.c +++ b/crypto/kerberosIV/lib/krb/logging.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -39,7 +34,7 @@ #include "krb_locl.h" #include <klog.h> -RCSID("$Id: logging.c,v 1.16 1998/07/24 06:13:35 assar Exp $"); +RCSID("$Id: logging.c,v 1.18 1999/12/02 16:58:42 joda Exp $"); struct krb_log_facility { char filename[MaxPathLen]; @@ -87,7 +82,7 @@ krb_openlog(struct krb_log_facility *f, FILE *file, krb_log_func_t func) { - strcpy_truncate(f->filename, filename, MaxPathLen); + strlcpy(f->filename, filename, MaxPathLen); f->file = file; f->func = func; return KSUCCESS; diff --git a/crypto/kerberosIV/lib/krb/lsb_addr_comp.c b/crypto/kerberosIV/lib/krb/lsb_addr_comp.c index 024e8ca..e74614d 100644 --- a/crypto/kerberosIV/lib/krb/lsb_addr_comp.c +++ b/crypto/kerberosIV/lib/krb/lsb_addr_comp.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: lsb_addr_comp.c,v 1.15 1998/10/22 15:58:26 joda Exp $"); +RCSID("$Id: lsb_addr_comp.c,v 1.16 1999/12/02 16:58:42 joda Exp $"); #include "krb-archaeology.h" diff --git a/crypto/kerberosIV/lib/krb/mk_auth.c b/crypto/kerberosIV/lib/krb/mk_auth.c index 91ea866..65354a9 100644 --- a/crypto/kerberosIV/lib/krb/mk_auth.c +++ b/crypto/kerberosIV/lib/krb/mk_auth.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: mk_auth.c,v 1.6 1998/06/09 19:25:22 joda Exp $"); +RCSID("$Id: mk_auth.c,v 1.8 1999/12/02 16:58:43 joda Exp $"); /* * Generate an authenticator for service.instance@realm. @@ -69,7 +64,7 @@ krb_mk_auth(int32_t options, else tmp = krb_get_phost (instance); - strcpy_truncate(realinst, tmp, sizeof(realinst)); + strlcpy(realinst, tmp, sizeof(realinst)); if (realm == NULL) { ret = krb_get_lrealm (realrealm, 1); diff --git a/crypto/kerberosIV/lib/krb/mk_priv.c b/crypto/kerberosIV/lib/krb/mk_priv.c index 20f4ee2..a72b732 100644 --- a/crypto/kerberosIV/lib/krb/mk_priv.c +++ b/crypto/kerberosIV/lib/krb/mk_priv.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: mk_priv.c,v 1.21 1998/06/09 19:25:23 joda Exp $"); +RCSID("$Id: mk_priv.c,v 1.22 1999/12/02 16:58:43 joda Exp $"); /* application include files */ #include "krb-archaeology.h" diff --git a/crypto/kerberosIV/lib/krb/mk_req.c b/crypto/kerberosIV/lib/krb/mk_req.c index b3761ca..5e72e22 100644 --- a/crypto/kerberosIV/lib/krb/mk_req.c +++ b/crypto/kerberosIV/lib/krb/mk_req.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: mk_req.c,v 1.20 1998/06/09 19:25:23 joda Exp $"); +RCSID("$Id: mk_req.c,v 1.22 1999/12/02 16:58:43 joda Exp $"); static int lifetime = 255; /* But no longer than TGT says. */ @@ -184,7 +179,7 @@ krb_mk_req(KTEXT authent, char *service, char *instance, char *realm, retval = krb_get_cred(KRB_TICKET_GRANTING_TICKET, realm, realm, 0); if (retval == KSUCCESS) { - strcpy_truncate(myrealm, realm, REALM_SZ); + strlcpy(myrealm, realm, REALM_SZ); } else retval = krb_get_tf_realm(TKT_FILE, myrealm); diff --git a/crypto/kerberosIV/lib/krb/mk_safe.c b/crypto/kerberosIV/lib/krb/mk_safe.c index e5ea847..2e8c5c2 100644 --- a/crypto/kerberosIV/lib/krb/mk_safe.c +++ b/crypto/kerberosIV/lib/krb/mk_safe.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: mk_safe.c,v 1.24 1998/06/09 19:25:23 joda Exp $"); +RCSID("$Id: mk_safe.c,v 1.25 1999/12/02 16:58:43 joda Exp $"); /* application include files */ #include "krb-archaeology.h" diff --git a/crypto/kerberosIV/lib/krb/name2name.c b/crypto/kerberosIV/lib/krb/name2name.c index 2e2e9e6..49e457d 100644 --- a/crypto/kerberosIV/lib/krb/name2name.c +++ b/crypto/kerberosIV/lib/krb/name2name.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: name2name.c,v 1.20 1999/03/13 21:26:02 assar Exp $"); +RCSID("$Id: name2name.c,v 1.22 1999/12/02 16:58:43 joda Exp $"); /* convert host to a more fully qualified domain name, returns 0 if * phost is the same as host, 1 otherwise. phost should be @@ -71,7 +66,7 @@ krb_name_to_name(const char *host, char *phost, size_t phost_size) && strchr (hp->h_aliases[0], '.') != NULL) tmp = hp->h_aliases[0]; } - strcpy_truncate (phost, tmp, phost_size); + strlcpy (phost, tmp, phost_size); if (strcmp(phost, host) == 0) return 0; diff --git a/crypto/kerberosIV/lib/krb/parse_name.c b/crypto/kerberosIV/lib/krb/parse_name.c index da06aec..fcb3394 100644 --- a/crypto/kerberosIV/lib/krb/parse_name.c +++ b/crypto/kerberosIV/lib/krb/parse_name.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: parse_name.c,v 1.5 1998/06/09 19:25:24 joda Exp $"); +RCSID("$Id: parse_name.c,v 1.7 1999/12/02 16:58:43 joda Exp $"); int krb_parse_name(const char *fullname, krb_principal *principal) @@ -86,10 +81,10 @@ kname_parse(char *np, char *ip, char *rp, char *fullname) krb_principal p; int ret; if((ret = krb_parse_name(fullname, &p)) == 0){ - strcpy_truncate (np, p.name, ANAME_SZ); - strcpy_truncate (ip, p.instance, INST_SZ); + strlcpy (np, p.name, ANAME_SZ); + strlcpy (ip, p.instance, INST_SZ); if(p.realm[0]) - strcpy_truncate (rp, p.realm, REALM_SZ); + strlcpy (rp, p.realm, REALM_SZ); } return ret; } diff --git a/crypto/kerberosIV/lib/krb/prot.h b/crypto/kerberosIV/lib/krb/prot.h index b9a4ea3..e207881 100644 --- a/crypto/kerberosIV/lib/krb/prot.h +++ b/crypto/kerberosIV/lib/krb/prot.h @@ -1,5 +1,5 @@ /* - * $Id: prot.h,v 1.8 1997/12/05 00:18:02 joda Exp $ + * $Id: prot.h,v 1.9 1999/11/30 18:57:46 bg Exp $ * * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute * of Technology. @@ -13,6 +13,8 @@ #ifndef PROT_DEFS #define PROT_DEFS +#include <krb.h> + #define KRB_SERVICE "kerberos-iv" #define KRB_PORT 750 /* PC's don't have * /etc/services */ diff --git a/crypto/kerberosIV/lib/krb/rd_err.c b/crypto/kerberosIV/lib/krb/rd_err.c index 3382eab..76544f1 100644 --- a/crypto/kerberosIV/lib/krb/rd_err.c +++ b/crypto/kerberosIV/lib/krb/rd_err.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: rd_err.c,v 1.8 1997/04/01 08:18:40 joda Exp $"); +RCSID("$Id: rd_err.c,v 1.9 1999/12/02 16:58:43 joda Exp $"); /* * Given an AUTH_MSG_APPL_ERR message, "in" and its length "in_length", diff --git a/crypto/kerberosIV/lib/krb/rd_priv.c b/crypto/kerberosIV/lib/krb/rd_priv.c index 0721b2c..0bb0a40 100644 --- a/crypto/kerberosIV/lib/krb/rd_priv.c +++ b/crypto/kerberosIV/lib/krb/rd_priv.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: rd_priv.c,v 1.26 1998/05/26 19:57:42 joda Exp $"); +RCSID("$Id: rd_priv.c,v 1.27 1999/12/02 16:58:43 joda Exp $"); /* application include files */ #include "krb-archaeology.h" diff --git a/crypto/kerberosIV/lib/krb/rd_req.c b/crypto/kerberosIV/lib/krb/rd_req.c index e145dae..91b27a5 100644 --- a/crypto/kerberosIV/lib/krb/rd_req.c +++ b/crypto/kerberosIV/lib/krb/rd_req.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: rd_req.c,v 1.25 1998/06/09 19:25:25 joda Exp $"); +RCSID("$Id: rd_req.c,v 1.27.2.1 1999/12/06 22:04:36 assar Exp $"); static struct timeval t_local = { 0, 0 }; @@ -210,16 +205,16 @@ krb_rd_req(KTEXT authent, /* The received message */ */ if (fn && (strcmp(st_nam,service) || strcmp(st_inst,instance) || strcmp(st_rlm,realm) || (st_kvno != s_kvno))) { - if (*fn == 0) fn = KEYFILE; + if (*fn == 0) fn = (char *)KEYFILE; st_kvno = s_kvno; if (read_service_key(service, instance, realm, s_kvno, fn, (char *)skey)) return(RD_AP_UNDEC); if ((status = krb_set_key((char*)skey, 0))) return(status); - strcpy_truncate (st_rlm, realm, REALM_SZ); - strcpy_truncate (st_nam, service, SNAME_SZ); - strcpy_truncate (st_inst, instance, INST_SZ); + strlcpy (st_rlm, realm, REALM_SZ); + strlcpy (st_nam, service, SNAME_SZ); + strlcpy (st_inst, instance, INST_SZ); } tkt->length = *p++; diff --git a/crypto/kerberosIV/lib/krb/rd_safe.c b/crypto/kerberosIV/lib/krb/rd_safe.c index 495a681..fd8f35e 100644 --- a/crypto/kerberosIV/lib/krb/rd_safe.c +++ b/crypto/kerberosIV/lib/krb/rd_safe.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: rd_safe.c,v 1.25 1997/12/05 00:17:09 joda Exp $"); +RCSID("$Id: rd_safe.c,v 1.26 1999/12/02 16:58:43 joda Exp $"); /* application include files */ #include "krb-archaeology.h" diff --git a/crypto/kerberosIV/lib/krb/read_service_key.c b/crypto/kerberosIV/lib/krb/read_service_key.c index d517551..55fb98d 100644 --- a/crypto/kerberosIV/lib/krb/read_service_key.c +++ b/crypto/kerberosIV/lib/krb/read_service_key.c @@ -21,7 +21,7 @@ or implied warranty. #include "krb_locl.h" -RCSID("$Id: read_service_key.c,v 1.11 1999/03/10 18:34:34 joda Exp $"); +RCSID("$Id: read_service_key.c,v 1.12 1999/09/16 20:41:54 assar Exp $"); /* * The private keys for servers on a given host are stored in a @@ -97,7 +97,7 @@ read_service_key(const char *service, /* Service Name */ if (!wcard && strcmp(inst,instance)) continue; if (wcard) { - strcpy_truncate (instance, inst, INST_SZ); + strlcpy (instance, inst, INST_SZ); } /* Is this the right realm */ if (strcmp(rlm,realm)) diff --git a/crypto/kerberosIV/lib/krb/realm_parse.c b/crypto/kerberosIV/lib/krb/realm_parse.c index 8d90f1b..a4f0e7f 100644 --- a/crypto/kerberosIV/lib/krb/realm_parse.c +++ b/crypto/kerberosIV/lib/krb/realm_parse.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: realm_parse.c,v 1.15 1998/06/09 19:25:25 joda Exp $"); +RCSID("$Id: realm_parse.c,v 1.17 1999/12/02 16:58:43 joda Exp $"); static int realm_parse(char *realm, int length, const char *file) @@ -55,7 +50,7 @@ realm_parse(char *realm, int length, const char *file) p = strtok_r(tr, " \t\n\r", &unused); if(p && strcasecmp(p, realm) == 0){ fclose(F); - strcpy_truncate (realm, p, length); + strlcpy (realm, p, length); return 0; } } diff --git a/crypto/kerberosIV/lib/krb/roken_rename.h b/crypto/kerberosIV/lib/krb/roken_rename.h index 831da32..bae1098 100644 --- a/crypto/kerberosIV/lib/krb/roken_rename.h +++ b/crypto/kerberosIV/lib/krb/roken_rename.h @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -36,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: roken_rename.h,v 1.7 1998/10/13 16:50:23 joda Exp $ */ +/* $Id: roken_rename.h,v 1.8 1999/12/02 16:58:44 joda Exp $ */ #ifndef __roken_rename_h__ #define __roken_rename_h__ diff --git a/crypto/kerberosIV/lib/krb/rw.c b/crypto/kerberosIV/lib/krb/rw.c index 559e3fa..88589c3 100644 --- a/crypto/kerberosIV/lib/krb/rw.c +++ b/crypto/kerberosIV/lib/krb/rw.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -43,7 +38,7 @@ #include "krb_locl.h" -RCSID("$Id: rw.c,v 1.10 1999/06/29 21:18:08 bg Exp $"); +RCSID("$Id: rw.c,v 1.12 1999/12/02 16:58:44 joda Exp $"); int krb_get_int(void *f, u_int32_t *to, int size, int lsb) @@ -109,7 +104,7 @@ krb_put_string(const char *from, void *to, size_t rem) int krb_get_string(void *from, char *to, size_t to_size) { - strcpy_truncate (to, (char *)from, to_size); + strlcpy (to, (char *)from, to_size); return strlen((char *)from) + 1; } diff --git a/crypto/kerberosIV/lib/krb/send_to_kdc.c b/crypto/kerberosIV/lib/krb/send_to_kdc.c index 04409be..74ac1bb 100644 --- a/crypto/kerberosIV/lib/krb/send_to_kdc.c +++ b/crypto/kerberosIV/lib/krb/send_to_kdc.c @@ -22,15 +22,15 @@ or implied warranty. #include "krb_locl.h" #include <base64.h> -RCSID("$Id: send_to_kdc.c,v 1.69 1999/06/29 21:18:09 bg Exp $"); +RCSID("$Id: send_to_kdc.c,v 1.71 1999/11/25 02:20:53 assar Exp $"); struct host { struct sockaddr_in addr; + const char *hostname; enum krb_host_proto proto; }; -static int send_recv(KTEXT pkt, KTEXT rpkt, int f, - struct sockaddr_in *adr); +static int send_recv(KTEXT pkt, KTEXT rpkt, struct host *host); /* * send_to_kdc() sends a message to the Kerberos authentication @@ -72,6 +72,20 @@ krb_use_admin_server(int flag) return old; } +#define PROXY_VAR "krb4_proxy" + +static int +expand (struct host **ptr, size_t sz) +{ + void *tmp; + + tmp = realloc (*ptr, sz) ; + if (tmp == NULL) + return SKDC_CANT; + *ptr = tmp; + return 0; +} + int send_to_kdc(KTEXT pkt, KTEXT rpkt, const char *realm) { @@ -84,6 +98,10 @@ send_to_kdc(KTEXT pkt, KTEXT rpkt, const char *realm) char lrealm[REALM_SZ]; struct krb_host *k_host; struct host *hosts = malloc(sizeof(*hosts)); + const char *proxy = krb_get_config_string (PROXY_VAR); + + if (hosts == NULL) + return SKDC_CANT; if (client_timeout == -1) { const char *to; @@ -100,29 +118,26 @@ send_to_kdc(KTEXT pkt, KTEXT rpkt, const char *realm) } } - if (hosts == NULL) - return SKDC_CANT; - /* * If "realm" is non-null, use that, otherwise get the * local realm. */ - if (realm) - strcpy_truncate(lrealm, realm, REALM_SZ); - else + if (realm == NULL) { if (krb_get_lrealm(lrealm,1)) { if (krb_debug) krb_warning("send_to_kdc: can't get local realm\n"); return(SKDC_CANT); } + realm = lrealm; + } if (krb_debug) - krb_warning("lrealm is %s\n", lrealm); + krb_warning("lrealm is %s\n", realm); no_host = 1; /* get an initial allocation */ n_hosts = 0; for (i = 1; - (k_host = krb_get_host(i, lrealm, krb_use_admin_server_flag)); + (k_host = krb_get_host(i, realm, krb_use_admin_server_flag)); ++i) { char *p; char **addr_list; @@ -130,42 +145,56 @@ send_to_kdc(KTEXT pkt, KTEXT rpkt, const char *realm) int n_addrs; struct host *tmp; - if (krb_debug) - krb_warning("Getting host entry for %s...", k_host->host); - host = gethostbyname(k_host->host); - if (krb_debug) { - krb_warning("%s.\n", - host ? "Got it" : "Didn't get it"); - } - if (host == NULL) - continue; - no_host = 0; /* found at least one */ - - n_addrs = 0; - for (addr_list = host->h_addr_list; *addr_list != NULL; ++addr_list) - ++n_addrs; - - tmp = realloc (hosts, (n_hosts + n_addrs) * sizeof(*hosts)); - if (tmp == NULL) { - free (hosts); - return SKDC_CANT; - } - hosts = tmp; - - for (addr_list = host->h_addr_list, j = 0; - (p = *addr_list) != NULL; - ++addr_list, ++j) { - memset (&hosts[n_hosts + j].addr, 0, sizeof(struct sockaddr_in)); - hosts[n_hosts + j].addr.sin_family = host->h_addrtype; - hosts[n_hosts + j].addr.sin_port = htons(k_host->port); - hosts[n_hosts + j].proto = k_host->proto; - memcpy(&hosts[n_hosts + j].addr.sin_addr, p, - sizeof(struct in_addr)); + if (k_host->proto == PROTO_HTTP && proxy != NULL) { + n_addrs = 1; + no_host = 0; + + retval = expand (&hosts, (n_hosts + n_addrs) * sizeof(*hosts)); + if (retval) + goto rtn; + + memset (&hosts[n_hosts].addr, 0, sizeof(struct sockaddr_in)); + hosts[n_hosts].addr.sin_port = htons(k_host->port); + hosts[n_hosts].proto = k_host->proto; + hosts[n_hosts].hostname = k_host->host; + } else { + if (krb_debug) + krb_warning("Getting host entry for %s...", k_host->host); + host = gethostbyname(k_host->host); + if (krb_debug) { + krb_warning("%s.\n", + host ? "Got it" : "Didn't get it"); + } + if (host == NULL) + continue; + no_host = 0; /* found at least one */ + + n_addrs = 0; + for (addr_list = host->h_addr_list; + *addr_list != NULL; + ++addr_list) + ++n_addrs; + + retval = expand (&hosts, (n_hosts + n_addrs) * sizeof(*hosts)); + if (retval) + goto rtn; + + for (addr_list = host->h_addr_list, j = 0; + (p = *addr_list) != NULL; + ++addr_list, ++j) { + memset (&hosts[n_hosts + j].addr, 0, + sizeof(struct sockaddr_in)); + hosts[n_hosts + j].addr.sin_family = host->h_addrtype; + hosts[n_hosts + j].addr.sin_port = htons(k_host->port); + hosts[n_hosts + j].proto = k_host->proto; + hosts[n_hosts + j].hostname = k_host->host; + memcpy(&hosts[n_hosts + j].addr.sin_addr, p, + sizeof(struct in_addr)); + } } for (j = 0; j < n_addrs; ++j) { - if (send_recv(pkt, rpkt, hosts[n_hosts + j].proto, - &hosts[n_hosts + j].addr)) { + if (send_recv(pkt, rpkt, &hosts[n_hosts + j])) { retval = KSUCCESS; goto rtn; } @@ -184,9 +213,7 @@ send_to_kdc(KTEXT pkt, KTEXT rpkt, const char *realm) /* retry each host in sequence */ for (retry = 0; retry < CLIENT_KRB_RETRY; ++retry) { for (i = 0; i < n_hosts; ++i) { - if (send_recv(pkt, rpkt, - hosts[i].proto, - &hosts[i].addr)) { + if (send_recv(pkt, rpkt, &hosts[i])) { retval = KSUCCESS; goto rtn; } @@ -205,24 +232,26 @@ udp_socket(void) } static int -udp_connect(int s, struct sockaddr_in *adr) +udp_connect(int s, struct host *host) { if(krb_debug) { - krb_warning("connecting to %s udp, port %d\n", - inet_ntoa(adr->sin_addr), - ntohs(adr->sin_port)); + krb_warning("connecting to %s (%s) udp, port %d\n", + host->hostname, + inet_ntoa(host->addr.sin_addr), + ntohs(host->addr.sin_port)); } - return connect(s, (struct sockaddr*)adr, sizeof(*adr)); + return connect(s, (struct sockaddr*)&host->addr, sizeof(host->addr)); } static int -udp_send(int s, struct sockaddr_in* adr, KTEXT pkt) +udp_send(int s, struct host *host, KTEXT pkt) { if(krb_debug) { - krb_warning("sending %d bytes to %s, udp port %d\n", + krb_warning("sending %d bytes to %s (%s), udp port %d\n", pkt->length, - inet_ntoa(adr->sin_addr), - ntohs(adr->sin_port)); + host->hostname, + inet_ntoa(host->addr.sin_addr), + ntohs(host->addr.sin_port)); } return send(s, pkt->dat, pkt->length, 0); } @@ -234,25 +263,28 @@ tcp_socket(void) } static int -tcp_connect(int s, struct sockaddr_in *adr) +tcp_connect(int s, struct host *host) { if(krb_debug) { - krb_warning("connecting to %s, tcp port %d\n", - inet_ntoa(adr->sin_addr), - ntohs(adr->sin_port)); + krb_warning("connecting to %s (%s), tcp port %d\n", + host->hostname, + inet_ntoa(host->addr.sin_addr), + ntohs(host->addr.sin_port)); } - return connect(s, (struct sockaddr*)adr, sizeof(*adr)); + return connect(s, (struct sockaddr*)&host->addr, sizeof(host->addr)); } static int -tcp_send(int s, struct sockaddr_in* adr, KTEXT pkt) +tcp_send(int s, struct host *host, KTEXT pkt) { unsigned char len[4]; + if(krb_debug) { - krb_warning("sending %d bytes to %s, tcp port %d\n", + krb_warning("sending %d bytes to %s (%s), tcp port %d\n", pkt->length, - inet_ntoa(adr->sin_addr), - ntohs(adr->sin_port)); + host->hostname, + inet_ntoa(host->addr.sin_addr), + ntohs(host->addr.sin_port)); } krb_put_int(pkt->length, len, sizeof(len), 4); if(send(s, len, sizeof(len), 0) != sizeof(len)) @@ -305,24 +337,23 @@ url_parse(const char *url, char *host, size_t len, short *port) return 0; } -#define PROXY_VAR "krb4_proxy" - static int -http_connect(int s, struct sockaddr_in *adr) +http_connect(int s, struct host *host) { const char *proxy = krb_get_config_string(PROXY_VAR); - char host[MaxHostNameLen]; + char proxy_host[MaxHostNameLen]; short port; struct hostent *hp; struct sockaddr_in sin; + if(proxy == NULL) { if(krb_debug) krb_warning("Not using proxy.\n"); - return tcp_connect(s, adr); + return tcp_connect(s, host); } - if(url_parse(proxy, host, sizeof(host), &port) < 0) + if(url_parse(proxy, proxy_host, sizeof(proxy_host), &port) < 0) return -1; - hp = gethostbyname(host); + hp = gethostbyname(proxy_host); if(hp == NULL) return -1; memset(&sin, 0, sizeof(sin)); @@ -331,36 +362,38 @@ http_connect(int s, struct sockaddr_in *adr) sin.sin_port = port; if(krb_debug) { krb_warning("connecting to proxy on %s (%s) port %d\n", - host, inet_ntoa(sin.sin_addr), ntohs(port)); + proxy_host, inet_ntoa(sin.sin_addr), ntohs(port)); } return connect(s, (struct sockaddr*)&sin, sizeof(sin)); } static int -http_send(int s, struct sockaddr_in* adr, KTEXT pkt) +http_send(int s, struct host *host, KTEXT pkt) { + const char *proxy = krb_get_config_string (PROXY_VAR); char *str; char *msg; if(base64_encode(pkt->dat, pkt->length, &str) < 0) return -1; - if(krb_get_config_string(PROXY_VAR)) { + if(proxy != NULL) { if(krb_debug) { krb_warning("sending %d bytes to %s, tcp port %d (via proxy)\n", pkt->length, - inet_ntoa(adr->sin_addr), - ntohs(adr->sin_port)); + host->hostname, + ntohs(host->addr.sin_port)); } asprintf(&msg, "GET http://%s:%d/%s HTTP/1.0\r\n\r\n", - inet_ntoa(adr->sin_addr), - ntohs(adr->sin_port), + host->hostname, + ntohs(host->addr.sin_port), str); } else { if(krb_debug) { - krb_warning("sending %d bytes to %s, http port %d\n", + krb_warning("sending %d bytes to %s (%s), http port %d\n", pkt->length, - inet_ntoa(adr->sin_addr), - ntohs(adr->sin_port)); + host->hostname, + inet_ntoa(host->addr.sin_addr), + ntohs(host->addr.sin_port)); } asprintf(&msg, "GET %s HTTP/1.0\r\n\r\n", str); } @@ -415,8 +448,8 @@ static struct proto_descr { int proto; int stream_flag; int (*socket)(void); - int (*connect)(int, struct sockaddr_in*); - int (*send)(int, struct sockaddr_in*, KTEXT); + int (*connect)(int, struct host *host); + int (*send)(int, struct host *host, KTEXT); int (*recv)(void*, size_t, KTEXT); } protos[] = { { PROTO_UDP, 0, udp_socket, udp_connect, udp_send, udptcp_recv }, @@ -425,7 +458,7 @@ static struct proto_descr { }; static int -send_recv(KTEXT pkt, KTEXT rpkt, int proto, struct sockaddr_in *adr) +send_recv(KTEXT pkt, KTEXT rpkt, struct host *host) { int i; int s; @@ -433,18 +466,18 @@ send_recv(KTEXT pkt, KTEXT rpkt, int proto, struct sockaddr_in *adr) int offset = 0; for(i = 0; i < sizeof(protos) / sizeof(protos[0]); i++){ - if(protos[i].proto == proto) + if(protos[i].proto == host->proto) break; } if(i == sizeof(protos) / sizeof(protos[0])) return FALSE; if((s = (*protos[i].socket)()) < 0) return FALSE; - if((*protos[i].connect)(s, adr) < 0){ + if((*protos[i].connect)(s, host) < 0) { close(s); return FALSE; } - if((*protos[i].send)(s, adr, pkt) < 0){ + if((*protos[i].send)(s, host, pkt) < 0) { close(s); return FALSE; } diff --git a/crypto/kerberosIV/lib/krb/sendauth.c b/crypto/kerberosIV/lib/krb/sendauth.c index 3debc49..201b388 100644 --- a/crypto/kerberosIV/lib/krb/sendauth.c +++ b/crypto/kerberosIV/lib/krb/sendauth.c @@ -21,7 +21,7 @@ or implied warranty. #include "krb_locl.h" -RCSID("$Id: sendauth.c,v 1.17 1998/06/09 19:25:26 joda Exp $"); +RCSID("$Id: sendauth.c,v 1.18 1999/09/16 20:41:55 assar Exp $"); /* * krb_sendauth() transmits a ticket over a file descriptor for a @@ -148,7 +148,7 @@ krb_sendauth(int32_t options, /* bit-pattern of options */ i = instance; else i = krb_get_phost(instance); - strcpy_truncate (inst, i, sizeof(inst)); + strlcpy (inst, i, sizeof(inst)); ret = krb_get_cred (service, inst, realm, cred); if (ret != KSUCCESS) diff --git a/crypto/kerberosIV/lib/krb/solaris_compat.c b/crypto/kerberosIV/lib/krb/solaris_compat.c index ff59dcb..ff31e4b 100644 --- a/crypto/kerberosIV/lib/krb/solaris_compat.c +++ b/crypto/kerberosIV/lib/krb/solaris_compat.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: solaris_compat.c,v 1.2.6.1 1999/07/22 03:15:53 assar Exp $"); +RCSID("$Id: solaris_compat.c,v 1.4 1999/12/02 16:58:44 joda Exp $"); #if (SunOS + 0) >= 50 /* diff --git a/crypto/kerberosIV/lib/krb/str2key.c b/crypto/kerberosIV/lib/krb/str2key.c index 71a2cea..4ef4c57 100644 --- a/crypto/kerberosIV/lib/krb/str2key.c +++ b/crypto/kerberosIV/lib/krb/str2key.c @@ -1,104 +1,105 @@ -/* This defines the Andrew string_to_key function. It accepts a password - * string as input and converts its via a one-way encryption algorithm to a DES - * encryption key. It is compatible with the original Andrew authentication - * service password database. +/* + * Copyright (c) 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb_locl.h" -RCSID("$Id: str2key.c,v 1.12.2.1 1999/08/19 13:35:01 assar Exp $"); +RCSID("$Id: str2key.c,v 1.17 1999/12/02 16:58:44 joda Exp $"); -static inline void -mklower(char *s) -{ - for (; *s; s++) - if ('A' <= *s && *s <= 'Z') - *s = *s - 'A' + 'a'; -} +#define lowcase(c) (('A' <= (c) && (c) <= 'Z') ? ((c) - 'A' + 'a') : (c)) /* - * Short passwords, i.e 8 characters or less. + * The string to key function used by Transarc AFS. */ -static inline void -afs_cmu_StringToKey(const char *str, const char *cell, des_cblock *key) -{ - char password[8+1]; /* crypt is limited to 8 chars anyway */ - int i; - int passlen; - - memset (key, 0, sizeof(key)); - memset(password, 0, sizeof(password)); - - strcpy_truncate (password, cell, sizeof(password)); - passlen = strlen (str); - if (passlen > 8) passlen = 8; - - for (i=0; i<passlen; i++) - password[i] = str[i] ^ cell[i]; /* make sure cell is zero padded */ - - for (i=0; i<8; i++) - if (password[i] == '\0') password[i] = 'X'; - - /* crypt only considers the first 8 characters of password but for some - reason returns eleven characters of result (plus the two salt chars). */ - strncpy((char *)key, crypt(password, "p1") + 2, sizeof(des_cblock)); - - /* parity is inserted into the LSB so leftshift each byte up one bit. This - allows ascii characters with a zero MSB to retain as much significance - as possible. */ - { char *keybytes = (char *)key; - unsigned int temp; - - for (i = 0; i < 8; i++) { - temp = (unsigned int) keybytes[i]; - keybytes[i] = (unsigned char) (temp << 1); - } - } - des_fixup_key_parity (key); -} - -/* - * Long passwords, i.e 9 characters or more. - */ -static inline void -afs_transarc_StringToKey(const char *str, const char *cell, des_cblock *key) -{ - des_key_schedule schedule; - des_cblock temp_key; - des_cblock ivec; - char password[512]; - int passlen; - - strcpy_truncate (password, str, sizeof(password)); - if ((passlen = strlen (password)) < sizeof(password)-1) - strcat_truncate (password, cell, sizeof(password)); - if ((passlen = strlen(password)) > sizeof(password)) - passlen = sizeof(password); - - memcpy(&ivec, "kerberos", 8); - memcpy(&temp_key, "kerberos", 8); - des_fixup_key_parity (&temp_key); - des_key_sched (&temp_key, schedule); - des_cbc_cksum ((des_cblock *)password, &ivec, passlen, schedule, &ivec); - - memcpy(&temp_key, &ivec, 8); - des_fixup_key_parity (&temp_key); - des_key_sched (&temp_key, schedule); - des_cbc_cksum ((des_cblock *)password, key, passlen, schedule, &ivec); - - des_fixup_key_parity (key); -} - void -afs_string_to_key(const char *str, const char *cell, des_cblock *key) +afs_string_to_key(const char *pass, const char *cell, des_cblock *key) { - char realm[REALM_SZ]; - - strcpy_truncate(realm, cell, REALM_SZ); - mklower(realm); - - if (strlen(str) > 8) - afs_transarc_StringToKey (str, realm, key); - else - afs_cmu_StringToKey (str, realm, key); + if (strlen(pass) <= 8) /* Short passwords. */ + { + char buf[8 + 1], *s; + int i; + + /* + * XOR cell and password and pad (or fill) with 'X' to length 8, + * then use crypt(3) to create DES key. + */ + for (i = 0; i < 8; i++) + { + buf[i] = *pass ^ lowcase(*cell); + if (buf[i] == 0) + buf[i] = 'X'; + if (*pass != 0) + pass++; + if (*cell != 0) + cell++; + } + buf[8] = 0; + + s = crypt(buf, "p1"); /* Result from crypt is 7bit chars. */ + s = s + 2; /* Skip 2 chars of salt. */ + for (i = 0; i < 8; i++) + ((char *) key)[i] = s[i] << 1; /* High bit is always zero */ + des_fixup_key_parity(key); /* Low bit is parity */ + } + else /* Long passwords */ + { + int plen, clen; + char *buf, *t; + des_key_schedule sched; + des_cblock ivec; + + /* + * Concatenate password with cell name, + * then checksum twice to create DES key. + */ + plen = strlen(pass); + clen = strlen(cell); + buf = malloc(plen + clen + 1); + memcpy(buf, pass, plen); + for (t = buf + plen; *cell != 0; t++, cell++) + *t = lowcase(*cell); + + memcpy(&ivec, "kerberos", 8); + memcpy(key, "kdsbdsns", 8); + des_key_sched(key, sched); + /* Beware, ivec is passed twice */ + des_cbc_cksum((des_cblock *)buf, &ivec, plen + clen, sched, &ivec); + + memcpy(key, &ivec, 8); + des_fixup_key_parity(key); + des_key_sched(key, sched); + /* Beware, ivec is passed twice */ + des_cbc_cksum((des_cblock *)buf, key, plen + clen, sched, &ivec); + free(buf); + des_fixup_key_parity(key); + } } diff --git a/crypto/kerberosIV/lib/krb/tf_util.c b/crypto/kerberosIV/lib/krb/tf_util.c index 27a6125..c738757 100644 --- a/crypto/kerberosIV/lib/krb/tf_util.c +++ b/crypto/kerberosIV/lib/krb/tf_util.c @@ -21,7 +21,7 @@ or implied warranty. #include "krb_locl.h" -RCSID("$Id: tf_util.c,v 1.35 1999/06/29 21:18:11 bg Exp $"); +RCSID("$Id: tf_util.c,v 1.39 1999/12/02 18:03:16 assar Exp $"); #define TOO_BIG -1 @@ -34,6 +34,10 @@ RCSID("$Id: tf_util.c,v 1.35 1999/06/29 21:18:11 bg Exp $"); #define O_BINARY 0 #endif +#define MAGIC_TICKET_NAME "magic" +#define MAGIC_TICKET_TIME_DIFF_INST "time-diff" +#define MAGIC_TICKET_ADDR_INST "our-address" + /* * fd must be initialized to something that won't ever occur as a real * file descriptor. Since open(2) returns only non-negative numbers as @@ -162,12 +166,17 @@ tf_init(char *tf_name, int rw) * All library functions now assume that the right set of userids * are set upon entry, therefore it's not strictly necessary to * perform these test for programs adhering to these assumptions. + * + * This doesn't work on cygwin because getuid() returns a different + * uid than the owner of files that are created. */ +#ifndef __CYGWIN__ { uid_t me = getuid(); if (stat_buf.st_uid != me && me != 0) return TKT_FIL_ACC; } +#endif /* * If "wflag" is set, open the ticket file in append-writeonly mode @@ -377,11 +386,8 @@ tf_put_pinst(const char *inst) * EOF - end of file encountered */ -#define MAGIC_TICKET_NAME "magic" -#define MAGIC_TICKET_INST "time-diff" - -int -tf_get_cred(CREDENTIALS *c) +static int +real_tf_get_cred(CREDENTIALS *c) { KTEXT ticket = &c->ticket_st; /* pointer to ticket */ int k_errno; @@ -391,7 +397,6 @@ tf_get_cred(CREDENTIALS *c) krb_warning ("tf_get_cred called before tf_init.\n"); return TKT_FIL_INI; } -again: if ((k_errno = tf_gets(c->service, SNAME_SZ)) < 2) switch (k_errno) { case TOO_BIG: @@ -443,17 +448,69 @@ again: krb_warning ("tf_get_cred: failed tf_read.\n"); return TKT_FIL_FMT; } - if(strcmp(c->service, MAGIC_TICKET_NAME) == 0 && - strcmp(c->instance, MAGIC_TICKET_INST) == 0) { - /* we found the magic `time diff' ticket; update the kdc time + return KSUCCESS; +} + +int +tf_get_cred(CREDENTIALS *c) +{ + int ret; + int fake; + + do { + fake = 0; + + ret = real_tf_get_cred (c); + if (ret) + return ret; + + if(strcmp(c->service, MAGIC_TICKET_NAME) == 0) { + if(strcmp(c->instance, MAGIC_TICKET_TIME_DIFF_INST) == 0) { + /* we found the magic `time diff' ticket; update the kdc time differential, and then get the next ticket */ - u_int32_t d; + u_int32_t d; - krb_get_int(c->ticket_st.dat, &d, 4, 0); - krb_set_kdc_time_diff(d); - goto again; - } - return KSUCCESS; + krb_get_int(c->ticket_st.dat, &d, 4, 0); + krb_set_kdc_time_diff(d); + fake = 1; + } else if (strcmp(c->instance, MAGIC_TICKET_ADDR_INST) == 0) { + fake = 1; + } + } + } while (fake); + return ret; +} + +int +tf_get_cred_addr(char *realm, size_t realm_sz, struct in_addr *addr) +{ + int ret; + int fake; + CREDENTIALS cred; + + do { + fake = 1; + + ret = real_tf_get_cred (&cred); + if (ret) + return ret; + + if(strcmp(cred.service, MAGIC_TICKET_NAME) == 0) { + if(strcmp(cred.instance, MAGIC_TICKET_TIME_DIFF_INST) == 0) { + /* we found the magic `time diff' ticket; update the kdc time + differential, and then get the next ticket */ + u_int32_t d; + + krb_get_int(cred.ticket_st.dat, &d, 4, 0); + krb_set_kdc_time_diff(d); + } else if (strcmp(cred.instance, MAGIC_TICKET_ADDR_INST) == 0) { + strlcpy(realm, cred.realm, realm_sz); + memcpy (addr, cred.ticket_st.dat, sizeof(*addr)); + fake = 0; + } + } + } while (fake); + return ret; } /* @@ -650,7 +707,8 @@ tf_setup(CREDENTIALS *cred, const char *pname, const char *pinst) int d = krb_get_kdc_time_diff(); krb_put_int(d, t.dat, sizeof(t.dat), 4); t.length = 4; - tf_save_cred(MAGIC_TICKET_NAME, MAGIC_TICKET_INST, cred->realm, s, + tf_save_cred(MAGIC_TICKET_NAME, MAGIC_TICKET_TIME_DIFF_INST, + cred->realm, s, cred->lifetime, 0, &t, cred->issue_date); } ret = tf_save_cred(cred->service, cred->instance, cred->realm, @@ -678,3 +736,70 @@ in_tkt(char *pname, char *pinst) tf_close(); return KSUCCESS; } + +/* + * If there's a magic ticket with an address for realm `realm' in + * ticket file, return it in `addr'. + * realm == NULL means any realm. + */ + +int +tf_get_addr (const char *realm, struct in_addr *addr) +{ + CREDENTIALS cred; + krb_principal princ; + int ret; + + ret = tf_init (tkt_string (), R_TKT_FIL); + if (ret) + return ret; + + ret = tf_get_pname (princ.name); + if (ret) + goto out; + ret = tf_get_pinst (princ.name); + if (ret) + goto out; + while ((ret = real_tf_get_cred (&cred)) == KSUCCESS) { + if (strcmp (cred.service, MAGIC_TICKET_NAME) == 0 + && strcmp (cred.instance, MAGIC_TICKET_ADDR_INST) == 0 + && (realm == NULL + || strcmp (cred.realm, realm) == 0)) { + memcpy (addr, cred.ticket_st.dat, sizeof(*addr)); + goto out; + } + } + ret = KFAILURE; + +out: + tf_close (); + return ret; +} + +/* + * Store `realm, addr' as a magic ticket. + */ + +int +tf_store_addr (const char *realm, struct in_addr *addr) +{ + CREDENTIALS c; + krb_principal princ; + int ret; + des_cblock s = { 0, 0, 0, 0, 0, 0, 0, 0 }; + KTEXT_ST t; + + ret = tf_init (tkt_string (), W_TKT_FIL); + if (ret) + return ret; + + t.length = sizeof(*addr); + memcpy (t.dat, addr, sizeof(*addr)); + + ret = tf_save_cred (MAGIC_TICKET_NAME, MAGIC_TICKET_ADDR_INST, + (char *)realm, s, 0, /* lifetime */ + 0, /* kvno */ + &t, time(NULL)); + tf_close (); + return ret; +} diff --git a/crypto/kerberosIV/lib/krb/ticket_memory.c b/crypto/kerberosIV/lib/krb/ticket_memory.c index d1fab2e..f694190 100644 --- a/crypto/kerberosIV/lib/krb/ticket_memory.c +++ b/crypto/kerberosIV/lib/krb/ticket_memory.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -45,7 +40,7 @@ #include "krb_locl.h" #include "ticket_memory.h" -RCSID("$Id: ticket_memory.c,v 1.13 1998/08/23 18:07:41 assar Exp $"); +RCSID("$Id: ticket_memory.c,v 1.15 1999/12/02 16:58:44 joda Exp $"); void msg(char *text, int error); @@ -81,7 +76,7 @@ newTktMem(const char *tf_name) if(GetLastError() != ERROR_ALREADY_EXISTS) { memset(SharedMemory, 0, sizeof(*SharedMemory)); if(tf_name) - strcpy_truncate(SharedMemory->tmname, + strlcpy(SharedMemory->tmname, tf_name, sizeof(SharedMemory->tmname)); } } @@ -261,7 +256,7 @@ tf_get_pname(char *p) return KFAILURE; if(!TktStore->pname[0]) return KFAILURE; - strcpy_truncate(p, TktStore->pname, ANAME_SZ); + strlcpy(p, TktStore->pname, ANAME_SZ); return KSUCCESS; } @@ -277,7 +272,7 @@ tf_put_pname(char *p) if(!(TktStore = getTktMem(0))) return KFAILURE; - strcpy_truncate(TktStore->pname, p, sizeof(TktStore->pname)); + strlcpy(TktStore->pname, p, sizeof(TktStore->pname)); return KSUCCESS; } @@ -298,7 +293,7 @@ tf_get_pinst(char *inst) if(!(TktStore = getTktMem(0))) return KFAILURE; - strcpy_truncate(inst, TktStore->pinst, INST_SZ); + strlcpy(inst, TktStore->pinst, INST_SZ); return KSUCCESS; } @@ -314,7 +309,7 @@ tf_put_pinst(char *inst) if(!(TktStore = getTktMem(0))) return KFAILURE; - strcpy_truncate(TktStore->pinst, inst, sizeof(TktStore->pinst)); + strlcpy(TktStore->pinst, inst, sizeof(TktStore->pinst)); return KSUCCESS; } @@ -391,16 +386,16 @@ tf_save_cred(char *service, /* Service name */ if(last == -1) return KFAILURE; cred = mem->cred_vec+last; - strcpy_truncate(cred->service, service, sizeof(cred->service)); - strcpy_truncate(cred->instance, instance, sizeof(cred->instance)); - strcpy_truncate(cred->realm, realm, sizeof(cred->realm)); + strlcpy(cred->service, service, sizeof(cred->service)); + strlcpy(cred->instance, instance, sizeof(cred->instance)); + strlcpy(cred->realm, realm, sizeof(cred->realm)); memcpy(cred->session, session, sizeof(cred->session)); cred->lifetime = lifetime; cred->kvno = kvno; memcpy(&(cred->ticket_st), ticket, sizeof(*ticket)); cred->issue_date = issue_date; - strcpy_truncate(cred->pname, mem->pname, sizeof(cred->pname)); - strcpy_truncate(cred->pinst, mem->pinst, sizeof(cred->pinst)); + strlcpy(cred->pname, mem->pname, sizeof(cred->pname)); + strlcpy(cred->pinst, mem->pinst, sizeof(cred->pinst)); PostUpdateMessage(); return KSUCCESS; } diff --git a/crypto/kerberosIV/lib/krb/ticket_memory.h b/crypto/kerberosIV/lib/krb/ticket_memory.h index 307fb9a..72fb686 100644 --- a/crypto/kerberosIV/lib/krb/ticket_memory.h +++ b/crypto/kerberosIV/lib/krb/ticket_memory.h @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -40,7 +35,7 @@ * Author: d93-jka@nada.kth.se - June 1996 */ -/* $Id: ticket_memory.h,v 1.7 1998/06/03 02:31:05 joda Exp $ */ +/* $Id: ticket_memory.h,v 1.8 1999/12/02 16:58:44 joda Exp $ */ #ifndef TICKET_MEMORY_H #define TICKET_MEMORY_H diff --git a/crypto/kerberosIV/lib/krb/time.c b/crypto/kerberosIV/lib/krb/time.c index 23831cf..015259b 100644 --- a/crypto/kerberosIV/lib/krb/time.c +++ b/crypto/kerberosIV/lib/krb/time.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: time.c,v 1.3 1998/09/30 22:36:19 assar Exp $"); +RCSID("$Id: time.c,v 1.4 1999/12/02 16:58:44 joda Exp $"); /* number of seconds the kdc clock is ahead of us */ static int time_diff; diff --git a/crypto/kerberosIV/lib/krb/tkt_string.c b/crypto/kerberosIV/lib/krb/tkt_string.c index 2c81288..0aa787c 100644 --- a/crypto/kerberosIV/lib/krb/tkt_string.c +++ b/crypto/kerberosIV/lib/krb/tkt_string.c @@ -21,7 +21,7 @@ or implied warranty. #include "krb_locl.h" -RCSID("$Id: tkt_string.c,v 1.14 1998/06/09 19:25:28 joda Exp $"); +RCSID("$Id: tkt_string.c,v 1.15 1999/09/16 20:41:55 assar Exp $"); /* * This routine is used to generate the name of the file that holds @@ -46,7 +46,7 @@ tkt_string(void) if (!*krb_ticket_string) { if ((env = getenv("KRBTKFILE"))) { - strcpy_truncate (krb_ticket_string, + strlcpy (krb_ticket_string, env, sizeof(krb_ticket_string)); } else { @@ -71,5 +71,5 @@ tkt_string(void) void krb_set_tkt_string(const char *val) { - strcpy_truncate (krb_ticket_string, val, sizeof(krb_ticket_string)); + strlcpy (krb_ticket_string, val, sizeof(krb_ticket_string)); } diff --git a/crypto/kerberosIV/lib/krb/unparse_name.c b/crypto/kerberosIV/lib/krb/unparse_name.c index 9d39f1d..36f0a71 100644 --- a/crypto/kerberosIV/lib/krb/unparse_name.c +++ b/crypto/kerberosIV/lib/krb/unparse_name.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: unparse_name.c,v 1.8 1998/06/09 19:25:28 joda Exp $"); +RCSID("$Id: unparse_name.c,v 1.10 1999/12/02 16:58:44 joda Exp $"); static void quote_string(char *quote, char *from, char *to) @@ -76,11 +71,11 @@ krb_unparse_name_long_r(char *name, char *instance, char *realm, krb_principal pr; memset(&pr, 0, sizeof(pr)); - strcpy_truncate(pr.name, name, sizeof(pr.name)); + strlcpy(pr.name, name, sizeof(pr.name)); if(instance) - strcpy_truncate(pr.instance, instance, sizeof(pr.instance)); + strlcpy(pr.instance, instance, sizeof(pr.instance)); if(realm) - strcpy_truncate(pr.realm, realm, sizeof(pr.realm)); + strlcpy(pr.realm, realm, sizeof(pr.realm)); return krb_unparse_name_r(&pr, fullname); } @@ -98,10 +93,10 @@ krb_unparse_name_long(char *name, char *instance, char *realm) krb_principal pr; memset(&pr, 0, sizeof(pr)); - strcpy_truncate(pr.name, name, sizeof(pr.name)); + strlcpy(pr.name, name, sizeof(pr.name)); if(instance) - strcpy_truncate(pr.instance, instance, sizeof(pr.instance)); + strlcpy(pr.instance, instance, sizeof(pr.instance)); if(realm) - strcpy_truncate(pr.realm, realm, sizeof(pr.realm)); + strlcpy(pr.realm, realm, sizeof(pr.realm)); return krb_unparse_name(&pr); } diff --git a/crypto/kerberosIV/lib/krb/verify_user.c b/crypto/kerberosIV/lib/krb/verify_user.c index de692dd..36c64d7 100644 --- a/crypto/kerberosIV/lib/krb/verify_user.c +++ b/crypto/kerberosIV/lib/krb/verify_user.c @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,7 +33,7 @@ #include "krb_locl.h" -RCSID("$Id: verify_user.c,v 1.14 1999/03/16 17:31:39 assar Exp $"); +RCSID("$Id: verify_user.c,v 1.17.2.1 1999/12/06 22:57:17 assar Exp $"); /* * Verify user (name.instance@realm) with `password'. @@ -134,7 +129,7 @@ krb_verify_user_srvtab_exact(char *name, } /* - * + * Try to verify the user and password against all the local realms. */ int @@ -146,45 +141,26 @@ krb_verify_user_srvtab(char *name, char *linstance, char *srvtab) { + int ret; int n; char rlm[256]; -#define ERICSSON_COMPAT 1 -#ifdef ERICSSON_COMPAT - FILE *f; - - f = fopen ("/etc/krb.localrealms", "r"); - if (f != NULL) { - while (fgets(rlm, sizeof(rlm), f) != NULL) { - if (rlm[strlen(rlm) - 1] == '\n') - rlm[strlen(rlm) - 1] = '\0'; - - if (krb_verify_user_srvtab_exact(name, instance, rlm, password, - secure, linstance, srvtab) - == KSUCCESS) { - fclose(f); - return KSUCCESS; - } - } - fclose (f); - return krb_verify_user_srvtab_exact(name, instance, realm, password, - secure, linstance, srvtab); - } -#endif + /* First try to verify against the supplied realm. */ - if (krb_verify_user_srvtab_exact(name, instance, realm, password, - secure, linstance, srvtab) - == KSUCCESS) + ret = krb_verify_user_srvtab_exact(name, instance, realm, password, + secure, linstance, srvtab); + if (ret == KSUCCESS) return KSUCCESS; /* Verify all local realms, except the supplied realm. */ for (n = 1; krb_get_lrealm(rlm, n) == KSUCCESS; n++) - if (strcmp(rlm, realm) != 0) - if (krb_verify_user_srvtab_exact(name, instance, rlm, password, - secure, linstance, srvtab) - == KSUCCESS) + if (strcmp(rlm, realm) != 0) { + ret = krb_verify_user_srvtab_exact(name, instance, rlm, password, + secure, linstance, srvtab); + if (ret == KSUCCESS) return KSUCCESS; + } - return KFAILURE; + return ret; } /* @@ -205,5 +181,5 @@ krb_verify_user(char *name, password, secure, linstance, - KEYFILE); + (char *)KEYFILE); } |
