diff options
| author | markm <markm@FreeBSD.org> | 1997-09-04 06:04:33 +0000 |
|---|---|---|
| committer | markm <markm@FreeBSD.org> | 1997-09-04 06:04:33 +0000 |
| commit | a8a89cfaf983bc64f4b42f7c35209a5a36dd0fe8 (patch) | |
| tree | 0b84977f19022a965f8c6145f067f951173f6290 /crypto/kerberosIV/lib/krb | |
| download | FreeBSD-src-a8a89cfaf983bc64f4b42f7c35209a5a36dd0fe8.zip FreeBSD-src-a8a89cfaf983bc64f4b42f7c35209a5a36dd0fe8.tar.gz | |
Initial import of KTH eBones. This has been cleaned up to only include
the "core" Kerberos functionality. The rest of the userland will get their
own changes later.
Diffstat (limited to 'crypto/kerberosIV/lib/krb')
85 files changed, 14278 insertions, 0 deletions
diff --git a/crypto/kerberosIV/lib/krb/Makefile.in b/crypto/kerberosIV/lib/krb/Makefile.in new file mode 100644 index 0000000..8b34d65 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/Makefile.in @@ -0,0 +1,269 @@ +# +# $Id: Makefile.in,v 1.74 1997/05/19 03:03:05 assar Exp $ +# + +# Under SunOS-5.x it is necessary to link with -ldes to be binary compatible. +LIBDES=`test -r /usr/lib/libkrb.so.1 && echo "-lresolv -L../des -ldes"; true` + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +LN_S = @LN_S@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ +LD_FLAGS = @LD_FLAGS@ +EXECSUFFIX=@EXECSUFFIX@ + +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +COMPILE_ET = ../../util/et/compile_et$(EXECSUFFIX) -language ansi-c + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ + +PICFLAGS = @PICFLAGS@ + +PROGS = sizetest$(EXEC_SUFFIX) +LIBNAME = $(LIBPREFIX)krb +LIBEXT = @LIBEXT@ +SHLIBEXT = @SHLIBEXT@ +LIBPREFIX = @LIBPREFIX@ +LDSHARED = @LDSHARED@ +LIB = $(LIBNAME).$(LIBEXT) + +SOURCES = cr_err_reply.c \ + create_auth_reply.c \ + create_ciph.c \ + create_death_packet.c \ + create_ticket.c \ + dest_tkt.c \ + get_in_tkt.c \ + get_svc_in_tkt.c \ + getrealm.c \ + k_localtime.c \ + krb_err_txt.c \ + krb_get_in_tkt.c \ + kuserok.c \ + parse_name.c \ + kntoln.c \ + mk_auth.c \ + krb_check_auth.c \ + mk_err.c \ + mk_safe.c \ + rd_err.c \ + rd_safe.c \ + recvauth.c \ + mk_priv.c \ + rd_req.c \ + decomp_ticket.c \ + lifetime.c \ + month_sname.c \ + stime.c \ + read_service_key.c \ + getst.c \ + sendauth.c \ + netread.c \ + netwrite.c \ + rd_priv.c \ + krb_equiv.c \ + str2key.c \ + get_ad_tkt.c \ + mk_req.c \ + get_cred.c \ + get_tf_realm.c \ + get_tf_fullname.c \ + one.c \ + save_credentials.c \ + send_to_kdc.c \ + get_host.c \ + get_krbrlm.c \ + k_gethostname.c \ + tf_util.c \ + debug_decl.c \ + k_flock.c \ + tkt_string.c \ + getaddrs.c \ + k_getsockinst.c \ + k_getport.c \ + lsb_addr_comp.c \ + name2name.c \ + get_default_principal.c \ + realm_parse.c \ + verify_user.c \ + rw.c \ + kdc_reply.c \ + encrypt_ktext.c \ + swab.c \ + gettimeofday.c \ + check_time.c \ + krb_err.c \ + et_list.c \ + resolve.c \ + unparse_name.c \ + logging.c \ + k_concat.c + +# these files reside in ../roken +# snprintf.c \ +# strdup.c \ +# strtok_r.c \ +# strcasecmp.c + +OBJECTS = cr_err_reply.o \ + create_auth_reply.o \ + create_ciph.o \ + create_death_packet.o \ + create_ticket.o \ + dest_tkt.o \ + get_in_tkt.o \ + get_svc_in_tkt.o \ + getrealm.o \ + k_localtime.o \ + krb_err_txt.o \ + krb_get_in_tkt.o \ + kuserok.o \ + parse_name.o \ + kntoln.o \ + mk_auth.o \ + krb_check_auth.o \ + mk_err.o \ + mk_safe.o \ + rd_err.o \ + rd_safe.o \ + recvauth.o \ + mk_priv.o \ + rd_req.o \ + decomp_ticket.o \ + lifetime.o \ + month_sname.o \ + stime.o \ + read_service_key.o \ + getst.o \ + sendauth.o \ + netread.o \ + netwrite.o \ + rd_priv.o \ + krb_equiv.o \ + str2key.o \ + get_ad_tkt.o \ + mk_req.o \ + get_cred.o \ + get_tf_realm.o \ + get_tf_fullname.o \ + one.o \ + save_credentials.o \ + send_to_kdc.o \ + get_host.o \ + get_krbrlm.o \ + k_gethostname.o \ + tf_util.o \ + debug_decl.o \ + k_flock.o \ + tkt_string.o \ + getaddrs.o \ + k_getsockinst.o \ + k_getport.o \ + lsb_addr_comp.o \ + name2name.o \ + get_default_principal.o \ + realm_parse.o \ + verify_user.o \ + rw.o \ + kdc_reply.o \ + encrypt_ktext.o \ + swab.o \ + gettimeofday.o \ + check_time.o \ + krb_err.o \ + resolve.o \ + unparse_name.o \ + logging.o \ + k_concat.o \ + snprintf.o \ + strdup.o \ + strtok_r.o \ + strcasecmp.o + +# This is only needed by some shared library implementations +LDOBJ = et_list.o + +all: $(LIB) $(PROGS) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(libdir) + $(INSTALL_DATA) -m 0555 $(LIB) $(libdir) + +uninstall: + rm -f $(libdir)/$(LIB) + +TAGS: $(SOURCES) + etags $(SOURCES) + +sizetest.o: sizetest.c + $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $< + +sizetest$(EXECSUFFIX): sizetest.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ sizetest.o + +check: sizetest$(EXECSUFFIX) + ./sizetest$(EXECSUFFIX) + +clean: + rm -f $(LIB) *.o *.a krb_err.c krb_err.h $(PROGS) + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +$(LIBNAME).a: $(OBJECTS) + rm -f $@ + $(AR) cr $@ $(OBJECTS) + -$(RANLIB) $@ + +$(LIBNAME).$(SHLIBEXT): $(OBJECTS) $(LDOBJ) + rm -f $@ + $(LDSHARED) -o $@ $(OBJECTS) $(LDOBJ) $(LIBDES) + +krb_err.c krb_err.h: krb_err.et + test -r krb_err.et || (rm -f krb_err.et && $(LN_S) $(srcdir)/krb_err.et .) + $(COMPILE_ET) krb_err.et + +snprintf.c: + $(LN_S) $(srcdir)/../roken/snprintf.c . + +strdup.c: + $(LN_S) $(srcdir)/../roken/strdup.c . + +strtok_r.c: + $(LN_S) $(srcdir)/../roken/strtok_r.c . + +strcasecmp.c: + $(LN_S) $(srcdir)/../roken/strcasecmp.c . + +$(OBJECTS): ../../include/config.h +$(OBJECTS): krb_locl.h krb.h krb_err.h +one.o: ../../include/version.h diff --git a/crypto/kerberosIV/lib/krb/check_time.c b/crypto/kerberosIV/lib/krb/check_time.c new file mode 100644 index 0000000..3c3e6c0 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/check_time.c @@ -0,0 +1,56 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: check_time.c,v 1.4 1997/04/01 08:18:18 joda Exp $"); + +int +krb_check_tm (struct tm tm) +{ + return tm.tm_mon < 0 + || tm.tm_mon > 11 + || tm.tm_hour < 0 + || tm.tm_hour > 23 + || tm.tm_min < 0 + || tm.tm_min > 59 + || tm.tm_sec < 0 + || tm.tm_sec > 59 + || tm.tm_year < 1901 + || tm.tm_year > 2038; +} diff --git a/crypto/kerberosIV/lib/krb/cr_err_reply.c b/crypto/kerberosIV/lib/krb/cr_err_reply.c new file mode 100644 index 0000000..2c1956a --- /dev/null +++ b/crypto/kerberosIV/lib/krb/cr_err_reply.c @@ -0,0 +1,99 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: cr_err_reply.c,v 1.9 1997/04/01 08:18:19 joda Exp $"); + +/* + * This routine is used by the Kerberos authentication server to + * create an error reply packet to send back to its client. + * + * It takes a pointer to the packet to be built, the name, instance, + * and realm of the principal, the client's timestamp, an error code + * and an error string as arguments. Its return value is undefined. + * + * The packet is built in the following format: + * + * type variable data + * or constant + * ---- ----------- ---- + * + * unsigned char req_ack_vno protocol version number + * + * unsigned char AUTH_MSG_ERR_REPLY protocol message type + * + * [least significant HOST_BYTE_ORDER sender's (server's) byte + * bit of above field] order + * + * string pname principal's name + * + * string pinst principal's instance + * + * string prealm principal's realm + * + * unsigned long time_ws client's timestamp + * + * unsigned long e error code + * + * string e_string error text + */ + +void +cr_err_reply(KTEXT pkt, char *pname, char *pinst, char *prealm, + u_int32_t time_ws, u_int32_t e, char *e_string) +{ + unsigned char *p = pkt->dat; + + p += krb_put_int(KRB_PROT_VERSION, p, 1); + p += krb_put_int(AUTH_MSG_ERR_REPLY, p, 1); + + if (pname == NULL) pname = ""; + if (pinst == NULL) pinst = ""; + if (prealm == NULL) prealm = ""; + + p += krb_put_nir(pname, pinst, prealm, p); + + p += krb_put_int(time_ws, p, 4); + + p += krb_put_int(e, p, 4); + + p += krb_put_string(e_string, p); + + pkt->length = p - pkt->dat; +} diff --git a/crypto/kerberosIV/lib/krb/create_auth_reply.c b/crypto/kerberosIV/lib/krb/create_auth_reply.c new file mode 100644 index 0000000..4976c46 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/create_auth_reply.c @@ -0,0 +1,131 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: create_auth_reply.c,v 1.11 1997/04/01 08:18:20 joda Exp $"); + +/* + * This routine is called by the Kerberos authentication server + * to create a reply to an authentication request. The routine + * takes the user's name, instance, and realm, the client's + * timestamp, the number of tickets, the user's key version + * number and the ciphertext containing the tickets themselves. + * It constructs a packet and returns a pointer to it. + * + * Notes: The packet returned by this routine is static. Thus, if you + * intend to keep the result beyond the next call to this routine, you + * must copy it elsewhere. + * + * The packet is built in the following format: + * + * variable + * type or constant data + * ---- ----------- ---- + * + * unsigned char KRB_PROT_VERSION protocol version number + * + * unsigned char AUTH_MSG_KDC_REPLY protocol message type + * + * [least significant HOST_BYTE_ORDER sender's (server's) byte + * bit of above field] order + * + * string pname principal's name + * + * string pinst principal's instance + * + * string prealm principal's realm + * + * unsigned long time_ws client's timestamp + * + * unsigned char n number of tickets + * + * unsigned long x_date expiration date + * + * unsigned char kvno master key version + * + * short w_1 cipher length + * + * --- cipher->dat cipher data + */ + +KTEXT +create_auth_reply(char *pname, /* Principal's name */ + char *pinst, /* Principal's instance */ + char *prealm, /* Principal's authentication domain */ + int32_t time_ws, /* Workstation time */ + int n, /* Number of tickets */ + u_int32_t x_date, /* Principal's expiration date */ + int kvno, /* Principal's key version number */ + KTEXT cipher) /* Cipher text with tickets and session keys */ +{ + static KTEXT_ST pkt_st; + KTEXT pkt = &pkt_st; + + unsigned char *p = pkt->dat; + + p += krb_put_int(KRB_PROT_VERSION, p, 1); + p += krb_put_int(AUTH_MSG_KDC_REPLY, p, 1); + + if(n != 0){ + /* barf on old code */ + krb_warning("create_auth_reply: don't give me no krb3 crap!" + " (n == %d)\n", n); + return NULL; + } + + + p += krb_put_nir(pname, pinst, prealm, p); + + p += krb_put_int(time_ws, p, 4); + + p += krb_put_int(n, p, 1); + + p += krb_put_int(x_date, p, 4); + + p += krb_put_int(kvno, p, 1); + + p += krb_put_int(cipher->length, p, 2); + + memcpy(p, cipher->dat, cipher->length); + p += cipher->length; + + pkt->length = p - pkt->dat; + + return pkt; +} diff --git a/crypto/kerberosIV/lib/krb/create_ciph.c b/crypto/kerberosIV/lib/krb/create_ciph.c new file mode 100644 index 0000000..27d27ff --- /dev/null +++ b/crypto/kerberosIV/lib/krb/create_ciph.c @@ -0,0 +1,117 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: create_ciph.c,v 1.9 1997/04/01 08:18:20 joda Exp $"); + +/* + * This routine is used by the authentication server to create + * a packet for its client, containing a ticket for the requested + * service (given in "tkt"), and some information about the ticket, + * + * Returns KSUCCESS no matter what. + * + * The length of the cipher is stored in c->length; the format of + * c->dat is as follows: + * + * variable + * type or constant data + * ---- ----------- ---- + * + * + * 8 bytes session session key for client, service + * + * string service service name + * + * string instance service instance + * + * string realm KDC realm + * + * unsigned char life ticket lifetime + * + * unsigned char kvno service key version number + * + * unsigned char tkt->length length of following ticket + * + * data tkt->dat ticket for service + * + * 4 bytes kdc_time KDC's timestamp + * + * <=7 bytes null null pad to 8 byte multiple + * + */ + +int +create_ciph(KTEXT c, /* Text block to hold ciphertext */ + unsigned char *session, /* Session key to send to user */ + char *service, /* Service name on ticket */ + char *instance, /* Instance name on ticket */ + char *realm, /* Realm of this KDC */ + u_int32_t life, /* Lifetime of the ticket */ + int kvno, /* Key version number for service */ + KTEXT tkt, /* The ticket for the service */ + u_int32_t kdc_time, /* KDC time */ + des_cblock *key) /* Key to encrypt ciphertext with */ + +{ + unsigned char *p = c->dat; + + memset(c, 0, sizeof(KTEXT_ST)); + + memcpy(p, session, 8); + p += 8; + + p += krb_put_nir(service, instance, realm, p); + + p += krb_put_int(life, p, 1); + p += krb_put_int(kvno, p, 1); + + p += krb_put_int(tkt->length, p, 1); + + memcpy(p, tkt->dat, tkt->length); + p += tkt->length; + + p += krb_put_int(kdc_time, p, 4); + + /* multiple of eight bytes */ + c->length = (p - c->dat + 7) & ~7; + + encrypt_ktext(c, key, DES_ENCRYPT); + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/create_death_packet.c b/crypto/kerberosIV/lib/krb/create_death_packet.c new file mode 100644 index 0000000..f74ba30 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/create_death_packet.c @@ -0,0 +1,85 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: create_death_packet.c,v 1.8 1997/04/01 08:18:21 joda Exp $"); + +/* + * This routine creates a packet to type AUTH_MSG_DIE which is sent to + * the Kerberos server to make it shut down. It is used only in the + * development environment. + * + * It takes a string "a_name" which is sent in the packet. A pointer + * to the packet is returned. + * + * The format of the killer packet is: + * + * type variable data + * or constant + * ---- ----------- ---- + * + * unsigned char KRB_PROT_VERSION protocol version number + * + * unsigned char AUTH_MSG_DIE message type + * + * [least significant HOST_BYTE_ORDER byte order of sender + * bit of above field] + * + * string a_name presumably, name of + * principal sending killer + * packet + */ + +#ifdef DEBUG +KTEXT +krb_create_death_packet(char *a_name) +{ + static KTEXT_ST pkt_st; + KTEXT pkt = &pkt_st; + + unsigned char *p = pkt->dat; + + p += krb_put_int(KRB_PROT_VERSION, p, 1); + p += krb_put_int(AUTH_MSG_DIE, p, 1); + + p += krb_put_string(a_name, p); + pkt->length = p - pkt->dat; + return pkt; +} +#endif /* DEBUG */ diff --git a/crypto/kerberosIV/lib/krb/create_ticket.c b/crypto/kerberosIV/lib/krb/create_ticket.c new file mode 100644 index 0000000..b469232 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/create_ticket.c @@ -0,0 +1,134 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: create_ticket.c,v 1.12 1997/04/01 08:18:21 joda Exp $"); + +/* + * Create ticket takes as arguments information that should be in a + * ticket, and the KTEXT object in which the ticket should be + * constructed. It then constructs a ticket and returns, leaving the + * newly created ticket in tkt. + * The length of the ticket is a multiple of + * eight bytes and is in tkt->length. + * + * If the ticket is too long, the ticket will contain nulls. + * + * The corresponding routine to extract information from a ticket it + * decomp_ticket. When changes are made to this routine, the + * corresponding changes should also be made to that file. + * + * The packet is built in the following format: + * + * variable + * type or constant data + * ---- ----------- ---- + * + * tkt->length length of ticket (multiple of 8 bytes) + * + * tkt->dat: + * + * unsigned char flags namely, HOST_BYTE_ORDER + * + * string pname client's name + * + * string pinstance client's instance + * + * string prealm client's realm + * + * 4 bytes paddress client's address + * + * 8 bytes session session key + * + * 1 byte life ticket lifetime + * + * 4 bytes time_sec KDC timestamp + * + * string sname service's name + * + * string sinstance service's instance + * + * <=7 bytes null null pad to 8 byte multiple + * + */ + +int +krb_create_ticket(KTEXT tkt, /* Gets filled in by the ticket */ + unsigned char flags, /* Various Kerberos flags */ + char *pname, /* Principal's name */ + char *pinstance, /* Principal's instance */ + char *prealm, /* Principal's authentication domain */ + int32_t paddress, /* Net address of requesting entity */ + void *session, /* Session key inserted in ticket */ + int16_t life, /* Lifetime of the ticket */ + int32_t time_sec, /* Issue time and date */ + char *sname, /* Service Name */ + char *sinstance, /* Instance Name */ + des_cblock *key) /* Service's secret key */ +{ + unsigned char *p = tkt->dat; + + memset(tkt, 0, sizeof(KTEXT_ST)); + + p += krb_put_int(flags, p, 1); + p += krb_put_nir(pname, pinstance, prealm, p); + + p += krb_put_address(paddress, p); + + memcpy(p, session, 8); + p += 8; + + p += krb_put_int(life, p, 1); + p += krb_put_int(time_sec, p, 4); + + p += krb_put_nir(sname, sinstance, NULL, p); + + /* multiple of eight bytes */ + tkt->length = (p - tkt->dat + 7) & ~7; + + /* Check length of ticket */ + if (tkt->length > (sizeof(KTEXT_ST) - 7)) { + memset(tkt->dat, 0, tkt->length); + tkt->length = 0; + return KFAILURE /* XXX */; + } + + encrypt_ktext(tkt, key, DES_ENCRYPT); + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/debug_decl.c b/crypto/kerberosIV/lib/krb/debug_decl.c new file mode 100644 index 0000000..5358bcb --- /dev/null +++ b/crypto/kerberosIV/lib/krb/debug_decl.c @@ -0,0 +1,29 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: debug_decl.c,v 1.6 1997/03/23 03:53:07 joda Exp $"); + +/* Declare global debugging variables. */ + +int krb_ap_req_debug = 0; +int krb_debug = 0; diff --git a/crypto/kerberosIV/lib/krb/decomp_ticket.c b/crypto/kerberosIV/lib/krb/decomp_ticket.c new file mode 100644 index 0000000..8e556a3 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/decomp_ticket.c @@ -0,0 +1,119 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: decomp_ticket.c,v 1.16 1997/04/01 08:18:22 joda Exp $"); + +/* + * This routine takes a ticket and pointers to the variables that + * should be filled in based on the information in the ticket. It + * fills in values for its arguments. + * + * The routine returns KFAILURE if any of the "pname", "pinstance", + * or "prealm" fields is too big, otherwise it returns KSUCCESS. + * + * The corresponding routine to generate tickets is create_ticket. + * When changes are made to this routine, the corresponding changes + * should also be made to that file. + * + * See create_ticket.c for the format of the ticket packet. + */ + +int +decomp_ticket(KTEXT tkt, /* The ticket to be decoded */ + unsigned char *flags, /* Kerberos ticket flags */ + char *pname, /* Authentication name */ + char *pinstance, /* Principal's instance */ + char *prealm, /* Principal's authentication domain */ + u_int32_t *paddress,/* Net address of entity requesting ticket */ + unsigned char *session, /* Session key inserted in ticket */ + int *life, /* Lifetime of the ticket */ + u_int32_t *time_sec, /* Issue time and date */ + char *sname, /* Service name */ + char *sinstance, /* Service instance */ + des_cblock *key, /* Service's secret key (to decrypt the ticket) */ + des_key_schedule schedule) /* The precomputed key schedule */ + +{ + unsigned char *p = tkt->dat; + + int little_endian; + + des_pcbc_encrypt((des_cblock *)tkt->dat, (des_cblock *)tkt->dat, + tkt->length, schedule, key, DES_DECRYPT); + + tkt->mbz = 0; + + *flags = *p++; + + little_endian = (*flags >> K_FLAG_ORDER) & 1; + + if(strlen((char*)p) > ANAME_SZ) + return KFAILURE; + p += krb_get_string(p, pname); + + if(strlen((char*)p) > INST_SZ) + return KFAILURE; + p += krb_get_string(p, pinstance); + + if(strlen((char*)p) > REALM_SZ) + return KFAILURE; + p += krb_get_string(p, prealm); + + if(tkt->length - (p - tkt->dat) < 8 + 1 + 4) + return KFAILURE; + p += krb_get_address(p, paddress); + + memcpy(session, p, 8); + p += 8; + + *life = *p++; + + p += krb_get_int(p, time_sec, 4, little_endian); + + if(strlen((char*)p) > SNAME_SZ) + return KFAILURE; + p += krb_get_string(p, sname); + + if(strlen((char*)p) > INST_SZ) + return KFAILURE; + p += krb_get_string(p, sinstance); + + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/dest_tkt.c b/crypto/kerberosIV/lib/krb/dest_tkt.c new file mode 100644 index 0000000..0487e6b --- /dev/null +++ b/crypto/kerberosIV/lib/krb/dest_tkt.c @@ -0,0 +1,82 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: dest_tkt.c,v 1.11 1997/05/19 03:03:40 assar Exp $"); + +/* + * dest_tkt() is used to destroy the ticket store upon logout. + * If the ticket file does not exist, dest_tkt() returns RET_TKFIL. + * Otherwise the function returns RET_OK on success, KFAILURE on + * failure. + * + * The ticket file (TKT_FILE) is defined in "krb.h". + */ + +int +dest_tkt(void) +{ + char *file = TKT_FILE; + int i,fd; + struct stat statb; + char buf[BUFSIZ]; + + errno = 0; + if ( +#ifdef HAVE_LSTAT + lstat +#else + stat +#endif + (file, &statb) < 0) + goto out; + + if (!(statb.st_mode & S_IFREG) +#ifdef notdef + || statb.st_mode & 077 +#endif + ) + goto out; + + if ((fd = open(file, O_RDWR, 0)) < 0) + goto out; + + memset(buf, 0, BUFSIZ); + + for (i = 0; i < statb.st_size; i += sizeof(buf)) + if (write(fd, buf, sizeof(buf)) != sizeof(buf)) { + fsync(fd); + close(fd); + goto out; + } + + + fsync(fd); + close(fd); + + unlink(file); + +out: + if (errno == ENOENT) return RET_TKFIL; + else if (errno != 0) return KFAILURE; + return(KSUCCESS); +} diff --git a/crypto/kerberosIV/lib/krb/dllmain.c b/crypto/kerberosIV/lib/krb/dllmain.c new file mode 100644 index 0000000..e98b7dc --- /dev/null +++ b/crypto/kerberosIV/lib/krb/dllmain.c @@ -0,0 +1,128 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* dllmain.c - main function to krb4.dll + * Author: J Karlsson <d93-jka@nada.kth.se> + * Date: June 1996 + */ + +#include "krb_locl.h" +#include "ticket_memory.h" +#include <Windows.h> + +RCSID("$Id: dllmain.c,v 1.6 1997/05/02 14:29:13 assar Exp $"); + +void +msg(char *text, int error) +{ + char *buf; + + asprintf (&buf, "%s\nAn error of type: %d", text, error); + + MessageBox(GetActiveWindow(), + buf ? buf : "can't tell you", + "kerberos message", + MB_OK|MB_APPLMODAL); + free (buf); +} + +BOOL WINAPI +DllMain (HANDLE hInst, + ULONG reason, + LPVOID lpReserved) +{ + WORD wVersionRequested; + WSADATA wsaData; + PROCESS_INFORMATION p; + int err; + + switch(reason){ + case DLL_PROCESS_ATTACH: + wVersionRequested = MAKEWORD(1, 1); + err = WSAStartup(wVersionRequested, &wsaData); + if (err != 0) + { + /* Tell the user that we couldn't find a useable */ + /* winsock.dll. */ + msg("Cannot find winsock.dll", err); + return FALSE; + } + if(newTktMem(0) != KSUCCESS) + { + /* Tell the user that we couldn't alloc shared memory. */ + msg("Cannot allocate shared ticket memory", GetLastError()); + return FALSE; + } + if(GetLastError() != ERROR_ALREADY_EXISTS) + { + STARTUPINFO s = + { + sizeof(s), + 0, + 0, + 0, + 0,0, + 0,0, + 0,0, + 0, + 0, + 0, + 0,0, + 0,0,0}; + + s.dwFlags = STARTF_USESHOWWINDOW; + s.wShowWindow = SW_HIDE; + if(!CreateProcess(0,"krbmanager", + 0,0,FALSE,0,0, + 0,&s, &p)) + { + msg("Unable to create kerberos manager process.\n" + "Make sure krbmanager.exe is in your PATH.", + GetLastError()); + return FALSE; + } + } + break; + case DLL_PROCESS_DETACH: + freeTktMem(0); + WSACleanup(); + break; + } + + return TRUE; +} diff --git a/crypto/kerberosIV/lib/krb/encrypt_ktext.c b/crypto/kerberosIV/lib/krb/encrypt_ktext.c new file mode 100644 index 0000000..d97fcc7 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/encrypt_ktext.c @@ -0,0 +1,51 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: encrypt_ktext.c,v 1.4 1997/04/01 08:18:26 joda Exp $"); + +void +encrypt_ktext(KTEXT cip, des_cblock *key, int encrypt) +{ + des_key_schedule schedule; + des_set_key(key, schedule); + des_pcbc_encrypt((des_cblock*)cip->dat, (des_cblock*)cip->dat, + cip->length, schedule, key, encrypt); + memset(schedule, 0, sizeof(des_key_schedule)); +} diff --git a/crypto/kerberosIV/lib/krb/et_list.c b/crypto/kerberosIV/lib/krb/et_list.c new file mode 100644 index 0000000..69d1c89 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/et_list.c @@ -0,0 +1,74 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * This is a hack to resolve the reference to _et_list when making a + * shared library under Psoriasis and possibly other systems. Presumably + * they define __ELF__, some people say Linux does so. + */ + +#include "config.h" + +RCSID("$Id: et_list.c,v 1.12 1997/05/13 09:45:01 bg Exp $"); + +struct et_list { + struct et_list *next; + const struct error_table *table; +}; + +#if defined(__GNUC__) + +#ifdef __FreeBSD__ +asm(".globl __et_list"); /* FreeBSD bug workaround */ +#endif +struct et_list * _et_list __attribute__ ((weak)) = 0; + +#else /* !__GNUC__ */ + +#ifdef HAVE_PRAGMA_WEAK + +#pragma weak _et_list = __et_list +struct et_list * __et_list = 0; + +#else /* !HAVE_PRAGMA_WEAK */ + +struct et_list * _et_list = 0; + +#endif /* !HAVE_PRAGMA_WEAK */ + +#endif /* !__GNUC__ */ diff --git a/crypto/kerberosIV/lib/krb/get_ad_tkt.c b/crypto/kerberosIV/lib/krb/get_ad_tkt.c new file mode 100644 index 0000000..9590760 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_ad_tkt.c @@ -0,0 +1,190 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: get_ad_tkt.c,v 1.16 1997/05/30 17:43:34 bg Exp $"); + +/* + * get_ad_tkt obtains a new service ticket from Kerberos, using + * the ticket-granting ticket which must be in the ticket file. + * It is typically called by krb_mk_req() when the client side + * of an application is creating authentication information to be + * sent to the server side. + * + * get_ad_tkt takes four arguments: three pointers to strings which + * contain the name, instance, and realm of the service for which the + * ticket is to be obtained; and an integer indicating the desired + * lifetime of the ticket. + * + * It returns an error status if the ticket couldn't be obtained, + * or AD_OK if all went well. The ticket is stored in the ticket + * cache. + * + * The request sent to the Kerberos ticket-granting service looks + * like this: + * + * pkt->dat + * + * TEXT original contents of authenticator+ticket + * pkt->dat built in krb_mk_req call + * + * 4 bytes time_ws always 0 (?) + * char lifetime lifetime argument passed + * string service service name argument + * string sinstance service instance arg. + * + * See "prot.h" for the reply packet layout and definitions of the + * extraction macros like pkt_version(), pkt_msg_type(), etc. + */ + +int +get_ad_tkt(char *service, char *sinstance, char *realm, int lifetime) +{ + static KTEXT_ST pkt_st; + KTEXT pkt = & pkt_st; /* Packet to KDC */ + static KTEXT_ST rpkt_st; + KTEXT rpkt = &rpkt_st; /* Returned packet */ + + CREDENTIALS cr; + char lrealm[REALM_SZ]; + u_int32_t time_ws = 0; + int kerror; + unsigned char *p; + + /* + * First check if we have a "real" TGT for the corresponding + * realm, if we don't, use ordinary inter-realm authentication. + */ + + kerror = krb_get_cred(KRB_TICKET_GRANTING_TICKET, realm, realm, &cr); + if (kerror == KSUCCESS) + strncpy(lrealm, realm, REALM_SZ); + else + kerror = krb_get_tf_realm(TKT_FILE, lrealm); + + if (kerror != KSUCCESS) + return(kerror); + + /* + * Look for the session key (and other stuff we don't need) + * in the ticket file for krbtgt.realm@lrealm where "realm" + * is the service's realm (passed in "realm" argument) and + * lrealm is the realm of our initial ticket. If we don't + * have this, we will try to get it. + */ + + if ((kerror = krb_get_cred(KRB_TICKET_GRANTING_TICKET, + realm, lrealm, &cr)) != KSUCCESS) { + /* + * If realm == lrealm, we have no hope, so let's not even try. + */ + if ((strncmp(realm, lrealm, REALM_SZ)) == 0) + return(AD_NOTGT); + else{ + if ((kerror = + get_ad_tkt(KRB_TICKET_GRANTING_TICKET, + realm, lrealm, lifetime)) != KSUCCESS) + if (kerror == KDC_PR_UNKNOWN) + return(AD_INTR_RLM_NOTGT); + else + return(kerror); + if ((kerror = krb_get_cred(KRB_TICKET_GRANTING_TICKET, + realm, lrealm, &cr)) != KSUCCESS) + return(kerror); + } + } + + /* + * Make up a request packet to the "krbtgt.realm@lrealm". + * Start by calling krb_mk_req() which puts ticket+authenticator + * into "pkt". Then tack other stuff on the end. + */ + + kerror = krb_mk_req(pkt, + KRB_TICKET_GRANTING_TICKET, + realm,lrealm,0L); + + if (kerror) + return(AD_NOTGT); + + p = pkt->dat + pkt->length; + + p += krb_put_int(time_ws, p, 4); + p += krb_put_int(lifetime, p, 1); + p += krb_put_nir(service, sinstance, NULL, p); + + pkt->length = p - pkt->dat; + rpkt->length = 0; + + /* Send the request to the local ticket-granting server */ + if ((kerror = send_to_kdc(pkt, rpkt, realm))) return(kerror); + + /* check packet version of the returned packet */ + + { + KTEXT_ST cip; + CREDENTIALS cred; + struct timeval tv; + + kerror = kdc_reply_cipher(rpkt, &cip); + if(kerror != KSUCCESS) + return kerror; + + encrypt_ktext(&cip, &cr.session, DES_DECRYPT); + + kerror = kdc_reply_cred(&cip, &cred); + if(kerror != KSUCCESS) + return kerror; + + if (strcmp(cred.service, service) || strcmp(cred.instance, sinstance) || + strcmp(cred.realm, realm)) /* not what we asked for */ + return INTK_ERR; /* we need a better code here XXX */ + + gettimeofday(&tv, NULL); + if (abs((int)(tv.tv_sec - cred.issue_date)) > CLOCK_SKEW) { + return RD_AP_TIME; /* XXX should probably be better code */ + } + + + kerror = save_credentials(cred.service, cred.instance, cred.realm, + cred.session, cred.lifetime, cred.kvno, + &cred.ticket_st, tv.tv_sec); + return kerror; + } +} diff --git a/crypto/kerberosIV/lib/krb/get_cred.c b/crypto/kerberosIV/lib/krb/get_cred.c new file mode 100644 index 0000000..1a0016c --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_cred.c @@ -0,0 +1,70 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: get_cred.c,v 1.6 1997/05/30 17:38:29 bg Exp $"); + +/* + * krb_get_cred takes a service name, instance, and realm, and a + * structure of type CREDENTIALS to be filled in with ticket + * information. It then searches the ticket file for the appropriate + * ticket and fills in the structure with the corresponding + * information from the file. If successful, it returns KSUCCESS. + * On failure it returns a Kerberos error code. + */ + +int +krb_get_cred(char *service, /* Service name */ + char *instance, /* Instance */ + char *realm, /* Auth domain */ + CREDENTIALS *c) /* Credentials struct */ +{ + int tf_status; /* return value of tf function calls */ + CREDENTIALS cr; + + if (c == 0) + c = &cr; + + /* Open ticket file and lock it for shared reading */ + if ((tf_status = tf_init(TKT_FILE, R_TKT_FIL)) != KSUCCESS) + return(tf_status); + + /* Copy principal's name and instance into the CREDENTIALS struc c */ + + if ( (tf_status = tf_get_pname(c->pname)) != KSUCCESS || + (tf_status = tf_get_pinst(c->pinst)) != KSUCCESS ) + return (tf_status); + + /* Search for requested service credentials and copy into c */ + + while ((tf_status = tf_get_cred(c)) == KSUCCESS) { + if ((strcmp(c->service,service) == 0) && + (strcmp(c->instance,instance) == 0) && + (strcmp(c->realm,realm) == 0)) + break; + } + tf_close(); + + if (tf_status == EOF) + return (GC_NOTKT); + return(tf_status); +} diff --git a/crypto/kerberosIV/lib/krb/get_default_principal.c b/crypto/kerberosIV/lib/krb/get_default_principal.c new file mode 100644 index 0000000..3a111ea --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_default_principal.c @@ -0,0 +1,94 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: get_default_principal.c,v 1.10 1997/04/01 08:18:28 joda Exp $"); + +int +krb_get_default_principal(char *name, char *instance, char *realm) +{ + char *file; + int ret; + + char *p; + + if ((file = getenv("KRBTKFILE")) == NULL) + file = TKT_FILE; + + ret = krb_get_tf_fullname(file, name, instance, realm); + if(ret == KSUCCESS) + return 0; + + p = getenv("KRB4PRINCIPAL"); + if(p && kname_parse(name, instance, realm, p) == KSUCCESS) + return 1; + + +#ifdef HAVE_PWD_H + { + struct passwd *pw; + pw = getpwuid(getuid()); + if(pw == NULL){ + return -1; + } + + strcpy(name, pw->pw_name); + strcpy(instance, ""); + krb_get_lrealm(realm, 1); + + if(strcmp(name, "root") == 0){ + p = NULL; +#if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN) + p = getlogin(); +#endif + if(p == NULL) + p = getenv("USER"); + if(p == NULL) + p = getenv("LOGNAME"); + if(p){ + strncpy (name, p, ANAME_SZ); + name[ANAME_SZ - 1] = '\0'; + strcpy(instance, "root"); + } + } + return 1; + } +#endif + return -1; +} diff --git a/crypto/kerberosIV/lib/krb/get_host.c b/crypto/kerberosIV/lib/krb/get_host.c new file mode 100644 index 0000000..de80ac4 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_host.c @@ -0,0 +1,292 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: get_host.c,v 1.30 1997/05/02 14:29:13 assar Exp $"); + +static struct host_list { + struct krb_host *this; + struct host_list *next; +} *hosts; + +static int krb_port = 0; + +static void +free_hosts(struct host_list *h) +{ + struct host_list *t; + while(h){ + if(h->this->realm) + free(h->this->realm); + if(h->this->host) + free(h->this->host); + t = h; + h = h->next; + free(t); + } +} + +static int +parse_address(char *address, int *proto, char **host, int *port) +{ + char *p, *q; + p = strchr(address, '/'); + *proto = IPPROTO_UDP; + if(p){ + char prot[32]; + struct protoent *pp; + strncpy(prot, address, p - address); + prot[p - address] = 0; + if((pp = getprotobyname(prot))) + *proto = pp->p_proto; + else + krb_warning("Bad protocol name `%s', Using default `udp'.\n", + prot); + p++; + }else + p = address; + q = strchr(p, ':'); + if(q){ + *host = (char*)malloc(q - p + 1); + strncpy(*host, p, q - p); + (*host)[q - p] = 0; + q++; + { + struct servent *sp = getservbyname(q, NULL); + if(sp) + *port = ntohs(sp->s_port); + else + if(sscanf(q, "%d", port) != 1){ + krb_warning("Bad port specification `%s', using port %d.", + q, krb_port); + *port = krb_port; + } + } + }else{ + *host = strdup(p); + *port = krb_port; + } + return 0; +} + +static int +add_host(char *realm, char *address, int admin, int validate) +{ + struct krb_host *host; + struct host_list *p, **last = &hosts; + host = (struct krb_host*)malloc(sizeof(struct krb_host)); + parse_address(address, &host->proto, &host->host, &host->port); + if(validate && gethostbyname(host->host) == NULL){ + free(host->host); + free(host); + return 1; + } + host->admin = admin; + for(p = hosts; p; p = p->next){ + if(strcmp(realm, p->this->realm) == 0 && + strcmp(host->host, p->this->host) == 0 && + host->proto == p->this->proto && + host->port == p->this->port){ + free(host->host); + free(host); + return 1; + } + last = &p->next; + } + host->realm = strdup(realm); + p = (struct host_list*)malloc(sizeof(struct host_list)); + p->this = host; + p->next = NULL; + *last = p; + return 0; +} + + + +static int +read_file(const char *filename, const char *r) +{ + char line[1024]; + char realm[1024]; + char address[1024]; + char scratch[1024]; + int n; + int nhosts = 0; + + FILE *f = fopen(filename, "r"); + if(f == NULL) + return -1; + while(fgets(line, sizeof(line), f)){ + n = sscanf(line, "%s %s admin %s", realm, address, scratch); + if(n == 2 || n == 3){ + if(strcmp(realm, r)) + continue; + if(add_host(realm, address, n == 3, 0) == 0) + nhosts++; + } + } + fclose(f); + return nhosts; +} + +static int +init_hosts(char *realm) +{ + static const char *files[] = KRB_CNF_FILES; + int i; + char *dir = getenv("KRBCONFDIR"); + + krb_port = ntohs(k_getportbyname (KRB_SERVICE, NULL, htons(KRB_PORT))); + if(dir){ + char file[MaxPathLen]; + if(k_concat(file, sizeof(file), dir, "/krb.conf", NULL) == 0) + read_file(file, realm); + } + for(i = 0; files[i]; i++) + read_file(files[i], realm); + return 0; +} + +static void +srv_find_realm(char *realm, char *proto, char *service) +{ + char *domain; + struct dns_reply *r; + struct resource_record *rr; + + k_mconcat(&domain, 1024, service, ".", proto, ".", realm, ".", NULL); + + if(domain == NULL) + return; + + r = dns_lookup(domain, "srv"); + if(r == NULL) + r = dns_lookup(domain, "txt"); + if(r == NULL){ + free(domain); + return; + } + for(rr = r->head; rr; rr = rr->next){ + if(rr->type == T_SRV){ + char buf[1024]; + + if (snprintf (buf, + sizeof(buf), + "%s/%s:%u", + proto, + rr->u.srv->target, + rr->u.srv->port) < sizeof(buf)) + add_host(realm, buf, 0, 0); + }else if(rr->type == T_TXT) + add_host(realm, rr->u.txt, 0, 0); + } + dns_free_data(r); + free(domain); +} + +struct krb_host* +krb_get_host(int nth, char *realm, int admin) +{ + struct host_list *p; + static char orealm[REALM_SZ]; + if(orealm[0] == 0 || strcmp(realm, orealm)){ + /* quick optimization */ + if(realm && realm[0]){ + strncpy(orealm, realm, sizeof(orealm) - 1); + orealm[sizeof(orealm) - 1] = 0; + }else{ + int ret = krb_get_lrealm(orealm, 1); + if(ret != KSUCCESS) + return NULL; + } + + if(hosts){ + free_hosts(hosts); + hosts = NULL; + } + + init_hosts(orealm); + + srv_find_realm(orealm, "udp", KRB_SERVICE); + srv_find_realm(orealm, "tcp", KRB_SERVICE); + + { + /* XXX this assumes no one has more than 99999 kerberos + servers */ + char host[REALM_SZ + sizeof("kerberos-XXXXX..")]; + int i = 0; + sprintf(host, "kerberos.%s.", orealm); + add_host(orealm, host, 1, 1); + do{ + i++; + sprintf(host, "kerberos-%d.%s.", i, orealm); + }while(i < 100000 && add_host(orealm, host, 0, 1) == 0); + } + } + + for(p = hosts; p; p = p->next){ + if(strcmp(orealm, p->this->realm) == 0 && + (!admin || p->this->admin)) + if(nth == 1) + return p->this; + else + nth--; + } + return NULL; +} + +int +krb_get_krbhst(char *host, char *realm, int nth) +{ + struct krb_host *p = krb_get_host(nth, realm, 0); + if(p == NULL) + return KFAILURE; + strcpy(host, p->host); + return KSUCCESS; +} + +int +krb_get_admhst(char *host, char *realm, int nth) +{ + struct krb_host *p = krb_get_host(nth, realm, 1); + if(p == NULL) + return KFAILURE; + strcpy(host, p->host); + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/get_in_tkt.c b/crypto/kerberosIV/lib/krb/get_in_tkt.c new file mode 100644 index 0000000..435632a --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_in_tkt.c @@ -0,0 +1,99 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: get_in_tkt.c,v 1.15 1997/03/23 03:53:08 joda Exp $"); + +/* + * This file contains three routines: passwd_to_key() and + * passwd_to_afskey() converts a password into a DES key, using the + * normal strinttokey and the AFS one, respectively, and + * krb_get_pw_in_tkt() gets an initial ticket for a user. + */ + +/* + * passwd_to_key() and passwd_to_afskey: given a password, return a DES key. + */ + +int +passwd_to_key(char *user, char *instance, char *realm, void *passwd, + des_cblock *key) +{ +#ifndef NOENCRYPTION + des_string_to_key((char *)passwd, key); +#endif + return 0; +} + + +int +passwd_to_afskey(char *user, char *instance, char *realm, void *passwd, + des_cblock *key) +{ +#ifndef NOENCRYPTION + afs_string_to_key((char *)passwd, realm, key); +#endif + return (0); +} + +/* + * krb_get_pw_in_tkt() takes the name of the server for which the initial + * ticket is to be obtained, the name of the principal the ticket is + * for, the desired lifetime of the ticket, and the user's password. + * It passes its arguments on to krb_get_in_tkt(), which contacts + * Kerberos to get the ticket, decrypts it using the password provided, + * and stores it away for future use. + * + * krb_get_pw_in_tkt() passes two additional arguments to krb_get_in_tkt(): + * the name of a routine (passwd_to_key()) to be used to get the + * password in case the "password" argument is null and NULL for the + * decryption procedure indicating that krb_get_in_tkt should use the + * default method of decrypting the response from the KDC. + * + * The result of the call to krb_get_in_tkt() is returned. + */ + +int +krb_get_pw_in_tkt(char *user, char *instance, char *realm, char *service, + char *sinstance, int life, char *password) +{ + char pword[100]; /* storage for the password */ + int code; + + /* Only request password once! */ + if (!password) { + if (des_read_pw_string(pword, sizeof(pword)-1, "Password: ", 0)){ + memset(pword, 0, sizeof(pword)); + return INTK_BADPW; + } + password = pword; + } + + code = krb_get_in_tkt(user,instance,realm,service,sinstance,life, + passwd_to_key, NULL, password); + if (code == INTK_BADPW) + code = krb_get_in_tkt(user,instance,realm,service,sinstance,life, + passwd_to_afskey, NULL, password); + if (password == pword) + memset(pword, 0, sizeof(pword)); + return(code); +} diff --git a/crypto/kerberosIV/lib/krb/get_krbrlm.c b/crypto/kerberosIV/lib/krb/get_krbrlm.c new file mode 100644 index 0000000..8c5b0c9 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_krbrlm.c @@ -0,0 +1,116 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: get_krbrlm.c,v 1.16 1997/05/02 01:26:22 assar Exp $"); + +/* + * krb_get_lrealm takes a pointer to a string, and a number, n. It fills + * in the string, r, with the name of the nth realm specified on the + * first line of the kerberos config file (KRB_CONF, defined in "krb.h"). + * It returns 0 (KSUCCESS) on success, and KFAILURE on failure. If the + * config file does not exist, and if n=1, a successful return will occur + * with r = KRB_REALM (also defined in "krb.h"). + * + * NOTE: for archaic & compatibility reasons, this routine will only return + * valid results when n = 1. + * + * For the format of the KRB_CONF file, see comments describing the routine + * krb_get_krbhst(). + */ + +static int +krb_get_lrealm_f(char *r, int n, const char *fname) +{ + FILE *f; + int ret = KFAILURE; + f = fopen(fname, "r"); + if(f){ + char buf[REALM_SZ]; + if(fgets(buf, sizeof(buf), f)){ + char *p = buf + strspn(buf, " \t"); + p[strcspn(p, " \t\r\n")] = 0; + p[REALM_SZ - 1] = 0; + strcpy(r, p); + ret = KSUCCESS; + } + fclose(f); + } + return ret; +} + +int +krb_get_lrealm(char *r, int n) +{ + static const char *const files[] = KRB_CNF_FILES; + int i; + + const char *dir = getenv("KRBCONFDIR"); + + if (n > 1) + return(KFAILURE); /* Temporary restriction */ + + /* First try user specified file */ + if (dir != 0) { + char fname[MaxPathLen]; + if(k_concat(fname, sizeof(fname), dir, "/krb.conf", NULL) == 0) + if (krb_get_lrealm_f(r, n, fname) == KSUCCESS) + return KSUCCESS; + } + + for (i = 0; files[i] != 0; i++) + if (krb_get_lrealm_f(r, n, files[i]) == KSUCCESS) + return KSUCCESS; + + /* If nothing else works try LOCALDOMAIN, if it exists */ + if (n == 1) + { + char *t, hostname[MaxHostNameLen]; + k_gethostname(hostname, sizeof(hostname)); + t = krb_realmofhost(hostname); + if (t) { + strcpy (r, t); + return KSUCCESS; + } + t = strchr(hostname, '.'); + if (t == 0) + return KFAILURE; /* No domain part, you loose */ + + t++; /* Skip leading dot and upcase the rest */ + for (; *t; t++, r++) + *r = toupper(*t); + *r = 0; + return(KSUCCESS); + } + else + return(KFAILURE); +} + +/* For SunOS5 compat. */ +char * +krb_get_default_realm(void) +{ + static char local_realm[REALM_SZ]; /* local kerberos realm */ + if (krb_get_lrealm(local_realm, 1) != KSUCCESS) + strcpy(local_realm, "NO.DEFAULT.REALM"); + return local_realm; +} diff --git a/crypto/kerberosIV/lib/krb/get_svc_in_tkt.c b/crypto/kerberosIV/lib/krb/get_svc_in_tkt.c new file mode 100644 index 0000000..c290524 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_svc_in_tkt.c @@ -0,0 +1,76 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: get_svc_in_tkt.c,v 1.8 1997/03/23 03:53:09 joda Exp $"); + +/* + * This file contains two routines: srvtab_to_key(), which gets + * a server's key from a srvtab file, and krb_get_svc_in_tkt() which + * gets an initial ticket for a server. + */ + +/* + * srvtab_to_key(): given a "srvtab" file (where the keys for the + * service on a host are stored), return the private key of the + * given service (user.instance@realm). + * + * srvtab_to_key() passes its arguments on to read_service_key(), + * plus one additional argument, the key version number. + * (Currently, the key version number is always 0; this value + * is treated as a wildcard by read_service_key().) + * + * If the "srvtab" argument is null, KEYFILE (defined in "krb.h") + * is passed in its place. + * + * It returns the return value of the read_service_key() call. + * The service key is placed in "key". + */ + +int +srvtab_to_key(char *user, char *instance, char *realm, void *srvtab, + des_cblock *key) +{ + if (!srvtab) + srvtab = KEYFILE; + + return(read_service_key(user, instance, realm, 0, (char *)srvtab, + (char *)key)); +} + +/* + * krb_get_svc_in_tkt() passes its arguments on to krb_get_in_tkt(), + * plus two additional arguments: a pointer to the srvtab_to_key() + * function to be used to get the key from the key file and a NULL + * for the decryption procedure indicating that krb_get_in_tkt should + * use the default method of decrypting the response from the KDC. + * + * It returns the return value of the krb_get_in_tkt() call. + */ + +int +krb_get_svc_in_tkt(char *user, char *instance, char *realm, char *service, + char *sinstance, int life, char *srvtab) +{ + return(krb_get_in_tkt(user, instance, realm, service, sinstance, + life, srvtab_to_key, NULL, srvtab)); +} diff --git a/crypto/kerberosIV/lib/krb/get_tf_fullname.c b/crypto/kerberosIV/lib/krb/get_tf_fullname.c new file mode 100644 index 0000000..33733d0 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_tf_fullname.c @@ -0,0 +1,70 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: get_tf_fullname.c,v 1.6 1997/03/23 03:53:10 joda Exp $"); + +/* + * This file contains a routine to extract the fullname of a user + * from the ticket file. + */ + +/* + * krb_get_tf_fullname() takes four arguments: the name of the + * ticket file, and variables for name, instance, and realm to be + * returned in. Since the realm of a ticket file is not really fully + * supported, the realm used will be that of the the first ticket in + * the file as this is the one that was obtained with a password by + * krb_get_in_tkt(). + */ + +int +krb_get_tf_fullname(char *ticket_file, char *name, char *instance, char *realm) +{ + int tf_status; + CREDENTIALS c; + + if ((tf_status = tf_init(ticket_file, R_TKT_FIL)) != KSUCCESS) + return(tf_status); + + if (((tf_status = tf_get_pname(c.pname)) != KSUCCESS) || + ((tf_status = tf_get_pinst(c.pinst)) != KSUCCESS)) + return (tf_status); + + if (name) + strcpy(name, c.pname); + if (instance) + strcpy(instance, c.pinst); + if ((tf_status = tf_get_cred(&c)) == KSUCCESS) { + if (realm) + strcpy(realm, c.realm); + } + else { + if (tf_status == EOF) + return(KFAILURE); + else + return(tf_status); + } + tf_close(); + + return(tf_status); +} diff --git a/crypto/kerberosIV/lib/krb/get_tf_realm.c b/crypto/kerberosIV/lib/krb/get_tf_realm.c new file mode 100644 index 0000000..1a3c7d1 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_tf_realm.c @@ -0,0 +1,41 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: get_tf_realm.c,v 1.5 1997/03/23 03:53:10 joda Exp $"); + +/* + * This file contains a routine to extract the realm of a kerberos + * ticket file. + */ + +/* + * krb_get_tf_realm() takes two arguments: the name of a ticket + * and a variable to store the name of the realm in. + * + */ + +int +krb_get_tf_realm(char *ticket_file, char *realm) +{ + return(krb_get_tf_fullname(ticket_file, 0, 0, realm)); +} diff --git a/crypto/kerberosIV/lib/krb/getaddrs.c b/crypto/kerberosIV/lib/krb/getaddrs.c new file mode 100644 index 0000000..d25ec1b --- /dev/null +++ b/crypto/kerberosIV/lib/krb/getaddrs.c @@ -0,0 +1,130 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: getaddrs.c,v 1.19 1997/04/01 08:18:29 joda Exp $"); + +#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4 +#include <sys/ioctl.h> +#endif +#ifdef HAVE_NET_IF_H +#include <net/if.h> +#endif + +#ifdef HAVE_SYS_SOCKIO_H +#include <sys/sockio.h> +#endif /* HAVE_SYS_SOCKIO_H */ + +/* + * Return number and list of all local adresses. + */ + +int +k_get_all_addrs (struct in_addr **l) +{ +#if !defined(SIOCGIFCONF) || !defined(SIOCGIFFLAGS) || !defined(SIOCGIFADDR) + char name[MaxHostNameLen]; + struct hostent *he; + + if (k_gethostname(name, sizeof(name)) < 0) + return -1; + he = gethostbyname (name); + if (he == NULL) + return -1; + *l = malloc(sizeof(**l)); + if (*l == NULL) + return -1; + memcpy (*l, he->h_addr_list[0], sizeof(*l)); + return 1; +#else + int fd; + char buf[BUFSIZ]; + struct ifreq ifreq; + struct ifconf ifconf; + int num, j; + char *p; + + fd = socket(AF_INET, SOCK_DGRAM, 0); + if (fd < 0) + return -1; + + ifconf.ifc_len = sizeof(buf); + ifconf.ifc_buf = buf; + if(ioctl(fd, SIOCGIFCONF, &ifconf) < 0) + return -1; + num = ifconf.ifc_len / sizeof(struct ifreq); + *l = malloc(num * sizeof(struct in_addr)); + if(*l == NULL) { + close (fd); + return -1; + } + + j = 0; + ifreq.ifr_name[0] = '\0'; + for (p = ifconf.ifc_buf; p < ifconf.ifc_buf + ifconf.ifc_len;) { + struct ifreq *ifr = (struct ifreq *)p; +#ifdef SOCKADDR_HAS_SA_LEN + size_t sz = sizeof(ifr->ifr_name) + ifr->ifr_addr.sa_len; +#else + size_t sz = sizeof(*ifr); +#endif + if(strncmp(ifreq.ifr_name, ifr->ifr_name, sizeof(ifr->ifr_name))) { + if(ioctl(fd, SIOCGIFFLAGS, ifr) < 0) { + close (fd); + free (*l); + return -1; + } + if (ifr->ifr_flags & IFF_UP) { + if(ioctl(fd, SIOCGIFADDR, ifr) < 0) { + close (fd); + free (*l); + return -1; + } + (*l)[j++] = ((struct sockaddr_in *)&ifr->ifr_addr)->sin_addr; + } + ifreq = *ifr; + } + p = p + sz; + } + if (j != num) + *l = realloc (*l, j * sizeof(struct in_addr)); + close (fd); + return j; +#endif /* SIOCGIFCONF */ +} diff --git a/crypto/kerberosIV/lib/krb/getrealm.c b/crypto/kerberosIV/lib/krb/getrealm.c new file mode 100644 index 0000000..05dfdab --- /dev/null +++ b/crypto/kerberosIV/lib/krb/getrealm.c @@ -0,0 +1,184 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: getrealm.c,v 1.25 1997/05/02 14:29:14 assar Exp $"); + +#define MATCH_SUBDOMAINS 0 + +/* + * krb_realmofhost. + * Given a fully-qualified domain-style primary host name, + * return the name of the Kerberos realm for the host. + * If the hostname contains no discernable domain, or an error occurs, + * return the local realm name, as supplied by get_krbrlm(). + * If the hostname contains a domain, but no translation is found, + * the hostname's domain is converted to upper-case and returned. + * + * The format of each line of the translation file is: + * domain_name kerberos_realm + * -or- + * host_name kerberos_realm + * + * domain_name should be of the form .XXX.YYY (e.g. .LCS.MIT.EDU) + * host names should be in the usual form (e.g. FOO.BAR.BAZ) + */ + +/* To automagically find the correct realm of a host (without + * krb.realms) add a text record for your domain with the name of your + * realm, like this: + * + * krb4-realm IN TXT FOO.SE + * + * The search is recursive, so you can also add entries for specific + * hosts. To find the realm of host a.b.c, it first tries + * krb4-realm.a.b.c, then krb4-realm.b.c and so on. + */ + +static int +dns_find_realm(char *hostname, char *realm) +{ + char domain[MaxHostNameLen + sizeof("krb4-realm..")]; + char *p; + int level = 0; + struct dns_reply *r; + + p = hostname; + + while(1){ + snprintf(domain, sizeof(domain), "krb4-realm.%s.", p); + r = dns_lookup(domain, "TXT"); + if(r){ + struct resource_record *rr = r->head; + while(rr){ + if(rr->type == T_TXT){ + strncpy(realm, rr->u.txt, REALM_SZ); + realm[REALM_SZ - 1] = 0; + dns_free_data(r); + return level; + } + rr = rr->next; + } + dns_free_data(r); + } + level++; + p = strchr(p, '.'); + if(p == NULL) + break; + p++; + } + return -1; +} + + +static FILE * +open_krb_realms(void) +{ + static const char *const files[] = KRB_RLM_FILES; + FILE *res; + int i; + + const char *dir = getenv("KRBCONFDIR"); + + /* First try user specified file */ + if (dir != 0) { + char fname[MaxPathLen]; + + if(k_concat(fname, sizeof(fname), dir, "/krb.realms", NULL) == 0) + if ((res = fopen(fname, "r")) != NULL) + return res; + } + + for (i = 0; files[i] != 0; i++) + if ((res = fopen(files[i], "r")) != NULL) + return res; + + return NULL; +} + +char * +krb_realmofhost(const char *host) +{ + static char ret_realm[REALM_SZ]; + char *domain; + FILE *trans_file; + char trans_host[MaxHostNameLen]; + char trans_realm[REALM_SZ]; + char buf[1024]; + + char phost[MaxHostNameLen]; + + krb_name_to_name(host, phost, sizeof(phost)); + + domain = strchr(phost, '.'); + + /* prepare default */ + if(dns_find_realm(phost, ret_realm) < 0){ + if (domain) { + char *cp; + + strncpy(ret_realm, &domain[1], REALM_SZ); + ret_realm[REALM_SZ - 1] = 0; + /* Upper-case realm */ + for (cp = ret_realm; *cp; cp++) + *cp = toupper(*cp); + } else { + krb_get_lrealm(ret_realm, 1); + } + } + + if ((trans_file = open_krb_realms()) == NULL) + return(ret_realm); /* krb_errno = KRB_NO_TRANS */ + + while (fgets(buf, sizeof(buf), trans_file)) { + char *save = NULL; + char *tok = strtok_r(buf, " \t\r\n", &save); + if(tok == NULL) + continue; + strncpy(trans_host, tok, MaxHostNameLen); + trans_host[MaxHostNameLen - 1] = 0; + tok = strtok_r(NULL, " \t\r\n", &save); + if(tok == NULL) + continue; + strcpy(trans_realm, tok); + trans_realm[REALM_SZ - 1] = 0; + if (!strcasecmp(trans_host, phost)) { + /* exact match of hostname, so return the realm */ + strcpy(ret_realm, trans_realm); + fclose(trans_file); + return(ret_realm); + } + if ((trans_host[0] == '.') && domain) { + char *cp = domain; + do { + if(strcasecmp(trans_host, domain) == 0){ + /* domain match, save for later */ + strcpy(ret_realm, trans_realm); + break; + } + cp = strchr(cp + 1, '.'); + } while(MATCH_SUBDOMAINS && cp); + } + } + fclose(trans_file); + return ret_realm; +} diff --git a/crypto/kerberosIV/lib/krb/getst.c b/crypto/kerberosIV/lib/krb/getst.c new file mode 100644 index 0000000..de99962 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/getst.c @@ -0,0 +1,45 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: getst.c,v 1.6 1997/03/23 03:53:11 joda Exp $"); + +/* + * getst() takes a file descriptor, a string and a count. It reads + * from the file until either it has read "count" characters, or until + * it reads a null byte. When finished, what has been read exists in + * the given string "s". If "count" characters were actually read, the + * last is changed to a null, so the returned string is always null- + * terminated. getst() returns the number of characters read, including + * the null terminator. + */ + +int +getst(int fd, char *s, int n) +{ + int count = n; + while (read(fd, s, 1) > 0 && --count) + if (*s++ == '\0') + return (n - count); + *s = '\0'; + return (n - count); +} diff --git a/crypto/kerberosIV/lib/krb/gettimeofday.c b/crypto/kerberosIV/lib/krb/gettimeofday.c new file mode 100644 index 0000000..734ca59 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/gettimeofday.c @@ -0,0 +1,56 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" +RCSID("$Id: gettimeofday.c,v 1.5 1997/04/01 08:18:29 joda Exp $"); + +#ifndef HAVE_GETTIMEOFDAY +/* + * Simple gettimeofday that only returns seconds. + */ +int +gettimeofday (struct timeval *tp, void *ignore) +{ + time_t t; + + t = time(NULL); + tp->tv_sec = t; + tp->tv_usec = 0; + return 0; +} +#endif diff --git a/crypto/kerberosIV/lib/krb/k_concat.c b/crypto/kerberosIV/lib/krb/k_concat.c new file mode 100644 index 0000000..e7daa5f --- /dev/null +++ b/crypto/kerberosIV/lib/krb/k_concat.c @@ -0,0 +1,116 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: k_concat.c,v 1.5 1997/05/02 08:56:39 joda Exp $"); + +int +k_concat (char *s, size_t len, ...) +{ + int ret; + va_list args; + + va_start(args, len); + ret = k_vconcat (s, len, args); + va_end(args); + return ret; +} + +int +k_vconcat (char *s, size_t len, va_list args) +{ + const char *a; + + while ((a = va_arg(args, const char*))) { + size_t n = strlen (a); + + if (n >= len) + return -1; + strncpy (s, a, n); + s += n; + len -= n; + } + *s = '\0'; + return 0; +} + +size_t +k_vmconcat (char **s, size_t max_len, va_list args) +{ + const char *a; + char *p, *q; + size_t len = 0; + *s = NULL; + p = malloc(1); + if(p == NULL) + return 0; + *p = 0; + len = 1; + while ((a = va_arg(args, const char*))) { + size_t n = strlen (a); + + if(max_len && len + n > max_len){ + free(p); + return 0; + } + q = realloc(p, len + n); + if(q == NULL){ + free(p); + return 0; + } + p = q; + len += n; + strcat(p, a); + } + *s = p; + return len; +} + +size_t +k_mconcat (char **s, size_t max_len, ...) +{ + int ret; + va_list args; + + va_start(args, max_len); + ret = k_vmconcat (s, max_len, args); + va_end(args); + return ret; +} + diff --git a/crypto/kerberosIV/lib/krb/k_flock.c b/crypto/kerberosIV/lib/krb/k_flock.c new file mode 100644 index 0000000..844c34c --- /dev/null +++ b/crypto/kerberosIV/lib/krb/k_flock.c @@ -0,0 +1,95 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: k_flock.c,v 1.8 1997/04/01 08:18:30 joda Exp $"); + +#define K_OP_MASK (K_LOCK_SH | K_LOCK_EX | K_LOCK_UN) + +int +k_flock(int fd, int operation) +{ +#ifdef HAVE_FLOCK + int op = 0; + if (operation & K_LOCK_SH) + op |= LOCK_SH; + if (operation & K_LOCK_EX) + op |= LOCK_EX; + if (operation & K_LOCK_UN) + op |= LOCK_UN; + if (operation & K_LOCK_NB) + op |= LOCK_NB; + + return flock(fd, op); +#elif defined(HAVE_FCNTL) && defined(F_SETLK) + struct flock arg; + int code, cmd; + + arg.l_whence = SEEK_SET; + arg.l_start = 0; + arg.l_len = 0; /* means to EOF */ + + if (operation & K_LOCK_NB) + cmd = F_SETLK; + else + cmd = F_SETLKW; /* Blocking */ + + switch (operation & K_OP_MASK) { + case K_LOCK_UN: + arg.l_type = F_UNLCK; + code = fcntl(fd, F_SETLK, &arg); + break; + case K_LOCK_SH: + arg.l_type = F_RDLCK; + code = fcntl(fd, cmd, &arg); + break; + case K_LOCK_EX: + arg.l_type = F_WRLCK; + code = fcntl(fd, cmd, &arg); + break; + default: + errno = EINVAL; + code = -1; + break; + } + return code; +#else + return -1; +#endif /* !HAVE_FLOCK */ +} diff --git a/crypto/kerberosIV/lib/krb/k_gethostname.c b/crypto/kerberosIV/lib/krb/k_gethostname.c new file mode 100644 index 0000000..0f4d57f --- /dev/null +++ b/crypto/kerberosIV/lib/krb/k_gethostname.c @@ -0,0 +1,58 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" +RCSID("$Id: k_gethostname.c,v 1.10 1997/03/23 03:53:12 joda Exp $"); + +#ifdef HAVE_SYS_UTSNAME_H +#include <sys/utsname.h> +#endif + +/* + * Return the local host's name in "name", up to "namelen" characters. + * "name" will be null-terminated if "namelen" is big enough. + * The return code is 0 on success, -1 on failure. (The calling + * interface is identical to gethostname(2).) + */ + +int +k_gethostname(char *name, int namelen) +{ +#if defined(HAVE_GETHOSTNAME) + return gethostname(name, namelen); +#elif defined(HAVE_UNAME) + { + struct utsname utsname; + int ret; + + ret = uname (&utsname); + if (ret < 0) + return ret; + strncpy (name, utsname.nodename, namelen); + name[namelen-1] = '\0'; + return 0; + } +#else + strncpy (name, "some.random.host", namelen); + name[namelen-1] = '\0'; + return 0; +#endif +} diff --git a/crypto/kerberosIV/lib/krb/k_getport.c b/crypto/kerberosIV/lib/krb/k_getport.c new file mode 100644 index 0000000..c5f9f15 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/k_getport.c @@ -0,0 +1,57 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: k_getport.c,v 1.10 1997/04/01 08:18:30 joda Exp $"); + +int +k_getportbyname (const char *service, const char *proto, int default_port) +{ +#ifdef HAVE_GETSERVBYNAME + struct servent *sp; + + sp = getservbyname(service, proto); + if(sp != NULL) + return sp->s_port; + + krb_warning ("%s/%s unknown service, using default port %d\n", + service, proto ? proto : "*", ntohs(default_port)); +#endif + return default_port; +} diff --git a/crypto/kerberosIV/lib/krb/k_getsockinst.c b/crypto/kerberosIV/lib/krb/k_getsockinst.c new file mode 100644 index 0000000..04676b1 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/k_getsockinst.c @@ -0,0 +1,73 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: k_getsockinst.c,v 1.10 1997/05/02 14:29:17 assar Exp $"); + +/* + * Return in inst the name of the local interface bound to socket + * fd. On Failure return the 'wildcard' instance "*". + */ + +int +k_getsockinst(int fd, char *inst, size_t inst_size) +{ + struct sockaddr_in addr; + int len = sizeof(addr); + struct hostent *hnam; + + if (getsockname(fd, (struct sockaddr *)&addr, &len) < 0) + goto fail; + + hnam = gethostbyaddr((char *)&addr.sin_addr, + sizeof(addr.sin_addr), + addr.sin_family); + if (hnam == 0) + goto fail; + + strncpy (inst, hnam->h_name, inst_size); + inst[inst_size - 1] = '\0'; + k_ricercar(inst); /* Canonicalize name */ + return 0; /* Success */ + + fail: + inst[0] = '*'; + inst[1] = 0; + return -1; +} diff --git a/crypto/kerberosIV/lib/krb/k_localtime.c b/crypto/kerberosIV/lib/krb/k_localtime.c new file mode 100644 index 0000000..a6ffb9b --- /dev/null +++ b/crypto/kerberosIV/lib/krb/k_localtime.c @@ -0,0 +1,48 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: k_localtime.c,v 1.7 1997/04/01 08:18:31 joda Exp $"); + +struct tm *k_localtime(u_int32_t *tp) +{ + time_t t; + t = *tp; + return localtime(&t); +} diff --git a/crypto/kerberosIV/lib/krb/kdc_reply.c b/crypto/kerberosIV/lib/krb/kdc_reply.c new file mode 100644 index 0000000..aa012e0 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/kdc_reply.c @@ -0,0 +1,131 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: kdc_reply.c,v 1.9 1997/04/15 21:52:14 assar Exp $"); + +static int little_endian; /* XXX ugly */ + +int +kdc_reply_cred(KTEXT cip, CREDENTIALS *cred) +{ + unsigned char *p = cip->dat; + + memcpy(cred->session, p, 8); + p += 8; + + if(p + strlen((char*)p) > cip->dat + cip->length) + return INTK_BADPW; + p += krb_get_string(p, cred->service); + + if(p + strlen((char*)p) > cip->dat + cip->length) + return INTK_BADPW; + p += krb_get_string(p, cred->instance); + + if(p + strlen((char*)p) > cip->dat + cip->length) + return INTK_BADPW; + p += krb_get_string(p, cred->realm); + + if(p + 3 > cip->dat + cip->length) + return INTK_BADPW; + cred->lifetime = *p++; + cred->kvno = *p++; + cred->ticket_st.length = *p++; + + if(p + cred->ticket_st.length + 4 > cip->dat + cip->length) + return INTK_BADPW; + memcpy(cred->ticket_st.dat, p, cred->ticket_st.length); + p += cred->ticket_st.length; + + p += krb_get_int(p, (u_int32_t *)&cred->issue_date, 4, little_endian); + + return KSUCCESS; +} + +int +kdc_reply_cipher(KTEXT reply, KTEXT cip) +{ + unsigned char *p; + unsigned char pvno; + unsigned char type; + + char aname[ANAME_SZ]; + char inst[INST_SZ]; + char realm[REALM_SZ]; + + u_int32_t kdc_time; + u_int32_t exp_date; + u_int32_t clen; + + p = reply->dat; + + pvno = *p++; + + if (pvno != KRB_PROT_VERSION ) + return INTK_PROT; + + type = *p++; + little_endian = type & 1; + + type &= ~1; + + if(type == AUTH_MSG_ERR_REPLY){ + u_int32_t code; + p += strlen((char*)p) + 1; /* name */ + p += strlen((char*)p) + 1; /* instance */ + p += strlen((char*)p) + 1; /* realm */ + p += 4; /* time */ + p += krb_get_int(p, &code, 4, little_endian); + return code; + } + if(type != AUTH_MSG_KDC_REPLY) + return INTK_PROT; + + p += krb_get_nir(p, aname, inst, realm); + p += krb_get_int(p, &kdc_time, 4, little_endian); + p++; /* number of tickets */ + p += krb_get_int(p, &exp_date, 4, little_endian); + p++; /* master key version number */ + p += krb_get_int(p, &clen, 2, little_endian); + cip->length = clen; + memcpy(cip->dat, p, clen); + p += clen; + + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/klog.h b/crypto/kerberosIV/lib/krb/klog.h new file mode 100644 index 0000000..cee92d9 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/klog.h @@ -0,0 +1,47 @@ +/* + * $Id: klog.h,v 1.5 1997/05/11 11:05:28 assar Exp $ + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * This file defines the types of log messages logged by klog. Each + * type of message may be selectively turned on or off. + */ + +#ifndef KLOG_DEFS +#define KLOG_DEFS + +#ifndef KRBLOG +#define KRBLOG "/var/log/kerberos.log" /* master server */ +#endif +#ifndef KRBSLAVELOG +#define KRBSLAVELOG "/var/log/kerberos_slave.log" /* slave server */ +#endif +#define NLOGTYPE 100 /* Maximum number of log msg types */ + +#define L_NET_ERR 1 /* Error in network code */ +#define L_NET_INFO 2 /* Info on network activity */ +#define L_KRB_PERR 3 /* Kerberos protocol errors */ +#define L_KRB_PINFO 4 /* Kerberos protocol info */ +#define L_INI_REQ 5 /* Request for initial ticket */ +#define L_NTGT_INTK 6 /* Initial request not for TGT */ +#define L_DEATH_REQ 7 /* Request for server death */ +#define L_TKT_REQ 8 /* All ticket requests using a tgt */ +#define L_ERR_SEXP 9 /* Service expired */ +#define L_ERR_MKV 10 /* Master key version incorrect */ +#define L_ERR_NKY 11 /* User's key is null */ +#define L_ERR_NUN 12 /* Principal not unique */ +#define L_ERR_UNK 13 /* Principal Unknown */ +#define L_ALL_REQ 14 /* All requests */ +#define L_APPL_REQ 15 /* Application requests (using tgt) */ +#define L_KRB_PWARN 16 /* Protocol warning messages */ + +char * klog __P((int type, const char *format, ...)) +#ifdef __GNUC__ +__attribute__ ((format (printf, 2, 3))) +#endif +; + +#endif /* KLOG_DEFS */ diff --git a/crypto/kerberosIV/lib/krb/kntoln.c b/crypto/kerberosIV/lib/krb/kntoln.c new file mode 100644 index 0000000..88b8b25 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/kntoln.c @@ -0,0 +1,180 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +/* + * krb_kntoln converts an auth name into a local name by looking up + * the auth name in the /etc/aname file. The format of the aname + * file is: + * + * +-----+-----+-----+-----+------+----------+-------+-------+ + * | anl | inl | rll | lnl | name | instance | realm | lname | + * +-----+-----+-----+-----+------+----------+-------+-------+ + * | 1by | 1by | 1by | 1by | name | instance | realm | lname | + * +-----+-----+-----+-----+------+----------+-------+-------+ + * + * If the /etc/aname file can not be opened it will set the + * local name to the auth name. Thus, in this case it performs as + * the identity function. + * + * The name instance and realm are passed to krb_kntoln through + * the AUTH_DAT structure (ad). + * + * Now here's what it *really* does: + * + * Given a Kerberos name in an AUTH_DAT structure, check that the + * instance is null, and that the realm is the same as the local + * realm, and return the principal's name in "lname". Return + * KSUCCESS if all goes well, otherwise KFAILURE. + */ + +#include "krb_locl.h" + +RCSID("$Id: kntoln.c,v 1.7 1997/03/23 03:53:12 joda Exp $"); + +int +krb_kntoln(AUTH_DAT *ad, char *lname) +{ + static char lrealm[REALM_SZ] = ""; + + if (!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE)) + return(KFAILURE); + + if (strcmp(ad->pinst, "")) + return(KFAILURE); + if (strcmp(ad->prealm, lrealm)) + return(KFAILURE); + strcpy(lname, ad->pname); + return(KSUCCESS); +} + +#if 0 +/* Posted to usenet by "Derrick J. Brashear" <shadow+@andrew.cmu.edu> */ + +#include <krb.h> +#include <ndbm.h> +#include <stdio.h> +#include <sys/file.h> +#include <strings.h> +#include <sys/syslog.h> +#include <sys/errno.h> + +extern int errno; +/* + * antoln converts an authentication name into a local name by looking up + * the authentication name in the /etc/aname dbm database. + * + * If the /etc/aname file can not be opened it will set the + * local name to the principal name. Thus, in this case it performs as + * the identity function. + * + * The name instance and realm are passed to antoln through + * the AUTH_DAT structure (ad). + */ + +static char lrealm[REALM_SZ] = ""; + +an_to_ln(ad,lname) +AUTH_DAT *ad; +char *lname; +{ + static DBM *aname = NULL; + char keyname[ANAME_SZ+INST_SZ+REALM_SZ+2]; + + if(!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE)) + return(KFAILURE); + + if((strcmp(ad->pinst,"") && strcmp(ad->pinst,"root")) || +strcmp(ad->prealm,lrealm)) { + datum val; + datum key; + /* + * Non-local name (or) non-null and non-root instance. + * Look up in dbm file. + */ + if (!aname) { + if ((aname = dbm_open("/etc/aname", O_RDONLY, 0)) + == NULL) return (KFAILURE); + } + /* Construct dbm lookup key. */ + an_to_a(ad, keyname); + key.dptr = keyname; + key.dsize = strlen(keyname)+1; + flock(dbm_dirfno(aname), LOCK_SH); + val = dbm_fetch(aname, key); + flock(dbm_dirfno(aname), LOCK_UN); + if (!val.dptr) { + dbm_close(aname); + return(KFAILURE); + } + /* Got it! */ + strcpy(lname,val.dptr); + return(KSUCCESS); + } else strcpy(lname,ad->pname); + return(KSUCCESS); +} + +an_to_a(ad, str) + AUTH_DAT *ad; + char *str; +{ + strcpy(str, ad->pname); + if(*ad->pinst) { + strcat(str, "."); + strcat(str, ad->pinst); + } + strcat(str, "@"); + strcat(str, ad->prealm); +} + +/* + * Parse a string of the form "user[.instance][@realm]" + * into a struct AUTH_DAT. + */ + +a_to_an(str, ad) + AUTH_DAT *ad; + char *str; +{ + char *buf = (char *)malloc(strlen(str)+1); + char *rlm, *inst, *princ; + + if(!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE)) { + free(buf); + return(KFAILURE); + } + /* destructive string hacking is more fun.. */ + strcpy(buf, str); + + if (rlm = index(buf, '@')) { + *rlm++ = '\0'; + } + if (inst = index(buf, '.')) { + *inst++ = '\0'; + } + strcpy(ad->pname, buf); + if(inst) strcpy(ad->pinst, inst); + else *ad->pinst = '\0'; + if (rlm) strcpy(ad->prealm, rlm); + else strcpy(ad->prealm, lrealm); + free(buf); + return(KSUCCESS); +} +#endif diff --git a/crypto/kerberosIV/lib/krb/krb.def b/crypto/kerberosIV/lib/krb/krb.def new file mode 100644 index 0000000..da2e906 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb.def @@ -0,0 +1,92 @@ +LIBRARY "krb" BASE=0x07000000 + +DESCRIPTION "Dynamic link library for kerberos version 4" +VERSION 1.0 + +EXPORTS + krb_get_err_text + + newTktMem + getTktMem + firstCred + nextCredIndex + currCredIndex + nextFreeIndex + + k_flock + k_localtime + k_getsockinst + k_getportbyname + k_get_all_addrs + + krb_equiv + + afs_string_to_key + + krb_life_to_time + krb_time_to_life + krb_life_to_atime + krb_atime_to_life + + tf_get_cred + tf_get_pinst + tf_get_pname + tf_put_pinst + tf_put_pname + tf_init + tf_create + tf_save_cred + tf_close + + krb_mk_priv + krb_rd_priv + + create_auth_reply + krb_get_phost + krb_realmofhost + tkt_string + create_ciph + decomp_ticket + dest_tkt + get_ad_tkt + in_tkt + k_gethostname + k_isinst + k_isname + k_isrealm + kname_parse + krb_create_ticket + krb_get_admhst + krb_get_cred + krb_get_in_tkt + krb_get_krbhst + krb_get_lrealm + krb_get_default_realm + krb_get_pw_in_tkt + krb_get_svc_in_tkt + krb_get_tf_fullname + krb_get_tf_realm + krb_kntoln + krb_mk_req + krb_net_read + krb_net_write + krb_rd_err + krb_rd_req + krb_recvauth + krb_sendauth + krb_set_key + krb_set_lifetime + read_service_key + save_credentials + send_to_kdc + krb_mk_err + krb_mk_safe + krb_rd_safe + ad_print + cr_err_reply + krb_set_tkt_string + krb_get_default_principal + krb_realm_parse + krb_verify_user + kset_logfile + getst diff --git a/crypto/kerberosIV/lib/krb/krb.h b/crypto/kerberosIV/lib/krb/krb.h new file mode 100644 index 0000000..1ce349e --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb.h @@ -0,0 +1,565 @@ +/* + * $Id: krb.h,v 1.76 1997/05/26 17:47:31 bg Exp $ + * + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * Include file for the Kerberos library. + */ + +/* Only one time, please */ +#ifndef KRB_DEFS +#define KRB_DEFS + +#include <ktypes.h> +#include <sys/cdefs.h> +#include <stdarg.h> +#include <time.h> + +__BEGIN_DECLS + +#ifndef __P +#define __P(x) x +#endif + +/* Need some defs from des.h */ +#if !defined(NOPROTO) && !defined(__STDC__) +#define NOPROTO +#endif +#include <des.h> + +/* Don't use these guys, they are only for compatibility with CNS. */ +#ifndef KRB_INT32 +#define KRB_INT32 int32_t +#endif +#ifndef KRB_UINT32 +#define KRB_UINT32 u_int32_t +#endif + +/* Global library variables. */ +extern int krb_ignore_ip_address; /* To turn off IP address comparison */ +extern int krb_no_long_lifetimes; /* To disable AFS compatible lifetimes */ +extern int krbONE; +#define HOST_BYTE_ORDER (* (char *) &krbONE) + +/* Text describing error codes */ +#define MAX_KRB_ERRORS 256 +extern const char *krb_err_txt[MAX_KRB_ERRORS]; + +/* Use this function rather than indexing in krb_err_txt */ +const char *krb_get_err_text __P((int code)); + + +/* General definitions */ +#define KSUCCESS 0 +#define KFAILURE 255 + +/* + * Kerberos specific definitions + * + * KRBLOG is the log file for the kerberos master server. KRB_CONF is + * the configuration file where different host machines running master + * and slave servers can be found. KRB_MASTER is the name of the + * machine with the master database. The admin_server runs on this + * machine, and all changes to the db (as opposed to read-only + * requests, which can go to slaves) must go to it. KRB_HOST is the + * default machine * when looking for a kerberos slave server. Other + * possibilities are * in the KRB_CONF file. KRB_REALM is the name of + * the realm. + */ + +/* /etc/kerberosIV is only for backwards compatibility, don't use it! */ +#ifndef KRB_CONF +#define KRB_CONF "/etc/krb.conf" +#endif +#ifndef KRB_RLM_TRANS +#define KRB_RLM_TRANS "/etc/krb.realms" +#endif +#ifndef KRB_CNF_FILES +#define KRB_CNF_FILES { KRB_CONF, "/etc/kerberosIV/krb.conf", 0} +#endif +#ifndef KRB_RLM_FILES +#define KRB_RLM_FILES { KRB_RLM_TRANS, "/etc/kerberosIV/krb.realms", 0} +#endif +#ifndef KRB_EQUIV +#define KRB_EQUIV "/etc/krb.equiv" +#endif +#define KRB_MASTER "kerberos" +#ifndef KRB_REALM +#define KRB_REALM (krb_get_default_realm()) +#endif + +/* The maximum sizes for aname, realm, sname, and instance +1 */ +#define ANAME_SZ 40 +#define REALM_SZ 40 +#define SNAME_SZ 40 +#define INST_SZ 40 +/* Leave space for quoting */ +#define MAX_K_NAME_SZ (2*ANAME_SZ + 2*INST_SZ + 2*REALM_SZ - 3) +#define KKEY_SZ 100 +#define VERSION_SZ 1 +#define MSG_TYPE_SZ 1 +#define DATE_SZ 26 /* RTI date output */ + +#define MAX_HSTNM 100 /* for compatibility */ + +typedef struct krb_principal{ + char name[ANAME_SZ]; + char instance[INST_SZ]; + char realm[REALM_SZ]; +}krb_principal; + +#ifndef DEFAULT_TKT_LIFE /* allow compile-time override */ +/* default lifetime for krb_mk_req & co., 10 hrs */ +#define DEFAULT_TKT_LIFE 120 +#endif + +#define KRB_TICKET_GRANTING_TICKET "krbtgt" + +/* Definition of text structure used to pass text around */ +#define MAX_KTXT_LEN 1250 + +struct ktext { + unsigned int length; /* Length of the text */ + unsigned char dat[MAX_KTXT_LEN]; /* The data itself */ + u_int32_t mbz; /* zero to catch runaway strings */ +}; + +typedef struct ktext *KTEXT; +typedef struct ktext KTEXT_ST; + + +/* Definitions for send_to_kdc */ +#define CLIENT_KRB_TIMEOUT 4 /* time between retries */ +#define CLIENT_KRB_RETRY 5 /* retry this many times */ +#define CLIENT_KRB_BUFLEN 512 /* max unfragmented packet */ + +/* Definitions for ticket file utilities */ +#define R_TKT_FIL 0 +#define W_TKT_FIL 1 + +/* Parameters for rd_ap_req */ +/* Maximum alloable clock skew in seconds */ +#define CLOCK_SKEW 5*60 +/* Filename for readservkey */ +#ifndef KEYFILE +#define KEYFILE "/etc/srvtab" +#endif + +/* Structure definition for rd_ap_req */ + +struct auth_dat { + unsigned char k_flags; /* Flags from ticket */ + char pname[ANAME_SZ]; /* Principal's name */ + char pinst[INST_SZ]; /* His Instance */ + char prealm[REALM_SZ]; /* His Realm */ + u_int32_t checksum; /* Data checksum (opt) */ + des_cblock session; /* Session Key */ + int life; /* Life of ticket */ + u_int32_t time_sec; /* Time ticket issued */ + u_int32_t address; /* Address in ticket */ + KTEXT_ST reply; /* Auth reply (opt) */ +}; + +typedef struct auth_dat AUTH_DAT; + +/* Structure definition for credentials returned by get_cred */ + +struct credentials { + char service[ANAME_SZ]; /* Service name */ + char instance[INST_SZ]; /* Instance */ + char realm[REALM_SZ]; /* Auth domain */ + des_cblock session; /* Session key */ + int lifetime; /* Lifetime */ + int kvno; /* Key version number */ + KTEXT_ST ticket_st; /* The ticket itself */ + int32_t issue_date; /* The issue time */ + char pname[ANAME_SZ]; /* Principal's name */ + char pinst[INST_SZ]; /* Principal's instance */ +}; + +typedef struct credentials CREDENTIALS; + +/* Structure definition for rd_private_msg and rd_safe_msg */ + +struct msg_dat { + unsigned char *app_data; /* pointer to appl data */ + u_int32_t app_length; /* length of appl data */ + u_int32_t hash; /* hash to lookup replay */ + int swap; /* swap bytes? */ + int32_t time_sec; /* msg timestamp seconds */ + unsigned char time_5ms; /* msg timestamp 5ms units */ +}; + +typedef struct msg_dat MSG_DAT; + +struct krb_host { + char *realm; + char *host; + int proto; + int port; + int admin; +}; + +struct krb_host *krb_get_host __P((int, char*, int)); + + +/* Location of ticket file for save_cred and get_cred */ +#define TKT_FILE tkt_string() +#define TKT_ROOT "/tmp/tkt" + +/* Error codes returned from the KDC */ +#define KDC_OK 0 /* Request OK */ +#define KDC_NAME_EXP 1 /* Principal expired */ +#define KDC_SERVICE_EXP 2 /* Service expired */ +#define KDC_AUTH_EXP 3 /* Auth expired */ +#define KDC_PKT_VER 4 /* Protocol version unknown */ +#define KDC_P_MKEY_VER 5 /* Wrong master key version */ +#define KDC_S_MKEY_VER 6 /* Wrong master key version */ +#define KDC_BYTE_ORDER 7 /* Byte order unknown */ +#define KDC_PR_UNKNOWN 8 /* Principal unknown */ +#define KDC_PR_N_UNIQUE 9 /* Principal not unique */ +#define KDC_NULL_KEY 10 /* Principal has null key */ +#define KDC_GEN_ERR 20 /* Generic error from KDC */ + + +/* Values returned by get_credentials */ +#define GC_OK 0 /* Retrieve OK */ +#define RET_OK 0 /* Retrieve OK */ +#define GC_TKFIL 21 /* Can't read ticket file */ +#define RET_TKFIL 21 /* Can't read ticket file */ +#define GC_NOTKT 22 /* Can't find ticket or TGT */ +#define RET_NOTKT 22 /* Can't find ticket or TGT */ + + +/* Values returned by mk_ap_req */ +#define MK_AP_OK 0 /* Success */ +#define MK_AP_TGTEXP 26 /* TGT Expired */ + +/* Values returned by rd_ap_req */ +#define RD_AP_OK 0 /* Request authentic */ +#define RD_AP_UNDEC 31 /* Can't decode authenticator */ +#define RD_AP_EXP 32 /* Ticket expired */ +#define RD_AP_NYV 33 /* Ticket not yet valid */ +#define RD_AP_REPEAT 34 /* Repeated request */ +#define RD_AP_NOT_US 35 /* The ticket isn't for us */ +#define RD_AP_INCON 36 /* Request is inconsistent */ +#define RD_AP_TIME 37 /* delta_t too big */ +#define RD_AP_BADD 38 /* Incorrect net address */ +#define RD_AP_VERSION 39 /* protocol version mismatch */ +#define RD_AP_MSG_TYPE 40 /* invalid msg type */ +#define RD_AP_MODIFIED 41 /* message stream modified */ +#define RD_AP_ORDER 42 /* message out of order */ +#define RD_AP_UNAUTHOR 43 /* unauthorized request */ + +/* Values returned by get_pw_tkt */ +#define GT_PW_OK 0 /* Got password changing tkt */ +#define GT_PW_NULL 51 /* Current PW is null */ +#define GT_PW_BADPW 52 /* Incorrect current password */ +#define GT_PW_PROT 53 /* Protocol Error */ +#define GT_PW_KDCERR 54 /* Error returned by KDC */ +#define GT_PW_NULLTKT 55 /* Null tkt returned by KDC */ + + +/* Values returned by send_to_kdc */ +#define SKDC_OK 0 /* Response received */ +#define SKDC_RETRY 56 /* Retry count exceeded */ +#define SKDC_CANT 57 /* Can't send request */ + +/* + * Values returned by get_intkt + * (can also return SKDC_* and KDC errors) + */ + +#define INTK_OK 0 /* Ticket obtained */ +#define INTK_W_NOTALL 61 /* Not ALL tickets returned */ +#define INTK_BADPW 62 /* Incorrect password */ +#define INTK_PROT 63 /* Protocol Error */ +#define INTK_ERR 70 /* Other error */ + +/* Values returned by get_adtkt */ +#define AD_OK 0 /* Ticket Obtained */ +#define AD_NOTGT 71 /* Don't have tgt */ +#define AD_INTR_RLM_NOTGT 72 /* Can't get inter-realm tgt */ + +/* Error codes returned by ticket file utilities */ +#define NO_TKT_FIL 76 /* No ticket file found */ +#define TKT_FIL_ACC 77 /* Couldn't access tkt file */ +#define TKT_FIL_LCK 78 /* Couldn't lock ticket file */ +#define TKT_FIL_FMT 79 /* Bad ticket file format */ +#define TKT_FIL_INI 80 /* tf_init not called first */ + +/* Error code returned by kparse_name */ +#define KNAME_FMT 81 /* Bad Kerberos name format */ + +/* Error code returned by krb_mk_safe */ +#define SAFE_PRIV_ERROR -1 /* syscall error */ + +/* + * macros for byte swapping; also scratch space + * u_quad 0-->7, 1-->6, 2-->5, 3-->4, 4-->3, 5-->2, 6-->1, 7-->0 + * u_int32_t 0-->3, 1-->2, 2-->1, 3-->0 + * u_int16_t 0-->1, 1-->0 + */ + +#define swap_u_16(x) {\ + u_int32_t _krb_swap_tmp[4];\ + swab(((char *) x) +0, ((char *) _krb_swap_tmp) +14 ,2); \ + swab(((char *) x) +2, ((char *) _krb_swap_tmp) +12 ,2); \ + swab(((char *) x) +4, ((char *) _krb_swap_tmp) +10 ,2); \ + swab(((char *) x) +6, ((char *) _krb_swap_tmp) +8 ,2); \ + swab(((char *) x) +8, ((char *) _krb_swap_tmp) +6 ,2); \ + swab(((char *) x) +10,((char *) _krb_swap_tmp) +4 ,2); \ + swab(((char *) x) +12,((char *) _krb_swap_tmp) +2 ,2); \ + swab(((char *) x) +14,((char *) _krb_swap_tmp) +0 ,2); \ + memcpy(x, _krb_swap_tmp, 16);\ + } + +#define swap_u_12(x) {\ + u_int32_t _krb_swap_tmp[4];\ + swab(( char *) x, ((char *) _krb_swap_tmp) +10 ,2); \ + swab(((char *) x) +2, ((char *) _krb_swap_tmp) +8 ,2); \ + swab(((char *) x) +4, ((char *) _krb_swap_tmp) +6 ,2); \ + swab(((char *) x) +6, ((char *) _krb_swap_tmp) +4 ,2); \ + swab(((char *) x) +8, ((char *) _krb_swap_tmp) +2 ,2); \ + swab(((char *) x) +10,((char *) _krb_swap_tmp) +0 ,2); \ + memcpy(x, _krb_swap_tmp, 12);\ + } + +#define swap_C_Block(x) {\ + u_int32_t _krb_swap_tmp[4];\ + swab(( char *) x, ((char *) _krb_swap_tmp) +6 ,2); \ + swab(((char *) x) +2,((char *) _krb_swap_tmp) +4 ,2); \ + swab(((char *) x) +4,((char *) _krb_swap_tmp) +2 ,2); \ + swab(((char *) x) +6,((char *) _krb_swap_tmp) ,2); \ + memcpy(x, _krb_swap_tmp, 8);\ + } +#define swap_u_quad(x) {\ + u_int32_t _krb_swap_tmp[4];\ + swab(( char *) &x, ((char *) _krb_swap_tmp) +6 ,2); \ + swab(((char *) &x) +2,((char *) _krb_swap_tmp) +4 ,2); \ + swab(((char *) &x) +4,((char *) _krb_swap_tmp) +2 ,2); \ + swab(((char *) &x) +6,((char *) _krb_swap_tmp) ,2); \ + memcpy(x, _krb_swap_tmp, 8);\ + } + +#define swap_u_long(x) {\ + u_int32_t _krb_swap_tmp[4];\ + swab((char *) &x, ((char *) _krb_swap_tmp) +2 ,2); \ + swab(((char *) &x) +2,((char *) _krb_swap_tmp),2); \ + x = _krb_swap_tmp[0]; \ + } + +#define swap_u_short(x) {\ + u_int16_t _krb_swap_sh_tmp; \ + swab((char *) &x, ( &_krb_swap_sh_tmp) ,2); \ + x = (u_int16_t) _krb_swap_sh_tmp; \ + } +/* Kerberos ticket flag field bit definitions */ +#define K_FLAG_ORDER 0 /* bit 0 --> lsb */ +#define K_FLAG_1 /* reserved */ +#define K_FLAG_2 /* reserved */ +#define K_FLAG_3 /* reserved */ +#define K_FLAG_4 /* reserved */ +#define K_FLAG_5 /* reserved */ +#define K_FLAG_6 /* reserved */ +#define K_FLAG_7 /* reserved, bit 7 --> msb */ + +/* Defines for krb_sendauth and krb_recvauth */ + +#define KOPT_DONT_MK_REQ 0x00000001 /* don't call krb_mk_req */ +#define KOPT_DO_MUTUAL 0x00000002 /* do mutual auth */ + +#define KOPT_DONT_CANON 0x00000004 /* + * don't canonicalize inst as + * a hostname + */ + +#define KRB_SENDAUTH_VLEN 8 /* length for version strings */ + + +/* File locking */ +#define K_LOCK_SH 1 /* Shared lock */ +#define K_LOCK_EX 2 /* Exclusive lock */ +#define K_LOCK_NB 4 /* Don't block when locking */ +#define K_LOCK_UN 8 /* Unlock */ +int k_flock __P((int fd, int operation)); +struct tm *k_localtime __P((u_int32_t *)); +int k_getsockinst __P((int fd, char *inst, size_t)); +int k_getportbyname __P((const char *service, const char *proto, int default_port)); + +extern char *krb4_version; + +struct in_addr; + +int k_get_all_addrs __P((struct in_addr **l)); + +/* Host address comparison */ +int krb_equiv __P((u_int32_t, u_int32_t)); + +/* Password conversion */ +void mit_string_to_key __P((char *str, char *cell, des_cblock *key)); +void afs_string_to_key __P((char *str, char *cell, des_cblock *key)); + +/* Lifetime conversion */ +u_int32_t krb_life_to_time __P((u_int32_t start, int life)); +int krb_time_to_life __P((u_int32_t start, u_int32_t end)); +char *krb_life_to_atime __P((int life)); +int krb_atime_to_life __P((char *atime)); + +/* Ticket manipulation */ +int tf_get_cred __P((CREDENTIALS *)); +int tf_get_pinst __P((char *)); +int tf_get_pname __P((char *)); +int tf_put_pinst __P((char *)); +int tf_put_pname __P((char *)); +int tf_init __P((char *, int)); +int tf_create __P((char *)); +int tf_save_cred __P((char *, char *, char *, unsigned char *, int , int , KTEXT ticket, u_int32_t)); +void tf_close __P((void)); +int tf_setup __P((CREDENTIALS *cred, char *pname, char *pinst)); + +/* Private communication */ + +struct sockaddr_in; + +int32_t krb_mk_priv __P((void *, void *, u_int32_t, struct des_ks_struct *, des_cblock *, struct sockaddr_in *, struct sockaddr_in *)); +int32_t krb_rd_priv __P((void *, u_int32_t, struct des_ks_struct *, des_cblock *, struct sockaddr_in *, struct sockaddr_in *, MSG_DAT *)); + +/* Misc */ +KTEXT create_auth_reply __P((char *, char *, char *, int32_t, int, u_int32_t, int, KTEXT)); + +char *krb_get_phost __P((const char *)); +char *krb_realmofhost __P((const char *)); +char *tkt_string __P((void)); + +int create_ciph __P((KTEXT, unsigned char *, char *, char *, char *, u_int32_t, int, KTEXT, u_int32_t, des_cblock *)); +int decomp_ticket __P((KTEXT, unsigned char *, char *, char *, char *, u_int32_t *, unsigned char *, int *, u_int32_t *, char *, char *, des_cblock *, struct des_ks_struct *)); +int dest_tkt __P((void)); +int get_ad_tkt __P((char *, char *, char *, int)); +int get_pw_tkt __P((char *, char *, char *, char *)); +int get_request __P((KTEXT, int, char **, char **)); +int in_tkt __P((char *, char *)); +int k_gethostname __P((char *, int )); +int k_isinst __P((char *)); +int k_isname __P((char *)); +int k_isrealm __P((char *)); +int kname_parse __P((char *, char *, char *, char *)); +int krb_parse_name __P((const char*, krb_principal*)); +char *krb_unparse_name __P((krb_principal*)); +char *krb_unparse_name_r __P((krb_principal*, char*)); +char *krb_unparse_name_long __P((char*, char*, char*)); +char *krb_unparse_name_long_r __P((char *name, char *instance, char *realm, char *fullname)); +int krb_create_ticket __P((KTEXT, unsigned char, char *, char *, char *, int32_t, void *, int16_t, int32_t, char *, char *, des_cblock *)); +int krb_get_admhst __P((char *, char *, int)); +int krb_get_cred __P((char *, char *, char *, CREDENTIALS *)); + +typedef int (*key_proc_t) __P((char*, char*, char*, void*, des_cblock*)); + +typedef int (*decrypt_proc_t) __P((char*, char*, char*, void*, + key_proc_t, KTEXT*)); + +int krb_get_in_tkt __P((char*, char*, char*, char*, char*, int, key_proc_t, + decrypt_proc_t, void*)); + +int srvtab_to_key __P((char *, char *, char *, void *, des_cblock *)); +int passwd_to_key __P((char *, char *, char *, void *, des_cblock *)); +int passwd_to_afskey __P((char *, char *, char *, void *, des_cblock *)); + +int krb_get_krbhst __P((char *, char *, int)); +int krb_get_lrealm __P((char *, int)); +char *krb_get_default_realm __P((void)); +int krb_get_pw_in_tkt __P((char *, char *, char *, char *, char *, int, char *)); +int krb_get_svc_in_tkt __P((char *, char *, char *, char *, char *, int, char *)); +int krb_get_tf_fullname __P((char *, char *, char *, char *)); +int krb_get_tf_realm __P((char *, char *)); +int krb_kntoln __P((AUTH_DAT *, char *)); +int krb_mk_req __P((KTEXT , char *, char *, char *, int32_t)); +int krb_net_read __P((int , void *, size_t)); +int krb_net_write __P((int , const void *, size_t)); +int krb_rd_err __P((u_char *, u_int32_t, int32_t *, MSG_DAT *)); +int krb_rd_req __P((KTEXT , char *, char *, int32_t, AUTH_DAT *, char *)); +int krb_recvauth __P((int32_t, int, KTEXT, char *, char *, struct sockaddr_in *, struct sockaddr_in *, AUTH_DAT *, char *, struct des_ks_struct *, char *)); +int krb_sendauth __P((int32_t, int, KTEXT, char *,char *, char *, u_int32_t, MSG_DAT *, CREDENTIALS *, struct des_ks_struct *, struct sockaddr_in *, struct sockaddr_in *, char *)); +int krb_mk_auth __P((int32_t, KTEXT, char *, char *, char *, u_int32_t, char *, KTEXT)); +int krb_check_auth __P((KTEXT, u_int32_t, MSG_DAT *, des_cblock *, struct des_ks_struct *, struct sockaddr_in *, struct sockaddr_in *)); +int krb_set_key __P((void *, int)); +int krb_set_lifetime __P((int)); +int krb_kuserok __P((char *name, char *inst, char *realm, char *luser)); +int kuserok __P((AUTH_DAT *, char *)); +int read_service_key __P((char *, char *, char *, int , char *, char *)); +int save_credentials __P((char *, char *, char *, unsigned char *, int , int , KTEXT , int32_t)); +int send_to_kdc __P((KTEXT , KTEXT , char *)); + +int32_t krb_mk_err __P((u_char *, int32_t, char *)); +int32_t krb_mk_safe __P((void *, void *, u_int32_t, des_cblock *, struct sockaddr_in *, struct sockaddr_in *)); +int32_t krb_rd_safe __P((void *, u_int32_t, des_cblock *, struct sockaddr_in *, struct sockaddr_in *, MSG_DAT *)); + +void ad_print __P((AUTH_DAT *)); +void cr_err_reply __P((KTEXT, char *, char *, char *, u_int32_t, u_int32_t, char *)); +void extract_ticket __P((KTEXT, int, char *, int *, int *, char *, KTEXT)); +void krb_set_tkt_string __P((char *)); + +int krb_get_default_principal __P((char *, char *, char *)); +int krb_realm_parse __P((char *, int)); +int krb_verify_user __P((char*, char*, char*, char*, int, char *)); + +/* logging.c */ + +typedef int (*krb_log_func_t)(FILE *, const char *, va_list); + +typedef krb_log_func_t krb_warnfn_t; + +struct krb_log_facility; + +int krb_vlogger __P((struct krb_log_facility*, const char *, va_list)) +#ifdef __GNUC__ +__attribute__ ((format (printf, 2, 0))) +#endif +; +int krb_logger __P((struct krb_log_facility*, const char *, ...)) +#ifdef __GNUC__ +__attribute__ ((format (printf, 2, 3))) +#endif +; +int krb_openlog __P((struct krb_log_facility*, char*, FILE*, krb_log_func_t)); + +void krb_set_warnfn __P((krb_warnfn_t)); +krb_warnfn_t krb_get_warnfn __P((void)); +void krb_warning __P((const char*, ...)) +#ifdef __GNUC__ +__attribute__ ((format (printf, 1, 2))) +#endif +; + +void kset_logfile __P((char*)); +void krb_log __P((const char*, ...)) +#ifdef __GNUC__ +__attribute__ ((format (printf, 1, 2))) +#endif +; +char *klog __P((int, const char*, ...)) +#ifdef __GNUC__ +__attribute__ ((format (printf, 2, 3))) +#endif +; + +int getst __P((int, char *, int)); +const char *month_sname __P((int)); +const char *krb_stime __P((time_t *)); +int krb_check_tm __P((struct tm)); + +int krb_get_int __P((void *from, u_int32_t *to, int size, int lsb)); +int krb_put_int __P((u_int32_t from, void *to, int size)); +int krb_get_address __P((void *from, u_int32_t *to)); +int krb_put_address __P((u_int32_t addr, void *to)); +int krb_put_string __P((char *from, void *to)); +int krb_get_string __P((void *from, char *to)); +int krb_get_nir __P((void *from, char *name, char *instance, char *realm)); +int krb_put_nir __P((char *name, char *instance, char *realm, void *to)); + +__END_DECLS + +#endif /* KRB_DEFS */ diff --git a/crypto/kerberosIV/lib/krb/krb.mak b/crypto/kerberosIV/lib/krb/krb.mak new file mode 100644 index 0000000..1236261 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb.mak @@ -0,0 +1,3065 @@ +# Microsoft Developer Studio Generated NMAKE File, Format Version 4.10 +# ** DO NOT EDIT ** + +# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102 + +!IF "$(CFG)" == "" +CFG=krb - Win32 Debug +!MESSAGE No configuration specified. Defaulting to krb - Win32 Debug. +!ENDIF + +!IF "$(CFG)" != "krb - Win32 Release" && "$(CFG)" != "krb - Win32 Debug" +!MESSAGE Invalid configuration "$(CFG)" specified. +!MESSAGE You can specify a configuration when running NMAKE on this makefile +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "krb.mak" CFG="krb - Win32 Debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "krb - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE "krb - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE +!ERROR An invalid configuration is specified. +!ENDIF + +!IF "$(OS)" == "Windows_NT" +NULL= +!ELSE +NULL=nul +!ENDIF +################################################################################ +# Begin Project +# PROP Target_Last_Scanned "krb - Win32 Debug" +RSC=rc.exe +MTL=mktyplib.exe +CPP=cl.exe + +!IF "$(CFG)" == "krb - Win32 Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "Release" +# PROP BASE Intermediate_Dir "Release" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "Release" +# PROP Intermediate_Dir "Release" +# PROP Target_Dir "" +OUTDIR=.\Release +INTDIR=.\Release + +ALL : ".\Release\krb.dll" + +CLEAN : + -@erase ".\Release\cr_err_reply.obj" + -@erase ".\Release\create_auth_reply.obj" + -@erase ".\Release\create_ciph.obj" + -@erase ".\Release\create_ticket.obj" + -@erase ".\Release\debug_decl.obj" + -@erase ".\Release\decomp_ticket.obj" + -@erase ".\Release\dllmain.obj" + -@erase ".\Release\encrypt_ktext.obj" + -@erase ".\Release\et_list.obj" + -@erase ".\Release\get_ad_tkt.obj" + -@erase ".\Release\get_cred.obj" + -@erase ".\Release\get_default_principal.obj" + -@erase ".\Release\get_host.obj" + -@erase ".\Release\get_in_tkt.obj" + -@erase ".\Release\get_krbrlm.obj" + -@erase ".\Release\get_phost.obj" + -@erase ".\Release\get_svc_in_tkt.obj" + -@erase ".\Release\get_tf_fullname.obj" + -@erase ".\Release\get_tf_realm.obj" + -@erase ".\Release\getaddrs.obj" + -@erase ".\Release\getrealm.obj" + -@erase ".\Release\getst.obj" + -@erase ".\Release\k_flock.obj" + -@erase ".\Release\k_gethostname.obj" + -@erase ".\Release\k_getport.obj" + -@erase ".\Release\k_getsockinst.obj" + -@erase ".\Release\k_localtime.obj" + -@erase ".\Release\kdc_reply.obj" + -@erase ".\Release\kntoln.obj" + -@erase ".\Release\krb.dll" + -@erase ".\Release\krb.exp" + -@erase ".\Release\krb.lib" + -@erase ".\Release\krb_check_auth.obj" + -@erase ".\Release\krb_equiv.obj" + -@erase ".\Release\krb_err_txt.obj" + -@erase ".\Release\krb_get_in_tkt.obj" + -@erase ".\Release\lifetime.obj" + -@erase ".\Release\logging.obj" + -@erase ".\Release\lsb_addr_comp.obj" + -@erase ".\Release\mk_auth.obj" + -@erase ".\Release\mk_err.obj" + -@erase ".\Release\mk_priv.obj" + -@erase ".\Release\mk_req.obj" + -@erase ".\Release\mk_safe.obj" + -@erase ".\Release\month_sname.obj" + -@erase ".\Release\name2name.obj" + -@erase ".\Release\netread.obj" + -@erase ".\Release\netwrite.obj" + -@erase ".\Release\one.obj" + -@erase ".\Release\parse_name.obj" + -@erase ".\Release\rd_err.obj" + -@erase ".\Release\rd_priv.obj" + -@erase ".\Release\rd_req.obj" + -@erase ".\Release\rd_safe.obj" + -@erase ".\Release\read_service_key.obj" + -@erase ".\Release\realm_parse.obj" + -@erase ".\Release\recvauth.obj" + -@erase ".\Release\resolve.obj" + -@erase ".\Release\rw.obj" + -@erase ".\Release\save_credentials.obj" + -@erase ".\Release\send_to_kdc.obj" + -@erase ".\Release\sendauth.obj" + -@erase ".\Release\stime.obj" + -@erase ".\Release\str2key.obj" + -@erase ".\Release\swab.obj" + -@erase ".\Release\ticket_memory.obj" + -@erase ".\Release\tkt_string.obj" + -@erase ".\Release\unparse_name.obj" + -@erase ".\Release\util.obj" + -@erase ".\Release\verify_user.obj" + +"$(OUTDIR)" : + if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)" + +# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /YX /c +# ADD CPP /nologo /MT /W3 /GX /O2 /I "." /I "..\..\include" /I "..\..\include\win32" /I "..\des" /I "..\roken" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /c +CPP_PROJ=/nologo /MT /W3 /GX /O2 /I "." /I "..\..\include" /I\ + "..\..\include\win32" /I "..\des" /I "..\roken" /D "NDEBUG" /D "WIN32" /D\ + "_WINDOWS" /D "HAVE_CONFIG_H" /Fp"$(INTDIR)/krb.pch" /YX /Fo"$(INTDIR)/" /c +CPP_OBJS=.\Release/ +CPP_SBRS=.\. +# ADD BASE MTL /nologo /D "NDEBUG" /win32 +# ADD MTL /nologo /D "NDEBUG" /win32 +MTL_PROJ=/nologo /D "NDEBUG" /win32 +# ADD BASE RSC /l 0x409 /d "NDEBUG" +# ADD RSC /l 0x409 /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +BSC32_FLAGS=/nologo /o"$(OUTDIR)/krb.bsc" +BSC32_SBRS= \ + +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /machine:I386 +# ADD LINK32 ..\roken\Release\roken.lib ..\des\Release\des.lib wsock32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /machine:I386 +LINK32_FLAGS=..\roken\Release\roken.lib ..\des\Release\des.lib wsock32.lib\ + kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib\ + shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo\ + /subsystem:windows /dll /incremental:no /pdb:"$(OUTDIR)/krb.pdb" /machine:I386\ + /def:".\krb.def" /out:"$(OUTDIR)/krb.dll" /implib:"$(OUTDIR)/krb.lib" +DEF_FILE= \ + ".\krb.def" +LINK32_OBJS= \ + ".\Release\cr_err_reply.obj" \ + ".\Release\create_auth_reply.obj" \ + ".\Release\create_ciph.obj" \ + ".\Release\create_ticket.obj" \ + ".\Release\debug_decl.obj" \ + ".\Release\decomp_ticket.obj" \ + ".\Release\dllmain.obj" \ + ".\Release\encrypt_ktext.obj" \ + ".\Release\et_list.obj" \ + ".\Release\get_ad_tkt.obj" \ + ".\Release\get_cred.obj" \ + ".\Release\get_default_principal.obj" \ + ".\Release\get_host.obj" \ + ".\Release\get_in_tkt.obj" \ + ".\Release\get_krbrlm.obj" \ + ".\Release\get_phost.obj" \ + ".\Release\get_svc_in_tkt.obj" \ + ".\Release\get_tf_fullname.obj" \ + ".\Release\get_tf_realm.obj" \ + ".\Release\getaddrs.obj" \ + ".\Release\getrealm.obj" \ + ".\Release\getst.obj" \ + ".\Release\k_flock.obj" \ + ".\Release\k_gethostname.obj" \ + ".\Release\k_getport.obj" \ + ".\Release\k_getsockinst.obj" \ + ".\Release\k_localtime.obj" \ + ".\Release\kdc_reply.obj" \ + ".\Release\kntoln.obj" \ + ".\Release\krb_check_auth.obj" \ + ".\Release\krb_equiv.obj" \ + ".\Release\krb_err_txt.obj" \ + ".\Release\krb_get_in_tkt.obj" \ + ".\Release\lifetime.obj" \ + ".\Release\logging.obj" \ + ".\Release\lsb_addr_comp.obj" \ + ".\Release\mk_auth.obj" \ + ".\Release\mk_err.obj" \ + ".\Release\mk_priv.obj" \ + ".\Release\mk_req.obj" \ + ".\Release\mk_safe.obj" \ + ".\Release\month_sname.obj" \ + ".\Release\name2name.obj" \ + ".\Release\netread.obj" \ + ".\Release\netwrite.obj" \ + ".\Release\one.obj" \ + ".\Release\parse_name.obj" \ + ".\Release\rd_err.obj" \ + ".\Release\rd_priv.obj" \ + ".\Release\rd_req.obj" \ + ".\Release\rd_safe.obj" \ + ".\Release\read_service_key.obj" \ + ".\Release\realm_parse.obj" \ + ".\Release\recvauth.obj" \ + ".\Release\resolve.obj" \ + ".\Release\rw.obj" \ + ".\Release\save_credentials.obj" \ + ".\Release\send_to_kdc.obj" \ + ".\Release\sendauth.obj" \ + ".\Release\stime.obj" \ + ".\Release\str2key.obj" \ + ".\Release\swab.obj" \ + ".\Release\ticket_memory.obj" \ + ".\Release\tkt_string.obj" \ + ".\Release\unparse_name.obj" \ + ".\Release\util.obj" \ + ".\Release\verify_user.obj" + +".\Release\krb.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS) + $(LINK32) @<< + $(LINK32_FLAGS) $(LINK32_OBJS) +<< + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "Debug" +# PROP BASE Intermediate_Dir "Debug" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "Debug" +# PROP Intermediate_Dir "Debug" +# PROP Target_Dir "" +OUTDIR=.\Debug +INTDIR=.\Debug + +ALL : ".\Debug\krb.dll" + +CLEAN : + -@erase ".\Debug\cr_err_reply.obj" + -@erase ".\Debug\create_auth_reply.obj" + -@erase ".\Debug\create_ciph.obj" + -@erase ".\Debug\create_ticket.obj" + -@erase ".\Debug\debug_decl.obj" + -@erase ".\Debug\decomp_ticket.obj" + -@erase ".\Debug\dllmain.obj" + -@erase ".\Debug\encrypt_ktext.obj" + -@erase ".\Debug\et_list.obj" + -@erase ".\Debug\get_ad_tkt.obj" + -@erase ".\Debug\get_cred.obj" + -@erase ".\Debug\get_default_principal.obj" + -@erase ".\Debug\get_host.obj" + -@erase ".\Debug\get_in_tkt.obj" + -@erase ".\Debug\get_krbrlm.obj" + -@erase ".\Debug\get_phost.obj" + -@erase ".\Debug\get_svc_in_tkt.obj" + -@erase ".\Debug\get_tf_fullname.obj" + -@erase ".\Debug\get_tf_realm.obj" + -@erase ".\Debug\getaddrs.obj" + -@erase ".\Debug\getrealm.obj" + -@erase ".\Debug\getst.obj" + -@erase ".\Debug\k_flock.obj" + -@erase ".\Debug\k_gethostname.obj" + -@erase ".\Debug\k_getport.obj" + -@erase ".\Debug\k_getsockinst.obj" + -@erase ".\Debug\k_localtime.obj" + -@erase ".\Debug\kdc_reply.obj" + -@erase ".\Debug\kntoln.obj" + -@erase ".\Debug\krb.dll" + -@erase ".\Debug\krb.exp" + -@erase ".\Debug\krb.ilk" + -@erase ".\Debug\krb.lib" + -@erase ".\Debug\krb.pdb" + -@erase ".\Debug\krb_check_auth.obj" + -@erase ".\Debug\krb_equiv.obj" + -@erase ".\Debug\krb_err_txt.obj" + -@erase ".\Debug\krb_get_in_tkt.obj" + -@erase ".\Debug\lifetime.obj" + -@erase ".\Debug\logging.obj" + -@erase ".\Debug\lsb_addr_comp.obj" + -@erase ".\Debug\mk_auth.obj" + -@erase ".\Debug\mk_err.obj" + -@erase ".\Debug\mk_priv.obj" + -@erase ".\Debug\mk_req.obj" + -@erase ".\Debug\mk_safe.obj" + -@erase ".\Debug\month_sname.obj" + -@erase ".\Debug\name2name.obj" + -@erase ".\Debug\netread.obj" + -@erase ".\Debug\netwrite.obj" + -@erase ".\Debug\one.obj" + -@erase ".\Debug\parse_name.obj" + -@erase ".\Debug\rd_err.obj" + -@erase ".\Debug\rd_priv.obj" + -@erase ".\Debug\rd_req.obj" + -@erase ".\Debug\rd_safe.obj" + -@erase ".\Debug\read_service_key.obj" + -@erase ".\Debug\realm_parse.obj" + -@erase ".\Debug\recvauth.obj" + -@erase ".\Debug\resolve.obj" + -@erase ".\Debug\rw.obj" + -@erase ".\Debug\save_credentials.obj" + -@erase ".\Debug\send_to_kdc.obj" + -@erase ".\Debug\sendauth.obj" + -@erase ".\Debug\stime.obj" + -@erase ".\Debug\str2key.obj" + -@erase ".\Debug\swab.obj" + -@erase ".\Debug\ticket_memory.obj" + -@erase ".\Debug\tkt_string.obj" + -@erase ".\Debug\unparse_name.obj" + -@erase ".\Debug\util.obj" + -@erase ".\Debug\vc40.idb" + -@erase ".\Debug\vc40.pdb" + -@erase ".\Debug\verify_user.obj" + +"$(OUTDIR)" : + if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)" + +# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /YX /c +# ADD CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /I "." /I "..\..\include" /I "..\..\include\win32" /I "..\des" /I "..\roken" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /c +CPP_PROJ=/nologo /MTd /W3 /Gm /GX /Zi /Od /I "." /I "..\..\include" /I\ + "..\..\include\win32" /I "..\des" /I "..\roken" /D "_DEBUG" /D "WIN32" /D\ + "_WINDOWS" /D "HAVE_CONFIG_H" /Fp"$(INTDIR)/krb.pch" /YX /Fo"$(INTDIR)/"\ + /Fd"$(INTDIR)/" /c +CPP_OBJS=.\Debug/ +CPP_SBRS=.\. +# ADD BASE MTL /nologo /D "_DEBUG" /win32 +# ADD MTL /nologo /D "_DEBUG" /win32 +MTL_PROJ=/nologo /D "_DEBUG" /win32 +# ADD BASE RSC /l 0x409 /d "_DEBUG" +# ADD RSC /l 0x409 /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +BSC32_FLAGS=/nologo /o"$(OUTDIR)/krb.bsc" +BSC32_SBRS= \ + +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /debug /machine:I386 +# ADD LINK32 ..\roken\Debug\roken.lib ..\des\Debug\des.lib wsock32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /debug /machine:I386 +LINK32_FLAGS=..\roken\Debug\roken.lib ..\des\Debug\des.lib wsock32.lib\ + kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib\ + shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo\ + /subsystem:windows /dll /incremental:yes /pdb:"$(OUTDIR)/krb.pdb" /debug\ + /machine:I386 /def:".\krb.def" /out:"$(OUTDIR)/krb.dll"\ + /implib:"$(OUTDIR)/krb.lib" +DEF_FILE= \ + ".\krb.def" +LINK32_OBJS= \ + ".\Debug\cr_err_reply.obj" \ + ".\Debug\create_auth_reply.obj" \ + ".\Debug\create_ciph.obj" \ + ".\Debug\create_ticket.obj" \ + ".\Debug\debug_decl.obj" \ + ".\Debug\decomp_ticket.obj" \ + ".\Debug\dllmain.obj" \ + ".\Debug\encrypt_ktext.obj" \ + ".\Debug\et_list.obj" \ + ".\Debug\get_ad_tkt.obj" \ + ".\Debug\get_cred.obj" \ + ".\Debug\get_default_principal.obj" \ + ".\Debug\get_host.obj" \ + ".\Debug\get_in_tkt.obj" \ + ".\Debug\get_krbrlm.obj" \ + ".\Debug\get_phost.obj" \ + ".\Debug\get_svc_in_tkt.obj" \ + ".\Debug\get_tf_fullname.obj" \ + ".\Debug\get_tf_realm.obj" \ + ".\Debug\getaddrs.obj" \ + ".\Debug\getrealm.obj" \ + ".\Debug\getst.obj" \ + ".\Debug\k_flock.obj" \ + ".\Debug\k_gethostname.obj" \ + ".\Debug\k_getport.obj" \ + ".\Debug\k_getsockinst.obj" \ + ".\Debug\k_localtime.obj" \ + ".\Debug\kdc_reply.obj" \ + ".\Debug\kntoln.obj" \ + ".\Debug\krb_check_auth.obj" \ + ".\Debug\krb_equiv.obj" \ + ".\Debug\krb_err_txt.obj" \ + ".\Debug\krb_get_in_tkt.obj" \ + ".\Debug\lifetime.obj" \ + ".\Debug\logging.obj" \ + ".\Debug\lsb_addr_comp.obj" \ + ".\Debug\mk_auth.obj" \ + ".\Debug\mk_err.obj" \ + ".\Debug\mk_priv.obj" \ + ".\Debug\mk_req.obj" \ + ".\Debug\mk_safe.obj" \ + ".\Debug\month_sname.obj" \ + ".\Debug\name2name.obj" \ + ".\Debug\netread.obj" \ + ".\Debug\netwrite.obj" \ + ".\Debug\one.obj" \ + ".\Debug\parse_name.obj" \ + ".\Debug\rd_err.obj" \ + ".\Debug\rd_priv.obj" \ + ".\Debug\rd_req.obj" \ + ".\Debug\rd_safe.obj" \ + ".\Debug\read_service_key.obj" \ + ".\Debug\realm_parse.obj" \ + ".\Debug\recvauth.obj" \ + ".\Debug\resolve.obj" \ + ".\Debug\rw.obj" \ + ".\Debug\save_credentials.obj" \ + ".\Debug\send_to_kdc.obj" \ + ".\Debug\sendauth.obj" \ + ".\Debug\stime.obj" \ + ".\Debug\str2key.obj" \ + ".\Debug\swab.obj" \ + ".\Debug\ticket_memory.obj" \ + ".\Debug\tkt_string.obj" \ + ".\Debug\unparse_name.obj" \ + ".\Debug\util.obj" \ + ".\Debug\verify_user.obj" + +".\Debug\krb.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS) + $(LINK32) @<< + $(LINK32_FLAGS) $(LINK32_OBJS) +<< + +!ENDIF + +.c{$(CPP_OBJS)}.obj: + $(CPP) $(CPP_PROJ) $< + +.cpp{$(CPP_OBJS)}.obj: + $(CPP) $(CPP_PROJ) $< + +.cxx{$(CPP_OBJS)}.obj: + $(CPP) $(CPP_PROJ) $< + +.c{$(CPP_SBRS)}.sbr: + $(CPP) $(CPP_PROJ) $< + +.cpp{$(CPP_SBRS)}.sbr: + $(CPP) $(CPP_PROJ) $< + +.cxx{$(CPP_SBRS)}.sbr: + $(CPP) $(CPP_PROJ) $< + +################################################################################ +# Begin Target + +# Name "krb - Win32 Release" +# Name "krb - Win32 Debug" + +!IF "$(CFG)" == "krb - Win32 Release" + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +!ENDIF + +################################################################################ +# Begin Source File + +SOURCE=.\krb.def + +!IF "$(CFG)" == "krb - Win32 Release" + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_tf_fullname.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_T=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_tf_fullname.obj" : $(SOURCE) $(DEP_CPP_GET_T) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_T=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_tf_fullname.obj" : $(SOURCE) $(DEP_CPP_GET_T) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\cr_err_reply.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_CR_ER=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\cr_err_reply.obj" : $(SOURCE) $(DEP_CPP_CR_ER) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_CR_ER=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\cr_err_reply.obj" : $(SOURCE) $(DEP_CPP_CR_ER) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\create_auth_reply.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_CREAT=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\create_auth_reply.obj" : $(SOURCE) $(DEP_CPP_CREAT) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_CREAT=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\create_auth_reply.obj" : $(SOURCE) $(DEP_CPP_CREAT) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\create_ciph.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_CREATE=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\create_ciph.obj" : $(SOURCE) $(DEP_CPP_CREATE) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_CREATE=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\create_ciph.obj" : $(SOURCE) $(DEP_CPP_CREATE) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\create_ticket.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_CREATE_=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\create_ticket.obj" : $(SOURCE) $(DEP_CPP_CREATE_) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_CREATE_=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\create_ticket.obj" : $(SOURCE) $(DEP_CPP_CREATE_) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\decomp_ticket.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_DECOM=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\decomp_ticket.obj" : $(SOURCE) $(DEP_CPP_DECOM) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_DECOM=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\decomp_ticket.obj" : $(SOURCE) $(DEP_CPP_DECOM) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\dllmain.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_DLLMA=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + ".\ticket_memory.h"\ + + +".\Release\dllmain.obj" : $(SOURCE) $(DEP_CPP_DLLMA) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_DLLMA=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + ".\ticket_memory.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\dllmain.obj" : $(SOURCE) $(DEP_CPP_DLLMA) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\encrypt_ktext.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_ENCRY=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\encrypt_ktext.obj" : $(SOURCE) $(DEP_CPP_ENCRY) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_ENCRY=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\encrypt_ktext.obj" : $(SOURCE) $(DEP_CPP_ENCRY) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\et_list.c +DEP_CPP_ET_LI=\ + "..\..\include\win32\config.h"\ + + +!IF "$(CFG)" == "krb - Win32 Release" + + +".\Release\et_list.obj" : $(SOURCE) $(DEP_CPP_ET_LI) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + + +".\Debug\et_list.obj" : $(SOURCE) $(DEP_CPP_ET_LI) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_ad_tkt.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_A=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_ad_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_A) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_A=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_ad_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_A) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_cred.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_C=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_cred.obj" : $(SOURCE) $(DEP_CPP_GET_C) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_C=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_cred.obj" : $(SOURCE) $(DEP_CPP_GET_C) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_default_principal.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_D=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_default_principal.obj" : $(SOURCE) $(DEP_CPP_GET_D) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_D=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_default_principal.obj" : $(SOURCE) $(DEP_CPP_GET_D) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_host.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_H=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_host.obj" : $(SOURCE) $(DEP_CPP_GET_H) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_H=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_host.obj" : $(SOURCE) $(DEP_CPP_GET_H) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_in_tkt.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_I=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_in_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_I) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_I=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_in_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_I) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_krbrlm.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_K=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_krbrlm.obj" : $(SOURCE) $(DEP_CPP_GET_K) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_K=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_krbrlm.obj" : $(SOURCE) $(DEP_CPP_GET_K) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_phos + +!IF "$(CFG)" == "krb - Win32 Release" + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_svc_in_tkt.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_S=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_svc_in_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_S) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_S=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_svc_in_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_S) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_phost.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_P=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_phost.obj" : $(SOURCE) $(DEP_CPP_GET_P) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_P=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_phost.obj" : $(SOURCE) $(DEP_CPP_GET_P) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\krb_equiv.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_KRB_E=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\krb_equiv.obj" : $(SOURCE) $(DEP_CPP_KRB_E) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_KRB_E=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\krb_equiv.obj" : $(SOURCE) $(DEP_CPP_KRB_E) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\getaddrs.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GETAD=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\getaddrs.obj" : $(SOURCE) $(DEP_CPP_GETAD) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GETAD=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\getaddrs.obj" : $(SOURCE) $(DEP_CPP_GETAD) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\getrealm.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GETRE=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\getrealm.obj" : $(SOURCE) $(DEP_CPP_GETRE) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GETRE=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\getrealm.obj" : $(SOURCE) $(DEP_CPP_GETRE) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\getst.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GETST=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\getst.obj" : $(SOURCE) $(DEP_CPP_GETST) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GETST=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\getst.obj" : $(SOURCE) $(DEP_CPP_GETST) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\k_flock.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_K_FLO=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\k_flock.obj" : $(SOURCE) $(DEP_CPP_K_FLO) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_K_FLO=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\k_flock.obj" : $(SOURCE) $(DEP_CPP_K_FLO) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\k_gethostname.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_K_GET=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\k_gethostname.obj" : $(SOURCE) $(DEP_CPP_K_GET) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_K_GET=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\k_gethostname.obj" : $(SOURCE) $(DEP_CPP_K_GET) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\k_getport.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_K_GETP=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\k_getport.obj" : $(SOURCE) $(DEP_CPP_K_GETP) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_K_GETP=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\k_getport.obj" : $(SOURCE) $(DEP_CPP_K_GETP) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\k_getsockinst.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_K_GETS=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\k_getsockinst.obj" : $(SOURCE) $(DEP_CPP_K_GETS) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_K_GETS=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\k_getsockinst.obj" : $(SOURCE) $(DEP_CPP_K_GETS) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\k_localtime.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_K_LOC=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\k_localtime.obj" : $(SOURCE) $(DEP_CPP_K_LOC) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_K_LOC=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\k_localtime.obj" : $(SOURCE) $(DEP_CPP_K_LOC) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\kdc_reply.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_KDC_R=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\kdc_reply.obj" : $(SOURCE) $(DEP_CPP_KDC_R) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_KDC_R=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\kdc_reply.obj" : $(SOURCE) $(DEP_CPP_KDC_R) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\kntoln.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_KNTOL=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Release\kntoln.obj" : $(SOURCE) $(DEP_CPP_KNTOL) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_KNTOL=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\kntoln.obj" : $(SOURCE) $(DEP_CPP_KNTOL) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\krb_check_auth.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_KRB_C=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\krb_check_auth.obj" : $(SOURCE) $(DEP_CPP_KRB_C) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_KRB_C=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\krb_check_auth.obj" : $(SOURCE) $(DEP_CPP_KRB_C) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_tf_realm.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_TF=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_tf_realm.obj" : $(SOURCE) $(DEP_CPP_GET_TF) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_TF=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_tf_realm.obj" : $(SOURCE) $(DEP_CPP_GET_TF) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\rd_safe.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_RD_SA=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + + +".\Release\rd_safe.obj" : $(SOURCE) $(DEP_CPP_RD_SA) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_RD_SA=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\rd_safe.obj" : $(SOURCE) $(DEP_CPP_RD_SA) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\krb_get_in_tkt.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_KRB_G=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\krb_get_in_tkt.obj" : $(SOURCE) $(DEP_CPP_KRB_G) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_KRB_G=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\krb_get_in_tkt.obj" : $(SOURCE) $(DEP_CPP_KRB_G) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\lifetime.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_LIFET=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\lifetime.obj" : $(SOURCE) $(DEP_CPP_LIFET) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_LIFET=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\lifetime.obj" : $(SOURCE) $(DEP_CPP_LIFET) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\lsb_addr_comp.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_LSB_A=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + + +".\Release\lsb_addr_comp.obj" : $(SOURCE) $(DEP_CPP_LSB_A) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_LSB_A=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\lsb_addr_comp.obj" : $(SOURCE) $(DEP_CPP_LSB_A) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\mk_auth.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_MK_AU=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\mk_auth.obj" : $(SOURCE) $(DEP_CPP_MK_AU) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_MK_AU=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\mk_auth.obj" : $(SOURCE) $(DEP_CPP_MK_AU) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\mk_err.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_MK_ER=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\mk_err.obj" : $(SOURCE) $(DEP_CPP_MK_ER) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_MK_ER=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\mk_err.obj" : $(SOURCE) $(DEP_CPP_MK_ER) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\mk_priv.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_MK_PR=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + + +".\Release\mk_priv.obj" : $(SOURCE) $(DEP_CPP_MK_PR) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_MK_PR=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\mk_priv.obj" : $(SOURCE) $(DEP_CPP_MK_PR) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\mk_req.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_MK_RE=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\mk_req.obj" : $(SOURCE) $(DEP_CPP_MK_RE) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_MK_RE=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\mk_req.obj" : $(SOURCE) $(DEP_CPP_MK_RE) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\mk_safe.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_MK_SA=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + + +".\Release\mk_safe.obj" : $(SOURCE) $(DEP_CPP_MK_SA) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_MK_SA=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\mk_safe.obj" : $(SOURCE) $(DEP_CPP_MK_SA) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\month_sname.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_MONTH=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\month_sname.obj" : $(SOURCE) $(DEP_CPP_MONTH) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_MONTH=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\month_sname.obj" : $(SOURCE) $(DEP_CPP_MONTH) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\name2name.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_NAME2=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\name2name.obj" : $(SOURCE) $(DEP_CPP_NAME2) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_NAME2=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\name2name.obj" : $(SOURCE) $(DEP_CPP_NAME2) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\netread.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_NETRE=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\netread.obj" : $(SOURCE) $(DEP_CPP_NETRE) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_NETRE=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\netread.obj" : $(SOURCE) $(DEP_CPP_NETRE) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\netwrite.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_NETWR=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\netwrite.obj" : $(SOURCE) $(DEP_CPP_NETWR) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_NETWR=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\netwrite.obj" : $(SOURCE) $(DEP_CPP_NETWR) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\one.c + +!IF "$(CFG)" == "krb - Win32 Release" + + +".\Release\one.obj" : $(SOURCE) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + + +".\Debug\one.obj" : $(SOURCE) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\parse_name.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_PARSE=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\parse_name.obj" : $(SOURCE) $(DEP_CPP_PARSE) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_PARSE=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\parse_name.obj" : $(SOURCE) $(DEP_CPP_PARSE) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\rd_err.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_RD_ER=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\rd_err.obj" : $(SOURCE) $(DEP_CPP_RD_ER) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_RD_ER=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\rd_err.obj" : $(SOURCE) $(DEP_CPP_RD_ER) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\rd_priv.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_RD_PR=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + + +".\Release\rd_priv.obj" : $(SOURCE) $(DEP_CPP_RD_PR) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_RD_PR=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\rd_priv.obj" : $(SOURCE) $(DEP_CPP_RD_PR) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\rd_req.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_RD_RE=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\rd_req.obj" : $(SOURCE) $(DEP_CPP_RD_RE) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_RD_RE=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\rd_req.obj" : $(SOURCE) $(DEP_CPP_RD_RE) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\krb_err_txt.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_KRB_ER=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\krb_err_txt.obj" : $(SOURCE) $(DEP_CPP_KRB_ER) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_KRB_ER=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\krb_err_txt.obj" : $(SOURCE) $(DEP_CPP_KRB_ER) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\send_to_kdc.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_SEND_=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\send_to_kdc.obj" : $(SOURCE) $(DEP_CPP_SEND_) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_SEND_=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\send_to_kdc.obj" : $(SOURCE) $(DEP_CPP_SEND_) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\realm_parse.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_REALM=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\realm_parse.obj" : $(SOURCE) $(DEP_CPP_REALM) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_REALM=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\realm_parse.obj" : $(SOURCE) $(DEP_CPP_REALM) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\recvauth.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_RECVA=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\recvauth.obj" : $(SOURCE) $(DEP_CPP_RECVA) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_RECVA=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\recvauth.obj" : $(SOURCE) $(DEP_CPP_RECVA) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\resolve.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_RESOL=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + ".\resolve.h"\ + + +".\Release\resolve.obj" : $(SOURCE) $(DEP_CPP_RESOL) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_RESOL=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\resolve.obj" : $(SOURCE) $(DEP_CPP_RESOL) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\rw.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_RW_C68=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + "..\des\version.h"\ + ".\krb_locl.h"\ + + +".\Release\rw.obj" : $(SOURCE) $(DEP_CPP_RW_C68) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_RW_C68=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\des\version.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\rw.obj" : $(SOURCE) $(DEP_CPP_RW_C68) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\save_credentials.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_SAVE_=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\save_credentials.obj" : $(SOURCE) $(DEP_CPP_SAVE_) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_SAVE_=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\save_credentials.obj" : $(SOURCE) $(DEP_CPP_SAVE_) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\read_service_key.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_READ_=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\read_service_key.obj" : $(SOURCE) $(DEP_CPP_READ_) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_READ_=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\read_service_key.obj" : $(SOURCE) $(DEP_CPP_READ_) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\verify_user.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_VERIF=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\verify_user.obj" : $(SOURCE) $(DEP_CPP_VERIF) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_VERIF=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\verify_user.obj" : $(SOURCE) $(DEP_CPP_VERIF) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\stime.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_STIME=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\stime.obj" : $(SOURCE) $(DEP_CPP_STIME) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_STIME=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\stime.obj" : $(SOURCE) $(DEP_CPP_STIME) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\swab.c +DEP_CPP_SWAB_=\ + "..\..\include\win32\config.h"\ + + +!IF "$(CFG)" == "krb - Win32 Release" + + +".\Release\swab.obj" : $(SOURCE) $(DEP_CPP_SWAB_) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + + +".\Debug\swab.obj" : $(SOURCE) $(DEP_CPP_SWAB_) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\ticket_memory.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_TICKE=\ + ".\krb_locl.h"\ + ".\ticket_memory.h"\ + + +".\Release\ticket_memory.obj" : $(SOURCE) $(DEP_CPP_TICKE) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_TICKE=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + ".\ticket_memory.h"\ + + +".\Debug\ticket_memory.obj" : $(SOURCE) $(DEP_CPP_TICKE) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\tkt_string.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_TKT_S=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\tkt_string.obj" : $(SOURCE) $(DEP_CPP_TKT_S) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_TKT_S=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\tkt_string.obj" : $(SOURCE) $(DEP_CPP_TKT_S) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\unparse_name.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_UNPAR=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\unparse_name.obj" : $(SOURCE) $(DEP_CPP_UNPAR) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_UNPAR=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\unparse_name.obj" : $(SOURCE) $(DEP_CPP_UNPAR) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\util.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_UTIL_=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\util.obj" : $(SOURCE) $(DEP_CPP_UTIL_) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_UTIL_=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\util.obj" : $(SOURCE) $(DEP_CPP_UTIL_) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\sendauth.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_SENDA=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\sendauth.obj" : $(SOURCE) $(DEP_CPP_SENDA) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_SENDA=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\sendauth.obj" : $(SOURCE) $(DEP_CPP_SENDA) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\logging.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_LOGGI=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\klog.h"\ + ".\krb_locl.h"\ + + +".\Release\logging.obj" : $(SOURCE) $(DEP_CPP_LOGGI) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_LOGGI=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\klog.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\logging.obj" : $(SOURCE) $(DEP_CPP_LOGGI) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\str2key.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_STR2K=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\str2key.obj" : $(SOURCE) $(DEP_CPP_STR2K) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_STR2K=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\str2key.obj" : $(SOURCE) $(DEP_CPP_STR2K) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\debug_decl.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_DEBUG=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\debug_decl.obj" : $(SOURCE) $(DEP_CPP_DEBUG) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_DEBUG=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\debug_decl.obj" : $(SOURCE) $(DEP_CPP_DEBUG) "$(INTDIR)" + + +!ENDIF + +# End Source File +# End Target +# End Project +################################################################################ diff --git a/crypto/kerberosIV/lib/krb/krb_check_auth.c b/crypto/kerberosIV/lib/krb/krb_check_auth.c new file mode 100644 index 0000000..8bddbf5 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb_check_auth.c @@ -0,0 +1,76 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: krb_check_auth.c,v 1.4 1997/04/01 08:18:33 joda Exp $"); + +/* + * + * Receive an mutual-authenticator for a server in `packet', with + * `checksum', `session', and `schedule' having the appropriate values + * and return the data in `msg_data'. + * + * Return KSUCCESS if the received checksum is correct. + * + */ + +int +krb_check_auth(KTEXT packet, + u_int32_t checksum, + MSG_DAT *msg_data, + des_cblock *session, + struct des_ks_struct *schedule, + struct sockaddr_in *laddr, + struct sockaddr_in *faddr) +{ + int ret; + u_int32_t checksum2; + + ret = krb_rd_priv (packet->dat, packet->length, schedule, session, faddr, + laddr, msg_data); + if (ret != RD_AP_OK) + return ret; + if (msg_data->app_length != 4) + return KFAILURE; + krb_get_int (msg_data->app_data, &checksum2, 4, 0); + if (checksum2 == checksum + 1) + return KSUCCESS; + else + return KFAILURE; +} diff --git a/crypto/kerberosIV/lib/krb/krb_equiv.c b/crypto/kerberosIV/lib/krb/krb_equiv.c new file mode 100644 index 0000000..06f42f5 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb_equiv.c @@ -0,0 +1,144 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * int krb_equiv(u_int32_t ipaddr_a, u_int32_t ipaddr_b); + * + * Given two IP adresses return true if they match + * or are considered to belong to the same host. + * + * For example if /etc/krb.equiv looks like + * + * 130.237.223.3 192.16.126.3 # alv alv1 + * 130.237.223.4 192.16.126.4 # byse byse1 + * 130.237.228.152 192.16.126.9 # topsy topsy1 + * + * krb_equiv(alv, alv1) would return true but + * krb_equiv(alv, byse1) would not. + * + * A comment starts with an '#' and ends with '\n'. + * + */ +#include "krb_locl.h" + +RCSID("$Id: krb_equiv.c,v 1.13 1997/04/01 08:18:33 joda Exp $"); + +int krb_ignore_ip_address = 0; + +int +krb_equiv(u_int32_t a, u_int32_t b) +{ + FILE *fil; + char line[256]; + int hit_a, hit_b; + int iscomment; + + if (a == b) /* trivial match, also the common case */ + return 1; + + if (krb_ignore_ip_address) + return 1; /* if we have decided not to compare */ + + a = ntohl(a); + b = ntohl(b); + + fil = fopen(KRB_EQUIV, "r"); + if (fil == NULL) /* open failed */ + return 0; + + hit_a = hit_b = 0; + iscomment = 0; + while (fgets(line, sizeof(line)-1, fil) != NULL) /* for each line */ + { + char *t = line; + int len = strlen(t); + + /* for each item on this line */ + while (*t != 0) /* more addresses on this line? */ + if (*t == '\n') { + iscomment = hit_a = hit_b = 0; + break; + } else if (iscomment) + t = line + len - 1; + else if (*t == '#') { /* rest is comment */ + iscomment = 1; + ++t; + } else if (*t == '\\' ) /* continuation */ + break; + else if (isspace(*t)) /* skip space */ + t++; + else if (isdigit(*t)) /* an address? */ + { + u_int32_t tmp; + u_int32_t tmpa, tmpb, tmpc, tmpd; + + sscanf(t, "%d.%d.%d.%d", &tmpa, &tmpb, &tmpc, &tmpd); + tmp = (tmpa << 24) | (tmpb << 16) | (tmpc << 8) | tmpd; + + while (*t == '.' || isdigit(*t)) /* done with this address */ + t++; + + if (tmp != -1) { /* an address (and not broadcast) */ + u_int32_t mask = (u_int32_t)~0; + + if (*t == '/') { + ++t; + mask <<= 32 - atoi(t); + + while(isdigit(*t)) + ++t; + } + + if ((tmp & mask) == (a & mask)) + hit_a = 1; + if ((tmp & mask) == (b & mask)) + hit_b = 1; + if (hit_a && hit_b) { + fclose(fil); + return 1; + } + } + } + else + ++t; /* garbage on this line, skip it */ + + } + + fclose(fil); + return 0; +} diff --git a/crypto/kerberosIV/lib/krb/krb_err.et b/crypto/kerberosIV/lib/krb/krb_err.et new file mode 100644 index 0000000..4e32aed --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb_err.et @@ -0,0 +1,257 @@ +# Copyright 1987,1988 Massachusetts Institute of Technology +# +# For copying and distribution information, see the file +# "mit-copyright.h". +# +# $Id: krb_err.et,v 1.4 1996/10/27 13:30:28 bg Exp $ +# + error_table krb + + ec KRBET_KSUCCESS, + "Kerberos successful" + + ec KRBET_KDC_NAME_EXP, + "Kerberos principal expired" + + ec KRBET_KDC_SERVICE_EXP, + "Kerberos service expired" + + ec KRBET_KDC_AUTH_EXP, + "Kerberos auth expired" + + ec KRBET_KDC_PKT_VER, + "Incorrect kerberos master key version" + + ec KRBET_KDC_P_MKEY_VER, + "Incorrect kerberos master key version" + + ec KRBET_KDC_S_MKEY_VER, + "Incorrect kerberos master key version" + + ec KRBET_KDC_BYTE_ORDER, + "Kerberos error: byte order unknown" + + ec KRBET_KDC_PR_UNKNOWN, + "Kerberos principal unknown" + + ec KRBET_KDC_PR_N_UNIQUE, + "Kerberos principal not unique" + + ec KRBET_KDC_NULL_KEY, + "Kerberos principal has null key" + + ec KRBET_KRB_RES11, + "Reserved 11" + + ec KRBET_KRB_RES12, + "Reserved 12" + + ec KRBET_KRB_RES13, + "Reserved 13" + + ec KRBET_KRB_RES14, + "Reserved 14" + + ec KRBET_KRB_RES15, + "Reserved 15" + + ec KRBET_KRB_RES16, + "Reserved 16" + + ec KRBET_KRB_RES17, + "Reserved 17" + + ec KRBET_KRB_RES18, + "Reserved 18" + + ec KRBET_KRB_RES19, + "Reserved 19" + + ec KRBET_KDC_GEN_ERR, + "Generic error from Kerberos KDC" + + ec KRBET_GC_TKFIL, + "Can't read Kerberos ticket file" + + ec KRBET_GC_NOTKT, + "Can't find Kerberos ticket or TGT" + + ec KRBET_KRB_RES23, + "Reserved 23" + + ec KRBET_KRB_RES24, + "Reserved 24" + + ec KRBET_KRB_RES25, + "Reserved 25" + + ec KRBET_MK_AP_TGTEXP, + "Kerberos TGT Expired" + + ec KRBET_KRB_RES27, + "Reserved 27" + + ec KRBET_KRB_RES28, + "Reserved 28" + + ec KRBET_KRB_RES29, + "Reserved 29" + + ec KRBET_KRB_RES30, + "Reserved 30" + + ec KRBET_RD_AP_UNDEC, + "Kerberos error: Can't decode authenticator" + + ec KRBET_RD_AP_EXP, + "Kerberos ticket expired" + + ec KRBET_RD_AP_NYV, + "Kerberos ticket not yet valid" + + ec KRBET_RD_AP_REPEAT, + "Kerberos error: Repeated request" + + ec KRBET_RD_AP_NOT_US, + "The kerberos ticket isn't for us" + + ec KRBET_RD_AP_INCON, + "Kerberos request inconsistent" + + ec KRBET_RD_AP_TIME, + "Kerberos error: delta_t too big" + + ec KRBET_RD_AP_BADD, + "Kerberos error: incorrect net address" + + ec KRBET_RD_AP_VERSION, + "Kerberos protocol version mismatch" + + ec KRBET_RD_AP_MSG_TYPE, + "Kerberos error: invalid msg type" + + ec KRBET_RD_AP_MODIFIED, + "Kerberos error: message stream modified" + + ec KRBET_RD_AP_ORDER, + "Kerberos error: message out of order" + + ec KRBET_RD_AP_UNAUTHOR, + "Kerberos error: unauthorized request" + + ec KRBET_KRB_RES44, + "Reserved 44" + + ec KRBET_KRB_RES45, + "Reserved 45" + + ec KRBET_KRB_RES46, + "Reserved 46" + + ec KRBET_KRB_RES47, + "Reserved 47" + + ec KRBET_KRB_RES48, + "Reserved 48" + + ec KRBET_KRB_RES49, + "Reserved 49" + + ec KRBET_KRB_RES50, + "Reserved 50" + + ec KRBET_GT_PW_NULL, + "Kerberos error: current PW is null" + + ec KRBET_GT_PW_BADPW, + "Kerberos error: Incorrect current password" + + ec KRBET_GT_PW_PROT, + "Kerberos protocol error" + + ec KRBET_GT_PW_KDCERR, + "Error returned by Kerberos KDC" + + ec KRBET_GT_PW_NULLTKT, + "Null Kerberos ticket returned by KDC" + + ec KRBET_SKDC_RETRY, + "Kerberos error: Retry count exceeded" + + ec KRBET_SKDC_CANT, + "Kerberos error: Can't send request" + + ec KRBET_KRB_RES58, + "Reserved 58" + + ec KRBET_KRB_RES59, + "Reserved 59" + + ec KRBET_KRB_RES60, + "Reserved 60" + + ec KRBET_INTK_W_NOTALL, + "Kerberos error: not all tickets returned" + + ec KRBET_INTK_BADPW, + "Kerberos error: incorrect password" + + ec KRBET_INTK_PROT, + "Kerberos error: Protocol Error" + + ec KRBET_KRB_RES64, + "Reserved 64" + + ec KRBET_KRB_RES65, + "Reserved 65" + + ec KRBET_KRB_RES66, + "Reserved 66" + + ec KRBET_KRB_RES67, + "Reserved 67" + + ec KRBET_KRB_RES68, + "Reserved 68" + + ec KRBET_KRB_RES69, + "Reserved 69" + + ec KRBET_INTK_ERR, + "Other error" + + ec KRBET_AD_NOTGT, + "Don't have Kerberos ticket-granting ticket" + + ec KRBET_KRB_RES72, + "Can't get Kerberos inter-realm ticket-granting ticket" + + ec KRBET_KRB_RES73, + "Reserved 73" + + ec KRBET_KRB_RES74, + "Reserved 74" + + ec KRBET_KRB_RES75, + "Reserved 75" + + ec KRBET_NO_TKT_FIL, + "No ticket file found" + + ec KRBET_TKT_FIL_ACC, + "Couldn't access ticket file" + + ec KRBET_TKT_FIL_LCK, + "Couldn't lock ticket file" + + ec KRBET_TKT_FIL_FMT, + "Bad ticket file format" + + ec KRBET_TKT_FIL_INI, + "tf_init not called first" + + ec KRBET_KNAME_FMT, + "Bad Kerberos name format" + + end + diff --git a/crypto/kerberosIV/lib/krb/krb_err_txt.c b/crypto/kerberosIV/lib/krb/krb_err_txt.c new file mode 100644 index 0000000..161aa0f --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb_err_txt.c @@ -0,0 +1,299 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: krb_err_txt.c,v 1.12 1997/04/02 05:37:10 joda Exp $"); + +/* + * This file contains an array of error text strings. + * The associated error codes (which are defined in "krb.h") + * follow the string in the comments at the end of each line. + */ + +const char *krb_err_txt[256] = { + "OK", /* 000 */ + "Principal expired (kerberos)", /* 001 */ + "Service expired (kerberos)", /* 002 */ + "Authentication expired (kerberos)", /* 003 */ + "Unknown protocol version number (kerberos)", /* 004 */ + "Principal: Incorrect master key version (kerberos)", /* 005 */ + "Service: Incorrect master key version (kerberos)", /* 006 */ + "Bad byte order (kerberos)", /* 007 */ + "Principal unknown (kerberos)", /* 008 */ + "Principal not unique (kerberos)", /* 009 */ + "Principal has null key (kerberos)", /* 010 */ + "Timeout in request (kerberos)", /* 011 */ + "Reserved error message 12 (kerberos)", /* 012 */ + "Reserved error message 13 (kerberos)", /* 013 */ + "Reserved error message 14 (kerberos)", /* 014 */ + "Reserved error message 15 (kerberos)", /* 015 */ + "Reserved error message 16 (kerberos)", /* 016 */ + "Reserved error message 17 (kerberos)", /* 017 */ + "Reserved error message 18 (kerberos)", /* 018 */ + "Reserved error message 19 (kerberos)", /* 019 */ + "Permission Denied (kerberos)", /* 020 */ + "Can't read ticket file (krb_get_cred)", /* 021 */ + "Can't find ticket (krb_get_cred)", /* 022 */ + "Reserved error message 23 (krb_get_cred)", /* 023 */ + "Reserved error message 24 (krb_get_cred)", /* 024 */ + "Reserved error message 25 (krb_get_cred)", /* 025 */ + "Ticket granting ticket expired (krb_mk_req)", /* 026 */ + "Reserved error message 27 (krb_mk_req)", /* 027 */ + "Reserved error message 28 (krb_mk_req)", /* 028 */ + "Reserved error message 29 (krb_mk_req)", /* 029 */ + "Reserved error message 30 (krb_mk_req)", /* 030 */ + "Can't decode authenticator (krb_rd_req)", /* 031 */ + "Ticket expired (krb_rd_req)", /* 032 */ + "Ticket issue date too far in the future (krb_rd_req)",/* 033 */ + "Repeat request (krb_rd_req)", /* 034 */ + "Ticket for wrong server (krb_rd_req)", /* 035 */ + "Request inconsistent (krb_rd_req)", /* 036 */ + "Time is out of bounds (krb_rd_req)", /* 037 */ + "Incorrect network address (krb_rd_req)", /* 038 */ + "Protocol version mismatch (krb_rd_req)", /* 039 */ + "Illegal message type (krb_rd_req)", /* 040 */ + "Message integrity error (krb_rd_req)", /* 041 */ + "Message duplicate or out of order (krb_rd_req)", /* 042 */ + "Unauthorized request (krb_rd_req)", /* 043 */ + "Reserved error message 44 (krb_rd_req)", /* 044 */ + "Reserved error message 45 (krb_rd_req)", /* 045 */ + "Reserved error message 46 (krb_rd_req)", /* 046 */ + "Reserved error message 47 (krb_rd_req)", /* 047 */ + "Reserved error message 48 (krb_rd_req)", /* 048 */ + "Reserved error message 49 (krb_rd_req)", /* 049 */ + "Reserved error message 50 (krb_rd_req)", /* 050 */ + "Current password is NULL (get_pw_tkt)", /* 051 */ + "Current password incorrect (get_pw_tkt)", /* 052 */ + "Protocol error (gt_pw_tkt)", /* 053 */ + "Error returned by KDC (gt_pw_tkt)", /* 054 */ + "Null ticket returned by KDC (gt_pw_tkt)", /* 055 */ + "Retry count exceeded (send_to_kdc)", /* 056 */ + "Can't send request (send_to_kdc)", /* 057 */ + "Reserved error message 58 (send_to_kdc)", /* 058 */ + "Reserved error message 59 (send_to_kdc)", /* 059 */ + "Reserved error message 60 (send_to_kdc)", /* 060 */ + "Warning: Not ALL tickets returned", /* 061 */ + "Password incorrect", /* 062 */ + "Protocol error (get_in_tkt)", /* 063 */ + "Reserved error message 64 (get_in_tkt)", /* 064 */ + "Reserved error message 65 (get_in_tkt)", /* 065 */ + "Reserved error message 66 (get_in_tkt)", /* 066 */ + "Reserved error message 67 (get_in_tkt)", /* 067 */ + "Reserved error message 68 (get_in_tkt)", /* 068 */ + "Reserved error message 69 (get_in_tkt)", /* 069 */ + "Generic error (get_in_tkt)(can't write ticket file)", /* 070 */ + "Don't have ticket granting ticket (get_ad_tkt)", /* 071 */ + "Can't get inter-realm ticket granting ticket (get_ad_tkt)", /* 072 */ + "Reserved error message 73 (get_ad_tkt)", /* 073 */ + "Reserved error message 74 (get_ad_tkt)", /* 074 */ + "Reserved error message 75 (get_ad_tkt)", /* 075 */ + "No ticket file (tf_util)", /* 076 */ + "Can't access ticket file (tf_util)", /* 077 */ + "Can't lock ticket file; try later (tf_util)", /* 078 */ + "Bad ticket file format (tf_util)", /* 079 */ + "Read ticket file before tf_init (tf_util)", /* 080 */ + "Bad Kerberos name format (kname_parse)", /* 081 */ + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "Generic kerberos error (kfailure)", /* 255 */ +}; + +static const char err_failure[] = "Illegal error code passed (krb_get_err_text)"; + +const char * +krb_get_err_text(int code) +{ + if(code < 0 || code >= MAX_KRB_ERRORS) + return err_failure; + return krb_err_txt[code]; +} diff --git a/crypto/kerberosIV/lib/krb/krb_get_in_tkt.c b/crypto/kerberosIV/lib/krb/krb_get_in_tkt.c new file mode 100644 index 0000000..d3e6cc1 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb_get_in_tkt.c @@ -0,0 +1,175 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: krb_get_in_tkt.c,v 1.20 1997/04/01 08:18:34 joda Exp $"); + +/* + * decrypt_tkt(): Given user, instance, realm, passwd, key_proc + * and the cipher text sent from the KDC, decrypt the cipher text + * using the key returned by key_proc. + */ + +static int +decrypt_tkt(char *user, char *instance, char *realm, + void *arg, key_proc_t key_proc, KTEXT *cip) +{ + des_cblock key; /* Key for decrypting cipher */ + int ret; + + ret = key_proc(user, instance, realm, arg, &key); + if (ret != 0) + return ret; + + encrypt_ktext(*cip, &key, DES_DECRYPT); + + memset(&key, 0, sizeof(key)); + return 0; +} + +/* + * krb_get_in_tkt() gets a ticket for a given principal to use a given + * service and stores the returned ticket and session key for future + * use. + * + * The "user", "instance", and "realm" arguments give the identity of + * the client who will use the ticket. The "service" and "sinstance" + * arguments give the identity of the server that the client wishes + * to use. (The realm of the server is the same as the Kerberos server + * to whom the request is sent.) The "life" argument indicates the + * desired lifetime of the ticket; the "key_proc" argument is a pointer + * to the routine used for getting the client's private key to decrypt + * the reply from Kerberos. The "decrypt_proc" argument is a pointer + * to the routine used to decrypt the reply from Kerberos; and "arg" + * is an argument to be passed on to the "key_proc" routine. + * + * If all goes well, krb_get_in_tkt() returns INTK_OK, otherwise it + * returns an error code: If an AUTH_MSG_ERR_REPLY packet is returned + * by Kerberos, then the error code it contains is returned. Other + * error codes returned by this routine include INTK_PROT to indicate + * wrong protocol version, INTK_BADPW to indicate bad password (if + * decrypted ticket didn't make sense), INTK_ERR if the ticket was for + * the wrong server or the ticket store couldn't be initialized. + * + * The format of the message sent to Kerberos is as follows: + * + * Size Variable Field + * ---- -------- ----- + * + * 1 byte KRB_PROT_VERSION protocol version number + * 1 byte AUTH_MSG_KDC_REQUEST | message type + * HOST_BYTE_ORDER local byte order in lsb + * string user client's name + * string instance client's instance + * string realm client's realm + * 4 bytes tlocal.tv_sec timestamp in seconds + * 1 byte life desired lifetime + * string service service's name + * string sinstance service's instance + */ + +int +krb_get_in_tkt(char *user, char *instance, char *realm, + char *service, char *sinstance, int life, + key_proc_t key_proc, decrypt_proc_t decrypt_proc, void *arg) +{ + KTEXT_ST pkt_st; + KTEXT pkt = &pkt_st; /* Packet to KDC */ + KTEXT_ST rpkt_st; + KTEXT rpkt = &rpkt_st; /* Returned packet */ + + int kerror; + struct timeval tv; + + /* BUILD REQUEST PACKET */ + + unsigned char *p = pkt->dat; + + p += krb_put_int(KRB_PROT_VERSION, p, 1); + p += krb_put_int(AUTH_MSG_KDC_REQUEST, p, 1); + + p += krb_put_nir(user, instance, realm, p); + + gettimeofday(&tv, NULL); + p += krb_put_int(tv.tv_sec, p, 4); + p += krb_put_int(life, p, 1); + + p += krb_put_nir(service, sinstance, NULL, p); + + pkt->length = p - pkt->dat; + + rpkt->length = 0; + + /* SEND THE REQUEST AND RECEIVE THE RETURN PACKET */ + + if ((kerror = send_to_kdc(pkt, rpkt, realm))) return(kerror); + + p = rpkt->dat; + + { + CREDENTIALS cred; + KTEXT_ST cip; + KTEXT foo = &cip; /* braindamage */ + + kerror = kdc_reply_cipher(rpkt, &cip); + if(kerror != KSUCCESS) + return kerror; + + if (decrypt_proc == NULL) + decrypt_proc = decrypt_tkt; + (*decrypt_proc)(user, instance, realm, arg, key_proc, &foo); + + kerror = kdc_reply_cred(&cip, &cred); + if(kerror != KSUCCESS) + return kerror; + + if (strcmp(cred.service, service) || + strcmp(cred.instance, sinstance) || + strcmp(cred.realm, realm)) /* not what we asked for */ + return INTK_ERR; /* we need a better code here XXX */ + + if (abs((int)(tv.tv_sec - cred.issue_date)) > CLOCK_SKEW) { + return RD_AP_TIME; /* XXX should probably be better code */ + } + + /* initialize ticket cache */ + + return tf_setup(&cred, user, instance); + } +} diff --git a/crypto/kerberosIV/lib/krb/krb_locl.h b/crypto/kerberosIV/lib/krb/krb_locl.h new file mode 100644 index 0000000..4475883 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb_locl.h @@ -0,0 +1,163 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: krb_locl.h,v 1.42 1997/05/20 18:40:45 bg Exp $ */ + +#ifndef __krb_locl_h +#define __krb_locl_h + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include "protos.h" + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <ctype.h> +#include <assert.h> +#include <stdarg.h> + +#include <errno.h> + +#ifdef HAVE_PWD_H +#include <pwd.h> +#endif +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif + +#ifdef HAVE_IO_H +#include <io.h> +#endif + +#ifdef TIME_WITH_SYS_TIME +#include <sys/time.h> +#include <time.h> +#elif defined(HAVE_SYS_TIME_H) +#include <sys/time.h> +#else +#include <time.h> +#endif + +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif +#ifdef HAVE_FCNTL_H +#include <fcntl.h> +#endif +#ifdef HAVE_SYS_FILE_H +#include <sys/file.h> +#endif +#ifdef HAVE_SYS_SELECT_H +#include <sys/select.h> +#endif + +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif + +#ifdef HAVE_WINSOCK_H +#include <winsock.h> +#endif + +#ifdef HAVE_ARPA_INET_H +#include <arpa/inet.h> +#endif +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif + +#ifdef HAVE_ARPA_NAMESER_H +#include <arpa/nameser.h> +#endif +#ifdef HAVE_RESOLV_H +#include <resolv.h> +#endif + +#ifdef SOCKS +#include <socks.h> +#endif + +#include <roken.h> + +#include <krb.h> +#include <prot.h> + +#include "resolve.h" + +/* --- */ + +/* Globals! */ +extern int krb_debug; +extern int krb_ap_req_debug; + +/* Utils */ +int krb_name_to_name(const char *, char *, size_t); + +void encrypt_ktext(KTEXT cip, des_cblock *key, int encrypt); +int kdc_reply_cred(KTEXT cip, CREDENTIALS *cred); +int kdc_reply_cipher(KTEXT reply, KTEXT cip); + +#ifndef HAVE_GETTIMEOFDAY +int gettimeofday (struct timeval *, void *); +#endif + +void k_ricercar(char*); + +/* safe multiple strcat */ +int k_concat(char*, size_t, ...); +int k_vconcat(char*, size_t, va_list); + +/* mallocing versions of the above */ +size_t k_vmconcat (char**, size_t, va_list); +size_t k_mconcat (char**, size_t, ...); + +/* used in rd_safe.c and mk_safe.c */ + +void fixup_quad_cksum(void *start, size_t len, des_cblock *key, + void *new_checksum, void *old_checksum, int little); + +#endif /* __krb_locl_h */ diff --git a/crypto/kerberosIV/lib/krb/kuserok.c b/crypto/kerberosIV/lib/krb/kuserok.c new file mode 100644 index 0000000..e3d5e6b --- /dev/null +++ b/crypto/kerberosIV/lib/krb/kuserok.c @@ -0,0 +1,156 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: kuserok.c,v 1.21 1997/04/01 08:18:35 joda Exp $"); + +#define OK 0 +#define NOTOK 1 +#define MAX_USERNAME 10 + +/* + * Given a Kerberos principal and a local username, determine whether + * user is authorized to login according to the authorization file + * ("~luser/.klogin" by default). Returns OK if authorized, NOTOK if + * not authorized. + * + * IMPORTANT CHANGE: To eliminate the need of making a distinction + * between the 3 cases: + * + * 1. We can't verify that a .klogin file doesn't exist (no home dir). + * 2. It's there but we aren't allowed to read it. + * 3. We can read it and ~luser@LOCALREALM is (not) included. + * + * We instead make the assumption that luser@LOCALREALM is *always* + * included. Thus it is impossible to have an empty .klogin file and + * also to exclude luser@LOCALREALM from it. Root is treated differently + * since it's home should always be available. + * + * OLD STRATEGY: + * If there is no account for "luser" on the local machine, returns + * NOTOK. If there is no authorization file, and the given Kerberos + * name "kdata" translates to the same name as "luser" (using + * krb_kntoln()), returns OK. Otherwise, if the authorization file + * can't be accessed, returns NOTOK. Otherwise, the file is read for + * a matching principal name, instance, and realm. If one is found, + * returns OK, if none is found, returns NOTOK. + * + * The file entries are in the format: + * + * name.instance@realm + * + * one entry per line. + * + */ + +int +krb_kuserok(char *name, char *instance, char *realm, char *luser) +{ + struct passwd *pwd; + char lrealm[REALM_SZ]; + FILE *f; + char line[1024]; + char file[MaxPathLen]; + struct stat st; + + pwd = getpwnam(luser); + if(pwd == NULL) + return NOTOK; + if(krb_get_lrealm(lrealm, 1)) + return NOTOK; + if(pwd->pw_uid != 0 && + strcmp(name, luser) == 0 && + strcmp(instance, "") == 0 && + strcmp(realm, lrealm) == 0) + return OK; + strcpy(file, pwd->pw_dir); + strcat(file, "/.klogin"); + + f = fopen(file, "r"); + if(f == NULL) + return NOTOK; + + /* this is not a working test in filesystems like AFS and DFS */ + if(fstat(fileno(f), &st) < 0){ + fclose(f); + return NOTOK; + } + + if(st.st_uid != pwd->pw_uid){ + fclose(f); + return NOTOK; + } + + while(fgets(line, sizeof(line), f)){ + char fname[ANAME_SZ], finst[INST_SZ], frealm[REALM_SZ]; + if(line[strlen(line) - 1] != '\n') + /* read till end of line */ + while(1){ + int c = fgetc(f); + if(c == '\n' || c == EOF) + break; + } + else + line[strlen(line) - 1] = 0; + + if(kname_parse(fname, finst, frealm, line)) + continue; + if(strcmp(name, fname)) + continue; + if(strcmp(instance, finst)) + continue; + if(frealm[0] == 0) + strcpy(frealm, lrealm); + if(strcmp(realm, frealm)) + continue; + fclose(f); + return OK; + } + fclose(f); + return NOTOK; +} + +/* compatibility interface */ + +int +kuserok(AUTH_DAT *auth, char *luser) +{ + return krb_kuserok(auth->pname, auth->pinst, auth->prealm, luser); +} + diff --git a/crypto/kerberosIV/lib/krb/lifetime.c b/crypto/kerberosIV/lib/krb/lifetime.c new file mode 100644 index 0000000..1866996 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/lifetime.c @@ -0,0 +1,213 @@ +/* + * Ticket lifetime. This defines the table used to lookup lifetime + * for the fixed part of rande of the one byte lifetime field. Values + * less than 0x80 are intrpreted as the number of 5 minute intervals. + * Values from 0x80 to 0xBF should be looked up in this table. The + * value of 0x80 is the same using both methods: 10 and two-thirds + * hours . The lifetime of 0xBF is 30 days. The intervening values + * of have a fixed ratio of roughly 1.06914. The value 0xFF is + * defined to mean a ticket has no expiration time. This should be + * used advisedly since individual servers may impose defacto + * upperbounds on ticket lifetimes. + */ + +#include "krb_locl.h" + +RCSID("$Id: lifetime.c,v 1.9 1997/05/02 14:29:18 assar Exp $"); + +/* If you want to disable this feature */ +int krb_no_long_lifetimes = 0; + +#define TKTLIFENUMFIXED 64 +#define TKTLIFEMINFIXED 0x80 +#define TKTLIFEMAXFIXED 0xBF +#define TKTLIFENOEXPIRE 0xFF +#define MAXTKTLIFETIME (30*24*3600) /* 30 days */ +#ifndef NEVERDATE +#define NEVERDATE ((unsigned long)0x7fffffffL) +#endif + +static const int tkt_lifetimes[TKTLIFENUMFIXED] = { + 38400, /* 10.67 hours, 0.44 days */ + 41055, /* 11.40 hours, 0.48 days */ + 43894, /* 12.19 hours, 0.51 days */ + 46929, /* 13.04 hours, 0.54 days */ + 50174, /* 13.94 hours, 0.58 days */ + 53643, /* 14.90 hours, 0.62 days */ + 57352, /* 15.93 hours, 0.66 days */ + 61318, /* 17.03 hours, 0.71 days */ + 65558, /* 18.21 hours, 0.76 days */ + 70091, /* 19.47 hours, 0.81 days */ + 74937, /* 20.82 hours, 0.87 days */ + 80119, /* 22.26 hours, 0.93 days */ + 85658, /* 23.79 hours, 0.99 days */ + 91581, /* 25.44 hours, 1.06 days */ + 97914, /* 27.20 hours, 1.13 days */ + 104684, /* 29.08 hours, 1.21 days */ + 111922, /* 31.09 hours, 1.30 days */ + 119661, /* 33.24 hours, 1.38 days */ + 127935, /* 35.54 hours, 1.48 days */ + 136781, /* 37.99 hours, 1.58 days */ + 146239, /* 40.62 hours, 1.69 days */ + 156350, /* 43.43 hours, 1.81 days */ + 167161, /* 46.43 hours, 1.93 days */ + 178720, /* 49.64 hours, 2.07 days */ + 191077, /* 53.08 hours, 2.21 days */ + 204289, /* 56.75 hours, 2.36 days */ + 218415, /* 60.67 hours, 2.53 days */ + 233517, /* 64.87 hours, 2.70 days */ + 249664, /* 69.35 hours, 2.89 days */ + 266926, /* 74.15 hours, 3.09 days */ + 285383, /* 79.27 hours, 3.30 days */ + 305116, /* 84.75 hours, 3.53 days */ + 326213, /* 90.61 hours, 3.78 days */ + 348769, /* 96.88 hours, 4.04 days */ + 372885, /* 103.58 hours, 4.32 days */ + 398668, /* 110.74 hours, 4.61 days */ + 426234, /* 118.40 hours, 4.93 days */ + 455705, /* 126.58 hours, 5.27 days */ + 487215, /* 135.34 hours, 5.64 days */ + 520904, /* 144.70 hours, 6.03 days */ + 556921, /* 154.70 hours, 6.45 days */ + 595430, /* 165.40 hours, 6.89 days */ + 636601, /* 176.83 hours, 7.37 days */ + 680618, /* 189.06 hours, 7.88 days */ + 727680, /* 202.13 hours, 8.42 days */ + 777995, /* 216.11 hours, 9.00 days */ + 831789, /* 231.05 hours, 9.63 days */ + 889303, /* 247.03 hours, 10.29 days */ + 950794, /* 264.11 hours, 11.00 days */ + 1016537, /* 282.37 hours, 11.77 days */ + 1086825, /* 301.90 hours, 12.58 days */ + 1161973, /* 322.77 hours, 13.45 days */ + 1242318, /* 345.09 hours, 14.38 days */ + 1328218, /* 368.95 hours, 15.37 days */ + 1420057, /* 394.46 hours, 16.44 days */ + 1518247, /* 421.74 hours, 17.57 days */ + 1623226, /* 450.90 hours, 18.79 days */ + 1735464, /* 482.07 hours, 20.09 days */ + 1855462, /* 515.41 hours, 21.48 days */ + 1983758, /* 551.04 hours, 22.96 days */ + 2120925, /* 589.15 hours, 24.55 days */ + 2267576, /* 629.88 hours, 26.25 days */ + 2424367, /* 673.44 hours, 28.06 days */ + 2592000}; /* 720.00 hours, 30.00 days */ + +/* + * krb_life_to_time - takes a start time and a Kerberos standard + * lifetime char and returns the corresponding end time. There are + * four simple cases to be handled. The first is a life of 0xff, + * meaning no expiration, and results in an end time of 0xffffffff. + * The second is when life is less than the values covered by the + * table. In this case, the end time is the start time plus the + * number of 5 minute intervals specified by life. The third case + * returns start plus the MAXTKTLIFETIME if life is greater than + * TKTLIFEMAXFIXED. The last case, uses the life value (minus + * TKTLIFEMINFIXED) as an index into the table to extract the lifetime + * in seconds, which is added to start to produce the end time. + */ +u_int32_t +krb_life_to_time(u_int32_t start, int life_) +{ + unsigned char life = (unsigned char) life_; + + if (krb_no_long_lifetimes) return start + life*5*60; + + if (life == TKTLIFENOEXPIRE) return NEVERDATE; + if (life < TKTLIFEMINFIXED) return start + life*5*60; + if (life > TKTLIFEMAXFIXED) return start + MAXTKTLIFETIME; + return start + tkt_lifetimes[life - TKTLIFEMINFIXED]; +} + +/* + * krb_time_to_life - takes start and end times for the ticket and + * returns a Kerberos standard lifetime char, possibily using the + * tkt_lifetimes table for lifetimes above 127*5 minutes. First, the + * special case of (end == NEVERDATE) is handled to mean no + * expiration. Then negative lifetimes and those greater than the + * maximum ticket lifetime are rejected. Then lifetimes less than the + * first table entry are handled by rounding the requested lifetime + * *up* to the next 5 minute interval. The final step is to search + * the table for the smallest entry *greater than or equal* to the + * requested entry. + */ +int krb_time_to_life(u_int32_t start, u_int32_t end) +{ + int i; + long lifetime = end - start; + + if (krb_no_long_lifetimes) return (lifetime + 5*60 - 1)/(5*60); + + if (end >= NEVERDATE) return TKTLIFENOEXPIRE; + if (lifetime > MAXTKTLIFETIME || lifetime <= 0) return 0; + if (lifetime < tkt_lifetimes[0]) return (lifetime + 5*60 - 1)/(5*60); + for (i=0; i<TKTLIFENUMFIXED; i++) { + if (lifetime <= tkt_lifetimes[i]) { + return i+TKTLIFEMINFIXED; + } + } + return 0; +} + +char * +krb_life_to_atime(int life) +{ + static char atime[11+1+2+1+2+1+2+1]; + unsigned long when; + int secs, mins, hours; + + if (life == TKTLIFENOEXPIRE && !krb_no_long_lifetimes) + return("Forever"); + when = krb_life_to_time(0, life); + secs = when%60; + when /= 60; + mins = when%60; + when /= 60; + hours = when%24; + when /= 24; + snprintf(atime, sizeof(atime), "%d+%02d:%02d:%02d", (int)when, hours, mins, secs); + return(atime); +} + +int +krb_atime_to_life(char *atime) +{ + unsigned long when = 0; + char *cp; + int colon = 0, plus = 0; + int n = 0; + + if (strcasecmp(atime, "forever") == 0) + return(TKTLIFENOEXPIRE); + + for (cp=atime; *cp; cp++) { + switch(*cp) { + case '0': case '1': case '2': case '3': case '4': + case '5': case '6': case '7': case '8': case '9': + n = n*10 + *cp-'0'; + break; + case '+': + plus++; + when += n; + when *= 24; + n = 0; + break; + case ':': + colon++; + when += n; + when *= 60; + n = 0; + break; + default: + break; + } + } + when += n; + if (plus == 0 && colon == 0) + return((unsigned char)when); + while (colon < 2) { + when *= 60; + colon++; + } + return(krb_time_to_life(0,when)); +} diff --git a/crypto/kerberosIV/lib/krb/logging.c b/crypto/kerberosIV/lib/krb/logging.c new file mode 100644 index 0000000..15e5bde --- /dev/null +++ b/crypto/kerberosIV/lib/krb/logging.c @@ -0,0 +1,240 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" +#include <klog.h> + +RCSID("$Id: logging.c,v 1.14 1997/05/11 09:01:40 assar Exp $"); + +struct krb_log_facility { + char filename[MaxPathLen]; + FILE *file; + krb_log_func_t func; +}; + +int +krb_vlogger(struct krb_log_facility *f, const char *format, va_list args) +{ + FILE *file = NULL; + int ret; + + if (f->file != NULL) + file = f->file; + else if (f->filename && f->filename[0]) + file = fopen(f->filename, "a"); + + ret = f->func(file, format, args); + + if (file != f->file) + fclose(file); + return ret; +} + +int +krb_logger(struct krb_log_facility *f, const char *format, ...) +{ + va_list args; + int ret; + va_start(args, format); + ret = krb_vlogger(f, format, args); + va_end(args); + return ret; +} + +/* + * If FILE * is given log to it, otherwise, log to filename. When + * given a file name the file is opened and closed for each log + * record. + */ +int +krb_openlog(struct krb_log_facility *f, + char *filename, + FILE *file, + krb_log_func_t func) +{ + strcpy(f->filename, filename); + f->file = file; + f->func = func; + return KSUCCESS; +} + +/* ------------------------------------------------------------ + Compatibility functions from warning.c + ------------------------------------------------------------ */ + +static int +log_tty(FILE *f, const char *format, va_list args) +{ + if (f != NULL && isatty(fileno(f))) + vfprintf(f, format, args); + return KSUCCESS; +} + +/* stderr */ +static struct krb_log_facility std_log = { "/dev/tty", NULL, log_tty }; + +static void +init_std_log () +{ + static int done = 0; + + if (!done) { + std_log.file = stderr; + done = 1; + } +} + +/* + * + */ +void +krb_set_warnfn (krb_warnfn_t newfunc) +{ + init_std_log (); + std_log.func = newfunc; +} + +/* + * + */ +krb_warnfn_t +krb_get_warnfn (void) +{ + init_std_log (); + return std_log.func; +} + +/* + * Log warnings to stderr if it's a tty. + */ +void +krb_warning (const char *format, ...) +{ + va_list args; + + init_std_log (); + va_start(args, format); + krb_vlogger(&std_log, format, args); + va_end(args); +} + +/* ------------------------------------------------------------ + Compatibility functions from klog.c and log.c + ------------------------------------------------------------ */ + +/* + * Used by kerberos and kadmind daemons and in libkrb (rd_req.c). + * + * By default they log to the kerberos server log-file (KRBLOG) to be + * backwards compatible. + */ + +static int +log_with_timestamp_and_nl(FILE *file, const char *format, va_list args) +{ + time_t now; + if(file == NULL) + return KFAILURE; + time(&now); + fputs(krb_stime(&now), file); + fputs(": ", file); + vfprintf(file, format, args); + fputs("\n", file); + fflush(file); + return KSUCCESS; +} + +static struct krb_log_facility +file_log = { KRBLOG, NULL, log_with_timestamp_and_nl }; + +/* + * kset_logfile() changes the name of the file to which + * messages are logged. If kset_logfile() is not called, + * the logfile defaults to KRBLOG, defined in "krb.h". + */ + +void +kset_logfile(char *filename) +{ + krb_openlog(&file_log, filename, NULL, log_with_timestamp_and_nl); +} + +/* + * krb_log() and klog() is used to add entries to the logfile. + * + * The log entry consists of a timestamp and the given arguments + * printed according to the given "format" string. + * + * The log file is opened and closed for each log entry. + * + * If the given log type "type" is unknown, or if the log file + * cannot be opened, no entry is made to the log file. + * + * CHANGE: the type is always ignored + * + * The return value of klog() is always a pointer to the formatted log + * text string "logtxt". + */ + +/* Used in kerberos.c only. */ +char * +klog(int type, const char *format, ...) +{ + static char logtxt[1024]; + + va_list ap; + + va_start(ap, format); + vsnprintf(logtxt, sizeof(logtxt), format, ap); + va_end(ap); + + krb_logger(&file_log, "%s", logtxt); + + return logtxt; +} + +/* Used in kadmind and rd_req.c */ +void +krb_log(const char *format, ...) +{ + va_list args; + + va_start(args, format); + krb_vlogger(&file_log, format, args); + va_end(args); +} diff --git a/crypto/kerberosIV/lib/krb/lsb_addr_comp.c b/crypto/kerberosIV/lib/krb/lsb_addr_comp.c new file mode 100644 index 0000000..bc3c484 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/lsb_addr_comp.c @@ -0,0 +1,105 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: lsb_addr_comp.c,v 1.9 1997/04/01 08:18:37 joda Exp $"); + +#include "lsb_addr_comp.h" + +int +krb_lsb_antinet_ulong_cmp(u_int32_t x, u_int32_t y) +{ + int i; + u_int32_t a = 0, b = 0; + u_int8_t *p = (u_int8_t*) &x; + u_int8_t *q = (u_int8_t*) &y; + + for(i = sizeof(u_int32_t) - 1; i >= 0; i--){ + a = (a << 8) | p[i]; + b = (b << 8) | q[i]; + } + if(a > b) + return 1; + if(a < b) + return -1; + return 0; +} + +int +krb_lsb_antinet_ushort_cmp(u_int16_t x, u_int16_t y) +{ + int i; + u_int16_t a = 0, b = 0; + u_int8_t *p = (u_int8_t*) &x; + u_int8_t *q = (u_int8_t*) &y; + + for(i = sizeof(u_int16_t) - 1; i >= 0; i--){ + a = (a << 8) | p[i]; + b = (b << 8) | q[i]; + } + if(a > b) + return 1; + if(a < b) + return -1; + return 0; +} + +u_int32_t +lsb_time(time_t t, struct sockaddr_in *src, struct sockaddr_in *dst) +{ + /* + * direction bit is the sign bit of the timestamp. Ok until + * 2038?? + */ + /* For compatibility with broken old code, compares are done in VAX + byte order (LSBFIRST) */ + if (krb_lsb_antinet_ulong_less(src->sin_addr.s_addr, /* src < recv */ + dst->sin_addr.s_addr) < 0) + t = -t; + else if (krb_lsb_antinet_ulong_less(src->sin_addr.s_addr, + dst->sin_addr.s_addr)==0) + if (krb_lsb_antinet_ushort_less(src->sin_port, dst->sin_port) < 0) + t = -t; + /* + * all that for one tiny bit! Heaven help those that talk to + * themselves. + */ + t = t & 0xffffffff; + return t; +} diff --git a/crypto/kerberosIV/lib/krb/lsb_addr_comp.h b/crypto/kerberosIV/lib/krb/lsb_addr_comp.h new file mode 100644 index 0000000..21adf06 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/lsb_addr_comp.h @@ -0,0 +1,26 @@ +/* + * $Id: lsb_addr_comp.h,v 1.6 1996/10/05 00:18:02 joda Exp $ + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * Comparison macros to emulate LSBFIRST comparison results of network + * byte-order quantities + */ + +#ifndef LSB_ADDR_COMP_DEFS +#define LSB_ADDR_COMP_DEFS + +/* Compare x and y in VAX byte order, result is -1, 0 or 1. */ + +#define krb_lsb_antinet_ulong_less(x, y) (((x) == (y)) ? 0 : krb_lsb_antinet_ulong_cmp(x, y)) + +#define krb_lsb_antinet_ushort_less(x, y) (((x) == (y)) ? 0 : krb_lsb_antinet_ushort_cmp(x, y)) + +int krb_lsb_antinet_ulong_cmp(u_int32_t x, u_int32_t y); +int krb_lsb_antinet_ushort_cmp(u_int16_t x, u_int16_t y); +u_int32_t lsb_time(time_t t, struct sockaddr_in *src, struct sockaddr_in *dst); + +#endif /* LSB_ADDR_COMP_DEFS */ diff --git a/crypto/kerberosIV/lib/krb/mk_auth.c b/crypto/kerberosIV/lib/krb/mk_auth.c new file mode 100644 index 0000000..7cfb36b --- /dev/null +++ b/crypto/kerberosIV/lib/krb/mk_auth.c @@ -0,0 +1,96 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: mk_auth.c,v 1.4 1997/04/01 08:18:35 joda Exp $"); + +/* + * Generate an authenticator for service.instance@realm. + * instance is canonicalized by `krb_get_phost' + * realm is set to the local realm if realm == NULL + * The ticket acquired by `krb_mk_req' is returned in `ticket' and the + * authenticator in `buf'. + * Options control the behaviour (see krb_sendauth). + */ + +int +krb_mk_auth(int32_t options, + KTEXT ticket, + char *service, + char *instance, + char *realm, + u_int32_t checksum, + char *version, + KTEXT buf) +{ + char realinst[INST_SZ]; + char realrealm[REALM_SZ]; + int ret; + unsigned char *p; + + if (options & KOPT_DONT_CANON) + strncpy(realinst, instance, sizeof(realinst)); + else + strncpy(realinst, krb_get_phost (instance), sizeof(realinst)); + + if (realm == NULL) { + ret = krb_get_lrealm (realrealm, 1); + if (ret != KSUCCESS) + return ret; + realm = realrealm; + } + + if(!(options & KOPT_DONT_MK_REQ)) { + ret = krb_mk_req (ticket, service, realinst, realm, checksum); + if (ret != KSUCCESS) + return ret; + } + + p = buf->dat; + + memcpy (p, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN); + p += KRB_SENDAUTH_VLEN; + memcpy (p, version, KRB_SENDAUTH_VLEN); + p += KRB_SENDAUTH_VLEN; + p += krb_put_int(ticket->length, p, 4); + memcpy(p, ticket->dat, ticket->length); + p += ticket->length; + buf->length = p - buf->dat; + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/mk_err.c b/crypto/kerberosIV/lib/krb/mk_err.c new file mode 100644 index 0000000..710587a --- /dev/null +++ b/crypto/kerberosIV/lib/krb/mk_err.c @@ -0,0 +1,56 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: mk_err.c,v 1.6 1997/03/23 03:53:14 joda Exp $"); + +/* + * This routine creates a general purpose error reply message. It + * doesn't use KTEXT because application protocol may have long + * messages, and may want this part of buffer contiguous to other + * stuff. + * + * The error reply is built in "p", using the error code "e" and + * error text "e_string" given. The length of the error reply is + * returned. + * + * The error reply is in the following format: + * + * unsigned char KRB_PROT_VERSION protocol version no. + * unsigned char AUTH_MSG_APPL_ERR message type + * (least significant + * bit of above) HOST_BYTE_ORDER local byte order + * 4 bytes e given error code + * string e_string given error text + */ + +int32_t +krb_mk_err(u_char *p, int32_t e, char *e_string) +{ + unsigned char *start = p; + p += krb_put_int(KRB_PROT_VERSION, p, 1); + p += krb_put_int(AUTH_MSG_APPL_ERR, p, 1); + + p += krb_put_int(e, p, 4); + p += krb_put_string(e_string, p); + return p - start; +} diff --git a/crypto/kerberosIV/lib/krb/mk_priv.c b/crypto/kerberosIV/lib/krb/mk_priv.c new file mode 100644 index 0000000..b6a9cc4 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/mk_priv.c @@ -0,0 +1,125 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: mk_priv.c,v 1.18 1997/04/01 08:18:37 joda Exp $"); + +/* application include files */ +#include "lsb_addr_comp.h" + +/* + * krb_mk_priv() constructs an AUTH_MSG_PRIVATE message. It takes + * some user data "in" of "length" bytes and creates a packet in "out" + * consisting of the user data, a timestamp, and the sender's network + * address. + * The packet is encrypted by pcbc_encrypt(), using the given + * "key" and "schedule". + * The length of the resulting packet "out" is + * returned. + * + * It is similar to krb_mk_safe() except for the additional key + * schedule argument "schedule" and the fact that the data is encrypted + * rather than appended with a checksum. The protocol version is + * KRB_PROT_VERSION, defined in "krb.h". + * + * The "out" packet consists of: + * + * Size Variable Field + * ---- -------- ----- + * + * 1 byte KRB_PROT_VERSION protocol version number + * 1 byte AUTH_MSG_PRIVATE | message type plus local + * HOST_BYTE_ORDER byte order in low bit + * + * 4 bytes c_length length of data + * we encrypt from here with pcbc_encrypt + * + * 4 bytes length length of user data + * length in user data + * 1 byte msg_time_5ms timestamp milliseconds + * 4 bytes sender->sin.addr.s_addr sender's IP address + * + * 4 bytes msg_time_sec or timestamp seconds with + * -msg_time_sec direction in sign bit + * + * 0<=n<=7 bytes pad to 8 byte multiple zeroes + */ + +int32_t +krb_mk_priv(void *in, void *out, u_int32_t length, + struct des_ks_struct *schedule, des_cblock *key, + struct sockaddr_in *sender, struct sockaddr_in *receiver) +{ + unsigned char *p = (unsigned char*)out; + unsigned char *cipher; + + struct timeval tv; + u_int32_t src_addr; + u_int32_t len; + + p += krb_put_int(KRB_PROT_VERSION, p, 1); + p += krb_put_int(AUTH_MSG_PRIVATE, p, 1); + + len = 4 + length + 1 + 4 + 4; + len = (len + 7) & ~7; + p += krb_put_int(len, p, 4); + + cipher = p; + + p += krb_put_int(length, p, 4); + + memcpy(p, in, length); + p += length; + + gettimeofday(&tv, NULL); + + *p++ =tv.tv_usec / 5000; + + src_addr = sender->sin_addr.s_addr; + p += krb_put_address(src_addr, p); + + p += krb_put_int(lsb_time(tv.tv_sec, sender, receiver), p, 4); + + memset(p, 0, 7); + + des_pcbc_encrypt((des_cblock *)cipher, (des_cblock *)cipher, + len, schedule, key, DES_ENCRYPT); + + return (cipher - (unsigned char*)out) + len; +} diff --git a/crypto/kerberosIV/lib/krb/mk_req.c b/crypto/kerberosIV/lib/krb/mk_req.c new file mode 100644 index 0000000..313ea04 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/mk_req.c @@ -0,0 +1,215 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: mk_req.c,v 1.17 1997/05/30 17:42:38 bg Exp $"); + +static int lifetime = 255; /* But no longer than TGT says. */ + + +static void +build_request(KTEXT req, char *name, char *inst, char *realm, + u_int32_t checksum) +{ + struct timeval tv; + unsigned char *p = req->dat; + + p += krb_put_nir(name, inst, realm, p); + + p += krb_put_int(checksum, p, 4); + + + /* Fill in the times on the request id */ + gettimeofday(&tv, NULL); + + *p++ = tv.tv_usec / 5000; /* 5ms */ + + p += krb_put_int(tv.tv_sec, p, 4); + + /* Fill to a multiple of 8 bytes for DES */ + req->length = ((p - req->dat + 7)/8) * 8; +} + + +/* + * krb_mk_req takes a text structure in which an authenticator is to + * be built, the name of a service, an instance, a realm, + * and a checksum. It then retrieves a ticket for + * the desired service and creates an authenticator in the text + * structure passed as the first argument. krb_mk_req returns + * KSUCCESS on success and a Kerberos error code on failure. + * + * The peer procedure on the other end is krb_rd_req. When making + * any changes to this routine it is important to make corresponding + * changes to krb_rd_req. + * + * The authenticator consists of the following: + * + * authent->dat + * + * unsigned char KRB_PROT_VERSION protocol version no. + * unsigned char AUTH_MSG_APPL_REQUEST message type + * (least significant + * bit of above) HOST_BYTE_ORDER local byte ordering + * unsigned char kvno from ticket server's key version + * string realm server's realm + * unsigned char tl ticket length + * unsigned char idl request id length + * text ticket->dat ticket for server + * text req_id->dat request id + * + * The ticket information is retrieved from the ticket cache or + * fetched from Kerberos. The request id (called the "authenticator" + * in the papers on Kerberos) contains the following: + * + * req_id->dat + * + * string cr.pname {name, instance, and + * string cr.pinst realm of principal + * string myrealm making this request} + * 4 bytes checksum checksum argument given + * unsigned char tv_local.tf_usec time (milliseconds) + * 4 bytes tv_local.tv_sec time (seconds) + * + * req_id->length = 3 strings + 3 terminating nulls + 5 bytes for time, + * all rounded up to multiple of 8. + */ + +int +krb_mk_req(KTEXT authent, char *service, char *instance, char *realm, + int32_t checksum) +{ + KTEXT_ST req_st; + KTEXT req_id = &req_st; + + CREDENTIALS cr; /* Credentials used by retr */ + KTEXT ticket = &(cr.ticket_st); /* Pointer to tkt_st */ + int retval; /* Returned by krb_get_cred */ + + char myrealm[REALM_SZ]; + + unsigned char *p = authent->dat; + + p += krb_put_int(KRB_PROT_VERSION, p, 1); + + p += krb_put_int(AUTH_MSG_APPL_REQUEST, p, 1); + + /* Get the ticket and move it into the authenticator */ + if (krb_ap_req_debug) + krb_warning("Realm: %s\n", realm); + + retval = krb_get_cred(service,instance,realm,&cr); + + if (retval == RET_NOTKT) { + retval = get_ad_tkt(service, instance, realm, lifetime); + if (retval == KSUCCESS) + retval = krb_get_cred(service, instance, realm, &cr); + } + + if (retval != KSUCCESS) + return retval; + + + /* + * With multi realm ticket files either find a matching TGT or + * else use the first TGT for inter-realm authentication. + * + * In myrealm hold the realm of the principal "owning" the + * corresponding ticket-granting-ticket. + */ + + retval = krb_get_cred(KRB_TICKET_GRANTING_TICKET, realm, realm, 0); + if (retval == KSUCCESS) + strncpy(myrealm, realm, REALM_SZ); + else + retval = krb_get_tf_realm(TKT_FILE, myrealm); + + if (retval != KSUCCESS) + return retval; + + if (krb_ap_req_debug) + krb_warning("serv=%s.%s@%s princ=%s.%s@%s\n", service, instance, realm, + cr.pname, cr.pinst, myrealm); + + p += krb_put_int(cr.kvno, p, 1); + + p += krb_put_string(realm, p); + + p += krb_put_int(ticket->length, p, 1); + + build_request(req_id, cr.pname, cr.pinst, myrealm, checksum); + + encrypt_ktext(req_id, &cr.session, DES_ENCRYPT); + + p += krb_put_int(req_id->length, p, 1); + + memcpy(p, ticket->dat, ticket->length); + + p += ticket->length; + + memcpy(p, req_id->dat, req_id->length); + + p += req_id->length; + + authent->length = p - authent->dat; + + memset(&cr, 0, sizeof(cr)); + memset(&req_st, 0, sizeof(req_st)); + + if (krb_ap_req_debug) + krb_warning("Authent->length = %d\n", authent->length); + + return KSUCCESS; +} + +/* + * krb_set_lifetime sets the default lifetime for additional tickets + * obtained via krb_mk_req(). + * + * It returns the previous value of the default lifetime. + */ + +int +krb_set_lifetime(int newval) +{ + int olife = lifetime; + + lifetime = newval; + return(olife); +} diff --git a/crypto/kerberosIV/lib/krb/mk_safe.c b/crypto/kerberosIV/lib/krb/mk_safe.c new file mode 100644 index 0000000..df5ca21 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/mk_safe.c @@ -0,0 +1,131 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: mk_safe.c,v 1.21 1997/04/19 23:18:03 joda Exp $"); + +/* application include files */ +#include "lsb_addr_comp.h" + + +/* from rd_safe.c */ +extern int dqc_type; +void fixup_quad_cksum(void*, size_t, des_cblock*, void*, void*, int); + +/* + * krb_mk_safe() constructs an AUTH_MSG_SAFE message. It takes some + * user data "in" of "length" bytes and creates a packet in "out" + * consisting of the user data, a timestamp, and the sender's network + * address, followed by a checksum computed on the above, using the + * given "key". The length of the resulting packet is returned. + * + * The "out" packet consists of: + * + * Size Variable Field + * ---- -------- ----- + * + * 1 byte KRB_PROT_VERSION protocol version number + * 1 byte AUTH_MSG_SAFE | message type plus local + * HOST_BYTE_ORDER byte order in low bit + * + * ===================== begin checksum ================================ + * + * 4 bytes length length of user data + * length in user data + * 1 byte msg_time_5ms timestamp milliseconds + * 4 bytes sender->sin.addr.s_addr sender's IP address + * + * 4 bytes msg_time_sec or timestamp seconds with + * -msg_time_sec direction in sign bit + * + * ======================= end checksum ================================ + * + * 16 bytes big_cksum quadratic checksum of + * above using "key" + */ + +int32_t +krb_mk_safe(void *in, void *out, u_int32_t length, des_cblock *key, + struct sockaddr_in *sender, struct sockaddr_in *receiver) +{ + unsigned char * p = (unsigned char*)out; + struct timeval tv; + unsigned char *start; + u_int32_t src_addr; + + p += krb_put_int(KRB_PROT_VERSION, p, 1); + p += krb_put_int(AUTH_MSG_SAFE, p, 1); + + start = p; + + p += krb_put_int(length, p, 4); + + memcpy(p, in, length); + p += length; + + gettimeofday(&tv, NULL); + + *p++ = tv.tv_usec/5000; /* 5ms */ + + src_addr = sender->sin_addr.s_addr; + p += krb_put_address(src_addr, p); + + p += krb_put_int(lsb_time(tv.tv_sec, sender, receiver), p, 4); + + { + /* We are faking big endian mode, so we need to fix the + * checksum (that is byte order dependent). We always send a + * checksum of the new type, unless we know that we are + * talking to an old client (this requires a call to + * krb_rd_safe first). + */ + unsigned char new_checksum[16]; + unsigned char old_checksum[16]; + fixup_quad_cksum(start, p - start, key, new_checksum, old_checksum, 0); + + if((dqc_type == DES_QUAD_GUESS && DES_QUAD_DEFAULT == DES_QUAD_OLD) || + dqc_type == DES_QUAD_OLD) + memcpy(p, old_checksum, 16); + else + memcpy(p, new_checksum, 16); + } + p += 16; + + return p - (unsigned char*)out; +} diff --git a/crypto/kerberosIV/lib/krb/month_sname.c b/crypto/kerberosIV/lib/krb/month_sname.c new file mode 100644 index 0000000..aaceee5 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/month_sname.c @@ -0,0 +1,39 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: month_sname.c,v 1.5 1997/03/23 03:53:14 joda Exp $"); + +/* + * Given an integer 1-12, month_sname() returns a string + * containing the first three letters of the corresponding + * month. Returns 0 if the argument is out of range. + */ + +const char *month_sname(int n) +{ + static const char *name[] = { + "Jan","Feb","Mar","Apr","May","Jun", + "Jul","Aug","Sep","Oct","Nov","Dec" + }; + return((n < 1 || n > 12) ? 0 : name [n-1]); +} diff --git a/crypto/kerberosIV/lib/krb/name2name.c b/crypto/kerberosIV/lib/krb/name2name.c new file mode 100644 index 0000000..fa95b89 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/name2name.c @@ -0,0 +1,102 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: name2name.c,v 1.15 1997/04/30 04:30:36 assar Exp $"); + +/* convert host to a more fully qualified domain name, returns 0 if + * phost is the same as host, 1 otherwise. phost should be + * phost_size bytes long. + */ + +int +krb_name_to_name(const char *host, char *phost, size_t phost_size) +{ + struct hostent *hp; + struct in_addr adr; + const char *tmp; + + adr.s_addr = inet_addr(host); + hp = gethostbyname(host); + if (hp == NULL && adr.s_addr != INADDR_NONE) + hp = gethostbyaddr((char *)&adr, sizeof(adr), AF_INET); + if (hp == NULL) + tmp = host; + else + tmp = hp->h_name; + strncpy (phost, tmp, phost_size); + phost[phost_size - 1] = '\0'; + + if (strcmp(phost, host) == 0) + return 0; + else + return 1; +} + +/* lowercase and truncate */ + +void +k_ricercar(char *name) +{ + char *p = name; + while(*p && *p != '.'){ + if(isupper(*p)) + *p = tolower(*p); + p++; + } + if(*p == '.') + *p = 0; +} + +/* + * This routine takes an alias for a host name and returns the first + * field, in lower case, of its domain name. + * + * Example: "fOo.BAR.com" -> "foo" + */ + +char * +krb_get_phost(const char *alias) +{ + static char phost[MaxHostNameLen+1]; + + krb_name_to_name(alias, phost, sizeof(phost)); + k_ricercar(phost); + return phost; +} diff --git a/crypto/kerberosIV/lib/krb/netread.c b/crypto/kerberosIV/lib/krb/netread.c new file mode 100644 index 0000000..cbc1bd1 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/netread.c @@ -0,0 +1,55 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: netread.c,v 1.6 1997/03/23 03:53:15 joda Exp $"); + +/* + * krb_net_read() reads from the file descriptor "fd" to the buffer + * "buf", until either 1) "len" bytes have been read or 2) cannot + * read anymore from "fd". It returns the number of bytes read + * or a read() error. (The calling interface is identical to + * read(2).) + * + * XXX must not use non-blocking I/O + */ + +int +krb_net_read (int fd, void *v, size_t len) +{ + int cc, len2 = 0; + char *buf = v; + + do { + cc = read(fd, buf, len); + if (cc < 0) + return(cc); /* errno is already set */ + else if (cc == 0) { + return(len2); + } else { + buf += cc; + len2 += cc; + len -= cc; + } + } while (len > 0); + return(len2); +} diff --git a/crypto/kerberosIV/lib/krb/netwrite.c b/crypto/kerberosIV/lib/krb/netwrite.c new file mode 100644 index 0000000..0703d91 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/netwrite.c @@ -0,0 +1,52 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: netwrite.c,v 1.7 1997/03/23 03:53:15 joda Exp $"); + +/* + * krb_net_write() writes "len" bytes from "buf" to the file + * descriptor "fd". It returns the number of bytes written or + * a write() error. (The calling interface is identical to + * write(2).) + * + * XXX must not use non-blocking I/O + */ + +int +krb_net_write(int fd, const void *v, size_t len) +{ + int cc; + int wrlen = len; + const char *buf = (const char*)v; + + do { + cc = write(fd, buf, wrlen); + if (cc < 0) + return(cc); + else { + buf += cc; + wrlen -= cc; + } + } while (wrlen > 0); + return(len); +} diff --git a/crypto/kerberosIV/lib/krb/one.c b/crypto/kerberosIV/lib/krb/one.c new file mode 100644 index 0000000..d43b284 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/one.c @@ -0,0 +1,27 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + + WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + distribute this software and its documentation for any purpose and + without fee is hereby granted, provided that the above copyright + notice appear in all copies and that both that copyright notice and + this permission notice appear in supporting documentation, and that + the name of M.I.T. not be used in advertising or publicity pertaining + to distribution of the software without specific, written prior + permission. M.I.T. makes no representations about the suitability of + this software for any purpose. It is provided "as is" without express + or implied warranty. + + */ + +/* + * definition of variable set to 1. + * used in krb_conf.h to determine host byte order. + */ + +int krbONE = 1; diff --git a/crypto/kerberosIV/lib/krb/parse_name.c b/crypto/kerberosIV/lib/krb/parse_name.c new file mode 100644 index 0000000..1184330 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/parse_name.c @@ -0,0 +1,199 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: parse_name.c,v 1.4 1997/04/01 08:18:39 joda Exp $"); + +int +krb_parse_name(const char *fullname, krb_principal *principal) +{ + const char *p; + char *ns, *np; + enum {n, i, r} pos = n; + int quote = 0; + ns = np = principal->name; + + principal->name[0] = 0; + principal->instance[0] = 0; + principal->realm[0] = 0; + + for(p = fullname; *p; p++){ + if(np - ns == ANAME_SZ - 1) /* XXX they have the same size */ + return KNAME_FMT; + if(quote){ + *np++ = *p; + quote = 0; + continue; + } + if(*p == '\\') + quote = 1; + else if(*p == '.' && pos == n){ + *np = 0; + ns = np = principal->instance; + pos = i; + }else if(*p == '@' && (pos == n || pos == i)){ + *np = 0; + ns = np = principal->realm; + pos = r; + }else + *np++ = *p; + } + *np = 0; + if(quote || principal->name[0] == 0) + return KNAME_FMT; + return KSUCCESS; +} + +int +kname_parse(char *np, char *ip, char *rp, char *fullname) +{ + krb_principal p; + int ret; + if((ret = krb_parse_name(fullname, &p)) == 0){ + strcpy(np, p.name); + strcpy(ip, p.instance); + if(p.realm[0]) + strcpy(rp, p.realm); + } + return ret; +} +/* + * k_isname() returns 1 if the given name is a syntactically legitimate + * Kerberos name; returns 0 if it's not. + */ + +int +k_isname(char *s) +{ + char c; + int backslash = 0; + + if (!*s) + return 0; + if (strlen(s) > ANAME_SZ - 1) + return 0; + while ((c = *s++)) { + if (backslash) { + backslash = 0; + continue; + } + switch(c) { + case '\\': + backslash = 1; + break; + case '.': + return 0; + /* break; */ + case '@': + return 0; + /* break; */ + } + } + return 1; +} + + +/* + * k_isinst() returns 1 if the given name is a syntactically legitimate + * Kerberos instance; returns 0 if it's not. + */ + +int +k_isinst(char *s) +{ + char c; + int backslash = 0; + + if (strlen(s) > INST_SZ - 1) + return 0; + while ((c = *s++)) { + if (backslash) { + backslash = 0; + continue; + } + switch(c) { + case '\\': + backslash = 1; + break; + case '.': +#if INSTANCE_DOTS_OK + break; +#else /* INSTANCE_DOTS_OK */ + return 0; +#endif /* INSTANCE_DOTS_OK */ + /* break; */ + case '@': + return 0; + /* break; */ + } + } + return 1; +} + +/* + * k_isrealm() returns 1 if the given name is a syntactically legitimate + * Kerberos realm; returns 0 if it's not. + */ + +int +k_isrealm(char *s) +{ + char c; + int backslash = 0; + + if (!*s) + return 0; + if (strlen(s) > REALM_SZ - 1) + return 0; + while ((c = *s++)) { + if (backslash) { + backslash = 0; + continue; + } + switch(c) { + case '\\': + backslash = 1; + break; + case '@': + return 0; + /* break; */ + } + } + return 1; +} diff --git a/crypto/kerberosIV/lib/krb/prot.h b/crypto/kerberosIV/lib/krb/prot.h new file mode 100644 index 0000000..e4825e1 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/prot.h @@ -0,0 +1,105 @@ +/* + * $Id: prot.h,v 1.7 1997/03/23 03:52:27 joda Exp $ + * + * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute + * of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * Include file with authentication protocol information. + */ + +#ifndef PROT_DEFS +#define PROT_DEFS + +#define KRB_SERVICE "kerberos-iv" +#define KRB_PORT 750 /* PC's don't have + * /etc/services */ +#define KRB_PROT_VERSION 4 +#define MAX_PKT_LEN 1000 +#define MAX_TXT_LEN 1000 + +/* Macro's to obtain various fields from a packet */ + +#define pkt_version(packet) (unsigned int) *(packet->dat) +#define pkt_msg_type(packet) (unsigned int) *(packet->dat+1) +#define pkt_a_name(packet) (packet->dat+2) +#define pkt_a_inst(packet) \ + (packet->dat+3+strlen((char *)pkt_a_name(packet))) +#define pkt_a_realm(packet) \ + (pkt_a_inst(packet)+1+strlen((char *)pkt_a_inst(packet))) + +/* Macro to obtain realm from application request */ +#define apreq_realm(auth) (auth->dat + 3) + +#define pkt_time_ws(packet) (char *) \ + (packet->dat+5+strlen((char *)pkt_a_name(packet)) + \ + strlen((char *)pkt_a_inst(packet)) + \ + strlen((char *)pkt_a_realm(packet))) + +#define pkt_no_req(packet) (unsigned short) \ + *(packet->dat+9+strlen((char *)pkt_a_name(packet)) + \ + strlen((char *)pkt_a_inst(packet)) + \ + strlen((char *)pkt_a_realm(packet))) +#define pkt_x_date(packet) (char *) \ + (packet->dat+10+strlen((char *)pkt_a_name(packet)) + \ + strlen((char *)pkt_a_inst(packet)) + \ + strlen((char *)pkt_a_realm(packet))) +#define pkt_err_code(packet) ( (char *) \ + (packet->dat+9+strlen((char *)pkt_a_name(packet)) + \ + strlen((char *)pkt_a_inst(packet)) + \ + strlen((char *)pkt_a_realm(packet)))) +#define pkt_err_text(packet) \ + (packet->dat+13+strlen((char *)pkt_a_name(packet)) + \ + strlen((char *)pkt_a_inst(packet)) + \ + strlen((char *)pkt_a_realm(packet))) + +/* Routines to create and read packets may be found in prot.c */ + +KTEXT create_auth_reply(char *pname, char *pinst, char *prealm, + int32_t time_ws, int n, u_int32_t x_date, + int kvno, KTEXT cipher); +#ifdef DEBUG +KTEXT krb_create_death_packet(char *a_name); +#endif + +/* Message types , always leave lsb for byte order */ + +#define AUTH_MSG_KDC_REQUEST 1<<1 +#define AUTH_MSG_KDC_REPLY 2<<1 +#define AUTH_MSG_APPL_REQUEST 3<<1 +#define AUTH_MSG_APPL_REQUEST_MUTUAL 4<<1 +#define AUTH_MSG_ERR_REPLY 5<<1 +#define AUTH_MSG_PRIVATE 6<<1 +#define AUTH_MSG_SAFE 7<<1 +#define AUTH_MSG_APPL_ERR 8<<1 +#define AUTH_MSG_KDC_FORWARD 9<<1 +#define AUTH_MSG_KDC_RENEW 10<<1 +#define AUTH_MSG_DIE 63<<1 + +/* values for kerb error codes */ + +#define KERB_ERR_OK 0 +#define KERB_ERR_NAME_EXP 1 +#define KERB_ERR_SERVICE_EXP 2 +#define KERB_ERR_AUTH_EXP 3 +#define KERB_ERR_PKT_VER 4 +#define KERB_ERR_NAME_MAST_KEY_VER 5 +#define KERB_ERR_SERV_MAST_KEY_VER 6 +#define KERB_ERR_BYTE_ORDER 7 +#define KERB_ERR_PRINCIPAL_UNKNOWN 8 +#define KERB_ERR_PRINCIPAL_NOT_UNIQUE 9 +#define KERB_ERR_NULL_KEY 10 +#define KERB_ERR_TIMEOUT 11 + +/* sendauth - recvauth */ + +/* + * If the protocol changes, you will need to change the version string + * be sure to support old versions of krb_sendauth! + */ + +#define KRB_SENDAUTH_VERS "AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN chars */ + +#endif /* PROT_DEFS */ diff --git a/crypto/kerberosIV/lib/krb/rd_err.c b/crypto/kerberosIV/lib/krb/rd_err.c new file mode 100644 index 0000000..3382eab --- /dev/null +++ b/crypto/kerberosIV/lib/krb/rd_err.c @@ -0,0 +1,82 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: rd_err.c,v 1.8 1997/04/01 08:18:40 joda Exp $"); + +/* + * Given an AUTH_MSG_APPL_ERR message, "in" and its length "in_length", + * return the error code from the message in "code" and the text in + * "m_data" as follows: + * + * m_data->app_data points to the error text + * m_data->app_length points to the length of the error text + * + * If all goes well, return RD_AP_OK. If the version number + * is wrong, return RD_AP_VERSION, and if it's not an AUTH_MSG_APPL_ERR + * type message, return RD_AP_MSG_TYPE. + * + * The AUTH_MSG_APPL_ERR message format can be found in mk_err.c + */ + +int +krb_rd_err(u_char *in, u_int32_t in_length, int32_t *code, MSG_DAT *m_data) +{ + unsigned char *p = (unsigned char*)in; + + unsigned char pvno, type; + int little_endian; + + pvno = *p++; + if(pvno != KRB_PROT_VERSION) + return RD_AP_VERSION; + + type = *p++; + little_endian = type & 1; + type &= ~1; + + if(type != AUTH_MSG_APPL_ERR) + return RD_AP_MSG_TYPE; + + p += krb_get_int(p, (u_int32_t *)&code, 4, little_endian); + + m_data->app_data = p; + m_data->app_length = in_length; /* XXX is this correct? */ + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/rd_priv.c b/crypto/kerberosIV/lib/krb/rd_priv.c new file mode 100644 index 0000000..58ecd9f --- /dev/null +++ b/crypto/kerberosIV/lib/krb/rd_priv.c @@ -0,0 +1,129 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: rd_priv.c,v 1.24 1997/05/14 17:53:29 joda Exp $"); + +/* application include files */ +#include "lsb_addr_comp.h" + +/* + * krb_rd_priv() decrypts and checks the integrity of an + * AUTH_MSG_PRIVATE message. Given the message received, "in", + * the length of that message, "in_length", the key "schedule" + * and "key", and the network addresses of the + * "sender" and "receiver" of the message, krb_rd_safe() returns + * RD_AP_OK if the message is okay, otherwise some error code. + * + * The message data retrieved from "in" are returned in the structure + * "m_data". The pointer to the application data + * (m_data->app_data) refers back to the appropriate place in "in". + * + * See the file "mk_priv.c" for the format of the AUTH_MSG_PRIVATE + * message. The structure containing the extracted message + * information, MSG_DAT, is defined in "krb.h". + */ + +int32_t +krb_rd_priv(void *in, u_int32_t in_length, + struct des_ks_struct *schedule, des_cblock *key, + struct sockaddr_in *sender, struct sockaddr_in *receiver, + MSG_DAT *m_data) +{ + unsigned char *p = (unsigned char*)in; + int little_endian; + u_int32_t clen; + struct timeval tv; + u_int32_t src_addr; + int delta_t; + + unsigned char pvno, type; + + pvno = *p++; + if(pvno != KRB_PROT_VERSION) + return RD_AP_VERSION; + + type = *p++; + little_endian = type & 1; + type &= ~1; + + p += krb_get_int(p, &clen, 4, little_endian); + + if(clen + 2 > in_length) + return RD_AP_MODIFIED; + + des_pcbc_encrypt((des_cblock*)p, (des_cblock*)p, clen, + schedule, key, DES_DECRYPT); + + p += krb_get_int(p, &m_data->app_length, 4, little_endian); + if(m_data->app_length + 17 > in_length) + return RD_AP_MODIFIED; + + m_data->app_data = p; + p += m_data->app_length; + + m_data->time_5ms = *p++; + + p += krb_get_address(p, &src_addr); + + if (!krb_equiv(src_addr, sender->sin_addr.s_addr)) + return RD_AP_BADD; + + p += krb_get_int(p, (u_int32_t *)&m_data->time_sec, 4, little_endian); + + m_data->time_sec = lsb_time(m_data->time_sec, sender, receiver); + + gettimeofday(&tv, NULL); + + /* check the time integrity of the msg */ + delta_t = abs((int)((long) tv.tv_sec - m_data->time_sec)); + if (delta_t > CLOCK_SKEW) + return RD_AP_TIME; + if (krb_debug) + krb_warning("\ndelta_t = %d", (int) delta_t); + + /* + * caller must check timestamps for proper order and + * replays, since server might have multiple clients + * each with its own timestamps and we don't assume + * tightly synchronized clocks. + */ + + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/rd_req.c b/crypto/kerberosIV/lib/krb/rd_req.c new file mode 100644 index 0000000..1a3e848 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/rd_req.c @@ -0,0 +1,324 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: rd_req.c,v 1.24 1997/05/11 11:05:28 assar Exp $"); + +static struct timeval t_local = { 0, 0 }; + +/* + * Keep the following information around for subsequent calls + * to this routine by the same server using the same key. + */ + +static des_key_schedule serv_key; /* Key sched to decrypt ticket */ +static des_cblock ky; /* Initialization vector */ +static int st_kvno; /* version number for this key */ +static char st_rlm[REALM_SZ]; /* server's realm */ +static char st_nam[ANAME_SZ]; /* service name */ +static char st_inst[INST_SZ]; /* server's instance */ + +/* + * This file contains two functions. krb_set_key() takes a DES + * key or password string and returns a DES key (either the original + * key, or the password converted into a DES key) and a key schedule + * for it. + * + * krb_rd_req() reads an authentication request and returns information + * about the identity of the requestor, or an indication that the + * identity information was not authentic. + */ + +/* + * krb_set_key() takes as its first argument either a DES key or a + * password string. The "cvt" argument indicates how the first + * argument "key" is to be interpreted: if "cvt" is null, "key" is + * taken to be a DES key; if "cvt" is non-null, "key" is taken to + * be a password string, and is converted into a DES key using + * string_to_key(). In either case, the resulting key is returned + * in the external static variable "ky". A key schedule is + * generated for "ky" and returned in the external static variable + * "serv_key". + * + * This routine returns the return value of des_key_sched. + * + * krb_set_key() needs to be in the same .o file as krb_rd_req() so that + * the key set by krb_set_key() is available in private storage for + * krb_rd_req(). + */ + +int +krb_set_key(void *key, int cvt) +{ +#ifdef NOENCRYPTION + memset(ky, 0, sizeof(ky)); + return KSUCCESS; +#else /* Encrypt */ + if (cvt) + des_string_to_key((char*)key, &ky); + else + memcpy((char*)ky, key, 8); + return(des_key_sched(&ky, serv_key)); +#endif /* NOENCRYPTION */ +} + + +/* + * krb_rd_req() takes an AUTH_MSG_APPL_REQUEST or + * AUTH_MSG_APPL_REQUEST_MUTUAL message created by krb_mk_req(), + * checks its integrity and returns a judgement as to the requestor's + * identity. + * + * The "authent" argument is a pointer to the received message. + * The "service" and "instance" arguments name the receiving server, + * and are used to get the service's ticket to decrypt the ticket + * in the message, and to compare against the server name inside the + * ticket. "from_addr" is the network address of the host from which + * the message was received; this is checked against the network + * address in the ticket. If "from_addr" is zero, the check is not + * performed. "ad" is an AUTH_DAT structure which is + * filled in with information about the sender's identity according + * to the authenticator and ticket sent in the message. Finally, + * "fn" contains the name of the file containing the server's key. + * (If "fn" is NULL, the server's key is assumed to have been set + * by krb_set_key(). If "fn" is the null string ("") the default + * file KEYFILE, defined in "krb.h", is used.) + * + * krb_rd_req() returns RD_AP_OK if the authentication information + * was genuine, or one of the following error codes (defined in + * "krb.h"): + * + * RD_AP_VERSION - wrong protocol version number + * RD_AP_MSG_TYPE - wrong message type + * RD_AP_UNDEC - couldn't decipher the message + * RD_AP_INCON - inconsistencies found + * RD_AP_BADD - wrong network address + * RD_AP_TIME - client time (in authenticator) + * too far off server time + * RD_AP_NYV - Kerberos time (in ticket) too + * far off server time + * RD_AP_EXP - ticket expired + * + * For the message format, see krb_mk_req(). + * + * Mutual authentication is not implemented. + */ + +int +krb_rd_req(KTEXT authent, /* The received message */ + char *service, /* Service name */ + char *instance, /* Service instance */ + int32_t from_addr, /* Net address of originating host */ + AUTH_DAT *ad, /* Structure to be filled in */ + char *fn) /* Filename to get keys from */ +{ + static KTEXT_ST ticket; /* Temp storage for ticket */ + static KTEXT tkt = &ticket; + static KTEXT_ST req_id_st; /* Temp storage for authenticator */ + KTEXT req_id = &req_id_st; + + char realm[REALM_SZ]; /* Realm of issuing kerberos */ + + unsigned char skey[KKEY_SZ]; /* Session key from ticket */ + char sname[SNAME_SZ]; /* Service name from ticket */ + char iname[INST_SZ]; /* Instance name from ticket */ + char r_aname[ANAME_SZ]; /* Client name from authenticator */ + char r_inst[INST_SZ]; /* Client instance from authenticator */ + char r_realm[REALM_SZ]; /* Client realm from authenticator */ + u_int32_t r_time_sec; /* Coarse time from authenticator */ + unsigned long delta_t; /* Time in authenticator - local time */ + long tkt_age; /* Age of ticket */ + static unsigned char s_kvno;/* Version number of the server's key + * Kerberos used to encrypt ticket */ + + struct timeval tv; + int status; + + int pvno; + int type; + int little_endian; + + unsigned char *p; + + if (authent->length <= 0) + return(RD_AP_MODIFIED); + + p = authent->dat; + + /* get msg version, type and byte order, and server key version */ + + pvno = *p++; + + if(pvno != KRB_PROT_VERSION) + return RD_AP_VERSION; + + type = *p++; + + little_endian = type & 1; + type &= ~1; + + if(type != AUTH_MSG_APPL_REQUEST && type != AUTH_MSG_APPL_REQUEST_MUTUAL) + return RD_AP_MSG_TYPE; + + s_kvno = *p++; + + p += krb_get_string(p, realm); + + /* + * If "fn" is NULL, key info should already be set; don't + * bother with ticket file. Otherwise, check to see if we + * already have key info for the given server and key version + * (saved in the static st_* variables). If not, go get it + * from the ticket file. If "fn" is the null string, use the + * default ticket file. + */ + if (fn && (strcmp(st_nam,service) || strcmp(st_inst,instance) || + strcmp(st_rlm,realm) || (st_kvno != s_kvno))) { + if (*fn == 0) fn = KEYFILE; + st_kvno = s_kvno; + if (read_service_key(service, instance, realm, s_kvno, + fn, (char *)skey)) + return(RD_AP_UNDEC); + if ((status = krb_set_key((char*)skey, 0))) + return(status); + strcpy(st_rlm, realm); + strcpy(st_nam, service); + strcpy(st_inst, instance); + } + + tkt->length = *p++; + + req_id->length = *p++; + + if(tkt->length + (p - authent->dat) > authent->length) + return RD_AP_MODIFIED; + + memcpy(tkt->dat, p, tkt->length); + p += tkt->length; + + if (krb_ap_req_debug) + krb_log("ticket->length: %d",tkt->length); + + /* Decrypt and take apart ticket */ + if (decomp_ticket(tkt, &ad->k_flags, ad->pname, ad->pinst, ad->prealm, + &ad->address, ad->session, &ad->life, + &ad->time_sec, sname, iname, &ky, serv_key)) + return RD_AP_UNDEC; + + if (krb_ap_req_debug) { + krb_log("Ticket Contents."); + krb_log(" Aname: %s.%s",ad->pname, ad->prealm); + krb_log(" Service: %s", krb_unparse_name_long(sname, iname, NULL)); + } + + /* Extract the authenticator */ + + if(req_id->length + (p - authent->dat) > authent->length) + return RD_AP_MODIFIED; + + memcpy(req_id->dat, p, req_id->length); + p = req_id->dat; + +#ifndef NOENCRYPTION + /* And decrypt it with the session key from the ticket */ + if (krb_ap_req_debug) krb_log("About to decrypt authenticator"); + + encrypt_ktext(req_id, &ad->session, DES_DECRYPT); + + if (krb_ap_req_debug) krb_log("Done."); +#endif /* NOENCRYPTION */ + + /* cast req_id->length to int? */ +#define check_ptr() if ((ptr - (char *) req_id->dat) > req_id->length) return(RD_AP_MODIFIED); + + p += krb_get_nir(p, r_aname, r_inst, r_realm); /* XXX no rangecheck */ + + p += krb_get_int(p, &ad->checksum, 4, little_endian); + + p++; /* time_5ms is not used */ + + p += krb_get_int(p, &r_time_sec, 4, little_endian); + + /* Check for authenticity of the request */ + if (krb_ap_req_debug) + krb_log("Principal: %s.%s@%s / %s.%s@%s",ad->pname,ad->pinst, ad->prealm, + r_aname, r_inst, r_realm); + if (strcmp(ad->pname, r_aname) != 0 || + strcmp(ad->pinst, r_inst) != 0 || + strcmp(ad->prealm, r_realm) != 0) + return RD_AP_INCON; + + if (krb_ap_req_debug) + krb_log("Address: %x %x", ad->address, from_addr); + + if (from_addr && (!krb_equiv(ad->address, from_addr))) + return RD_AP_BADD; + + gettimeofday(&tv, NULL); + delta_t = abs((int)(tv.tv_sec - r_time_sec)); + if (delta_t > CLOCK_SKEW) { + if (krb_ap_req_debug) + krb_log("Time out of range: %lu - %lu = %lu", + (unsigned long)t_local.tv_sec, + (unsigned long)r_time_sec, + (unsigned long)delta_t); + return RD_AP_TIME; + } + + /* Now check for expiration of ticket */ + + tkt_age = tv.tv_sec - ad->time_sec; + if (krb_ap_req_debug) + krb_log("Time: %ld Issue Date: %lu Diff: %ld Life %x", + (long)tv.tv_sec, + (unsigned long)ad->time_sec, + tkt_age, + ad->life); + + if ((tkt_age < 0) && (-tkt_age > CLOCK_SKEW)) + return RD_AP_NYV; + + if (tv.tv_sec > krb_life_to_time(ad->time_sec, ad->life)) + return RD_AP_EXP; + + /* All seems OK */ + ad->reply.length = 0; + + return(RD_AP_OK); +} diff --git a/crypto/kerberosIV/lib/krb/rd_safe.c b/crypto/kerberosIV/lib/krb/rd_safe.c new file mode 100644 index 0000000..8471df0 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/rd_safe.c @@ -0,0 +1,178 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: rd_safe.c,v 1.24 1997/04/19 23:18:20 joda Exp $"); + +/* application include files */ +#include "lsb_addr_comp.h" + +/* Generate two checksums in the given byteorder of the data, one + * new-form and one old-form. It has to be done this way to be + * compatible with the old version of des_quad_cksum. + */ + +/* des_quad_chsum-type; 0 == unknown, 1 == new PL10++, 2 == old */ +int dqc_type = DES_QUAD_DEFAULT; + +void +fixup_quad_cksum(void *start, size_t len, des_cblock *key, + void *new_checksum, void *old_checksum, int little) +{ + des_quad_cksum((des_cblock*)start, (des_cblock*)new_checksum, len, 2, key); + if(HOST_BYTE_ORDER){ + if(little){ + memcpy(old_checksum, new_checksum, 16); + }else{ + u_int32_t *tmp = (u_int32_t*)new_checksum; + memcpy(old_checksum, new_checksum, 16); + swap_u_16(old_checksum); + swap_u_long(tmp[0]); + swap_u_long(tmp[1]); + swap_u_long(tmp[2]); + swap_u_long(tmp[3]); + } + }else{ + if(little){ + u_int32_t *tmp = (u_int32_t*)new_checksum; + swap_u_long(tmp[0]); + swap_u_long(tmp[1]); + swap_u_long(tmp[2]); + swap_u_long(tmp[3]); + memcpy(old_checksum, new_checksum, 16); + }else{ + u_int32_t tmp[4]; + tmp[0] = ((u_int32_t*)new_checksum)[3]; + tmp[1] = ((u_int32_t*)new_checksum)[2]; + tmp[2] = ((u_int32_t*)new_checksum)[1]; + tmp[3] = ((u_int32_t*)new_checksum)[0]; + memcpy(old_checksum, tmp, 16); + } + } +} + +/* + * krb_rd_safe() checks the integrity of an AUTH_MSG_SAFE message. + * Given the message received, "in", the length of that message, + * "in_length", the "key" to compute the checksum with, and the + * network addresses of the "sender" and "receiver" of the message, + * krb_rd_safe() returns RD_AP_OK if message is okay, otherwise + * some error code. + * + * The message data retrieved from "in" is returned in the structure + * "m_data". The pointer to the application data (m_data->app_data) + * refers back to the appropriate place in "in". + * + * See the file "mk_safe.c" for the format of the AUTH_MSG_SAFE + * message. The structure containing the extracted message + * information, MSG_DAT, is defined in "krb.h". + */ + +int32_t +krb_rd_safe(void *in, u_int32_t in_length, des_cblock *key, + struct sockaddr_in *sender, struct sockaddr_in *receiver, + MSG_DAT *m_data) +{ + unsigned char *p = (unsigned char*)in, *start; + + unsigned char pvno, type; + int little_endian; + struct timeval tv; + u_int32_t src_addr; + int delta_t; + + + pvno = *p++; + if(pvno != KRB_PROT_VERSION) + return RD_AP_VERSION; + + type = *p++; + little_endian = type & 1; + type &= ~1; + if(type != AUTH_MSG_SAFE) + return RD_AP_MSG_TYPE; + + start = p; + + p += krb_get_int(p, &m_data->app_length, 4, little_endian); + + if(m_data->app_length + 31 > in_length) + return RD_AP_MODIFIED; + + m_data->app_data = p; + + p += m_data->app_length; + + m_data->time_5ms = *p++; + + p += krb_get_address(p, &src_addr); + + if (!krb_equiv(src_addr, sender->sin_addr.s_addr)) + return RD_AP_BADD; + + p += krb_get_int(p, (u_int32_t *)&m_data->time_sec, 4, little_endian); + m_data->time_sec = lsb_time(m_data->time_sec, sender, receiver); + + gettimeofday(&tv, NULL); + + delta_t = abs((int)((long) tv.tv_sec - m_data->time_sec)); + if (delta_t > CLOCK_SKEW) return RD_AP_TIME; + + /* + * caller must check timestamps for proper order and replays, since + * server might have multiple clients each with its own timestamps + * and we don't assume tightly synchronized clocks. + */ + + { + unsigned char new_checksum[16]; + unsigned char old_checksum[16]; + fixup_quad_cksum(start, p - start, key, + new_checksum, old_checksum, little_endian); + if((dqc_type == DES_QUAD_GUESS || dqc_type == DES_QUAD_NEW) && + memcmp(new_checksum, p, 16) == 0) + dqc_type = DES_QUAD_NEW; + else if((dqc_type == DES_QUAD_GUESS || dqc_type == DES_QUAD_OLD) && + memcmp(old_checksum, p, 16) == 0) + dqc_type = DES_QUAD_OLD; + else + return RD_AP_MODIFIED; + } + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/read_service_key.c b/crypto/kerberosIV/lib/krb/read_service_key.c new file mode 100644 index 0000000..6de5db2 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/read_service_key.c @@ -0,0 +1,116 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: read_service_key.c,v 1.8 1997/03/23 03:53:16 joda Exp $"); + +/* + * The private keys for servers on a given host are stored in a + * "srvtab" file (typically "/etc/srvtab"). This routine extracts + * a given server's key from the file. + * + * read_service_key() takes the server's name ("service"), "instance", + * and "realm" and a key version number "kvno", and looks in the given + * "file" for the corresponding entry, and if found, returns the entry's + * key field in "key". + * + * If "instance" contains the string "*", then it will match + * any instance, and the chosen instance will be copied to that + * string. For this reason it is important that the there is enough + * space beyond the "*" to receive the entry. + * + * If "kvno" is 0, it is treated as a wild card and the first + * matching entry regardless of the "vno" field is returned. + * + * This routine returns KSUCCESS on success, otherwise KFAILURE. + * + * The format of each "srvtab" entry is as follows: + * + * Size Variable Field in file + * ---- -------- ------------- + * string serv server name + * string inst server instance + * string realm server realm + * 1 byte vno server key version # + * 8 bytes key server's key + * ... ... ... + */ + + +int +read_service_key(char *service, /* Service Name */ + char *instance, /* Instance name or "*" */ + char *realm, /* Realm */ + int kvno, /* Key version number */ + char *file, /* Filename */ + char *key) /* Pointer to key to be filled in */ +{ + char serv[SNAME_SZ]; + char inst[INST_SZ]; + char rlm[REALM_SZ]; + unsigned char vno; /* Key version number */ + int wcard; + + int stab; + + if ((stab = open(file, O_RDONLY, 0)) < 0) + return(KFAILURE); + + wcard = (instance[0] == '*') && (instance[1] == '\0'); + + while (getst(stab,serv,SNAME_SZ) > 0) { /* Read sname */ + getst(stab,inst,INST_SZ); /* Instance */ + getst(stab,rlm,REALM_SZ); /* Realm */ + /* Vers number */ + if (read(stab, &vno, 1) != 1) { + close(stab); + return(KFAILURE); + } + /* Key */ + if (read(stab,key,8) != 8) { + close(stab); + return(KFAILURE); + } + /* Is this the right service */ + if (strcmp(serv,service)) + continue; + /* How about instance */ + if (!wcard && strcmp(inst,instance)) + continue; + if (wcard) + strncpy(instance,inst,INST_SZ); + /* Is this the right realm */ + if (strcmp(rlm,realm)) + continue; + + /* How about the key version number */ + if (kvno && kvno != (int) vno) + continue; + + close(stab); + return(KSUCCESS); + } + + /* Can't find the requested service */ + close(stab); + return(KFAILURE); +} diff --git a/crypto/kerberosIV/lib/krb/realm_parse.c b/crypto/kerberosIV/lib/krb/realm_parse.c new file mode 100644 index 0000000..2ce852a --- /dev/null +++ b/crypto/kerberosIV/lib/krb/realm_parse.c @@ -0,0 +1,88 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: realm_parse.c,v 1.10 1997/06/01 03:14:50 assar Exp $"); + +static int +realm_parse(char *realm, int length, const char *file) +{ + FILE *F; + char tr[128]; + char *p; + + if ((F = fopen(file,"r")) == NULL) + return -1; + + while(fgets(tr, sizeof(tr), F)){ + char *unused = NULL; + p = strtok_r(tr, " \t\n\r", &unused); + if(p && strcasecmp(p, realm) == 0){ + fclose(F); + strncpy(realm, p, length); + return 0; + } + } + fclose(F); + return -1; +} + +static const char *const files[] = KRB_CNF_FILES; + +int +krb_realm_parse(char *realm, int length) +{ + int i; + + const char *dir = getenv("KRBCONFDIR"); + + /* First try user specified file */ + if (dir != 0) { + char fname[MaxPathLen]; + + if(k_concat(fname, sizeof(fname), dir, "/krb.conf", NULL) == 0) + if (realm_parse(realm, length, fname) == 0) + return 0; + } + + for (i = 0; files[i] != NULL; i++) + if (realm_parse(realm, length, files[i]) == 0) + return 0; + return -1; +} diff --git a/crypto/kerberosIV/lib/krb/recvauth.c b/crypto/kerberosIV/lib/krb/recvauth.c new file mode 100644 index 0000000..6c96897 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/recvauth.c @@ -0,0 +1,190 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: recvauth.c,v 1.17 1997/03/23 03:53:16 joda Exp $"); + +/* + * krb_recvauth() reads (and optionally responds to) a message sent + * using krb_sendauth(). The "options" argument is a bit-field of + * selected options (see "sendauth.c" for options description). + * The only option relevant to krb_recvauth() is KOPT_DO_MUTUAL + * (mutual authentication requested). The "fd" argument supplies + * a file descriptor to read from (and write to, if mutual authenti- + * cation is requested). + * + * Part of the received message will be a Kerberos ticket sent by the + * client; this is read into the "ticket" argument. The "service" and + * "instance" arguments supply the server's Kerberos name. If the + * "instance" argument is the string "*", it is treated as a wild card + * and filled in during the krb_rd_req() call (see read_service_key()). + * + * The "faddr" and "laddr" give the sending (client) and receiving + * (local server) network addresses. ("laddr" may be left NULL unless + * mutual authentication is requested, in which case it must be set.) + * + * The authentication information extracted from the message is returned + * in "kdata". The "filename" argument indicates the file where the + * server's key can be found. (It is passed on to krb_rd_req().) If + * left null, the default "/etc/srvtab" will be used. + * + * If mutual authentication is requested, the session key schedule must + * be computed in order to reply; this schedule is returned in the + * "schedule" argument. A string containing the application version + * number from the received message is returned in "version", which + * should be large enough to hold a KRB_SENDAUTH_VLEN-character string. + * + * See krb_sendauth() for the format of the received client message. + * + * krb_recvauth() first reads the protocol version string from the + * given file descriptor. If it doesn't match the current protocol + * version (KRB_SENDAUTH_VERS), the old-style format is assumed. In + * that case, the string of characters up to the first space is read + * and interpreted as the ticket length, then the ticket is read. + * + * If the first string did match KRB_SENDAUTH_VERS, krb_recvauth() + * next reads the application protocol version string. Then the + * ticket length and ticket itself are read. + * + * The ticket is decrypted and checked by the call to krb_rd_req(). + * If no mutual authentication is required, the result of the + * krb_rd_req() call is retured by this routine. If mutual authenti- + * cation is required, a message in the following format is returned + * on "fd": + * + * Size Variable Field + * ---- -------- ----- + * + * 4 bytes tkt_len length of ticket or -1 + * if error occurred + * + * priv_len tmp_buf "private" message created + * by krb_mk_priv() which + * contains the incremented + * checksum sent by the client + * encrypted in the session + * key. (This field is not + * present in case of error.) + * + * If all goes well, KSUCCESS is returned; otherwise KFAILURE or some + * other error code is returned. + */ + +static int +send_error_reply(int fd) +{ + unsigned char tmp[4] = { 255, 255, 255, 255 }; + if(krb_net_write(fd, tmp, sizeof(tmp)) != sizeof(tmp)) + return -1; + return 0; +} + +int +krb_recvauth(int32_t options, /* bit-pattern of options */ + int fd, /* file descr. to read from */ + KTEXT ticket, /* storage for client's ticket */ + char *service, /* service expected */ + char *instance, /* inst expected (may be filled in) */ + struct sockaddr_in *faddr, /* address of foreign host on fd */ + struct sockaddr_in *laddr, /* local address */ + AUTH_DAT *kdata, /* kerberos data (returned) */ + char *filename, /* name of file with service keys */ + struct des_ks_struct *schedule, /* key schedule (return) */ + char *version) /* version string (filled in) */ +{ + int cc; + char krb_vers[KRB_SENDAUTH_VLEN + 1]; /* + 1 for the null terminator */ + int rem; + int32_t priv_len; + u_char tmp_buf[MAX_KTXT_LEN+max(KRB_SENDAUTH_VLEN+1,21)]; + + /* read the protocol version number */ + if (krb_net_read(fd, krb_vers, KRB_SENDAUTH_VLEN) != KRB_SENDAUTH_VLEN) + return(errno); + krb_vers[KRB_SENDAUTH_VLEN] = '\0'; + + /* read the application version string */ + if (krb_net_read(fd, version, KRB_SENDAUTH_VLEN) != KRB_SENDAUTH_VLEN) + return(errno); + version[KRB_SENDAUTH_VLEN] = '\0'; + + /* get the length of the ticket */ + { + char tmp[4]; + if (krb_net_read(fd, tmp, 4) != 4) + return -1; + krb_get_int(tmp, &ticket->length, 4, 0); + } + + /* sanity check */ + if (ticket->length <= 0 || ticket->length > MAX_KTXT_LEN) { + if (options & KOPT_DO_MUTUAL) { + if(send_error_reply(fd)) + return -1; + return KFAILURE; + } else + return KFAILURE; /* XXX there may still be junk on the fd? */ + } + + /* read the ticket */ + if (krb_net_read(fd, ticket->dat, ticket->length) != ticket->length) + return -1; + /* + * now have the ticket. decrypt it to get the authenticated + * data. + */ + rem = krb_rd_req(ticket, service, instance, faddr->sin_addr.s_addr, + kdata, filename); + + /* if we are doing mutual auth, compose a response */ + if (options & KOPT_DO_MUTUAL) { + if (rem != KSUCCESS){ + /* the krb_rd_req failed */ + if(send_error_reply(fd)) + return -1; + return rem; + } + + /* add one to the (formerly) sealed checksum, and re-seal it + for return to the client */ + { + unsigned char cs[4]; + krb_put_int(kdata->checksum + 1, cs, 4); +#ifndef NOENCRYPTION + des_key_sched(&kdata->session,schedule); +#endif + priv_len = krb_mk_priv(cs, + tmp_buf+4, + 4, + schedule, + &kdata->session, + laddr, + faddr); + } + /* mk_priv will never fail */ + priv_len += krb_put_int(priv_len, tmp_buf, 4); + + if((cc = krb_net_write(fd, tmp_buf, priv_len)) != priv_len) + return -1; + } + return rem; +} diff --git a/crypto/kerberosIV/lib/krb/resolve.c b/crypto/kerberosIV/lib/krb/resolve.c new file mode 100644 index 0000000..7777c0e --- /dev/null +++ b/crypto/kerberosIV/lib/krb/resolve.c @@ -0,0 +1,288 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" +#include "resolve.h" + +RCSID("$Id: resolve.c,v 1.11 1997/06/01 04:19:20 assar Exp $"); + +#if defined(HAVE_RES_SEARCH) && defined(HAVE_DN_EXPAND) + +#define DECL(X) {#X, T_##X} + +static struct stot{ + char *name; + int type; +}stot[] = { + DECL(A), + DECL(NS), + DECL(CNAME), + DECL(PTR), + DECL(MX), + DECL(TXT), + DECL(AFSDB), + DECL(SRV), + {NULL, 0} +}; + +static int +string_to_type(const char *name) +{ + struct stot *p = stot; + for(p = stot; p->name; p++) + if(strcasecmp(name, p->name) == 0) + return p->type; + return -1; +} + +#if 0 +static char * +type_to_string(int type) +{ + struct stot *p = stot; + for(p = stot; p->name; p++) + if(type == p->type) + return p->name; + return NULL; +} +#endif + +void +dns_free_data(struct dns_reply *r) +{ + struct resource_record *rr; + if(r->q.domain) + free(r->q.domain); + for(rr = r->head; rr;){ + struct resource_record *tmp = rr; + if(rr->domain) + free(rr->domain); + if(rr->u.data) + free(rr->u.data); + rr = rr->next; + free(tmp); + } + free (r); +} + +static struct dns_reply* +parse_reply(unsigned char *data, int len) +{ + unsigned char *p; + char host[128]; + int status; + + struct dns_reply *r; + struct resource_record **rr; + + r = (struct dns_reply*)malloc(sizeof(struct dns_reply)); + memset(r, 0, sizeof(struct dns_reply)); + + p = data; + memcpy(&r->h, p, sizeof(HEADER)); + p += sizeof(HEADER); + status = dn_expand(data, data + len, p, host, sizeof(host)); + if(status < 0){ + dns_free_data(r); + return NULL; + } + r->q.domain = strdup(host); + p += status; + r->q.type = (p[0] << 8 | p[1]); + p += 2; + r->q.class = (p[0] << 8 | p[1]); + p += 2; + rr = &r->head; + while(p < data + len){ + int type, class, ttl, size; + status = dn_expand(data, data + len, p, host, sizeof(host)); + if(status < 0){ + dns_free_data(r); + return NULL; + } + p += status; + type = (p[0] << 8) | p[1]; + p += 2; + class = (p[0] << 8) | p[1]; + p += 2; + ttl = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; + p += 4; + size = (p[0] << 8) | p[1]; + p += 2; + *rr = (struct resource_record*)calloc(1, + sizeof(struct resource_record)); + (*rr)->domain = strdup(host); + (*rr)->type = type; + (*rr)->class = class; + (*rr)->ttl = ttl; + (*rr)->size = size; + switch(type){ + case T_NS: + case T_CNAME: + case T_PTR: + status = dn_expand(data, data + len, p, host, sizeof(host)); + if(status < 0){ + dns_free_data(r); + return NULL; + } + (*rr)->u.txt = strdup(host); + break; + case T_MX: + case T_AFSDB:{ + status = dn_expand(data, data + len, p + 2, host, sizeof(host)); + if(status < 0){ + dns_free_data(r); + return NULL; + } + (*rr)->u.mx = (struct mx_record*)malloc(sizeof(struct mx_record) + + strlen(host)); + (*rr)->u.mx->preference = (p[0] << 8) | p[1]; + strcpy((*rr)->u.mx->domain, host); + break; + } + case T_SRV:{ + status = dn_expand(data, data + len, p + 6, host, sizeof(host)); + if(status < 0){ + dns_free_data(r); + return NULL; + } + (*rr)->u.srv = + (struct srv_record*)malloc(sizeof(struct srv_record) + + strlen(host)); + (*rr)->u.srv->priority = (p[0] << 8) | p[1]; + (*rr)->u.srv->weight = (p[2] << 8) | p[3]; + (*rr)->u.srv->port = (p[4] << 8) | p[5]; + strcpy((*rr)->u.srv->target, host); + break; + } + case T_TXT:{ + (*rr)->u.txt = (char*)malloc(size + 1); + strncpy((*rr)->u.txt, (char*)p + 1, *p); + (*rr)->u.txt[*p] = 0; + break; + } + + default: + (*rr)->u.data = (unsigned char*)malloc(size); + memcpy((*rr)->u.data, p, size); + } + p += size; + rr = &(*rr)->next; + } + *rr = NULL; + return r; +} + + + +struct dns_reply * +dns_lookup(const char *domain, const char *type_name) +{ + unsigned char reply[1024]; + int len; + int type; + struct dns_reply *r = NULL; + + type = string_to_type(type_name); + len = res_search(domain, C_IN, type, reply, sizeof(reply)); + if(len >= 0) + r = parse_reply(reply, len); + return r; +} + +#else /* defined(HAVE_RES_SEARCH) && defined(HAVE_DN_EXPAND) */ + +struct dns_reply * +dns_lookup(const char *domain, const char *type_name) +{ + return NULL; +} + +void +dns_free_data(struct dns_reply *r) +{ +} + +#endif + +#ifdef TEST + +int +main(int argc, char **argv) +{ + struct dns_reply *r; + struct resource_record *rr; + r = dns_lookup(argv[1], argv[2]); + if(r == NULL){ + printf("No reply.\n"); + return 1; + } + for(rr = r->head; rr;rr=rr->next){ + printf("%s %s %d ", rr->domain, type_to_string(rr->type), rr->ttl); + switch(rr->type){ + case T_NS: + printf("%s\n", (char*)rr->data); + break; + case T_A: + printf("%d.%d.%d.%d\n", + ((unsigned char*)rr->data)[0], + ((unsigned char*)rr->data)[1], + ((unsigned char*)rr->data)[2], + ((unsigned char*)rr->data)[3]); + break; + case T_MX: + case T_AFSDB:{ + struct mx_record *mx = (struct mx_record*)rr->data; + printf("%d %s\n", mx->preference, mx->domain); + break; + } + case T_SRV:{ + struct srv_record *srv = (struct srv_record*)rr->data; + printf("%d %d %d %s\n", srv->priority, srv->weight, + srv->port, srv->target); + break; + } + default: + printf("\n"); + break; + } + } + + return 0; +} +#endif diff --git a/crypto/kerberosIV/lib/krb/resolve.h b/crypto/kerberosIV/lib/krb/resolve.h new file mode 100644 index 0000000..dac9993 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/resolve.h @@ -0,0 +1,110 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: resolve.h,v 1.5 1997/05/14 17:41:25 joda Exp $ */ + +/* THIS IS NOT (yet) A PUBLIC INTERFACE */ + + +#ifndef __RESOLVE_H__ +#define __RESOLVE_H__ + +/* We use these, but they are not always present in <arpa/nameser.h> */ + +#ifndef T_TXT +#define T_TXT 16 +#endif +#ifndef T_AFSDB +#define T_AFSDB 18 +#endif +#ifndef T_SRV +#define T_SRV 33 +#endif + +struct dns_query{ + char *domain; + unsigned type; + unsigned class; +}; + +struct mx_record{ + unsigned preference; + char domain[1]; +}; + +struct srv_record{ + unsigned priority; + unsigned weight; + unsigned port; + char target[1]; +}; + +struct resource_record{ + char *domain; + unsigned type; + unsigned class; + unsigned ttl; + unsigned size; + union { + void *data; + struct mx_record *mx; + struct mx_record *afsdb; /* mx and afsdb are identical */ + struct srv_record *srv; + struct in_addr *a; + char *txt; + }u; + struct resource_record *next; +}; + + +#ifndef HAVE_ARPA_NAMESER_H /* XXX */ +typedef int HEADER; /* will never be used */ +#endif + +struct dns_reply{ + HEADER h; + struct dns_query q; + struct resource_record *head; +}; + + +struct dns_reply* dns_lookup(const char *, const char *); + +void dns_free_data(struct dns_reply *r); + +#endif /* __RESOLVE_H__ */ diff --git a/crypto/kerberosIV/lib/krb/rw.c b/crypto/kerberosIV/lib/krb/rw.c new file mode 100644 index 0000000..4b136aa --- /dev/null +++ b/crypto/kerberosIV/lib/krb/rw.c @@ -0,0 +1,128 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* Almost all programs use these routines (implicitly) so it's a good + * place to put the version string. */ + +#include "version.h" + +#include "krb_locl.h" + +RCSID("$Id: rw.c,v 1.8 1997/04/01 08:18:44 joda Exp $"); + +int +krb_get_int(void *f, u_int32_t *to, int size, int lsb) +{ + int i; + unsigned char *from = (unsigned char *)f; + + *to = 0; + if(lsb){ + for(i = size-1; i >= 0; i--) + *to = (*to << 8) | from[i]; + }else{ + for(i = 0; i < size; i++) + *to = (*to << 8) | from[i]; + } + return size; +} + +int +krb_put_int(u_int32_t from, void *to, int size) +{ + int i; + unsigned char *p = (unsigned char *)to; + for(i = size - 1; i >= 0; i--){ + p[i] = from & 0xff; + from >>= 8; + } + return size; +} + + +/* addresses are always sent in network byte order */ + +int +krb_get_address(void *from, u_int32_t *to) +{ + unsigned char *p = (unsigned char*)from; + *to = htonl((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]); + return 4; +} + +int +krb_put_address(u_int32_t addr, void *to) +{ + return krb_put_int(ntohl(addr), to, 4); +} + +int +krb_put_string(char *from, void *to) +{ + strcpy((char *)to, from); + return strlen(from) + 1; +} + +int +krb_get_string(void *from, char *to) +{ + return krb_put_string(from, to); +} + +int +krb_get_nir(void *from, char *name, char *instance, char *realm) +{ + char *p = (char *)from; + + p += krb_get_string(p, name); + p += krb_get_string(p, instance); + if(realm) + p += krb_get_string(p, realm); + return p - (char *)from; +} + +int +krb_put_nir(char *name, char *instance, char *realm, void *to) +{ + char *p = (char *)to; + p += krb_put_string(name, p); + p += krb_put_string(instance, p); + if(realm) + p += krb_put_string(realm, p); + return p - (char *)to; +} diff --git a/crypto/kerberosIV/lib/krb/save_credentials.c b/crypto/kerberosIV/lib/krb/save_credentials.c new file mode 100644 index 0000000..cfd6c07 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/save_credentials.c @@ -0,0 +1,59 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: save_credentials.c,v 1.5 1997/03/23 03:53:17 joda Exp $"); + +/* + * This routine takes a ticket and associated info and calls + * tf_save_cred() to store them in the ticket cache. The peer + * routine for extracting a ticket and associated info from the + * ticket cache is krb_get_cred(). When changes are made to + * this routine, the corresponding changes should be made + * in krb_get_cred() as well. + * + * Returns KSUCCESS if all goes well, otherwise an error returned + * by the tf_init() or tf_save_cred() routines. + */ + +int +save_credentials(char *service, /* Service name */ + char *instance, /* Instance */ + char *realm, /* Auth domain */ + unsigned char *session, /* Session key */ + int lifetime, /* Lifetime */ + int kvno, /* Key version number */ + KTEXT ticket, /* The ticket itself */ + int32_t issue_date) /* The issue time */ +{ + int tf_status; /* return values of the tf_util calls */ + + /* Open and lock the ticket file for writing */ + if ((tf_status = tf_init(TKT_FILE, W_TKT_FIL)) != KSUCCESS) + return(tf_status); + + /* Save credentials by appending to the ticket file */ + tf_status = tf_save_cred(service, instance, realm, session, + lifetime, kvno, ticket, issue_date); + tf_close(); + return (tf_status); +} diff --git a/crypto/kerberosIV/lib/krb/send_to_kdc.c b/crypto/kerberosIV/lib/krb/send_to_kdc.c new file mode 100644 index 0000000..828b34d --- /dev/null +++ b/crypto/kerberosIV/lib/krb/send_to_kdc.c @@ -0,0 +1,251 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: send_to_kdc.c,v 1.39 1997/05/15 21:02:31 joda Exp $"); + +struct host { + struct sockaddr_in addr; + int proto; +}; + +static const char *prog = "send_to_kdc"; +static send_recv(KTEXT pkt, KTEXT rpkt, int f, + struct sockaddr_in *_to, struct host *addrs, + int h_hosts); + +/* + * This file contains two routines, send_to_kdc() and send_recv(). + * send_recv() is a static routine used by send_to_kdc(). + */ + +/* + * send_to_kdc() sends a message to the Kerberos authentication + * server(s) in the given realm and returns the reply message. + * The "pkt" argument points to the message to be sent to Kerberos; + * the "rpkt" argument will be filled in with Kerberos' reply. + * The "realm" argument indicates the realm of the Kerberos server(s) + * to transact with. If the realm is null, the local realm is used. + * + * If more than one Kerberos server is known for a given realm, + * different servers will be queried until one of them replies. + * Several attempts (retries) are made for each server before + * giving up entirely. + * + * If an answer was received from a Kerberos host, KSUCCESS is + * returned. The following errors can be returned: + * + * SKDC_CANT - can't get local realm + * - can't find "kerberos" in /etc/services database + * - can't open socket + * - can't bind socket + * - all ports in use + * - couldn't find any Kerberos host + * + * SKDC_RETRY - couldn't get an answer from any Kerberos server, + * after several retries + */ + +int +send_to_kdc(KTEXT pkt, KTEXT rpkt, char *realm) +{ + int i; + int no_host; /* was a kerberos host found? */ + int retry; + int n_hosts; + int retval; + struct hostent *host; + char lrealm[REALM_SZ]; + struct krb_host *k_host; + struct host *hosts = malloc(sizeof(*hosts)); + + if (hosts == NULL) + return SKDC_CANT; + + /* + * If "realm" is non-null, use that, otherwise get the + * local realm. + */ + if (realm) + strcpy(lrealm, realm); + else + if (krb_get_lrealm(lrealm,1)) { + if (krb_debug) + krb_warning("%s: can't get local realm\n", prog); + return(SKDC_CANT); + } + if (krb_debug) + krb_warning("lrealm is %s\n", lrealm); + + no_host = 1; + /* get an initial allocation */ + n_hosts = 0; + for (i = 1; (k_host = krb_get_host(i, lrealm, 0)); ++i) { + char *p; + + if (krb_debug) + krb_warning("Getting host entry for %s...", k_host->host); + host = gethostbyname(k_host->host); + if (krb_debug) { + krb_warning("%s.\n", + host ? "Got it" : "Didn't get it"); + } + if (!host) + continue; + no_host = 0; /* found at least one */ + while ((p = *(host->h_addr_list)++)) { + hosts = realloc(hosts, sizeof(*hosts) * (n_hosts + 1)); + if (hosts == NULL) + return SKDC_CANT; + memset (&hosts[n_hosts].addr, 0, sizeof(hosts[n_hosts].addr)); + hosts[n_hosts].addr.sin_family = host->h_addrtype; + hosts[n_hosts].addr.sin_port = htons(k_host->port); + hosts[n_hosts].proto = k_host->proto; + memcpy(&hosts[n_hosts].addr.sin_addr, p, + sizeof(hosts[n_hosts].addr.sin_addr)); + ++n_hosts; + if (send_recv(pkt, rpkt, hosts[n_hosts-1].proto, + &hosts[n_hosts-1].addr, hosts, n_hosts)) { + retval = KSUCCESS; + goto rtn; + } + if (krb_debug) { + krb_warning("Timeout, error, or wrong descriptor\n"); + } + } + } + if (no_host) { + if (krb_debug) + krb_warning("%s: can't find any Kerberos host.\n", + prog); + retval = SKDC_CANT; + goto rtn; + } + /* retry each host in sequence */ + for (retry = 0; retry < CLIENT_KRB_RETRY; ++retry) { + for (i = 0; i < n_hosts; ++i) { + if (send_recv(pkt, rpkt, + hosts[i].proto, + &hosts[i].addr, + hosts, + n_hosts)) { + retval = KSUCCESS; + goto rtn; + } + } + } + retval = SKDC_RETRY; +rtn: + free(hosts); + return(retval); +} + +/* + * try to send out and receive message. + * return 1 on success, 0 on failure + */ + +static int +send_recv_it(KTEXT pkt, KTEXT rpkt, int stream, int f, + struct sockaddr_in *_to, struct host *addrs, int n_hosts) +{ + fd_set readfds; + int numsent; + + /* CLIENT_KRB_TIMEOUT indicates the time to wait before + * retrying a server. It's defined in "krb.h". + */ + struct timeval timeout; + timeout.tv_sec = CLIENT_KRB_TIMEOUT; + timeout.tv_usec = 0; + + if (krb_debug) { + if (_to->sin_family == AF_INET) + krb_warning("Sending message to %s...", + inet_ntoa(_to->sin_addr)); + else + krb_warning("Sending message..."); + } + if(stream){ + unsigned char tmp[4]; + krb_put_int(pkt->length, tmp, 4); + if((numsent = send(f, tmp, 4, 0)) != 4){ + if (krb_debug) + krb_warning("sent only %d/%d\n", numsent, 4); + return 0; + } + } + if ((numsent = send(f, pkt->dat, pkt->length, 0)) != pkt->length) { + if (krb_debug) + krb_warning("sent only %d/%d\n",numsent, pkt->length); + return 0; + } + if (krb_debug) + krb_warning("Sent\nWaiting for reply..."); + FD_ZERO(&readfds); + FD_SET(f, &readfds); + /* select - either recv is ready, or timeout */ + /* see if timeout or error or wrong descriptor */ + if (select(f + 1, &readfds, 0, 0, &timeout) < 1 + || !FD_ISSET(f, &readfds)) { + if (krb_debug) + krb_warning("select failed: errno = %d", errno); + return 0; + } + if(stream){ + if(krb_net_read(f, rpkt->dat, sizeof(rpkt->dat)) <= 0) + return 0; + }else{ + if (recv (f, rpkt->dat, sizeof(rpkt->dat), 0) < 0) { + if (krb_debug) + krb_warning("recvfrom: errno = %d\n", errno); + return 0; + } + } + return 1; +} + +static int +send_recv(KTEXT pkt, KTEXT rpkt, int proto, struct sockaddr_in *_to, + struct host *addrs, int n_hosts) +{ + int f; + int ret = 0; + if(proto == IPPROTO_UDP) + f = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); + else if(proto == IPPROTO_TCP) + f = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); + else{ + krb_warning("Unknown protocol `%d'.\n", proto); + return 0; + } + + if(connect(f, (struct sockaddr*)_to, sizeof(*_to)) < 0) + krb_warning("Connecting socket: errno = %d\n", errno); + else + ret = send_recv_it(pkt, rpkt, proto == IPPROTO_TCP, f, + _to, addrs, n_hosts); + + close(f); + return ret; +} + diff --git a/crypto/kerberosIV/lib/krb/sendauth.c b/crypto/kerberosIV/lib/krb/sendauth.c new file mode 100644 index 0000000..4240bcf --- /dev/null +++ b/crypto/kerberosIV/lib/krb/sendauth.c @@ -0,0 +1,163 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: sendauth.c,v 1.15 1997/04/18 14:11:36 joda Exp $"); + +/* + * krb_sendauth() transmits a ticket over a file descriptor for a + * desired service, instance, and realm, doing mutual authentication + * with the server if desired. + */ + +/* + * The first argument to krb_sendauth() contains a bitfield of + * options (the options are defined in "krb.h"): + * + * KOPT_DONT_CANON Don't canonicalize instance as a hostname. + * (If this option is not chosen, krb_get_phost() + * is called to canonicalize it.) + * + * KOPT_DONT_MK_REQ Don't request server ticket from Kerberos. + * A ticket must be supplied in the "ticket" + * argument. + * (If this option is not chosen, and there + * is no ticket for the given server in the + * ticket cache, one will be fetched using + * krb_mk_req() and returned in "ticket".) + * + * KOPT_DO_MUTUAL Do mutual authentication, requiring that the + * receiving server return the checksum+1 encrypted + * in the session key. The mutual authentication + * is done using krb_mk_priv() on the other side + * (see "recvauth.c") and krb_rd_priv() on this + * side. + * + * The "fd" argument is a file descriptor to write to the remote + * server on. The "ticket" argument is used to store the new ticket + * from the krb_mk_req() call. If the KOPT_DONT_MK_REQ options is + * chosen, the ticket must be supplied in the "ticket" argument. + * The "service", "inst", and "realm" arguments identify the ticket. + * If "realm" is null, the local realm is used. + * + * The following arguments are only needed if the KOPT_DO_MUTUAL option + * is chosen: + * + * The "checksum" argument is a number that the server will add 1 to + * to authenticate itself back to the client; the "msg_data" argument + * holds the returned mutual-authentication message from the server + * (i.e., the checksum+1); the "cred" structure is used to hold the + * session key of the server, extracted from the ticket file, for use + * in decrypting the mutual authentication message from the server; + * and "schedule" holds the key schedule for that decryption. The + * the local and server addresses are given in "laddr" and "faddr". + * + * The application protocol version number (of up to KRB_SENDAUTH_VLEN + * characters) is passed in "version". + * + * If all goes well, KSUCCESS is returned, otherwise some error code. + * + * The format of the message sent to the server is: + * + * Size Variable Field + * ---- -------- ----- + * + * KRB_SENDAUTH_VLEN KRB_SENDAUTH_VER sendauth protocol + * bytes version number + * + * KRB_SENDAUTH_VLEN version application protocol + * bytes version number + * + * 4 bytes ticket->length length of ticket + * + * ticket->length ticket->dat ticket itself + */ + +int +krb_sendauth(int32_t options, /* bit-pattern of options */ + int fd, /* file descriptor to write onto */ + KTEXT ticket, /* where to put ticket (return); or + * supplied in case of KOPT_DONT_MK_REQ */ + char *service, /* service name, instance, realm */ + char *instance, + char *realm, + u_int32_t checksum, /* checksum to include in request */ + MSG_DAT *msg_data, /* mutual auth MSG_DAT (return) */ + CREDENTIALS *cred, /* credentials (return) */ + struct des_ks_struct *schedule, /* key schedule (return) */ + struct sockaddr_in *laddr, /* local address */ + struct sockaddr_in *faddr, /* address of foreign host on fd */ + char *version) /* version string */ +{ + int ret; + KTEXT_ST buf; + char realrealm[REALM_SZ]; + + if (realm == NULL) { + ret = krb_get_lrealm (realrealm, 1); + if (ret != KSUCCESS) + return ret; + realm = realrealm; + } + ret = krb_mk_auth (options, ticket, service, instance, realm, checksum, + version, &buf); + if (ret != KSUCCESS) + return ret; + ret = krb_net_write(fd, buf.dat, buf.length); + if(ret < 0) + return -1; + + if (options & KOPT_DO_MUTUAL) { + char tmp[4]; + u_int32_t len; + char inst[INST_SZ]; + + ret = krb_net_read (fd, tmp, 4); + if (ret < 0) + return -1; + + krb_get_int (tmp, &len, 4, 0); + if (len == 0xFFFFFFFF || len > sizeof(buf.dat)) + return KFAILURE; + buf.length = len; + ret = krb_net_read (fd, buf.dat, len); + if (ret < 0) + return -1; + + if (options & KOPT_DONT_CANON) + strncpy (inst, instance, sizeof(inst)); + else + strncpy (inst, krb_get_phost(instance), sizeof(inst)); + + ret = krb_get_cred (service, inst, realm, cred); + if (ret != KSUCCESS) + return ret; + + des_key_sched(&cred->session, schedule); + + ret = krb_check_auth (&buf, checksum, msg_data, &cred->session, + schedule, laddr, faddr); + if (ret != KSUCCESS) + return ret; + } + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/sizetest.c b/crypto/kerberosIV/lib/krb/sizetest.c new file mode 100644 index 0000000..d64bbeb --- /dev/null +++ b/crypto/kerberosIV/lib/krb/sizetest.c @@ -0,0 +1,41 @@ +#include "krb_locl.h" + +RCSID("$Id: sizetest.c,v 1.5 1996/11/15 18:39:19 bg Exp $"); + +static +void +err(const char *msg) +{ + fputs(msg, stderr); + exit(1); +} + +int +main() +{ + if (sizeof(u_int8_t) < 1) + err("sizeof(u_int8_t) is smaller than 1 byte\n"); + if (sizeof(u_int16_t) < 2) + err("sizeof(u_int16_t) is smaller than 2 bytes\n"); + if (sizeof(u_int32_t) < 4) + err("sizeof(u_int32_t) is smaller than 4 bytes\n"); + + if (sizeof(u_int8_t) > 1) + fputs("warning: sizeof(u_int8_t) is larger than 1 byte, " + "some stuff may not work properly!\n", stderr); + + { + u_int8_t u = 1; + int i; + for (i = 0; u != 0 && i < 100; i++) + u <<= 1; + + if (i < 8) + err("u_int8_t is smaller than 8 bits\n"); + else if (i > 8) + fputs("warning: u_int8_t is larger than 8 bits, " + "some stuff may not work properly!\n", stderr); + } + + exit(0); +} diff --git a/crypto/kerberosIV/lib/krb/stime.c b/crypto/kerberosIV/lib/krb/stime.c new file mode 100644 index 0000000..ec57d8f --- /dev/null +++ b/crypto/kerberosIV/lib/krb/stime.c @@ -0,0 +1,35 @@ +/* + * $Id: stime.c,v 1.6 1997/05/02 14:29:20 assar Exp $ + * + * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute + * of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + */ + +#include "krb_locl.h" + +RCSID("$Id: stime.c,v 1.6 1997/05/02 14:29:20 assar Exp $"); + +/* + * Given a pointer to a long containing the number of seconds + * since the beginning of time (midnight 1 Jan 1970 GMT), return + * a string containing the local time in the form: + * + * "25-Jan-1988 10:17:56" + */ + +const char * +krb_stime(time_t *t) +{ + static char st[40]; + struct tm *tm; + + tm = localtime(t); + snprintf(st, sizeof(st), + "%2d-%s-%04d %02d:%02d:%02d",tm->tm_mday, + month_sname(tm->tm_mon + 1),tm->tm_year + 1900, + tm->tm_hour, tm->tm_min, tm->tm_sec); + return st; +} diff --git a/crypto/kerberosIV/lib/krb/str2key.c b/crypto/kerberosIV/lib/krb/str2key.c new file mode 100644 index 0000000..2b00fc1 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/str2key.c @@ -0,0 +1,103 @@ +/* This defines the Andrew string_to_key function. It accepts a password + * string as input and converts its via a one-way encryption algorithm to a DES + * encryption key. It is compatible with the original Andrew authentication + * service password database. + */ + +#include "krb_locl.h" + +RCSID("$Id: str2key.c,v 1.10 1997/03/23 03:53:19 joda Exp $"); + +static void +mklower(char *s) +{ + for (; *s; s++) + if ('A' <= *s && *s <= 'Z') + *s = *s - 'A' + 'a'; +} + +/* + * Short passwords, i.e 8 characters or less. + */ +static void +afs_cmu_StringToKey (char *str, char *cell, des_cblock *key) +{ + char password[8+1]; /* crypt is limited to 8 chars anyway */ + int i; + int passlen; + + memset (key, 0, sizeof(key)); + memset(password, 0, sizeof(password)); + + strncpy (password, cell, 8); + passlen = strlen (str); + if (passlen > 8) passlen = 8; + + for (i=0; i<passlen; i++) + password[i] = str[i] ^ cell[i]; /* make sure cell is zero padded */ + + for (i=0; i<8; i++) + if (password[i] == '\0') password[i] = 'X'; + + /* crypt only considers the first 8 characters of password but for some + reason returns eleven characters of result (plus the two salt chars). */ + strncpy((char *)key, (char *)crypt(password, "#~") + 2, sizeof(des_cblock)); + + /* parity is inserted into the LSB so leftshift each byte up one bit. This + allows ascii characters with a zero MSB to retain as much significance + as possible. */ + { char *keybytes = (char *)key; + unsigned int temp; + + for (i = 0; i < 8; i++) { + temp = (unsigned int) keybytes[i]; + keybytes[i] = (unsigned char) (temp << 1); + } + } + des_fixup_key_parity (key); +} + +/* + * Long passwords, i.e 9 characters or more. + */ +static void +afs_transarc_StringToKey (char *str, char *cell, des_cblock *key) +{ + des_key_schedule schedule; + des_cblock temp_key; + des_cblock ivec; + char password[512]; + int passlen; + + strncpy (password, str, sizeof(password)); + if ((passlen = strlen (password)) < sizeof(password)-1) + strncat (password, cell, sizeof(password)-passlen); + if ((passlen = strlen(password)) > sizeof(password)) passlen = sizeof(password); + + memcpy(&ivec, "kerberos", 8); + memcpy(&temp_key, "kerberos", 8); + des_fixup_key_parity (&temp_key); + des_key_sched (&temp_key, schedule); + des_cbc_cksum ((des_cblock *)password, &ivec, passlen, schedule, &ivec); + + memcpy(&temp_key, &ivec, 8); + des_fixup_key_parity (&temp_key); + des_key_sched (&temp_key, schedule); + des_cbc_cksum ((des_cblock *)password, key, passlen, schedule, &ivec); + + des_fixup_key_parity (key); +} + +void +afs_string_to_key(char *str, char *cell, des_cblock *key) +{ + char realm[REALM_SZ+1]; + strncpy(realm, cell, REALM_SZ); + realm[REALM_SZ] = 0; + mklower(realm); + + if (strlen(str) > 8) + afs_transarc_StringToKey (str, realm, key); + else + afs_cmu_StringToKey (str, realm, key); +} diff --git a/crypto/kerberosIV/lib/krb/swab.c b/crypto/kerberosIV/lib/krb/swab.c new file mode 100644 index 0000000..d68ce3d --- /dev/null +++ b/crypto/kerberosIV/lib/krb/swab.c @@ -0,0 +1,56 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: swab.c,v 1.4 1997/04/01 08:18:45 joda Exp $"); +#endif + +#ifndef HAVE_SWAB +void +swab (char *from, char *to, int nbytes) +{ + while(nbytes >= 2) { + *(to + 1) = *from; + *to = *(from + 1); + to += 2; + from += 2; + nbytes -= 2; + } +} +#endif diff --git a/crypto/kerberosIV/lib/krb/tf_util.c b/crypto/kerberosIV/lib/krb/tf_util.c new file mode 100644 index 0000000..a196448 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/tf_util.c @@ -0,0 +1,645 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: tf_util.c,v 1.24 1997/04/20 06:24:32 assar Exp $"); + + +#define TOO_BIG -1 +#define TF_LCK_RETRY ((unsigned)2) /* seconds to sleep before + * retry if ticket file is + * locked */ +#define TF_LCK_RETRY_COUNT (50) /* number of retries */ + +#ifndef O_BINARY +#define O_BINARY 0 +#endif + +/* + * fd must be initialized to something that won't ever occur as a real + * file descriptor. Since open(2) returns only non-negative numbers as + * valid file descriptors, and tf_init always stuffs the return value + * from open in here even if it is an error flag, we must + * a. Initialize fd to a negative number, to indicate that it is + * not initially valid. + * b. When checking for a valid fd, assume that negative values + * are invalid (ie. when deciding whether tf_init has been + * called.) + * c. In tf_close, be sure it gets reinitialized to a negative + * number. + */ +static int fd = -1; +static int curpos; /* Position in tfbfr */ +static int lastpos; /* End of tfbfr */ +static char tfbfr[BUFSIZ]; /* Buffer for ticket data */ + +static int tf_gets(char *s, int n); +static int tf_read(void *s, int n); + +/* + * This file contains routines for manipulating the ticket cache file. + * + * The ticket file is in the following format: + * + * principal's name (null-terminated string) + * principal's instance (null-terminated string) + * CREDENTIAL_1 + * CREDENTIAL_2 + * ... + * CREDENTIAL_n + * EOF + * + * Where "CREDENTIAL_x" consists of the following fixed-length + * fields from the CREDENTIALS structure (see "krb.h"): + * + * char service[ANAME_SZ] + * char instance[INST_SZ] + * char realm[REALM_SZ] + * C_Block session + * int lifetime + * int kvno + * KTEXT_ST ticket_st + * u_int32_t issue_date + * + * Short description of routines: + * + * tf_init() opens the ticket file and locks it. + * + * tf_get_pname() returns the principal's name. + * + * tf_put_pname() writes the principal's name to the ticket file. + * + * tf_get_pinst() returns the principal's instance (may be null). + * + * tf_put_pinst() writes the instance. + * + * tf_get_cred() returns the next CREDENTIALS record. + * + * tf_save_cred() appends a new CREDENTIAL record to the ticket file. + * + * tf_close() closes the ticket file and releases the lock. + * + * tf_gets() returns the next null-terminated string. It's an internal + * routine used by tf_get_pname(), tf_get_pinst(), and tf_get_cred(). + * + * tf_read() reads a given number of bytes. It's an internal routine + * used by tf_get_cred(). + */ + +/* + * tf_init() should be called before the other ticket file routines. + * It takes the name of the ticket file to use, "tf_name", and a + * read/write flag "rw" as arguments. + * + * It tries to open the ticket file, checks the mode, and if everything + * is okay, locks the file. If it's opened for reading, the lock is + * shared. If it's opened for writing, the lock is exclusive. + * + * Returns KSUCCESS if all went well, otherwise one of the following: + * + * NO_TKT_FIL - file wasn't there + * TKT_FIL_ACC - file was in wrong mode, etc. + * TKT_FIL_LCK - couldn't lock the file, even after a retry + */ + +int +tf_init(char *tf_name, int rw) +{ + /* Unix implementation */ + int wflag; + struct stat stat_buf; + int i_retry; + + switch (rw) { + case R_TKT_FIL: + wflag = 0; + break; + case W_TKT_FIL: + wflag = 1; + break; + default: + if (krb_debug) + krb_warning("tf_init: illegal parameter\n"); + return TKT_FIL_ACC; + } + if (lstat(tf_name, &stat_buf) < 0) + switch (errno) { + case ENOENT: + return NO_TKT_FIL; + default: + return TKT_FIL_ACC; + } + /* The old code tried to guess when the calling program was + * running set-uid, this is now removed - the kerberos library + * does not (or shouldn't) know anything about user-ids. + + * All library functions now assume that the right userids are set + * upon entry, therefore there is no need to test permissions like + * before. If the file is openable, just open it. + */ + + if(!S_ISREG(stat_buf.st_mode)) + return TKT_FIL_ACC; + + + /* + * If "wflag" is set, open the ticket file in append-writeonly mode + * and lock the ticket file in exclusive mode. If unable to lock + * the file, sleep and try again. If we fail again, return with the + * proper error message. + */ + + curpos = sizeof(tfbfr); + + + if (wflag) { + fd = open(tf_name, O_RDWR | O_BINARY, 0600); + if (fd < 0) { + return TKT_FIL_ACC; + } + for (i_retry = 0; i_retry < TF_LCK_RETRY_COUNT; i_retry++) { + if (k_flock(fd, K_LOCK_EX | K_LOCK_NB) < 0) { + if (krb_debug) + krb_warning("tf_init: retry %d of write lock of `%s'.\n", + i_retry, tf_name); + sleep (TF_LCK_RETRY); + } else { + return KSUCCESS; /* all done */ + } + } + close (fd); + fd = -1; + return TKT_FIL_LCK; + } + /* + * Otherwise "wflag" is not set and the ticket file should be opened + * for read-only operations and locked for shared access. + */ + + fd = open(tf_name, O_RDONLY | O_BINARY, 0600); + if (fd < 0) { + return TKT_FIL_ACC; + } + + for (i_retry = 0; i_retry < TF_LCK_RETRY_COUNT; i_retry++) { + if (k_flock(fd, K_LOCK_SH | K_LOCK_NB) < 0) { + if (krb_debug) + krb_warning("tf_init: retry %d of read lock of `%s'.\n", + i_retry, tf_name); + sleep (TF_LCK_RETRY); + } else { + return KSUCCESS; /* all done */ + } + } + /* failure */ + close(fd); + fd = -1; + return TKT_FIL_LCK; +} + +/* + * tf_create() should be called when creating a new ticket file. + * The only argument is the name of the ticket file. + * After calling this, it should be possible to use other tf_* functions. + * + * New algoritm for creating ticket file: + * 1. try to erase contents of existing file. + * 2. try to remove old file. + * 3. try to open with O_CREAT and O_EXCL + * 4. if this fails, someone has created a file in between 1 and 2 and + * we should fail. Otherwise, all is wonderful. + */ + +int +tf_create(char *tf_name) +{ + struct stat statbuf; + char garbage[BUFSIZ]; + + fd = open(tf_name, O_RDWR | O_BINARY, 0); + if (fd >= 0) { + if (fstat (fd, &statbuf) == 0) { + int i; + + for (i = 0; i < statbuf.st_size; i += sizeof(garbage)) + write (fd, garbage, sizeof(garbage)); + } + close (fd); + } + + if (unlink (tf_name) && errno != ENOENT) + return TKT_FIL_ACC; + + fd = open(tf_name, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600); + if (fd < 0) + return TKT_FIL_ACC; + if (k_flock(fd, K_LOCK_EX | K_LOCK_NB) < 0) { + sleep(TF_LCK_RETRY); + if (k_flock(fd, K_LOCK_EX | K_LOCK_NB) < 0) { + close(fd); + fd = -1; + return TKT_FIL_LCK; + } + } + return KSUCCESS; +} + +/* + * tf_get_pname() reads the principal's name from the ticket file. It + * should only be called after tf_init() has been called. The + * principal's name is filled into the "p" parameter. If all goes well, + * KSUCCESS is returned. If tf_init() wasn't called, TKT_FIL_INI is + * returned. If the name was null, or EOF was encountered, or the name + * was longer than ANAME_SZ, TKT_FIL_FMT is returned. + */ + +int +tf_get_pname(char *p) +{ + if (fd < 0) { + if (krb_debug) + krb_warning("tf_get_pname called before tf_init.\n"); + return TKT_FIL_INI; + } + if (tf_gets(p, ANAME_SZ) < 2) /* can't be just a null */ + { + if (krb_debug) + krb_warning ("tf_get_pname: pname < 2.\n"); + return TKT_FIL_FMT; + } + return KSUCCESS; +} + +/* + * tf_put_pname() sets the principal's name in the ticket file. Call + * after tf_create(). + */ + +int +tf_put_pname(char *p) +{ + unsigned count; + + if (fd < 0) { + if (krb_debug) + krb_warning("tf_put_pname called before tf_create.\n"); + return TKT_FIL_INI; + } + count = strlen(p)+1; + if (write(fd,p,count) != count) + return(KFAILURE); + return KSUCCESS; +} + +/* + * tf_get_pinst() reads the principal's instance from a ticket file. + * It should only be called after tf_init() and tf_get_pname() have been + * called. The instance is filled into the "inst" parameter. If all + * goes well, KSUCCESS is returned. If tf_init() wasn't called, + * TKT_FIL_INI is returned. If EOF was encountered, or the instance + * was longer than ANAME_SZ, TKT_FIL_FMT is returned. Note that the + * instance may be null. + */ + +int +tf_get_pinst(char *inst) +{ + if (fd < 0) { + if (krb_debug) + krb_warning("tf_get_pinst called before tf_init.\n"); + return TKT_FIL_INI; + } + if (tf_gets(inst, INST_SZ) < 1) + { + if (krb_debug) + krb_warning("tf_get_pinst: inst_sz < 1.\n"); + return TKT_FIL_FMT; + } + return KSUCCESS; +} + +/* + * tf_put_pinst writes the principal's instance to the ticket file. + * Call after tf_create. + */ + +int +tf_put_pinst(char *inst) +{ + unsigned count; + + if (fd < 0) { + if (krb_debug) + krb_warning("tf_put_pinst called before tf_create.\n"); + return TKT_FIL_INI; + } + count = strlen(inst)+1; + if (write(fd,inst,count) != count) + return(KFAILURE); + return KSUCCESS; +} + +/* + * tf_get_cred() reads a CREDENTIALS record from a ticket file and fills + * in the given structure "c". It should only be called after tf_init(), + * tf_get_pname(), and tf_get_pinst() have been called. If all goes well, + * KSUCCESS is returned. Possible error codes are: + * + * TKT_FIL_INI - tf_init wasn't called first + * TKT_FIL_FMT - bad format + * EOF - end of file encountered + */ + +int +tf_get_cred(CREDENTIALS *c) +{ + KTEXT ticket = &c->ticket_st; /* pointer to ticket */ + int k_errno; + + if (fd < 0) { + if (krb_debug) + krb_warning ("tf_get_cred called before tf_init.\n"); + return TKT_FIL_INI; + } + if ((k_errno = tf_gets(c->service, SNAME_SZ)) < 2) + switch (k_errno) { + case TOO_BIG: + if (krb_debug) + krb_warning("tf_get_cred: too big service cred.\n"); + case 1: /* can't be just a null */ + tf_close(); + if (krb_debug) + krb_warning("tf_get_cred: null service cred.\n"); + return TKT_FIL_FMT; + case 0: + return EOF; + } + if ((k_errno = tf_gets(c->instance, INST_SZ)) < 1) + switch (k_errno) { + case TOO_BIG: + if (krb_debug) + krb_warning ("tf_get_cred: too big instance cred.\n"); + return TKT_FIL_FMT; + case 0: + return EOF; + } + if ((k_errno = tf_gets(c->realm, REALM_SZ)) < 2) + switch (k_errno) { + case TOO_BIG: + if (krb_debug) + krb_warning ("tf_get_cred: too big realm cred.\n"); + case 1: /* can't be just a null */ + tf_close(); + if (krb_debug) + krb_warning ("tf_get_cred: null realm cred.\n"); + return TKT_FIL_FMT; + case 0: + return EOF; + } + if ( + tf_read((c->session), DES_KEY_SZ) < 1 || + tf_read(&(c->lifetime), sizeof(c->lifetime)) < 1 || + tf_read(&(c->kvno), sizeof(c->kvno)) < 1 || + tf_read(&(ticket->length), sizeof(ticket->length)) + < 1 || + /* don't try to read a silly amount into ticket->dat */ + ticket->length > MAX_KTXT_LEN || + tf_read((ticket->dat), ticket->length) < 1 || + tf_read(&(c->issue_date), sizeof(c->issue_date)) < 1 + ) { + tf_close(); + if (krb_debug) + krb_warning ("tf_get_cred: failed tf_read.\n"); + return TKT_FIL_FMT; + } + return KSUCCESS; +} + +/* + * tf_close() closes the ticket file and sets "fd" to -1. If "fd" is + * not a valid file descriptor, it just returns. It also clears the + * buffer used to read tickets. + * + * The return value is not defined. + */ + +void +tf_close(void) +{ + if (!(fd < 0)) { + k_flock(fd, K_LOCK_UN); + close(fd); + fd = -1; /* see declaration of fd above */ + } + memset(tfbfr, 0, sizeof(tfbfr)); +} + +/* + * tf_gets() is an internal routine. It takes a string "s" and a count + * "n", and reads from the file until either it has read "n" characters, + * or until it reads a null byte. When finished, what has been read exists + * in "s". If it encounters EOF or an error, it closes the ticket file. + * + * Possible return values are: + * + * n the number of bytes read (including null terminator) + * when all goes well + * + * 0 end of file or read error + * + * TOO_BIG if "count" characters are read and no null is + * encountered. This is an indication that the ticket + * file is seriously ill. + */ + +static int +tf_gets(char *s, int n) +{ + int count; + + if (fd < 0) { + if (krb_debug) + krb_warning ("tf_gets called before tf_init.\n"); + return TKT_FIL_INI; + } + for (count = n - 1; count > 0; --count) { + if (curpos >= sizeof(tfbfr)) { + lastpos = read(fd, tfbfr, sizeof(tfbfr)); + curpos = 0; + } + if (curpos == lastpos) { + tf_close(); + return 0; + } + *s = tfbfr[curpos++]; + if (*s++ == '\0') + return (n - count); + } + tf_close(); + return TOO_BIG; +} + +/* + * tf_read() is an internal routine. It takes a string "s" and a count + * "n", and reads from the file until "n" bytes have been read. When + * finished, what has been read exists in "s". If it encounters EOF or + * an error, it closes the ticket file. + * + * Possible return values are: + * + * n the number of bytes read when all goes well + * + * 0 on end of file or read error + */ + +static int +tf_read(void *v, int n) +{ + char *s = (char *)v; + int count; + + for (count = n; count > 0; --count) { + if (curpos >= sizeof(tfbfr)) { + lastpos = read(fd, tfbfr, sizeof(tfbfr)); + curpos = 0; + } + if (curpos == lastpos) { + tf_close(); + return 0; + } + *s++ = tfbfr[curpos++]; + } + return n; +} + +/* + * tf_save_cred() appends an incoming ticket to the end of the ticket + * file. You must call tf_init() before calling tf_save_cred(). + * + * The "service", "instance", and "realm" arguments specify the + * server's name; "session" contains the session key to be used with + * the ticket; "kvno" is the server key version number in which the + * ticket is encrypted, "ticket" contains the actual ticket, and + * "issue_date" is the time the ticket was requested (local host's time). + * + * Returns KSUCCESS if all goes well, TKT_FIL_INI if tf_init() wasn't + * called previously, and KFAILURE for anything else that went wrong. + */ + +int +tf_save_cred(char *service, /* Service name */ + char *instance, /* Instance */ + char *realm, /* Auth domain */ + unsigned char *session, /* Session key */ + int lifetime, /* Lifetime */ + int kvno, /* Key version number */ + KTEXT ticket, /* The ticket itself */ + u_int32_t issue_date) /* The issue time */ +{ + int count; /* count for write */ + + if (fd < 0) { /* fd is ticket file as set by tf_init */ + if (krb_debug) + krb_warning ("tf_save_cred called before tf_init.\n"); + return TKT_FIL_INI; + } + /* Find the end of the ticket file */ + lseek(fd, 0L, SEEK_END); + + /* Write the ticket and associated data */ + /* Service */ + count = strlen(service) + 1; + if (write(fd, service, count) != count) + goto bad; + /* Instance */ + count = strlen(instance) + 1; + if (write(fd, instance, count) != count) + goto bad; + /* Realm */ + count = strlen(realm) + 1; + if (write(fd, realm, count) != count) + goto bad; + /* Session key */ + if (write(fd, session, 8) != 8) + goto bad; + /* Lifetime */ + if (write(fd, &lifetime, sizeof(int)) != sizeof(int)) + goto bad; + /* Key vno */ + if (write(fd, &kvno, sizeof(int)) != sizeof(int)) + goto bad; + /* Tkt length */ + if (write(fd, &(ticket->length), sizeof(int)) != + sizeof(int)) + goto bad; + /* Ticket */ + count = ticket->length; + if (write(fd, ticket->dat, count) != count) + goto bad; + /* Issue date */ + if (write(fd, &issue_date, sizeof(issue_date)) != sizeof(issue_date)) + goto bad; + + return (KSUCCESS); +bad: + return (KFAILURE); +} + +int +tf_setup(CREDENTIALS *cred, char *pname, char *pinst) +{ + int ret; + ret = tf_create(tkt_string()); + if (ret != KSUCCESS) + return ret; + + if (tf_put_pname(pname) != KSUCCESS || + tf_put_pinst(pinst) != KSUCCESS) { + tf_close(); + return INTK_ERR; + } + + ret = tf_save_cred(cred->service, cred->instance, cred->realm, + cred->session, cred->lifetime, cred->kvno, + &cred->ticket_st, cred->issue_date); + tf_close(); + return ret; +} + +int +in_tkt(char *pname, char *pinst) +{ + int ret; + + ret = tf_create (tkt_string()); + if (ret != KSUCCESS) + return ret; + + if (tf_put_pname(pname) != KSUCCESS || + tf_put_pinst(pinst) != KSUCCESS) { + tf_close(); + return INTK_ERR; + } + + tf_close(); + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/ticket_memory.c b/crypto/kerberosIV/lib/krb/ticket_memory.c new file mode 100644 index 0000000..04e20b6 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/ticket_memory.c @@ -0,0 +1,438 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* ticket_memory.c - Storage for tickets in memory + * Author: d93-jka@nada.kth.se - June 1996 + */ + +#define WIN32_LEAN_AND_MEAN +#include <Windows.h> +#include "krb_locl.h" +#include "ticket_memory.h" + +RCSID("$Id: ticket_memory.c,v 1.9 1997/04/20 18:07:36 assar Exp $"); + +void msg(char *text, int error); + +/* Global variables for memory mapping. */ +HANDLE SharedMemoryHandle; +tktmem *SharedMemory; + +static int CredIndex = -1; + +int +newTktMem(const char *tf_name) +{ + if(!SharedMemory) + { + unsigned int MemorySize = sizeof(tktmem); + unsigned int MemorySizeHi = sizeof(tktmem)>>16; + unsigned int MemorySizeLo = MemorySize&0xFFFF; + SharedMemoryHandle = CreateFileMapping((HANDLE)(int)-1, 0, + PAGE_READWRITE, + MemorySizeHi, MemorySizeLo, + "krb_memory"); + + if(!SharedMemoryHandle) + { + msg("Could not create shared memory.", GetLastError()); + return KFAILURE; + } + + SharedMemory = MapViewOfFile(SharedMemoryHandle, + FILE_MAP_WRITE, 0, 0, 0); + if(!SharedMemory) + { + msg("Unable to alloc shared memory.", GetLastError()); + return KFAILURE; + } + if(GetLastError() != ERROR_ALREADY_EXISTS) + { + if(tf_name) + strcpy(SharedMemory->tmname, tf_name); + SharedMemory->last_cred_no = 0; + } + } + + CredIndex = 0; + return KSUCCESS; +} + +int +freeTktMem(const char *tf_name) +{ + if(SharedMemory) + { + UnmapViewOfFile(SharedMemory); + CloseHandle(SharedMemoryHandle); + } + return KSUCCESS; +} + + + +tktmem * +getTktMem(const char *tf_name) +{ + return SharedMemory; +} + +void +firstCred(void) +{ + if(getTktMem(0)->last_cred_no > 0) + CredIndex = 0; + else + CredIndex = -1; +} + +int +nextCredIndex(void) +{ + const tktmem *mem; + int last; + mem = getTktMem(0); + last = mem->last_cred_no; + if(CredIndex >= 0 && CredIndex < last ) + return CredIndex++; + else + return CredIndex = -1; +} + +int +currCredIndex(void) +{ + const tktmem *mem; + int last; + mem = getTktMem(0); + last = mem->last_cred_no; + if(CredIndex >= 0 && CredIndex < last) + return CredIndex; + else + return CredIndex = -1; +} + +int +nextFreeIndex(void) +{ + tktmem *mem = getTktMem(0); + if(mem->last_cred_no > CRED_VEC_SZ) + return -1; + else + return mem->last_cred_no++; +} + +/* + * in_tkt() is used to initialize the ticket store. It creates the + * file to contain the tickets and writes the given user's name "pname" + * and instance "pinst" in the file. in_tkt() returns KSUCCESS on + * success, or KFAILURE if something goes wrong. + */ + +int +in_tkt(char *pname, char *pinst) +{ + /* Here goes code to initialize shared memory, to store tickets in. */ + /* Implemented somewhere else. */ + return KFAILURE; +} + +/* + * dest_tkt() is used to destroy the ticket store upon logout. + * If the ticket file does not exist, dest_tkt() returns RET_TKFIL. + * Otherwise the function returns RET_OK on success, KFAILURE on + * failure. + * + * The ticket file (TKT_FILE) is defined in "krb.h". + */ + +int +dest_tkt(void) +{ + /* Here goes code to destroy tickets in shared memory. */ + /* Not implemented yet. */ + return KFAILURE; +} + +/* Short description of routines: + * + * tf_init() opens the ticket file and locks it. + * + * tf_get_pname() returns the principal's name. + * + * tf_put_pname() writes the principal's name to the ticket file. + * + * tf_get_pinst() returns the principal's instance (may be null). + * + * tf_put_pinst() writes the instance. + * + * tf_get_cred() returns the next CREDENTIALS record. + * + * tf_save_cred() appends a new CREDENTIAL record to the ticket file. + * + * tf_close() closes the ticket file and releases the lock. + * + * tf_gets() returns the next null-terminated string. It's an internal + * routine used by tf_get_pname(), tf_get_pinst(), and tf_get_cred(). + * + * tf_read() reads a given number of bytes. It's an internal routine + * used by tf_get_cred(). + */ + +/* + * tf_init() should be called before the other ticket file routines. + * It takes the name of the ticket file to use, "tf_name", and a + * read/write flag "rw" as arguments. + * + * Returns KSUCCESS if all went well, otherwise one of the following: + * + * NO_TKT_FIL - file wasn't there + * TKT_FIL_ACC - file was in wrong mode, etc. + * TKT_FIL_LCK - couldn't lock the file, even after a retry + */ + +int +tf_init(char *tf_name, int rw) +{ + if(!getTktMem(tf_name)) + return NO_TKT_FIL; + firstCred(); + return KSUCCESS; +} + +/* + * tf_create() should be called when creating a new ticket file. + * The only argument is the name of the ticket file. + * After calling this, it should be possible to use other tf_* functions. + */ + +int +tf_create(char *tf_name) +{ + if(newTktMem(tf_name) != KSUCCESS) + return NO_TKT_FIL; + return KSUCCESS; +} + +/* + * tf_get_pname() reads the principal's name from the ticket file. It + * should only be called after tf_init() has been called. The + * principal's name is filled into the "p" parameter. If all goes well, + * KSUCCESS is returned. If tf_init() wasn't called, TKT_FIL_INI is + * returned. If the name was null, or EOF was encountered, or the name + * was longer than ANAME_SZ, TKT_FIL_FMT is returned. + */ + +int +tf_get_pname(char *p) +{ + tktmem *TktStore; + + if(!(TktStore = getTktMem(0))) + return KFAILURE; + if(!TktStore->pname) + return KFAILURE; + strcpy(p, TktStore->pname); + return KSUCCESS; +} + +/* + * tf_put_pname() sets the principal's name in the ticket file. Call + * after tf_create(). + */ + +int +tf_put_pname(char *p) +{ + tktmem *TktStore; + + if(!(TktStore = getTktMem(0))) + return KFAILURE; + if(!TktStore->pname) + return KFAILURE; + strcpy(TktStore->pname, p); + return KSUCCESS; +} + +/* + * tf_get_pinst() reads the principal's instance from a ticket file. + * It should only be called after tf_init() and tf_get_pname() have been + * called. The instance is filled into the "inst" parameter. If all + * goes well, KSUCCESS is returned. If tf_init() wasn't called, + * TKT_FIL_INI is returned. If EOF was encountered, or the instance + * was longer than ANAME_SZ, TKT_FIL_FMT is returned. Note that the + * instance may be null. + */ + +int +tf_get_pinst(char *inst) +{ + tktmem *TktStore; + + if(!(TktStore = getTktMem(0))) + return KFAILURE; + if(!TktStore->pinst) + return KFAILURE; + strcpy(inst, TktStore->pinst); + return KSUCCESS; +} + +/* + * tf_put_pinst writes the principal's instance to the ticket file. + * Call after tf_create. + */ + +int +tf_put_pinst(char *inst) +{ + tktmem *TktStore; + + if(!(TktStore = getTktMem(0))) + return KFAILURE; + if(!TktStore->pinst) + return KFAILURE; + strcpy(TktStore->pinst, inst); + return KSUCCESS; +} + +/* + * tf_get_cred() reads a CREDENTIALS record from a ticket file and fills + * in the given structure "c". It should only be called after tf_init(), + * tf_get_pname(), and tf_get_pinst() have been called. If all goes well, + * KSUCCESS is returned. Possible error codes are: + * + * TKT_FIL_INI - tf_init wasn't called first + * TKT_FIL_FMT - bad format + * EOF - end of file encountered + */ + +int +tf_get_cred(CREDENTIALS *c) +{ + int index; + CREDENTIALS *cred; + tktmem *TktStore; + + if(!(TktStore = getTktMem(0))) + return KFAILURE; + if((index = nextCredIndex()) == -1) + return EOF; + if(!(cred = TktStore->cred_vec+index)) + return KFAILURE; + if(!c) + return KFAILURE; + memcpy(c, cred, sizeof(*c)); + return KSUCCESS; +} + +/* + * tf_close() closes the ticket file and sets "fd" to -1. If "fd" is + * not a valid file descriptor, it just returns. It also clears the + * buffer used to read tickets. + */ + +void +tf_close(void) +{ +} + +/* + * tf_save_cred() appends an incoming ticket to the end of the ticket + * file. You must call tf_init() before calling tf_save_cred(). + * + * The "service", "instance", and "realm" arguments specify the + * server's name; "session" contains the session key to be used with + * the ticket; "kvno" is the server key version number in which the + * ticket is encrypted, "ticket" contains the actual ticket, and + * "issue_date" is the time the ticket was requested (local host's time). + * + * Returns KSUCCESS if all goes well, TKT_FIL_INI if tf_init() wasn't + * called previously, and KFAILURE for anything else that went wrong. + */ + +int +tf_save_cred(char *service, /* Service name */ + char *instance, /* Instance */ + char *realm, /* Auth domain */ + unsigned char *session, /* Session key */ + int lifetime, /* Lifetime */ + int kvno, /* Key version number */ + KTEXT ticket, /* The ticket itself */ + u_int32_t issue_date) /* The issue time */ +{ + CREDENTIALS *cred; + tktmem *mem = getTktMem(0); + int last = nextFreeIndex(); + + if(last == -1) + return KFAILURE; + cred = mem->cred_vec+last; + strcpy(cred->service, service); + strcpy(cred->instance, instance); + strcpy(cred->realm, realm); + strcpy(cred->session, session); + cred->lifetime = lifetime; + cred->kvno = kvno; + memcpy(&(cred->ticket_st), ticket, sizeof(*ticket)); + cred->issue_date = issue_date; + strcpy(cred->pname, mem->pname); + strcpy(cred->pinst, mem->pinst); + return KSUCCESS; +} + + +int +tf_setup(CREDENTIALS *cred, char *pname, char *pinst) +{ + int ret; + ret = tf_create(tkt_string()); + if (ret != KSUCCESS) + return ret; + + if (tf_put_pname(pname) != KSUCCESS || + tf_put_pinst(pinst) != KSUCCESS) { + tf_close(); + return INTK_ERR; + } + + ret = tf_save_cred(cred->service, cred->instance, cred->realm, + cred->session, cred->lifetime, cred->kvno, + &cred->ticket_st, cred->issue_date); + tf_close(); + return ret; +} diff --git a/crypto/kerberosIV/lib/krb/ticket_memory.h b/crypto/kerberosIV/lib/krb/ticket_memory.h new file mode 100644 index 0000000..e85e1a4 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/ticket_memory.h @@ -0,0 +1,69 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* ticket_memory.h - Storage for tickets in memory + * Author: d93-jka@nada.kth.se - June 1996 + */ + +/* $Id: ticket_memory.h,v 1.6 1997/04/20 06:25:12 assar Exp $ */ + +#ifndef TICKET_MEMORY_H +#define TICKET_MEMORY_H + +#include "krb_locl.h" + +#define CRED_VEC_SZ 20 + +typedef struct _tktmem +{ + char tmname[64]; + char pname[ANAME_SZ]; /* Principal's name */ + char pinst[INST_SZ]; /* Principal's instance */ + int last_cred_no; + CREDENTIALS cred_vec[CRED_VEC_SZ]; +} tktmem; + +int newTktMem(const char *tf_name); +int freeTktMem(const char *tf_name); +tktmem *getTktMem(const char *tf_name); +void firstCred(void); +int nextCredIndex(void); +int currCredIndex(void); +int nextFreeIndex(void); + +#endif /* TICKET_MEMORY_H */ diff --git a/crypto/kerberosIV/lib/krb/tkt_string.c b/crypto/kerberosIV/lib/krb/tkt_string.c new file mode 100644 index 0000000..2914abb --- /dev/null +++ b/crypto/kerberosIV/lib/krb/tkt_string.c @@ -0,0 +1,85 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: tkt_string.c,v 1.10 1997/05/02 14:54:26 assar Exp $"); + +/* + * This routine is used to generate the name of the file that holds + * the user's cache of server tickets and associated session keys. + * + * If it is set, krb_ticket_string contains the ticket file name. + * Otherwise, the filename is constructed as follows: + * + * If it is set, the environment variable "KRBTKFILE" will be used as + * the ticket file name. Otherwise TKT_ROOT (defined in "krb.h") and + * the user's uid are concatenated to produce the ticket file name + * (e.g., "/tmp/tkt123"). A pointer to the string containing the ticket + * file name is returned. + */ + +static char krb_ticket_string[MaxPathLen] = ""; + +#ifndef HAVE_GETUID +int getuid(void) +{ + return 27; +} +#endif + +char *tkt_string(void) +{ + char *env; + + if (!*krb_ticket_string) { + if ((env = getenv("KRBTKFILE"))) { + strncpy(krb_ticket_string, env, + sizeof(krb_ticket_string)-1); + krb_ticket_string[sizeof(krb_ticket_string)-1] = '\0'; + } else { + snprintf(krb_ticket_string, sizeof(krb_ticket_string), + "%s%u",TKT_ROOT,(unsigned)getuid()); + } + } + return krb_ticket_string; +} + +/* + * This routine is used to set the name of the file that holds the user's + * cache of server tickets and associated session keys. + * + * The value passed in is copied into local storage. + * + * NOTE: This routine should be called during initialization, before other + * Kerberos routines are called; otherwise tkt_string() above may be called + * and return an undesired ticket file name until this routine is called. + */ + +void +krb_set_tkt_string(char *val) +{ + + strncpy(krb_ticket_string, val, sizeof(krb_ticket_string)-1); + krb_ticket_string[sizeof(krb_ticket_string)-1] = '\0'; + + return; +} diff --git a/crypto/kerberosIV/lib/krb/unparse_name.c b/crypto/kerberosIV/lib/krb/unparse_name.c new file mode 100644 index 0000000..ddb938f --- /dev/null +++ b/crypto/kerberosIV/lib/krb/unparse_name.c @@ -0,0 +1,105 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: unparse_name.c,v 1.7 1997/04/01 08:18:46 joda Exp $"); + +static void +quote_string(char *quote, char *from, char *to) +{ + while(*from){ + if(strchr(quote, *from)) + *to++ = '\\'; + *to++ = *from++; + } + *to = 0; +} + +/* To be compatible with old functions, we quote differently in each + part of the principal*/ + +char * +krb_unparse_name_r(krb_principal *pr, char *fullname) +{ + quote_string("'@\\", pr->name, fullname); + if(pr->instance[0]){ + strcat(fullname, "."); + quote_string("@\\", pr->instance, fullname + strlen(fullname)); + } + if(pr->realm[0]){ + strcat(fullname, "@"); + quote_string("\\", pr->realm, fullname + strlen(fullname)); + } + return fullname; +} + +char * +krb_unparse_name_long_r(char *name, char *instance, char *realm, + char *fullname) +{ + krb_principal pr; + memset(&pr, 0, sizeof(pr)); + strcpy(pr.name, name); + if(instance) + strcpy(pr.instance, instance); + if(realm) + strcpy(pr.realm, realm); + return krb_unparse_name_r(&pr, fullname); +} + +char * +krb_unparse_name(krb_principal *pr) +{ + static char principal[MAX_K_NAME_SZ]; + krb_unparse_name_r(pr, principal); + return principal; +} + +char * +krb_unparse_name_long(char *name, char *instance, char *realm) +{ + krb_principal pr; + memset(&pr, 0, sizeof(pr)); + strcpy(pr.name, name); + if(instance) + strcpy(pr.instance, instance); + if(realm) + strcpy(pr.realm, realm); + return krb_unparse_name(&pr); +} diff --git a/crypto/kerberosIV/lib/krb/util.c b/crypto/kerberosIV/lib/krb/util.c new file mode 100644 index 0000000..7b77bb8 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/util.c @@ -0,0 +1,64 @@ +/* + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * Miscellaneous debug printing utilities + */ + +#include "krb_locl.h" + +RCSID("$Id: util.c,v 1.6 1996/10/05 00:18:34 joda Exp $"); + +/* + * Print some of the contents of the given authenticator structure + * (AUTH_DAT defined in "krb.h"). Fields printed are: + * + * pname, pinst, prealm, netaddr, flags, cksum, timestamp, session + */ + +void +ad_print(AUTH_DAT *x) +{ + /* + * Print the contents of an auth_dat struct. + */ + struct in_addr address; + address.s_addr = x->address; + printf("\n%s %s %s %s flags %u cksum 0x%X\n\ttkt_tm 0x%X sess_key", + x->pname, x->pinst, x->prealm, + inet_ntoa(address), x->k_flags, + x->checksum, x->time_sec); + printf("[8] ="); +#ifdef NOENCRYPTION + placebo_cblock_print(x->session); +#else + des_cblock_print_file(&x->session,stdout); +#endif + /* skip reply for now */ +} + +/* + * Print in hex the 8 bytes of the given session key. + * + * Printed format is: " 0x { x, x, x, x, x, x, x, x }" + */ + +#ifdef NOENCRYPTION +placebo_cblock_print(x) + des_cblock x; +{ + unsigned char *y = (unsigned char *) x; + int i = 0; + + printf(" 0x { "); + + while (i++ <8) { + printf("%x",*y++); + if (i<8) printf(", "); + } + printf(" }"); +} +#endif diff --git a/crypto/kerberosIV/lib/krb/verify_user.c b/crypto/kerberosIV/lib/krb/verify_user.c new file mode 100644 index 0000000..ce22b59 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/verify_user.c @@ -0,0 +1,111 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: verify_user.c,v 1.8 1997/04/01 08:18:46 joda Exp $"); + +/* Verify user with password. If secure, also verify against local + * service key, this can (usually) only be done by root. + * + * As a side effect, fresh tickets are obtained. + * + * Returns zero if ok, a positive kerberos error or -1 for system + * errors. + */ + +int +krb_verify_user(char *name, char *instance, char *realm, char *password, + int secure, char *linstance) +{ + int ret; + ret = krb_get_pw_in_tkt(name, instance, realm, + KRB_TICKET_GRANTING_TICKET, + realm, + DEFAULT_TKT_LIFE, password); + if(ret != KSUCCESS) + return ret; + + if(secure){ + struct hostent *hp; + int32_t addr; + + KTEXT_ST ticket; + AUTH_DAT auth; + + char lrealm[REALM_SZ]; + char hostname[MaxHostNameLen]; + char *phost; + + if (k_gethostname(hostname, sizeof(hostname)) == -1) { + dest_tkt(); + return -1; + } + + hp = gethostbyname(hostname); + if(hp == NULL){ + dest_tkt(); + return -1; + } + memcpy(&addr, hp->h_addr, sizeof(addr)); + + ret = krb_get_lrealm(lrealm, 1); + if(ret != KSUCCESS){ + dest_tkt(); + return ret; + } + phost = krb_get_phost(hostname); + + if (linstance == NULL) + linstance = "rcmd"; + + ret = krb_mk_req(&ticket, linstance, phost, lrealm, 33); + if(ret != KSUCCESS){ + dest_tkt(); + return ret; + } + + ret = krb_rd_req(&ticket, linstance, phost, addr, &auth, ""); + if(ret != KSUCCESS){ + dest_tkt(); + return ret; + } + } + return 0; +} + |
