diff options
| author | markm <markm@FreeBSD.org> | 1997-09-04 06:04:33 +0000 |
|---|---|---|
| committer | markm <markm@FreeBSD.org> | 1997-09-04 06:04:33 +0000 |
| commit | a8a89cfaf983bc64f4b42f7c35209a5a36dd0fe8 (patch) | |
| tree | 0b84977f19022a965f8c6145f067f951173f6290 /crypto/kerberosIV/lib | |
| download | FreeBSD-src-a8a89cfaf983bc64f4b42f7c35209a5a36dd0fe8.zip FreeBSD-src-a8a89cfaf983bc64f4b42f7c35209a5a36dd0fe8.tar.gz | |
Initial import of KTH eBones. This has been cleaned up to only include
the "core" Kerberos functionality. The rest of the userland will get their
own changes later.
Diffstat (limited to 'crypto/kerberosIV/lib')
175 files changed, 25485 insertions, 0 deletions
diff --git a/crypto/kerberosIV/lib/Makefile.in b/crypto/kerberosIV/lib/Makefile.in new file mode 100644 index 0000000..b2e662c --- /dev/null +++ b/crypto/kerberosIV/lib/Makefile.in @@ -0,0 +1,46 @@ +# +# $Id: Makefile.in,v 1.21 1997/05/20 18:58:40 bg Exp $ +# + +srcdir = @srcdir@ +VPATH = @srcdir@ + +SHELL = /bin/sh + +@SET_MAKE@ + +SUBDIRS = des krb kdb kadm acl kafs roken otp auth sl editline + +all: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) all); done + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +install: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) install); done + +uninstall: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done + +check: all + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) check); done + +clean: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) clean); done + +mostlyclean: clean + +distclean: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) distclean); done + rm -f Makefile config.status *~ + +realclean: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) realclean); done diff --git a/crypto/kerberosIV/lib/acl/Makefile.in b/crypto/kerberosIV/lib/acl/Makefile.in new file mode 100644 index 0000000..59894e4 --- /dev/null +++ b/crypto/kerberosIV/lib/acl/Makefile.in @@ -0,0 +1,84 @@ +# +# $Id: Makefile.in,v 1.21 1997/05/06 03:46:37 assar Exp $ +# + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ + +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ + +PICFLAGS = # @PICFLAGS@ + +LIBNAME = $(LIBPREFIX)acl +#LIBEXT = @LIBEXT@ Always build archive library! +LIBEXT = a +LIBPREFIX = @LIBPREFIX@ +SHLIBEXT = @SHLIBEXT@ +LDSHARED = @LDSHARED@ +LIB = $(LIBNAME).$(LIBEXT) + +SOURCES = acl_files.c + +OBJECTS = acl_files.o + +all: $(LIB) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(libdir) + $(INSTALL_DATA) -m 0555 $(LIB) $(libdir) + +uninstall: + rm -f $(libdir)/$(LIB) + +TAGS: $(SOURCES) + etags $(SOURCES) + +check: + +clean: + rm -f $(LIB) *.o *.a + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +$(LIBNAME).a: $(OBJECTS) + rm -f $@ + $(AR) cr $@ $(OBJECTS) + -$(RANLIB) $@ + +$(LIBNAME).$(SHLIBEXT): $(OBJECTS) + rm -f $@ + $(LDSHARED) -o $@ $(OBJECTS) + +$(OBJECTS): ../../include/config.h diff --git a/crypto/kerberosIV/lib/acl/acl.h b/crypto/kerberosIV/lib/acl/acl.h new file mode 100644 index 0000000..305b66c --- /dev/null +++ b/crypto/kerberosIV/lib/acl/acl.h @@ -0,0 +1,53 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: acl.h,v 1.5 1997/04/01 08:17:52 joda Exp $ */ + +#ifndef __ACL_H +#define __ACL_H + +#include <sys/cdefs.h> + +void acl_canonicalize_principal __P((char *principal, char *canon)); +int acl_initialize __P((char *acl_file, int perm)); +int acl_exact_match __P((char *acl, char *principal)); +int acl_check __P((char *acl, char *principal)); +int acl_add __P((char *acl, char *principal)); +int acl_delete __P((char *acl, char *principal)); + +#endif /* __ACL_H */ diff --git a/crypto/kerberosIV/lib/acl/acl_files.c b/crypto/kerberosIV/lib/acl/acl_files.c new file mode 100644 index 0000000..fc00b80 --- /dev/null +++ b/crypto/kerberosIV/lib/acl/acl_files.c @@ -0,0 +1,540 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "config.h" +#include "protos.h" + +RCSID("$Id: acl_files.c,v 1.10 1997/05/02 14:28:56 assar Exp $"); + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#include <time.h> +#ifdef HAVE_FCNTL_H +#include <fcntl.h> +#endif +#ifdef HAVE_SYS_FILE_H +#include <sys/file.h> +#endif +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif + +#include <errno.h> +#include <ctype.h> + +#include <roken.h> + +#include <krb.h> +#include <acl.h> + +/*** Routines for manipulating access control list files ***/ + +/* "aname.inst@realm" */ +#define MAX_PRINCIPAL_SIZE (ANAME_SZ + INST_SZ + REALM_SZ + 3) +#define INST_SEP '.' +#define REALM_SEP '@' + +#define LINESIZE 2048 /* Maximum line length in an acl file */ + +#define NEW_FILE "%s.~NEWACL~" /* Format for name of altered acl file */ +#define WAIT_TIME 300 /* Maximum time allowed write acl file */ + +#define CACHED_ACLS 8 /* How many acls to cache */ + /* Each acl costs 1 open file descriptor */ +#define ACL_LEN 16 /* Twice a reasonable acl length */ + +#define COR(a,b) ((a!=NULL)?(a):(b)) + +/* Canonicalize a principal name */ +/* If instance is missing, it becomes "" */ +/* If realm is missing, it becomes the local realm */ +/* Canonicalized form is put in canon, which must be big enough to hold + MAX_PRINCIPAL_SIZE characters */ +void +acl_canonicalize_principal(char *principal, char *canon) +{ + char *dot, *atsign, *end; + int len; + + dot = strchr(principal, INST_SEP); + atsign = strchr(principal, REALM_SEP); + + /* Maybe we're done already */ + if(dot != NULL && atsign != NULL) { + if(dot < atsign) { + /* It's for real */ + /* Copy into canon */ + strncpy(canon, principal, MAX_PRINCIPAL_SIZE); + canon[MAX_PRINCIPAL_SIZE-1] = '\0'; + return; + } else { + /* Nope, it's part of the realm */ + dot = NULL; + } + } + + /* No such luck */ + end = principal + strlen(principal); + + /* Get the principal name */ + len = min(ANAME_SZ, COR(dot, COR(atsign, end)) - principal); + strncpy(canon, principal, len); + canon += len; + + /* Add INST_SEP */ + *canon++ = INST_SEP; + + /* Get the instance, if it exists */ + if(dot != NULL) { + ++dot; + len = min(INST_SZ, COR(atsign, end) - dot); + strncpy(canon, dot, len); + canon += len; + } + + /* Add REALM_SEP */ + *canon++ = REALM_SEP; + + /* Get the realm, if it exists */ + /* Otherwise, default to local realm */ + if(atsign != NULL) { + ++atsign; + len = min(REALM_SZ, end - atsign); + strncpy(canon, atsign, len); + canon += len; + *canon++ = '\0'; + } else if(krb_get_lrealm(canon, 1) != KSUCCESS) { + strcpy(canon, KRB_REALM); + } +} + +/* Get a lock to modify acl_file */ +/* Return new FILE pointer */ +/* or NULL if file cannot be modified */ +/* REQUIRES WRITE PERMISSION TO CONTAINING DIRECTORY */ +static +FILE *acl_lock_file(char *acl_file) +{ + struct stat s; + char new[LINESIZE]; + int nfd; + FILE *nf; + int mode; + + if(stat(acl_file, &s) < 0) return(NULL); + mode = s.st_mode; + snprintf(new, sizeof(new), NEW_FILE, acl_file); + for(;;) { + /* Open the new file */ + if((nfd = open(new, O_WRONLY|O_CREAT|O_EXCL, mode)) < 0) { + if(errno == EEXIST) { + /* Maybe somebody got here already, maybe it's just old */ + if(stat(new, &s) < 0) return(NULL); + if(time(0) - s.st_ctime > WAIT_TIME) { + /* File is stale, kill it */ + unlink(new); + continue; + } else { + /* Wait and try again */ + sleep(1); + continue; + } + } else { + /* Some other error, we lose */ + return(NULL); + } + } + + /* If we got to here, the lock file is ours and ok */ + /* Reopen it under stdio */ + if((nf = fdopen(nfd, "w")) == NULL) { + /* Oops, clean up */ + unlink(new); + } + return(nf); + } +} + +/* Abort changes to acl_file written onto FILE *f */ +/* Returns 0 if successful, < 0 otherwise */ +/* Closes f */ +static int +acl_abort(char *acl_file, FILE *f) +{ + char new[LINESIZE]; + int ret; + struct stat s; + + /* make sure we aren't nuking someone else's file */ + if(fstat(fileno(f), &s) < 0 + || s.st_nlink == 0) { + fclose(f); + return(-1); + } else { + snprintf(new, sizeof(new), NEW_FILE, acl_file); + ret = unlink(new); + fclose(f); + return(ret); + } +} + +/* Commit changes to acl_file written onto FILE *f */ +/* Returns zero if successful */ +/* Returns > 0 if lock was broken */ +/* Returns < 0 if some other error occurs */ +/* Closes f */ +static int +acl_commit(char *acl_file, FILE *f) +{ + char new[LINESIZE]; + int ret; + struct stat s; + + snprintf(new, sizeof(new), NEW_FILE, acl_file); + if(fflush(f) < 0 + || fstat(fileno(f), &s) < 0 + || s.st_nlink == 0) { + acl_abort(acl_file, f); + return(-1); + } + + ret = rename(new, acl_file); + fclose(f); + return(ret); +} + +/* Initialize an acl_file */ +/* Creates the file with permissions perm if it does not exist */ +/* Erases it if it does */ +/* Returns return value of acl_commit */ +int +acl_initialize(char *acl_file, int perm) +{ + FILE *new; + int fd; + + /* Check if the file exists already */ + if((new = acl_lock_file(acl_file)) != NULL) { + return(acl_commit(acl_file, new)); + } else { + /* File must be readable and writable by owner */ + if((fd = open(acl_file, O_CREAT|O_EXCL, perm|0600)) < 0) { + return(-1); + } else { + close(fd); + return(0); + } + } +} + +/* Eliminate all whitespace character in buf */ +/* Modifies its argument */ +static void + nuke_whitespace(char *buf) +{ + char *pin, *pout; + + for(pin = pout = buf; *pin != '\0'; pin++) + if(!isspace(*pin)) *pout++ = *pin; + *pout = '\0'; /* Terminate the string */ +} + +/* Hash table stuff */ + +struct hashtbl { + int size; /* Max number of entries */ + int entries; /* Actual number of entries */ + char **tbl; /* Pointer to start of table */ +}; + +/* Make an empty hash table of size s */ +static struct hashtbl * +make_hash(int size) +{ + struct hashtbl *h; + + if(size < 1) size = 1; + h = (struct hashtbl *) malloc(sizeof(struct hashtbl)); + h->size = size; + h->entries = 0; + h->tbl = (char **) calloc(size, sizeof(char *)); + return(h); +} + +/* Destroy a hash table */ +static void +destroy_hash(struct hashtbl *h) +{ + int i; + + for(i = 0; i < h->size; i++) { + if(h->tbl[i] != NULL) free(h->tbl[i]); + } + free(h->tbl); + free(h); +} + +/* Compute hash value for a string */ +static unsigned int +hashval(char *s) +{ + unsigned hv; + + for(hv = 0; *s != '\0'; s++) { + hv ^= ((hv << 3) ^ *s); + } + return(hv); +} + +/* Add an element to a hash table */ +static void +add_hash(struct hashtbl *h, char *el) +{ + unsigned hv; + char *s; + char **old; + int i; + + /* Make space if it isn't there already */ + if(h->entries + 1 > (h->size >> 1)) { + old = h->tbl; + h->tbl = (char **) calloc(h->size << 1, sizeof(char *)); + for(i = 0; i < h->size; i++) { + if(old[i] != NULL) { + hv = hashval(old[i]) % (h->size << 1); + while(h->tbl[hv] != NULL) hv = (hv+1) % (h->size << 1); + h->tbl[hv] = old[i]; + } + } + h->size = h->size << 1; + free(old); + } + + hv = hashval(el) % h->size; + while(h->tbl[hv] != NULL && strcmp(h->tbl[hv], el)) hv = (hv+1) % h->size; + s = strdup(el); + h->tbl[hv] = s; + h->entries++; +} + +/* Returns nonzero if el is in h */ +static int +check_hash(struct hashtbl *h, char *el) +{ + unsigned hv; + + for(hv = hashval(el) % h->size; + h->tbl[hv] != NULL; + hv = (hv + 1) % h->size) { + if(!strcmp(h->tbl[hv], el)) return(1); + } + return(0); +} + +struct acl { + char filename[LINESIZE]; /* Name of acl file */ + int fd; /* File descriptor for acl file */ + struct stat status; /* File status at last read */ + struct hashtbl *acl; /* Acl entries */ +}; + +static struct acl acl_cache[CACHED_ACLS]; + +static int acl_cache_count = 0; +static int acl_cache_next = 0; + +/* Returns < 0 if unsuccessful in loading acl */ +/* Returns index into acl_cache otherwise */ +/* Note that if acl is already loaded, this is just a lookup */ +static int +acl_load(char *name) +{ + int i; + FILE *f; + struct stat s; + char buf[MAX_PRINCIPAL_SIZE]; + char canon[MAX_PRINCIPAL_SIZE]; + + /* See if it's there already */ + for(i = 0; i < acl_cache_count; i++) { + if(!strcmp(acl_cache[i].filename, name) + && acl_cache[i].fd >= 0) goto got_it; + } + + /* It isn't, load it in */ + /* maybe there's still room */ + if(acl_cache_count < CACHED_ACLS) { + i = acl_cache_count++; + } else { + /* No room, clean one out */ + i = acl_cache_next; + acl_cache_next = (acl_cache_next + 1) % CACHED_ACLS; + close(acl_cache[i].fd); + if(acl_cache[i].acl) { + destroy_hash(acl_cache[i].acl); + acl_cache[i].acl = (struct hashtbl *) 0; + } + } + + /* Set up the acl */ + strcpy(acl_cache[i].filename, name); + if((acl_cache[i].fd = open(name, O_RDONLY, 0)) < 0) return(-1); + /* Force reload */ + acl_cache[i].acl = (struct hashtbl *) 0; + + got_it: + /* + * See if the stat matches + * + * Use stat(), not fstat(), as the file may have been re-created by + * acl_add or acl_delete. If this happens, the old inode will have + * no changes in the mod-time and the following test will fail. + */ + if(stat(acl_cache[i].filename, &s) < 0) return(-1); + if(acl_cache[i].acl == (struct hashtbl *) 0 + || s.st_nlink != acl_cache[i].status.st_nlink + || s.st_mtime != acl_cache[i].status.st_mtime + || s.st_ctime != acl_cache[i].status.st_ctime) { + /* Gotta reload */ + if(acl_cache[i].fd >= 0) close(acl_cache[i].fd); + if((acl_cache[i].fd = open(name, O_RDONLY, 0)) < 0) return(-1); + if((f = fdopen(acl_cache[i].fd, "r")) == NULL) return(-1); + if(acl_cache[i].acl) destroy_hash(acl_cache[i].acl); + acl_cache[i].acl = make_hash(ACL_LEN); + while(fgets(buf, sizeof(buf), f) != NULL) { + nuke_whitespace(buf); + acl_canonicalize_principal(buf, canon); + add_hash(acl_cache[i].acl, canon); + } + fclose(f); + acl_cache[i].status = s; + } + return(i); +} + +/* Returns nonzero if it can be determined that acl contains principal */ +/* Principal is not canonicalized, and no wildcarding is done */ +int +acl_exact_match(char *acl, char *principal) +{ + int idx; + + return((idx = acl_load(acl)) >= 0 + && check_hash(acl_cache[idx].acl, principal)); +} + +/* Returns nonzero if it can be determined that acl contains principal */ +/* Recognizes wildcards in acl of the form + name.*@realm, *.*@realm, and *.*@* */ +int +acl_check(char *acl, char *principal) +{ + char buf[MAX_PRINCIPAL_SIZE]; + char canon[MAX_PRINCIPAL_SIZE]; + char *realm; + + acl_canonicalize_principal(principal, canon); + + /* Is it there? */ + if(acl_exact_match(acl, canon)) return(1); + + /* Try the wildcards */ + realm = strchr(canon, REALM_SEP); + *strchr(canon, INST_SEP) = '\0'; /* Chuck the instance */ + + snprintf(buf, sizeof(buf), "%s.*%s", canon, realm); + if(acl_exact_match(acl, buf)) return(1); + + snprintf(buf, sizeof(buf), "*.*%s", realm); + if(acl_exact_match(acl, buf) || acl_exact_match(acl, "*.*@*")) return(1); + + return(0); +} + +/* Adds principal to acl */ +/* Wildcards are interpreted literally */ +int +acl_add(char *acl, char *principal) +{ + int idx; + int i; + FILE *new; + char canon[MAX_PRINCIPAL_SIZE]; + + acl_canonicalize_principal(principal, canon); + + if((new = acl_lock_file(acl)) == NULL) return(-1); + if((acl_exact_match(acl, canon)) + || (idx = acl_load(acl)) < 0) { + acl_abort(acl, new); + return(-1); + } + /* It isn't there yet, copy the file and put it in */ + for(i = 0; i < acl_cache[idx].acl->size; i++) { + if(acl_cache[idx].acl->tbl[i] != NULL) { + if(fputs(acl_cache[idx].acl->tbl[i], new) == EOF + || putc('\n', new) != '\n') { + acl_abort(acl, new); + return(-1); + } + } + } + fputs(canon, new); + putc('\n', new); + return(acl_commit(acl, new)); +} + +/* Removes principal from acl */ +/* Wildcards are interpreted literally */ +int +acl_delete(char *acl, char *principal) +{ + int idx; + int i; + FILE *new; + char canon[MAX_PRINCIPAL_SIZE]; + + acl_canonicalize_principal(principal, canon); + + if((new = acl_lock_file(acl)) == NULL) return(-1); + if((!acl_exact_match(acl, canon)) + || (idx = acl_load(acl)) < 0) { + acl_abort(acl, new); + return(-1); + } + /* It isn't there yet, copy the file and put it in */ + for(i = 0; i < acl_cache[idx].acl->size; i++) { + if(acl_cache[idx].acl->tbl[i] != NULL + && strcmp(acl_cache[idx].acl->tbl[i], canon)) { + fputs(acl_cache[idx].acl->tbl[i], new); + putc('\n', new); + } + } + return(acl_commit(acl, new)); +} diff --git a/crypto/kerberosIV/lib/acl/acl_files.doc b/crypto/kerberosIV/lib/acl/acl_files.doc new file mode 100644 index 0000000..78c448a --- /dev/null +++ b/crypto/kerberosIV/lib/acl/acl_files.doc @@ -0,0 +1,107 @@ +PROTOTYPE ACL LIBRARY + +Introduction + +An access control list (ACL) is a list of principals, where each +principal is is represented by a text string which cannot contain +whitespace. The library allows application programs to refer to named +access control lists to test membership and to atomically add and +delete principals using a natural and intuitive interface. At +present, the names of access control lists are required to be Unix +filenames, and refer to human-readable Unix files; in the future, when +a networked ACL server is implemented, the names may refer to a +different namespace specific to the ACL service. + + +Usage + +cc <files> -lacl -lkrb. + + + +Principal Names + +Principal names have the form + +<name>[.<instance>][@<realm>] + +e.g. + +asp +asp.root +asp@ATHENA.MIT.EDU +asp.@ATHENA.MIT.EDU +asp.root@ATHENA.MIT.EDU + +It is possible for principals to be underspecified. If instance is +missing, it is assumed to be "". If realm is missing, it is assumed +to be local_realm. The canonical form contains all of name, instance, +and realm; the acl_add and acl_delete routines will always +leave the file in that form. Note that the canonical form of +asp@ATHENA.MIT.EDU is actually asp.@ATHENA.MIT.EDU. + + +Routines + +acl_canonicalize_principal(principal, buf) +char *principal; +char *buf; /*RETVAL*/ + +Store the canonical form of principal in buf. Buf must contain enough +space to store a principal, given the limits on the sizes of name, +instance, and realm specified in /usr/include/krb.h. + +acl_check(acl, principal) +char *acl; +char *principal; + +Returns nonzero if principal appears in acl. Returns 0 if principal +does not appear in acl, or if an error occurs. Canonicalizes +principal before checking, and allows the ACL to contain wildcards. + +acl_exact_match(acl, principal) +char *acl; +char *principal; + +Like acl_check, but does no canonicalization or wildcarding. + +acl_add(acl, principal) +char *acl; +char *principal; + +Atomically adds principal to acl. Returns 0 if successful, nonzero +otherwise. It is considered a failure if principal is already in acl. +This routine will canonicalize principal, but will treat wildcards +literally. + +acl_delete(acl, principal) +char *acl; +char *principal; + +Atomically deletes principal from acl. Returns 0 if successful, +nonzero otherwise. It is consider a failure if principal is not +already in acl. This routine will canonicalize principal, but will +treat wildcards literally. + +acl_initialize(acl, mode) +char *acl; +int mode; + +Initialize acl. If acl file does not exist, creates it with mode +mode. If acl exists, removes all members. Returns 0 if successful, +nonzero otherwise. WARNING: Mode argument is likely to change with +the eventual introduction of an ACL service. + + +Known problems + +In the presence of concurrency, there is a very small chance that +acl_add or acl_delete could report success even though it would have +had no effect. This is a necessary side effect of using lock files +for concurrency control rather than flock(2), which is not supported +by NFS. + +The current implementation caches ACLs in memory in a hash-table +format for increased efficiency in checking membership; one effect of +the caching scheme is that one file descriptor will be kept open for +each ACL cached, up to a maximum of 8. diff --git a/crypto/kerberosIV/lib/kadm/Makefile.in b/crypto/kerberosIV/lib/kadm/Makefile.in new file mode 100644 index 0000000..1dafd4f --- /dev/null +++ b/crypto/kerberosIV/lib/kadm/Makefile.in @@ -0,0 +1,92 @@ +# +# $Id: Makefile.in,v 1.30 1997/05/06 03:47:28 assar Exp $ +# + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +LN_S = @LN_S@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ + +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +COMPILE_ET = ../../util/et/compile_et$(EXECSUFFIX) -language ansi-c + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ + +PICFLAGS = @PICFLAGS@ + +LIBNAME = $(LIBPREFIX)kadm +LIBEXT = @LIBEXT@ +LIBPREFIX = @LIBPREFIX@ +EXECSUFFIX = @EXECSUFFIX@ +SHLIBEXT = @SHLIBEXT@ +LDSHARED = @LDSHARED@ +LIB = $(LIBNAME).$(LIBEXT) + +SOURCES = kadm_cli_wrap.c kadm_err.c kadm_stream.c kadm_supp.c + +OBJECTS = kadm_cli_wrap.o kadm_err.o kadm_stream.o kadm_supp.o + +all: $(LIB) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(libdir) + $(INSTALL_DATA) -m 0555 $(LIB) $(libdir) + +uninstall: + rm -f $(libdir)/$(LIB) + +TAGS: $(SOURCES) + etags $(SOURCES) + +check: + +clean: + rm -f $(LIB) *.o *.a kadm_err.c kadm_err.h + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +$(LIBNAME).a: $(OBJECTS) + rm -f $@ + $(AR) cr $@ $(OBJECTS) + -$(RANLIB) $@ + +$(LIBNAME).$(SHLIBEXT): $(OBJECTS) + rm -f $@ + $(LDSHARED) -o $@ $(OBJECTS) + +kadm_err.c kadm_err.h: kadm_err.et + test -r kadm_err.et || (rm -f kadm_err.et && $(LN_S) $(srcdir)/kadm_err.et .) + $(COMPILE_ET) kadm_err.et + +$(OBJECTS): ../../include/config.h +$(OBJECTS): kadm_err.h kadm_locl.h diff --git a/crypto/kerberosIV/lib/kadm/kadm.h b/crypto/kerberosIV/lib/kadm/kadm.h new file mode 100644 index 0000000..d18f592 --- /dev/null +++ b/crypto/kerberosIV/lib/kadm/kadm.h @@ -0,0 +1,143 @@ +/* + * $Id: kadm.h,v 1.12 1996/11/17 20:04:39 assar Exp $ + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * Definitions for Kerberos administration server & client + */ + +#ifndef KADM_DEFS +#define KADM_DEFS + +/* + * kadm.h + * Header file for the fourth attempt at an admin server + * Doug Church, December 28, 1989, MIT Project Athena + */ + +#include <krb_db.h> + +/* The global structures for the client and server */ +typedef struct { + struct sockaddr_in admin_addr; + struct sockaddr_in my_addr; + int my_addr_len; + int admin_fd; /* file descriptor for link to admin server */ + char sname[ANAME_SZ]; /* the service name */ + char sinst[INST_SZ]; /* the services instance */ + char krbrlm[REALM_SZ]; +} Kadm_Client; + +typedef struct { /* status of the server, i.e the parameters */ + int inter; /* Space for command line flags */ + char *sysfile; /* filename of server */ +} admin_params; /* Well... it's the admin's parameters */ + +/* Largest password length to be supported */ +#define MAX_KPW_LEN 128 +/* Minimum allowed password length */ +#define MIN_KPW_LEN 6 + +/* Largest packet the admin server will ever allow itself to return */ +#define KADM_RET_MAX 2048 + +/* That's right, versions are 8 byte strings */ +#define KADM_VERSTR "KADM0.0A" +#define KADM_ULOSE "KYOULOSE" /* sent back when server can't + decrypt client's msg */ +#define KADM_VERSIZE strlen(KADM_VERSTR) + +/* the lookups for the server instances */ +#define PWSERV_NAME "changepw" +#define KADM_SNAME "kerberos_master" +#define KADM_PORT 751 +#define KADM_SINST "kerberos" + +/* Attributes fields constants and macros */ +#define ALLOC 2 +#define RESERVED 3 +#define DEALLOC 4 +#define DEACTIVATED 5 +#define ACTIVE 6 + +/* Kadm_vals structure for passing db fields into the server routines */ +#define FLDSZ 4 + +typedef struct { + u_int8_t fields[FLDSZ]; /* The active fields in this struct */ + char name[ANAME_SZ]; + char instance[INST_SZ]; + u_int32_t key_low; + u_int32_t key_high; + u_int32_t exp_date; + u_int16_t attributes; + u_int8_t max_life; +} Kadm_vals; /* The basic values structure in Kadm */ + +/* Kadm_vals structure for passing db fields into the server routines */ +#define FLDSZ 4 + +/* Need to define fields types here */ +#define KADM_NAME 31 +#define KADM_INST 30 +#define KADM_EXPDATE 29 +#define KADM_ATTR 28 +#define KADM_MAXLIFE 27 +#define KADM_DESKEY 26 + +/* To set a field entry f in a fields structure d */ +#define SET_FIELD(f,d) (d[3-(f/8)]|=(1<<(f%8))) + +/* To set a field entry f in a fields structure d */ +#define CLEAR_FIELD(f,d) (d[3-(f/8)]&=(~(1<<(f%8)))) + +/* Is field f in fields structure d */ +#define IS_FIELD(f,d) (d[3-(f/8)]&(1<<(f%8))) + +/* Various return codes */ +#define KADM_SUCCESS 0 + +#define WILDCARD_STR "*" + +enum acl_types { +ADDACL, +GETACL, +MODACL, +STABACL, /* not used */ +DELACL +}; + +/* Various opcodes for the admin server's functions */ +#define CHANGE_PW 2 +#define ADD_ENT 3 +#define MOD_ENT 4 +#define GET_ENT 5 +#define CHECK_PW 6 /* not used */ +#define CHG_STAB 7 /* not used */ +#define DEL_ENT 8 + +void prin_vals __P((Kadm_vals *)); +int stv_long __P((u_char *, u_int32_t *, int, int)); +int vts_long __P((u_int32_t, u_char **, int)); +int vts_string __P((char *, u_char **, int)); +int stv_string __P((u_char *, char *, int, int, int)); + +int stream_to_vals __P((u_char *, Kadm_vals *, int)); +int vals_to_stream __P((Kadm_vals *, u_char **)); + +int kadm_init_link __P((char *, char *, char *)); +int kadm_change_pw __P((unsigned char *)); +int kadm_change_pw_plain __P((unsigned char *, char *, char**)); +int kadm_mod __P((Kadm_vals *, Kadm_vals *)); +int kadm_get __P((Kadm_vals *, u_char *)); +int kadm_add __P((Kadm_vals *)); +int kadm_del __P((Kadm_vals *)); +void kadm_vals_to_prin __P((u_char *, Principal *, Kadm_vals *)); +void kadm_prin_to_vals __P((u_char *, Kadm_vals *, Principal *)); + + + +#endif /* KADM_DEFS */ diff --git a/crypto/kerberosIV/lib/kadm/kadm_cli_wrap.c b/crypto/kerberosIV/lib/kadm/kadm_cli_wrap.c new file mode 100644 index 0000000..1e5c4f3 --- /dev/null +++ b/crypto/kerberosIV/lib/kadm/kadm_cli_wrap.c @@ -0,0 +1,545 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +/* + * Kerberos administration server client-side routines + */ + +/* + * kadm_cli_wrap.c the client side wrapping of the calls to the admin server + */ + +#include "kadm_locl.h" + +RCSID("$Id: kadm_cli_wrap.c,v 1.21 1997/05/02 10:28:11 joda Exp $"); + +#ifndef NULL +#define NULL 0 +#endif + +static Kadm_Client client_parm; + +/* Macros for use in returning data... used in kadm_cli_send */ +#define RET_N_FREE(r) {clear_secrets(); free((char *)act_st); free((char *)priv_pak); return r;} + +/* Keys for use in the transactions */ +static des_cblock sess_key; /* to be filled in by kadm_cli_keyd */ +static des_key_schedule sess_sched; + +static void +clear_secrets(void) +{ + memset(sess_key, 0, sizeof(sess_key)); + memset(sess_sched, 0, sizeof(sess_sched)); + return; +} + +static RETSIGTYPE (*opipe)(); + +static void +kadm_cli_disconn(void) +{ + close(client_parm.admin_fd); + signal(SIGPIPE, opipe); + return; +} + +/* + * kadm_init_link + * receives : name, inst, realm + * + * initializes client parm, the Kadm_Client structure which holds the + * data about the connection between the server and client, the services + * used, the locations and other fun things + */ + +int +kadm_init_link(char *n, char *i, char *r) +{ + struct hostent *hop; /* host we will talk to */ + char adm_hostname[MaxHostNameLen]; + + init_kadm_err_tbl(); + init_krb_err_tbl(); + strcpy(client_parm.sname, n); + strcpy(client_parm.sinst, i); + strcpy(client_parm.krbrlm, r); + client_parm.admin_fd = -1; + + /* set up the admin_addr - fetch name of admin host */ + if (krb_get_admhst(adm_hostname, client_parm.krbrlm, 1) != KSUCCESS) + return KADM_NO_HOST; + if ((hop = gethostbyname(adm_hostname)) == NULL) + return KADM_UNK_HOST; + memset(&client_parm.admin_addr, 0, sizeof(client_parm.admin_addr)); + client_parm.admin_addr.sin_port = + k_getportbyname(KADM_SNAME, "tcp", htons(KADM_PORT)); + client_parm.admin_addr.sin_family = hop->h_addrtype; + memcpy(&client_parm.admin_addr.sin_addr, hop->h_addr, + sizeof(client_parm.admin_addr.sin_addr)); + + return KADM_SUCCESS; +} + +static int +kadm_cli_conn(void) +{ /* this connects and sets my_addr */ + int on = 1; + + if ((client_parm.admin_fd = + socket(client_parm.admin_addr.sin_family, SOCK_STREAM,0)) < 0) + return KADM_NO_SOCK; /* couldnt create the socket */ + if (connect(client_parm.admin_fd, + (struct sockaddr *) & client_parm.admin_addr, + sizeof(client_parm.admin_addr))) { + close(client_parm.admin_fd); + client_parm.admin_fd = -1; + return KADM_NO_CONN; /* couldnt get the connect */ + } + opipe = signal(SIGPIPE, SIG_IGN); + client_parm.my_addr_len = sizeof(client_parm.my_addr); + if (getsockname(client_parm.admin_fd, + (struct sockaddr *) & client_parm.my_addr, + &client_parm.my_addr_len) < 0) { + close(client_parm.admin_fd); + client_parm.admin_fd = -1; + signal(SIGPIPE, opipe); + return KADM_NO_HERE; /* couldnt find out who we are */ + } +#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT) + if (setsockopt(client_parm.admin_fd, SOL_SOCKET, SO_KEEPALIVE, + (void *)&on, + sizeof(on)) < 0) { + close(client_parm.admin_fd); + client_parm.admin_fd = -1; + signal(SIGPIPE, opipe); + return KADM_NO_CONN; /* XXX */ + } +#endif + return KADM_SUCCESS; +} + +/* takes in the sess_key and key_schedule and sets them appropriately */ +static int +kadm_cli_keyd(des_cblock (*s_k), struct des_ks_struct *s_s) + /* session key */ + /* session key schedule */ +{ + CREDENTIALS cred; /* to get key data */ + int stat; + + /* want .sname and .sinst here.... */ + if ((stat = krb_get_cred(client_parm.sname, client_parm.sinst, + client_parm.krbrlm, &cred))) + return stat + krb_err_base; + memcpy(s_k, cred.session, sizeof(des_cblock)); + memset(cred.session, 0, sizeof(des_cblock)); +#ifdef NOENCRYPTION + memset(s_s, 0, sizeof(des_key_schedule)); +#else + if ((stat = des_key_sched(s_k,s_s))) + return(stat+krb_err_base); +#endif + return KADM_SUCCESS; +} /* This code "works" */ + +static int +kadm_cli_out(u_char *dat, int dat_len, u_char **ret_dat, int *ret_siz) +{ + u_int16_t dlen; + int retval; + char tmp[4]; + + dlen = (u_int16_t) dat_len; + + if (dat_len != (int)dlen) + return (KADM_NO_ROOM); + + tmp[0] = (dlen >> 8) & 0xff; + tmp[1] = dlen & 0xff; + if (krb_net_write(client_parm.admin_fd, tmp, 2) != 2) + return (errno); /* XXX */ + + if (krb_net_write(client_parm.admin_fd, (char *) dat, dat_len) < 0) + return (errno); /* XXX */ + + + if ((retval = krb_net_read(client_parm.admin_fd, tmp, 2)) != 2){ + if (retval < 0) + return(errno); /* XXX */ + else + return(EPIPE); /* short read ! */ + } + dlen = (tmp[0] << 8) | tmp[1]; + + *ret_dat = (u_char *)malloc((unsigned)dlen); + if (!*ret_dat) + return(KADM_NOMEM); + + if ((retval = krb_net_read(client_parm.admin_fd, *ret_dat, + dlen) != dlen)) { + if (retval < 0) + return(errno); /* XXX */ + else + return(EPIPE); /* short read ! */ + } + *ret_siz = (int) dlen; + return KADM_SUCCESS; +} + +/* + * kadm_cli_send + * recieves : opcode, packet, packet length, serv_name, serv_inst + * returns : return code from the packet build, the server, or + * something else + * + * It assembles a packet as follows: + * 8 bytes : VERSION STRING + * 4 bytes : LENGTH OF MESSAGE DATA and OPCODE + * : KTEXT + * : OPCODE \ + * : DATA > Encrypted (with make priv) + * : ...... / + * + * If it builds the packet and it is small enough, then it attempts to open the + * connection to the admin server. If the connection is succesfully open + * then it sends the data and waits for a reply. + */ +static int +kadm_cli_send(u_char *st_dat, int st_siz, u_char **ret_dat, int *ret_siz) + /* the actual data */ + /* length of said data */ + /* to give return info */ + /* length of returned info */ +{ + int act_len, retdat; /* current offset into packet, return + * data */ + KTEXT_ST authent; /* the authenticator we will build */ + u_char *act_st; /* the pointer to the complete packet */ + u_char *priv_pak; /* private version of the packet */ + int priv_len; /* length of private packet */ + u_int32_t cksum; /* checksum of the packet */ + MSG_DAT mdat; + u_char *return_dat; + + act_st = (u_char *) malloc(KADM_VERSIZE); /* verstr stored first */ + strncpy((char *)act_st, KADM_VERSTR, KADM_VERSIZE); + act_len = KADM_VERSIZE; + + if ((retdat = kadm_cli_keyd(&sess_key, sess_sched)) != KADM_SUCCESS) { + free(act_st); + return retdat; /* couldnt get key working */ + } + priv_pak = (u_char *) malloc((unsigned)(st_siz + 200)); + /* 200 bytes for extra info case */ + if ((priv_len = krb_mk_priv(st_dat, priv_pak, (u_int32_t)st_siz, + sess_sched, &sess_key, &client_parm.my_addr, + &client_parm.admin_addr)) < 0) + RET_N_FREE(KADM_NO_ENCRYPT); /* whoops... we got a lose + * here */ + /* here is the length of priv data. receiver calcs + size of authenticator by subtracting vno size, priv size, and + sizeof(u_int32_t) (for the size indication) from total size */ + + act_len += vts_long((u_int32_t) priv_len, &act_st, act_len); +#ifdef NOENCRYPTION + cksum = 0; +#else + cksum = des_quad_cksum((des_cblock *)priv_pak, (des_cblock *)0, (long)priv_len, 0, + &sess_key); +#endif + if ((retdat = krb_mk_req(&authent, client_parm.sname, client_parm.sinst, + client_parm.krbrlm, cksum))) { + /* authenticator? */ + RET_N_FREE(retdat + krb_err_base); + } + + act_st = (u_char *) realloc(act_st, + act_len + authent.length + priv_len); + if (!act_st) { + clear_secrets(); + free(priv_pak); + return(KADM_NOMEM); + } + memcpy((char *)act_st + act_len, authent.dat, authent.length); + memcpy((char *)act_st + act_len + authent.length, priv_pak, priv_len); + free(priv_pak); + if ((retdat = kadm_cli_out(act_st, + act_len + authent.length + priv_len, + ret_dat, ret_siz)) != KADM_SUCCESS) + RET_N_FREE(retdat); + free(act_st); +#define RET_N_FREE2(r) {free(*ret_dat); clear_secrets(); return(r);} + + /* first see if it's a YOULOUSE */ + if ((*ret_siz >= KADM_VERSIZE) && + !strncmp(KADM_ULOSE, (char *)*ret_dat, KADM_VERSIZE)) { + unsigned char *p; + /* it's a youlose packet */ + if (*ret_siz < KADM_VERSIZE + 4) + RET_N_FREE2(KADM_BAD_VER); + p = (*ret_dat)+KADM_VERSIZE; + retdat = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; + RET_N_FREE2(retdat); + } + /* need to decode the ret_dat */ + if ((retdat = krb_rd_priv(*ret_dat, (u_int32_t)*ret_siz, sess_sched, + &sess_key, &client_parm.admin_addr, + &client_parm.my_addr, &mdat))) + RET_N_FREE2(retdat+krb_err_base); + if (mdat.app_length < KADM_VERSIZE + 4) + /* too short! */ + RET_N_FREE2(KADM_BAD_VER); + if (strncmp((char *)mdat.app_data, KADM_VERSTR, KADM_VERSIZE)) + /* bad version */ + RET_N_FREE2(KADM_BAD_VER); + { + unsigned char *p = mdat.app_data+KADM_VERSIZE; + retdat = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; + } + { + int s=mdat.app_length - KADM_VERSIZE - 4; + if(s<=0) s=1; + if (!(return_dat = (u_char *)malloc(s))) + RET_N_FREE2(KADM_NOMEM); + } + memcpy(return_dat, + (char *) mdat.app_data + KADM_VERSIZE + 4, + mdat.app_length - KADM_VERSIZE - 4); + free(*ret_dat); + clear_secrets(); + *ret_dat = return_dat; + *ret_siz = mdat.app_length - KADM_VERSIZE - 4; + return retdat; +} + + + +/* + * kadm_change_pw_plain + * + * see kadm_change_pw + * + */ +int kadm_change_pw_plain(unsigned char *newkey, char *password, char **pw_msg) +{ + int stsize, retc; /* stream size and return code */ + u_char *send_st; /* send stream */ + u_char *ret_st; + int ret_sz; + int status; + static char msg[128]; + + if ((retc = kadm_cli_conn()) != KADM_SUCCESS) + return(retc); + /* possible problem with vts_long on a non-multiple of four boundary */ + + stsize = 0; /* start of our output packet */ + send_st = (u_char *) malloc(1);/* to make it reallocable */ + send_st[stsize++] = (u_char) CHANGE_PW; + + /* change key to stream */ + + send_st = realloc(send_st, stsize + 8); + memcpy(send_st + stsize + 4, newkey, 4); /* yes, this is backwards */ + memcpy(send_st + stsize, newkey + 4, 4); + stsize += 8; + + if(password && *password) + stsize += vts_string(password, &send_st, stsize); + + retc = kadm_cli_send(send_st, stsize, &ret_st, &ret_sz); + free(send_st); + + if(retc != KADM_SUCCESS){ + status = stv_string(ret_st, msg, 0, sizeof(msg), ret_sz); + if(status<0) + msg[0]=0; + *pw_msg=msg; + } + + if (ret_st) + free(ret_st); + + kadm_cli_disconn(); + return(retc); +} + +/* + * kadm_change_pw + * recieves : key + * + * Replaces the password (i.e. des key) of the caller with that specified in + * key. Returns no actual data from the master server, since this is called + * by a user + */ + +int kadm_change_pw(unsigned char *newkey) +{ + char *pw_msg; + return kadm_change_pw_plain(newkey, "", &pw_msg); +} + +/* + * kadm_add + * receives : vals + * returns : vals + * + * Adds and entry containing values to the database returns the values of the + * entry, so if you leave certain fields blank you will be able to determine + * the default values they are set to + */ +int +kadm_add(Kadm_vals *vals) +{ + u_char *st, *st2; /* st will hold the stream of values */ + int st_len; /* st2 the final stream with opcode */ + int retc; /* return code from call */ + u_char *ret_st; + int ret_sz; + + if ((retc = kadm_cli_conn()) != KADM_SUCCESS) + return(retc); + st_len = vals_to_stream(vals, &st); + st2 = (u_char *) malloc((unsigned)(1 + st_len)); + *st2 = (u_char) ADD_ENT; /* here's the opcode */ + memcpy((char *) st2 + 1, st, st_len); /* append st on */ + retc = kadm_cli_send(st2, st_len + 1, &ret_st, &ret_sz); + free(st); + free(st2); + if (retc == KADM_SUCCESS) { + /* ret_st has vals */ + if (stream_to_vals(ret_st, vals, ret_sz) < 0) + retc = KADM_LENGTH_ERROR; + free(ret_st); + } + kadm_cli_disconn(); + return(retc); +} + +/* + * kadm_mod + * receives : KTEXT, {values, values} + * returns : CKSUM, RETCODE, {values} + * acl : su, sms (as register or dealloc) + * + * Modifies all entries corresponding to the first values so they match the + * second values. returns the values for the changed entries in vals2 + */ +int +kadm_mod(Kadm_vals *vals1, Kadm_vals *vals2) +{ + u_char *st, *st2; /* st will hold the stream of values */ + int st_len, nlen; /* st2 the final stream with opcode */ + u_char *ret_st; + int ret_sz; + + /* nlen is the length of second vals */ + int retc; /* return code from call */ + + if ((retc = kadm_cli_conn()) != KADM_SUCCESS) + return(retc); + + st_len = vals_to_stream(vals1, &st); + st2 = (u_char *) malloc((unsigned)(1 + st_len)); + *st2 = (u_char) MOD_ENT; /* here's the opcode */ + memcpy((char *)st2 + 1, st, st_len++); /* append st on */ + free(st); + nlen = vals_to_stream(vals2, &st); + st2 = (u_char *) realloc((char *) st2, (unsigned)(st_len + nlen)); + memcpy((char *) st2 + st_len, st, nlen); /* append st on */ + retc = kadm_cli_send(st2, st_len + nlen, &ret_st, &ret_sz); + free(st); + free(st2); + if (retc == KADM_SUCCESS) { + /* ret_st has vals */ + if (stream_to_vals(ret_st, vals2, ret_sz) < 0) + retc = KADM_LENGTH_ERROR; + free(ret_st); + } + kadm_cli_disconn(); + return(retc); +} + + +int +kadm_del(Kadm_vals *vals) +{ + unsigned char *st, *st2; /* st will hold the stream of values */ + int st_len; /* st2 the final stream with opcode */ + int retc; /* return code from call */ + u_char *ret_st; + int ret_sz; + + if ((retc = kadm_cli_conn()) != KADM_SUCCESS) + return(retc); + st_len = vals_to_stream(vals, &st); + st2 = (unsigned char *) malloc(st_len + 1); + *st2 = DEL_ENT; /* here's the opcode */ + memcpy(st2 + 1, st, st_len); /* append st on */ + retc = kadm_cli_send(st2, st_len + 1, &ret_st, &ret_sz); + free(st); + free(st2); + kadm_cli_disconn(); + return(retc); +} + + +/* + * kadm_get + * receives : KTEXT, {values, flags} + * returns : CKSUM, RETCODE, {count, values, values, values} + * acl : su + * + * gets the fields requested by flags from all entries matching values returns + * this data for each matching recipient, after a count of how many such + * matches there were + */ +int +kadm_get(Kadm_vals *vals, u_char *fl) +{ + int loop; /* for copying the fields data */ + u_char *st, *st2; /* st will hold the stream of values */ + int st_len; /* st2 the final stream with opcode */ + int retc; /* return code from call */ + u_char *ret_st; + int ret_sz; + + if ((retc = kadm_cli_conn()) != KADM_SUCCESS) + return(retc); + st_len = vals_to_stream(vals, &st); + st2 = (u_char *) malloc((unsigned)(1 + st_len + FLDSZ)); + *st2 = (u_char) GET_ENT; /* here's the opcode */ + memcpy((char *)st2 + 1, st, st_len); /* append st on */ + for (loop = FLDSZ - 1; loop >= 0; loop--) + *(st2 + st_len + FLDSZ - loop) = fl[loop]; /* append the flags */ + retc = kadm_cli_send(st2, st_len + 1 + FLDSZ, &ret_st, &ret_sz); + free(st); + free(st2); + if (retc == KADM_SUCCESS) { + /* ret_st has vals */ + if (stream_to_vals(ret_st, vals, ret_sz) < 0) + retc = KADM_LENGTH_ERROR; + free(ret_st); + } + kadm_cli_disconn(); + return(retc); +} diff --git a/crypto/kerberosIV/lib/kadm/kadm_err.et b/crypto/kerberosIV/lib/kadm/kadm_err.et new file mode 100644 index 0000000..0a7c7b6 --- /dev/null +++ b/crypto/kerberosIV/lib/kadm/kadm_err.et @@ -0,0 +1,59 @@ +# $Id: kadm_err.et,v 1.4 1996/06/12 08:01:34 bg Exp $ +# $Author: bg $ +# +# Copyright 1988 by the Massachusetts Institute of Technology. +# +# For copying and distribution information, please see the file +# <mit-copyright.h>. +# +# Kerberos administration server error table +# + et kadm + +# KADM_SUCCESS, as all success codes should be, is zero + +ec KADM_RCSID, "$Id: kadm_err.et,v 1.4 1996/06/12 08:01:34 bg Exp $" +# /* Building and unbuilding the packet errors */ +ec KADM_NO_REALM, "Cannot fetch local realm" +ec KADM_NO_CRED, "Unable to fetch credentials" +ec KADM_BAD_KEY, "Bad key supplied" +ec KADM_NO_ENCRYPT, "Can't encrypt data" +ec KADM_NO_AUTH, "Cannot encode/decode authentication info" +ec KADM_WRONG_REALM, "Principal attemping change is in wrong realm" +ec KADM_NO_ROOM, "Packet is too large" +ec KADM_BAD_VER, "Version number is incorrect" +ec KADM_BAD_CHK, "Checksum does not match" +ec KADM_NO_READ, "Unsealing private data failed" +ec KADM_NO_OPCODE, "Unsupported operation" +ec KADM_NO_HOST, "Could not find administrating host" +ec KADM_UNK_HOST, "Administrating host name is unknown" +ec KADM_NO_SERV, "Could not find service name in services database" +ec KADM_NO_SOCK, "Could not create socket" +ec KADM_NO_CONN, "Could not connect to server" +ec KADM_NO_HERE, "Could not fetch local socket address" +ec KADM_NO_MAST, "Could not fetch master key" +ec KADM_NO_VERI, "Could not verify master key" + +# /* From the server side routines */ +ec KADM_INUSE, "Entry already exists in database" +ec KADM_UK_SERROR, "Database store error" +ec KADM_UK_RERROR, "Database read error" +ec KADM_UNAUTH, "Insufficient access to perform requested operation" +# KADM_DATA isn't really an error, but... +ec KADM_DATA, "Data is available for return to client" +ec KADM_NOENTRY, "No such entry in the database" + +ec KADM_NOMEM, "Memory exhausted" +ec KADM_NO_HOSTNAME, "Could not fetch system hostname" +ec KADM_NO_BIND, "Could not bind port" +ec KADM_LENGTH_ERROR, "Length mismatch problem" +ec KADM_ILL_WILDCARD, "Illegal use of wildcard" + +ec KADM_DB_INUSE, "Database is locked or in use--try again later" + +ec KADM_INSECURE_PW, "Insecure password rejected" +ec KADM_PW_MISMATCH, "Cleartext password and DES key did not match" + +ec KADM_NOT_SERV_PRINC, "Invalid principal for change srvtab request" +ec KADM_IMMUTABLE, "Attempt do delete immutable principal" +end diff --git a/crypto/kerberosIV/lib/kadm/kadm_locl.h b/crypto/kerberosIV/lib/kadm/kadm_locl.h new file mode 100644 index 0000000..e6e374b --- /dev/null +++ b/crypto/kerberosIV/lib/kadm/kadm_locl.h @@ -0,0 +1,90 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: kadm_locl.h,v 1.9 1997/05/20 18:40:44 bg Exp $ */ + +#include "config.h" +#include "protos.h" + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#include <signal.h> +#include <time.h> +#include <errno.h> + +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif + +#ifdef SOCKS +#include <socks.h> +#endif + +#include <roken.h> + +#include <des.h> +#include <krb.h> +#include <krb_err.h> +#include <krb_db.h> +#include <kadm.h> +#include <kadm_err.h> + +int vts_long __P((u_int32_t, u_char **, int)); +int vals_to_stream __P((Kadm_vals *, u_char **)); +int stream_to_vals __P((u_char *, Kadm_vals *, int)); + +int kadm_init_link __P((char n[], char i[], char r[])); +int kadm_change_pw __P((des_cblock)); +int kadm_add __P((Kadm_vals *)); +int kadm_mod __P((Kadm_vals *, Kadm_vals *)); +int kadm_get __P((Kadm_vals *, u_char fl[4])); + + diff --git a/crypto/kerberosIV/lib/kadm/kadm_stream.c b/crypto/kerberosIV/lib/kadm/kadm_stream.c new file mode 100644 index 0000000..33fe177 --- /dev/null +++ b/crypto/kerberosIV/lib/kadm/kadm_stream.c @@ -0,0 +1,299 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +/* + * Stream conversion functions for Kerberos administration server + */ + +/* + kadm_stream.c + this holds the stream support routines for the kerberos administration server + + vals_to_stream: converts a vals struct to a stream for transmission + internals build_field_header, vts_[string, char, long, short] + stream_to_vals: converts a stream to a vals struct + internals check_field_header, stv_[string, char, long, short] + error: prints out a kadm error message, returns + fatal: prints out a kadm fatal error message, exits +*/ + +#include "kadm_locl.h" + +RCSID("$Id: kadm_stream.c,v 1.11 1997/05/02 10:28:05 joda Exp $"); + +static int +build_field_header(u_char *cont, u_char **st) + /* container for fields data */ + /* stream */ +{ + *st = (u_char *) malloc (4); + memcpy(*st, cont, 4); + return 4; /* return pointer to current stream location */ +} + +static int +check_field_header(u_char *st, u_char *cont, int maxlen) + /* stream */ + /* container for fields data */ + +{ + if (4 > maxlen) + return(-1); + memcpy(cont, st, 4); + return 4; /* return pointer to current stream location */ +} + +int +vts_string(char *dat, u_char **st, int loc) + /* a string to put on the stream */ + /* base pointer to the stream */ + /* offset into the stream for current data */ +{ + *st = (u_char *) realloc (*st, (unsigned) (loc + strlen(dat) + 1)); + memcpy(*st + loc, dat, strlen(dat)+1); + return strlen(dat)+1; +} + + +static int +vts_short(u_int16_t dat, u_char **st, int loc) + /* the attributes field */ + /* a base pointer to the stream */ + /* offset into the stream for current data */ +{ + unsigned char *p; + p = realloc(*st, loc + 2); + if(p == NULL){ + abort(); + } + p[loc] = (dat >> 8) & 0xff; + p[loc+1] = dat & 0xff; + *st = p; + return 2; +} + +static int +vts_char(u_char dat, u_char **st, int loc) + /* the attributes field */ + /* a base pointer to the stream */ + /* offset into the stream for current data */ +{ + unsigned char *p = realloc(*st, loc + 1); + if(p == NULL){ + abort(); + } + p[loc] = dat; + *st = p; + return 1; +} + +int +vts_long(u_int32_t dat, u_char **st, int loc) + /* the attributes field */ + /* a base pointer to the stream */ + /* offset into the stream for current data */ +{ + unsigned char *p = realloc(*st, loc + 4); + if(p == NULL){ + abort(); + } + p[loc] = (dat >> 24) & 0xff; + p[loc+1] = (dat >> 16) & 0xff; + p[loc+2] = (dat >> 8) & 0xff; + p[loc+3] = dat & 0xff; + *st = p; + return 4; +} + +int +stv_string(u_char *st, /* base pointer to the stream */ + char *dat, /* a string to read from the stream */ + int loc, /* offset into the stream for current data */ + int stlen, /* max length of string to copy in */ + int maxlen) /* max length of input stream */ +{ + int maxcount; /* max count of chars to copy */ + + maxcount = min(maxlen - loc, stlen); + + if(maxcount <= 0) + return -1; + + strncpy(dat, (char *)st + loc, maxcount); + + if (dat[maxcount-1]) /* not null-term --> not enuf room */ + return(-1); + return strlen(dat)+1; +} + +static int +stv_short(u_char *st, u_int16_t *dat, int loc, int maxlen) + /* a base pointer to the stream */ + /* the attributes field */ + /* offset into the stream for current data */ + +{ + if (maxlen - loc < 2) + return -1; + + *dat = (st[loc] << 8) | st[loc + 1]; + return 2; +} + +int +stv_long(u_char *st, u_int32_t *dat, int loc, int maxlen) + /* a base pointer to the stream */ + /* the attributes field */ + /* offset into the stream for current data */ + /* maximum length of st */ +{ + if (maxlen - loc < 4) + return -1; + + *dat = (st[loc] << 24) | (st[loc+1] << 16) | (st[loc+2] << 8) | st[loc+3]; + return 4; +} + +static int +stv_char(u_char *st, u_char *dat, int loc, int maxlen) + /* a base pointer to the stream */ + /* the attributes field */ + /* offset into the stream for current data */ + +{ + if (maxlen - loc < 1) + return -1; + + *dat = st[loc]; + return 1; +} + +/* +vals_to_stream + recieves : kadm_vals *, u_char * + returns : a realloced and filled in u_char * + +this function creates a byte-stream representation of the kadm_vals structure +*/ +int +vals_to_stream(Kadm_vals *dt_in, u_char **dt_out) +{ + int vsloop, stsize; /* loop counter, stream size */ + + stsize = build_field_header(dt_in->fields, dt_out); + for (vsloop=31; vsloop>=0; vsloop--) + if (IS_FIELD(vsloop,dt_in->fields)) { + switch (vsloop) { + case KADM_NAME: + stsize+=vts_string(dt_in->name, dt_out, stsize); + break; + case KADM_INST: + stsize+=vts_string(dt_in->instance, dt_out, stsize); + break; + case KADM_EXPDATE: + stsize+=vts_long(dt_in->exp_date, dt_out, stsize); + break; + case KADM_ATTR: + stsize+=vts_short(dt_in->attributes, dt_out, stsize); + break; + case KADM_MAXLIFE: + stsize+=vts_char(dt_in->max_life, dt_out, stsize); + break; + case KADM_DESKEY: + stsize+=vts_long(dt_in->key_high, dt_out, stsize); + stsize+=vts_long(dt_in->key_low, dt_out, stsize); + break; + default: + break; + } +} + return(stsize); +} + +/* +stream_to_vals + recieves : u_char *, kadm_vals * + returns : a kadm_vals filled in according to u_char * + +this decodes a byte stream represntation of a vals struct into kadm_vals +*/ +int +stream_to_vals(u_char *dt_in, Kadm_vals *dt_out, int maxlen) + + + /* max length to use */ +{ + int vsloop, stsize; /* loop counter, stream size */ + int status; + + memset(dt_out, 0, sizeof(*dt_out)); + + stsize = check_field_header(dt_in, dt_out->fields, maxlen); + if (stsize < 0) + return(-1); + for (vsloop=31; vsloop>=0; vsloop--) + if (IS_FIELD(vsloop,dt_out->fields)) + switch (vsloop) { + case KADM_NAME: + if ((status = stv_string(dt_in, dt_out->name, stsize, + sizeof(dt_out->name), maxlen)) < 0) + return(-1); + stsize += status; + break; + case KADM_INST: + if ((status = stv_string(dt_in, dt_out->instance, stsize, + sizeof(dt_out->instance), maxlen)) < 0) + return(-1); + stsize += status; + break; + case KADM_EXPDATE: + if ((status = stv_long(dt_in, &dt_out->exp_date, stsize, + maxlen)) < 0) + return(-1); + stsize += status; + break; + case KADM_ATTR: + if ((status = stv_short(dt_in, &dt_out->attributes, stsize, + maxlen)) < 0) + return(-1); + stsize += status; + break; + case KADM_MAXLIFE: + if ((status = stv_char(dt_in, &dt_out->max_life, stsize, + maxlen)) < 0) + return(-1); + stsize += status; + break; + case KADM_DESKEY: + if ((status = stv_long(dt_in, &dt_out->key_high, stsize, + maxlen)) < 0) + return(-1); + stsize += status; + if ((status = stv_long(dt_in, &dt_out->key_low, stsize, + maxlen)) < 0) + return(-1); + stsize += status; + break; + default: + break; + } + return stsize; +} diff --git a/crypto/kerberosIV/lib/kadm/kadm_supp.c b/crypto/kerberosIV/lib/kadm/kadm_supp.c new file mode 100644 index 0000000..9845267 --- /dev/null +++ b/crypto/kerberosIV/lib/kadm/kadm_supp.c @@ -0,0 +1,111 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +/* + * Support functions for Kerberos administration server & clients + */ + +/* + kadm_supp.c + this holds the support routines for the kerberos administration server + + error: prints out a kadm error message, returns + fatal: prints out a kadm fatal error message, exits + prin_vals: prints out data associated with a Principal in the vals + structure +*/ + +#include "kadm_locl.h" + +RCSID("$Id: kadm_supp.c,v 1.8 1997/05/02 10:27:58 joda Exp $"); + +/* +prin_vals: + recieves : a vals structure +*/ +void +prin_vals(Kadm_vals *vals) +{ + printf("Info in Database for %s.%s:\n", vals->name, vals->instance); + printf(" Max Life: %d (%s) Exp Date: %s\n", + vals->max_life, + krb_life_to_atime(vals->max_life), + asctime(k_localtime(&vals->exp_date))); + printf(" Attribs: %.2x key: %#lx %#lx\n", + vals->attributes, + (long)vals->key_low, (long)vals->key_high); +} + +/* kadm_prin_to_vals takes a fields arguments, a Kadm_vals and a Principal, + it copies the fields in Principal specified by fields into Kadm_vals, + i.e from old to new */ + +void +kadm_prin_to_vals(u_char *fields, Kadm_vals *new, Principal *old) +{ + memset(new, 0, sizeof(*new)); + if (IS_FIELD(KADM_NAME,fields)) { + strncpy(new->name, old->name, ANAME_SZ); + SET_FIELD(KADM_NAME, new->fields); + } + if (IS_FIELD(KADM_INST,fields)) { + strncpy(new->instance, old->instance, INST_SZ); + SET_FIELD(KADM_INST, new->fields); + } + if (IS_FIELD(KADM_EXPDATE,fields)) { + new->exp_date = old->exp_date; + SET_FIELD(KADM_EXPDATE, new->fields); + } + if (IS_FIELD(KADM_ATTR,fields)) { + new->attributes = old->attributes; + SET_FIELD(KADM_ATTR, new->fields); + } + if (IS_FIELD(KADM_MAXLIFE,fields)) { + new->max_life = old->max_life; + SET_FIELD(KADM_MAXLIFE, new->fields); + } + if (IS_FIELD(KADM_DESKEY,fields)) { + new->key_low = old->key_low; + new->key_high = old->key_high; + SET_FIELD(KADM_DESKEY, new->fields); + } +} + +void +kadm_vals_to_prin(u_char *fields, Principal *new, Kadm_vals *old) +{ + + memset(new, 0, sizeof(*new)); + if (IS_FIELD(KADM_NAME,fields)) + strncpy(new->name, old->name, ANAME_SZ); + if (IS_FIELD(KADM_INST,fields)) + strncpy(new->instance, old->instance, INST_SZ); + if (IS_FIELD(KADM_EXPDATE,fields)) + new->exp_date = old->exp_date; + if (IS_FIELD(KADM_ATTR,fields)) + new->attributes = old->attributes; + if (IS_FIELD(KADM_MAXLIFE,fields)) + new->max_life = old->max_life; + if (IS_FIELD(KADM_DESKEY,fields)) { + new->key_low = old->key_low; + new->key_high = old->key_high; + } +} diff --git a/crypto/kerberosIV/lib/kafs/Makefile.in b/crypto/kerberosIV/lib/kafs/Makefile.in new file mode 100644 index 0000000..e9c9121 --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/Makefile.in @@ -0,0 +1,90 @@ +# +# $Id: Makefile.in,v 1.30 1997/05/06 03:47:35 assar Exp $ +# + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +DEFS = @DEFS@ -DLIBDIR='"$(libdir)"' +CFLAGS = @CFLAGS@ + +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ + +PICFLAGS = @PICFLAGS@ + +LIBNAME = $(LIBPREFIX)kafs +LIBEXT = @LIBEXT@ +SHLIBEXT = @SHLIBEXT@ +LIBPREFIX = @LIBPREFIX@ +LDSHARED = @LDSHARED@ +AFS_EXTRA_LIBS = @AFS_EXTRA_LIBS@ +LIB = $(LIBNAME).$(LIBEXT) $(AFS_EXTRA_LIBS) + +SOURCES = afssys.c afskrb.c afslib.c + +OBJECTS = afssys.o afskrb.o + +all: $(LIB) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(libdir) + $(INSTALL_DATA) -m 0555 $(LIB) $(libdir) + +uninstall: + rm -f $(libdir)/$(LIB) + +TAGS: $(SOURCES) + etags $(SOURCES) + +check: + +clean: + rm -f $(LIB) *.o *.a + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +$(LIBNAME).a: $(OBJECTS) @AFS_EXTRA_OBJS@ + rm -f $@ + $(AR) cr $@ $(OBJECTS) @AFS_EXTRA_OBJS@ + -$(RANLIB) $@ + + +$(LIBNAME).$(SHLIBEXT): $(OBJECTS) + rm -f $@ + $(LDSHARED) -o $@ $(OBJECTS) + +# AIX: this almost works with gcc, but somehow it fails to use the +# correct ld, use ld instead +afslib.so: afslib.o + ld -o $@ -bM:SRE -bI:$(srcdir)/afsl.exp -bE:$(srcdir)/afslib.exp -bnoentry afslib.o + +$(OBJECTS): ../../include/config.h diff --git a/crypto/kerberosIV/lib/kafs/afskrb.c b/crypto/kerberosIV/lib/kafs/afskrb.c new file mode 100644 index 0000000..d979ac5 --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/afskrb.c @@ -0,0 +1,373 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kafs_locl.h" + +RCSID("$Id: afskrb.c,v 1.6 1997/05/26 17:38:24 bg Exp $"); + +#define AUTH_SUPERUSER "afs" + +/* + * Here only ASCII characters are relevant. + */ + +#define IsAsciiLower(c) ('a' <= (c) && (c) <= 'z') + +#define ToAsciiUpper(c) ((c) - 'a' + 'A') + +static void +foldup(char *a, const char *b) +{ + for (; *b; a++, b++) + if (IsAsciiLower(*b)) + *a = ToAsciiUpper(*b); + else + *a = *b; + *a = '\0'; +} + +static int +get_cred(const char *princ, const char *inst, const char *krealm, + CREDENTIALS *c, KTEXT_ST *tkt) +{ + int k_errno = krb_get_cred((char*)princ, (char*)inst, (char*)krealm, c); + + if (k_errno != KSUCCESS) + { + k_errno = krb_mk_req(tkt, (char*)princ, (char*)inst, (char*)krealm, 0); + if (k_errno == KSUCCESS) + k_errno = krb_get_cred((char*)princ, (char*)inst, (char*)krealm, c); + } + return k_errno; +} + + +/* Convert a string to a 32 bit ip number in network byte order. + Return 0 on error + */ + +static u_int32_t +ip_aton(char *ip) +{ + u_int32_t addr; + unsigned int a, b, c, d; + + if(sscanf(ip, "%u.%u.%u.%u", &a, &b, &c, &d) != 4) + return 0; + if((a | b | c | d) > 255) + return 0; + addr = (a << 24) | (b << 16) | (c << 8) | d; + addr = htonl(addr); + return addr; +} + +/* Try to get a db-server for an AFS cell from a AFSDB record */ + +static int +dns_find_cell(const char *cell, char *dbserver) +{ + struct dns_reply *r; + int ok = -1; + r = dns_lookup(cell, "afsdb"); + if(r){ + struct resource_record *rr = r->head; + while(rr){ + if(rr->type == T_AFSDB && rr->u.afsdb->preference == 1){ + strncpy(dbserver, rr->u.afsdb->domain, MaxHostNameLen); + dbserver[MaxHostNameLen - 1] = 0; + ok = 0; + break; + } + rr = rr->next; + } + dns_free_data(r); + } + return ok; +} + + +/* Find the realm associated with cell. Do this by opening + /usr/vice/etc/CellServDB and getting the realm-of-host for the + first VL-server for the cell. + + This does not work when the VL-server is living in one cell, but + the cell it is serving is living in another cell. + */ + +static char* +realm_of_cell(const char *cell) +{ + FILE *F; + char buf[1024]; + u_int32_t addr; + struct hostent *hp; + char *realm = NULL; + + if((F = fopen(_PATH_CELLSERVDB, "r"))){ + while(fgets(buf, sizeof(buf), F)){ + if(buf[0] != '>') + continue; + if(strncmp(buf + 1, cell, strlen(cell)) == 0){ + if(fgets(buf, sizeof(buf), F) == NULL) + break; + addr = ip_aton(buf); + if(addr == 0) + break; + hp = gethostbyaddr((char*)&addr, 4, AF_INET); + if(hp == NULL) + break; + strncpy (buf, hp->h_name, sizeof(buf)); + buf[sizeof(buf) - 1] = '\0'; + realm = krb_realmofhost(buf); + break; + } + } + fclose(F); + } + if(realm == NULL){ + if(dns_find_cell(cell, buf) == 0) + realm = krb_realmofhost(buf); + } + return realm; +} + +/* + * Get tokens for all cells[] + */ +static int +k_afslog_cells(char *cells[], int max, const char *krealm, uid_t uid) +{ + int err = KSUCCESS; + int i; + for(i = 0; i < max; i++) + err = k_afsklog_uid(cells[i], krealm, uid); + return err; +} + +/* + * Try to find the cells we should try to klog to in "file". + */ +static void +k_find_cells(char *file, char *cells[], int size, int *index) +{ + FILE *f; + char cell[64]; + int i; + f = fopen(file, "r"); + if (f == NULL) + return; + while (*index < size && fgets(cell, sizeof(cell), f)) { + char *nl = strchr(cell, '\n'); + if (nl) *nl = 0; + for(i = 0; i < *index; i++) + if(strcmp(cells[i], cell) == 0) + break; + if(i == *index) + cells[(*index)++] = strdup(cell); + } + fclose(f); +} + +static int +k_afsklog_all_local_cells(const char *krealm, uid_t uid) +{ + int err; + char *cells[32]; /* XXX */ + int num_cells = sizeof(cells) / sizeof(cells[0]); + int index = 0; + + char *p; + + if ((p = getenv("HOME"))) { + char home[MaxPathLen]; + + if (k_concat(home, sizeof(home), p, "/.TheseCells", NULL) == 0) + k_find_cells(home, cells, num_cells, &index); + } + k_find_cells(_PATH_THESECELLS, cells, num_cells, &index); + k_find_cells(_PATH_THISCELL, cells, num_cells, &index); + + err = k_afslog_cells(cells, index, krealm, uid); + while(index > 0) + free(cells[--index]); + return err; +} + +int +k_afsklog_uid(const char *cell, const char *krealm, uid_t uid) +{ + int k_errno; + CREDENTIALS c; + KTEXT_ST ticket; + char realm[REALM_SZ]; + char *vl_realm; /* realm of vl-server */ + char *lrealm; /* local realm */ + char CELL[64]; + + if (cell == 0 || cell[0] == 0) + return k_afsklog_all_local_cells (krealm, uid); + foldup(CELL, cell); + + k_errno = krb_get_lrealm(realm , 0); + if(k_errno == KSUCCESS && (krealm == NULL || strcmp(krealm, realm))) + lrealm = realm; + else + lrealm = NULL; + + /* We're about to find the the realm that holds the key for afs in + * the specified cell. The problem is that null-instance + * afs-principals are common and that hitting the wrong realm might + * yield the wrong afs key. The following assumptions were made. + * + * Any realm passed to us is preferred. + * + * If there is a realm with the same name as the cell, it is most + * likely the correct realm to talk to. + * + * In most (maybe even all) cases the database servers of the cell + * will live in the realm we are looking for. + * + * Try the local realm, but if the previous cases fail, this is + * really a long shot. + * + */ + + /* comments on the ordering of these tests */ + + /* If the user passes a realm, she probably knows something we don't + * know and we should try afs@krealm (otherwise we're talking with a + * blondino and she might as well have it.) + */ + + k_errno = -1; + if(krealm){ + k_errno = get_cred(AUTH_SUPERUSER, cell, krealm, &c, &ticket); + if(k_errno) + k_errno = get_cred(AUTH_SUPERUSER, "", krealm, &c, &ticket); + } + + if(k_errno) + k_errno = get_cred(AUTH_SUPERUSER, cell, CELL, &c, &ticket); + if(k_errno) + k_errno = get_cred(AUTH_SUPERUSER, "", CELL, &c, &ticket); + + /* this might work in some conditions */ + if(k_errno && (vl_realm = realm_of_cell(cell))){ + k_errno = get_cred(AUTH_SUPERUSER, cell, vl_realm, &c, &ticket); + if(k_errno) + k_errno = get_cred(AUTH_SUPERUSER, "", vl_realm, &c, &ticket); + } + + if(k_errno && lrealm){ + k_errno = get_cred(AUTH_SUPERUSER, cell, lrealm, &c, &ticket); +#if 0 + /* this is most likely never right anyway, but won't fail */ + if(k_errno) + k_errno = get_cred(AUTH_SUPERUSER, "", lrealm, &c, &ticket); +#endif + } + + if (k_errno == KSUCCESS) + { + struct ViceIoctl parms; + struct ClearToken ct; + int32_t sizeof_x; + char buf[2048], *t; + + /* + * Build a struct ClearToken + */ + ct.AuthHandle = c.kvno; + memcpy (ct.HandShakeKey, c.session, sizeof(c.session)); + ct.ViceId = uid; /* is this always valid? */ + ct.BeginTimestamp = 1 + c.issue_date; + ct.EndTimestamp = krb_life_to_time(c.issue_date, c.lifetime); + +#define ODD(x) ((x) & 1) + /* If we don't know the numerical ID lifetime should be even? */ + if (uid == 0 && ODD(ct.EndTimestamp - ct.BeginTimestamp)) + ct.BeginTimestamp--; + + t = buf; + /* + * length of secret token followed by secret token + */ + sizeof_x = c.ticket_st.length; + memcpy(t, &sizeof_x, sizeof(sizeof_x)); + t += sizeof(sizeof_x); + memcpy(t, c.ticket_st.dat, sizeof_x); + t += sizeof_x; + /* + * length of clear token followed by clear token + */ + sizeof_x = sizeof(ct); + memcpy(t, &sizeof_x, sizeof(sizeof_x)); + t += sizeof(sizeof_x); + memcpy(t, &ct, sizeof_x); + t += sizeof_x; + + /* + * do *not* mark as primary cell + */ + sizeof_x = 0; + memcpy(t, &sizeof_x, sizeof(sizeof_x)); + t += sizeof(sizeof_x); + /* + * follow with cell name + */ + sizeof_x = strlen(cell) + 1; + memcpy(t, cell, sizeof_x); + t += sizeof_x; + + /* + * Build argument block + */ + parms.in = buf; + parms.in_size = t - buf; + parms.out = 0; + parms.out_size = 0; + k_pioctl(0, VIOCSETTOK, &parms, 0); + } + return k_errno; +} + +int +k_afsklog(const char *cell, const char *krealm) +{ + return k_afsklog_uid (cell, krealm, getuid()); +} diff --git a/crypto/kerberosIV/lib/kafs/afsl.exp b/crypto/kerberosIV/lib/kafs/afsl.exp new file mode 100644 index 0000000..4d2b00e --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/afsl.exp @@ -0,0 +1,6 @@ +#!/unix + +* This mumbo jumbo creates entry points to syscalls in _AIX + +lpioctl syscall +lsetpag syscall diff --git a/crypto/kerberosIV/lib/kafs/afslib.c b/crypto/kerberosIV/lib/kafs/afslib.c new file mode 100644 index 0000000..12779bc --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/afslib.c @@ -0,0 +1,60 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * This file is only used with AIX + */ + +#include "kafs_locl.h" + +RCSID("$Id: afslib.c,v 1.5 1997/04/20 13:21:15 joda Exp $"); + +int +aix_pioctl(char *a_path, + int o_opcode, + struct ViceIoctl *a_paramsP, + int a_followSymlinks) +{ + return lpioctl(a_path, o_opcode, a_paramsP, a_followSymlinks); +} + +int +aix_setpag(void) +{ + return lsetpag(); +} diff --git a/crypto/kerberosIV/lib/kafs/afslib.exp b/crypto/kerberosIV/lib/kafs/afslib.exp new file mode 100644 index 0000000..f288717 --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/afslib.exp @@ -0,0 +1,3 @@ +#! +aix_pioctl +aix_setpag diff --git a/crypto/kerberosIV/lib/kafs/afssys.c b/crypto/kerberosIV/lib/kafs/afssys.c new file mode 100644 index 0000000..741225c --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/afssys.c @@ -0,0 +1,293 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kafs_locl.h" + +RCSID("$Id: afssys.c,v 1.53 1997/05/04 02:30:41 assar Exp $"); + +/* Magic to get AIX syscalls to work */ +#ifdef _AIX + +static int (*Pioctl)(char*, int, void*, int); +static int (*Setpag)(void); + +#include "dlfcn.h" + +static int +isSuid() +{ + int uid = getuid(); + int gid = getgid(); + int euid = getegid(); + int egid = getegid(); + return (uid != euid) || (gid != egid); +} + +static int +aix_setup(void) +{ +#ifdef STATIC_AFS_SYSCALLS + Pioctl = aix_pioctl; + Setpag = aix_setpag; +#else + void *ptr; + char path[MaxPathLen], *p; + /* + * If we are root or running setuid don't trust AFSLIBPATH! + */ + if (getuid() != 0 && !isSuid() && (p = getenv("AFSLIBPATH")) != NULL) + strcpy(path, p); + else + snprintf(path, sizeof(path), "%s/afslib.so", LIBDIR); + + ptr = dlopen(path, 0); + if(ptr){ + Setpag = (int (*)(void))dlsym(ptr, "aix_setpag"); + Pioctl = (int (*)(char*, int, void*, int))dlsym(ptr, "aix_pioctl"); + } +#endif +} +#endif /* _AIX */ + +#define NO_ENTRY_POINT 0 +#define SINGLE_ENTRY_POINT 1 +#define MULTIPLE_ENTRY_POINT 2 +#define SINGLE_ENTRY_POINT2 3 +#define SINGLE_ENTRY_POINT3 4 +#define AIX_ENTRY_POINTS 5 +#define UNKNOWN_ENTRY_POINT 6 +static int afs_entry_point = UNKNOWN_ENTRY_POINT; +static int afs_syscalls[2]; + + +int +k_pioctl(char *a_path, + int o_opcode, + struct ViceIoctl *a_paramsP, + int a_followSymlinks) +{ +#ifndef NO_AFS + switch(afs_entry_point){ +#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3) + case SINGLE_ENTRY_POINT: + case SINGLE_ENTRY_POINT2: + case SINGLE_ENTRY_POINT3: + return syscall(afs_syscalls[0], AFSCALL_PIOCTL, + a_path, o_opcode, a_paramsP, a_followSymlinks); +#endif +#if defined(AFS_PIOCTL) + case MULTIPLE_ENTRY_POINT: + return syscall(afs_syscalls[0], + a_path, o_opcode, a_paramsP, a_followSymlinks); +#endif +#ifdef _AIX + case AIX_ENTRY_POINTS: + return Pioctl(a_path, o_opcode, a_paramsP, a_followSymlinks); +#endif + } + + errno = ENOSYS; +#ifdef SIGSYS + kill(getpid(), SIGSYS); /* You loose! */ +#endif +#endif /* NO_AFS */ + return -1; +} + +int +k_afs_cell_of_file(const char *path, char *cell, int len) +{ + struct ViceIoctl parms; + parms.in = NULL; + parms.in_size = 0; + parms.out = cell; + parms.out_size = len; + return k_pioctl((char*)path, VIOC_FILE_CELL_NAME, &parms, 1); +} + +int +k_unlog(void) +{ + struct ViceIoctl parms; + memset(&parms, 0, sizeof(parms)); + return k_pioctl(0, VIOCUNLOG, &parms, 0); +} + +int +k_setpag(void) +{ +#ifndef NO_AFS + switch(afs_entry_point){ +#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3) + case SINGLE_ENTRY_POINT: + case SINGLE_ENTRY_POINT2: + case SINGLE_ENTRY_POINT3: + return syscall(afs_syscalls[0], AFSCALL_SETPAG); +#endif +#if defined(AFS_PIOCTL) + case MULTIPLE_ENTRY_POINT: + return syscall(afs_syscalls[1]); +#endif +#ifdef _AIX + case AIX_ENTRY_POINTS: + return Setpag(); +#endif + } + + errno = ENOSYS; +#ifdef SIGSYS + kill(getpid(), SIGSYS); /* You loose! */ +#endif +#endif /* NO_AFS */ + return -1; +} + +static jmp_buf catch_SIGSYS; + +#ifdef SIGSYS + +static RETSIGTYPE +SIGSYS_handler(int sig) +{ + errno = 0; + signal(SIGSYS, SIGSYS_handler); /* Need to reinstall handler on SYSV */ + longjmp(catch_SIGSYS, 1); +} + +#endif + +int +k_hasafs(void) +{ + int saved_errno; + RETSIGTYPE (*saved_func)(); + struct ViceIoctl parms; + + /* + * Already checked presence of AFS syscalls? + */ + if (afs_entry_point != UNKNOWN_ENTRY_POINT) + return afs_entry_point != NO_ENTRY_POINT; + + /* + * Probe kernel for AFS specific syscalls, + * they (currently) come in two flavors. + * If the syscall is absent we recive a SIGSYS. + */ + afs_entry_point = NO_ENTRY_POINT; + memset(&parms, 0, sizeof(parms)); + + saved_errno = errno; +#ifndef NO_AFS +#ifdef SIGSYS + saved_func = signal(SIGSYS, SIGSYS_handler); +#endif + +#ifdef AFS_SYSCALL + if (setjmp(catch_SIGSYS) == 0) + { + syscall(AFS_SYSCALL, AFSCALL_PIOCTL, + 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); + if (errno == EINVAL) + { + afs_entry_point = SINGLE_ENTRY_POINT; + afs_syscalls[0] = AFS_SYSCALL; + goto done; + } + } +#endif /* AFS_SYSCALL */ + +#ifdef AFS_PIOCTL + if (setjmp(catch_SIGSYS) == 0) + { + syscall(AFS_PIOCTL, + 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); + if (errno == EINVAL) + { + afs_entry_point = MULTIPLE_ENTRY_POINT; + afs_syscalls[0] = AFS_PIOCTL; + afs_syscalls[1] = AFS_SETPAG; + goto done; + } + } +#endif /* AFS_PIOCTL */ + +#ifdef AFS_SYSCALL2 + if (setjmp(catch_SIGSYS) == 0) + { + syscall(AFS_SYSCALL2, AFSCALL_PIOCTL, + 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); + if (errno == EINVAL) + { + afs_entry_point = SINGLE_ENTRY_POINT2; + afs_syscalls[0] = AFS_SYSCALL2; + goto done; + } + } +#endif /* AFS_SYSCALL */ + +#ifdef AFS_SYSCALL3 + if (setjmp(catch_SIGSYS) == 0) + { + syscall(AFS_SYSCALL3, AFSCALL_PIOCTL, + 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); + if (errno == EINVAL) + { + afs_entry_point = SINGLE_ENTRY_POINT3; + afs_syscalls[0] = AFS_SYSCALL3; + goto done; + } + } +#endif /* AFS_SYSCALL */ + +#ifdef _AIX + aix_setup(); + if(Pioctl != NULL && Setpag != NULL){ + afs_entry_point = AIX_ENTRY_POINTS; + goto done; + } +#endif + +done: +#ifdef SIGSYS + signal(SIGSYS, saved_func); +#endif +#endif /* NO_AFS */ + errno = saved_errno; + return afs_entry_point != NO_ENTRY_POINT; +} diff --git a/crypto/kerberosIV/lib/kafs/afssysdefs.h b/crypto/kerberosIV/lib/kafs/afssysdefs.h new file mode 100644 index 0000000..028f9b3 --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/afssysdefs.h @@ -0,0 +1,87 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: afssysdefs.h,v 1.15 1997/04/01 08:18:12 joda Exp $ */ + +/* + * This section is for machines using single entry point AFS syscalls! + * and/or + * This section is for machines using multiple entry point AFS syscalls! + * + * SunOS 4 is an example of single entry point and sgi of multiple + * entry point syscalls. + */ + +#if SunOS == 4 +#define AFS_SYSCALL 31 +#endif + +#if SunOS == 5 +#define AFS_SYSCALL 105 +#endif + +#if defined(__hpux) +#define AFS_SYSCALL 50 +#define AFS_SYSCALL2 49 +#endif + +#if defined(_AIX) +/* _AIX is too weird */ +#endif + +#if defined(__sgi) +#define AFS_PIOCTL (64+1000) +#define AFS_SETPAG (65+1000) +#endif + +#if defined(__osf__) +#define AFS_SYSCALL 232 +#define AFS_SYSCALL2 258 +#endif + +#if defined(__ultrix) +#define AFS_SYSCALL 31 +#endif + +#if defined(__NetBSD__) +#define AFS_SYSCALL 210 +#endif + +#ifdef SYS_afs_syscall +#define AFS_SYSCALL3 SYS_afs_syscall +#endif diff --git a/crypto/kerberosIV/lib/kafs/dlfcn.c b/crypto/kerberosIV/lib/kafs/dlfcn.c new file mode 100644 index 0000000..3f4de92 --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/dlfcn.c @@ -0,0 +1,570 @@ +/* + * @(#)dlfcn.c 1.11 revision of 96/04/10 20:12:51 + * This is an unpublished work copyright (c) 1992 HELIOS Software GmbH + * 30159 Hannover, Germany + */ + +/* + * Changes marked with `--jwe' were made on April 7 1996 by John W. Eaton + * <jwe@bevo.che.wisc.edu> to support g++ and/or use with Octave. + */ + +/* + * This makes my life easier with Octave. --jwe + */ +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <errno.h> +#include <string.h> +#include <stdlib.h> +#include <sys/types.h> +#include <sys/ldr.h> +#include <a.out.h> +#include <ldfcn.h> +#include "dlfcn.h" + +/* + * We simulate dlopen() et al. through a call to load. Because AIX has + * no call to find an exported symbol we read the loader section of the + * loaded module and build a list of exported symbols and their virtual + * address. + */ + +typedef struct { + char *name; /* the symbols's name */ + void *addr; /* its relocated virtual address */ +} Export, *ExportPtr; + +/* + * xlC uses the following structure to list its constructors and + * destructors. This is gleaned from the output of munch. + */ +typedef struct { + void (*init)(void); /* call static constructors */ + void (*term)(void); /* call static destructors */ +} Cdtor, *CdtorPtr; + +typedef void (*GccCDtorPtr)(void); + +/* + * The void * handle returned from dlopen is actually a ModulePtr. + */ +typedef struct Module { + struct Module *next; + char *name; /* module name for refcounting */ + int refCnt; /* the number of references */ + void *entry; /* entry point from load */ + struct dl_info *info; /* optional init/terminate functions */ + CdtorPtr cdtors; /* optional C++ constructors */ + GccCDtorPtr gcc_ctor; /* g++ constructors --jwe */ + GccCDtorPtr gcc_dtor; /* g++ destructors --jwe */ + int nExports; /* the number of exports found */ + ExportPtr exports; /* the array of exports */ +} Module, *ModulePtr; + +/* + * We keep a list of all loaded modules to be able to call the fini + * handlers and destructors at atexit() time. + */ +static ModulePtr modList; + +/* + * The last error from one of the dl* routines is kept in static + * variables here. Each error is returned only once to the caller. + */ +static char errbuf[BUFSIZ]; +static int errvalid; + +/* + * The `fixed' gcc header files on AIX 3.2.5 provide a prototype for + * strdup(). --jwe + */ +#ifndef HAVE_STRDUP +extern char *strdup(const char *); +#endif +static void caterr(char *); +static int readExports(ModulePtr); +static void terminate(void); +static void *findMain(void); + +void *dlopen(const char *path, int mode) +{ + ModulePtr mp; + static void *mainModule; + + /* + * Upon the first call register a terminate handler that will + * close all libraries. Also get a reference to the main module + * for use with loadbind. + */ + if (!mainModule) { + if ((mainModule = findMain()) == NULL) + return NULL; + atexit(terminate); + } + /* + * Scan the list of modules if we have the module already loaded. + */ + for (mp = modList; mp; mp = mp->next) + if (strcmp(mp->name, path) == 0) { + mp->refCnt++; + return mp; + } + if ((mp = (ModulePtr)calloc(1, sizeof(*mp))) == NULL) { + errvalid++; + strcpy(errbuf, "calloc: "); + strcat(errbuf, strerror(errno)); + return NULL; + } + if ((mp->name = strdup(path)) == NULL) { + errvalid++; + strcpy(errbuf, "strdup: "); + strcat(errbuf, strerror(errno)); + free(mp); + return NULL; + } + /* + * load should be declared load(const char *...). Thus we + * cast the path to a normal char *. Ugly. + */ + if ((mp->entry = (void *)load((char *)path, L_NOAUTODEFER, NULL)) == NULL) { + free(mp->name); + free(mp); + errvalid++; + strcpy(errbuf, "dlopen: "); + strcat(errbuf, path); + strcat(errbuf, ": "); + /* + * If AIX says the file is not executable, the error + * can be further described by querying the loader about + * the last error. + */ + if (errno == ENOEXEC) { + char *tmp[BUFSIZ/sizeof(char *)]; + if (loadquery(L_GETMESSAGES, tmp, sizeof(tmp)) == -1) + strcpy(errbuf, strerror(errno)); + else { + char **p; + for (p = tmp; *p; p++) + caterr(*p); + } + } else + strcat(errbuf, strerror(errno)); + return NULL; + } + mp->refCnt = 1; + mp->next = modList; + modList = mp; + if (loadbind(0, mainModule, mp->entry) == -1) { + dlclose(mp); + errvalid++; + strcpy(errbuf, "loadbind: "); + strcat(errbuf, strerror(errno)); + return NULL; + } + /* + * If the user wants global binding, loadbind against all other + * loaded modules. + */ + if (mode & RTLD_GLOBAL) { + ModulePtr mp1; + for (mp1 = mp->next; mp1; mp1 = mp1->next) + if (loadbind(0, mp1->entry, mp->entry) == -1) { + dlclose(mp); + errvalid++; + strcpy(errbuf, "loadbind: "); + strcat(errbuf, strerror(errno)); + return NULL; + } + } + if (readExports(mp) == -1) { + dlclose(mp); + return NULL; + } + /* + * If there is a dl_info structure, call the init function. + */ + if (mp->info = (struct dl_info *)dlsym(mp, "dl_info")) { + if (mp->info->init) + (*mp->info->init)(); + } else + errvalid = 0; + /* + * If the shared object was compiled using xlC we will need + * to call static constructors (and later on dlclose destructors). + */ + if (mp->cdtors = (CdtorPtr)dlsym(mp, "__cdtors")) { + CdtorPtr cp = mp->cdtors; + while (cp->init || cp->term) { + if (cp->init && cp->init != (void (*)(void))0xffffffff) + (*cp->init)(); + cp++; + } + /* + * If the shared object was compiled using g++, we will need + * to call global constructors using the _GLOBAL__DI function, + * and later, global destructors using the _GLOBAL_DD + * funciton. --jwe + */ + } else if (mp->gcc_ctor = (GccCDtorPtr)dlsym(mp, "_GLOBAL__DI")) { + (*mp->gcc_ctor)(); + mp->gcc_dtor = (GccCDtorPtr)dlsym(mp, "_GLOBAL__DD"); + } else + errvalid = 0; + return mp; +} + +/* + * Attempt to decipher an AIX loader error message and append it + * to our static error message buffer. + */ +static void caterr(char *s) +{ + char *p = s; + + while (*p >= '0' && *p <= '9') + p++; + switch(atoi(s)) { + case L_ERROR_TOOMANY: + strcat(errbuf, "to many errors"); + break; + case L_ERROR_NOLIB: + strcat(errbuf, "can't load library"); + strcat(errbuf, p); + break; + case L_ERROR_UNDEF: + strcat(errbuf, "can't find symbol"); + strcat(errbuf, p); + break; + case L_ERROR_RLDBAD: + strcat(errbuf, "bad RLD"); + strcat(errbuf, p); + break; + case L_ERROR_FORMAT: + strcat(errbuf, "bad exec format in"); + strcat(errbuf, p); + break; + case L_ERROR_ERRNO: + strcat(errbuf, strerror(atoi(++p))); + break; + default: + strcat(errbuf, s); + break; + } +} + +void *dlsym(void *handle, const char *symbol) +{ + ModulePtr mp = (ModulePtr)handle; + ExportPtr ep; + int i; + + /* + * Could speed up the search, but I assume that one assigns + * the result to function pointers anyways. + */ + for (ep = mp->exports, i = mp->nExports; i; i--, ep++) + if (strcmp(ep->name, symbol) == 0) + return ep->addr; + errvalid++; + strcpy(errbuf, "dlsym: undefined symbol "); + strcat(errbuf, symbol); + return NULL; +} + +char *dlerror(void) +{ + if (errvalid) { + errvalid = 0; + return errbuf; + } + return NULL; +} + +int dlclose(void *handle) +{ + ModulePtr mp = (ModulePtr)handle; + int result; + ModulePtr mp1; + + if (--mp->refCnt > 0) + return 0; + if (mp->info && mp->info->fini) + (*mp->info->fini)(); + if (mp->cdtors) { + CdtorPtr cp = mp->cdtors; + while (cp->init || cp->term) { + if (cp->term && cp->init != (void (*)(void))0xffffffff) + (*cp->term)(); + cp++; + } + /* + * If the function to handle global destructors for g++ + * exists, call it. --jwe + */ + } else if (mp->gcc_dtor) { + (*mp->gcc_dtor)(); + } + result = unload(mp->entry); + if (result == -1) { + errvalid++; + strcpy(errbuf, strerror(errno)); + } + if (mp->exports) { + ExportPtr ep; + int i; + for (ep = mp->exports, i = mp->nExports; i; i--, ep++) + if (ep->name) + free(ep->name); + free(mp->exports); + } + if (mp == modList) + modList = mp->next; + else { + for (mp1 = modList; mp1; mp1 = mp1->next) + if (mp1->next == mp) { + mp1->next = mp->next; + break; + } + } + free(mp->name); + free(mp); + return result; +} + +static void terminate(void) +{ + while (modList) + dlclose(modList); +} + +/* + * Build the export table from the XCOFF .loader section. + */ +static int readExports(ModulePtr mp) +{ + LDFILE *ldp = NULL; + SCNHDR sh, shdata; + LDHDR *lhp; + char *ldbuf; + LDSYM *ls; + int i; + ExportPtr ep; + + if ((ldp = ldopen(mp->name, ldp)) == NULL) { + struct ld_info *lp; + char *buf; + int size = 4*1024; + if (errno != ENOENT) { + errvalid++; + strcpy(errbuf, "readExports: "); + strcat(errbuf, strerror(errno)); + return -1; + } + /* + * The module might be loaded due to the LIBPATH + * environment variable. Search for the loaded + * module using L_GETINFO. + */ + if ((buf = malloc(size)) == NULL) { + errvalid++; + strcpy(errbuf, "readExports: "); + strcat(errbuf, strerror(errno)); + return -1; + } + while ((i = loadquery(L_GETINFO, buf, size)) == -1 && errno == ENOMEM) { + free(buf); + size += 4*1024; + if ((buf = malloc(size)) == NULL) { + errvalid++; + strcpy(errbuf, "readExports: "); + strcat(errbuf, strerror(errno)); + return -1; + } + } + if (i == -1) { + errvalid++; + strcpy(errbuf, "readExports: "); + strcat(errbuf, strerror(errno)); + free(buf); + return -1; + } + /* + * Traverse the list of loaded modules. The entry point + * returned by load() does actually point to the data + * segment origin. + */ + lp = (struct ld_info *)buf; + while (lp) { + if (lp->ldinfo_dataorg == mp->entry) { + ldp = ldopen(lp->ldinfo_filename, ldp); + break; + } + if (lp->ldinfo_next == 0) + lp = NULL; + else + lp = (struct ld_info *)((char *)lp + lp->ldinfo_next); + } + free(buf); + if (!ldp) { + errvalid++; + strcpy(errbuf, "readExports: "); + strcat(errbuf, strerror(errno)); + return -1; + } + } + if (TYPE(ldp) != U802TOCMAGIC) { + errvalid++; + strcpy(errbuf, "readExports: bad magic"); + while(ldclose(ldp) == FAILURE) + ; + return -1; + } + /* + * Get the padding for the data section. This is needed for + * AIX 4.1 compilers. This is used when building the final + * function pointer to the exported symbol. + */ + if (ldnshread(ldp, _DATA, &shdata) != SUCCESS) { + errvalid++; + strcpy(errbuf, "readExports: cannot read data section header"); + while(ldclose(ldp) == FAILURE) + ; + return -1; + } + if (ldnshread(ldp, _LOADER, &sh) != SUCCESS) { + errvalid++; + strcpy(errbuf, "readExports: cannot read loader section header"); + while(ldclose(ldp) == FAILURE) + ; + return -1; + } + /* + * We read the complete loader section in one chunk, this makes + * finding long symbol names residing in the string table easier. + */ + if ((ldbuf = (char *)malloc(sh.s_size)) == NULL) { + errvalid++; + strcpy(errbuf, "readExports: "); + strcat(errbuf, strerror(errno)); + while(ldclose(ldp) == FAILURE) + ; + return -1; + } + if (FSEEK(ldp, sh.s_scnptr, BEGINNING) != OKFSEEK) { + errvalid++; + strcpy(errbuf, "readExports: cannot seek to loader section"); + free(ldbuf); + while(ldclose(ldp) == FAILURE) + ; + return -1; + } + if (FREAD(ldbuf, sh.s_size, 1, ldp) != 1) { + errvalid++; + strcpy(errbuf, "readExports: cannot read loader section"); + free(ldbuf); + while(ldclose(ldp) == FAILURE) + ; + return -1; + } + lhp = (LDHDR *)ldbuf; + ls = (LDSYM *)(ldbuf+LDHDRSZ); + /* + * Count the number of exports to include in our export table. + */ + for (i = lhp->l_nsyms; i; i--, ls++) { + if (!LDR_EXPORT(*ls)) + continue; + mp->nExports++; + } + if ((mp->exports = (ExportPtr)calloc(mp->nExports, sizeof(*mp->exports))) == NULL) { + errvalid++; + strcpy(errbuf, "readExports: "); + strcat(errbuf, strerror(errno)); + free(ldbuf); + while(ldclose(ldp) == FAILURE) + ; + return -1; + } + /* + * Fill in the export table. All entries are relative to + * the entry point we got from load. + */ + ep = mp->exports; + ls = (LDSYM *)(ldbuf+LDHDRSZ); + for (i = lhp->l_nsyms; i; i--, ls++) { + char *symname; + char tmpsym[SYMNMLEN+1]; + if (!LDR_EXPORT(*ls)) + continue; + if (ls->l_zeroes == 0) + symname = ls->l_offset+lhp->l_stoff+ldbuf; + else { + /* + * The l_name member is not zero terminated, we + * must copy the first SYMNMLEN chars and make + * sure we have a zero byte at the end. + */ + strncpy(tmpsym, ls->l_name, SYMNMLEN); + tmpsym[SYMNMLEN] = '\0'; + symname = tmpsym; + } + ep->name = strdup(symname); + ep->addr = (void *)((unsigned long)mp->entry + + ls->l_value - shdata.s_vaddr); + ep++; + } + free(ldbuf); + while(ldclose(ldp) == FAILURE) + ; + return 0; +} + +/* + * Find the main modules entry point. This is used as export pointer + * for loadbind() to be able to resolve references to the main part. + */ +static void * findMain(void) +{ + struct ld_info *lp; + char *buf; + int size = 4*1024; + int i; + void *ret; + + if ((buf = malloc(size)) == NULL) { + errvalid++; + strcpy(errbuf, "findMain: "); + strcat(errbuf, strerror(errno)); + return NULL; + } + while ((i = loadquery(L_GETINFO, buf, size)) == -1 && errno == ENOMEM) { + free(buf); + size += 4*1024; + if ((buf = malloc(size)) == NULL) { + errvalid++; + strcpy(errbuf, "findMain: "); + strcat(errbuf, strerror(errno)); + return NULL; + } + } + if (i == -1) { + errvalid++; + strcpy(errbuf, "findMain: "); + strcat(errbuf, strerror(errno)); + free(buf); + return NULL; + } + /* + * The first entry is the main module. The entry point + * returned by load() does actually point to the data + * segment origin. + */ + lp = (struct ld_info *)buf; + ret = lp->ldinfo_dataorg; + free(buf); + return ret; +} diff --git a/crypto/kerberosIV/lib/kafs/dlfcn.h b/crypto/kerberosIV/lib/kafs/dlfcn.h new file mode 100644 index 0000000..5671e9c --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/dlfcn.h @@ -0,0 +1,46 @@ +/* + * @(#)dlfcn.h 1.4 revision of 95/04/25 09:36:52 + * This is an unpublished work copyright (c) 1992 HELIOS Software GmbH + * 30159 Hannover, Germany + */ + +#ifndef __dlfcn_h__ +#define __dlfcn_h__ + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Mode flags for the dlopen routine. + */ +#define RTLD_LAZY 1 /* lazy function call binding */ +#define RTLD_NOW 2 /* immediate function call binding */ +#define RTLD_GLOBAL 0x100 /* allow symbols to be global */ + +/* + * To be able to intialize, a library may provide a dl_info structure + * that contains functions to be called to initialize and terminate. + */ +struct dl_info { + void (*init)(void); + void (*fini)(void); +}; + +#if __STDC__ || defined(_IBMR2) +void *dlopen(const char *path, int mode); +void *dlsym(void *handle, const char *symbol); +char *dlerror(void); +int dlclose(void *handle); +#else +void *dlopen(); +void *dlsym(); +char *dlerror(); +int dlclose(); +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* __dlfcn_h__ */ diff --git a/crypto/kerberosIV/lib/kafs/kafs.h b/crypto/kerberosIV/lib/kafs/kafs.h new file mode 100644 index 0000000..b3c53b5 --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/kafs.h @@ -0,0 +1,100 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: kafs.h,v 1.19 1997/05/14 17:41:02 joda Exp $ */ + +#ifndef __KAFS_H +#define __KAFS_H + +#include <ktypes.h> +#include <sys/cdefs.h> +/* sys/ioctl.h must be included manually before kafs.h */ + +/* + */ +#define AFSCALL_PIOCTL 20 +#define AFSCALL_SETPAG 21 + +#ifndef _VICEIOCTL +#define _VICEIOCTL(id) ((unsigned int ) _IOW('V', id, struct ViceIoctl)) +#endif /* _VICEIOCTL */ + +#define VIOCSETTOK _VICEIOCTL(3) +#define VIOCGETTOK _VICEIOCTL(8) +#define VIOCUNLOG _VICEIOCTL(9) +#define VIOC_FILE_CELL_NAME _VICEIOCTL(30) + +struct ViceIoctl { + caddr_t in, out; + short in_size; + short out_size; +}; + +struct ClearToken { + int32_t AuthHandle; + char HandShakeKey[8]; + int32_t ViceId; + int32_t BeginTimestamp; + int32_t EndTimestamp; +}; + +#ifndef __P +#define __P(x) x +#endif + +/* Use k_hasafs() to probe if the machine supports AFS syscalls. + The other functions will generate a SIGSYS if AFS is not supported */ + +int k_hasafs __P((void)); + +int k_afsklog __P((const char *cell, const char *realm)); +int k_afsklog_uid __P((const char *cell, const char *realm, uid_t uid)); +int k_pioctl __P((char *a_path, + int o_opcode, + struct ViceIoctl *a_paramsP, + int a_followSymlinks)); +int k_unlog __P((void)); +int k_setpag __P((void)); +int k_afs_cell_of_file __P((const char *path, char *cell, int len)); + +#define _PATH_VICE "/usr/vice/etc/" +#define _PATH_THISCELL _PATH_VICE "ThisCell" +#define _PATH_CELLSERVDB _PATH_VICE "CellServDB" +#define _PATH_THESECELLS _PATH_VICE "TheseCells" + +#endif /* __KAFS_H */ diff --git a/crypto/kerberosIV/lib/kafs/kafs_locl.h b/crypto/kerberosIV/lib/kafs/kafs_locl.h new file mode 100644 index 0000000..6ada6ab --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/kafs_locl.h @@ -0,0 +1,96 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: kafs_locl.h,v 1.3 1997/05/04 23:04:44 assar Exp $ */ + +#ifndef __KAFS_LOCL_H__ +#define __KAFS_LOCL_H__ + +#include <config.h> +#include <protos.h> + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <signal.h> +#include <setjmp.h> +#include <errno.h> + +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4 +#include <sys/ioctl.h> +#endif +#ifdef HAVE_SYS_FILIO_H +#include <sys/filio.h> +#endif + +#ifdef HAVE_SYS_SYSCALL_H +#include <sys/syscall.h> +#endif +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif + +#ifdef HAVE_ARPA_NAMESER_H +#include <arpa/nameser.h> +#endif +#ifdef HAVE_RESOLV_H +#include <resolv.h> +#endif +#include <roken.h> + +#include <krb.h> +#include <kafs.h> + +#include <resolve.h> + +#include "afssysdefs.h" + + +#endif /* __KAFS_LOCL_H__ */ diff --git a/crypto/kerberosIV/lib/kdb/Makefile.in b/crypto/kerberosIV/lib/kdb/Makefile.in new file mode 100644 index 0000000..f6fb962 --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/Makefile.in @@ -0,0 +1,83 @@ +# +# $Id: Makefile.in,v 1.25 1997/05/06 03:47:39 assar Exp $ +# + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ + +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ + +PICFLAGS = @PICFLAGS@ + +LIBNAME = $(LIBPREFIX)kdb +LIBEXT = @LIBEXT@ +SHLIBEXT = @SHLIBEXT@ +LIBPREFIX = @LIBPREFIX@ +LDSHARED = @LDSHARED@ +LIB = $(LIBNAME).$(LIBEXT) + +SOURCES = krb_cache.c krb_kdb_utils.c copykey.c krb_lib.c krb_dbm.c print_princ.c base64.c + +OBJECTS = krb_cache.o krb_kdb_utils.o copykey.o krb_lib.o krb_dbm.o print_princ.o base64.o + +all: $(LIB) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(libdir) + $(INSTALL_DATA) -m 0555 $(LIB) $(libdir) + +uninstall: + rm -f $(libdir)/$(LIB) + +TAGS: $(SOURCES) + etags $(SOURCES) + +check: + +clean: + rm -f $(LIB) *.o *.a + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +$(LIBNAME).a: $(OBJECTS) + rm -f $@ + $(AR) cr $@ $(OBJECTS) + -$(RANLIB) $@ + +$(LIBNAME).$(SHLIBEXT): $(OBJECTS) + rm -f $@ + $(LDSHARED) -o $@ $(OBJECTS) + +$(OBJECTS): ../../include/config.h diff --git a/crypto/kerberosIV/lib/kdb/base64.c b/crypto/kerberosIV/lib/kdb/base64.c new file mode 100644 index 0000000..d7e89c4 --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/base64.c @@ -0,0 +1,150 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: base64.c,v 1.7 1997/04/01 08:18:16 joda Exp $"); +#endif + +#include <stdlib.h> +#include <ctype.h> +#include <string.h> +#include "base64.h" + +static char base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + +static int POS(char c) +{ + if(c == '=') return 64; + if(isupper(c)) + return c - 'A'; + if(islower(c)) + return c - 'a' + 26; + if(isdigit(c)) + return c - '0' + 52; + if(c == '+') + return 62; + if(c == '/') + return 63; + return -1; +} + +char *base64_encode(const void *buf, int size) +{ + char *str = (char*)malloc((size+3)*4/3+1); + char *p=str; + unsigned char *q = (unsigned char*)buf; + int i; + int c; + i=0; + while(i<size){ + c=q[i++]; + c*=256; + if(i<size) + c+=q[i]; + i++; + c*=256; + if(i<size) + c+=q[i]; + i++; + p[0]=base64[(c&0x00fc0000) >> 18]; + p[1]=base64[(c&0x0003f000) >> 12]; + p[2]=base64[(c&0x00000fc0) >> 6]; + p[3]=base64[(c&0x0000003f) >> 0]; + if(i>size) + p[3]='='; + if(i>size+1) + p[2]='='; + p+=4; + } + *p=0; + return str; +} + +/* convert string in s to binary data. s should be a multiple of 4 + * bytes long. data should be at least len(s) * 3 / 4 bytes long. + * returns + */ +int base64_decode(char *s, void *data) +{ + char *p; + unsigned char *q; + int n[4]; + + if(strlen(s) % 4) + return -1; + q=(unsigned char*)data; + for(p=s; *p; p+=4){ + n[0] = POS(p[0]); + n[1] = POS(p[1]); + n[2] = POS(p[2]); + n[3] = POS(p[3]); + if((n[0] | n[1] | n[2] | n[3]) < 0) + return -1; + + if(n[0] == 64 || n[1] == 64) + return -1; + if(n[2] == 64 && n[3] < 64) + return -1; + q[0] = (n[0] << 2) + (n[1] >> 4); + if(n[2] < 64){ + q[1] = ((n[1] & 15) << 4) + (n[2] >> 2); + } + if(n[3] < 64){ + q[2] = ((n[2] & 3) << 6) + n[3]; + } + q+=3; + } + q -= (n[2] == 64) + (n[3] == 64); + return q - (unsigned char*)data; +} + +#ifdef TEST +int main(int argc, char **argv) +{ + char str[128]; + char buf[128]; + char *p; + printf("base64_encode(\"%s\") = \"%s\"\n", argv[1], + p=base64_encode(argv[1], strlen(argv[1]))); + printf("base64_decode(\"%s\") = %d", p, base64_decode(p, buf)); + printf(" (\"%s\")\n", buf); + printf("base64_decode(\"%s\") = %d", argv[1], base64_decode(argv[1], buf)); + printf(" (\"%s\")\n", buf); +} +#endif diff --git a/crypto/kerberosIV/lib/kdb/base64.h b/crypto/kerberosIV/lib/kdb/base64.h new file mode 100644 index 0000000..edfb344 --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/base64.h @@ -0,0 +1,47 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: base64.h,v 1.5 1997/04/01 08:18:16 joda Exp $ */ + +#ifndef _BASE64_H_ +#define _BASE64_H_ + +char *base64_encode(const void *buf, int size); +int base64_decode(char *s, void *data); + +#endif diff --git a/crypto/kerberosIV/lib/kdb/copykey.c b/crypto/kerberosIV/lib/kdb/copykey.c new file mode 100644 index 0000000..a78baf7 --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/copykey.c @@ -0,0 +1,55 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kdb_locl.h" + +RCSID("$Id: copykey.c,v 1.10 1997/04/01 08:18:17 joda Exp $"); + +void +copy_from_key(des_cblock in, u_int32_t *lo, u_int32_t *hi) +{ + memcpy(lo, ((char *) in) + 0, 4); + memcpy(hi, ((char *) in) + 4, 4); +} + +void +copy_to_key(u_int32_t *lo, u_int32_t *hi, des_cblock out) +{ + memcpy(((char *)out) + 0, lo, 4); + memcpy(((char *)out) + 4, hi, 4); +} diff --git a/crypto/kerberosIV/lib/kdb/kdb_locl.h b/crypto/kerberosIV/lib/kdb/kdb_locl.h new file mode 100644 index 0000000..fe4d079 --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/kdb_locl.h @@ -0,0 +1,98 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: kdb_locl.h,v 1.9 1997/05/02 14:29:08 assar Exp $ */ + +#ifndef __kdb_locl_h +#define __kdb_locl_h + +#include "config.h" +#include "protos.h" + +#include "base64.h" + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include <unistd.h> +#include <errno.h> + +#include <sys/types.h> + +#ifdef TIME_WITH_SYS_TIME +#include <sys/time.h> +#include <time.h> +#elif defined(HAVE_SYS_TIME_H) +#include <sys/time.h> +#else +#include <time.h> +#endif + +#include <sys/stat.h> +#include <fcntl.h> +#include <utime.h> +#include <sys/file.h> +#include <roken.h> + +#include <krb.h> +#include <krb_db.h> + +/* --- */ + +/* Globals! */ + +/* Utils */ + +int kerb_db_set_lockmode __P((int)); +void kerb_db_fini __P((void)); +int kerb_db_init __P((void)); +int kerb_db_get_principal __P((char *name, char *, Principal *, unsigned int, int *)); +int kerb_db_get_dba __P((char *, char *, Dba *, unsigned int, int *)); + +void delta_stat __P((DB_stat *, DB_stat *, DB_stat *)); + +int kerb_cache_init __P((void)); +int kerb_cache_get_principal __P((char *name, char *, Principal *, unsigned int)); +int kerb_cache_put_principal __P((Principal *, unsigned int)); +int kerb_cache_get_dba __P((char *, char *, Dba *, unsigned int)); +int kerb_cache_put_dba __P((Dba *, unsigned int)); + +void krb_print_principal __P((Principal *)); + +#endif /* __kdb_locl_h */ diff --git a/crypto/kerberosIV/lib/kdb/kdc.h b/crypto/kerberosIV/lib/kdb/kdc.h new file mode 100644 index 0000000..f404d11 --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/kdc.h @@ -0,0 +1,34 @@ +/* + * $Id: kdc.h,v 1.8 1997/04/01 03:59:05 assar Exp $ + * + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * Include file for the Kerberos Key Distribution Center. + */ + +#ifndef KDC_DEFS +#define KDC_DEFS + +/* Don't depend on this! */ +#ifndef MKEYFILE +#if 0 +#define MKEYFILE "/var/kerberos/master-key" +#else +#define MKEYFILE "/.k" +#endif +#endif +#ifndef K_LOGFIL +#define K_LOGFIL "/var/log/kpropd.log" +#endif + +#define ONE_MINUTE 60 +#define FIVE_MINUTES (5 * ONE_MINUTE) +#define ONE_HOUR (60 * ONE_MINUTE) +#define ONE_DAY (24 * ONE_HOUR) +#define THREE_DAYS (3 * ONE_DAY) + +#endif /* KDC_DEFS */ + diff --git a/crypto/kerberosIV/lib/kdb/krb_cache.c b/crypto/kerberosIV/lib/kdb/krb_cache.c new file mode 100644 index 0000000..ed4a5b1 --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/krb_cache.c @@ -0,0 +1,189 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +/* + * This is where a cache would be implemented, if it were necessary. + */ + +#include "kdb_locl.h" + +RCSID("$Id: krb_cache.c,v 1.6 1997/05/02 10:27:53 joda Exp $"); + +#ifdef DEBUG +extern int debug; +extern long kerb_debug; +#endif +static int init = 0; + +/* + * initialization routine for cache + */ + +int +kerb_cache_init(void) +{ + init = 1; + return (0); +} + +/* + * look up a principal in the cache returns number of principals found + */ + +int +kerb_cache_get_principal(char *serv, char *inst, Principal *principal, unsigned int max) + /* could have wild card */ + /* could have wild card */ + + /* max number of name structs to return */ + +{ + int found = 0; + + if (!init) + kerb_cache_init(); +#ifdef DEBUG + if (kerb_debug & 2) + fprintf(stderr, "cache_get_principal for %s %s max = %d\n", + serv, inst, max); +#endif /* DEBUG */ + +#ifdef DEBUG + if (kerb_debug & 2) { + if (found) { + fprintf(stderr, "cache get %s %s found %s %s sid = %d\n", + serv, inst, principal->name, principal->instance); + } else { + fprintf(stderr, "cache %s %s not found\n", serv, + inst); + } + } +#endif + return (found); +} + +/* + * insert/replace a principal in the cache returns number of principals + * inserted + */ + +int +kerb_cache_put_principal(Principal *principal, unsigned int max) + + /* max number of principal structs to + * insert */ + +{ + u_long i; + int count = 0; + + if (!init) + kerb_cache_init(); + +#ifdef DEBUG + if (kerb_debug & 2) { + fprintf(stderr, "kerb_cache_put_principal max = %d", + max); + } +#endif + + for (i = 0; i < max; i++) { +#ifdef DEBUG + if (kerb_debug & 2) + fprintf(stderr, "\n %s %s", + principal->name, principal->instance); +#endif + /* DO IT */ + count++; + principal++; + } + return count; +} + +/* + * look up a dba in the cache returns number of dbas found + */ + +int +kerb_cache_get_dba(char *serv, char *inst, Dba *dba, unsigned int max) + /* could have wild card */ + /* could have wild card */ + + /* max number of name structs to return */ + +{ + int found = 0; + + if (!init) + kerb_cache_init(); + +#ifdef DEBUG + if (kerb_debug & 2) + fprintf(stderr, "cache_get_dba for %s %s max = %d\n", + serv, inst, max); +#endif + +#ifdef DEBUG + if (kerb_debug & 2) { + if (found) { + fprintf(stderr, "cache get %s %s found %s %s sid = %d\n", + serv, inst, dba->name, dba->instance); + } else { + fprintf(stderr, "cache %s %s not found\n", serv, inst); + } + } +#endif + return (found); +} + +/* + * insert/replace a dba in the cache returns number of dbas inserted + */ + +int +kerb_cache_put_dba(Dba *dba, unsigned int max) + + /* max number of dba structs to insert */ + +{ + u_long i; + int count = 0; + + if (!init) + kerb_cache_init(); +#ifdef DEBUG + if (kerb_debug & 2) { + fprintf(stderr, "kerb_cache_put_dba max = %d", max); + } +#endif + for (i = 0; i < max; i++) { +#ifdef DEBUG + if (kerb_debug & 2) + fprintf(stderr, "\n %s %s", + dba->name, dba->instance); +#endif + /* DO IT */ + count++; + dba++; + } + return count; +} + diff --git a/crypto/kerberosIV/lib/kdb/krb_db.h b/crypto/kerberosIV/lib/kdb/krb_db.h new file mode 100644 index 0000000..1a08b83 --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/krb_db.h @@ -0,0 +1,137 @@ +/* + * $Id: krb_db.h,v 1.15 1996/12/17 20:34:32 assar Exp $ + * + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * spm Project Athena 8/85 + * + * This file defines data structures for the kerberos + * authentication/authorization database. + * + * They MUST correspond to those defined in *.rel + */ + +#ifndef KRB_DB_DEFS +#define KRB_DB_DEFS + +#include <stdio.h> + +#define KERB_M_NAME "K" /* Kerberos */ +#define KERB_M_INST "M" /* Master */ +#define KERB_DEFAULT_NAME "default" +#define KERB_DEFAULT_INST "" +#ifndef DB_DIR +#define DB_DIR "/var/kerberos" +#endif +#ifndef DBM_FILE +#define DBM_FILE DB_DIR "/principal" +#endif + +/* this also defines the number of queue headers */ +#define KERB_DB_HASH_MODULO 64 + + +/* Arguments to kerb_dbl_lock() */ + +#define KERB_DBL_EXCLUSIVE 1 +#define KERB_DBL_SHARED 0 + +/* arguments to kerb_db_set_lockmode() */ + +#define KERB_DBL_BLOCKING 0 +#define KERB_DBL_NONBLOCKING 1 + +/* arguments to kdb_get_master_key */ + +#define KDB_GET_PROMPT 1 +#define KDB_GET_TWICE 2 + +/* Principal defines the structure of a principal's name */ + +typedef struct { + char name[ANAME_SZ]; + char instance[INST_SZ]; + + u_int32_t key_low; + u_int32_t key_high; + u_int32_t exp_date; + char exp_date_txt[DATE_SZ]; + u_int32_t mod_date; + char mod_date_txt[DATE_SZ]; + u_int16_t attributes; + u_int8_t max_life; + u_int8_t kdc_key_ver; + u_int8_t key_version; + + char mod_name[ANAME_SZ]; + char mod_instance[INST_SZ]; + char *old; /* cast to (Principal *); not in db, + * ptr to old vals */ +} Principal; + +typedef struct { + int32_t cpu; + int32_t elapsed; + int32_t dio; + int32_t pfault; + int32_t t_stamp; + int32_t n_retrieve; + int32_t n_replace; + int32_t n_append; + int32_t n_get_stat; + int32_t n_put_stat; +} DB_stat; + +/* Dba defines the structure of a database administrator */ + +typedef struct { + char name[ANAME_SZ]; + char instance[INST_SZ]; + u_int16_t attributes; + u_int32_t exp_date; + char exp_date_txt[DATE_SZ]; + char *old; /* + * cast to (Dba *); not in db, ptr to + * old vals + */ +} Dba; + +typedef int (*k_iter_proc_t)(void*, Principal*); + +void copy_from_key __P((des_cblock in, u_int32_t *lo, u_int32_t *hi)); +void copy_to_key __P((u_int32_t *lo, u_int32_t *hi, des_cblock out)); + +void kdb_encrypt_key __P((des_cblock *, des_cblock *, des_cblock *, + des_key_schedule, int)); +int kdb_get_master_key __P((int prompt, des_cblock *master_key, + des_key_schedule master_key_sched)); +int kdb_get_new_master_key __P((des_cblock *, des_key_schedule, int)); +int kdb_kstash __P((des_cblock *, char *)); +int kdb_new_get_master_key __P((des_cblock *, des_key_schedule)); +int kdb_new_get_new_master_key __P((des_cblock *key, des_key_schedule schedule, int verify)); +long kdb_verify_master_key __P((des_cblock *, des_key_schedule, FILE *)); +long *kerb_db_begin_update __P((void)); +int kerb_db_create __P((char *db_name)); +int kerb_db_delete_principal (char *name, char *inst); +void kerb_db_end_update __P((long *db)); +int kerb_db_get_dba __P((char *, char *, Dba *, unsigned, int *)); +void kerb_db_get_stat __P((DB_stat *)); +int kerb_db_iterate __P((k_iter_proc_t, void*)); +int kerb_db_put_principal __P((Principal *, unsigned int)); +void kerb_db_put_stat __P((DB_stat *)); +int kerb_db_rename __P((char *, char *)); +int kerb_db_set_lockmode __P((int)); +int kerb_db_set_name __P((char *)); +int kerb_db_update __P((long *db, Principal *principal, unsigned int max)); +int kerb_delete_principal __P((char *name, char *inst)); +void kerb_fini __P((void)); +int kerb_get_dba __P((char *, char *, Dba *, unsigned int, int *)); +time_t kerb_get_db_age __P((void)); +int kerb_get_principal __P((char *, char *, Principal *, unsigned int, int *)); +int kerb_init __P((void)); +int kerb_put_principal __P((Principal *, unsigned int)); + +#endif /* KRB_DB_DEFS */ diff --git a/crypto/kerberosIV/lib/kdb/krb_dbm.c b/crypto/kerberosIV/lib/kdb/krb_dbm.c new file mode 100644 index 0000000..963656a --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/krb_dbm.c @@ -0,0 +1,823 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "kdb_locl.h" + +RCSID("$Id: krb_dbm.c,v 1.27 1997/05/02 14:29:09 assar Exp $"); + +#include <xdbm.h> + +#define KERB_DB_MAX_RETRY 5 + +#ifdef DEBUG +extern int debug; +extern long kerb_debug; +extern char *progname; +#endif + +static int init = 0; +static char default_db_name[] = DBM_FILE; +static char *current_db_name = default_db_name; + +static struct timeval timestamp;/* current time of request */ +static int non_blocking = 0; + +/* + * This module contains all of the code which directly interfaces to + * the underlying representation of the Kerberos database; this + * implementation uses a DBM or NDBM indexed "file" (actually + * implemented as two separate files) to store the relations, plus a + * third file as a semaphore to allow the database to be replaced out + * from underneath the KDC server. + */ + +/* + * Locking: + * + * There are two distinct locking protocols used. One is designed to + * lock against processes (the admin_server, for one) which make + * incremental changes to the database; the other is designed to lock + * against utilities (kdb_util, kpropd) which replace the entire + * database in one fell swoop. + * + * The first locking protocol is implemented using flock() in the + * krb_dbl_lock() and krb_dbl_unlock routines. + * + * The second locking protocol is necessary because DBM "files" are + * actually implemented as two separate files, and it is impossible to + * atomically rename two files simultaneously. It assumes that the + * database is replaced only very infrequently in comparison to the time + * needed to do a database read operation. + * + * A third file is used as a "version" semaphore; the modification + * time of this file is the "version number" of the database. + * At the start of a read operation, the reader checks the version + * number; at the end of the read operation, it checks again. If the + * version number changed, or if the semaphore was nonexistant at + * either time, the reader sleeps for a second to let things + * stabilize, and then tries again; if it does not succeed after + * KERB_DB_MAX_RETRY attempts, it gives up. + * + * On update, the semaphore file is deleted (if it exists) before any + * update takes place; at the end of the update, it is replaced, with + * a version number strictly greater than the version number which + * existed at the start of the update. + * + * If the system crashes in the middle of an update, the semaphore + * file is not automatically created on reboot; this is a feature, not + * a bug, since the database may be inconsistant. Note that the + * absence of a semaphore file does not prevent another _update_ from + * taking place later. Database replacements take place automatically + * only on slave servers; a crash in the middle of an update will be + * fixed by the next slave propagation. A crash in the middle of an + * update on the master would be somewhat more serious, but this would + * likely be noticed by an administrator, who could fix the problem and + * retry the operation. + */ + + +/* + * Utility routine: generate name of database file. + */ + +static char *gen_dbsuffix (char *db_name, char *sfx); + +static char * +gen_dbsuffix(char *db_name, char *sfx) +{ + char *dbsuffix; + + if (sfx == NULL) + sfx = ".ok"; + + asprintf (&dbsuffix, "%s%s", db_name, sfx); + return dbsuffix; +} + +static void +decode_princ_key (datum *key, char *name, char *instance); + +static void +decode_princ_key(datum *key, char *name, char *instance) +{ + strncpy(name, key->dptr, ANAME_SZ); + strncpy(instance, (char *)key->dptr + ANAME_SZ, INST_SZ); + name[ANAME_SZ - 1] = '\0'; + instance[INST_SZ - 1] = '\0'; +} + +static void +encode_princ_contents (datum *contents, Principal *principal); + +static void +encode_princ_contents(datum *contents, Principal *principal) +{ + contents->dsize = sizeof(*principal); + contents->dptr = (char *) principal; +} + +static void +decode_princ_contents (datum *contents, Principal *principal) +{ + memcpy(principal, contents->dptr, sizeof(*principal)); +} + +static void +encode_princ_key (datum *key, char *name, char *instance) +{ + static char keystring[ANAME_SZ + INST_SZ]; + + memset(keystring, 0, ANAME_SZ + INST_SZ); + strncpy(keystring, name, ANAME_SZ); + strncpy(&keystring[ANAME_SZ], instance, INST_SZ); + key->dptr = keystring; + key->dsize = ANAME_SZ + INST_SZ; +} + +static int dblfd = -1; /* db LOCK fd */ +static int mylock = 0; +static int inited = 0; + +static int +kerb_dbl_init (void); + +static int +kerb_dbl_init() +{ + if (!inited) { + char *filename = gen_dbsuffix (current_db_name, ".ok"); + if ((dblfd = open(filename, O_RDWR)) < 0) { + fprintf(stderr, "kerb_dbl_init: couldn't open %s\n", filename); + fflush(stderr); + perror("open"); + exit(1); + } + free(filename); + inited++; + } + return (0); +} + +static void +kerb_dbl_fini (void); + +static void +kerb_dbl_fini() +{ + close(dblfd); + dblfd = -1; + inited = 0; + mylock = 0; +} + +static int +kerb_dbl_lock (int mode); + +static int +kerb_dbl_lock(int mode) +{ + int flock_mode; + + if (!inited) + kerb_dbl_init(); + if (mylock) { /* Detect lock call when lock already + * locked */ + fprintf(stderr, "Kerberos locking error (mylock)\n"); + fflush(stderr); + exit(1); + } + switch (mode) { + case KERB_DBL_EXCLUSIVE: + flock_mode = K_LOCK_EX; + break; + case KERB_DBL_SHARED: + flock_mode = K_LOCK_SH; + break; + default: + fprintf(stderr, "invalid lock mode %d\n", mode); + abort(); + } + if (non_blocking) + flock_mode |= K_LOCK_NB; + + if (k_flock(dblfd, flock_mode) < 0) + return errno; + mylock++; + return 0; +} + +static void kerb_dbl_unlock (void); + +static void +kerb_dbl_unlock() +{ + if (!mylock) { /* lock already unlocked */ + fprintf(stderr, "Kerberos database lock not locked when unlocking.\n"); + fflush(stderr); + exit(1); + } + if (k_flock(dblfd, K_LOCK_UN) < 0) { + fprintf(stderr, "Kerberos database lock error. (unlocking)\n"); + fflush(stderr); + perror("k_flock"); + exit(1); + } + mylock = 0; +} + +int +kerb_db_set_lockmode (int mode); + +int +kerb_db_set_lockmode(int mode) +{ + int old = non_blocking; + non_blocking = mode; + return old; +} + +/* + * initialization for data base routines. + */ + +int +kerb_db_init (void); + +int +kerb_db_init() +{ + init = 1; + return (0); +} + +/* + * gracefully shut down database--must be called by ANY program that does + * a kerb_db_init + */ + +void +kerb_db_fini (void); + +void +kerb_db_fini() +{ +} + +/* + * Set the "name" of the current database to some alternate value. + * + * Passing a null pointer as "name" will set back to the default. + * If the alternate database doesn't exist, nothing is changed. + */ + +int +kerb_db_set_name (char *name); + +int +kerb_db_set_name(char *name) +{ + DBM *db; + + if (name == NULL) + name = default_db_name; + db = dbm_open(name, 0, 0); + if (db == NULL) + return errno; + dbm_close(db); + kerb_dbl_fini(); + current_db_name = name; + return 0; +} + +/* + * Return the last modification time of the database. + */ + +time_t +kerb_get_db_age (void); + +time_t +kerb_get_db_age() +{ + struct stat st; + char *okname; + time_t age; + + okname = gen_dbsuffix(current_db_name, ".ok"); + + if (stat (okname, &st) < 0) + age = 0; + else + age = st.st_mtime; + + free (okname); + return age; +} + +/* + * Remove the semaphore file; indicates that database is currently + * under renovation. + * + * This is only for use when moving the database out from underneath + * the server (for example, during slave updates). + */ + +static time_t +kerb_start_update (char *db_name); + +static time_t +kerb_start_update(char *db_name) +{ + char *okname = gen_dbsuffix(db_name, ".ok"); + time_t age = kerb_get_db_age(); + + if (unlink(okname) < 0 + && errno != ENOENT) { + age = -1; + } + free (okname); + return age; +} + +static int +kerb_end_update (char *db_name, time_t age); + +static int +kerb_end_update(char *db_name, time_t age) +{ + int fd; + int retval = 0; + char *new_okname = gen_dbsuffix(db_name, ".ok#"); + char *okname = gen_dbsuffix(db_name, ".ok"); + + fd = open (new_okname, O_CREAT|O_RDWR|O_TRUNC, 0600); + if (fd < 0) + retval = errno; + else { + struct stat st; + struct utimbuf tv; + /* make sure that semaphore is "after" previous value. */ + if (fstat (fd, &st) == 0 + && st.st_mtime <= age) { + tv.actime = st.st_atime; + tv.modtime = age; + /* set times.. */ + utime (new_okname, &tv); + fsync(fd); + } + close(fd); + if (rename (new_okname, okname) < 0) + retval = errno; + } + + free (new_okname); + free (okname); + + return retval; +} + +static time_t +kerb_start_read (void); + +static time_t +kerb_start_read() +{ + return kerb_get_db_age(); +} + +static int kerb_end_read (time_t age); + +static int +kerb_end_read(time_t age) +{ + if (kerb_get_db_age() != age || age == -1) { + return -1; + } + return 0; +} + +/* + * Create the database, assuming it's not there. + */ +int +kerb_db_create(char *db_name) +{ + char *okname = gen_dbsuffix(db_name, ".ok"); + int fd; + int ret = 0; +#ifdef NDBM + DBM *db; + + db = dbm_open(db_name, O_RDWR|O_CREAT|O_EXCL, 0600); + if (db == NULL) + ret = errno; + else + dbm_close(db); +#else + char *dirname = gen_dbsuffix(db_name, ".dir"); + char *pagname = gen_dbsuffix(db_name, ".pag"); + + fd = open(dirname, O_RDWR|O_CREAT|O_EXCL, 0600); + if (fd < 0) + ret = errno; + else { + close(fd); + fd = open (pagname, O_RDWR|O_CREAT|O_EXCL, 0600); + if (fd < 0) + ret = errno; + else + close(fd); + } + if (dbminit(db_name) < 0) + ret = errno; +#endif + if (ret == 0) { + fd = open (okname, O_CREAT|O_RDWR|O_TRUNC, 0600); + if (fd < 0) + ret = errno; + close(fd); + } + return ret; +} + +/* + * "Atomically" rename the database in a way that locks out read + * access in the middle of the rename. + * + * Not perfect; if we crash in the middle of an update, we don't + * necessarily know to complete the transaction the rename, but... + */ + +int +kerb_db_rename(char *from, char *to) +{ +#ifdef HAVE_NEW_DB + char *fromdb = gen_dbsuffix (from, ".db"); + char *todb = gen_dbsuffix (to, ".db"); +#else + char *fromdir = gen_dbsuffix (from, ".dir"); + char *todir = gen_dbsuffix (to, ".dir"); + char *frompag = gen_dbsuffix (from , ".pag"); + char *topag = gen_dbsuffix (to, ".pag"); +#endif + char *fromok = gen_dbsuffix(from, ".ok"); + long trans = kerb_start_update(to); + int ok = 0; + +#ifdef HAVE_NEW_DB + if (rename (fromdb, todb) == 0) { + unlink (fromok); + ok = 1; + } + free (fromdb); + free (todb); +#else + if ((rename (fromdir, todir) == 0) + && (rename (frompag, topag) == 0)) { + unlink (fromok); + ok = 1; + } + free (fromdir); + free (todir); + free (frompag); + free (topag); +#endif + free (fromok); + if (ok) + return kerb_end_update(to, trans); + else + return -1; +} + +int +kerb_db_delete_principal (char *name, char *inst) +{ + DBM *db; + int try; + int done = 0; + int code; + datum key; + + if(!init) + kerb_db_init(); + + for(try = 0; try < KERB_DB_MAX_RETRY; try++){ + if((code = kerb_dbl_lock(KERB_DBL_SHARED)) != 0) + return -1; + + db = dbm_open(current_db_name, O_RDWR, 0600); + if(db == NULL) + return -1; + encode_princ_key(&key, name, inst); + if(dbm_delete(db, key) == 0) + done = 1; + + dbm_close(db); + kerb_dbl_unlock(); + if(done) + break; + if(!non_blocking) + sleep(1); + } + if(!done) + return -1; + return 0; +} + + +/* + * look up a principal in the data base returns number of principals + * found , and whether there were more than requested. + */ + +int +kerb_db_get_principal (char *name, char *inst, Principal *principal, + unsigned int max, int *more) +{ + int found = 0, code; + int wildp, wildi; + datum key, contents; + char testname[ANAME_SZ], testinst[INST_SZ]; + u_long trans; + int try; + DBM *db; + + if (!init) + kerb_db_init(); /* initialize database routines */ + + for (try = 0; try < KERB_DB_MAX_RETRY; try++) { + trans = kerb_start_read(); + + if ((code = kerb_dbl_lock(KERB_DBL_SHARED)) != 0) + return -1; + + db = dbm_open(current_db_name, O_RDONLY, 0600); + + *more = 0; + +#ifdef DEBUG + if (kerb_debug & 2) + fprintf(stderr, + "%s: db_get_principal for %s %s max = %d", + progname, name, inst, max); +#endif + + wildp = !strcmp(name, "*"); + wildi = !strcmp(inst, "*"); + + if (!wildi && !wildp) { /* nothing's wild */ + encode_princ_key(&key, name, inst); + contents = dbm_fetch(db, key); + if (contents.dptr == NULL) { + found = 0; + goto done; + } + decode_princ_contents(&contents, principal); +#ifdef DEBUG + if (kerb_debug & 1) { + fprintf(stderr, "\t found %s %s p_n length %d t_n length %d\n", + principal->name, principal->instance, + strlen(principal->name), + strlen(principal->instance)); + } +#endif + found = 1; + goto done; + } + /* process wild cards by looping through entire database */ + + for (key = dbm_firstkey(db); key.dptr != NULL; + key = dbm_next(db, key)) { + decode_princ_key(&key, testname, testinst); + if ((wildp || !strcmp(testname, name)) && + (wildi || !strcmp(testinst, inst))) { /* have a match */ + if (found >= max) { + *more = 1; + goto done; + } else { + found++; + contents = dbm_fetch(db, key); + decode_princ_contents(&contents, principal); +#ifdef DEBUG + if (kerb_debug & 1) { + fprintf(stderr, + "\tfound %s %s p_n length %d t_n length %d\n", + principal->name, principal->instance, + strlen(principal->name), + strlen(principal->instance)); + } +#endif + principal++; /* point to next */ + } + } + } + + done: + kerb_dbl_unlock(); /* unlock read lock */ + dbm_close(db); + if (kerb_end_read(trans) == 0) + break; + found = -1; + if (!non_blocking) + sleep(1); + } + return (found); +} + +/* Use long * rather than DBM * so that the database structure is private */ + +long * +kerb_db_begin_update(void) +{ + int code; + + gettimeofday(×tamp, NULL); + + if (!init) + kerb_db_init(); + + if ((code = kerb_dbl_lock(KERB_DBL_EXCLUSIVE)) != 0) + return 0; + + return (long *) dbm_open(current_db_name, O_RDWR, 0600); +} + +void +kerb_db_end_update(long *db) +{ + dbm_close((DBM *)db); + kerb_dbl_unlock(); /* unlock database */ +} + +int +kerb_db_update(long *db, Principal *principal, unsigned int max) +{ + int found = 0; + u_long i; + datum key, contents; + +#ifdef DEBUG + if (kerb_debug & 2) + fprintf(stderr, "%s: kerb_db_put_principal max = %d", + progname, max); +#endif + + /* for each one, stuff temps, and do replace/append */ + for (i = 0; i < max; i++) { + encode_princ_contents(&contents, principal); + encode_princ_key(&key, principal->name, principal->instance); + dbm_store((DBM *)db, key, contents, DBM_REPLACE); +#ifdef DEBUG + if (kerb_debug & 1) { + fprintf(stderr, "\n put %s %s\n", + principal->name, principal->instance); + } +#endif + found++; + principal++; /* bump to next struct */ + } + return found; +} + +/* + * Update a name in the data base. Returns number of names + * successfully updated. + */ + +int +kerb_db_put_principal (Principal *principal, unsigned int max); + +int +kerb_db_put_principal(Principal *principal, + unsigned max) + +{ + int found; + long *db; + + db = kerb_db_begin_update(); + if (db == 0) + return -1; + + found = kerb_db_update(db, principal, max); + + kerb_db_end_update(db); + return (found); +} + +void +kerb_db_get_stat (DB_stat *s); + +void +kerb_db_get_stat(DB_stat *s) +{ + gettimeofday(×tamp, NULL); + + s->cpu = 0; + s->elapsed = 0; + s->dio = 0; + s->pfault = 0; + s->t_stamp = timestamp.tv_sec; + s->n_retrieve = 0; + s->n_replace = 0; + s->n_append = 0; + s->n_get_stat = 0; + s->n_put_stat = 0; + /* update local copy too */ +} + +void +kerb_db_put_stat (DB_stat *s); + +void +kerb_db_put_stat(DB_stat *s) +{ +} + +void +delta_stat (DB_stat *a, DB_stat *b, DB_stat *c); + +void +delta_stat(DB_stat *a, DB_stat *b, DB_stat *c) +{ + /* c = a - b then b = a for the next time */ + + c->cpu = a->cpu - b->cpu; + c->elapsed = a->elapsed - b->elapsed; + c->dio = a->dio - b->dio; + c->pfault = a->pfault - b->pfault; + c->t_stamp = a->t_stamp - b->t_stamp; + c->n_retrieve = a->n_retrieve - b->n_retrieve; + c->n_replace = a->n_replace - b->n_replace; + c->n_append = a->n_append - b->n_append; + c->n_get_stat = a->n_get_stat - b->n_get_stat; + c->n_put_stat = a->n_put_stat - b->n_put_stat; + + memcpy(b, a, sizeof(DB_stat)); + return; +} + +/* + * look up a dba in the data base returns number of dbas found , and + * whether there were more than requested. + */ + +int +kerb_db_get_dba (char *dba_name, char *dba_inst, Dba *dba, unsigned int max, int *more); + +int +kerb_db_get_dba(char *dba_name, char *dba_inst, Dba *dba, + unsigned max, + int *more) + /* could have wild card */ + /* could have wild card */ + /* max number of name structs to return */ + /* where there more than 'max' tuples? */ +{ + *more = 0; + return (0); +} + +int +kerb_db_iterate (k_iter_proc_t func, void *arg) +{ + datum key, contents; + Principal *principal; + int code; + DBM *db; + + kerb_db_init(); /* initialize and open the database */ + if ((code = kerb_dbl_lock(KERB_DBL_SHARED)) != 0) + return code; + + db = dbm_open(current_db_name, O_RDONLY, 0600); + + for (key = dbm_firstkey (db); key.dptr != NULL; key = dbm_next(db, key)) { + contents = dbm_fetch (db, key); + /* XXX may not be properly aligned */ + principal = (Principal *) contents.dptr; + if ((code = (*func)(arg, principal)) != 0) + return code; + } + dbm_close(db); + kerb_dbl_unlock(); + return 0; +} diff --git a/crypto/kerberosIV/lib/kdb/krb_kdb_utils.c b/crypto/kerberosIV/lib/kdb/krb_kdb_utils.c new file mode 100644 index 0000000..f321e9f --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/krb_kdb_utils.c @@ -0,0 +1,261 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +/* + * Utility routines for Kerberos programs which directly access + * the database. This code was duplicated in too many places + * before I gathered it here. + * + * Jon Rochlis, MIT Telecom, March 1988 + */ + +#include "kdb_locl.h" + +#include <kdc.h> + +RCSID("$Id: krb_kdb_utils.c,v 1.23 1997/05/02 14:29:10 assar Exp $"); + +/* always try /.k for backwards compatibility */ +static char *master_key_files[] = { MKEYFILE, "/.k", NULL }; + +#ifdef HAVE_STRERROR +#define k_strerror(e) strerror(e) +#else +static +char * +k_strerror(int eno) +{ + extern int sys_nerr; + extern char *sys_errlist[]; + + static char emsg[128]; + + if (eno < 0 || eno >= sys_nerr) + snprintf(emsg, sizeof(emsg), "Error %d occurred.", eno); + else + return sys_errlist[eno]; + + return emsg; +} +#endif + +int +kdb_new_get_master_key(des_cblock *key, des_key_schedule schedule) +{ + int kfile; + int i; + char buf[1024]; + + char **mkey; + + for(mkey = master_key_files; *mkey; mkey++){ + kfile = open(*mkey, O_RDONLY); + if(kfile < 0 && errno != ENOENT) + fprintf(stderr, "Failed to open master key file \"%s\": %s\n", + *mkey, + k_strerror(errno)); + if(kfile >= 0) + break; + } + if(*mkey){ + int bytes; + bytes = read(kfile, (char*)key, sizeof(des_cblock)); + close(kfile); + if(bytes == sizeof(des_cblock)){ + des_key_sched(key, schedule); + return 0; + } + fprintf(stderr, "Could only read %d bytes from master key file %s\n", + bytes, *mkey); + }else{ + fprintf(stderr, "No master key file found.\n"); + } + + + i=0; + while(i < 3){ + if(des_read_pw_string(buf, sizeof(buf), "Enter master password: ", 0)) + break; + + /* buffer now contains either an old format master key password or a + * new format base64 encoded master key + */ + + /* try to verify as old password */ + des_string_to_key(buf, key); + des_key_sched(key, schedule); + + if(kdb_verify_master_key(key, schedule, NULL) != -1){ + memset(buf, 0, sizeof(buf)); + return 0; + } + + /* failed test, so must be base64 encoded */ + + if(base64_decode(buf, key) == 8){ + des_key_sched(key, schedule); + if(kdb_verify_master_key(key, schedule, NULL) != -1){ + memset(buf, 0, sizeof(buf)); + return 0; + } + } + + memset(buf, 0, sizeof(buf)); + fprintf(stderr, "Failed to verify master key.\n"); + i++; + } + + /* life sucks */ + fprintf(stderr, "You loose.\n"); + exit(1); +} + +int kdb_new_get_new_master_key(des_cblock *key, des_key_schedule schedule, + int verify) +{ +#ifndef RANDOM_MKEY + des_read_password(key, "\nEnter Kerberos master password: ", verify); + printf ("\n"); +#else + char buf[1024]; + des_generate_random_block (key); + des_key_sched(key, schedule); + + des_read_pw_string(buf, sizeof(buf), "Enter master key seed: ", 0); + des_cbc_cksum((des_cblock*)buf, key, sizeof(buf), schedule, key); + memset(buf, 0, sizeof(buf)); +#endif + des_key_sched(key, schedule); + return 0; +} + +int kdb_get_master_key(int prompt, des_cblock *master_key, + des_key_schedule master_key_sched) +{ + int ask = (prompt == KDB_GET_TWICE); +#ifndef RANDOM_MKEY + ask |= (prompt == KDB_GET_PROMPT); +#endif + + if(ask) + kdb_new_get_new_master_key(master_key, master_key_sched, + prompt == KDB_GET_TWICE); + else + kdb_new_get_master_key(master_key, master_key_sched); + return 0; +} + +int kdb_kstash(des_cblock *master_key, char *file) +{ + int kfile; + kfile = open(file, O_TRUNC | O_RDWR | O_CREAT, 0600); + if (kfile < 0) { + return -1; + } + if (write(kfile, master_key, sizeof(des_cblock)) != sizeof(des_cblock)) { + close(kfile); + return -1; + } + close(kfile); + return 0; +} + +/* The old algorithm used the key schedule as the initial vector which + was byte order depedent ... */ + +void +kdb_encrypt_key (des_cblock (*in), des_cblock (*out), + des_cblock (*master_key), + des_key_schedule master_key_sched, int e_d_flag) +{ + +#ifdef NOENCRYPTION + memcpy(out, in, sizeof(des_cblock)); +#else + des_pcbc_encrypt(in,out,(long)sizeof(des_cblock),master_key_sched,master_key, + e_d_flag); +#endif +} + +/* The caller is reasponsible for cleaning up the master key and sched, + even if we can't verify the master key */ + +/* Returns master key version if successful, otherwise -1 */ + +long +kdb_verify_master_key (des_cblock *master_key, + des_key_schedule master_key_sched, + FILE *out) /* NULL -> no output */ +{ + des_cblock key_from_db; + Principal principal_data[1]; + int n, more = 0; + long master_key_version; + + /* lookup the master key version */ + n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data, + 1 /* only one please */, &more); + if ((n != 1) || more) { + if (out != (FILE *) NULL) + fprintf(out, + "verify_master_key: %s, %d found.\n", + "Kerberos error on master key version lookup", + n); + return (-1); + } + + master_key_version = (long) principal_data[0].key_version; + + /* set up the master key */ + if (out != (FILE *) NULL) /* should we punt this? */ + fprintf(out, "Current Kerberos master key version is %d.\n", + principal_data[0].kdc_key_ver); + + /* + * now use the master key to decrypt the key in the db, had better + * be the same! + */ + copy_to_key(&principal_data[0].key_low, + &principal_data[0].key_high, + key_from_db); + kdb_encrypt_key (&key_from_db, &key_from_db, + master_key, master_key_sched, DES_DECRYPT); + + /* the decrypted database key had better equal the master key */ + n = memcmp(master_key, key_from_db, sizeof(master_key)); + /* this used to zero the master key here! */ + memset(key_from_db, 0, sizeof(key_from_db)); + memset(principal_data, 0, sizeof (principal_data)); + + if (n && (out != (FILE *) NULL)) { + fprintf(out, "\n\07\07verify_master_key: Invalid master key; "); + fprintf(out, "does not match database.\n"); + } + if(n) + return (-1); + + if (out != (FILE *) NULL) { + fprintf(out, "\nMaster key entered. BEWARE!\07\07\n"); + fflush(out); + } + + return (master_key_version); +} diff --git a/crypto/kerberosIV/lib/kdb/krb_lib.c b/crypto/kerberosIV/lib/kdb/krb_lib.c new file mode 100644 index 0000000..19bf316 --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/krb_lib.c @@ -0,0 +1,259 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "kdb_locl.h" + +RCSID("$Id: krb_lib.c,v 1.11 1997/05/07 01:36:08 assar Exp $"); + +#ifdef DEBUG +extern int debug; +extern char *progname; +long kerb_debug; +#endif + +static int init = 0; + +/* + * initialization routine for data base + */ + +int +kerb_init(void) +{ +#ifdef DEBUG + if (!init) { + char *dbg = getenv("KERB_DBG"); + if (dbg) + sscanf(dbg, "%d", &kerb_debug); + init = 1; + } +#endif + kerb_db_init(); + +#ifdef CACHE + kerb_cache_init(); +#endif + + /* successful init, return 0, else errcode */ + return (0); +} + +/* + * finalization routine for database -- NOTE: MUST be called by any + * program using kerb_init. ALSO will have to be modified to finalize + * caches, if they're ever really implemented. + */ + +void +kerb_fini(void) +{ + kerb_db_fini(); +} + + +int +kerb_delete_principal(char *name, char *inst) +{ + int ret; + + if (!init) + kerb_init(); + + ret = kerb_db_delete_principal(name, inst); +#ifdef CACHE + if(ret == 0){ + kerb_cache_delete_principal(name, inst); + } +#endif + return ret; +} + + +/* + * look up a principal in the cache or data base returns number of + * principals found + */ + +int +kerb_get_principal(char *name, char *inst, Principal *principal, + unsigned int max, int *more) + /* could have wild card */ + /* could have wild card */ + + /* max number of name structs to return */ + /* more tuples than room for */ + +{ + int found = 0; +#ifdef CACHE + static int wild = 0; +#endif + if (!init) + kerb_init(); + +#ifdef DEBUG + if (kerb_debug & 1) + fprintf(stderr, "\n%s: kerb_get_principal for %s %s max = %d\n", + progname, name, inst, max); +#endif + + /* + * if this is a request including a wild card, have to go to db + * since the cache may not be exhaustive. + */ + + /* clear the principal area */ + memset(principal, 0, max * sizeof(Principal)); + +#ifdef CACHE + /* + * so check to see if the name contains a wildcard "*" or "?", not + * preceeded by a backslash. + */ + wild = 0; + if (index(name, '*') || index(name, '?') || + index(inst, '*') || index(inst, '?')) + wild = 1; + + if (!wild) { + /* try the cache first */ + found = kerb_cache_get_principal(name, inst, principal, max, more); + if (found) + return (found); + } +#endif + /* If we didn't try cache, or it wasn't there, try db */ + found = kerb_db_get_principal(name, inst, principal, max, more); + /* try to insert principal(s) into cache if it was found */ +#ifdef CACHE + if (found) { + kerb_cache_put_principal(principal, found); + } +#endif + return (found); +} + +/* principals */ +int +kerb_put_principal(Principal *principal, unsigned int n) + + /* number of principal structs to write */ +{ + struct tm *tp; + + /* set mod date */ + principal->mod_date = time((time_t *)0); + /* and mod date string */ + + tp = k_localtime(&principal->mod_date); + snprintf(principal->mod_date_txt, + sizeof(principal->mod_date_txt), + "%4d-%2d-%2d", + tp->tm_year + 1900, + tp->tm_mon + 1, tp->tm_mday); /* January is 0, not 1 */ +#ifdef DEBUG + if (kerb_debug & 1) { + int i; + fprintf(stderr, "\nkerb_put_principal..."); + for (i = 0; i < n; i++) { + krb_print_principal(&principal[i]); + } + } +#endif + /* write database */ + if (kerb_db_put_principal(principal, n) < 0) { +#ifdef DEBUG + if (kerb_debug & 1) + fprintf(stderr, "\n%s: kerb_db_put_principal err", progname); + /* watch out for cache */ +#endif + return -1; + } +#ifdef CACHE + /* write cache */ + if (!kerb_cache_put_principal(principal, n)) { +#ifdef DEBUG + if (kerb_debug & 1) + fprintf(stderr, "\n%s: kerb_cache_put_principal err", progname); +#endif + return -1; + } +#endif + return 0; +} + +int +kerb_get_dba(char *name, char *inst, Dba *dba, unsigned int max, int *more) + /* could have wild card */ + /* could have wild card */ + + /* max number of name structs to return */ + /* more tuples than room for */ + +{ + int found = 0; +#ifdef CACHE + static int wild = 0; +#endif + if (!init) + kerb_init(); + +#ifdef DEBUG + if (kerb_debug & 1) + fprintf(stderr, "\n%s: kerb_get_dba for %s %s max = %d\n", + progname, name, inst, max); +#endif + /* + * if this is a request including a wild card, have to go to db + * since the cache may not be exhaustive. + */ + + /* clear the dba area */ + memset(dba, 0, max * sizeof(Dba)); + +#ifdef CACHE + /* + * so check to see if the name contains a wildcard "*" or "?", not + * preceeded by a backslash. + */ + + wild = 0; + if (index(name, '*') || index(name, '?') || + index(inst, '*') || index(inst, '?')) + wild = 1; + + if (!wild) { + /* try the cache first */ + found = kerb_cache_get_dba(name, inst, dba, max, more); + if (found) + return (found); + } +#endif + /* If we didn't try cache, or it wasn't there, try db */ + found = kerb_db_get_dba(name, inst, dba, max, more); +#ifdef CACHE + /* try to insert dba(s) into cache if it was found */ + if (found) { + kerb_cache_put_dba(dba, found); + } +#endif + return (found); +} diff --git a/crypto/kerberosIV/lib/kdb/print_princ.c b/crypto/kerberosIV/lib/kdb/print_princ.c new file mode 100644 index 0000000..786c5a9 --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/print_princ.c @@ -0,0 +1,48 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "kdb_locl.h" + +RCSID("$Id: print_princ.c,v 1.5 1997/05/07 01:37:13 assar Exp $"); + +void +krb_print_principal(Principal *a_n) +{ + struct tm *time_p; + + /* run-time database does not contain string versions */ + time_p = k_localtime(&(a_n->exp_date)); + + fprintf(stderr, + "\n%s %s expires %4d-%2d-%2d %2d:%2d, max_life %d*5 = %d min attr 0x%02x", + a_n->name, a_n->instance, + time_p->tm_year + 1900, + time_p->tm_mon + 1, time_p->tm_mday, + time_p->tm_hour, time_p->tm_min, + a_n->max_life, 5 * a_n->max_life, a_n->attributes); + + fprintf(stderr, + "\n\tkey_ver %d k_low 0x%08lx k_high 0x%08lx akv %d exists %ld\n", + a_n->key_version, (long)a_n->key_low, (long)a_n->key_high, + a_n->kdc_key_ver, (long)a_n->old); + + fflush(stderr); +} diff --git a/crypto/kerberosIV/lib/krb/Makefile.in b/crypto/kerberosIV/lib/krb/Makefile.in new file mode 100644 index 0000000..8b34d65 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/Makefile.in @@ -0,0 +1,269 @@ +# +# $Id: Makefile.in,v 1.74 1997/05/19 03:03:05 assar Exp $ +# + +# Under SunOS-5.x it is necessary to link with -ldes to be binary compatible. +LIBDES=`test -r /usr/lib/libkrb.so.1 && echo "-lresolv -L../des -ldes"; true` + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +LN_S = @LN_S@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ +LD_FLAGS = @LD_FLAGS@ +EXECSUFFIX=@EXECSUFFIX@ + +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +COMPILE_ET = ../../util/et/compile_et$(EXECSUFFIX) -language ansi-c + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ + +PICFLAGS = @PICFLAGS@ + +PROGS = sizetest$(EXEC_SUFFIX) +LIBNAME = $(LIBPREFIX)krb +LIBEXT = @LIBEXT@ +SHLIBEXT = @SHLIBEXT@ +LIBPREFIX = @LIBPREFIX@ +LDSHARED = @LDSHARED@ +LIB = $(LIBNAME).$(LIBEXT) + +SOURCES = cr_err_reply.c \ + create_auth_reply.c \ + create_ciph.c \ + create_death_packet.c \ + create_ticket.c \ + dest_tkt.c \ + get_in_tkt.c \ + get_svc_in_tkt.c \ + getrealm.c \ + k_localtime.c \ + krb_err_txt.c \ + krb_get_in_tkt.c \ + kuserok.c \ + parse_name.c \ + kntoln.c \ + mk_auth.c \ + krb_check_auth.c \ + mk_err.c \ + mk_safe.c \ + rd_err.c \ + rd_safe.c \ + recvauth.c \ + mk_priv.c \ + rd_req.c \ + decomp_ticket.c \ + lifetime.c \ + month_sname.c \ + stime.c \ + read_service_key.c \ + getst.c \ + sendauth.c \ + netread.c \ + netwrite.c \ + rd_priv.c \ + krb_equiv.c \ + str2key.c \ + get_ad_tkt.c \ + mk_req.c \ + get_cred.c \ + get_tf_realm.c \ + get_tf_fullname.c \ + one.c \ + save_credentials.c \ + send_to_kdc.c \ + get_host.c \ + get_krbrlm.c \ + k_gethostname.c \ + tf_util.c \ + debug_decl.c \ + k_flock.c \ + tkt_string.c \ + getaddrs.c \ + k_getsockinst.c \ + k_getport.c \ + lsb_addr_comp.c \ + name2name.c \ + get_default_principal.c \ + realm_parse.c \ + verify_user.c \ + rw.c \ + kdc_reply.c \ + encrypt_ktext.c \ + swab.c \ + gettimeofday.c \ + check_time.c \ + krb_err.c \ + et_list.c \ + resolve.c \ + unparse_name.c \ + logging.c \ + k_concat.c + +# these files reside in ../roken +# snprintf.c \ +# strdup.c \ +# strtok_r.c \ +# strcasecmp.c + +OBJECTS = cr_err_reply.o \ + create_auth_reply.o \ + create_ciph.o \ + create_death_packet.o \ + create_ticket.o \ + dest_tkt.o \ + get_in_tkt.o \ + get_svc_in_tkt.o \ + getrealm.o \ + k_localtime.o \ + krb_err_txt.o \ + krb_get_in_tkt.o \ + kuserok.o \ + parse_name.o \ + kntoln.o \ + mk_auth.o \ + krb_check_auth.o \ + mk_err.o \ + mk_safe.o \ + rd_err.o \ + rd_safe.o \ + recvauth.o \ + mk_priv.o \ + rd_req.o \ + decomp_ticket.o \ + lifetime.o \ + month_sname.o \ + stime.o \ + read_service_key.o \ + getst.o \ + sendauth.o \ + netread.o \ + netwrite.o \ + rd_priv.o \ + krb_equiv.o \ + str2key.o \ + get_ad_tkt.o \ + mk_req.o \ + get_cred.o \ + get_tf_realm.o \ + get_tf_fullname.o \ + one.o \ + save_credentials.o \ + send_to_kdc.o \ + get_host.o \ + get_krbrlm.o \ + k_gethostname.o \ + tf_util.o \ + debug_decl.o \ + k_flock.o \ + tkt_string.o \ + getaddrs.o \ + k_getsockinst.o \ + k_getport.o \ + lsb_addr_comp.o \ + name2name.o \ + get_default_principal.o \ + realm_parse.o \ + verify_user.o \ + rw.o \ + kdc_reply.o \ + encrypt_ktext.o \ + swab.o \ + gettimeofday.o \ + check_time.o \ + krb_err.o \ + resolve.o \ + unparse_name.o \ + logging.o \ + k_concat.o \ + snprintf.o \ + strdup.o \ + strtok_r.o \ + strcasecmp.o + +# This is only needed by some shared library implementations +LDOBJ = et_list.o + +all: $(LIB) $(PROGS) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(libdir) + $(INSTALL_DATA) -m 0555 $(LIB) $(libdir) + +uninstall: + rm -f $(libdir)/$(LIB) + +TAGS: $(SOURCES) + etags $(SOURCES) + +sizetest.o: sizetest.c + $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $< + +sizetest$(EXECSUFFIX): sizetest.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ sizetest.o + +check: sizetest$(EXECSUFFIX) + ./sizetest$(EXECSUFFIX) + +clean: + rm -f $(LIB) *.o *.a krb_err.c krb_err.h $(PROGS) + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +$(LIBNAME).a: $(OBJECTS) + rm -f $@ + $(AR) cr $@ $(OBJECTS) + -$(RANLIB) $@ + +$(LIBNAME).$(SHLIBEXT): $(OBJECTS) $(LDOBJ) + rm -f $@ + $(LDSHARED) -o $@ $(OBJECTS) $(LDOBJ) $(LIBDES) + +krb_err.c krb_err.h: krb_err.et + test -r krb_err.et || (rm -f krb_err.et && $(LN_S) $(srcdir)/krb_err.et .) + $(COMPILE_ET) krb_err.et + +snprintf.c: + $(LN_S) $(srcdir)/../roken/snprintf.c . + +strdup.c: + $(LN_S) $(srcdir)/../roken/strdup.c . + +strtok_r.c: + $(LN_S) $(srcdir)/../roken/strtok_r.c . + +strcasecmp.c: + $(LN_S) $(srcdir)/../roken/strcasecmp.c . + +$(OBJECTS): ../../include/config.h +$(OBJECTS): krb_locl.h krb.h krb_err.h +one.o: ../../include/version.h diff --git a/crypto/kerberosIV/lib/krb/check_time.c b/crypto/kerberosIV/lib/krb/check_time.c new file mode 100644 index 0000000..3c3e6c0 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/check_time.c @@ -0,0 +1,56 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: check_time.c,v 1.4 1997/04/01 08:18:18 joda Exp $"); + +int +krb_check_tm (struct tm tm) +{ + return tm.tm_mon < 0 + || tm.tm_mon > 11 + || tm.tm_hour < 0 + || tm.tm_hour > 23 + || tm.tm_min < 0 + || tm.tm_min > 59 + || tm.tm_sec < 0 + || tm.tm_sec > 59 + || tm.tm_year < 1901 + || tm.tm_year > 2038; +} diff --git a/crypto/kerberosIV/lib/krb/cr_err_reply.c b/crypto/kerberosIV/lib/krb/cr_err_reply.c new file mode 100644 index 0000000..2c1956a --- /dev/null +++ b/crypto/kerberosIV/lib/krb/cr_err_reply.c @@ -0,0 +1,99 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: cr_err_reply.c,v 1.9 1997/04/01 08:18:19 joda Exp $"); + +/* + * This routine is used by the Kerberos authentication server to + * create an error reply packet to send back to its client. + * + * It takes a pointer to the packet to be built, the name, instance, + * and realm of the principal, the client's timestamp, an error code + * and an error string as arguments. Its return value is undefined. + * + * The packet is built in the following format: + * + * type variable data + * or constant + * ---- ----------- ---- + * + * unsigned char req_ack_vno protocol version number + * + * unsigned char AUTH_MSG_ERR_REPLY protocol message type + * + * [least significant HOST_BYTE_ORDER sender's (server's) byte + * bit of above field] order + * + * string pname principal's name + * + * string pinst principal's instance + * + * string prealm principal's realm + * + * unsigned long time_ws client's timestamp + * + * unsigned long e error code + * + * string e_string error text + */ + +void +cr_err_reply(KTEXT pkt, char *pname, char *pinst, char *prealm, + u_int32_t time_ws, u_int32_t e, char *e_string) +{ + unsigned char *p = pkt->dat; + + p += krb_put_int(KRB_PROT_VERSION, p, 1); + p += krb_put_int(AUTH_MSG_ERR_REPLY, p, 1); + + if (pname == NULL) pname = ""; + if (pinst == NULL) pinst = ""; + if (prealm == NULL) prealm = ""; + + p += krb_put_nir(pname, pinst, prealm, p); + + p += krb_put_int(time_ws, p, 4); + + p += krb_put_int(e, p, 4); + + p += krb_put_string(e_string, p); + + pkt->length = p - pkt->dat; +} diff --git a/crypto/kerberosIV/lib/krb/create_auth_reply.c b/crypto/kerberosIV/lib/krb/create_auth_reply.c new file mode 100644 index 0000000..4976c46 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/create_auth_reply.c @@ -0,0 +1,131 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: create_auth_reply.c,v 1.11 1997/04/01 08:18:20 joda Exp $"); + +/* + * This routine is called by the Kerberos authentication server + * to create a reply to an authentication request. The routine + * takes the user's name, instance, and realm, the client's + * timestamp, the number of tickets, the user's key version + * number and the ciphertext containing the tickets themselves. + * It constructs a packet and returns a pointer to it. + * + * Notes: The packet returned by this routine is static. Thus, if you + * intend to keep the result beyond the next call to this routine, you + * must copy it elsewhere. + * + * The packet is built in the following format: + * + * variable + * type or constant data + * ---- ----------- ---- + * + * unsigned char KRB_PROT_VERSION protocol version number + * + * unsigned char AUTH_MSG_KDC_REPLY protocol message type + * + * [least significant HOST_BYTE_ORDER sender's (server's) byte + * bit of above field] order + * + * string pname principal's name + * + * string pinst principal's instance + * + * string prealm principal's realm + * + * unsigned long time_ws client's timestamp + * + * unsigned char n number of tickets + * + * unsigned long x_date expiration date + * + * unsigned char kvno master key version + * + * short w_1 cipher length + * + * --- cipher->dat cipher data + */ + +KTEXT +create_auth_reply(char *pname, /* Principal's name */ + char *pinst, /* Principal's instance */ + char *prealm, /* Principal's authentication domain */ + int32_t time_ws, /* Workstation time */ + int n, /* Number of tickets */ + u_int32_t x_date, /* Principal's expiration date */ + int kvno, /* Principal's key version number */ + KTEXT cipher) /* Cipher text with tickets and session keys */ +{ + static KTEXT_ST pkt_st; + KTEXT pkt = &pkt_st; + + unsigned char *p = pkt->dat; + + p += krb_put_int(KRB_PROT_VERSION, p, 1); + p += krb_put_int(AUTH_MSG_KDC_REPLY, p, 1); + + if(n != 0){ + /* barf on old code */ + krb_warning("create_auth_reply: don't give me no krb3 crap!" + " (n == %d)\n", n); + return NULL; + } + + + p += krb_put_nir(pname, pinst, prealm, p); + + p += krb_put_int(time_ws, p, 4); + + p += krb_put_int(n, p, 1); + + p += krb_put_int(x_date, p, 4); + + p += krb_put_int(kvno, p, 1); + + p += krb_put_int(cipher->length, p, 2); + + memcpy(p, cipher->dat, cipher->length); + p += cipher->length; + + pkt->length = p - pkt->dat; + + return pkt; +} diff --git a/crypto/kerberosIV/lib/krb/create_ciph.c b/crypto/kerberosIV/lib/krb/create_ciph.c new file mode 100644 index 0000000..27d27ff --- /dev/null +++ b/crypto/kerberosIV/lib/krb/create_ciph.c @@ -0,0 +1,117 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: create_ciph.c,v 1.9 1997/04/01 08:18:20 joda Exp $"); + +/* + * This routine is used by the authentication server to create + * a packet for its client, containing a ticket for the requested + * service (given in "tkt"), and some information about the ticket, + * + * Returns KSUCCESS no matter what. + * + * The length of the cipher is stored in c->length; the format of + * c->dat is as follows: + * + * variable + * type or constant data + * ---- ----------- ---- + * + * + * 8 bytes session session key for client, service + * + * string service service name + * + * string instance service instance + * + * string realm KDC realm + * + * unsigned char life ticket lifetime + * + * unsigned char kvno service key version number + * + * unsigned char tkt->length length of following ticket + * + * data tkt->dat ticket for service + * + * 4 bytes kdc_time KDC's timestamp + * + * <=7 bytes null null pad to 8 byte multiple + * + */ + +int +create_ciph(KTEXT c, /* Text block to hold ciphertext */ + unsigned char *session, /* Session key to send to user */ + char *service, /* Service name on ticket */ + char *instance, /* Instance name on ticket */ + char *realm, /* Realm of this KDC */ + u_int32_t life, /* Lifetime of the ticket */ + int kvno, /* Key version number for service */ + KTEXT tkt, /* The ticket for the service */ + u_int32_t kdc_time, /* KDC time */ + des_cblock *key) /* Key to encrypt ciphertext with */ + +{ + unsigned char *p = c->dat; + + memset(c, 0, sizeof(KTEXT_ST)); + + memcpy(p, session, 8); + p += 8; + + p += krb_put_nir(service, instance, realm, p); + + p += krb_put_int(life, p, 1); + p += krb_put_int(kvno, p, 1); + + p += krb_put_int(tkt->length, p, 1); + + memcpy(p, tkt->dat, tkt->length); + p += tkt->length; + + p += krb_put_int(kdc_time, p, 4); + + /* multiple of eight bytes */ + c->length = (p - c->dat + 7) & ~7; + + encrypt_ktext(c, key, DES_ENCRYPT); + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/create_death_packet.c b/crypto/kerberosIV/lib/krb/create_death_packet.c new file mode 100644 index 0000000..f74ba30 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/create_death_packet.c @@ -0,0 +1,85 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: create_death_packet.c,v 1.8 1997/04/01 08:18:21 joda Exp $"); + +/* + * This routine creates a packet to type AUTH_MSG_DIE which is sent to + * the Kerberos server to make it shut down. It is used only in the + * development environment. + * + * It takes a string "a_name" which is sent in the packet. A pointer + * to the packet is returned. + * + * The format of the killer packet is: + * + * type variable data + * or constant + * ---- ----------- ---- + * + * unsigned char KRB_PROT_VERSION protocol version number + * + * unsigned char AUTH_MSG_DIE message type + * + * [least significant HOST_BYTE_ORDER byte order of sender + * bit of above field] + * + * string a_name presumably, name of + * principal sending killer + * packet + */ + +#ifdef DEBUG +KTEXT +krb_create_death_packet(char *a_name) +{ + static KTEXT_ST pkt_st; + KTEXT pkt = &pkt_st; + + unsigned char *p = pkt->dat; + + p += krb_put_int(KRB_PROT_VERSION, p, 1); + p += krb_put_int(AUTH_MSG_DIE, p, 1); + + p += krb_put_string(a_name, p); + pkt->length = p - pkt->dat; + return pkt; +} +#endif /* DEBUG */ diff --git a/crypto/kerberosIV/lib/krb/create_ticket.c b/crypto/kerberosIV/lib/krb/create_ticket.c new file mode 100644 index 0000000..b469232 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/create_ticket.c @@ -0,0 +1,134 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: create_ticket.c,v 1.12 1997/04/01 08:18:21 joda Exp $"); + +/* + * Create ticket takes as arguments information that should be in a + * ticket, and the KTEXT object in which the ticket should be + * constructed. It then constructs a ticket and returns, leaving the + * newly created ticket in tkt. + * The length of the ticket is a multiple of + * eight bytes and is in tkt->length. + * + * If the ticket is too long, the ticket will contain nulls. + * + * The corresponding routine to extract information from a ticket it + * decomp_ticket. When changes are made to this routine, the + * corresponding changes should also be made to that file. + * + * The packet is built in the following format: + * + * variable + * type or constant data + * ---- ----------- ---- + * + * tkt->length length of ticket (multiple of 8 bytes) + * + * tkt->dat: + * + * unsigned char flags namely, HOST_BYTE_ORDER + * + * string pname client's name + * + * string pinstance client's instance + * + * string prealm client's realm + * + * 4 bytes paddress client's address + * + * 8 bytes session session key + * + * 1 byte life ticket lifetime + * + * 4 bytes time_sec KDC timestamp + * + * string sname service's name + * + * string sinstance service's instance + * + * <=7 bytes null null pad to 8 byte multiple + * + */ + +int +krb_create_ticket(KTEXT tkt, /* Gets filled in by the ticket */ + unsigned char flags, /* Various Kerberos flags */ + char *pname, /* Principal's name */ + char *pinstance, /* Principal's instance */ + char *prealm, /* Principal's authentication domain */ + int32_t paddress, /* Net address of requesting entity */ + void *session, /* Session key inserted in ticket */ + int16_t life, /* Lifetime of the ticket */ + int32_t time_sec, /* Issue time and date */ + char *sname, /* Service Name */ + char *sinstance, /* Instance Name */ + des_cblock *key) /* Service's secret key */ +{ + unsigned char *p = tkt->dat; + + memset(tkt, 0, sizeof(KTEXT_ST)); + + p += krb_put_int(flags, p, 1); + p += krb_put_nir(pname, pinstance, prealm, p); + + p += krb_put_address(paddress, p); + + memcpy(p, session, 8); + p += 8; + + p += krb_put_int(life, p, 1); + p += krb_put_int(time_sec, p, 4); + + p += krb_put_nir(sname, sinstance, NULL, p); + + /* multiple of eight bytes */ + tkt->length = (p - tkt->dat + 7) & ~7; + + /* Check length of ticket */ + if (tkt->length > (sizeof(KTEXT_ST) - 7)) { + memset(tkt->dat, 0, tkt->length); + tkt->length = 0; + return KFAILURE /* XXX */; + } + + encrypt_ktext(tkt, key, DES_ENCRYPT); + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/debug_decl.c b/crypto/kerberosIV/lib/krb/debug_decl.c new file mode 100644 index 0000000..5358bcb --- /dev/null +++ b/crypto/kerberosIV/lib/krb/debug_decl.c @@ -0,0 +1,29 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: debug_decl.c,v 1.6 1997/03/23 03:53:07 joda Exp $"); + +/* Declare global debugging variables. */ + +int krb_ap_req_debug = 0; +int krb_debug = 0; diff --git a/crypto/kerberosIV/lib/krb/decomp_ticket.c b/crypto/kerberosIV/lib/krb/decomp_ticket.c new file mode 100644 index 0000000..8e556a3 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/decomp_ticket.c @@ -0,0 +1,119 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: decomp_ticket.c,v 1.16 1997/04/01 08:18:22 joda Exp $"); + +/* + * This routine takes a ticket and pointers to the variables that + * should be filled in based on the information in the ticket. It + * fills in values for its arguments. + * + * The routine returns KFAILURE if any of the "pname", "pinstance", + * or "prealm" fields is too big, otherwise it returns KSUCCESS. + * + * The corresponding routine to generate tickets is create_ticket. + * When changes are made to this routine, the corresponding changes + * should also be made to that file. + * + * See create_ticket.c for the format of the ticket packet. + */ + +int +decomp_ticket(KTEXT tkt, /* The ticket to be decoded */ + unsigned char *flags, /* Kerberos ticket flags */ + char *pname, /* Authentication name */ + char *pinstance, /* Principal's instance */ + char *prealm, /* Principal's authentication domain */ + u_int32_t *paddress,/* Net address of entity requesting ticket */ + unsigned char *session, /* Session key inserted in ticket */ + int *life, /* Lifetime of the ticket */ + u_int32_t *time_sec, /* Issue time and date */ + char *sname, /* Service name */ + char *sinstance, /* Service instance */ + des_cblock *key, /* Service's secret key (to decrypt the ticket) */ + des_key_schedule schedule) /* The precomputed key schedule */ + +{ + unsigned char *p = tkt->dat; + + int little_endian; + + des_pcbc_encrypt((des_cblock *)tkt->dat, (des_cblock *)tkt->dat, + tkt->length, schedule, key, DES_DECRYPT); + + tkt->mbz = 0; + + *flags = *p++; + + little_endian = (*flags >> K_FLAG_ORDER) & 1; + + if(strlen((char*)p) > ANAME_SZ) + return KFAILURE; + p += krb_get_string(p, pname); + + if(strlen((char*)p) > INST_SZ) + return KFAILURE; + p += krb_get_string(p, pinstance); + + if(strlen((char*)p) > REALM_SZ) + return KFAILURE; + p += krb_get_string(p, prealm); + + if(tkt->length - (p - tkt->dat) < 8 + 1 + 4) + return KFAILURE; + p += krb_get_address(p, paddress); + + memcpy(session, p, 8); + p += 8; + + *life = *p++; + + p += krb_get_int(p, time_sec, 4, little_endian); + + if(strlen((char*)p) > SNAME_SZ) + return KFAILURE; + p += krb_get_string(p, sname); + + if(strlen((char*)p) > INST_SZ) + return KFAILURE; + p += krb_get_string(p, sinstance); + + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/dest_tkt.c b/crypto/kerberosIV/lib/krb/dest_tkt.c new file mode 100644 index 0000000..0487e6b --- /dev/null +++ b/crypto/kerberosIV/lib/krb/dest_tkt.c @@ -0,0 +1,82 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: dest_tkt.c,v 1.11 1997/05/19 03:03:40 assar Exp $"); + +/* + * dest_tkt() is used to destroy the ticket store upon logout. + * If the ticket file does not exist, dest_tkt() returns RET_TKFIL. + * Otherwise the function returns RET_OK on success, KFAILURE on + * failure. + * + * The ticket file (TKT_FILE) is defined in "krb.h". + */ + +int +dest_tkt(void) +{ + char *file = TKT_FILE; + int i,fd; + struct stat statb; + char buf[BUFSIZ]; + + errno = 0; + if ( +#ifdef HAVE_LSTAT + lstat +#else + stat +#endif + (file, &statb) < 0) + goto out; + + if (!(statb.st_mode & S_IFREG) +#ifdef notdef + || statb.st_mode & 077 +#endif + ) + goto out; + + if ((fd = open(file, O_RDWR, 0)) < 0) + goto out; + + memset(buf, 0, BUFSIZ); + + for (i = 0; i < statb.st_size; i += sizeof(buf)) + if (write(fd, buf, sizeof(buf)) != sizeof(buf)) { + fsync(fd); + close(fd); + goto out; + } + + + fsync(fd); + close(fd); + + unlink(file); + +out: + if (errno == ENOENT) return RET_TKFIL; + else if (errno != 0) return KFAILURE; + return(KSUCCESS); +} diff --git a/crypto/kerberosIV/lib/krb/dllmain.c b/crypto/kerberosIV/lib/krb/dllmain.c new file mode 100644 index 0000000..e98b7dc --- /dev/null +++ b/crypto/kerberosIV/lib/krb/dllmain.c @@ -0,0 +1,128 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* dllmain.c - main function to krb4.dll + * Author: J Karlsson <d93-jka@nada.kth.se> + * Date: June 1996 + */ + +#include "krb_locl.h" +#include "ticket_memory.h" +#include <Windows.h> + +RCSID("$Id: dllmain.c,v 1.6 1997/05/02 14:29:13 assar Exp $"); + +void +msg(char *text, int error) +{ + char *buf; + + asprintf (&buf, "%s\nAn error of type: %d", text, error); + + MessageBox(GetActiveWindow(), + buf ? buf : "can't tell you", + "kerberos message", + MB_OK|MB_APPLMODAL); + free (buf); +} + +BOOL WINAPI +DllMain (HANDLE hInst, + ULONG reason, + LPVOID lpReserved) +{ + WORD wVersionRequested; + WSADATA wsaData; + PROCESS_INFORMATION p; + int err; + + switch(reason){ + case DLL_PROCESS_ATTACH: + wVersionRequested = MAKEWORD(1, 1); + err = WSAStartup(wVersionRequested, &wsaData); + if (err != 0) + { + /* Tell the user that we couldn't find a useable */ + /* winsock.dll. */ + msg("Cannot find winsock.dll", err); + return FALSE; + } + if(newTktMem(0) != KSUCCESS) + { + /* Tell the user that we couldn't alloc shared memory. */ + msg("Cannot allocate shared ticket memory", GetLastError()); + return FALSE; + } + if(GetLastError() != ERROR_ALREADY_EXISTS) + { + STARTUPINFO s = + { + sizeof(s), + 0, + 0, + 0, + 0,0, + 0,0, + 0,0, + 0, + 0, + 0, + 0,0, + 0,0,0}; + + s.dwFlags = STARTF_USESHOWWINDOW; + s.wShowWindow = SW_HIDE; + if(!CreateProcess(0,"krbmanager", + 0,0,FALSE,0,0, + 0,&s, &p)) + { + msg("Unable to create kerberos manager process.\n" + "Make sure krbmanager.exe is in your PATH.", + GetLastError()); + return FALSE; + } + } + break; + case DLL_PROCESS_DETACH: + freeTktMem(0); + WSACleanup(); + break; + } + + return TRUE; +} diff --git a/crypto/kerberosIV/lib/krb/encrypt_ktext.c b/crypto/kerberosIV/lib/krb/encrypt_ktext.c new file mode 100644 index 0000000..d97fcc7 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/encrypt_ktext.c @@ -0,0 +1,51 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: encrypt_ktext.c,v 1.4 1997/04/01 08:18:26 joda Exp $"); + +void +encrypt_ktext(KTEXT cip, des_cblock *key, int encrypt) +{ + des_key_schedule schedule; + des_set_key(key, schedule); + des_pcbc_encrypt((des_cblock*)cip->dat, (des_cblock*)cip->dat, + cip->length, schedule, key, encrypt); + memset(schedule, 0, sizeof(des_key_schedule)); +} diff --git a/crypto/kerberosIV/lib/krb/et_list.c b/crypto/kerberosIV/lib/krb/et_list.c new file mode 100644 index 0000000..69d1c89 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/et_list.c @@ -0,0 +1,74 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * This is a hack to resolve the reference to _et_list when making a + * shared library under Psoriasis and possibly other systems. Presumably + * they define __ELF__, some people say Linux does so. + */ + +#include "config.h" + +RCSID("$Id: et_list.c,v 1.12 1997/05/13 09:45:01 bg Exp $"); + +struct et_list { + struct et_list *next; + const struct error_table *table; +}; + +#if defined(__GNUC__) + +#ifdef __FreeBSD__ +asm(".globl __et_list"); /* FreeBSD bug workaround */ +#endif +struct et_list * _et_list __attribute__ ((weak)) = 0; + +#else /* !__GNUC__ */ + +#ifdef HAVE_PRAGMA_WEAK + +#pragma weak _et_list = __et_list +struct et_list * __et_list = 0; + +#else /* !HAVE_PRAGMA_WEAK */ + +struct et_list * _et_list = 0; + +#endif /* !HAVE_PRAGMA_WEAK */ + +#endif /* !__GNUC__ */ diff --git a/crypto/kerberosIV/lib/krb/get_ad_tkt.c b/crypto/kerberosIV/lib/krb/get_ad_tkt.c new file mode 100644 index 0000000..9590760 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_ad_tkt.c @@ -0,0 +1,190 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: get_ad_tkt.c,v 1.16 1997/05/30 17:43:34 bg Exp $"); + +/* + * get_ad_tkt obtains a new service ticket from Kerberos, using + * the ticket-granting ticket which must be in the ticket file. + * It is typically called by krb_mk_req() when the client side + * of an application is creating authentication information to be + * sent to the server side. + * + * get_ad_tkt takes four arguments: three pointers to strings which + * contain the name, instance, and realm of the service for which the + * ticket is to be obtained; and an integer indicating the desired + * lifetime of the ticket. + * + * It returns an error status if the ticket couldn't be obtained, + * or AD_OK if all went well. The ticket is stored in the ticket + * cache. + * + * The request sent to the Kerberos ticket-granting service looks + * like this: + * + * pkt->dat + * + * TEXT original contents of authenticator+ticket + * pkt->dat built in krb_mk_req call + * + * 4 bytes time_ws always 0 (?) + * char lifetime lifetime argument passed + * string service service name argument + * string sinstance service instance arg. + * + * See "prot.h" for the reply packet layout and definitions of the + * extraction macros like pkt_version(), pkt_msg_type(), etc. + */ + +int +get_ad_tkt(char *service, char *sinstance, char *realm, int lifetime) +{ + static KTEXT_ST pkt_st; + KTEXT pkt = & pkt_st; /* Packet to KDC */ + static KTEXT_ST rpkt_st; + KTEXT rpkt = &rpkt_st; /* Returned packet */ + + CREDENTIALS cr; + char lrealm[REALM_SZ]; + u_int32_t time_ws = 0; + int kerror; + unsigned char *p; + + /* + * First check if we have a "real" TGT for the corresponding + * realm, if we don't, use ordinary inter-realm authentication. + */ + + kerror = krb_get_cred(KRB_TICKET_GRANTING_TICKET, realm, realm, &cr); + if (kerror == KSUCCESS) + strncpy(lrealm, realm, REALM_SZ); + else + kerror = krb_get_tf_realm(TKT_FILE, lrealm); + + if (kerror != KSUCCESS) + return(kerror); + + /* + * Look for the session key (and other stuff we don't need) + * in the ticket file for krbtgt.realm@lrealm where "realm" + * is the service's realm (passed in "realm" argument) and + * lrealm is the realm of our initial ticket. If we don't + * have this, we will try to get it. + */ + + if ((kerror = krb_get_cred(KRB_TICKET_GRANTING_TICKET, + realm, lrealm, &cr)) != KSUCCESS) { + /* + * If realm == lrealm, we have no hope, so let's not even try. + */ + if ((strncmp(realm, lrealm, REALM_SZ)) == 0) + return(AD_NOTGT); + else{ + if ((kerror = + get_ad_tkt(KRB_TICKET_GRANTING_TICKET, + realm, lrealm, lifetime)) != KSUCCESS) + if (kerror == KDC_PR_UNKNOWN) + return(AD_INTR_RLM_NOTGT); + else + return(kerror); + if ((kerror = krb_get_cred(KRB_TICKET_GRANTING_TICKET, + realm, lrealm, &cr)) != KSUCCESS) + return(kerror); + } + } + + /* + * Make up a request packet to the "krbtgt.realm@lrealm". + * Start by calling krb_mk_req() which puts ticket+authenticator + * into "pkt". Then tack other stuff on the end. + */ + + kerror = krb_mk_req(pkt, + KRB_TICKET_GRANTING_TICKET, + realm,lrealm,0L); + + if (kerror) + return(AD_NOTGT); + + p = pkt->dat + pkt->length; + + p += krb_put_int(time_ws, p, 4); + p += krb_put_int(lifetime, p, 1); + p += krb_put_nir(service, sinstance, NULL, p); + + pkt->length = p - pkt->dat; + rpkt->length = 0; + + /* Send the request to the local ticket-granting server */ + if ((kerror = send_to_kdc(pkt, rpkt, realm))) return(kerror); + + /* check packet version of the returned packet */ + + { + KTEXT_ST cip; + CREDENTIALS cred; + struct timeval tv; + + kerror = kdc_reply_cipher(rpkt, &cip); + if(kerror != KSUCCESS) + return kerror; + + encrypt_ktext(&cip, &cr.session, DES_DECRYPT); + + kerror = kdc_reply_cred(&cip, &cred); + if(kerror != KSUCCESS) + return kerror; + + if (strcmp(cred.service, service) || strcmp(cred.instance, sinstance) || + strcmp(cred.realm, realm)) /* not what we asked for */ + return INTK_ERR; /* we need a better code here XXX */ + + gettimeofday(&tv, NULL); + if (abs((int)(tv.tv_sec - cred.issue_date)) > CLOCK_SKEW) { + return RD_AP_TIME; /* XXX should probably be better code */ + } + + + kerror = save_credentials(cred.service, cred.instance, cred.realm, + cred.session, cred.lifetime, cred.kvno, + &cred.ticket_st, tv.tv_sec); + return kerror; + } +} diff --git a/crypto/kerberosIV/lib/krb/get_cred.c b/crypto/kerberosIV/lib/krb/get_cred.c new file mode 100644 index 0000000..1a0016c --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_cred.c @@ -0,0 +1,70 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: get_cred.c,v 1.6 1997/05/30 17:38:29 bg Exp $"); + +/* + * krb_get_cred takes a service name, instance, and realm, and a + * structure of type CREDENTIALS to be filled in with ticket + * information. It then searches the ticket file for the appropriate + * ticket and fills in the structure with the corresponding + * information from the file. If successful, it returns KSUCCESS. + * On failure it returns a Kerberos error code. + */ + +int +krb_get_cred(char *service, /* Service name */ + char *instance, /* Instance */ + char *realm, /* Auth domain */ + CREDENTIALS *c) /* Credentials struct */ +{ + int tf_status; /* return value of tf function calls */ + CREDENTIALS cr; + + if (c == 0) + c = &cr; + + /* Open ticket file and lock it for shared reading */ + if ((tf_status = tf_init(TKT_FILE, R_TKT_FIL)) != KSUCCESS) + return(tf_status); + + /* Copy principal's name and instance into the CREDENTIALS struc c */ + + if ( (tf_status = tf_get_pname(c->pname)) != KSUCCESS || + (tf_status = tf_get_pinst(c->pinst)) != KSUCCESS ) + return (tf_status); + + /* Search for requested service credentials and copy into c */ + + while ((tf_status = tf_get_cred(c)) == KSUCCESS) { + if ((strcmp(c->service,service) == 0) && + (strcmp(c->instance,instance) == 0) && + (strcmp(c->realm,realm) == 0)) + break; + } + tf_close(); + + if (tf_status == EOF) + return (GC_NOTKT); + return(tf_status); +} diff --git a/crypto/kerberosIV/lib/krb/get_default_principal.c b/crypto/kerberosIV/lib/krb/get_default_principal.c new file mode 100644 index 0000000..3a111ea --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_default_principal.c @@ -0,0 +1,94 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: get_default_principal.c,v 1.10 1997/04/01 08:18:28 joda Exp $"); + +int +krb_get_default_principal(char *name, char *instance, char *realm) +{ + char *file; + int ret; + + char *p; + + if ((file = getenv("KRBTKFILE")) == NULL) + file = TKT_FILE; + + ret = krb_get_tf_fullname(file, name, instance, realm); + if(ret == KSUCCESS) + return 0; + + p = getenv("KRB4PRINCIPAL"); + if(p && kname_parse(name, instance, realm, p) == KSUCCESS) + return 1; + + +#ifdef HAVE_PWD_H + { + struct passwd *pw; + pw = getpwuid(getuid()); + if(pw == NULL){ + return -1; + } + + strcpy(name, pw->pw_name); + strcpy(instance, ""); + krb_get_lrealm(realm, 1); + + if(strcmp(name, "root") == 0){ + p = NULL; +#if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN) + p = getlogin(); +#endif + if(p == NULL) + p = getenv("USER"); + if(p == NULL) + p = getenv("LOGNAME"); + if(p){ + strncpy (name, p, ANAME_SZ); + name[ANAME_SZ - 1] = '\0'; + strcpy(instance, "root"); + } + } + return 1; + } +#endif + return -1; +} diff --git a/crypto/kerberosIV/lib/krb/get_host.c b/crypto/kerberosIV/lib/krb/get_host.c new file mode 100644 index 0000000..de80ac4 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_host.c @@ -0,0 +1,292 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: get_host.c,v 1.30 1997/05/02 14:29:13 assar Exp $"); + +static struct host_list { + struct krb_host *this; + struct host_list *next; +} *hosts; + +static int krb_port = 0; + +static void +free_hosts(struct host_list *h) +{ + struct host_list *t; + while(h){ + if(h->this->realm) + free(h->this->realm); + if(h->this->host) + free(h->this->host); + t = h; + h = h->next; + free(t); + } +} + +static int +parse_address(char *address, int *proto, char **host, int *port) +{ + char *p, *q; + p = strchr(address, '/'); + *proto = IPPROTO_UDP; + if(p){ + char prot[32]; + struct protoent *pp; + strncpy(prot, address, p - address); + prot[p - address] = 0; + if((pp = getprotobyname(prot))) + *proto = pp->p_proto; + else + krb_warning("Bad protocol name `%s', Using default `udp'.\n", + prot); + p++; + }else + p = address; + q = strchr(p, ':'); + if(q){ + *host = (char*)malloc(q - p + 1); + strncpy(*host, p, q - p); + (*host)[q - p] = 0; + q++; + { + struct servent *sp = getservbyname(q, NULL); + if(sp) + *port = ntohs(sp->s_port); + else + if(sscanf(q, "%d", port) != 1){ + krb_warning("Bad port specification `%s', using port %d.", + q, krb_port); + *port = krb_port; + } + } + }else{ + *host = strdup(p); + *port = krb_port; + } + return 0; +} + +static int +add_host(char *realm, char *address, int admin, int validate) +{ + struct krb_host *host; + struct host_list *p, **last = &hosts; + host = (struct krb_host*)malloc(sizeof(struct krb_host)); + parse_address(address, &host->proto, &host->host, &host->port); + if(validate && gethostbyname(host->host) == NULL){ + free(host->host); + free(host); + return 1; + } + host->admin = admin; + for(p = hosts; p; p = p->next){ + if(strcmp(realm, p->this->realm) == 0 && + strcmp(host->host, p->this->host) == 0 && + host->proto == p->this->proto && + host->port == p->this->port){ + free(host->host); + free(host); + return 1; + } + last = &p->next; + } + host->realm = strdup(realm); + p = (struct host_list*)malloc(sizeof(struct host_list)); + p->this = host; + p->next = NULL; + *last = p; + return 0; +} + + + +static int +read_file(const char *filename, const char *r) +{ + char line[1024]; + char realm[1024]; + char address[1024]; + char scratch[1024]; + int n; + int nhosts = 0; + + FILE *f = fopen(filename, "r"); + if(f == NULL) + return -1; + while(fgets(line, sizeof(line), f)){ + n = sscanf(line, "%s %s admin %s", realm, address, scratch); + if(n == 2 || n == 3){ + if(strcmp(realm, r)) + continue; + if(add_host(realm, address, n == 3, 0) == 0) + nhosts++; + } + } + fclose(f); + return nhosts; +} + +static int +init_hosts(char *realm) +{ + static const char *files[] = KRB_CNF_FILES; + int i; + char *dir = getenv("KRBCONFDIR"); + + krb_port = ntohs(k_getportbyname (KRB_SERVICE, NULL, htons(KRB_PORT))); + if(dir){ + char file[MaxPathLen]; + if(k_concat(file, sizeof(file), dir, "/krb.conf", NULL) == 0) + read_file(file, realm); + } + for(i = 0; files[i]; i++) + read_file(files[i], realm); + return 0; +} + +static void +srv_find_realm(char *realm, char *proto, char *service) +{ + char *domain; + struct dns_reply *r; + struct resource_record *rr; + + k_mconcat(&domain, 1024, service, ".", proto, ".", realm, ".", NULL); + + if(domain == NULL) + return; + + r = dns_lookup(domain, "srv"); + if(r == NULL) + r = dns_lookup(domain, "txt"); + if(r == NULL){ + free(domain); + return; + } + for(rr = r->head; rr; rr = rr->next){ + if(rr->type == T_SRV){ + char buf[1024]; + + if (snprintf (buf, + sizeof(buf), + "%s/%s:%u", + proto, + rr->u.srv->target, + rr->u.srv->port) < sizeof(buf)) + add_host(realm, buf, 0, 0); + }else if(rr->type == T_TXT) + add_host(realm, rr->u.txt, 0, 0); + } + dns_free_data(r); + free(domain); +} + +struct krb_host* +krb_get_host(int nth, char *realm, int admin) +{ + struct host_list *p; + static char orealm[REALM_SZ]; + if(orealm[0] == 0 || strcmp(realm, orealm)){ + /* quick optimization */ + if(realm && realm[0]){ + strncpy(orealm, realm, sizeof(orealm) - 1); + orealm[sizeof(orealm) - 1] = 0; + }else{ + int ret = krb_get_lrealm(orealm, 1); + if(ret != KSUCCESS) + return NULL; + } + + if(hosts){ + free_hosts(hosts); + hosts = NULL; + } + + init_hosts(orealm); + + srv_find_realm(orealm, "udp", KRB_SERVICE); + srv_find_realm(orealm, "tcp", KRB_SERVICE); + + { + /* XXX this assumes no one has more than 99999 kerberos + servers */ + char host[REALM_SZ + sizeof("kerberos-XXXXX..")]; + int i = 0; + sprintf(host, "kerberos.%s.", orealm); + add_host(orealm, host, 1, 1); + do{ + i++; + sprintf(host, "kerberos-%d.%s.", i, orealm); + }while(i < 100000 && add_host(orealm, host, 0, 1) == 0); + } + } + + for(p = hosts; p; p = p->next){ + if(strcmp(orealm, p->this->realm) == 0 && + (!admin || p->this->admin)) + if(nth == 1) + return p->this; + else + nth--; + } + return NULL; +} + +int +krb_get_krbhst(char *host, char *realm, int nth) +{ + struct krb_host *p = krb_get_host(nth, realm, 0); + if(p == NULL) + return KFAILURE; + strcpy(host, p->host); + return KSUCCESS; +} + +int +krb_get_admhst(char *host, char *realm, int nth) +{ + struct krb_host *p = krb_get_host(nth, realm, 1); + if(p == NULL) + return KFAILURE; + strcpy(host, p->host); + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/get_in_tkt.c b/crypto/kerberosIV/lib/krb/get_in_tkt.c new file mode 100644 index 0000000..435632a --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_in_tkt.c @@ -0,0 +1,99 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: get_in_tkt.c,v 1.15 1997/03/23 03:53:08 joda Exp $"); + +/* + * This file contains three routines: passwd_to_key() and + * passwd_to_afskey() converts a password into a DES key, using the + * normal strinttokey and the AFS one, respectively, and + * krb_get_pw_in_tkt() gets an initial ticket for a user. + */ + +/* + * passwd_to_key() and passwd_to_afskey: given a password, return a DES key. + */ + +int +passwd_to_key(char *user, char *instance, char *realm, void *passwd, + des_cblock *key) +{ +#ifndef NOENCRYPTION + des_string_to_key((char *)passwd, key); +#endif + return 0; +} + + +int +passwd_to_afskey(char *user, char *instance, char *realm, void *passwd, + des_cblock *key) +{ +#ifndef NOENCRYPTION + afs_string_to_key((char *)passwd, realm, key); +#endif + return (0); +} + +/* + * krb_get_pw_in_tkt() takes the name of the server for which the initial + * ticket is to be obtained, the name of the principal the ticket is + * for, the desired lifetime of the ticket, and the user's password. + * It passes its arguments on to krb_get_in_tkt(), which contacts + * Kerberos to get the ticket, decrypts it using the password provided, + * and stores it away for future use. + * + * krb_get_pw_in_tkt() passes two additional arguments to krb_get_in_tkt(): + * the name of a routine (passwd_to_key()) to be used to get the + * password in case the "password" argument is null and NULL for the + * decryption procedure indicating that krb_get_in_tkt should use the + * default method of decrypting the response from the KDC. + * + * The result of the call to krb_get_in_tkt() is returned. + */ + +int +krb_get_pw_in_tkt(char *user, char *instance, char *realm, char *service, + char *sinstance, int life, char *password) +{ + char pword[100]; /* storage for the password */ + int code; + + /* Only request password once! */ + if (!password) { + if (des_read_pw_string(pword, sizeof(pword)-1, "Password: ", 0)){ + memset(pword, 0, sizeof(pword)); + return INTK_BADPW; + } + password = pword; + } + + code = krb_get_in_tkt(user,instance,realm,service,sinstance,life, + passwd_to_key, NULL, password); + if (code == INTK_BADPW) + code = krb_get_in_tkt(user,instance,realm,service,sinstance,life, + passwd_to_afskey, NULL, password); + if (password == pword) + memset(pword, 0, sizeof(pword)); + return(code); +} diff --git a/crypto/kerberosIV/lib/krb/get_krbrlm.c b/crypto/kerberosIV/lib/krb/get_krbrlm.c new file mode 100644 index 0000000..8c5b0c9 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_krbrlm.c @@ -0,0 +1,116 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: get_krbrlm.c,v 1.16 1997/05/02 01:26:22 assar Exp $"); + +/* + * krb_get_lrealm takes a pointer to a string, and a number, n. It fills + * in the string, r, with the name of the nth realm specified on the + * first line of the kerberos config file (KRB_CONF, defined in "krb.h"). + * It returns 0 (KSUCCESS) on success, and KFAILURE on failure. If the + * config file does not exist, and if n=1, a successful return will occur + * with r = KRB_REALM (also defined in "krb.h"). + * + * NOTE: for archaic & compatibility reasons, this routine will only return + * valid results when n = 1. + * + * For the format of the KRB_CONF file, see comments describing the routine + * krb_get_krbhst(). + */ + +static int +krb_get_lrealm_f(char *r, int n, const char *fname) +{ + FILE *f; + int ret = KFAILURE; + f = fopen(fname, "r"); + if(f){ + char buf[REALM_SZ]; + if(fgets(buf, sizeof(buf), f)){ + char *p = buf + strspn(buf, " \t"); + p[strcspn(p, " \t\r\n")] = 0; + p[REALM_SZ - 1] = 0; + strcpy(r, p); + ret = KSUCCESS; + } + fclose(f); + } + return ret; +} + +int +krb_get_lrealm(char *r, int n) +{ + static const char *const files[] = KRB_CNF_FILES; + int i; + + const char *dir = getenv("KRBCONFDIR"); + + if (n > 1) + return(KFAILURE); /* Temporary restriction */ + + /* First try user specified file */ + if (dir != 0) { + char fname[MaxPathLen]; + if(k_concat(fname, sizeof(fname), dir, "/krb.conf", NULL) == 0) + if (krb_get_lrealm_f(r, n, fname) == KSUCCESS) + return KSUCCESS; + } + + for (i = 0; files[i] != 0; i++) + if (krb_get_lrealm_f(r, n, files[i]) == KSUCCESS) + return KSUCCESS; + + /* If nothing else works try LOCALDOMAIN, if it exists */ + if (n == 1) + { + char *t, hostname[MaxHostNameLen]; + k_gethostname(hostname, sizeof(hostname)); + t = krb_realmofhost(hostname); + if (t) { + strcpy (r, t); + return KSUCCESS; + } + t = strchr(hostname, '.'); + if (t == 0) + return KFAILURE; /* No domain part, you loose */ + + t++; /* Skip leading dot and upcase the rest */ + for (; *t; t++, r++) + *r = toupper(*t); + *r = 0; + return(KSUCCESS); + } + else + return(KFAILURE); +} + +/* For SunOS5 compat. */ +char * +krb_get_default_realm(void) +{ + static char local_realm[REALM_SZ]; /* local kerberos realm */ + if (krb_get_lrealm(local_realm, 1) != KSUCCESS) + strcpy(local_realm, "NO.DEFAULT.REALM"); + return local_realm; +} diff --git a/crypto/kerberosIV/lib/krb/get_svc_in_tkt.c b/crypto/kerberosIV/lib/krb/get_svc_in_tkt.c new file mode 100644 index 0000000..c290524 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_svc_in_tkt.c @@ -0,0 +1,76 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: get_svc_in_tkt.c,v 1.8 1997/03/23 03:53:09 joda Exp $"); + +/* + * This file contains two routines: srvtab_to_key(), which gets + * a server's key from a srvtab file, and krb_get_svc_in_tkt() which + * gets an initial ticket for a server. + */ + +/* + * srvtab_to_key(): given a "srvtab" file (where the keys for the + * service on a host are stored), return the private key of the + * given service (user.instance@realm). + * + * srvtab_to_key() passes its arguments on to read_service_key(), + * plus one additional argument, the key version number. + * (Currently, the key version number is always 0; this value + * is treated as a wildcard by read_service_key().) + * + * If the "srvtab" argument is null, KEYFILE (defined in "krb.h") + * is passed in its place. + * + * It returns the return value of the read_service_key() call. + * The service key is placed in "key". + */ + +int +srvtab_to_key(char *user, char *instance, char *realm, void *srvtab, + des_cblock *key) +{ + if (!srvtab) + srvtab = KEYFILE; + + return(read_service_key(user, instance, realm, 0, (char *)srvtab, + (char *)key)); +} + +/* + * krb_get_svc_in_tkt() passes its arguments on to krb_get_in_tkt(), + * plus two additional arguments: a pointer to the srvtab_to_key() + * function to be used to get the key from the key file and a NULL + * for the decryption procedure indicating that krb_get_in_tkt should + * use the default method of decrypting the response from the KDC. + * + * It returns the return value of the krb_get_in_tkt() call. + */ + +int +krb_get_svc_in_tkt(char *user, char *instance, char *realm, char *service, + char *sinstance, int life, char *srvtab) +{ + return(krb_get_in_tkt(user, instance, realm, service, sinstance, + life, srvtab_to_key, NULL, srvtab)); +} diff --git a/crypto/kerberosIV/lib/krb/get_tf_fullname.c b/crypto/kerberosIV/lib/krb/get_tf_fullname.c new file mode 100644 index 0000000..33733d0 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_tf_fullname.c @@ -0,0 +1,70 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: get_tf_fullname.c,v 1.6 1997/03/23 03:53:10 joda Exp $"); + +/* + * This file contains a routine to extract the fullname of a user + * from the ticket file. + */ + +/* + * krb_get_tf_fullname() takes four arguments: the name of the + * ticket file, and variables for name, instance, and realm to be + * returned in. Since the realm of a ticket file is not really fully + * supported, the realm used will be that of the the first ticket in + * the file as this is the one that was obtained with a password by + * krb_get_in_tkt(). + */ + +int +krb_get_tf_fullname(char *ticket_file, char *name, char *instance, char *realm) +{ + int tf_status; + CREDENTIALS c; + + if ((tf_status = tf_init(ticket_file, R_TKT_FIL)) != KSUCCESS) + return(tf_status); + + if (((tf_status = tf_get_pname(c.pname)) != KSUCCESS) || + ((tf_status = tf_get_pinst(c.pinst)) != KSUCCESS)) + return (tf_status); + + if (name) + strcpy(name, c.pname); + if (instance) + strcpy(instance, c.pinst); + if ((tf_status = tf_get_cred(&c)) == KSUCCESS) { + if (realm) + strcpy(realm, c.realm); + } + else { + if (tf_status == EOF) + return(KFAILURE); + else + return(tf_status); + } + tf_close(); + + return(tf_status); +} diff --git a/crypto/kerberosIV/lib/krb/get_tf_realm.c b/crypto/kerberosIV/lib/krb/get_tf_realm.c new file mode 100644 index 0000000..1a3c7d1 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_tf_realm.c @@ -0,0 +1,41 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: get_tf_realm.c,v 1.5 1997/03/23 03:53:10 joda Exp $"); + +/* + * This file contains a routine to extract the realm of a kerberos + * ticket file. + */ + +/* + * krb_get_tf_realm() takes two arguments: the name of a ticket + * and a variable to store the name of the realm in. + * + */ + +int +krb_get_tf_realm(char *ticket_file, char *realm) +{ + return(krb_get_tf_fullname(ticket_file, 0, 0, realm)); +} diff --git a/crypto/kerberosIV/lib/krb/getaddrs.c b/crypto/kerberosIV/lib/krb/getaddrs.c new file mode 100644 index 0000000..d25ec1b --- /dev/null +++ b/crypto/kerberosIV/lib/krb/getaddrs.c @@ -0,0 +1,130 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: getaddrs.c,v 1.19 1997/04/01 08:18:29 joda Exp $"); + +#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4 +#include <sys/ioctl.h> +#endif +#ifdef HAVE_NET_IF_H +#include <net/if.h> +#endif + +#ifdef HAVE_SYS_SOCKIO_H +#include <sys/sockio.h> +#endif /* HAVE_SYS_SOCKIO_H */ + +/* + * Return number and list of all local adresses. + */ + +int +k_get_all_addrs (struct in_addr **l) +{ +#if !defined(SIOCGIFCONF) || !defined(SIOCGIFFLAGS) || !defined(SIOCGIFADDR) + char name[MaxHostNameLen]; + struct hostent *he; + + if (k_gethostname(name, sizeof(name)) < 0) + return -1; + he = gethostbyname (name); + if (he == NULL) + return -1; + *l = malloc(sizeof(**l)); + if (*l == NULL) + return -1; + memcpy (*l, he->h_addr_list[0], sizeof(*l)); + return 1; +#else + int fd; + char buf[BUFSIZ]; + struct ifreq ifreq; + struct ifconf ifconf; + int num, j; + char *p; + + fd = socket(AF_INET, SOCK_DGRAM, 0); + if (fd < 0) + return -1; + + ifconf.ifc_len = sizeof(buf); + ifconf.ifc_buf = buf; + if(ioctl(fd, SIOCGIFCONF, &ifconf) < 0) + return -1; + num = ifconf.ifc_len / sizeof(struct ifreq); + *l = malloc(num * sizeof(struct in_addr)); + if(*l == NULL) { + close (fd); + return -1; + } + + j = 0; + ifreq.ifr_name[0] = '\0'; + for (p = ifconf.ifc_buf; p < ifconf.ifc_buf + ifconf.ifc_len;) { + struct ifreq *ifr = (struct ifreq *)p; +#ifdef SOCKADDR_HAS_SA_LEN + size_t sz = sizeof(ifr->ifr_name) + ifr->ifr_addr.sa_len; +#else + size_t sz = sizeof(*ifr); +#endif + if(strncmp(ifreq.ifr_name, ifr->ifr_name, sizeof(ifr->ifr_name))) { + if(ioctl(fd, SIOCGIFFLAGS, ifr) < 0) { + close (fd); + free (*l); + return -1; + } + if (ifr->ifr_flags & IFF_UP) { + if(ioctl(fd, SIOCGIFADDR, ifr) < 0) { + close (fd); + free (*l); + return -1; + } + (*l)[j++] = ((struct sockaddr_in *)&ifr->ifr_addr)->sin_addr; + } + ifreq = *ifr; + } + p = p + sz; + } + if (j != num) + *l = realloc (*l, j * sizeof(struct in_addr)); + close (fd); + return j; +#endif /* SIOCGIFCONF */ +} diff --git a/crypto/kerberosIV/lib/krb/getrealm.c b/crypto/kerberosIV/lib/krb/getrealm.c new file mode 100644 index 0000000..05dfdab --- /dev/null +++ b/crypto/kerberosIV/lib/krb/getrealm.c @@ -0,0 +1,184 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: getrealm.c,v 1.25 1997/05/02 14:29:14 assar Exp $"); + +#define MATCH_SUBDOMAINS 0 + +/* + * krb_realmofhost. + * Given a fully-qualified domain-style primary host name, + * return the name of the Kerberos realm for the host. + * If the hostname contains no discernable domain, or an error occurs, + * return the local realm name, as supplied by get_krbrlm(). + * If the hostname contains a domain, but no translation is found, + * the hostname's domain is converted to upper-case and returned. + * + * The format of each line of the translation file is: + * domain_name kerberos_realm + * -or- + * host_name kerberos_realm + * + * domain_name should be of the form .XXX.YYY (e.g. .LCS.MIT.EDU) + * host names should be in the usual form (e.g. FOO.BAR.BAZ) + */ + +/* To automagically find the correct realm of a host (without + * krb.realms) add a text record for your domain with the name of your + * realm, like this: + * + * krb4-realm IN TXT FOO.SE + * + * The search is recursive, so you can also add entries for specific + * hosts. To find the realm of host a.b.c, it first tries + * krb4-realm.a.b.c, then krb4-realm.b.c and so on. + */ + +static int +dns_find_realm(char *hostname, char *realm) +{ + char domain[MaxHostNameLen + sizeof("krb4-realm..")]; + char *p; + int level = 0; + struct dns_reply *r; + + p = hostname; + + while(1){ + snprintf(domain, sizeof(domain), "krb4-realm.%s.", p); + r = dns_lookup(domain, "TXT"); + if(r){ + struct resource_record *rr = r->head; + while(rr){ + if(rr->type == T_TXT){ + strncpy(realm, rr->u.txt, REALM_SZ); + realm[REALM_SZ - 1] = 0; + dns_free_data(r); + return level; + } + rr = rr->next; + } + dns_free_data(r); + } + level++; + p = strchr(p, '.'); + if(p == NULL) + break; + p++; + } + return -1; +} + + +static FILE * +open_krb_realms(void) +{ + static const char *const files[] = KRB_RLM_FILES; + FILE *res; + int i; + + const char *dir = getenv("KRBCONFDIR"); + + /* First try user specified file */ + if (dir != 0) { + char fname[MaxPathLen]; + + if(k_concat(fname, sizeof(fname), dir, "/krb.realms", NULL) == 0) + if ((res = fopen(fname, "r")) != NULL) + return res; + } + + for (i = 0; files[i] != 0; i++) + if ((res = fopen(files[i], "r")) != NULL) + return res; + + return NULL; +} + +char * +krb_realmofhost(const char *host) +{ + static char ret_realm[REALM_SZ]; + char *domain; + FILE *trans_file; + char trans_host[MaxHostNameLen]; + char trans_realm[REALM_SZ]; + char buf[1024]; + + char phost[MaxHostNameLen]; + + krb_name_to_name(host, phost, sizeof(phost)); + + domain = strchr(phost, '.'); + + /* prepare default */ + if(dns_find_realm(phost, ret_realm) < 0){ + if (domain) { + char *cp; + + strncpy(ret_realm, &domain[1], REALM_SZ); + ret_realm[REALM_SZ - 1] = 0; + /* Upper-case realm */ + for (cp = ret_realm; *cp; cp++) + *cp = toupper(*cp); + } else { + krb_get_lrealm(ret_realm, 1); + } + } + + if ((trans_file = open_krb_realms()) == NULL) + return(ret_realm); /* krb_errno = KRB_NO_TRANS */ + + while (fgets(buf, sizeof(buf), trans_file)) { + char *save = NULL; + char *tok = strtok_r(buf, " \t\r\n", &save); + if(tok == NULL) + continue; + strncpy(trans_host, tok, MaxHostNameLen); + trans_host[MaxHostNameLen - 1] = 0; + tok = strtok_r(NULL, " \t\r\n", &save); + if(tok == NULL) + continue; + strcpy(trans_realm, tok); + trans_realm[REALM_SZ - 1] = 0; + if (!strcasecmp(trans_host, phost)) { + /* exact match of hostname, so return the realm */ + strcpy(ret_realm, trans_realm); + fclose(trans_file); + return(ret_realm); + } + if ((trans_host[0] == '.') && domain) { + char *cp = domain; + do { + if(strcasecmp(trans_host, domain) == 0){ + /* domain match, save for later */ + strcpy(ret_realm, trans_realm); + break; + } + cp = strchr(cp + 1, '.'); + } while(MATCH_SUBDOMAINS && cp); + } + } + fclose(trans_file); + return ret_realm; +} diff --git a/crypto/kerberosIV/lib/krb/getst.c b/crypto/kerberosIV/lib/krb/getst.c new file mode 100644 index 0000000..de99962 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/getst.c @@ -0,0 +1,45 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: getst.c,v 1.6 1997/03/23 03:53:11 joda Exp $"); + +/* + * getst() takes a file descriptor, a string and a count. It reads + * from the file until either it has read "count" characters, or until + * it reads a null byte. When finished, what has been read exists in + * the given string "s". If "count" characters were actually read, the + * last is changed to a null, so the returned string is always null- + * terminated. getst() returns the number of characters read, including + * the null terminator. + */ + +int +getst(int fd, char *s, int n) +{ + int count = n; + while (read(fd, s, 1) > 0 && --count) + if (*s++ == '\0') + return (n - count); + *s = '\0'; + return (n - count); +} diff --git a/crypto/kerberosIV/lib/krb/gettimeofday.c b/crypto/kerberosIV/lib/krb/gettimeofday.c new file mode 100644 index 0000000..734ca59 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/gettimeofday.c @@ -0,0 +1,56 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" +RCSID("$Id: gettimeofday.c,v 1.5 1997/04/01 08:18:29 joda Exp $"); + +#ifndef HAVE_GETTIMEOFDAY +/* + * Simple gettimeofday that only returns seconds. + */ +int +gettimeofday (struct timeval *tp, void *ignore) +{ + time_t t; + + t = time(NULL); + tp->tv_sec = t; + tp->tv_usec = 0; + return 0; +} +#endif diff --git a/crypto/kerberosIV/lib/krb/k_concat.c b/crypto/kerberosIV/lib/krb/k_concat.c new file mode 100644 index 0000000..e7daa5f --- /dev/null +++ b/crypto/kerberosIV/lib/krb/k_concat.c @@ -0,0 +1,116 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: k_concat.c,v 1.5 1997/05/02 08:56:39 joda Exp $"); + +int +k_concat (char *s, size_t len, ...) +{ + int ret; + va_list args; + + va_start(args, len); + ret = k_vconcat (s, len, args); + va_end(args); + return ret; +} + +int +k_vconcat (char *s, size_t len, va_list args) +{ + const char *a; + + while ((a = va_arg(args, const char*))) { + size_t n = strlen (a); + + if (n >= len) + return -1; + strncpy (s, a, n); + s += n; + len -= n; + } + *s = '\0'; + return 0; +} + +size_t +k_vmconcat (char **s, size_t max_len, va_list args) +{ + const char *a; + char *p, *q; + size_t len = 0; + *s = NULL; + p = malloc(1); + if(p == NULL) + return 0; + *p = 0; + len = 1; + while ((a = va_arg(args, const char*))) { + size_t n = strlen (a); + + if(max_len && len + n > max_len){ + free(p); + return 0; + } + q = realloc(p, len + n); + if(q == NULL){ + free(p); + return 0; + } + p = q; + len += n; + strcat(p, a); + } + *s = p; + return len; +} + +size_t +k_mconcat (char **s, size_t max_len, ...) +{ + int ret; + va_list args; + + va_start(args, max_len); + ret = k_vmconcat (s, max_len, args); + va_end(args); + return ret; +} + diff --git a/crypto/kerberosIV/lib/krb/k_flock.c b/crypto/kerberosIV/lib/krb/k_flock.c new file mode 100644 index 0000000..844c34c --- /dev/null +++ b/crypto/kerberosIV/lib/krb/k_flock.c @@ -0,0 +1,95 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: k_flock.c,v 1.8 1997/04/01 08:18:30 joda Exp $"); + +#define K_OP_MASK (K_LOCK_SH | K_LOCK_EX | K_LOCK_UN) + +int +k_flock(int fd, int operation) +{ +#ifdef HAVE_FLOCK + int op = 0; + if (operation & K_LOCK_SH) + op |= LOCK_SH; + if (operation & K_LOCK_EX) + op |= LOCK_EX; + if (operation & K_LOCK_UN) + op |= LOCK_UN; + if (operation & K_LOCK_NB) + op |= LOCK_NB; + + return flock(fd, op); +#elif defined(HAVE_FCNTL) && defined(F_SETLK) + struct flock arg; + int code, cmd; + + arg.l_whence = SEEK_SET; + arg.l_start = 0; + arg.l_len = 0; /* means to EOF */ + + if (operation & K_LOCK_NB) + cmd = F_SETLK; + else + cmd = F_SETLKW; /* Blocking */ + + switch (operation & K_OP_MASK) { + case K_LOCK_UN: + arg.l_type = F_UNLCK; + code = fcntl(fd, F_SETLK, &arg); + break; + case K_LOCK_SH: + arg.l_type = F_RDLCK; + code = fcntl(fd, cmd, &arg); + break; + case K_LOCK_EX: + arg.l_type = F_WRLCK; + code = fcntl(fd, cmd, &arg); + break; + default: + errno = EINVAL; + code = -1; + break; + } + return code; +#else + return -1; +#endif /* !HAVE_FLOCK */ +} diff --git a/crypto/kerberosIV/lib/krb/k_gethostname.c b/crypto/kerberosIV/lib/krb/k_gethostname.c new file mode 100644 index 0000000..0f4d57f --- /dev/null +++ b/crypto/kerberosIV/lib/krb/k_gethostname.c @@ -0,0 +1,58 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" +RCSID("$Id: k_gethostname.c,v 1.10 1997/03/23 03:53:12 joda Exp $"); + +#ifdef HAVE_SYS_UTSNAME_H +#include <sys/utsname.h> +#endif + +/* + * Return the local host's name in "name", up to "namelen" characters. + * "name" will be null-terminated if "namelen" is big enough. + * The return code is 0 on success, -1 on failure. (The calling + * interface is identical to gethostname(2).) + */ + +int +k_gethostname(char *name, int namelen) +{ +#if defined(HAVE_GETHOSTNAME) + return gethostname(name, namelen); +#elif defined(HAVE_UNAME) + { + struct utsname utsname; + int ret; + + ret = uname (&utsname); + if (ret < 0) + return ret; + strncpy (name, utsname.nodename, namelen); + name[namelen-1] = '\0'; + return 0; + } +#else + strncpy (name, "some.random.host", namelen); + name[namelen-1] = '\0'; + return 0; +#endif +} diff --git a/crypto/kerberosIV/lib/krb/k_getport.c b/crypto/kerberosIV/lib/krb/k_getport.c new file mode 100644 index 0000000..c5f9f15 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/k_getport.c @@ -0,0 +1,57 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: k_getport.c,v 1.10 1997/04/01 08:18:30 joda Exp $"); + +int +k_getportbyname (const char *service, const char *proto, int default_port) +{ +#ifdef HAVE_GETSERVBYNAME + struct servent *sp; + + sp = getservbyname(service, proto); + if(sp != NULL) + return sp->s_port; + + krb_warning ("%s/%s unknown service, using default port %d\n", + service, proto ? proto : "*", ntohs(default_port)); +#endif + return default_port; +} diff --git a/crypto/kerberosIV/lib/krb/k_getsockinst.c b/crypto/kerberosIV/lib/krb/k_getsockinst.c new file mode 100644 index 0000000..04676b1 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/k_getsockinst.c @@ -0,0 +1,73 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: k_getsockinst.c,v 1.10 1997/05/02 14:29:17 assar Exp $"); + +/* + * Return in inst the name of the local interface bound to socket + * fd. On Failure return the 'wildcard' instance "*". + */ + +int +k_getsockinst(int fd, char *inst, size_t inst_size) +{ + struct sockaddr_in addr; + int len = sizeof(addr); + struct hostent *hnam; + + if (getsockname(fd, (struct sockaddr *)&addr, &len) < 0) + goto fail; + + hnam = gethostbyaddr((char *)&addr.sin_addr, + sizeof(addr.sin_addr), + addr.sin_family); + if (hnam == 0) + goto fail; + + strncpy (inst, hnam->h_name, inst_size); + inst[inst_size - 1] = '\0'; + k_ricercar(inst); /* Canonicalize name */ + return 0; /* Success */ + + fail: + inst[0] = '*'; + inst[1] = 0; + return -1; +} diff --git a/crypto/kerberosIV/lib/krb/k_localtime.c b/crypto/kerberosIV/lib/krb/k_localtime.c new file mode 100644 index 0000000..a6ffb9b --- /dev/null +++ b/crypto/kerberosIV/lib/krb/k_localtime.c @@ -0,0 +1,48 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: k_localtime.c,v 1.7 1997/04/01 08:18:31 joda Exp $"); + +struct tm *k_localtime(u_int32_t *tp) +{ + time_t t; + t = *tp; + return localtime(&t); +} diff --git a/crypto/kerberosIV/lib/krb/kdc_reply.c b/crypto/kerberosIV/lib/krb/kdc_reply.c new file mode 100644 index 0000000..aa012e0 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/kdc_reply.c @@ -0,0 +1,131 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: kdc_reply.c,v 1.9 1997/04/15 21:52:14 assar Exp $"); + +static int little_endian; /* XXX ugly */ + +int +kdc_reply_cred(KTEXT cip, CREDENTIALS *cred) +{ + unsigned char *p = cip->dat; + + memcpy(cred->session, p, 8); + p += 8; + + if(p + strlen((char*)p) > cip->dat + cip->length) + return INTK_BADPW; + p += krb_get_string(p, cred->service); + + if(p + strlen((char*)p) > cip->dat + cip->length) + return INTK_BADPW; + p += krb_get_string(p, cred->instance); + + if(p + strlen((char*)p) > cip->dat + cip->length) + return INTK_BADPW; + p += krb_get_string(p, cred->realm); + + if(p + 3 > cip->dat + cip->length) + return INTK_BADPW; + cred->lifetime = *p++; + cred->kvno = *p++; + cred->ticket_st.length = *p++; + + if(p + cred->ticket_st.length + 4 > cip->dat + cip->length) + return INTK_BADPW; + memcpy(cred->ticket_st.dat, p, cred->ticket_st.length); + p += cred->ticket_st.length; + + p += krb_get_int(p, (u_int32_t *)&cred->issue_date, 4, little_endian); + + return KSUCCESS; +} + +int +kdc_reply_cipher(KTEXT reply, KTEXT cip) +{ + unsigned char *p; + unsigned char pvno; + unsigned char type; + + char aname[ANAME_SZ]; + char inst[INST_SZ]; + char realm[REALM_SZ]; + + u_int32_t kdc_time; + u_int32_t exp_date; + u_int32_t clen; + + p = reply->dat; + + pvno = *p++; + + if (pvno != KRB_PROT_VERSION ) + return INTK_PROT; + + type = *p++; + little_endian = type & 1; + + type &= ~1; + + if(type == AUTH_MSG_ERR_REPLY){ + u_int32_t code; + p += strlen((char*)p) + 1; /* name */ + p += strlen((char*)p) + 1; /* instance */ + p += strlen((char*)p) + 1; /* realm */ + p += 4; /* time */ + p += krb_get_int(p, &code, 4, little_endian); + return code; + } + if(type != AUTH_MSG_KDC_REPLY) + return INTK_PROT; + + p += krb_get_nir(p, aname, inst, realm); + p += krb_get_int(p, &kdc_time, 4, little_endian); + p++; /* number of tickets */ + p += krb_get_int(p, &exp_date, 4, little_endian); + p++; /* master key version number */ + p += krb_get_int(p, &clen, 2, little_endian); + cip->length = clen; + memcpy(cip->dat, p, clen); + p += clen; + + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/klog.h b/crypto/kerberosIV/lib/krb/klog.h new file mode 100644 index 0000000..cee92d9 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/klog.h @@ -0,0 +1,47 @@ +/* + * $Id: klog.h,v 1.5 1997/05/11 11:05:28 assar Exp $ + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * This file defines the types of log messages logged by klog. Each + * type of message may be selectively turned on or off. + */ + +#ifndef KLOG_DEFS +#define KLOG_DEFS + +#ifndef KRBLOG +#define KRBLOG "/var/log/kerberos.log" /* master server */ +#endif +#ifndef KRBSLAVELOG +#define KRBSLAVELOG "/var/log/kerberos_slave.log" /* slave server */ +#endif +#define NLOGTYPE 100 /* Maximum number of log msg types */ + +#define L_NET_ERR 1 /* Error in network code */ +#define L_NET_INFO 2 /* Info on network activity */ +#define L_KRB_PERR 3 /* Kerberos protocol errors */ +#define L_KRB_PINFO 4 /* Kerberos protocol info */ +#define L_INI_REQ 5 /* Request for initial ticket */ +#define L_NTGT_INTK 6 /* Initial request not for TGT */ +#define L_DEATH_REQ 7 /* Request for server death */ +#define L_TKT_REQ 8 /* All ticket requests using a tgt */ +#define L_ERR_SEXP 9 /* Service expired */ +#define L_ERR_MKV 10 /* Master key version incorrect */ +#define L_ERR_NKY 11 /* User's key is null */ +#define L_ERR_NUN 12 /* Principal not unique */ +#define L_ERR_UNK 13 /* Principal Unknown */ +#define L_ALL_REQ 14 /* All requests */ +#define L_APPL_REQ 15 /* Application requests (using tgt) */ +#define L_KRB_PWARN 16 /* Protocol warning messages */ + +char * klog __P((int type, const char *format, ...)) +#ifdef __GNUC__ +__attribute__ ((format (printf, 2, 3))) +#endif +; + +#endif /* KLOG_DEFS */ diff --git a/crypto/kerberosIV/lib/krb/kntoln.c b/crypto/kerberosIV/lib/krb/kntoln.c new file mode 100644 index 0000000..88b8b25 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/kntoln.c @@ -0,0 +1,180 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +/* + * krb_kntoln converts an auth name into a local name by looking up + * the auth name in the /etc/aname file. The format of the aname + * file is: + * + * +-----+-----+-----+-----+------+----------+-------+-------+ + * | anl | inl | rll | lnl | name | instance | realm | lname | + * +-----+-----+-----+-----+------+----------+-------+-------+ + * | 1by | 1by | 1by | 1by | name | instance | realm | lname | + * +-----+-----+-----+-----+------+----------+-------+-------+ + * + * If the /etc/aname file can not be opened it will set the + * local name to the auth name. Thus, in this case it performs as + * the identity function. + * + * The name instance and realm are passed to krb_kntoln through + * the AUTH_DAT structure (ad). + * + * Now here's what it *really* does: + * + * Given a Kerberos name in an AUTH_DAT structure, check that the + * instance is null, and that the realm is the same as the local + * realm, and return the principal's name in "lname". Return + * KSUCCESS if all goes well, otherwise KFAILURE. + */ + +#include "krb_locl.h" + +RCSID("$Id: kntoln.c,v 1.7 1997/03/23 03:53:12 joda Exp $"); + +int +krb_kntoln(AUTH_DAT *ad, char *lname) +{ + static char lrealm[REALM_SZ] = ""; + + if (!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE)) + return(KFAILURE); + + if (strcmp(ad->pinst, "")) + return(KFAILURE); + if (strcmp(ad->prealm, lrealm)) + return(KFAILURE); + strcpy(lname, ad->pname); + return(KSUCCESS); +} + +#if 0 +/* Posted to usenet by "Derrick J. Brashear" <shadow+@andrew.cmu.edu> */ + +#include <krb.h> +#include <ndbm.h> +#include <stdio.h> +#include <sys/file.h> +#include <strings.h> +#include <sys/syslog.h> +#include <sys/errno.h> + +extern int errno; +/* + * antoln converts an authentication name into a local name by looking up + * the authentication name in the /etc/aname dbm database. + * + * If the /etc/aname file can not be opened it will set the + * local name to the principal name. Thus, in this case it performs as + * the identity function. + * + * The name instance and realm are passed to antoln through + * the AUTH_DAT structure (ad). + */ + +static char lrealm[REALM_SZ] = ""; + +an_to_ln(ad,lname) +AUTH_DAT *ad; +char *lname; +{ + static DBM *aname = NULL; + char keyname[ANAME_SZ+INST_SZ+REALM_SZ+2]; + + if(!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE)) + return(KFAILURE); + + if((strcmp(ad->pinst,"") && strcmp(ad->pinst,"root")) || +strcmp(ad->prealm,lrealm)) { + datum val; + datum key; + /* + * Non-local name (or) non-null and non-root instance. + * Look up in dbm file. + */ + if (!aname) { + if ((aname = dbm_open("/etc/aname", O_RDONLY, 0)) + == NULL) return (KFAILURE); + } + /* Construct dbm lookup key. */ + an_to_a(ad, keyname); + key.dptr = keyname; + key.dsize = strlen(keyname)+1; + flock(dbm_dirfno(aname), LOCK_SH); + val = dbm_fetch(aname, key); + flock(dbm_dirfno(aname), LOCK_UN); + if (!val.dptr) { + dbm_close(aname); + return(KFAILURE); + } + /* Got it! */ + strcpy(lname,val.dptr); + return(KSUCCESS); + } else strcpy(lname,ad->pname); + return(KSUCCESS); +} + +an_to_a(ad, str) + AUTH_DAT *ad; + char *str; +{ + strcpy(str, ad->pname); + if(*ad->pinst) { + strcat(str, "."); + strcat(str, ad->pinst); + } + strcat(str, "@"); + strcat(str, ad->prealm); +} + +/* + * Parse a string of the form "user[.instance][@realm]" + * into a struct AUTH_DAT. + */ + +a_to_an(str, ad) + AUTH_DAT *ad; + char *str; +{ + char *buf = (char *)malloc(strlen(str)+1); + char *rlm, *inst, *princ; + + if(!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE)) { + free(buf); + return(KFAILURE); + } + /* destructive string hacking is more fun.. */ + strcpy(buf, str); + + if (rlm = index(buf, '@')) { + *rlm++ = '\0'; + } + if (inst = index(buf, '.')) { + *inst++ = '\0'; + } + strcpy(ad->pname, buf); + if(inst) strcpy(ad->pinst, inst); + else *ad->pinst = '\0'; + if (rlm) strcpy(ad->prealm, rlm); + else strcpy(ad->prealm, lrealm); + free(buf); + return(KSUCCESS); +} +#endif diff --git a/crypto/kerberosIV/lib/krb/krb.def b/crypto/kerberosIV/lib/krb/krb.def new file mode 100644 index 0000000..da2e906 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb.def @@ -0,0 +1,92 @@ +LIBRARY "krb" BASE=0x07000000 + +DESCRIPTION "Dynamic link library for kerberos version 4" +VERSION 1.0 + +EXPORTS + krb_get_err_text + + newTktMem + getTktMem + firstCred + nextCredIndex + currCredIndex + nextFreeIndex + + k_flock + k_localtime + k_getsockinst + k_getportbyname + k_get_all_addrs + + krb_equiv + + afs_string_to_key + + krb_life_to_time + krb_time_to_life + krb_life_to_atime + krb_atime_to_life + + tf_get_cred + tf_get_pinst + tf_get_pname + tf_put_pinst + tf_put_pname + tf_init + tf_create + tf_save_cred + tf_close + + krb_mk_priv + krb_rd_priv + + create_auth_reply + krb_get_phost + krb_realmofhost + tkt_string + create_ciph + decomp_ticket + dest_tkt + get_ad_tkt + in_tkt + k_gethostname + k_isinst + k_isname + k_isrealm + kname_parse + krb_create_ticket + krb_get_admhst + krb_get_cred + krb_get_in_tkt + krb_get_krbhst + krb_get_lrealm + krb_get_default_realm + krb_get_pw_in_tkt + krb_get_svc_in_tkt + krb_get_tf_fullname + krb_get_tf_realm + krb_kntoln + krb_mk_req + krb_net_read + krb_net_write + krb_rd_err + krb_rd_req + krb_recvauth + krb_sendauth + krb_set_key + krb_set_lifetime + read_service_key + save_credentials + send_to_kdc + krb_mk_err + krb_mk_safe + krb_rd_safe + ad_print + cr_err_reply + krb_set_tkt_string + krb_get_default_principal + krb_realm_parse + krb_verify_user + kset_logfile + getst diff --git a/crypto/kerberosIV/lib/krb/krb.h b/crypto/kerberosIV/lib/krb/krb.h new file mode 100644 index 0000000..1ce349e --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb.h @@ -0,0 +1,565 @@ +/* + * $Id: krb.h,v 1.76 1997/05/26 17:47:31 bg Exp $ + * + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * Include file for the Kerberos library. + */ + +/* Only one time, please */ +#ifndef KRB_DEFS +#define KRB_DEFS + +#include <ktypes.h> +#include <sys/cdefs.h> +#include <stdarg.h> +#include <time.h> + +__BEGIN_DECLS + +#ifndef __P +#define __P(x) x +#endif + +/* Need some defs from des.h */ +#if !defined(NOPROTO) && !defined(__STDC__) +#define NOPROTO +#endif +#include <des.h> + +/* Don't use these guys, they are only for compatibility with CNS. */ +#ifndef KRB_INT32 +#define KRB_INT32 int32_t +#endif +#ifndef KRB_UINT32 +#define KRB_UINT32 u_int32_t +#endif + +/* Global library variables. */ +extern int krb_ignore_ip_address; /* To turn off IP address comparison */ +extern int krb_no_long_lifetimes; /* To disable AFS compatible lifetimes */ +extern int krbONE; +#define HOST_BYTE_ORDER (* (char *) &krbONE) + +/* Text describing error codes */ +#define MAX_KRB_ERRORS 256 +extern const char *krb_err_txt[MAX_KRB_ERRORS]; + +/* Use this function rather than indexing in krb_err_txt */ +const char *krb_get_err_text __P((int code)); + + +/* General definitions */ +#define KSUCCESS 0 +#define KFAILURE 255 + +/* + * Kerberos specific definitions + * + * KRBLOG is the log file for the kerberos master server. KRB_CONF is + * the configuration file where different host machines running master + * and slave servers can be found. KRB_MASTER is the name of the + * machine with the master database. The admin_server runs on this + * machine, and all changes to the db (as opposed to read-only + * requests, which can go to slaves) must go to it. KRB_HOST is the + * default machine * when looking for a kerberos slave server. Other + * possibilities are * in the KRB_CONF file. KRB_REALM is the name of + * the realm. + */ + +/* /etc/kerberosIV is only for backwards compatibility, don't use it! */ +#ifndef KRB_CONF +#define KRB_CONF "/etc/krb.conf" +#endif +#ifndef KRB_RLM_TRANS +#define KRB_RLM_TRANS "/etc/krb.realms" +#endif +#ifndef KRB_CNF_FILES +#define KRB_CNF_FILES { KRB_CONF, "/etc/kerberosIV/krb.conf", 0} +#endif +#ifndef KRB_RLM_FILES +#define KRB_RLM_FILES { KRB_RLM_TRANS, "/etc/kerberosIV/krb.realms", 0} +#endif +#ifndef KRB_EQUIV +#define KRB_EQUIV "/etc/krb.equiv" +#endif +#define KRB_MASTER "kerberos" +#ifndef KRB_REALM +#define KRB_REALM (krb_get_default_realm()) +#endif + +/* The maximum sizes for aname, realm, sname, and instance +1 */ +#define ANAME_SZ 40 +#define REALM_SZ 40 +#define SNAME_SZ 40 +#define INST_SZ 40 +/* Leave space for quoting */ +#define MAX_K_NAME_SZ (2*ANAME_SZ + 2*INST_SZ + 2*REALM_SZ - 3) +#define KKEY_SZ 100 +#define VERSION_SZ 1 +#define MSG_TYPE_SZ 1 +#define DATE_SZ 26 /* RTI date output */ + +#define MAX_HSTNM 100 /* for compatibility */ + +typedef struct krb_principal{ + char name[ANAME_SZ]; + char instance[INST_SZ]; + char realm[REALM_SZ]; +}krb_principal; + +#ifndef DEFAULT_TKT_LIFE /* allow compile-time override */ +/* default lifetime for krb_mk_req & co., 10 hrs */ +#define DEFAULT_TKT_LIFE 120 +#endif + +#define KRB_TICKET_GRANTING_TICKET "krbtgt" + +/* Definition of text structure used to pass text around */ +#define MAX_KTXT_LEN 1250 + +struct ktext { + unsigned int length; /* Length of the text */ + unsigned char dat[MAX_KTXT_LEN]; /* The data itself */ + u_int32_t mbz; /* zero to catch runaway strings */ +}; + +typedef struct ktext *KTEXT; +typedef struct ktext KTEXT_ST; + + +/* Definitions for send_to_kdc */ +#define CLIENT_KRB_TIMEOUT 4 /* time between retries */ +#define CLIENT_KRB_RETRY 5 /* retry this many times */ +#define CLIENT_KRB_BUFLEN 512 /* max unfragmented packet */ + +/* Definitions for ticket file utilities */ +#define R_TKT_FIL 0 +#define W_TKT_FIL 1 + +/* Parameters for rd_ap_req */ +/* Maximum alloable clock skew in seconds */ +#define CLOCK_SKEW 5*60 +/* Filename for readservkey */ +#ifndef KEYFILE +#define KEYFILE "/etc/srvtab" +#endif + +/* Structure definition for rd_ap_req */ + +struct auth_dat { + unsigned char k_flags; /* Flags from ticket */ + char pname[ANAME_SZ]; /* Principal's name */ + char pinst[INST_SZ]; /* His Instance */ + char prealm[REALM_SZ]; /* His Realm */ + u_int32_t checksum; /* Data checksum (opt) */ + des_cblock session; /* Session Key */ + int life; /* Life of ticket */ + u_int32_t time_sec; /* Time ticket issued */ + u_int32_t address; /* Address in ticket */ + KTEXT_ST reply; /* Auth reply (opt) */ +}; + +typedef struct auth_dat AUTH_DAT; + +/* Structure definition for credentials returned by get_cred */ + +struct credentials { + char service[ANAME_SZ]; /* Service name */ + char instance[INST_SZ]; /* Instance */ + char realm[REALM_SZ]; /* Auth domain */ + des_cblock session; /* Session key */ + int lifetime; /* Lifetime */ + int kvno; /* Key version number */ + KTEXT_ST ticket_st; /* The ticket itself */ + int32_t issue_date; /* The issue time */ + char pname[ANAME_SZ]; /* Principal's name */ + char pinst[INST_SZ]; /* Principal's instance */ +}; + +typedef struct credentials CREDENTIALS; + +/* Structure definition for rd_private_msg and rd_safe_msg */ + +struct msg_dat { + unsigned char *app_data; /* pointer to appl data */ + u_int32_t app_length; /* length of appl data */ + u_int32_t hash; /* hash to lookup replay */ + int swap; /* swap bytes? */ + int32_t time_sec; /* msg timestamp seconds */ + unsigned char time_5ms; /* msg timestamp 5ms units */ +}; + +typedef struct msg_dat MSG_DAT; + +struct krb_host { + char *realm; + char *host; + int proto; + int port; + int admin; +}; + +struct krb_host *krb_get_host __P((int, char*, int)); + + +/* Location of ticket file for save_cred and get_cred */ +#define TKT_FILE tkt_string() +#define TKT_ROOT "/tmp/tkt" + +/* Error codes returned from the KDC */ +#define KDC_OK 0 /* Request OK */ +#define KDC_NAME_EXP 1 /* Principal expired */ +#define KDC_SERVICE_EXP 2 /* Service expired */ +#define KDC_AUTH_EXP 3 /* Auth expired */ +#define KDC_PKT_VER 4 /* Protocol version unknown */ +#define KDC_P_MKEY_VER 5 /* Wrong master key version */ +#define KDC_S_MKEY_VER 6 /* Wrong master key version */ +#define KDC_BYTE_ORDER 7 /* Byte order unknown */ +#define KDC_PR_UNKNOWN 8 /* Principal unknown */ +#define KDC_PR_N_UNIQUE 9 /* Principal not unique */ +#define KDC_NULL_KEY 10 /* Principal has null key */ +#define KDC_GEN_ERR 20 /* Generic error from KDC */ + + +/* Values returned by get_credentials */ +#define GC_OK 0 /* Retrieve OK */ +#define RET_OK 0 /* Retrieve OK */ +#define GC_TKFIL 21 /* Can't read ticket file */ +#define RET_TKFIL 21 /* Can't read ticket file */ +#define GC_NOTKT 22 /* Can't find ticket or TGT */ +#define RET_NOTKT 22 /* Can't find ticket or TGT */ + + +/* Values returned by mk_ap_req */ +#define MK_AP_OK 0 /* Success */ +#define MK_AP_TGTEXP 26 /* TGT Expired */ + +/* Values returned by rd_ap_req */ +#define RD_AP_OK 0 /* Request authentic */ +#define RD_AP_UNDEC 31 /* Can't decode authenticator */ +#define RD_AP_EXP 32 /* Ticket expired */ +#define RD_AP_NYV 33 /* Ticket not yet valid */ +#define RD_AP_REPEAT 34 /* Repeated request */ +#define RD_AP_NOT_US 35 /* The ticket isn't for us */ +#define RD_AP_INCON 36 /* Request is inconsistent */ +#define RD_AP_TIME 37 /* delta_t too big */ +#define RD_AP_BADD 38 /* Incorrect net address */ +#define RD_AP_VERSION 39 /* protocol version mismatch */ +#define RD_AP_MSG_TYPE 40 /* invalid msg type */ +#define RD_AP_MODIFIED 41 /* message stream modified */ +#define RD_AP_ORDER 42 /* message out of order */ +#define RD_AP_UNAUTHOR 43 /* unauthorized request */ + +/* Values returned by get_pw_tkt */ +#define GT_PW_OK 0 /* Got password changing tkt */ +#define GT_PW_NULL 51 /* Current PW is null */ +#define GT_PW_BADPW 52 /* Incorrect current password */ +#define GT_PW_PROT 53 /* Protocol Error */ +#define GT_PW_KDCERR 54 /* Error returned by KDC */ +#define GT_PW_NULLTKT 55 /* Null tkt returned by KDC */ + + +/* Values returned by send_to_kdc */ +#define SKDC_OK 0 /* Response received */ +#define SKDC_RETRY 56 /* Retry count exceeded */ +#define SKDC_CANT 57 /* Can't send request */ + +/* + * Values returned by get_intkt + * (can also return SKDC_* and KDC errors) + */ + +#define INTK_OK 0 /* Ticket obtained */ +#define INTK_W_NOTALL 61 /* Not ALL tickets returned */ +#define INTK_BADPW 62 /* Incorrect password */ +#define INTK_PROT 63 /* Protocol Error */ +#define INTK_ERR 70 /* Other error */ + +/* Values returned by get_adtkt */ +#define AD_OK 0 /* Ticket Obtained */ +#define AD_NOTGT 71 /* Don't have tgt */ +#define AD_INTR_RLM_NOTGT 72 /* Can't get inter-realm tgt */ + +/* Error codes returned by ticket file utilities */ +#define NO_TKT_FIL 76 /* No ticket file found */ +#define TKT_FIL_ACC 77 /* Couldn't access tkt file */ +#define TKT_FIL_LCK 78 /* Couldn't lock ticket file */ +#define TKT_FIL_FMT 79 /* Bad ticket file format */ +#define TKT_FIL_INI 80 /* tf_init not called first */ + +/* Error code returned by kparse_name */ +#define KNAME_FMT 81 /* Bad Kerberos name format */ + +/* Error code returned by krb_mk_safe */ +#define SAFE_PRIV_ERROR -1 /* syscall error */ + +/* + * macros for byte swapping; also scratch space + * u_quad 0-->7, 1-->6, 2-->5, 3-->4, 4-->3, 5-->2, 6-->1, 7-->0 + * u_int32_t 0-->3, 1-->2, 2-->1, 3-->0 + * u_int16_t 0-->1, 1-->0 + */ + +#define swap_u_16(x) {\ + u_int32_t _krb_swap_tmp[4];\ + swab(((char *) x) +0, ((char *) _krb_swap_tmp) +14 ,2); \ + swab(((char *) x) +2, ((char *) _krb_swap_tmp) +12 ,2); \ + swab(((char *) x) +4, ((char *) _krb_swap_tmp) +10 ,2); \ + swab(((char *) x) +6, ((char *) _krb_swap_tmp) +8 ,2); \ + swab(((char *) x) +8, ((char *) _krb_swap_tmp) +6 ,2); \ + swab(((char *) x) +10,((char *) _krb_swap_tmp) +4 ,2); \ + swab(((char *) x) +12,((char *) _krb_swap_tmp) +2 ,2); \ + swab(((char *) x) +14,((char *) _krb_swap_tmp) +0 ,2); \ + memcpy(x, _krb_swap_tmp, 16);\ + } + +#define swap_u_12(x) {\ + u_int32_t _krb_swap_tmp[4];\ + swab(( char *) x, ((char *) _krb_swap_tmp) +10 ,2); \ + swab(((char *) x) +2, ((char *) _krb_swap_tmp) +8 ,2); \ + swab(((char *) x) +4, ((char *) _krb_swap_tmp) +6 ,2); \ + swab(((char *) x) +6, ((char *) _krb_swap_tmp) +4 ,2); \ + swab(((char *) x) +8, ((char *) _krb_swap_tmp) +2 ,2); \ + swab(((char *) x) +10,((char *) _krb_swap_tmp) +0 ,2); \ + memcpy(x, _krb_swap_tmp, 12);\ + } + +#define swap_C_Block(x) {\ + u_int32_t _krb_swap_tmp[4];\ + swab(( char *) x, ((char *) _krb_swap_tmp) +6 ,2); \ + swab(((char *) x) +2,((char *) _krb_swap_tmp) +4 ,2); \ + swab(((char *) x) +4,((char *) _krb_swap_tmp) +2 ,2); \ + swab(((char *) x) +6,((char *) _krb_swap_tmp) ,2); \ + memcpy(x, _krb_swap_tmp, 8);\ + } +#define swap_u_quad(x) {\ + u_int32_t _krb_swap_tmp[4];\ + swab(( char *) &x, ((char *) _krb_swap_tmp) +6 ,2); \ + swab(((char *) &x) +2,((char *) _krb_swap_tmp) +4 ,2); \ + swab(((char *) &x) +4,((char *) _krb_swap_tmp) +2 ,2); \ + swab(((char *) &x) +6,((char *) _krb_swap_tmp) ,2); \ + memcpy(x, _krb_swap_tmp, 8);\ + } + +#define swap_u_long(x) {\ + u_int32_t _krb_swap_tmp[4];\ + swab((char *) &x, ((char *) _krb_swap_tmp) +2 ,2); \ + swab(((char *) &x) +2,((char *) _krb_swap_tmp),2); \ + x = _krb_swap_tmp[0]; \ + } + +#define swap_u_short(x) {\ + u_int16_t _krb_swap_sh_tmp; \ + swab((char *) &x, ( &_krb_swap_sh_tmp) ,2); \ + x = (u_int16_t) _krb_swap_sh_tmp; \ + } +/* Kerberos ticket flag field bit definitions */ +#define K_FLAG_ORDER 0 /* bit 0 --> lsb */ +#define K_FLAG_1 /* reserved */ +#define K_FLAG_2 /* reserved */ +#define K_FLAG_3 /* reserved */ +#define K_FLAG_4 /* reserved */ +#define K_FLAG_5 /* reserved */ +#define K_FLAG_6 /* reserved */ +#define K_FLAG_7 /* reserved, bit 7 --> msb */ + +/* Defines for krb_sendauth and krb_recvauth */ + +#define KOPT_DONT_MK_REQ 0x00000001 /* don't call krb_mk_req */ +#define KOPT_DO_MUTUAL 0x00000002 /* do mutual auth */ + +#define KOPT_DONT_CANON 0x00000004 /* + * don't canonicalize inst as + * a hostname + */ + +#define KRB_SENDAUTH_VLEN 8 /* length for version strings */ + + +/* File locking */ +#define K_LOCK_SH 1 /* Shared lock */ +#define K_LOCK_EX 2 /* Exclusive lock */ +#define K_LOCK_NB 4 /* Don't block when locking */ +#define K_LOCK_UN 8 /* Unlock */ +int k_flock __P((int fd, int operation)); +struct tm *k_localtime __P((u_int32_t *)); +int k_getsockinst __P((int fd, char *inst, size_t)); +int k_getportbyname __P((const char *service, const char *proto, int default_port)); + +extern char *krb4_version; + +struct in_addr; + +int k_get_all_addrs __P((struct in_addr **l)); + +/* Host address comparison */ +int krb_equiv __P((u_int32_t, u_int32_t)); + +/* Password conversion */ +void mit_string_to_key __P((char *str, char *cell, des_cblock *key)); +void afs_string_to_key __P((char *str, char *cell, des_cblock *key)); + +/* Lifetime conversion */ +u_int32_t krb_life_to_time __P((u_int32_t start, int life)); +int krb_time_to_life __P((u_int32_t start, u_int32_t end)); +char *krb_life_to_atime __P((int life)); +int krb_atime_to_life __P((char *atime)); + +/* Ticket manipulation */ +int tf_get_cred __P((CREDENTIALS *)); +int tf_get_pinst __P((char *)); +int tf_get_pname __P((char *)); +int tf_put_pinst __P((char *)); +int tf_put_pname __P((char *)); +int tf_init __P((char *, int)); +int tf_create __P((char *)); +int tf_save_cred __P((char *, char *, char *, unsigned char *, int , int , KTEXT ticket, u_int32_t)); +void tf_close __P((void)); +int tf_setup __P((CREDENTIALS *cred, char *pname, char *pinst)); + +/* Private communication */ + +struct sockaddr_in; + +int32_t krb_mk_priv __P((void *, void *, u_int32_t, struct des_ks_struct *, des_cblock *, struct sockaddr_in *, struct sockaddr_in *)); +int32_t krb_rd_priv __P((void *, u_int32_t, struct des_ks_struct *, des_cblock *, struct sockaddr_in *, struct sockaddr_in *, MSG_DAT *)); + +/* Misc */ +KTEXT create_auth_reply __P((char *, char *, char *, int32_t, int, u_int32_t, int, KTEXT)); + +char *krb_get_phost __P((const char *)); +char *krb_realmofhost __P((const char *)); +char *tkt_string __P((void)); + +int create_ciph __P((KTEXT, unsigned char *, char *, char *, char *, u_int32_t, int, KTEXT, u_int32_t, des_cblock *)); +int decomp_ticket __P((KTEXT, unsigned char *, char *, char *, char *, u_int32_t *, unsigned char *, int *, u_int32_t *, char *, char *, des_cblock *, struct des_ks_struct *)); +int dest_tkt __P((void)); +int get_ad_tkt __P((char *, char *, char *, int)); +int get_pw_tkt __P((char *, char *, char *, char *)); +int get_request __P((KTEXT, int, char **, char **)); +int in_tkt __P((char *, char *)); +int k_gethostname __P((char *, int )); +int k_isinst __P((char *)); +int k_isname __P((char *)); +int k_isrealm __P((char *)); +int kname_parse __P((char *, char *, char *, char *)); +int krb_parse_name __P((const char*, krb_principal*)); +char *krb_unparse_name __P((krb_principal*)); +char *krb_unparse_name_r __P((krb_principal*, char*)); +char *krb_unparse_name_long __P((char*, char*, char*)); +char *krb_unparse_name_long_r __P((char *name, char *instance, char *realm, char *fullname)); +int krb_create_ticket __P((KTEXT, unsigned char, char *, char *, char *, int32_t, void *, int16_t, int32_t, char *, char *, des_cblock *)); +int krb_get_admhst __P((char *, char *, int)); +int krb_get_cred __P((char *, char *, char *, CREDENTIALS *)); + +typedef int (*key_proc_t) __P((char*, char*, char*, void*, des_cblock*)); + +typedef int (*decrypt_proc_t) __P((char*, char*, char*, void*, + key_proc_t, KTEXT*)); + +int krb_get_in_tkt __P((char*, char*, char*, char*, char*, int, key_proc_t, + decrypt_proc_t, void*)); + +int srvtab_to_key __P((char *, char *, char *, void *, des_cblock *)); +int passwd_to_key __P((char *, char *, char *, void *, des_cblock *)); +int passwd_to_afskey __P((char *, char *, char *, void *, des_cblock *)); + +int krb_get_krbhst __P((char *, char *, int)); +int krb_get_lrealm __P((char *, int)); +char *krb_get_default_realm __P((void)); +int krb_get_pw_in_tkt __P((char *, char *, char *, char *, char *, int, char *)); +int krb_get_svc_in_tkt __P((char *, char *, char *, char *, char *, int, char *)); +int krb_get_tf_fullname __P((char *, char *, char *, char *)); +int krb_get_tf_realm __P((char *, char *)); +int krb_kntoln __P((AUTH_DAT *, char *)); +int krb_mk_req __P((KTEXT , char *, char *, char *, int32_t)); +int krb_net_read __P((int , void *, size_t)); +int krb_net_write __P((int , const void *, size_t)); +int krb_rd_err __P((u_char *, u_int32_t, int32_t *, MSG_DAT *)); +int krb_rd_req __P((KTEXT , char *, char *, int32_t, AUTH_DAT *, char *)); +int krb_recvauth __P((int32_t, int, KTEXT, char *, char *, struct sockaddr_in *, struct sockaddr_in *, AUTH_DAT *, char *, struct des_ks_struct *, char *)); +int krb_sendauth __P((int32_t, int, KTEXT, char *,char *, char *, u_int32_t, MSG_DAT *, CREDENTIALS *, struct des_ks_struct *, struct sockaddr_in *, struct sockaddr_in *, char *)); +int krb_mk_auth __P((int32_t, KTEXT, char *, char *, char *, u_int32_t, char *, KTEXT)); +int krb_check_auth __P((KTEXT, u_int32_t, MSG_DAT *, des_cblock *, struct des_ks_struct *, struct sockaddr_in *, struct sockaddr_in *)); +int krb_set_key __P((void *, int)); +int krb_set_lifetime __P((int)); +int krb_kuserok __P((char *name, char *inst, char *realm, char *luser)); +int kuserok __P((AUTH_DAT *, char *)); +int read_service_key __P((char *, char *, char *, int , char *, char *)); +int save_credentials __P((char *, char *, char *, unsigned char *, int , int , KTEXT , int32_t)); +int send_to_kdc __P((KTEXT , KTEXT , char *)); + +int32_t krb_mk_err __P((u_char *, int32_t, char *)); +int32_t krb_mk_safe __P((void *, void *, u_int32_t, des_cblock *, struct sockaddr_in *, struct sockaddr_in *)); +int32_t krb_rd_safe __P((void *, u_int32_t, des_cblock *, struct sockaddr_in *, struct sockaddr_in *, MSG_DAT *)); + +void ad_print __P((AUTH_DAT *)); +void cr_err_reply __P((KTEXT, char *, char *, char *, u_int32_t, u_int32_t, char *)); +void extract_ticket __P((KTEXT, int, char *, int *, int *, char *, KTEXT)); +void krb_set_tkt_string __P((char *)); + +int krb_get_default_principal __P((char *, char *, char *)); +int krb_realm_parse __P((char *, int)); +int krb_verify_user __P((char*, char*, char*, char*, int, char *)); + +/* logging.c */ + +typedef int (*krb_log_func_t)(FILE *, const char *, va_list); + +typedef krb_log_func_t krb_warnfn_t; + +struct krb_log_facility; + +int krb_vlogger __P((struct krb_log_facility*, const char *, va_list)) +#ifdef __GNUC__ +__attribute__ ((format (printf, 2, 0))) +#endif +; +int krb_logger __P((struct krb_log_facility*, const char *, ...)) +#ifdef __GNUC__ +__attribute__ ((format (printf, 2, 3))) +#endif +; +int krb_openlog __P((struct krb_log_facility*, char*, FILE*, krb_log_func_t)); + +void krb_set_warnfn __P((krb_warnfn_t)); +krb_warnfn_t krb_get_warnfn __P((void)); +void krb_warning __P((const char*, ...)) +#ifdef __GNUC__ +__attribute__ ((format (printf, 1, 2))) +#endif +; + +void kset_logfile __P((char*)); +void krb_log __P((const char*, ...)) +#ifdef __GNUC__ +__attribute__ ((format (printf, 1, 2))) +#endif +; +char *klog __P((int, const char*, ...)) +#ifdef __GNUC__ +__attribute__ ((format (printf, 2, 3))) +#endif +; + +int getst __P((int, char *, int)); +const char *month_sname __P((int)); +const char *krb_stime __P((time_t *)); +int krb_check_tm __P((struct tm)); + +int krb_get_int __P((void *from, u_int32_t *to, int size, int lsb)); +int krb_put_int __P((u_int32_t from, void *to, int size)); +int krb_get_address __P((void *from, u_int32_t *to)); +int krb_put_address __P((u_int32_t addr, void *to)); +int krb_put_string __P((char *from, void *to)); +int krb_get_string __P((void *from, char *to)); +int krb_get_nir __P((void *from, char *name, char *instance, char *realm)); +int krb_put_nir __P((char *name, char *instance, char *realm, void *to)); + +__END_DECLS + +#endif /* KRB_DEFS */ diff --git a/crypto/kerberosIV/lib/krb/krb.mak b/crypto/kerberosIV/lib/krb/krb.mak new file mode 100644 index 0000000..1236261 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb.mak @@ -0,0 +1,3065 @@ +# Microsoft Developer Studio Generated NMAKE File, Format Version 4.10 +# ** DO NOT EDIT ** + +# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102 + +!IF "$(CFG)" == "" +CFG=krb - Win32 Debug +!MESSAGE No configuration specified. Defaulting to krb - Win32 Debug. +!ENDIF + +!IF "$(CFG)" != "krb - Win32 Release" && "$(CFG)" != "krb - Win32 Debug" +!MESSAGE Invalid configuration "$(CFG)" specified. +!MESSAGE You can specify a configuration when running NMAKE on this makefile +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "krb.mak" CFG="krb - Win32 Debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "krb - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE "krb - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE +!ERROR An invalid configuration is specified. +!ENDIF + +!IF "$(OS)" == "Windows_NT" +NULL= +!ELSE +NULL=nul +!ENDIF +################################################################################ +# Begin Project +# PROP Target_Last_Scanned "krb - Win32 Debug" +RSC=rc.exe +MTL=mktyplib.exe +CPP=cl.exe + +!IF "$(CFG)" == "krb - Win32 Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "Release" +# PROP BASE Intermediate_Dir "Release" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "Release" +# PROP Intermediate_Dir "Release" +# PROP Target_Dir "" +OUTDIR=.\Release +INTDIR=.\Release + +ALL : ".\Release\krb.dll" + +CLEAN : + -@erase ".\Release\cr_err_reply.obj" + -@erase ".\Release\create_auth_reply.obj" + -@erase ".\Release\create_ciph.obj" + -@erase ".\Release\create_ticket.obj" + -@erase ".\Release\debug_decl.obj" + -@erase ".\Release\decomp_ticket.obj" + -@erase ".\Release\dllmain.obj" + -@erase ".\Release\encrypt_ktext.obj" + -@erase ".\Release\et_list.obj" + -@erase ".\Release\get_ad_tkt.obj" + -@erase ".\Release\get_cred.obj" + -@erase ".\Release\get_default_principal.obj" + -@erase ".\Release\get_host.obj" + -@erase ".\Release\get_in_tkt.obj" + -@erase ".\Release\get_krbrlm.obj" + -@erase ".\Release\get_phost.obj" + -@erase ".\Release\get_svc_in_tkt.obj" + -@erase ".\Release\get_tf_fullname.obj" + -@erase ".\Release\get_tf_realm.obj" + -@erase ".\Release\getaddrs.obj" + -@erase ".\Release\getrealm.obj" + -@erase ".\Release\getst.obj" + -@erase ".\Release\k_flock.obj" + -@erase ".\Release\k_gethostname.obj" + -@erase ".\Release\k_getport.obj" + -@erase ".\Release\k_getsockinst.obj" + -@erase ".\Release\k_localtime.obj" + -@erase ".\Release\kdc_reply.obj" + -@erase ".\Release\kntoln.obj" + -@erase ".\Release\krb.dll" + -@erase ".\Release\krb.exp" + -@erase ".\Release\krb.lib" + -@erase ".\Release\krb_check_auth.obj" + -@erase ".\Release\krb_equiv.obj" + -@erase ".\Release\krb_err_txt.obj" + -@erase ".\Release\krb_get_in_tkt.obj" + -@erase ".\Release\lifetime.obj" + -@erase ".\Release\logging.obj" + -@erase ".\Release\lsb_addr_comp.obj" + -@erase ".\Release\mk_auth.obj" + -@erase ".\Release\mk_err.obj" + -@erase ".\Release\mk_priv.obj" + -@erase ".\Release\mk_req.obj" + -@erase ".\Release\mk_safe.obj" + -@erase ".\Release\month_sname.obj" + -@erase ".\Release\name2name.obj" + -@erase ".\Release\netread.obj" + -@erase ".\Release\netwrite.obj" + -@erase ".\Release\one.obj" + -@erase ".\Release\parse_name.obj" + -@erase ".\Release\rd_err.obj" + -@erase ".\Release\rd_priv.obj" + -@erase ".\Release\rd_req.obj" + -@erase ".\Release\rd_safe.obj" + -@erase ".\Release\read_service_key.obj" + -@erase ".\Release\realm_parse.obj" + -@erase ".\Release\recvauth.obj" + -@erase ".\Release\resolve.obj" + -@erase ".\Release\rw.obj" + -@erase ".\Release\save_credentials.obj" + -@erase ".\Release\send_to_kdc.obj" + -@erase ".\Release\sendauth.obj" + -@erase ".\Release\stime.obj" + -@erase ".\Release\str2key.obj" + -@erase ".\Release\swab.obj" + -@erase ".\Release\ticket_memory.obj" + -@erase ".\Release\tkt_string.obj" + -@erase ".\Release\unparse_name.obj" + -@erase ".\Release\util.obj" + -@erase ".\Release\verify_user.obj" + +"$(OUTDIR)" : + if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)" + +# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /YX /c +# ADD CPP /nologo /MT /W3 /GX /O2 /I "." /I "..\..\include" /I "..\..\include\win32" /I "..\des" /I "..\roken" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /c +CPP_PROJ=/nologo /MT /W3 /GX /O2 /I "." /I "..\..\include" /I\ + "..\..\include\win32" /I "..\des" /I "..\roken" /D "NDEBUG" /D "WIN32" /D\ + "_WINDOWS" /D "HAVE_CONFIG_H" /Fp"$(INTDIR)/krb.pch" /YX /Fo"$(INTDIR)/" /c +CPP_OBJS=.\Release/ +CPP_SBRS=.\. +# ADD BASE MTL /nologo /D "NDEBUG" /win32 +# ADD MTL /nologo /D "NDEBUG" /win32 +MTL_PROJ=/nologo /D "NDEBUG" /win32 +# ADD BASE RSC /l 0x409 /d "NDEBUG" +# ADD RSC /l 0x409 /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +BSC32_FLAGS=/nologo /o"$(OUTDIR)/krb.bsc" +BSC32_SBRS= \ + +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /machine:I386 +# ADD LINK32 ..\roken\Release\roken.lib ..\des\Release\des.lib wsock32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /machine:I386 +LINK32_FLAGS=..\roken\Release\roken.lib ..\des\Release\des.lib wsock32.lib\ + kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib\ + shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo\ + /subsystem:windows /dll /incremental:no /pdb:"$(OUTDIR)/krb.pdb" /machine:I386\ + /def:".\krb.def" /out:"$(OUTDIR)/krb.dll" /implib:"$(OUTDIR)/krb.lib" +DEF_FILE= \ + ".\krb.def" +LINK32_OBJS= \ + ".\Release\cr_err_reply.obj" \ + ".\Release\create_auth_reply.obj" \ + ".\Release\create_ciph.obj" \ + ".\Release\create_ticket.obj" \ + ".\Release\debug_decl.obj" \ + ".\Release\decomp_ticket.obj" \ + ".\Release\dllmain.obj" \ + ".\Release\encrypt_ktext.obj" \ + ".\Release\et_list.obj" \ + ".\Release\get_ad_tkt.obj" \ + ".\Release\get_cred.obj" \ + ".\Release\get_default_principal.obj" \ + ".\Release\get_host.obj" \ + ".\Release\get_in_tkt.obj" \ + ".\Release\get_krbrlm.obj" \ + ".\Release\get_phost.obj" \ + ".\Release\get_svc_in_tkt.obj" \ + ".\Release\get_tf_fullname.obj" \ + ".\Release\get_tf_realm.obj" \ + ".\Release\getaddrs.obj" \ + ".\Release\getrealm.obj" \ + ".\Release\getst.obj" \ + ".\Release\k_flock.obj" \ + ".\Release\k_gethostname.obj" \ + ".\Release\k_getport.obj" \ + ".\Release\k_getsockinst.obj" \ + ".\Release\k_localtime.obj" \ + ".\Release\kdc_reply.obj" \ + ".\Release\kntoln.obj" \ + ".\Release\krb_check_auth.obj" \ + ".\Release\krb_equiv.obj" \ + ".\Release\krb_err_txt.obj" \ + ".\Release\krb_get_in_tkt.obj" \ + ".\Release\lifetime.obj" \ + ".\Release\logging.obj" \ + ".\Release\lsb_addr_comp.obj" \ + ".\Release\mk_auth.obj" \ + ".\Release\mk_err.obj" \ + ".\Release\mk_priv.obj" \ + ".\Release\mk_req.obj" \ + ".\Release\mk_safe.obj" \ + ".\Release\month_sname.obj" \ + ".\Release\name2name.obj" \ + ".\Release\netread.obj" \ + ".\Release\netwrite.obj" \ + ".\Release\one.obj" \ + ".\Release\parse_name.obj" \ + ".\Release\rd_err.obj" \ + ".\Release\rd_priv.obj" \ + ".\Release\rd_req.obj" \ + ".\Release\rd_safe.obj" \ + ".\Release\read_service_key.obj" \ + ".\Release\realm_parse.obj" \ + ".\Release\recvauth.obj" \ + ".\Release\resolve.obj" \ + ".\Release\rw.obj" \ + ".\Release\save_credentials.obj" \ + ".\Release\send_to_kdc.obj" \ + ".\Release\sendauth.obj" \ + ".\Release\stime.obj" \ + ".\Release\str2key.obj" \ + ".\Release\swab.obj" \ + ".\Release\ticket_memory.obj" \ + ".\Release\tkt_string.obj" \ + ".\Release\unparse_name.obj" \ + ".\Release\util.obj" \ + ".\Release\verify_user.obj" + +".\Release\krb.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS) + $(LINK32) @<< + $(LINK32_FLAGS) $(LINK32_OBJS) +<< + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "Debug" +# PROP BASE Intermediate_Dir "Debug" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "Debug" +# PROP Intermediate_Dir "Debug" +# PROP Target_Dir "" +OUTDIR=.\Debug +INTDIR=.\Debug + +ALL : ".\Debug\krb.dll" + +CLEAN : + -@erase ".\Debug\cr_err_reply.obj" + -@erase ".\Debug\create_auth_reply.obj" + -@erase ".\Debug\create_ciph.obj" + -@erase ".\Debug\create_ticket.obj" + -@erase ".\Debug\debug_decl.obj" + -@erase ".\Debug\decomp_ticket.obj" + -@erase ".\Debug\dllmain.obj" + -@erase ".\Debug\encrypt_ktext.obj" + -@erase ".\Debug\et_list.obj" + -@erase ".\Debug\get_ad_tkt.obj" + -@erase ".\Debug\get_cred.obj" + -@erase ".\Debug\get_default_principal.obj" + -@erase ".\Debug\get_host.obj" + -@erase ".\Debug\get_in_tkt.obj" + -@erase ".\Debug\get_krbrlm.obj" + -@erase ".\Debug\get_phost.obj" + -@erase ".\Debug\get_svc_in_tkt.obj" + -@erase ".\Debug\get_tf_fullname.obj" + -@erase ".\Debug\get_tf_realm.obj" + -@erase ".\Debug\getaddrs.obj" + -@erase ".\Debug\getrealm.obj" + -@erase ".\Debug\getst.obj" + -@erase ".\Debug\k_flock.obj" + -@erase ".\Debug\k_gethostname.obj" + -@erase ".\Debug\k_getport.obj" + -@erase ".\Debug\k_getsockinst.obj" + -@erase ".\Debug\k_localtime.obj" + -@erase ".\Debug\kdc_reply.obj" + -@erase ".\Debug\kntoln.obj" + -@erase ".\Debug\krb.dll" + -@erase ".\Debug\krb.exp" + -@erase ".\Debug\krb.ilk" + -@erase ".\Debug\krb.lib" + -@erase ".\Debug\krb.pdb" + -@erase ".\Debug\krb_check_auth.obj" + -@erase ".\Debug\krb_equiv.obj" + -@erase ".\Debug\krb_err_txt.obj" + -@erase ".\Debug\krb_get_in_tkt.obj" + -@erase ".\Debug\lifetime.obj" + -@erase ".\Debug\logging.obj" + -@erase ".\Debug\lsb_addr_comp.obj" + -@erase ".\Debug\mk_auth.obj" + -@erase ".\Debug\mk_err.obj" + -@erase ".\Debug\mk_priv.obj" + -@erase ".\Debug\mk_req.obj" + -@erase ".\Debug\mk_safe.obj" + -@erase ".\Debug\month_sname.obj" + -@erase ".\Debug\name2name.obj" + -@erase ".\Debug\netread.obj" + -@erase ".\Debug\netwrite.obj" + -@erase ".\Debug\one.obj" + -@erase ".\Debug\parse_name.obj" + -@erase ".\Debug\rd_err.obj" + -@erase ".\Debug\rd_priv.obj" + -@erase ".\Debug\rd_req.obj" + -@erase ".\Debug\rd_safe.obj" + -@erase ".\Debug\read_service_key.obj" + -@erase ".\Debug\realm_parse.obj" + -@erase ".\Debug\recvauth.obj" + -@erase ".\Debug\resolve.obj" + -@erase ".\Debug\rw.obj" + -@erase ".\Debug\save_credentials.obj" + -@erase ".\Debug\send_to_kdc.obj" + -@erase ".\Debug\sendauth.obj" + -@erase ".\Debug\stime.obj" + -@erase ".\Debug\str2key.obj" + -@erase ".\Debug\swab.obj" + -@erase ".\Debug\ticket_memory.obj" + -@erase ".\Debug\tkt_string.obj" + -@erase ".\Debug\unparse_name.obj" + -@erase ".\Debug\util.obj" + -@erase ".\Debug\vc40.idb" + -@erase ".\Debug\vc40.pdb" + -@erase ".\Debug\verify_user.obj" + +"$(OUTDIR)" : + if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)" + +# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /YX /c +# ADD CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /I "." /I "..\..\include" /I "..\..\include\win32" /I "..\des" /I "..\roken" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /c +CPP_PROJ=/nologo /MTd /W3 /Gm /GX /Zi /Od /I "." /I "..\..\include" /I\ + "..\..\include\win32" /I "..\des" /I "..\roken" /D "_DEBUG" /D "WIN32" /D\ + "_WINDOWS" /D "HAVE_CONFIG_H" /Fp"$(INTDIR)/krb.pch" /YX /Fo"$(INTDIR)/"\ + /Fd"$(INTDIR)/" /c +CPP_OBJS=.\Debug/ +CPP_SBRS=.\. +# ADD BASE MTL /nologo /D "_DEBUG" /win32 +# ADD MTL /nologo /D "_DEBUG" /win32 +MTL_PROJ=/nologo /D "_DEBUG" /win32 +# ADD BASE RSC /l 0x409 /d "_DEBUG" +# ADD RSC /l 0x409 /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +BSC32_FLAGS=/nologo /o"$(OUTDIR)/krb.bsc" +BSC32_SBRS= \ + +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /debug /machine:I386 +# ADD LINK32 ..\roken\Debug\roken.lib ..\des\Debug\des.lib wsock32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /debug /machine:I386 +LINK32_FLAGS=..\roken\Debug\roken.lib ..\des\Debug\des.lib wsock32.lib\ + kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib\ + shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo\ + /subsystem:windows /dll /incremental:yes /pdb:"$(OUTDIR)/krb.pdb" /debug\ + /machine:I386 /def:".\krb.def" /out:"$(OUTDIR)/krb.dll"\ + /implib:"$(OUTDIR)/krb.lib" +DEF_FILE= \ + ".\krb.def" +LINK32_OBJS= \ + ".\Debug\cr_err_reply.obj" \ + ".\Debug\create_auth_reply.obj" \ + ".\Debug\create_ciph.obj" \ + ".\Debug\create_ticket.obj" \ + ".\Debug\debug_decl.obj" \ + ".\Debug\decomp_ticket.obj" \ + ".\Debug\dllmain.obj" \ + ".\Debug\encrypt_ktext.obj" \ + ".\Debug\et_list.obj" \ + ".\Debug\get_ad_tkt.obj" \ + ".\Debug\get_cred.obj" \ + ".\Debug\get_default_principal.obj" \ + ".\Debug\get_host.obj" \ + ".\Debug\get_in_tkt.obj" \ + ".\Debug\get_krbrlm.obj" \ + ".\Debug\get_phost.obj" \ + ".\Debug\get_svc_in_tkt.obj" \ + ".\Debug\get_tf_fullname.obj" \ + ".\Debug\get_tf_realm.obj" \ + ".\Debug\getaddrs.obj" \ + ".\Debug\getrealm.obj" \ + ".\Debug\getst.obj" \ + ".\Debug\k_flock.obj" \ + ".\Debug\k_gethostname.obj" \ + ".\Debug\k_getport.obj" \ + ".\Debug\k_getsockinst.obj" \ + ".\Debug\k_localtime.obj" \ + ".\Debug\kdc_reply.obj" \ + ".\Debug\kntoln.obj" \ + ".\Debug\krb_check_auth.obj" \ + ".\Debug\krb_equiv.obj" \ + ".\Debug\krb_err_txt.obj" \ + ".\Debug\krb_get_in_tkt.obj" \ + ".\Debug\lifetime.obj" \ + ".\Debug\logging.obj" \ + ".\Debug\lsb_addr_comp.obj" \ + ".\Debug\mk_auth.obj" \ + ".\Debug\mk_err.obj" \ + ".\Debug\mk_priv.obj" \ + ".\Debug\mk_req.obj" \ + ".\Debug\mk_safe.obj" \ + ".\Debug\month_sname.obj" \ + ".\Debug\name2name.obj" \ + ".\Debug\netread.obj" \ + ".\Debug\netwrite.obj" \ + ".\Debug\one.obj" \ + ".\Debug\parse_name.obj" \ + ".\Debug\rd_err.obj" \ + ".\Debug\rd_priv.obj" \ + ".\Debug\rd_req.obj" \ + ".\Debug\rd_safe.obj" \ + ".\Debug\read_service_key.obj" \ + ".\Debug\realm_parse.obj" \ + ".\Debug\recvauth.obj" \ + ".\Debug\resolve.obj" \ + ".\Debug\rw.obj" \ + ".\Debug\save_credentials.obj" \ + ".\Debug\send_to_kdc.obj" \ + ".\Debug\sendauth.obj" \ + ".\Debug\stime.obj" \ + ".\Debug\str2key.obj" \ + ".\Debug\swab.obj" \ + ".\Debug\ticket_memory.obj" \ + ".\Debug\tkt_string.obj" \ + ".\Debug\unparse_name.obj" \ + ".\Debug\util.obj" \ + ".\Debug\verify_user.obj" + +".\Debug\krb.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS) + $(LINK32) @<< + $(LINK32_FLAGS) $(LINK32_OBJS) +<< + +!ENDIF + +.c{$(CPP_OBJS)}.obj: + $(CPP) $(CPP_PROJ) $< + +.cpp{$(CPP_OBJS)}.obj: + $(CPP) $(CPP_PROJ) $< + +.cxx{$(CPP_OBJS)}.obj: + $(CPP) $(CPP_PROJ) $< + +.c{$(CPP_SBRS)}.sbr: + $(CPP) $(CPP_PROJ) $< + +.cpp{$(CPP_SBRS)}.sbr: + $(CPP) $(CPP_PROJ) $< + +.cxx{$(CPP_SBRS)}.sbr: + $(CPP) $(CPP_PROJ) $< + +################################################################################ +# Begin Target + +# Name "krb - Win32 Release" +# Name "krb - Win32 Debug" + +!IF "$(CFG)" == "krb - Win32 Release" + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +!ENDIF + +################################################################################ +# Begin Source File + +SOURCE=.\krb.def + +!IF "$(CFG)" == "krb - Win32 Release" + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_tf_fullname.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_T=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_tf_fullname.obj" : $(SOURCE) $(DEP_CPP_GET_T) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_T=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_tf_fullname.obj" : $(SOURCE) $(DEP_CPP_GET_T) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\cr_err_reply.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_CR_ER=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\cr_err_reply.obj" : $(SOURCE) $(DEP_CPP_CR_ER) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_CR_ER=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\cr_err_reply.obj" : $(SOURCE) $(DEP_CPP_CR_ER) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\create_auth_reply.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_CREAT=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\create_auth_reply.obj" : $(SOURCE) $(DEP_CPP_CREAT) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_CREAT=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\create_auth_reply.obj" : $(SOURCE) $(DEP_CPP_CREAT) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\create_ciph.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_CREATE=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\create_ciph.obj" : $(SOURCE) $(DEP_CPP_CREATE) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_CREATE=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\create_ciph.obj" : $(SOURCE) $(DEP_CPP_CREATE) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\create_ticket.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_CREATE_=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\create_ticket.obj" : $(SOURCE) $(DEP_CPP_CREATE_) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_CREATE_=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\create_ticket.obj" : $(SOURCE) $(DEP_CPP_CREATE_) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\decomp_ticket.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_DECOM=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\decomp_ticket.obj" : $(SOURCE) $(DEP_CPP_DECOM) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_DECOM=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\decomp_ticket.obj" : $(SOURCE) $(DEP_CPP_DECOM) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\dllmain.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_DLLMA=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + ".\ticket_memory.h"\ + + +".\Release\dllmain.obj" : $(SOURCE) $(DEP_CPP_DLLMA) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_DLLMA=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + ".\ticket_memory.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\dllmain.obj" : $(SOURCE) $(DEP_CPP_DLLMA) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\encrypt_ktext.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_ENCRY=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\encrypt_ktext.obj" : $(SOURCE) $(DEP_CPP_ENCRY) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_ENCRY=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\encrypt_ktext.obj" : $(SOURCE) $(DEP_CPP_ENCRY) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\et_list.c +DEP_CPP_ET_LI=\ + "..\..\include\win32\config.h"\ + + +!IF "$(CFG)" == "krb - Win32 Release" + + +".\Release\et_list.obj" : $(SOURCE) $(DEP_CPP_ET_LI) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + + +".\Debug\et_list.obj" : $(SOURCE) $(DEP_CPP_ET_LI) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_ad_tkt.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_A=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_ad_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_A) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_A=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_ad_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_A) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_cred.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_C=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_cred.obj" : $(SOURCE) $(DEP_CPP_GET_C) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_C=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_cred.obj" : $(SOURCE) $(DEP_CPP_GET_C) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_default_principal.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_D=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_default_principal.obj" : $(SOURCE) $(DEP_CPP_GET_D) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_D=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_default_principal.obj" : $(SOURCE) $(DEP_CPP_GET_D) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_host.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_H=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_host.obj" : $(SOURCE) $(DEP_CPP_GET_H) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_H=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_host.obj" : $(SOURCE) $(DEP_CPP_GET_H) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_in_tkt.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_I=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_in_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_I) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_I=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_in_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_I) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_krbrlm.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_K=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_krbrlm.obj" : $(SOURCE) $(DEP_CPP_GET_K) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_K=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_krbrlm.obj" : $(SOURCE) $(DEP_CPP_GET_K) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_phos + +!IF "$(CFG)" == "krb - Win32 Release" + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_svc_in_tkt.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_S=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_svc_in_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_S) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_S=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_svc_in_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_S) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_phost.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_P=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_phost.obj" : $(SOURCE) $(DEP_CPP_GET_P) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_P=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_phost.obj" : $(SOURCE) $(DEP_CPP_GET_P) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\krb_equiv.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_KRB_E=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\krb_equiv.obj" : $(SOURCE) $(DEP_CPP_KRB_E) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_KRB_E=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\krb_equiv.obj" : $(SOURCE) $(DEP_CPP_KRB_E) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\getaddrs.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GETAD=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\getaddrs.obj" : $(SOURCE) $(DEP_CPP_GETAD) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GETAD=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\getaddrs.obj" : $(SOURCE) $(DEP_CPP_GETAD) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\getrealm.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GETRE=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\getrealm.obj" : $(SOURCE) $(DEP_CPP_GETRE) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GETRE=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\getrealm.obj" : $(SOURCE) $(DEP_CPP_GETRE) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\getst.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GETST=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\getst.obj" : $(SOURCE) $(DEP_CPP_GETST) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GETST=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\getst.obj" : $(SOURCE) $(DEP_CPP_GETST) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\k_flock.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_K_FLO=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\k_flock.obj" : $(SOURCE) $(DEP_CPP_K_FLO) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_K_FLO=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\k_flock.obj" : $(SOURCE) $(DEP_CPP_K_FLO) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\k_gethostname.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_K_GET=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\k_gethostname.obj" : $(SOURCE) $(DEP_CPP_K_GET) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_K_GET=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\k_gethostname.obj" : $(SOURCE) $(DEP_CPP_K_GET) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\k_getport.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_K_GETP=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\k_getport.obj" : $(SOURCE) $(DEP_CPP_K_GETP) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_K_GETP=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\k_getport.obj" : $(SOURCE) $(DEP_CPP_K_GETP) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\k_getsockinst.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_K_GETS=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\k_getsockinst.obj" : $(SOURCE) $(DEP_CPP_K_GETS) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_K_GETS=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\k_getsockinst.obj" : $(SOURCE) $(DEP_CPP_K_GETS) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\k_localtime.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_K_LOC=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\k_localtime.obj" : $(SOURCE) $(DEP_CPP_K_LOC) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_K_LOC=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\k_localtime.obj" : $(SOURCE) $(DEP_CPP_K_LOC) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\kdc_reply.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_KDC_R=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\kdc_reply.obj" : $(SOURCE) $(DEP_CPP_KDC_R) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_KDC_R=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\kdc_reply.obj" : $(SOURCE) $(DEP_CPP_KDC_R) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\kntoln.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_KNTOL=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Release\kntoln.obj" : $(SOURCE) $(DEP_CPP_KNTOL) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_KNTOL=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\kntoln.obj" : $(SOURCE) $(DEP_CPP_KNTOL) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\krb_check_auth.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_KRB_C=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\krb_check_auth.obj" : $(SOURCE) $(DEP_CPP_KRB_C) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_KRB_C=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\krb_check_auth.obj" : $(SOURCE) $(DEP_CPP_KRB_C) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_tf_realm.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_TF=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_tf_realm.obj" : $(SOURCE) $(DEP_CPP_GET_TF) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_TF=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_tf_realm.obj" : $(SOURCE) $(DEP_CPP_GET_TF) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\rd_safe.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_RD_SA=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + + +".\Release\rd_safe.obj" : $(SOURCE) $(DEP_CPP_RD_SA) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_RD_SA=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\rd_safe.obj" : $(SOURCE) $(DEP_CPP_RD_SA) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\krb_get_in_tkt.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_KRB_G=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\krb_get_in_tkt.obj" : $(SOURCE) $(DEP_CPP_KRB_G) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_KRB_G=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\krb_get_in_tkt.obj" : $(SOURCE) $(DEP_CPP_KRB_G) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\lifetime.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_LIFET=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\lifetime.obj" : $(SOURCE) $(DEP_CPP_LIFET) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_LIFET=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\lifetime.obj" : $(SOURCE) $(DEP_CPP_LIFET) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\lsb_addr_comp.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_LSB_A=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + + +".\Release\lsb_addr_comp.obj" : $(SOURCE) $(DEP_CPP_LSB_A) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_LSB_A=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\lsb_addr_comp.obj" : $(SOURCE) $(DEP_CPP_LSB_A) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\mk_auth.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_MK_AU=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\mk_auth.obj" : $(SOURCE) $(DEP_CPP_MK_AU) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_MK_AU=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\mk_auth.obj" : $(SOURCE) $(DEP_CPP_MK_AU) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\mk_err.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_MK_ER=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\mk_err.obj" : $(SOURCE) $(DEP_CPP_MK_ER) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_MK_ER=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\mk_err.obj" : $(SOURCE) $(DEP_CPP_MK_ER) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\mk_priv.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_MK_PR=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + + +".\Release\mk_priv.obj" : $(SOURCE) $(DEP_CPP_MK_PR) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_MK_PR=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\mk_priv.obj" : $(SOURCE) $(DEP_CPP_MK_PR) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\mk_req.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_MK_RE=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\mk_req.obj" : $(SOURCE) $(DEP_CPP_MK_RE) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_MK_RE=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\mk_req.obj" : $(SOURCE) $(DEP_CPP_MK_RE) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\mk_safe.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_MK_SA=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + + +".\Release\mk_safe.obj" : $(SOURCE) $(DEP_CPP_MK_SA) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_MK_SA=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\mk_safe.obj" : $(SOURCE) $(DEP_CPP_MK_SA) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\month_sname.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_MONTH=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\month_sname.obj" : $(SOURCE) $(DEP_CPP_MONTH) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_MONTH=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\month_sname.obj" : $(SOURCE) $(DEP_CPP_MONTH) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\name2name.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_NAME2=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\name2name.obj" : $(SOURCE) $(DEP_CPP_NAME2) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_NAME2=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\name2name.obj" : $(SOURCE) $(DEP_CPP_NAME2) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\netread.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_NETRE=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\netread.obj" : $(SOURCE) $(DEP_CPP_NETRE) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_NETRE=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\netread.obj" : $(SOURCE) $(DEP_CPP_NETRE) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\netwrite.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_NETWR=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\netwrite.obj" : $(SOURCE) $(DEP_CPP_NETWR) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_NETWR=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\netwrite.obj" : $(SOURCE) $(DEP_CPP_NETWR) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\one.c + +!IF "$(CFG)" == "krb - Win32 Release" + + +".\Release\one.obj" : $(SOURCE) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + + +".\Debug\one.obj" : $(SOURCE) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\parse_name.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_PARSE=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\parse_name.obj" : $(SOURCE) $(DEP_CPP_PARSE) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_PARSE=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\parse_name.obj" : $(SOURCE) $(DEP_CPP_PARSE) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\rd_err.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_RD_ER=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\rd_err.obj" : $(SOURCE) $(DEP_CPP_RD_ER) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_RD_ER=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\rd_err.obj" : $(SOURCE) $(DEP_CPP_RD_ER) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\rd_priv.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_RD_PR=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + + +".\Release\rd_priv.obj" : $(SOURCE) $(DEP_CPP_RD_PR) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_RD_PR=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\rd_priv.obj" : $(SOURCE) $(DEP_CPP_RD_PR) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\rd_req.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_RD_RE=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\rd_req.obj" : $(SOURCE) $(DEP_CPP_RD_RE) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_RD_RE=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\rd_req.obj" : $(SOURCE) $(DEP_CPP_RD_RE) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\krb_err_txt.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_KRB_ER=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\krb_err_txt.obj" : $(SOURCE) $(DEP_CPP_KRB_ER) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_KRB_ER=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\krb_err_txt.obj" : $(SOURCE) $(DEP_CPP_KRB_ER) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\send_to_kdc.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_SEND_=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\send_to_kdc.obj" : $(SOURCE) $(DEP_CPP_SEND_) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_SEND_=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\send_to_kdc.obj" : $(SOURCE) $(DEP_CPP_SEND_) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\realm_parse.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_REALM=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\realm_parse.obj" : $(SOURCE) $(DEP_CPP_REALM) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_REALM=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\realm_parse.obj" : $(SOURCE) $(DEP_CPP_REALM) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\recvauth.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_RECVA=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\recvauth.obj" : $(SOURCE) $(DEP_CPP_RECVA) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_RECVA=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\recvauth.obj" : $(SOURCE) $(DEP_CPP_RECVA) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\resolve.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_RESOL=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + ".\resolve.h"\ + + +".\Release\resolve.obj" : $(SOURCE) $(DEP_CPP_RESOL) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_RESOL=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\resolve.obj" : $(SOURCE) $(DEP_CPP_RESOL) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\rw.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_RW_C68=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + "..\des\version.h"\ + ".\krb_locl.h"\ + + +".\Release\rw.obj" : $(SOURCE) $(DEP_CPP_RW_C68) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_RW_C68=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\des\version.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\rw.obj" : $(SOURCE) $(DEP_CPP_RW_C68) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\save_credentials.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_SAVE_=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\save_credentials.obj" : $(SOURCE) $(DEP_CPP_SAVE_) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_SAVE_=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\save_credentials.obj" : $(SOURCE) $(DEP_CPP_SAVE_) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\read_service_key.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_READ_=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\read_service_key.obj" : $(SOURCE) $(DEP_CPP_READ_) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_READ_=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\read_service_key.obj" : $(SOURCE) $(DEP_CPP_READ_) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\verify_user.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_VERIF=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\verify_user.obj" : $(SOURCE) $(DEP_CPP_VERIF) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_VERIF=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\verify_user.obj" : $(SOURCE) $(DEP_CPP_VERIF) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\stime.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_STIME=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\stime.obj" : $(SOURCE) $(DEP_CPP_STIME) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_STIME=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\stime.obj" : $(SOURCE) $(DEP_CPP_STIME) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\swab.c +DEP_CPP_SWAB_=\ + "..\..\include\win32\config.h"\ + + +!IF "$(CFG)" == "krb - Win32 Release" + + +".\Release\swab.obj" : $(SOURCE) $(DEP_CPP_SWAB_) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + + +".\Debug\swab.obj" : $(SOURCE) $(DEP_CPP_SWAB_) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\ticket_memory.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_TICKE=\ + ".\krb_locl.h"\ + ".\ticket_memory.h"\ + + +".\Release\ticket_memory.obj" : $(SOURCE) $(DEP_CPP_TICKE) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_TICKE=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + ".\ticket_memory.h"\ + + +".\Debug\ticket_memory.obj" : $(SOURCE) $(DEP_CPP_TICKE) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\tkt_string.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_TKT_S=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\tkt_string.obj" : $(SOURCE) $(DEP_CPP_TKT_S) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_TKT_S=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\tkt_string.obj" : $(SOURCE) $(DEP_CPP_TKT_S) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\unparse_name.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_UNPAR=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\unparse_name.obj" : $(SOURCE) $(DEP_CPP_UNPAR) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_UNPAR=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\unparse_name.obj" : $(SOURCE) $(DEP_CPP_UNPAR) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\util.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_UTIL_=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\util.obj" : $(SOURCE) $(DEP_CPP_UTIL_) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_UTIL_=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\util.obj" : $(SOURCE) $(DEP_CPP_UTIL_) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\sendauth.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_SENDA=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\sendauth.obj" : $(SOURCE) $(DEP_CPP_SENDA) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_SENDA=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\sendauth.obj" : $(SOURCE) $(DEP_CPP_SENDA) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\logging.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_LOGGI=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\klog.h"\ + ".\krb_locl.h"\ + + +".\Release\logging.obj" : $(SOURCE) $(DEP_CPP_LOGGI) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_LOGGI=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\klog.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\logging.obj" : $(SOURCE) $(DEP_CPP_LOGGI) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\str2key.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_STR2K=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\str2key.obj" : $(SOURCE) $(DEP_CPP_STR2K) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_STR2K=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\str2key.obj" : $(SOURCE) $(DEP_CPP_STR2K) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\debug_decl.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_DEBUG=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\debug_decl.obj" : $(SOURCE) $(DEP_CPP_DEBUG) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_DEBUG=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\debug_decl.obj" : $(SOURCE) $(DEP_CPP_DEBUG) "$(INTDIR)" + + +!ENDIF + +# End Source File +# End Target +# End Project +################################################################################ diff --git a/crypto/kerberosIV/lib/krb/krb_check_auth.c b/crypto/kerberosIV/lib/krb/krb_check_auth.c new file mode 100644 index 0000000..8bddbf5 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb_check_auth.c @@ -0,0 +1,76 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: krb_check_auth.c,v 1.4 1997/04/01 08:18:33 joda Exp $"); + +/* + * + * Receive an mutual-authenticator for a server in `packet', with + * `checksum', `session', and `schedule' having the appropriate values + * and return the data in `msg_data'. + * + * Return KSUCCESS if the received checksum is correct. + * + */ + +int +krb_check_auth(KTEXT packet, + u_int32_t checksum, + MSG_DAT *msg_data, + des_cblock *session, + struct des_ks_struct *schedule, + struct sockaddr_in *laddr, + struct sockaddr_in *faddr) +{ + int ret; + u_int32_t checksum2; + + ret = krb_rd_priv (packet->dat, packet->length, schedule, session, faddr, + laddr, msg_data); + if (ret != RD_AP_OK) + return ret; + if (msg_data->app_length != 4) + return KFAILURE; + krb_get_int (msg_data->app_data, &checksum2, 4, 0); + if (checksum2 == checksum + 1) + return KSUCCESS; + else + return KFAILURE; +} diff --git a/crypto/kerberosIV/lib/krb/krb_equiv.c b/crypto/kerberosIV/lib/krb/krb_equiv.c new file mode 100644 index 0000000..06f42f5 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb_equiv.c @@ -0,0 +1,144 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * int krb_equiv(u_int32_t ipaddr_a, u_int32_t ipaddr_b); + * + * Given two IP adresses return true if they match + * or are considered to belong to the same host. + * + * For example if /etc/krb.equiv looks like + * + * 130.237.223.3 192.16.126.3 # alv alv1 + * 130.237.223.4 192.16.126.4 # byse byse1 + * 130.237.228.152 192.16.126.9 # topsy topsy1 + * + * krb_equiv(alv, alv1) would return true but + * krb_equiv(alv, byse1) would not. + * + * A comment starts with an '#' and ends with '\n'. + * + */ +#include "krb_locl.h" + +RCSID("$Id: krb_equiv.c,v 1.13 1997/04/01 08:18:33 joda Exp $"); + +int krb_ignore_ip_address = 0; + +int +krb_equiv(u_int32_t a, u_int32_t b) +{ + FILE *fil; + char line[256]; + int hit_a, hit_b; + int iscomment; + + if (a == b) /* trivial match, also the common case */ + return 1; + + if (krb_ignore_ip_address) + return 1; /* if we have decided not to compare */ + + a = ntohl(a); + b = ntohl(b); + + fil = fopen(KRB_EQUIV, "r"); + if (fil == NULL) /* open failed */ + return 0; + + hit_a = hit_b = 0; + iscomment = 0; + while (fgets(line, sizeof(line)-1, fil) != NULL) /* for each line */ + { + char *t = line; + int len = strlen(t); + + /* for each item on this line */ + while (*t != 0) /* more addresses on this line? */ + if (*t == '\n') { + iscomment = hit_a = hit_b = 0; + break; + } else if (iscomment) + t = line + len - 1; + else if (*t == '#') { /* rest is comment */ + iscomment = 1; + ++t; + } else if (*t == '\\' ) /* continuation */ + break; + else if (isspace(*t)) /* skip space */ + t++; + else if (isdigit(*t)) /* an address? */ + { + u_int32_t tmp; + u_int32_t tmpa, tmpb, tmpc, tmpd; + + sscanf(t, "%d.%d.%d.%d", &tmpa, &tmpb, &tmpc, &tmpd); + tmp = (tmpa << 24) | (tmpb << 16) | (tmpc << 8) | tmpd; + + while (*t == '.' || isdigit(*t)) /* done with this address */ + t++; + + if (tmp != -1) { /* an address (and not broadcast) */ + u_int32_t mask = (u_int32_t)~0; + + if (*t == '/') { + ++t; + mask <<= 32 - atoi(t); + + while(isdigit(*t)) + ++t; + } + + if ((tmp & mask) == (a & mask)) + hit_a = 1; + if ((tmp & mask) == (b & mask)) + hit_b = 1; + if (hit_a && hit_b) { + fclose(fil); + return 1; + } + } + } + else + ++t; /* garbage on this line, skip it */ + + } + + fclose(fil); + return 0; +} diff --git a/crypto/kerberosIV/lib/krb/krb_err.et b/crypto/kerberosIV/lib/krb/krb_err.et new file mode 100644 index 0000000..4e32aed --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb_err.et @@ -0,0 +1,257 @@ +# Copyright 1987,1988 Massachusetts Institute of Technology +# +# For copying and distribution information, see the file +# "mit-copyright.h". +# +# $Id: krb_err.et,v 1.4 1996/10/27 13:30:28 bg Exp $ +# + error_table krb + + ec KRBET_KSUCCESS, + "Kerberos successful" + + ec KRBET_KDC_NAME_EXP, + "Kerberos principal expired" + + ec KRBET_KDC_SERVICE_EXP, + "Kerberos service expired" + + ec KRBET_KDC_AUTH_EXP, + "Kerberos auth expired" + + ec KRBET_KDC_PKT_VER, + "Incorrect kerberos master key version" + + ec KRBET_KDC_P_MKEY_VER, + "Incorrect kerberos master key version" + + ec KRBET_KDC_S_MKEY_VER, + "Incorrect kerberos master key version" + + ec KRBET_KDC_BYTE_ORDER, + "Kerberos error: byte order unknown" + + ec KRBET_KDC_PR_UNKNOWN, + "Kerberos principal unknown" + + ec KRBET_KDC_PR_N_UNIQUE, + "Kerberos principal not unique" + + ec KRBET_KDC_NULL_KEY, + "Kerberos principal has null key" + + ec KRBET_KRB_RES11, + "Reserved 11" + + ec KRBET_KRB_RES12, + "Reserved 12" + + ec KRBET_KRB_RES13, + "Reserved 13" + + ec KRBET_KRB_RES14, + "Reserved 14" + + ec KRBET_KRB_RES15, + "Reserved 15" + + ec KRBET_KRB_RES16, + "Reserved 16" + + ec KRBET_KRB_RES17, + "Reserved 17" + + ec KRBET_KRB_RES18, + "Reserved 18" + + ec KRBET_KRB_RES19, + "Reserved 19" + + ec KRBET_KDC_GEN_ERR, + "Generic error from Kerberos KDC" + + ec KRBET_GC_TKFIL, + "Can't read Kerberos ticket file" + + ec KRBET_GC_NOTKT, + "Can't find Kerberos ticket or TGT" + + ec KRBET_KRB_RES23, + "Reserved 23" + + ec KRBET_KRB_RES24, + "Reserved 24" + + ec KRBET_KRB_RES25, + "Reserved 25" + + ec KRBET_MK_AP_TGTEXP, + "Kerberos TGT Expired" + + ec KRBET_KRB_RES27, + "Reserved 27" + + ec KRBET_KRB_RES28, + "Reserved 28" + + ec KRBET_KRB_RES29, + "Reserved 29" + + ec KRBET_KRB_RES30, + "Reserved 30" + + ec KRBET_RD_AP_UNDEC, + "Kerberos error: Can't decode authenticator" + + ec KRBET_RD_AP_EXP, + "Kerberos ticket expired" + + ec KRBET_RD_AP_NYV, + "Kerberos ticket not yet valid" + + ec KRBET_RD_AP_REPEAT, + "Kerberos error: Repeated request" + + ec KRBET_RD_AP_NOT_US, + "The kerberos ticket isn't for us" + + ec KRBET_RD_AP_INCON, + "Kerberos request inconsistent" + + ec KRBET_RD_AP_TIME, + "Kerberos error: delta_t too big" + + ec KRBET_RD_AP_BADD, + "Kerberos error: incorrect net address" + + ec KRBET_RD_AP_VERSION, + "Kerberos protocol version mismatch" + + ec KRBET_RD_AP_MSG_TYPE, + "Kerberos error: invalid msg type" + + ec KRBET_RD_AP_MODIFIED, + "Kerberos error: message stream modified" + + ec KRBET_RD_AP_ORDER, + "Kerberos error: message out of order" + + ec KRBET_RD_AP_UNAUTHOR, + "Kerberos error: unauthorized request" + + ec KRBET_KRB_RES44, + "Reserved 44" + + ec KRBET_KRB_RES45, + "Reserved 45" + + ec KRBET_KRB_RES46, + "Reserved 46" + + ec KRBET_KRB_RES47, + "Reserved 47" + + ec KRBET_KRB_RES48, + "Reserved 48" + + ec KRBET_KRB_RES49, + "Reserved 49" + + ec KRBET_KRB_RES50, + "Reserved 50" + + ec KRBET_GT_PW_NULL, + "Kerberos error: current PW is null" + + ec KRBET_GT_PW_BADPW, + "Kerberos error: Incorrect current password" + + ec KRBET_GT_PW_PROT, + "Kerberos protocol error" + + ec KRBET_GT_PW_KDCERR, + "Error returned by Kerberos KDC" + + ec KRBET_GT_PW_NULLTKT, + "Null Kerberos ticket returned by KDC" + + ec KRBET_SKDC_RETRY, + "Kerberos error: Retry count exceeded" + + ec KRBET_SKDC_CANT, + "Kerberos error: Can't send request" + + ec KRBET_KRB_RES58, + "Reserved 58" + + ec KRBET_KRB_RES59, + "Reserved 59" + + ec KRBET_KRB_RES60, + "Reserved 60" + + ec KRBET_INTK_W_NOTALL, + "Kerberos error: not all tickets returned" + + ec KRBET_INTK_BADPW, + "Kerberos error: incorrect password" + + ec KRBET_INTK_PROT, + "Kerberos error: Protocol Error" + + ec KRBET_KRB_RES64, + "Reserved 64" + + ec KRBET_KRB_RES65, + "Reserved 65" + + ec KRBET_KRB_RES66, + "Reserved 66" + + ec KRBET_KRB_RES67, + "Reserved 67" + + ec KRBET_KRB_RES68, + "Reserved 68" + + ec KRBET_KRB_RES69, + "Reserved 69" + + ec KRBET_INTK_ERR, + "Other error" + + ec KRBET_AD_NOTGT, + "Don't have Kerberos ticket-granting ticket" + + ec KRBET_KRB_RES72, + "Can't get Kerberos inter-realm ticket-granting ticket" + + ec KRBET_KRB_RES73, + "Reserved 73" + + ec KRBET_KRB_RES74, + "Reserved 74" + + ec KRBET_KRB_RES75, + "Reserved 75" + + ec KRBET_NO_TKT_FIL, + "No ticket file found" + + ec KRBET_TKT_FIL_ACC, + "Couldn't access ticket file" + + ec KRBET_TKT_FIL_LCK, + "Couldn't lock ticket file" + + ec KRBET_TKT_FIL_FMT, + "Bad ticket file format" + + ec KRBET_TKT_FIL_INI, + "tf_init not called first" + + ec KRBET_KNAME_FMT, + "Bad Kerberos name format" + + end + diff --git a/crypto/kerberosIV/lib/krb/krb_err_txt.c b/crypto/kerberosIV/lib/krb/krb_err_txt.c new file mode 100644 index 0000000..161aa0f --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb_err_txt.c @@ -0,0 +1,299 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: krb_err_txt.c,v 1.12 1997/04/02 05:37:10 joda Exp $"); + +/* + * This file contains an array of error text strings. + * The associated error codes (which are defined in "krb.h") + * follow the string in the comments at the end of each line. + */ + +const char *krb_err_txt[256] = { + "OK", /* 000 */ + "Principal expired (kerberos)", /* 001 */ + "Service expired (kerberos)", /* 002 */ + "Authentication expired (kerberos)", /* 003 */ + "Unknown protocol version number (kerberos)", /* 004 */ + "Principal: Incorrect master key version (kerberos)", /* 005 */ + "Service: Incorrect master key version (kerberos)", /* 006 */ + "Bad byte order (kerberos)", /* 007 */ + "Principal unknown (kerberos)", /* 008 */ + "Principal not unique (kerberos)", /* 009 */ + "Principal has null key (kerberos)", /* 010 */ + "Timeout in request (kerberos)", /* 011 */ + "Reserved error message 12 (kerberos)", /* 012 */ + "Reserved error message 13 (kerberos)", /* 013 */ + "Reserved error message 14 (kerberos)", /* 014 */ + "Reserved error message 15 (kerberos)", /* 015 */ + "Reserved error message 16 (kerberos)", /* 016 */ + "Reserved error message 17 (kerberos)", /* 017 */ + "Reserved error message 18 (kerberos)", /* 018 */ + "Reserved error message 19 (kerberos)", /* 019 */ + "Permission Denied (kerberos)", /* 020 */ + "Can't read ticket file (krb_get_cred)", /* 021 */ + "Can't find ticket (krb_get_cred)", /* 022 */ + "Reserved error message 23 (krb_get_cred)", /* 023 */ + "Reserved error message 24 (krb_get_cred)", /* 024 */ + "Reserved error message 25 (krb_get_cred)", /* 025 */ + "Ticket granting ticket expired (krb_mk_req)", /* 026 */ + "Reserved error message 27 (krb_mk_req)", /* 027 */ + "Reserved error message 28 (krb_mk_req)", /* 028 */ + "Reserved error message 29 (krb_mk_req)", /* 029 */ + "Reserved error message 30 (krb_mk_req)", /* 030 */ + "Can't decode authenticator (krb_rd_req)", /* 031 */ + "Ticket expired (krb_rd_req)", /* 032 */ + "Ticket issue date too far in the future (krb_rd_req)",/* 033 */ + "Repeat request (krb_rd_req)", /* 034 */ + "Ticket for wrong server (krb_rd_req)", /* 035 */ + "Request inconsistent (krb_rd_req)", /* 036 */ + "Time is out of bounds (krb_rd_req)", /* 037 */ + "Incorrect network address (krb_rd_req)", /* 038 */ + "Protocol version mismatch (krb_rd_req)", /* 039 */ + "Illegal message type (krb_rd_req)", /* 040 */ + "Message integrity error (krb_rd_req)", /* 041 */ + "Message duplicate or out of order (krb_rd_req)", /* 042 */ + "Unauthorized request (krb_rd_req)", /* 043 */ + "Reserved error message 44 (krb_rd_req)", /* 044 */ + "Reserved error message 45 (krb_rd_req)", /* 045 */ + "Reserved error message 46 (krb_rd_req)", /* 046 */ + "Reserved error message 47 (krb_rd_req)", /* 047 */ + "Reserved error message 48 (krb_rd_req)", /* 048 */ + "Reserved error message 49 (krb_rd_req)", /* 049 */ + "Reserved error message 50 (krb_rd_req)", /* 050 */ + "Current password is NULL (get_pw_tkt)", /* 051 */ + "Current password incorrect (get_pw_tkt)", /* 052 */ + "Protocol error (gt_pw_tkt)", /* 053 */ + "Error returned by KDC (gt_pw_tkt)", /* 054 */ + "Null ticket returned by KDC (gt_pw_tkt)", /* 055 */ + "Retry count exceeded (send_to_kdc)", /* 056 */ + "Can't send request (send_to_kdc)", /* 057 */ + "Reserved error message 58 (send_to_kdc)", /* 058 */ + "Reserved error message 59 (send_to_kdc)", /* 059 */ + "Reserved error message 60 (send_to_kdc)", /* 060 */ + "Warning: Not ALL tickets returned", /* 061 */ + "Password incorrect", /* 062 */ + "Protocol error (get_in_tkt)", /* 063 */ + "Reserved error message 64 (get_in_tkt)", /* 064 */ + "Reserved error message 65 (get_in_tkt)", /* 065 */ + "Reserved error message 66 (get_in_tkt)", /* 066 */ + "Reserved error message 67 (get_in_tkt)", /* 067 */ + "Reserved error message 68 (get_in_tkt)", /* 068 */ + "Reserved error message 69 (get_in_tkt)", /* 069 */ + "Generic error (get_in_tkt)(can't write ticket file)", /* 070 */ + "Don't have ticket granting ticket (get_ad_tkt)", /* 071 */ + "Can't get inter-realm ticket granting ticket (get_ad_tkt)", /* 072 */ + "Reserved error message 73 (get_ad_tkt)", /* 073 */ + "Reserved error message 74 (get_ad_tkt)", /* 074 */ + "Reserved error message 75 (get_ad_tkt)", /* 075 */ + "No ticket file (tf_util)", /* 076 */ + "Can't access ticket file (tf_util)", /* 077 */ + "Can't lock ticket file; try later (tf_util)", /* 078 */ + "Bad ticket file format (tf_util)", /* 079 */ + "Read ticket file before tf_init (tf_util)", /* 080 */ + "Bad Kerberos name format (kname_parse)", /* 081 */ + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "Generic kerberos error (kfailure)", /* 255 */ +}; + +static const char err_failure[] = "Illegal error code passed (krb_get_err_text)"; + +const char * +krb_get_err_text(int code) +{ + if(code < 0 || code >= MAX_KRB_ERRORS) + return err_failure; + return krb_err_txt[code]; +} diff --git a/crypto/kerberosIV/lib/krb/krb_get_in_tkt.c b/crypto/kerberosIV/lib/krb/krb_get_in_tkt.c new file mode 100644 index 0000000..d3e6cc1 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb_get_in_tkt.c @@ -0,0 +1,175 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: krb_get_in_tkt.c,v 1.20 1997/04/01 08:18:34 joda Exp $"); + +/* + * decrypt_tkt(): Given user, instance, realm, passwd, key_proc + * and the cipher text sent from the KDC, decrypt the cipher text + * using the key returned by key_proc. + */ + +static int +decrypt_tkt(char *user, char *instance, char *realm, + void *arg, key_proc_t key_proc, KTEXT *cip) +{ + des_cblock key; /* Key for decrypting cipher */ + int ret; + + ret = key_proc(user, instance, realm, arg, &key); + if (ret != 0) + return ret; + + encrypt_ktext(*cip, &key, DES_DECRYPT); + + memset(&key, 0, sizeof(key)); + return 0; +} + +/* + * krb_get_in_tkt() gets a ticket for a given principal to use a given + * service and stores the returned ticket and session key for future + * use. + * + * The "user", "instance", and "realm" arguments give the identity of + * the client who will use the ticket. The "service" and "sinstance" + * arguments give the identity of the server that the client wishes + * to use. (The realm of the server is the same as the Kerberos server + * to whom the request is sent.) The "life" argument indicates the + * desired lifetime of the ticket; the "key_proc" argument is a pointer + * to the routine used for getting the client's private key to decrypt + * the reply from Kerberos. The "decrypt_proc" argument is a pointer + * to the routine used to decrypt the reply from Kerberos; and "arg" + * is an argument to be passed on to the "key_proc" routine. + * + * If all goes well, krb_get_in_tkt() returns INTK_OK, otherwise it + * returns an error code: If an AUTH_MSG_ERR_REPLY packet is returned + * by Kerberos, then the error code it contains is returned. Other + * error codes returned by this routine include INTK_PROT to indicate + * wrong protocol version, INTK_BADPW to indicate bad password (if + * decrypted ticket didn't make sense), INTK_ERR if the ticket was for + * the wrong server or the ticket store couldn't be initialized. + * + * The format of the message sent to Kerberos is as follows: + * + * Size Variable Field + * ---- -------- ----- + * + * 1 byte KRB_PROT_VERSION protocol version number + * 1 byte AUTH_MSG_KDC_REQUEST | message type + * HOST_BYTE_ORDER local byte order in lsb + * string user client's name + * string instance client's instance + * string realm client's realm + * 4 bytes tlocal.tv_sec timestamp in seconds + * 1 byte life desired lifetime + * string service service's name + * string sinstance service's instance + */ + +int +krb_get_in_tkt(char *user, char *instance, char *realm, + char *service, char *sinstance, int life, + key_proc_t key_proc, decrypt_proc_t decrypt_proc, void *arg) +{ + KTEXT_ST pkt_st; + KTEXT pkt = &pkt_st; /* Packet to KDC */ + KTEXT_ST rpkt_st; + KTEXT rpkt = &rpkt_st; /* Returned packet */ + + int kerror; + struct timeval tv; + + /* BUILD REQUEST PACKET */ + + unsigned char *p = pkt->dat; + + p += krb_put_int(KRB_PROT_VERSION, p, 1); + p += krb_put_int(AUTH_MSG_KDC_REQUEST, p, 1); + + p += krb_put_nir(user, instance, realm, p); + + gettimeofday(&tv, NULL); + p += krb_put_int(tv.tv_sec, p, 4); + p += krb_put_int(life, p, 1); + + p += krb_put_nir(service, sinstance, NULL, p); + + pkt->length = p - pkt->dat; + + rpkt->length = 0; + + /* SEND THE REQUEST AND RECEIVE THE RETURN PACKET */ + + if ((kerror = send_to_kdc(pkt, rpkt, realm))) return(kerror); + + p = rpkt->dat; + + { + CREDENTIALS cred; + KTEXT_ST cip; + KTEXT foo = &cip; /* braindamage */ + + kerror = kdc_reply_cipher(rpkt, &cip); + if(kerror != KSUCCESS) + return kerror; + + if (decrypt_proc == NULL) + decrypt_proc = decrypt_tkt; + (*decrypt_proc)(user, instance, realm, arg, key_proc, &foo); + + kerror = kdc_reply_cred(&cip, &cred); + if(kerror != KSUCCESS) + return kerror; + + if (strcmp(cred.service, service) || + strcmp(cred.instance, sinstance) || + strcmp(cred.realm, realm)) /* not what we asked for */ + return INTK_ERR; /* we need a better code here XXX */ + + if (abs((int)(tv.tv_sec - cred.issue_date)) > CLOCK_SKEW) { + return RD_AP_TIME; /* XXX should probably be better code */ + } + + /* initialize ticket cache */ + + return tf_setup(&cred, user, instance); + } +} diff --git a/crypto/kerberosIV/lib/krb/krb_locl.h b/crypto/kerberosIV/lib/krb/krb_locl.h new file mode 100644 index 0000000..4475883 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb_locl.h @@ -0,0 +1,163 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: krb_locl.h,v 1.42 1997/05/20 18:40:45 bg Exp $ */ + +#ifndef __krb_locl_h +#define __krb_locl_h + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include "protos.h" + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <ctype.h> +#include <assert.h> +#include <stdarg.h> + +#include <errno.h> + +#ifdef HAVE_PWD_H +#include <pwd.h> +#endif +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif + +#ifdef HAVE_IO_H +#include <io.h> +#endif + +#ifdef TIME_WITH_SYS_TIME +#include <sys/time.h> +#include <time.h> +#elif defined(HAVE_SYS_TIME_H) +#include <sys/time.h> +#else +#include <time.h> +#endif + +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif +#ifdef HAVE_FCNTL_H +#include <fcntl.h> +#endif +#ifdef HAVE_SYS_FILE_H +#include <sys/file.h> +#endif +#ifdef HAVE_SYS_SELECT_H +#include <sys/select.h> +#endif + +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif + +#ifdef HAVE_WINSOCK_H +#include <winsock.h> +#endif + +#ifdef HAVE_ARPA_INET_H +#include <arpa/inet.h> +#endif +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif + +#ifdef HAVE_ARPA_NAMESER_H +#include <arpa/nameser.h> +#endif +#ifdef HAVE_RESOLV_H +#include <resolv.h> +#endif + +#ifdef SOCKS +#include <socks.h> +#endif + +#include <roken.h> + +#include <krb.h> +#include <prot.h> + +#include "resolve.h" + +/* --- */ + +/* Globals! */ +extern int krb_debug; +extern int krb_ap_req_debug; + +/* Utils */ +int krb_name_to_name(const char *, char *, size_t); + +void encrypt_ktext(KTEXT cip, des_cblock *key, int encrypt); +int kdc_reply_cred(KTEXT cip, CREDENTIALS *cred); +int kdc_reply_cipher(KTEXT reply, KTEXT cip); + +#ifndef HAVE_GETTIMEOFDAY +int gettimeofday (struct timeval *, void *); +#endif + +void k_ricercar(char*); + +/* safe multiple strcat */ +int k_concat(char*, size_t, ...); +int k_vconcat(char*, size_t, va_list); + +/* mallocing versions of the above */ +size_t k_vmconcat (char**, size_t, va_list); +size_t k_mconcat (char**, size_t, ...); + +/* used in rd_safe.c and mk_safe.c */ + +void fixup_quad_cksum(void *start, size_t len, des_cblock *key, + void *new_checksum, void *old_checksum, int little); + +#endif /* __krb_locl_h */ diff --git a/crypto/kerberosIV/lib/krb/kuserok.c b/crypto/kerberosIV/lib/krb/kuserok.c new file mode 100644 index 0000000..e3d5e6b --- /dev/null +++ b/crypto/kerberosIV/lib/krb/kuserok.c @@ -0,0 +1,156 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: kuserok.c,v 1.21 1997/04/01 08:18:35 joda Exp $"); + +#define OK 0 +#define NOTOK 1 +#define MAX_USERNAME 10 + +/* + * Given a Kerberos principal and a local username, determine whether + * user is authorized to login according to the authorization file + * ("~luser/.klogin" by default). Returns OK if authorized, NOTOK if + * not authorized. + * + * IMPORTANT CHANGE: To eliminate the need of making a distinction + * between the 3 cases: + * + * 1. We can't verify that a .klogin file doesn't exist (no home dir). + * 2. It's there but we aren't allowed to read it. + * 3. We can read it and ~luser@LOCALREALM is (not) included. + * + * We instead make the assumption that luser@LOCALREALM is *always* + * included. Thus it is impossible to have an empty .klogin file and + * also to exclude luser@LOCALREALM from it. Root is treated differently + * since it's home should always be available. + * + * OLD STRATEGY: + * If there is no account for "luser" on the local machine, returns + * NOTOK. If there is no authorization file, and the given Kerberos + * name "kdata" translates to the same name as "luser" (using + * krb_kntoln()), returns OK. Otherwise, if the authorization file + * can't be accessed, returns NOTOK. Otherwise, the file is read for + * a matching principal name, instance, and realm. If one is found, + * returns OK, if none is found, returns NOTOK. + * + * The file entries are in the format: + * + * name.instance@realm + * + * one entry per line. + * + */ + +int +krb_kuserok(char *name, char *instance, char *realm, char *luser) +{ + struct passwd *pwd; + char lrealm[REALM_SZ]; + FILE *f; + char line[1024]; + char file[MaxPathLen]; + struct stat st; + + pwd = getpwnam(luser); + if(pwd == NULL) + return NOTOK; + if(krb_get_lrealm(lrealm, 1)) + return NOTOK; + if(pwd->pw_uid != 0 && + strcmp(name, luser) == 0 && + strcmp(instance, "") == 0 && + strcmp(realm, lrealm) == 0) + return OK; + strcpy(file, pwd->pw_dir); + strcat(file, "/.klogin"); + + f = fopen(file, "r"); + if(f == NULL) + return NOTOK; + + /* this is not a working test in filesystems like AFS and DFS */ + if(fstat(fileno(f), &st) < 0){ + fclose(f); + return NOTOK; + } + + if(st.st_uid != pwd->pw_uid){ + fclose(f); + return NOTOK; + } + + while(fgets(line, sizeof(line), f)){ + char fname[ANAME_SZ], finst[INST_SZ], frealm[REALM_SZ]; + if(line[strlen(line) - 1] != '\n') + /* read till end of line */ + while(1){ + int c = fgetc(f); + if(c == '\n' || c == EOF) + break; + } + else + line[strlen(line) - 1] = 0; + + if(kname_parse(fname, finst, frealm, line)) + continue; + if(strcmp(name, fname)) + continue; + if(strcmp(instance, finst)) + continue; + if(frealm[0] == 0) + strcpy(frealm, lrealm); + if(strcmp(realm, frealm)) + continue; + fclose(f); + return OK; + } + fclose(f); + return NOTOK; +} + +/* compatibility interface */ + +int +kuserok(AUTH_DAT *auth, char *luser) +{ + return krb_kuserok(auth->pname, auth->pinst, auth->prealm, luser); +} + diff --git a/crypto/kerberosIV/lib/krb/lifetime.c b/crypto/kerberosIV/lib/krb/lifetime.c new file mode 100644 index 0000000..1866996 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/lifetime.c @@ -0,0 +1,213 @@ +/* + * Ticket lifetime. This defines the table used to lookup lifetime + * for the fixed part of rande of the one byte lifetime field. Values + * less than 0x80 are intrpreted as the number of 5 minute intervals. + * Values from 0x80 to 0xBF should be looked up in this table. The + * value of 0x80 is the same using both methods: 10 and two-thirds + * hours . The lifetime of 0xBF is 30 days. The intervening values + * of have a fixed ratio of roughly 1.06914. The value 0xFF is + * defined to mean a ticket has no expiration time. This should be + * used advisedly since individual servers may impose defacto + * upperbounds on ticket lifetimes. + */ + +#include "krb_locl.h" + +RCSID("$Id: lifetime.c,v 1.9 1997/05/02 14:29:18 assar Exp $"); + +/* If you want to disable this feature */ +int krb_no_long_lifetimes = 0; + +#define TKTLIFENUMFIXED 64 +#define TKTLIFEMINFIXED 0x80 +#define TKTLIFEMAXFIXED 0xBF +#define TKTLIFENOEXPIRE 0xFF +#define MAXTKTLIFETIME (30*24*3600) /* 30 days */ +#ifndef NEVERDATE +#define NEVERDATE ((unsigned long)0x7fffffffL) +#endif + +static const int tkt_lifetimes[TKTLIFENUMFIXED] = { + 38400, /* 10.67 hours, 0.44 days */ + 41055, /* 11.40 hours, 0.48 days */ + 43894, /* 12.19 hours, 0.51 days */ + 46929, /* 13.04 hours, 0.54 days */ + 50174, /* 13.94 hours, 0.58 days */ + 53643, /* 14.90 hours, 0.62 days */ + 57352, /* 15.93 hours, 0.66 days */ + 61318, /* 17.03 hours, 0.71 days */ + 65558, /* 18.21 hours, 0.76 days */ + 70091, /* 19.47 hours, 0.81 days */ + 74937, /* 20.82 hours, 0.87 days */ + 80119, /* 22.26 hours, 0.93 days */ + 85658, /* 23.79 hours, 0.99 days */ + 91581, /* 25.44 hours, 1.06 days */ + 97914, /* 27.20 hours, 1.13 days */ + 104684, /* 29.08 hours, 1.21 days */ + 111922, /* 31.09 hours, 1.30 days */ + 119661, /* 33.24 hours, 1.38 days */ + 127935, /* 35.54 hours, 1.48 days */ + 136781, /* 37.99 hours, 1.58 days */ + 146239, /* 40.62 hours, 1.69 days */ + 156350, /* 43.43 hours, 1.81 days */ + 167161, /* 46.43 hours, 1.93 days */ + 178720, /* 49.64 hours, 2.07 days */ + 191077, /* 53.08 hours, 2.21 days */ + 204289, /* 56.75 hours, 2.36 days */ + 218415, /* 60.67 hours, 2.53 days */ + 233517, /* 64.87 hours, 2.70 days */ + 249664, /* 69.35 hours, 2.89 days */ + 266926, /* 74.15 hours, 3.09 days */ + 285383, /* 79.27 hours, 3.30 days */ + 305116, /* 84.75 hours, 3.53 days */ + 326213, /* 90.61 hours, 3.78 days */ + 348769, /* 96.88 hours, 4.04 days */ + 372885, /* 103.58 hours, 4.32 days */ + 398668, /* 110.74 hours, 4.61 days */ + 426234, /* 118.40 hours, 4.93 days */ + 455705, /* 126.58 hours, 5.27 days */ + 487215, /* 135.34 hours, 5.64 days */ + 520904, /* 144.70 hours, 6.03 days */ + 556921, /* 154.70 hours, 6.45 days */ + 595430, /* 165.40 hours, 6.89 days */ + 636601, /* 176.83 hours, 7.37 days */ + 680618, /* 189.06 hours, 7.88 days */ + 727680, /* 202.13 hours, 8.42 days */ + 777995, /* 216.11 hours, 9.00 days */ + 831789, /* 231.05 hours, 9.63 days */ + 889303, /* 247.03 hours, 10.29 days */ + 950794, /* 264.11 hours, 11.00 days */ + 1016537, /* 282.37 hours, 11.77 days */ + 1086825, /* 301.90 hours, 12.58 days */ + 1161973, /* 322.77 hours, 13.45 days */ + 1242318, /* 345.09 hours, 14.38 days */ + 1328218, /* 368.95 hours, 15.37 days */ + 1420057, /* 394.46 hours, 16.44 days */ + 1518247, /* 421.74 hours, 17.57 days */ + 1623226, /* 450.90 hours, 18.79 days */ + 1735464, /* 482.07 hours, 20.09 days */ + 1855462, /* 515.41 hours, 21.48 days */ + 1983758, /* 551.04 hours, 22.96 days */ + 2120925, /* 589.15 hours, 24.55 days */ + 2267576, /* 629.88 hours, 26.25 days */ + 2424367, /* 673.44 hours, 28.06 days */ + 2592000}; /* 720.00 hours, 30.00 days */ + +/* + * krb_life_to_time - takes a start time and a Kerberos standard + * lifetime char and returns the corresponding end time. There are + * four simple cases to be handled. The first is a life of 0xff, + * meaning no expiration, and results in an end time of 0xffffffff. + * The second is when life is less than the values covered by the + * table. In this case, the end time is the start time plus the + * number of 5 minute intervals specified by life. The third case + * returns start plus the MAXTKTLIFETIME if life is greater than + * TKTLIFEMAXFIXED. The last case, uses the life value (minus + * TKTLIFEMINFIXED) as an index into the table to extract the lifetime + * in seconds, which is added to start to produce the end time. + */ +u_int32_t +krb_life_to_time(u_int32_t start, int life_) +{ + unsigned char life = (unsigned char) life_; + + if (krb_no_long_lifetimes) return start + life*5*60; + + if (life == TKTLIFENOEXPIRE) return NEVERDATE; + if (life < TKTLIFEMINFIXED) return start + life*5*60; + if (life > TKTLIFEMAXFIXED) return start + MAXTKTLIFETIME; + return start + tkt_lifetimes[life - TKTLIFEMINFIXED]; +} + +/* + * krb_time_to_life - takes start and end times for the ticket and + * returns a Kerberos standard lifetime char, possibily using the + * tkt_lifetimes table for lifetimes above 127*5 minutes. First, the + * special case of (end == NEVERDATE) is handled to mean no + * expiration. Then negative lifetimes and those greater than the + * maximum ticket lifetime are rejected. Then lifetimes less than the + * first table entry are handled by rounding the requested lifetime + * *up* to the next 5 minute interval. The final step is to search + * the table for the smallest entry *greater than or equal* to the + * requested entry. + */ +int krb_time_to_life(u_int32_t start, u_int32_t end) +{ + int i; + long lifetime = end - start; + + if (krb_no_long_lifetimes) return (lifetime + 5*60 - 1)/(5*60); + + if (end >= NEVERDATE) return TKTLIFENOEXPIRE; + if (lifetime > MAXTKTLIFETIME || lifetime <= 0) return 0; + if (lifetime < tkt_lifetimes[0]) return (lifetime + 5*60 - 1)/(5*60); + for (i=0; i<TKTLIFENUMFIXED; i++) { + if (lifetime <= tkt_lifetimes[i]) { + return i+TKTLIFEMINFIXED; + } + } + return 0; +} + +char * +krb_life_to_atime(int life) +{ + static char atime[11+1+2+1+2+1+2+1]; + unsigned long when; + int secs, mins, hours; + + if (life == TKTLIFENOEXPIRE && !krb_no_long_lifetimes) + return("Forever"); + when = krb_life_to_time(0, life); + secs = when%60; + when /= 60; + mins = when%60; + when /= 60; + hours = when%24; + when /= 24; + snprintf(atime, sizeof(atime), "%d+%02d:%02d:%02d", (int)when, hours, mins, secs); + return(atime); +} + +int +krb_atime_to_life(char *atime) +{ + unsigned long when = 0; + char *cp; + int colon = 0, plus = 0; + int n = 0; + + if (strcasecmp(atime, "forever") == 0) + return(TKTLIFENOEXPIRE); + + for (cp=atime; *cp; cp++) { + switch(*cp) { + case '0': case '1': case '2': case '3': case '4': + case '5': case '6': case '7': case '8': case '9': + n = n*10 + *cp-'0'; + break; + case '+': + plus++; + when += n; + when *= 24; + n = 0; + break; + case ':': + colon++; + when += n; + when *= 60; + n = 0; + break; + default: + break; + } + } + when += n; + if (plus == 0 && colon == 0) + return((unsigned char)when); + while (colon < 2) { + when *= 60; + colon++; + } + return(krb_time_to_life(0,when)); +} diff --git a/crypto/kerberosIV/lib/krb/logging.c b/crypto/kerberosIV/lib/krb/logging.c new file mode 100644 index 0000000..15e5bde --- /dev/null +++ b/crypto/kerberosIV/lib/krb/logging.c @@ -0,0 +1,240 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" +#include <klog.h> + +RCSID("$Id: logging.c,v 1.14 1997/05/11 09:01:40 assar Exp $"); + +struct krb_log_facility { + char filename[MaxPathLen]; + FILE *file; + krb_log_func_t func; +}; + +int +krb_vlogger(struct krb_log_facility *f, const char *format, va_list args) +{ + FILE *file = NULL; + int ret; + + if (f->file != NULL) + file = f->file; + else if (f->filename && f->filename[0]) + file = fopen(f->filename, "a"); + + ret = f->func(file, format, args); + + if (file != f->file) + fclose(file); + return ret; +} + +int +krb_logger(struct krb_log_facility *f, const char *format, ...) +{ + va_list args; + int ret; + va_start(args, format); + ret = krb_vlogger(f, format, args); + va_end(args); + return ret; +} + +/* + * If FILE * is given log to it, otherwise, log to filename. When + * given a file name the file is opened and closed for each log + * record. + */ +int +krb_openlog(struct krb_log_facility *f, + char *filename, + FILE *file, + krb_log_func_t func) +{ + strcpy(f->filename, filename); + f->file = file; + f->func = func; + return KSUCCESS; +} + +/* ------------------------------------------------------------ + Compatibility functions from warning.c + ------------------------------------------------------------ */ + +static int +log_tty(FILE *f, const char *format, va_list args) +{ + if (f != NULL && isatty(fileno(f))) + vfprintf(f, format, args); + return KSUCCESS; +} + +/* stderr */ +static struct krb_log_facility std_log = { "/dev/tty", NULL, log_tty }; + +static void +init_std_log () +{ + static int done = 0; + + if (!done) { + std_log.file = stderr; + done = 1; + } +} + +/* + * + */ +void +krb_set_warnfn (krb_warnfn_t newfunc) +{ + init_std_log (); + std_log.func = newfunc; +} + +/* + * + */ +krb_warnfn_t +krb_get_warnfn (void) +{ + init_std_log (); + return std_log.func; +} + +/* + * Log warnings to stderr if it's a tty. + */ +void +krb_warning (const char *format, ...) +{ + va_list args; + + init_std_log (); + va_start(args, format); + krb_vlogger(&std_log, format, args); + va_end(args); +} + +/* ------------------------------------------------------------ + Compatibility functions from klog.c and log.c + ------------------------------------------------------------ */ + +/* + * Used by kerberos and kadmind daemons and in libkrb (rd_req.c). + * + * By default they log to the kerberos server log-file (KRBLOG) to be + * backwards compatible. + */ + +static int +log_with_timestamp_and_nl(FILE *file, const char *format, va_list args) +{ + time_t now; + if(file == NULL) + return KFAILURE; + time(&now); + fputs(krb_stime(&now), file); + fputs(": ", file); + vfprintf(file, format, args); + fputs("\n", file); + fflush(file); + return KSUCCESS; +} + +static struct krb_log_facility +file_log = { KRBLOG, NULL, log_with_timestamp_and_nl }; + +/* + * kset_logfile() changes the name of the file to which + * messages are logged. If kset_logfile() is not called, + * the logfile defaults to KRBLOG, defined in "krb.h". + */ + +void +kset_logfile(char *filename) +{ + krb_openlog(&file_log, filename, NULL, log_with_timestamp_and_nl); +} + +/* + * krb_log() and klog() is used to add entries to the logfile. + * + * The log entry consists of a timestamp and the given arguments + * printed according to the given "format" string. + * + * The log file is opened and closed for each log entry. + * + * If the given log type "type" is unknown, or if the log file + * cannot be opened, no entry is made to the log file. + * + * CHANGE: the type is always ignored + * + * The return value of klog() is always a pointer to the formatted log + * text string "logtxt". + */ + +/* Used in kerberos.c only. */ +char * +klog(int type, const char *format, ...) +{ + static char logtxt[1024]; + + va_list ap; + + va_start(ap, format); + vsnprintf(logtxt, sizeof(logtxt), format, ap); + va_end(ap); + + krb_logger(&file_log, "%s", logtxt); + + return logtxt; +} + +/* Used in kadmind and rd_req.c */ +void +krb_log(const char *format, ...) +{ + va_list args; + + va_start(args, format); + krb_vlogger(&file_log, format, args); + va_end(args); +} diff --git a/crypto/kerberosIV/lib/krb/lsb_addr_comp.c b/crypto/kerberosIV/lib/krb/lsb_addr_comp.c new file mode 100644 index 0000000..bc3c484 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/lsb_addr_comp.c @@ -0,0 +1,105 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: lsb_addr_comp.c,v 1.9 1997/04/01 08:18:37 joda Exp $"); + +#include "lsb_addr_comp.h" + +int +krb_lsb_antinet_ulong_cmp(u_int32_t x, u_int32_t y) +{ + int i; + u_int32_t a = 0, b = 0; + u_int8_t *p = (u_int8_t*) &x; + u_int8_t *q = (u_int8_t*) &y; + + for(i = sizeof(u_int32_t) - 1; i >= 0; i--){ + a = (a << 8) | p[i]; + b = (b << 8) | q[i]; + } + if(a > b) + return 1; + if(a < b) + return -1; + return 0; +} + +int +krb_lsb_antinet_ushort_cmp(u_int16_t x, u_int16_t y) +{ + int i; + u_int16_t a = 0, b = 0; + u_int8_t *p = (u_int8_t*) &x; + u_int8_t *q = (u_int8_t*) &y; + + for(i = sizeof(u_int16_t) - 1; i >= 0; i--){ + a = (a << 8) | p[i]; + b = (b << 8) | q[i]; + } + if(a > b) + return 1; + if(a < b) + return -1; + return 0; +} + +u_int32_t +lsb_time(time_t t, struct sockaddr_in *src, struct sockaddr_in *dst) +{ + /* + * direction bit is the sign bit of the timestamp. Ok until + * 2038?? + */ + /* For compatibility with broken old code, compares are done in VAX + byte order (LSBFIRST) */ + if (krb_lsb_antinet_ulong_less(src->sin_addr.s_addr, /* src < recv */ + dst->sin_addr.s_addr) < 0) + t = -t; + else if (krb_lsb_antinet_ulong_less(src->sin_addr.s_addr, + dst->sin_addr.s_addr)==0) + if (krb_lsb_antinet_ushort_less(src->sin_port, dst->sin_port) < 0) + t = -t; + /* + * all that for one tiny bit! Heaven help those that talk to + * themselves. + */ + t = t & 0xffffffff; + return t; +} diff --git a/crypto/kerberosIV/lib/krb/lsb_addr_comp.h b/crypto/kerberosIV/lib/krb/lsb_addr_comp.h new file mode 100644 index 0000000..21adf06 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/lsb_addr_comp.h @@ -0,0 +1,26 @@ +/* + * $Id: lsb_addr_comp.h,v 1.6 1996/10/05 00:18:02 joda Exp $ + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * Comparison macros to emulate LSBFIRST comparison results of network + * byte-order quantities + */ + +#ifndef LSB_ADDR_COMP_DEFS +#define LSB_ADDR_COMP_DEFS + +/* Compare x and y in VAX byte order, result is -1, 0 or 1. */ + +#define krb_lsb_antinet_ulong_less(x, y) (((x) == (y)) ? 0 : krb_lsb_antinet_ulong_cmp(x, y)) + +#define krb_lsb_antinet_ushort_less(x, y) (((x) == (y)) ? 0 : krb_lsb_antinet_ushort_cmp(x, y)) + +int krb_lsb_antinet_ulong_cmp(u_int32_t x, u_int32_t y); +int krb_lsb_antinet_ushort_cmp(u_int16_t x, u_int16_t y); +u_int32_t lsb_time(time_t t, struct sockaddr_in *src, struct sockaddr_in *dst); + +#endif /* LSB_ADDR_COMP_DEFS */ diff --git a/crypto/kerberosIV/lib/krb/mk_auth.c b/crypto/kerberosIV/lib/krb/mk_auth.c new file mode 100644 index 0000000..7cfb36b --- /dev/null +++ b/crypto/kerberosIV/lib/krb/mk_auth.c @@ -0,0 +1,96 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: mk_auth.c,v 1.4 1997/04/01 08:18:35 joda Exp $"); + +/* + * Generate an authenticator for service.instance@realm. + * instance is canonicalized by `krb_get_phost' + * realm is set to the local realm if realm == NULL + * The ticket acquired by `krb_mk_req' is returned in `ticket' and the + * authenticator in `buf'. + * Options control the behaviour (see krb_sendauth). + */ + +int +krb_mk_auth(int32_t options, + KTEXT ticket, + char *service, + char *instance, + char *realm, + u_int32_t checksum, + char *version, + KTEXT buf) +{ + char realinst[INST_SZ]; + char realrealm[REALM_SZ]; + int ret; + unsigned char *p; + + if (options & KOPT_DONT_CANON) + strncpy(realinst, instance, sizeof(realinst)); + else + strncpy(realinst, krb_get_phost (instance), sizeof(realinst)); + + if (realm == NULL) { + ret = krb_get_lrealm (realrealm, 1); + if (ret != KSUCCESS) + return ret; + realm = realrealm; + } + + if(!(options & KOPT_DONT_MK_REQ)) { + ret = krb_mk_req (ticket, service, realinst, realm, checksum); + if (ret != KSUCCESS) + return ret; + } + + p = buf->dat; + + memcpy (p, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN); + p += KRB_SENDAUTH_VLEN; + memcpy (p, version, KRB_SENDAUTH_VLEN); + p += KRB_SENDAUTH_VLEN; + p += krb_put_int(ticket->length, p, 4); + memcpy(p, ticket->dat, ticket->length); + p += ticket->length; + buf->length = p - buf->dat; + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/mk_err.c b/crypto/kerberosIV/lib/krb/mk_err.c new file mode 100644 index 0000000..710587a --- /dev/null +++ b/crypto/kerberosIV/lib/krb/mk_err.c @@ -0,0 +1,56 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: mk_err.c,v 1.6 1997/03/23 03:53:14 joda Exp $"); + +/* + * This routine creates a general purpose error reply message. It + * doesn't use KTEXT because application protocol may have long + * messages, and may want this part of buffer contiguous to other + * stuff. + * + * The error reply is built in "p", using the error code "e" and + * error text "e_string" given. The length of the error reply is + * returned. + * + * The error reply is in the following format: + * + * unsigned char KRB_PROT_VERSION protocol version no. + * unsigned char AUTH_MSG_APPL_ERR message type + * (least significant + * bit of above) HOST_BYTE_ORDER local byte order + * 4 bytes e given error code + * string e_string given error text + */ + +int32_t +krb_mk_err(u_char *p, int32_t e, char *e_string) +{ + unsigned char *start = p; + p += krb_put_int(KRB_PROT_VERSION, p, 1); + p += krb_put_int(AUTH_MSG_APPL_ERR, p, 1); + + p += krb_put_int(e, p, 4); + p += krb_put_string(e_string, p); + return p - start; +} diff --git a/crypto/kerberosIV/lib/krb/mk_priv.c b/crypto/kerberosIV/lib/krb/mk_priv.c new file mode 100644 index 0000000..b6a9cc4 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/mk_priv.c @@ -0,0 +1,125 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: mk_priv.c,v 1.18 1997/04/01 08:18:37 joda Exp $"); + +/* application include files */ +#include "lsb_addr_comp.h" + +/* + * krb_mk_priv() constructs an AUTH_MSG_PRIVATE message. It takes + * some user data "in" of "length" bytes and creates a packet in "out" + * consisting of the user data, a timestamp, and the sender's network + * address. + * The packet is encrypted by pcbc_encrypt(), using the given + * "key" and "schedule". + * The length of the resulting packet "out" is + * returned. + * + * It is similar to krb_mk_safe() except for the additional key + * schedule argument "schedule" and the fact that the data is encrypted + * rather than appended with a checksum. The protocol version is + * KRB_PROT_VERSION, defined in "krb.h". + * + * The "out" packet consists of: + * + * Size Variable Field + * ---- -------- ----- + * + * 1 byte KRB_PROT_VERSION protocol version number + * 1 byte AUTH_MSG_PRIVATE | message type plus local + * HOST_BYTE_ORDER byte order in low bit + * + * 4 bytes c_length length of data + * we encrypt from here with pcbc_encrypt + * + * 4 bytes length length of user data + * length in user data + * 1 byte msg_time_5ms timestamp milliseconds + * 4 bytes sender->sin.addr.s_addr sender's IP address + * + * 4 bytes msg_time_sec or timestamp seconds with + * -msg_time_sec direction in sign bit + * + * 0<=n<=7 bytes pad to 8 byte multiple zeroes + */ + +int32_t +krb_mk_priv(void *in, void *out, u_int32_t length, + struct des_ks_struct *schedule, des_cblock *key, + struct sockaddr_in *sender, struct sockaddr_in *receiver) +{ + unsigned char *p = (unsigned char*)out; + unsigned char *cipher; + + struct timeval tv; + u_int32_t src_addr; + u_int32_t len; + + p += krb_put_int(KRB_PROT_VERSION, p, 1); + p += krb_put_int(AUTH_MSG_PRIVATE, p, 1); + + len = 4 + length + 1 + 4 + 4; + len = (len + 7) & ~7; + p += krb_put_int(len, p, 4); + + cipher = p; + + p += krb_put_int(length, p, 4); + + memcpy(p, in, length); + p += length; + + gettimeofday(&tv, NULL); + + *p++ =tv.tv_usec / 5000; + + src_addr = sender->sin_addr.s_addr; + p += krb_put_address(src_addr, p); + + p += krb_put_int(lsb_time(tv.tv_sec, sender, receiver), p, 4); + + memset(p, 0, 7); + + des_pcbc_encrypt((des_cblock *)cipher, (des_cblock *)cipher, + len, schedule, key, DES_ENCRYPT); + + return (cipher - (unsigned char*)out) + len; +} diff --git a/crypto/kerberosIV/lib/krb/mk_req.c b/crypto/kerberosIV/lib/krb/mk_req.c new file mode 100644 index 0000000..313ea04 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/mk_req.c @@ -0,0 +1,215 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: mk_req.c,v 1.17 1997/05/30 17:42:38 bg Exp $"); + +static int lifetime = 255; /* But no longer than TGT says. */ + + +static void +build_request(KTEXT req, char *name, char *inst, char *realm, + u_int32_t checksum) +{ + struct timeval tv; + unsigned char *p = req->dat; + + p += krb_put_nir(name, inst, realm, p); + + p += krb_put_int(checksum, p, 4); + + + /* Fill in the times on the request id */ + gettimeofday(&tv, NULL); + + *p++ = tv.tv_usec / 5000; /* 5ms */ + + p += krb_put_int(tv.tv_sec, p, 4); + + /* Fill to a multiple of 8 bytes for DES */ + req->length = ((p - req->dat + 7)/8) * 8; +} + + +/* + * krb_mk_req takes a text structure in which an authenticator is to + * be built, the name of a service, an instance, a realm, + * and a checksum. It then retrieves a ticket for + * the desired service and creates an authenticator in the text + * structure passed as the first argument. krb_mk_req returns + * KSUCCESS on success and a Kerberos error code on failure. + * + * The peer procedure on the other end is krb_rd_req. When making + * any changes to this routine it is important to make corresponding + * changes to krb_rd_req. + * + * The authenticator consists of the following: + * + * authent->dat + * + * unsigned char KRB_PROT_VERSION protocol version no. + * unsigned char AUTH_MSG_APPL_REQUEST message type + * (least significant + * bit of above) HOST_BYTE_ORDER local byte ordering + * unsigned char kvno from ticket server's key version + * string realm server's realm + * unsigned char tl ticket length + * unsigned char idl request id length + * text ticket->dat ticket for server + * text req_id->dat request id + * + * The ticket information is retrieved from the ticket cache or + * fetched from Kerberos. The request id (called the "authenticator" + * in the papers on Kerberos) contains the following: + * + * req_id->dat + * + * string cr.pname {name, instance, and + * string cr.pinst realm of principal + * string myrealm making this request} + * 4 bytes checksum checksum argument given + * unsigned char tv_local.tf_usec time (milliseconds) + * 4 bytes tv_local.tv_sec time (seconds) + * + * req_id->length = 3 strings + 3 terminating nulls + 5 bytes for time, + * all rounded up to multiple of 8. + */ + +int +krb_mk_req(KTEXT authent, char *service, char *instance, char *realm, + int32_t checksum) +{ + KTEXT_ST req_st; + KTEXT req_id = &req_st; + + CREDENTIALS cr; /* Credentials used by retr */ + KTEXT ticket = &(cr.ticket_st); /* Pointer to tkt_st */ + int retval; /* Returned by krb_get_cred */ + + char myrealm[REALM_SZ]; + + unsigned char *p = authent->dat; + + p += krb_put_int(KRB_PROT_VERSION, p, 1); + + p += krb_put_int(AUTH_MSG_APPL_REQUEST, p, 1); + + /* Get the ticket and move it into the authenticator */ + if (krb_ap_req_debug) + krb_warning("Realm: %s\n", realm); + + retval = krb_get_cred(service,instance,realm,&cr); + + if (retval == RET_NOTKT) { + retval = get_ad_tkt(service, instance, realm, lifetime); + if (retval == KSUCCESS) + retval = krb_get_cred(service, instance, realm, &cr); + } + + if (retval != KSUCCESS) + return retval; + + + /* + * With multi realm ticket files either find a matching TGT or + * else use the first TGT for inter-realm authentication. + * + * In myrealm hold the realm of the principal "owning" the + * corresponding ticket-granting-ticket. + */ + + retval = krb_get_cred(KRB_TICKET_GRANTING_TICKET, realm, realm, 0); + if (retval == KSUCCESS) + strncpy(myrealm, realm, REALM_SZ); + else + retval = krb_get_tf_realm(TKT_FILE, myrealm); + + if (retval != KSUCCESS) + return retval; + + if (krb_ap_req_debug) + krb_warning("serv=%s.%s@%s princ=%s.%s@%s\n", service, instance, realm, + cr.pname, cr.pinst, myrealm); + + p += krb_put_int(cr.kvno, p, 1); + + p += krb_put_string(realm, p); + + p += krb_put_int(ticket->length, p, 1); + + build_request(req_id, cr.pname, cr.pinst, myrealm, checksum); + + encrypt_ktext(req_id, &cr.session, DES_ENCRYPT); + + p += krb_put_int(req_id->length, p, 1); + + memcpy(p, ticket->dat, ticket->length); + + p += ticket->length; + + memcpy(p, req_id->dat, req_id->length); + + p += req_id->length; + + authent->length = p - authent->dat; + + memset(&cr, 0, sizeof(cr)); + memset(&req_st, 0, sizeof(req_st)); + + if (krb_ap_req_debug) + krb_warning("Authent->length = %d\n", authent->length); + + return KSUCCESS; +} + +/* + * krb_set_lifetime sets the default lifetime for additional tickets + * obtained via krb_mk_req(). + * + * It returns the previous value of the default lifetime. + */ + +int +krb_set_lifetime(int newval) +{ + int olife = lifetime; + + lifetime = newval; + return(olife); +} diff --git a/crypto/kerberosIV/lib/krb/mk_safe.c b/crypto/kerberosIV/lib/krb/mk_safe.c new file mode 100644 index 0000000..df5ca21 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/mk_safe.c @@ -0,0 +1,131 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: mk_safe.c,v 1.21 1997/04/19 23:18:03 joda Exp $"); + +/* application include files */ +#include "lsb_addr_comp.h" + + +/* from rd_safe.c */ +extern int dqc_type; +void fixup_quad_cksum(void*, size_t, des_cblock*, void*, void*, int); + +/* + * krb_mk_safe() constructs an AUTH_MSG_SAFE message. It takes some + * user data "in" of "length" bytes and creates a packet in "out" + * consisting of the user data, a timestamp, and the sender's network + * address, followed by a checksum computed on the above, using the + * given "key". The length of the resulting packet is returned. + * + * The "out" packet consists of: + * + * Size Variable Field + * ---- -------- ----- + * + * 1 byte KRB_PROT_VERSION protocol version number + * 1 byte AUTH_MSG_SAFE | message type plus local + * HOST_BYTE_ORDER byte order in low bit + * + * ===================== begin checksum ================================ + * + * 4 bytes length length of user data + * length in user data + * 1 byte msg_time_5ms timestamp milliseconds + * 4 bytes sender->sin.addr.s_addr sender's IP address + * + * 4 bytes msg_time_sec or timestamp seconds with + * -msg_time_sec direction in sign bit + * + * ======================= end checksum ================================ + * + * 16 bytes big_cksum quadratic checksum of + * above using "key" + */ + +int32_t +krb_mk_safe(void *in, void *out, u_int32_t length, des_cblock *key, + struct sockaddr_in *sender, struct sockaddr_in *receiver) +{ + unsigned char * p = (unsigned char*)out; + struct timeval tv; + unsigned char *start; + u_int32_t src_addr; + + p += krb_put_int(KRB_PROT_VERSION, p, 1); + p += krb_put_int(AUTH_MSG_SAFE, p, 1); + + start = p; + + p += krb_put_int(length, p, 4); + + memcpy(p, in, length); + p += length; + + gettimeofday(&tv, NULL); + + *p++ = tv.tv_usec/5000; /* 5ms */ + + src_addr = sender->sin_addr.s_addr; + p += krb_put_address(src_addr, p); + + p += krb_put_int(lsb_time(tv.tv_sec, sender, receiver), p, 4); + + { + /* We are faking big endian mode, so we need to fix the + * checksum (that is byte order dependent). We always send a + * checksum of the new type, unless we know that we are + * talking to an old client (this requires a call to + * krb_rd_safe first). + */ + unsigned char new_checksum[16]; + unsigned char old_checksum[16]; + fixup_quad_cksum(start, p - start, key, new_checksum, old_checksum, 0); + + if((dqc_type == DES_QUAD_GUESS && DES_QUAD_DEFAULT == DES_QUAD_OLD) || + dqc_type == DES_QUAD_OLD) + memcpy(p, old_checksum, 16); + else + memcpy(p, new_checksum, 16); + } + p += 16; + + return p - (unsigned char*)out; +} diff --git a/crypto/kerberosIV/lib/krb/month_sname.c b/crypto/kerberosIV/lib/krb/month_sname.c new file mode 100644 index 0000000..aaceee5 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/month_sname.c @@ -0,0 +1,39 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: month_sname.c,v 1.5 1997/03/23 03:53:14 joda Exp $"); + +/* + * Given an integer 1-12, month_sname() returns a string + * containing the first three letters of the corresponding + * month. Returns 0 if the argument is out of range. + */ + +const char *month_sname(int n) +{ + static const char *name[] = { + "Jan","Feb","Mar","Apr","May","Jun", + "Jul","Aug","Sep","Oct","Nov","Dec" + }; + return((n < 1 || n > 12) ? 0 : name [n-1]); +} diff --git a/crypto/kerberosIV/lib/krb/name2name.c b/crypto/kerberosIV/lib/krb/name2name.c new file mode 100644 index 0000000..fa95b89 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/name2name.c @@ -0,0 +1,102 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: name2name.c,v 1.15 1997/04/30 04:30:36 assar Exp $"); + +/* convert host to a more fully qualified domain name, returns 0 if + * phost is the same as host, 1 otherwise. phost should be + * phost_size bytes long. + */ + +int +krb_name_to_name(const char *host, char *phost, size_t phost_size) +{ + struct hostent *hp; + struct in_addr adr; + const char *tmp; + + adr.s_addr = inet_addr(host); + hp = gethostbyname(host); + if (hp == NULL && adr.s_addr != INADDR_NONE) + hp = gethostbyaddr((char *)&adr, sizeof(adr), AF_INET); + if (hp == NULL) + tmp = host; + else + tmp = hp->h_name; + strncpy (phost, tmp, phost_size); + phost[phost_size - 1] = '\0'; + + if (strcmp(phost, host) == 0) + return 0; + else + return 1; +} + +/* lowercase and truncate */ + +void +k_ricercar(char *name) +{ + char *p = name; + while(*p && *p != '.'){ + if(isupper(*p)) + *p = tolower(*p); + p++; + } + if(*p == '.') + *p = 0; +} + +/* + * This routine takes an alias for a host name and returns the first + * field, in lower case, of its domain name. + * + * Example: "fOo.BAR.com" -> "foo" + */ + +char * +krb_get_phost(const char *alias) +{ + static char phost[MaxHostNameLen+1]; + + krb_name_to_name(alias, phost, sizeof(phost)); + k_ricercar(phost); + return phost; +} diff --git a/crypto/kerberosIV/lib/krb/netread.c b/crypto/kerberosIV/lib/krb/netread.c new file mode 100644 index 0000000..cbc1bd1 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/netread.c @@ -0,0 +1,55 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: netread.c,v 1.6 1997/03/23 03:53:15 joda Exp $"); + +/* + * krb_net_read() reads from the file descriptor "fd" to the buffer + * "buf", until either 1) "len" bytes have been read or 2) cannot + * read anymore from "fd". It returns the number of bytes read + * or a read() error. (The calling interface is identical to + * read(2).) + * + * XXX must not use non-blocking I/O + */ + +int +krb_net_read (int fd, void *v, size_t len) +{ + int cc, len2 = 0; + char *buf = v; + + do { + cc = read(fd, buf, len); + if (cc < 0) + return(cc); /* errno is already set */ + else if (cc == 0) { + return(len2); + } else { + buf += cc; + len2 += cc; + len -= cc; + } + } while (len > 0); + return(len2); +} diff --git a/crypto/kerberosIV/lib/krb/netwrite.c b/crypto/kerberosIV/lib/krb/netwrite.c new file mode 100644 index 0000000..0703d91 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/netwrite.c @@ -0,0 +1,52 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: netwrite.c,v 1.7 1997/03/23 03:53:15 joda Exp $"); + +/* + * krb_net_write() writes "len" bytes from "buf" to the file + * descriptor "fd". It returns the number of bytes written or + * a write() error. (The calling interface is identical to + * write(2).) + * + * XXX must not use non-blocking I/O + */ + +int +krb_net_write(int fd, const void *v, size_t len) +{ + int cc; + int wrlen = len; + const char *buf = (const char*)v; + + do { + cc = write(fd, buf, wrlen); + if (cc < 0) + return(cc); + else { + buf += cc; + wrlen -= cc; + } + } while (wrlen > 0); + return(len); +} diff --git a/crypto/kerberosIV/lib/krb/one.c b/crypto/kerberosIV/lib/krb/one.c new file mode 100644 index 0000000..d43b284 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/one.c @@ -0,0 +1,27 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + + WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + distribute this software and its documentation for any purpose and + without fee is hereby granted, provided that the above copyright + notice appear in all copies and that both that copyright notice and + this permission notice appear in supporting documentation, and that + the name of M.I.T. not be used in advertising or publicity pertaining + to distribution of the software without specific, written prior + permission. M.I.T. makes no representations about the suitability of + this software for any purpose. It is provided "as is" without express + or implied warranty. + + */ + +/* + * definition of variable set to 1. + * used in krb_conf.h to determine host byte order. + */ + +int krbONE = 1; diff --git a/crypto/kerberosIV/lib/krb/parse_name.c b/crypto/kerberosIV/lib/krb/parse_name.c new file mode 100644 index 0000000..1184330 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/parse_name.c @@ -0,0 +1,199 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: parse_name.c,v 1.4 1997/04/01 08:18:39 joda Exp $"); + +int +krb_parse_name(const char *fullname, krb_principal *principal) +{ + const char *p; + char *ns, *np; + enum {n, i, r} pos = n; + int quote = 0; + ns = np = principal->name; + + principal->name[0] = 0; + principal->instance[0] = 0; + principal->realm[0] = 0; + + for(p = fullname; *p; p++){ + if(np - ns == ANAME_SZ - 1) /* XXX they have the same size */ + return KNAME_FMT; + if(quote){ + *np++ = *p; + quote = 0; + continue; + } + if(*p == '\\') + quote = 1; + else if(*p == '.' && pos == n){ + *np = 0; + ns = np = principal->instance; + pos = i; + }else if(*p == '@' && (pos == n || pos == i)){ + *np = 0; + ns = np = principal->realm; + pos = r; + }else + *np++ = *p; + } + *np = 0; + if(quote || principal->name[0] == 0) + return KNAME_FMT; + return KSUCCESS; +} + +int +kname_parse(char *np, char *ip, char *rp, char *fullname) +{ + krb_principal p; + int ret; + if((ret = krb_parse_name(fullname, &p)) == 0){ + strcpy(np, p.name); + strcpy(ip, p.instance); + if(p.realm[0]) + strcpy(rp, p.realm); + } + return ret; +} +/* + * k_isname() returns 1 if the given name is a syntactically legitimate + * Kerberos name; returns 0 if it's not. + */ + +int +k_isname(char *s) +{ + char c; + int backslash = 0; + + if (!*s) + return 0; + if (strlen(s) > ANAME_SZ - 1) + return 0; + while ((c = *s++)) { + if (backslash) { + backslash = 0; + continue; + } + switch(c) { + case '\\': + backslash = 1; + break; + case '.': + return 0; + /* break; */ + case '@': + return 0; + /* break; */ + } + } + return 1; +} + + +/* + * k_isinst() returns 1 if the given name is a syntactically legitimate + * Kerberos instance; returns 0 if it's not. + */ + +int +k_isinst(char *s) +{ + char c; + int backslash = 0; + + if (strlen(s) > INST_SZ - 1) + return 0; + while ((c = *s++)) { + if (backslash) { + backslash = 0; + continue; + } + switch(c) { + case '\\': + backslash = 1; + break; + case '.': +#if INSTANCE_DOTS_OK + break; +#else /* INSTANCE_DOTS_OK */ + return 0; +#endif /* INSTANCE_DOTS_OK */ + /* break; */ + case '@': + return 0; + /* break; */ + } + } + return 1; +} + +/* + * k_isrealm() returns 1 if the given name is a syntactically legitimate + * Kerberos realm; returns 0 if it's not. + */ + +int +k_isrealm(char *s) +{ + char c; + int backslash = 0; + + if (!*s) + return 0; + if (strlen(s) > REALM_SZ - 1) + return 0; + while ((c = *s++)) { + if (backslash) { + backslash = 0; + continue; + } + switch(c) { + case '\\': + backslash = 1; + break; + case '@': + return 0; + /* break; */ + } + } + return 1; +} diff --git a/crypto/kerberosIV/lib/krb/prot.h b/crypto/kerberosIV/lib/krb/prot.h new file mode 100644 index 0000000..e4825e1 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/prot.h @@ -0,0 +1,105 @@ +/* + * $Id: prot.h,v 1.7 1997/03/23 03:52:27 joda Exp $ + * + * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute + * of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * Include file with authentication protocol information. + */ + +#ifndef PROT_DEFS +#define PROT_DEFS + +#define KRB_SERVICE "kerberos-iv" +#define KRB_PORT 750 /* PC's don't have + * /etc/services */ +#define KRB_PROT_VERSION 4 +#define MAX_PKT_LEN 1000 +#define MAX_TXT_LEN 1000 + +/* Macro's to obtain various fields from a packet */ + +#define pkt_version(packet) (unsigned int) *(packet->dat) +#define pkt_msg_type(packet) (unsigned int) *(packet->dat+1) +#define pkt_a_name(packet) (packet->dat+2) +#define pkt_a_inst(packet) \ + (packet->dat+3+strlen((char *)pkt_a_name(packet))) +#define pkt_a_realm(packet) \ + (pkt_a_inst(packet)+1+strlen((char *)pkt_a_inst(packet))) + +/* Macro to obtain realm from application request */ +#define apreq_realm(auth) (auth->dat + 3) + +#define pkt_time_ws(packet) (char *) \ + (packet->dat+5+strlen((char *)pkt_a_name(packet)) + \ + strlen((char *)pkt_a_inst(packet)) + \ + strlen((char *)pkt_a_realm(packet))) + +#define pkt_no_req(packet) (unsigned short) \ + *(packet->dat+9+strlen((char *)pkt_a_name(packet)) + \ + strlen((char *)pkt_a_inst(packet)) + \ + strlen((char *)pkt_a_realm(packet))) +#define pkt_x_date(packet) (char *) \ + (packet->dat+10+strlen((char *)pkt_a_name(packet)) + \ + strlen((char *)pkt_a_inst(packet)) + \ + strlen((char *)pkt_a_realm(packet))) +#define pkt_err_code(packet) ( (char *) \ + (packet->dat+9+strlen((char *)pkt_a_name(packet)) + \ + strlen((char *)pkt_a_inst(packet)) + \ + strlen((char *)pkt_a_realm(packet)))) +#define pkt_err_text(packet) \ + (packet->dat+13+strlen((char *)pkt_a_name(packet)) + \ + strlen((char *)pkt_a_inst(packet)) + \ + strlen((char *)pkt_a_realm(packet))) + +/* Routines to create and read packets may be found in prot.c */ + +KTEXT create_auth_reply(char *pname, char *pinst, char *prealm, + int32_t time_ws, int n, u_int32_t x_date, + int kvno, KTEXT cipher); +#ifdef DEBUG +KTEXT krb_create_death_packet(char *a_name); +#endif + +/* Message types , always leave lsb for byte order */ + +#define AUTH_MSG_KDC_REQUEST 1<<1 +#define AUTH_MSG_KDC_REPLY 2<<1 +#define AUTH_MSG_APPL_REQUEST 3<<1 +#define AUTH_MSG_APPL_REQUEST_MUTUAL 4<<1 +#define AUTH_MSG_ERR_REPLY 5<<1 +#define AUTH_MSG_PRIVATE 6<<1 +#define AUTH_MSG_SAFE 7<<1 +#define AUTH_MSG_APPL_ERR 8<<1 +#define AUTH_MSG_KDC_FORWARD 9<<1 +#define AUTH_MSG_KDC_RENEW 10<<1 +#define AUTH_MSG_DIE 63<<1 + +/* values for kerb error codes */ + +#define KERB_ERR_OK 0 +#define KERB_ERR_NAME_EXP 1 +#define KERB_ERR_SERVICE_EXP 2 +#define KERB_ERR_AUTH_EXP 3 +#define KERB_ERR_PKT_VER 4 +#define KERB_ERR_NAME_MAST_KEY_VER 5 +#define KERB_ERR_SERV_MAST_KEY_VER 6 +#define KERB_ERR_BYTE_ORDER 7 +#define KERB_ERR_PRINCIPAL_UNKNOWN 8 +#define KERB_ERR_PRINCIPAL_NOT_UNIQUE 9 +#define KERB_ERR_NULL_KEY 10 +#define KERB_ERR_TIMEOUT 11 + +/* sendauth - recvauth */ + +/* + * If the protocol changes, you will need to change the version string + * be sure to support old versions of krb_sendauth! + */ + +#define KRB_SENDAUTH_VERS "AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN chars */ + +#endif /* PROT_DEFS */ diff --git a/crypto/kerberosIV/lib/krb/rd_err.c b/crypto/kerberosIV/lib/krb/rd_err.c new file mode 100644 index 0000000..3382eab --- /dev/null +++ b/crypto/kerberosIV/lib/krb/rd_err.c @@ -0,0 +1,82 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: rd_err.c,v 1.8 1997/04/01 08:18:40 joda Exp $"); + +/* + * Given an AUTH_MSG_APPL_ERR message, "in" and its length "in_length", + * return the error code from the message in "code" and the text in + * "m_data" as follows: + * + * m_data->app_data points to the error text + * m_data->app_length points to the length of the error text + * + * If all goes well, return RD_AP_OK. If the version number + * is wrong, return RD_AP_VERSION, and if it's not an AUTH_MSG_APPL_ERR + * type message, return RD_AP_MSG_TYPE. + * + * The AUTH_MSG_APPL_ERR message format can be found in mk_err.c + */ + +int +krb_rd_err(u_char *in, u_int32_t in_length, int32_t *code, MSG_DAT *m_data) +{ + unsigned char *p = (unsigned char*)in; + + unsigned char pvno, type; + int little_endian; + + pvno = *p++; + if(pvno != KRB_PROT_VERSION) + return RD_AP_VERSION; + + type = *p++; + little_endian = type & 1; + type &= ~1; + + if(type != AUTH_MSG_APPL_ERR) + return RD_AP_MSG_TYPE; + + p += krb_get_int(p, (u_int32_t *)&code, 4, little_endian); + + m_data->app_data = p; + m_data->app_length = in_length; /* XXX is this correct? */ + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/rd_priv.c b/crypto/kerberosIV/lib/krb/rd_priv.c new file mode 100644 index 0000000..58ecd9f --- /dev/null +++ b/crypto/kerberosIV/lib/krb/rd_priv.c @@ -0,0 +1,129 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: rd_priv.c,v 1.24 1997/05/14 17:53:29 joda Exp $"); + +/* application include files */ +#include "lsb_addr_comp.h" + +/* + * krb_rd_priv() decrypts and checks the integrity of an + * AUTH_MSG_PRIVATE message. Given the message received, "in", + * the length of that message, "in_length", the key "schedule" + * and "key", and the network addresses of the + * "sender" and "receiver" of the message, krb_rd_safe() returns + * RD_AP_OK if the message is okay, otherwise some error code. + * + * The message data retrieved from "in" are returned in the structure + * "m_data". The pointer to the application data + * (m_data->app_data) refers back to the appropriate place in "in". + * + * See the file "mk_priv.c" for the format of the AUTH_MSG_PRIVATE + * message. The structure containing the extracted message + * information, MSG_DAT, is defined in "krb.h". + */ + +int32_t +krb_rd_priv(void *in, u_int32_t in_length, + struct des_ks_struct *schedule, des_cblock *key, + struct sockaddr_in *sender, struct sockaddr_in *receiver, + MSG_DAT *m_data) +{ + unsigned char *p = (unsigned char*)in; + int little_endian; + u_int32_t clen; + struct timeval tv; + u_int32_t src_addr; + int delta_t; + + unsigned char pvno, type; + + pvno = *p++; + if(pvno != KRB_PROT_VERSION) + return RD_AP_VERSION; + + type = *p++; + little_endian = type & 1; + type &= ~1; + + p += krb_get_int(p, &clen, 4, little_endian); + + if(clen + 2 > in_length) + return RD_AP_MODIFIED; + + des_pcbc_encrypt((des_cblock*)p, (des_cblock*)p, clen, + schedule, key, DES_DECRYPT); + + p += krb_get_int(p, &m_data->app_length, 4, little_endian); + if(m_data->app_length + 17 > in_length) + return RD_AP_MODIFIED; + + m_data->app_data = p; + p += m_data->app_length; + + m_data->time_5ms = *p++; + + p += krb_get_address(p, &src_addr); + + if (!krb_equiv(src_addr, sender->sin_addr.s_addr)) + return RD_AP_BADD; + + p += krb_get_int(p, (u_int32_t *)&m_data->time_sec, 4, little_endian); + + m_data->time_sec = lsb_time(m_data->time_sec, sender, receiver); + + gettimeofday(&tv, NULL); + + /* check the time integrity of the msg */ + delta_t = abs((int)((long) tv.tv_sec - m_data->time_sec)); + if (delta_t > CLOCK_SKEW) + return RD_AP_TIME; + if (krb_debug) + krb_warning("\ndelta_t = %d", (int) delta_t); + + /* + * caller must check timestamps for proper order and + * replays, since server might have multiple clients + * each with its own timestamps and we don't assume + * tightly synchronized clocks. + */ + + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/rd_req.c b/crypto/kerberosIV/lib/krb/rd_req.c new file mode 100644 index 0000000..1a3e848 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/rd_req.c @@ -0,0 +1,324 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: rd_req.c,v 1.24 1997/05/11 11:05:28 assar Exp $"); + +static struct timeval t_local = { 0, 0 }; + +/* + * Keep the following information around for subsequent calls + * to this routine by the same server using the same key. + */ + +static des_key_schedule serv_key; /* Key sched to decrypt ticket */ +static des_cblock ky; /* Initialization vector */ +static int st_kvno; /* version number for this key */ +static char st_rlm[REALM_SZ]; /* server's realm */ +static char st_nam[ANAME_SZ]; /* service name */ +static char st_inst[INST_SZ]; /* server's instance */ + +/* + * This file contains two functions. krb_set_key() takes a DES + * key or password string and returns a DES key (either the original + * key, or the password converted into a DES key) and a key schedule + * for it. + * + * krb_rd_req() reads an authentication request and returns information + * about the identity of the requestor, or an indication that the + * identity information was not authentic. + */ + +/* + * krb_set_key() takes as its first argument either a DES key or a + * password string. The "cvt" argument indicates how the first + * argument "key" is to be interpreted: if "cvt" is null, "key" is + * taken to be a DES key; if "cvt" is non-null, "key" is taken to + * be a password string, and is converted into a DES key using + * string_to_key(). In either case, the resulting key is returned + * in the external static variable "ky". A key schedule is + * generated for "ky" and returned in the external static variable + * "serv_key". + * + * This routine returns the return value of des_key_sched. + * + * krb_set_key() needs to be in the same .o file as krb_rd_req() so that + * the key set by krb_set_key() is available in private storage for + * krb_rd_req(). + */ + +int +krb_set_key(void *key, int cvt) +{ +#ifdef NOENCRYPTION + memset(ky, 0, sizeof(ky)); + return KSUCCESS; +#else /* Encrypt */ + if (cvt) + des_string_to_key((char*)key, &ky); + else + memcpy((char*)ky, key, 8); + return(des_key_sched(&ky, serv_key)); +#endif /* NOENCRYPTION */ +} + + +/* + * krb_rd_req() takes an AUTH_MSG_APPL_REQUEST or + * AUTH_MSG_APPL_REQUEST_MUTUAL message created by krb_mk_req(), + * checks its integrity and returns a judgement as to the requestor's + * identity. + * + * The "authent" argument is a pointer to the received message. + * The "service" and "instance" arguments name the receiving server, + * and are used to get the service's ticket to decrypt the ticket + * in the message, and to compare against the server name inside the + * ticket. "from_addr" is the network address of the host from which + * the message was received; this is checked against the network + * address in the ticket. If "from_addr" is zero, the check is not + * performed. "ad" is an AUTH_DAT structure which is + * filled in with information about the sender's identity according + * to the authenticator and ticket sent in the message. Finally, + * "fn" contains the name of the file containing the server's key. + * (If "fn" is NULL, the server's key is assumed to have been set + * by krb_set_key(). If "fn" is the null string ("") the default + * file KEYFILE, defined in "krb.h", is used.) + * + * krb_rd_req() returns RD_AP_OK if the authentication information + * was genuine, or one of the following error codes (defined in + * "krb.h"): + * + * RD_AP_VERSION - wrong protocol version number + * RD_AP_MSG_TYPE - wrong message type + * RD_AP_UNDEC - couldn't decipher the message + * RD_AP_INCON - inconsistencies found + * RD_AP_BADD - wrong network address + * RD_AP_TIME - client time (in authenticator) + * too far off server time + * RD_AP_NYV - Kerberos time (in ticket) too + * far off server time + * RD_AP_EXP - ticket expired + * + * For the message format, see krb_mk_req(). + * + * Mutual authentication is not implemented. + */ + +int +krb_rd_req(KTEXT authent, /* The received message */ + char *service, /* Service name */ + char *instance, /* Service instance */ + int32_t from_addr, /* Net address of originating host */ + AUTH_DAT *ad, /* Structure to be filled in */ + char *fn) /* Filename to get keys from */ +{ + static KTEXT_ST ticket; /* Temp storage for ticket */ + static KTEXT tkt = &ticket; + static KTEXT_ST req_id_st; /* Temp storage for authenticator */ + KTEXT req_id = &req_id_st; + + char realm[REALM_SZ]; /* Realm of issuing kerberos */ + + unsigned char skey[KKEY_SZ]; /* Session key from ticket */ + char sname[SNAME_SZ]; /* Service name from ticket */ + char iname[INST_SZ]; /* Instance name from ticket */ + char r_aname[ANAME_SZ]; /* Client name from authenticator */ + char r_inst[INST_SZ]; /* Client instance from authenticator */ + char r_realm[REALM_SZ]; /* Client realm from authenticator */ + u_int32_t r_time_sec; /* Coarse time from authenticator */ + unsigned long delta_t; /* Time in authenticator - local time */ + long tkt_age; /* Age of ticket */ + static unsigned char s_kvno;/* Version number of the server's key + * Kerberos used to encrypt ticket */ + + struct timeval tv; + int status; + + int pvno; + int type; + int little_endian; + + unsigned char *p; + + if (authent->length <= 0) + return(RD_AP_MODIFIED); + + p = authent->dat; + + /* get msg version, type and byte order, and server key version */ + + pvno = *p++; + + if(pvno != KRB_PROT_VERSION) + return RD_AP_VERSION; + + type = *p++; + + little_endian = type & 1; + type &= ~1; + + if(type != AUTH_MSG_APPL_REQUEST && type != AUTH_MSG_APPL_REQUEST_MUTUAL) + return RD_AP_MSG_TYPE; + + s_kvno = *p++; + + p += krb_get_string(p, realm); + + /* + * If "fn" is NULL, key info should already be set; don't + * bother with ticket file. Otherwise, check to see if we + * already have key info for the given server and key version + * (saved in the static st_* variables). If not, go get it + * from the ticket file. If "fn" is the null string, use the + * default ticket file. + */ + if (fn && (strcmp(st_nam,service) || strcmp(st_inst,instance) || + strcmp(st_rlm,realm) || (st_kvno != s_kvno))) { + if (*fn == 0) fn = KEYFILE; + st_kvno = s_kvno; + if (read_service_key(service, instance, realm, s_kvno, + fn, (char *)skey)) + return(RD_AP_UNDEC); + if ((status = krb_set_key((char*)skey, 0))) + return(status); + strcpy(st_rlm, realm); + strcpy(st_nam, service); + strcpy(st_inst, instance); + } + + tkt->length = *p++; + + req_id->length = *p++; + + if(tkt->length + (p - authent->dat) > authent->length) + return RD_AP_MODIFIED; + + memcpy(tkt->dat, p, tkt->length); + p += tkt->length; + + if (krb_ap_req_debug) + krb_log("ticket->length: %d",tkt->length); + + /* Decrypt and take apart ticket */ + if (decomp_ticket(tkt, &ad->k_flags, ad->pname, ad->pinst, ad->prealm, + &ad->address, ad->session, &ad->life, + &ad->time_sec, sname, iname, &ky, serv_key)) + return RD_AP_UNDEC; + + if (krb_ap_req_debug) { + krb_log("Ticket Contents."); + krb_log(" Aname: %s.%s",ad->pname, ad->prealm); + krb_log(" Service: %s", krb_unparse_name_long(sname, iname, NULL)); + } + + /* Extract the authenticator */ + + if(req_id->length + (p - authent->dat) > authent->length) + return RD_AP_MODIFIED; + + memcpy(req_id->dat, p, req_id->length); + p = req_id->dat; + +#ifndef NOENCRYPTION + /* And decrypt it with the session key from the ticket */ + if (krb_ap_req_debug) krb_log("About to decrypt authenticator"); + + encrypt_ktext(req_id, &ad->session, DES_DECRYPT); + + if (krb_ap_req_debug) krb_log("Done."); +#endif /* NOENCRYPTION */ + + /* cast req_id->length to int? */ +#define check_ptr() if ((ptr - (char *) req_id->dat) > req_id->length) return(RD_AP_MODIFIED); + + p += krb_get_nir(p, r_aname, r_inst, r_realm); /* XXX no rangecheck */ + + p += krb_get_int(p, &ad->checksum, 4, little_endian); + + p++; /* time_5ms is not used */ + + p += krb_get_int(p, &r_time_sec, 4, little_endian); + + /* Check for authenticity of the request */ + if (krb_ap_req_debug) + krb_log("Principal: %s.%s@%s / %s.%s@%s",ad->pname,ad->pinst, ad->prealm, + r_aname, r_inst, r_realm); + if (strcmp(ad->pname, r_aname) != 0 || + strcmp(ad->pinst, r_inst) != 0 || + strcmp(ad->prealm, r_realm) != 0) + return RD_AP_INCON; + + if (krb_ap_req_debug) + krb_log("Address: %x %x", ad->address, from_addr); + + if (from_addr && (!krb_equiv(ad->address, from_addr))) + return RD_AP_BADD; + + gettimeofday(&tv, NULL); + delta_t = abs((int)(tv.tv_sec - r_time_sec)); + if (delta_t > CLOCK_SKEW) { + if (krb_ap_req_debug) + krb_log("Time out of range: %lu - %lu = %lu", + (unsigned long)t_local.tv_sec, + (unsigned long)r_time_sec, + (unsigned long)delta_t); + return RD_AP_TIME; + } + + /* Now check for expiration of ticket */ + + tkt_age = tv.tv_sec - ad->time_sec; + if (krb_ap_req_debug) + krb_log("Time: %ld Issue Date: %lu Diff: %ld Life %x", + (long)tv.tv_sec, + (unsigned long)ad->time_sec, + tkt_age, + ad->life); + + if ((tkt_age < 0) && (-tkt_age > CLOCK_SKEW)) + return RD_AP_NYV; + + if (tv.tv_sec > krb_life_to_time(ad->time_sec, ad->life)) + return RD_AP_EXP; + + /* All seems OK */ + ad->reply.length = 0; + + return(RD_AP_OK); +} diff --git a/crypto/kerberosIV/lib/krb/rd_safe.c b/crypto/kerberosIV/lib/krb/rd_safe.c new file mode 100644 index 0000000..8471df0 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/rd_safe.c @@ -0,0 +1,178 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: rd_safe.c,v 1.24 1997/04/19 23:18:20 joda Exp $"); + +/* application include files */ +#include "lsb_addr_comp.h" + +/* Generate two checksums in the given byteorder of the data, one + * new-form and one old-form. It has to be done this way to be + * compatible with the old version of des_quad_cksum. + */ + +/* des_quad_chsum-type; 0 == unknown, 1 == new PL10++, 2 == old */ +int dqc_type = DES_QUAD_DEFAULT; + +void +fixup_quad_cksum(void *start, size_t len, des_cblock *key, + void *new_checksum, void *old_checksum, int little) +{ + des_quad_cksum((des_cblock*)start, (des_cblock*)new_checksum, len, 2, key); + if(HOST_BYTE_ORDER){ + if(little){ + memcpy(old_checksum, new_checksum, 16); + }else{ + u_int32_t *tmp = (u_int32_t*)new_checksum; + memcpy(old_checksum, new_checksum, 16); + swap_u_16(old_checksum); + swap_u_long(tmp[0]); + swap_u_long(tmp[1]); + swap_u_long(tmp[2]); + swap_u_long(tmp[3]); + } + }else{ + if(little){ + u_int32_t *tmp = (u_int32_t*)new_checksum; + swap_u_long(tmp[0]); + swap_u_long(tmp[1]); + swap_u_long(tmp[2]); + swap_u_long(tmp[3]); + memcpy(old_checksum, new_checksum, 16); + }else{ + u_int32_t tmp[4]; + tmp[0] = ((u_int32_t*)new_checksum)[3]; + tmp[1] = ((u_int32_t*)new_checksum)[2]; + tmp[2] = ((u_int32_t*)new_checksum)[1]; + tmp[3] = ((u_int32_t*)new_checksum)[0]; + memcpy(old_checksum, tmp, 16); + } + } +} + +/* + * krb_rd_safe() checks the integrity of an AUTH_MSG_SAFE message. + * Given the message received, "in", the length of that message, + * "in_length", the "key" to compute the checksum with, and the + * network addresses of the "sender" and "receiver" of the message, + * krb_rd_safe() returns RD_AP_OK if message is okay, otherwise + * some error code. + * + * The message data retrieved from "in" is returned in the structure + * "m_data". The pointer to the application data (m_data->app_data) + * refers back to the appropriate place in "in". + * + * See the file "mk_safe.c" for the format of the AUTH_MSG_SAFE + * message. The structure containing the extracted message + * information, MSG_DAT, is defined in "krb.h". + */ + +int32_t +krb_rd_safe(void *in, u_int32_t in_length, des_cblock *key, + struct sockaddr_in *sender, struct sockaddr_in *receiver, + MSG_DAT *m_data) +{ + unsigned char *p = (unsigned char*)in, *start; + + unsigned char pvno, type; + int little_endian; + struct timeval tv; + u_int32_t src_addr; + int delta_t; + + + pvno = *p++; + if(pvno != KRB_PROT_VERSION) + return RD_AP_VERSION; + + type = *p++; + little_endian = type & 1; + type &= ~1; + if(type != AUTH_MSG_SAFE) + return RD_AP_MSG_TYPE; + + start = p; + + p += krb_get_int(p, &m_data->app_length, 4, little_endian); + + if(m_data->app_length + 31 > in_length) + return RD_AP_MODIFIED; + + m_data->app_data = p; + + p += m_data->app_length; + + m_data->time_5ms = *p++; + + p += krb_get_address(p, &src_addr); + + if (!krb_equiv(src_addr, sender->sin_addr.s_addr)) + return RD_AP_BADD; + + p += krb_get_int(p, (u_int32_t *)&m_data->time_sec, 4, little_endian); + m_data->time_sec = lsb_time(m_data->time_sec, sender, receiver); + + gettimeofday(&tv, NULL); + + delta_t = abs((int)((long) tv.tv_sec - m_data->time_sec)); + if (delta_t > CLOCK_SKEW) return RD_AP_TIME; + + /* + * caller must check timestamps for proper order and replays, since + * server might have multiple clients each with its own timestamps + * and we don't assume tightly synchronized clocks. + */ + + { + unsigned char new_checksum[16]; + unsigned char old_checksum[16]; + fixup_quad_cksum(start, p - start, key, + new_checksum, old_checksum, little_endian); + if((dqc_type == DES_QUAD_GUESS || dqc_type == DES_QUAD_NEW) && + memcmp(new_checksum, p, 16) == 0) + dqc_type = DES_QUAD_NEW; + else if((dqc_type == DES_QUAD_GUESS || dqc_type == DES_QUAD_OLD) && + memcmp(old_checksum, p, 16) == 0) + dqc_type = DES_QUAD_OLD; + else + return RD_AP_MODIFIED; + } + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/read_service_key.c b/crypto/kerberosIV/lib/krb/read_service_key.c new file mode 100644 index 0000000..6de5db2 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/read_service_key.c @@ -0,0 +1,116 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: read_service_key.c,v 1.8 1997/03/23 03:53:16 joda Exp $"); + +/* + * The private keys for servers on a given host are stored in a + * "srvtab" file (typically "/etc/srvtab"). This routine extracts + * a given server's key from the file. + * + * read_service_key() takes the server's name ("service"), "instance", + * and "realm" and a key version number "kvno", and looks in the given + * "file" for the corresponding entry, and if found, returns the entry's + * key field in "key". + * + * If "instance" contains the string "*", then it will match + * any instance, and the chosen instance will be copied to that + * string. For this reason it is important that the there is enough + * space beyond the "*" to receive the entry. + * + * If "kvno" is 0, it is treated as a wild card and the first + * matching entry regardless of the "vno" field is returned. + * + * This routine returns KSUCCESS on success, otherwise KFAILURE. + * + * The format of each "srvtab" entry is as follows: + * + * Size Variable Field in file + * ---- -------- ------------- + * string serv server name + * string inst server instance + * string realm server realm + * 1 byte vno server key version # + * 8 bytes key server's key + * ... ... ... + */ + + +int +read_service_key(char *service, /* Service Name */ + char *instance, /* Instance name or "*" */ + char *realm, /* Realm */ + int kvno, /* Key version number */ + char *file, /* Filename */ + char *key) /* Pointer to key to be filled in */ +{ + char serv[SNAME_SZ]; + char inst[INST_SZ]; + char rlm[REALM_SZ]; + unsigned char vno; /* Key version number */ + int wcard; + + int stab; + + if ((stab = open(file, O_RDONLY, 0)) < 0) + return(KFAILURE); + + wcard = (instance[0] == '*') && (instance[1] == '\0'); + + while (getst(stab,serv,SNAME_SZ) > 0) { /* Read sname */ + getst(stab,inst,INST_SZ); /* Instance */ + getst(stab,rlm,REALM_SZ); /* Realm */ + /* Vers number */ + if (read(stab, &vno, 1) != 1) { + close(stab); + return(KFAILURE); + } + /* Key */ + if (read(stab,key,8) != 8) { + close(stab); + return(KFAILURE); + } + /* Is this the right service */ + if (strcmp(serv,service)) + continue; + /* How about instance */ + if (!wcard && strcmp(inst,instance)) + continue; + if (wcard) + strncpy(instance,inst,INST_SZ); + /* Is this the right realm */ + if (strcmp(rlm,realm)) + continue; + + /* How about the key version number */ + if (kvno && kvno != (int) vno) + continue; + + close(stab); + return(KSUCCESS); + } + + /* Can't find the requested service */ + close(stab); + return(KFAILURE); +} diff --git a/crypto/kerberosIV/lib/krb/realm_parse.c b/crypto/kerberosIV/lib/krb/realm_parse.c new file mode 100644 index 0000000..2ce852a --- /dev/null +++ b/crypto/kerberosIV/lib/krb/realm_parse.c @@ -0,0 +1,88 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: realm_parse.c,v 1.10 1997/06/01 03:14:50 assar Exp $"); + +static int +realm_parse(char *realm, int length, const char *file) +{ + FILE *F; + char tr[128]; + char *p; + + if ((F = fopen(file,"r")) == NULL) + return -1; + + while(fgets(tr, sizeof(tr), F)){ + char *unused = NULL; + p = strtok_r(tr, " \t\n\r", &unused); + if(p && strcasecmp(p, realm) == 0){ + fclose(F); + strncpy(realm, p, length); + return 0; + } + } + fclose(F); + return -1; +} + +static const char *const files[] = KRB_CNF_FILES; + +int +krb_realm_parse(char *realm, int length) +{ + int i; + + const char *dir = getenv("KRBCONFDIR"); + + /* First try user specified file */ + if (dir != 0) { + char fname[MaxPathLen]; + + if(k_concat(fname, sizeof(fname), dir, "/krb.conf", NULL) == 0) + if (realm_parse(realm, length, fname) == 0) + return 0; + } + + for (i = 0; files[i] != NULL; i++) + if (realm_parse(realm, length, files[i]) == 0) + return 0; + return -1; +} diff --git a/crypto/kerberosIV/lib/krb/recvauth.c b/crypto/kerberosIV/lib/krb/recvauth.c new file mode 100644 index 0000000..6c96897 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/recvauth.c @@ -0,0 +1,190 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: recvauth.c,v 1.17 1997/03/23 03:53:16 joda Exp $"); + +/* + * krb_recvauth() reads (and optionally responds to) a message sent + * using krb_sendauth(). The "options" argument is a bit-field of + * selected options (see "sendauth.c" for options description). + * The only option relevant to krb_recvauth() is KOPT_DO_MUTUAL + * (mutual authentication requested). The "fd" argument supplies + * a file descriptor to read from (and write to, if mutual authenti- + * cation is requested). + * + * Part of the received message will be a Kerberos ticket sent by the + * client; this is read into the "ticket" argument. The "service" and + * "instance" arguments supply the server's Kerberos name. If the + * "instance" argument is the string "*", it is treated as a wild card + * and filled in during the krb_rd_req() call (see read_service_key()). + * + * The "faddr" and "laddr" give the sending (client) and receiving + * (local server) network addresses. ("laddr" may be left NULL unless + * mutual authentication is requested, in which case it must be set.) + * + * The authentication information extracted from the message is returned + * in "kdata". The "filename" argument indicates the file where the + * server's key can be found. (It is passed on to krb_rd_req().) If + * left null, the default "/etc/srvtab" will be used. + * + * If mutual authentication is requested, the session key schedule must + * be computed in order to reply; this schedule is returned in the + * "schedule" argument. A string containing the application version + * number from the received message is returned in "version", which + * should be large enough to hold a KRB_SENDAUTH_VLEN-character string. + * + * See krb_sendauth() for the format of the received client message. + * + * krb_recvauth() first reads the protocol version string from the + * given file descriptor. If it doesn't match the current protocol + * version (KRB_SENDAUTH_VERS), the old-style format is assumed. In + * that case, the string of characters up to the first space is read + * and interpreted as the ticket length, then the ticket is read. + * + * If the first string did match KRB_SENDAUTH_VERS, krb_recvauth() + * next reads the application protocol version string. Then the + * ticket length and ticket itself are read. + * + * The ticket is decrypted and checked by the call to krb_rd_req(). + * If no mutual authentication is required, the result of the + * krb_rd_req() call is retured by this routine. If mutual authenti- + * cation is required, a message in the following format is returned + * on "fd": + * + * Size Variable Field + * ---- -------- ----- + * + * 4 bytes tkt_len length of ticket or -1 + * if error occurred + * + * priv_len tmp_buf "private" message created + * by krb_mk_priv() which + * contains the incremented + * checksum sent by the client + * encrypted in the session + * key. (This field is not + * present in case of error.) + * + * If all goes well, KSUCCESS is returned; otherwise KFAILURE or some + * other error code is returned. + */ + +static int +send_error_reply(int fd) +{ + unsigned char tmp[4] = { 255, 255, 255, 255 }; + if(krb_net_write(fd, tmp, sizeof(tmp)) != sizeof(tmp)) + return -1; + return 0; +} + +int +krb_recvauth(int32_t options, /* bit-pattern of options */ + int fd, /* file descr. to read from */ + KTEXT ticket, /* storage for client's ticket */ + char *service, /* service expected */ + char *instance, /* inst expected (may be filled in) */ + struct sockaddr_in *faddr, /* address of foreign host on fd */ + struct sockaddr_in *laddr, /* local address */ + AUTH_DAT *kdata, /* kerberos data (returned) */ + char *filename, /* name of file with service keys */ + struct des_ks_struct *schedule, /* key schedule (return) */ + char *version) /* version string (filled in) */ +{ + int cc; + char krb_vers[KRB_SENDAUTH_VLEN + 1]; /* + 1 for the null terminator */ + int rem; + int32_t priv_len; + u_char tmp_buf[MAX_KTXT_LEN+max(KRB_SENDAUTH_VLEN+1,21)]; + + /* read the protocol version number */ + if (krb_net_read(fd, krb_vers, KRB_SENDAUTH_VLEN) != KRB_SENDAUTH_VLEN) + return(errno); + krb_vers[KRB_SENDAUTH_VLEN] = '\0'; + + /* read the application version string */ + if (krb_net_read(fd, version, KRB_SENDAUTH_VLEN) != KRB_SENDAUTH_VLEN) + return(errno); + version[KRB_SENDAUTH_VLEN] = '\0'; + + /* get the length of the ticket */ + { + char tmp[4]; + if (krb_net_read(fd, tmp, 4) != 4) + return -1; + krb_get_int(tmp, &ticket->length, 4, 0); + } + + /* sanity check */ + if (ticket->length <= 0 || ticket->length > MAX_KTXT_LEN) { + if (options & KOPT_DO_MUTUAL) { + if(send_error_reply(fd)) + return -1; + return KFAILURE; + } else + return KFAILURE; /* XXX there may still be junk on the fd? */ + } + + /* read the ticket */ + if (krb_net_read(fd, ticket->dat, ticket->length) != ticket->length) + return -1; + /* + * now have the ticket. decrypt it to get the authenticated + * data. + */ + rem = krb_rd_req(ticket, service, instance, faddr->sin_addr.s_addr, + kdata, filename); + + /* if we are doing mutual auth, compose a response */ + if (options & KOPT_DO_MUTUAL) { + if (rem != KSUCCESS){ + /* the krb_rd_req failed */ + if(send_error_reply(fd)) + return -1; + return rem; + } + + /* add one to the (formerly) sealed checksum, and re-seal it + for return to the client */ + { + unsigned char cs[4]; + krb_put_int(kdata->checksum + 1, cs, 4); +#ifndef NOENCRYPTION + des_key_sched(&kdata->session,schedule); +#endif + priv_len = krb_mk_priv(cs, + tmp_buf+4, + 4, + schedule, + &kdata->session, + laddr, + faddr); + } + /* mk_priv will never fail */ + priv_len += krb_put_int(priv_len, tmp_buf, 4); + + if((cc = krb_net_write(fd, tmp_buf, priv_len)) != priv_len) + return -1; + } + return rem; +} diff --git a/crypto/kerberosIV/lib/krb/resolve.c b/crypto/kerberosIV/lib/krb/resolve.c new file mode 100644 index 0000000..7777c0e --- /dev/null +++ b/crypto/kerberosIV/lib/krb/resolve.c @@ -0,0 +1,288 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" +#include "resolve.h" + +RCSID("$Id: resolve.c,v 1.11 1997/06/01 04:19:20 assar Exp $"); + +#if defined(HAVE_RES_SEARCH) && defined(HAVE_DN_EXPAND) + +#define DECL(X) {#X, T_##X} + +static struct stot{ + char *name; + int type; +}stot[] = { + DECL(A), + DECL(NS), + DECL(CNAME), + DECL(PTR), + DECL(MX), + DECL(TXT), + DECL(AFSDB), + DECL(SRV), + {NULL, 0} +}; + +static int +string_to_type(const char *name) +{ + struct stot *p = stot; + for(p = stot; p->name; p++) + if(strcasecmp(name, p->name) == 0) + return p->type; + return -1; +} + +#if 0 +static char * +type_to_string(int type) +{ + struct stot *p = stot; + for(p = stot; p->name; p++) + if(type == p->type) + return p->name; + return NULL; +} +#endif + +void +dns_free_data(struct dns_reply *r) +{ + struct resource_record *rr; + if(r->q.domain) + free(r->q.domain); + for(rr = r->head; rr;){ + struct resource_record *tmp = rr; + if(rr->domain) + free(rr->domain); + if(rr->u.data) + free(rr->u.data); + rr = rr->next; + free(tmp); + } + free (r); +} + +static struct dns_reply* +parse_reply(unsigned char *data, int len) +{ + unsigned char *p; + char host[128]; + int status; + + struct dns_reply *r; + struct resource_record **rr; + + r = (struct dns_reply*)malloc(sizeof(struct dns_reply)); + memset(r, 0, sizeof(struct dns_reply)); + + p = data; + memcpy(&r->h, p, sizeof(HEADER)); + p += sizeof(HEADER); + status = dn_expand(data, data + len, p, host, sizeof(host)); + if(status < 0){ + dns_free_data(r); + return NULL; + } + r->q.domain = strdup(host); + p += status; + r->q.type = (p[0] << 8 | p[1]); + p += 2; + r->q.class = (p[0] << 8 | p[1]); + p += 2; + rr = &r->head; + while(p < data + len){ + int type, class, ttl, size; + status = dn_expand(data, data + len, p, host, sizeof(host)); + if(status < 0){ + dns_free_data(r); + return NULL; + } + p += status; + type = (p[0] << 8) | p[1]; + p += 2; + class = (p[0] << 8) | p[1]; + p += 2; + ttl = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; + p += 4; + size = (p[0] << 8) | p[1]; + p += 2; + *rr = (struct resource_record*)calloc(1, + sizeof(struct resource_record)); + (*rr)->domain = strdup(host); + (*rr)->type = type; + (*rr)->class = class; + (*rr)->ttl = ttl; + (*rr)->size = size; + switch(type){ + case T_NS: + case T_CNAME: + case T_PTR: + status = dn_expand(data, data + len, p, host, sizeof(host)); + if(status < 0){ + dns_free_data(r); + return NULL; + } + (*rr)->u.txt = strdup(host); + break; + case T_MX: + case T_AFSDB:{ + status = dn_expand(data, data + len, p + 2, host, sizeof(host)); + if(status < 0){ + dns_free_data(r); + return NULL; + } + (*rr)->u.mx = (struct mx_record*)malloc(sizeof(struct mx_record) + + strlen(host)); + (*rr)->u.mx->preference = (p[0] << 8) | p[1]; + strcpy((*rr)->u.mx->domain, host); + break; + } + case T_SRV:{ + status = dn_expand(data, data + len, p + 6, host, sizeof(host)); + if(status < 0){ + dns_free_data(r); + return NULL; + } + (*rr)->u.srv = + (struct srv_record*)malloc(sizeof(struct srv_record) + + strlen(host)); + (*rr)->u.srv->priority = (p[0] << 8) | p[1]; + (*rr)->u.srv->weight = (p[2] << 8) | p[3]; + (*rr)->u.srv->port = (p[4] << 8) | p[5]; + strcpy((*rr)->u.srv->target, host); + break; + } + case T_TXT:{ + (*rr)->u.txt = (char*)malloc(size + 1); + strncpy((*rr)->u.txt, (char*)p + 1, *p); + (*rr)->u.txt[*p] = 0; + break; + } + + default: + (*rr)->u.data = (unsigned char*)malloc(size); + memcpy((*rr)->u.data, p, size); + } + p += size; + rr = &(*rr)->next; + } + *rr = NULL; + return r; +} + + + +struct dns_reply * +dns_lookup(const char *domain, const char *type_name) +{ + unsigned char reply[1024]; + int len; + int type; + struct dns_reply *r = NULL; + + type = string_to_type(type_name); + len = res_search(domain, C_IN, type, reply, sizeof(reply)); + if(len >= 0) + r = parse_reply(reply, len); + return r; +} + +#else /* defined(HAVE_RES_SEARCH) && defined(HAVE_DN_EXPAND) */ + +struct dns_reply * +dns_lookup(const char *domain, const char *type_name) +{ + return NULL; +} + +void +dns_free_data(struct dns_reply *r) +{ +} + +#endif + +#ifdef TEST + +int +main(int argc, char **argv) +{ + struct dns_reply *r; + struct resource_record *rr; + r = dns_lookup(argv[1], argv[2]); + if(r == NULL){ + printf("No reply.\n"); + return 1; + } + for(rr = r->head; rr;rr=rr->next){ + printf("%s %s %d ", rr->domain, type_to_string(rr->type), rr->ttl); + switch(rr->type){ + case T_NS: + printf("%s\n", (char*)rr->data); + break; + case T_A: + printf("%d.%d.%d.%d\n", + ((unsigned char*)rr->data)[0], + ((unsigned char*)rr->data)[1], + ((unsigned char*)rr->data)[2], + ((unsigned char*)rr->data)[3]); + break; + case T_MX: + case T_AFSDB:{ + struct mx_record *mx = (struct mx_record*)rr->data; + printf("%d %s\n", mx->preference, mx->domain); + break; + } + case T_SRV:{ + struct srv_record *srv = (struct srv_record*)rr->data; + printf("%d %d %d %s\n", srv->priority, srv->weight, + srv->port, srv->target); + break; + } + default: + printf("\n"); + break; + } + } + + return 0; +} +#endif diff --git a/crypto/kerberosIV/lib/krb/resolve.h b/crypto/kerberosIV/lib/krb/resolve.h new file mode 100644 index 0000000..dac9993 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/resolve.h @@ -0,0 +1,110 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: resolve.h,v 1.5 1997/05/14 17:41:25 joda Exp $ */ + +/* THIS IS NOT (yet) A PUBLIC INTERFACE */ + + +#ifndef __RESOLVE_H__ +#define __RESOLVE_H__ + +/* We use these, but they are not always present in <arpa/nameser.h> */ + +#ifndef T_TXT +#define T_TXT 16 +#endif +#ifndef T_AFSDB +#define T_AFSDB 18 +#endif +#ifndef T_SRV +#define T_SRV 33 +#endif + +struct dns_query{ + char *domain; + unsigned type; + unsigned class; +}; + +struct mx_record{ + unsigned preference; + char domain[1]; +}; + +struct srv_record{ + unsigned priority; + unsigned weight; + unsigned port; + char target[1]; +}; + +struct resource_record{ + char *domain; + unsigned type; + unsigned class; + unsigned ttl; + unsigned size; + union { + void *data; + struct mx_record *mx; + struct mx_record *afsdb; /* mx and afsdb are identical */ + struct srv_record *srv; + struct in_addr *a; + char *txt; + }u; + struct resource_record *next; +}; + + +#ifndef HAVE_ARPA_NAMESER_H /* XXX */ +typedef int HEADER; /* will never be used */ +#endif + +struct dns_reply{ + HEADER h; + struct dns_query q; + struct resource_record *head; +}; + + +struct dns_reply* dns_lookup(const char *, const char *); + +void dns_free_data(struct dns_reply *r); + +#endif /* __RESOLVE_H__ */ diff --git a/crypto/kerberosIV/lib/krb/rw.c b/crypto/kerberosIV/lib/krb/rw.c new file mode 100644 index 0000000..4b136aa --- /dev/null +++ b/crypto/kerberosIV/lib/krb/rw.c @@ -0,0 +1,128 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* Almost all programs use these routines (implicitly) so it's a good + * place to put the version string. */ + +#include "version.h" + +#include "krb_locl.h" + +RCSID("$Id: rw.c,v 1.8 1997/04/01 08:18:44 joda Exp $"); + +int +krb_get_int(void *f, u_int32_t *to, int size, int lsb) +{ + int i; + unsigned char *from = (unsigned char *)f; + + *to = 0; + if(lsb){ + for(i = size-1; i >= 0; i--) + *to = (*to << 8) | from[i]; + }else{ + for(i = 0; i < size; i++) + *to = (*to << 8) | from[i]; + } + return size; +} + +int +krb_put_int(u_int32_t from, void *to, int size) +{ + int i; + unsigned char *p = (unsigned char *)to; + for(i = size - 1; i >= 0; i--){ + p[i] = from & 0xff; + from >>= 8; + } + return size; +} + + +/* addresses are always sent in network byte order */ + +int +krb_get_address(void *from, u_int32_t *to) +{ + unsigned char *p = (unsigned char*)from; + *to = htonl((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]); + return 4; +} + +int +krb_put_address(u_int32_t addr, void *to) +{ + return krb_put_int(ntohl(addr), to, 4); +} + +int +krb_put_string(char *from, void *to) +{ + strcpy((char *)to, from); + return strlen(from) + 1; +} + +int +krb_get_string(void *from, char *to) +{ + return krb_put_string(from, to); +} + +int +krb_get_nir(void *from, char *name, char *instance, char *realm) +{ + char *p = (char *)from; + + p += krb_get_string(p, name); + p += krb_get_string(p, instance); + if(realm) + p += krb_get_string(p, realm); + return p - (char *)from; +} + +int +krb_put_nir(char *name, char *instance, char *realm, void *to) +{ + char *p = (char *)to; + p += krb_put_string(name, p); + p += krb_put_string(instance, p); + if(realm) + p += krb_put_string(realm, p); + return p - (char *)to; +} diff --git a/crypto/kerberosIV/lib/krb/save_credentials.c b/crypto/kerberosIV/lib/krb/save_credentials.c new file mode 100644 index 0000000..cfd6c07 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/save_credentials.c @@ -0,0 +1,59 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: save_credentials.c,v 1.5 1997/03/23 03:53:17 joda Exp $"); + +/* + * This routine takes a ticket and associated info and calls + * tf_save_cred() to store them in the ticket cache. The peer + * routine for extracting a ticket and associated info from the + * ticket cache is krb_get_cred(). When changes are made to + * this routine, the corresponding changes should be made + * in krb_get_cred() as well. + * + * Returns KSUCCESS if all goes well, otherwise an error returned + * by the tf_init() or tf_save_cred() routines. + */ + +int +save_credentials(char *service, /* Service name */ + char *instance, /* Instance */ + char *realm, /* Auth domain */ + unsigned char *session, /* Session key */ + int lifetime, /* Lifetime */ + int kvno, /* Key version number */ + KTEXT ticket, /* The ticket itself */ + int32_t issue_date) /* The issue time */ +{ + int tf_status; /* return values of the tf_util calls */ + + /* Open and lock the ticket file for writing */ + if ((tf_status = tf_init(TKT_FILE, W_TKT_FIL)) != KSUCCESS) + return(tf_status); + + /* Save credentials by appending to the ticket file */ + tf_status = tf_save_cred(service, instance, realm, session, + lifetime, kvno, ticket, issue_date); + tf_close(); + return (tf_status); +} diff --git a/crypto/kerberosIV/lib/krb/send_to_kdc.c b/crypto/kerberosIV/lib/krb/send_to_kdc.c new file mode 100644 index 0000000..828b34d --- /dev/null +++ b/crypto/kerberosIV/lib/krb/send_to_kdc.c @@ -0,0 +1,251 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: send_to_kdc.c,v 1.39 1997/05/15 21:02:31 joda Exp $"); + +struct host { + struct sockaddr_in addr; + int proto; +}; + +static const char *prog = "send_to_kdc"; +static send_recv(KTEXT pkt, KTEXT rpkt, int f, + struct sockaddr_in *_to, struct host *addrs, + int h_hosts); + +/* + * This file contains two routines, send_to_kdc() and send_recv(). + * send_recv() is a static routine used by send_to_kdc(). + */ + +/* + * send_to_kdc() sends a message to the Kerberos authentication + * server(s) in the given realm and returns the reply message. + * The "pkt" argument points to the message to be sent to Kerberos; + * the "rpkt" argument will be filled in with Kerberos' reply. + * The "realm" argument indicates the realm of the Kerberos server(s) + * to transact with. If the realm is null, the local realm is used. + * + * If more than one Kerberos server is known for a given realm, + * different servers will be queried until one of them replies. + * Several attempts (retries) are made for each server before + * giving up entirely. + * + * If an answer was received from a Kerberos host, KSUCCESS is + * returned. The following errors can be returned: + * + * SKDC_CANT - can't get local realm + * - can't find "kerberos" in /etc/services database + * - can't open socket + * - can't bind socket + * - all ports in use + * - couldn't find any Kerberos host + * + * SKDC_RETRY - couldn't get an answer from any Kerberos server, + * after several retries + */ + +int +send_to_kdc(KTEXT pkt, KTEXT rpkt, char *realm) +{ + int i; + int no_host; /* was a kerberos host found? */ + int retry; + int n_hosts; + int retval; + struct hostent *host; + char lrealm[REALM_SZ]; + struct krb_host *k_host; + struct host *hosts = malloc(sizeof(*hosts)); + + if (hosts == NULL) + return SKDC_CANT; + + /* + * If "realm" is non-null, use that, otherwise get the + * local realm. + */ + if (realm) + strcpy(lrealm, realm); + else + if (krb_get_lrealm(lrealm,1)) { + if (krb_debug) + krb_warning("%s: can't get local realm\n", prog); + return(SKDC_CANT); + } + if (krb_debug) + krb_warning("lrealm is %s\n", lrealm); + + no_host = 1; + /* get an initial allocation */ + n_hosts = 0; + for (i = 1; (k_host = krb_get_host(i, lrealm, 0)); ++i) { + char *p; + + if (krb_debug) + krb_warning("Getting host entry for %s...", k_host->host); + host = gethostbyname(k_host->host); + if (krb_debug) { + krb_warning("%s.\n", + host ? "Got it" : "Didn't get it"); + } + if (!host) + continue; + no_host = 0; /* found at least one */ + while ((p = *(host->h_addr_list)++)) { + hosts = realloc(hosts, sizeof(*hosts) * (n_hosts + 1)); + if (hosts == NULL) + return SKDC_CANT; + memset (&hosts[n_hosts].addr, 0, sizeof(hosts[n_hosts].addr)); + hosts[n_hosts].addr.sin_family = host->h_addrtype; + hosts[n_hosts].addr.sin_port = htons(k_host->port); + hosts[n_hosts].proto = k_host->proto; + memcpy(&hosts[n_hosts].addr.sin_addr, p, + sizeof(hosts[n_hosts].addr.sin_addr)); + ++n_hosts; + if (send_recv(pkt, rpkt, hosts[n_hosts-1].proto, + &hosts[n_hosts-1].addr, hosts, n_hosts)) { + retval = KSUCCESS; + goto rtn; + } + if (krb_debug) { + krb_warning("Timeout, error, or wrong descriptor\n"); + } + } + } + if (no_host) { + if (krb_debug) + krb_warning("%s: can't find any Kerberos host.\n", + prog); + retval = SKDC_CANT; + goto rtn; + } + /* retry each host in sequence */ + for (retry = 0; retry < CLIENT_KRB_RETRY; ++retry) { + for (i = 0; i < n_hosts; ++i) { + if (send_recv(pkt, rpkt, + hosts[i].proto, + &hosts[i].addr, + hosts, + n_hosts)) { + retval = KSUCCESS; + goto rtn; + } + } + } + retval = SKDC_RETRY; +rtn: + free(hosts); + return(retval); +} + +/* + * try to send out and receive message. + * return 1 on success, 0 on failure + */ + +static int +send_recv_it(KTEXT pkt, KTEXT rpkt, int stream, int f, + struct sockaddr_in *_to, struct host *addrs, int n_hosts) +{ + fd_set readfds; + int numsent; + + /* CLIENT_KRB_TIMEOUT indicates the time to wait before + * retrying a server. It's defined in "krb.h". + */ + struct timeval timeout; + timeout.tv_sec = CLIENT_KRB_TIMEOUT; + timeout.tv_usec = 0; + + if (krb_debug) { + if (_to->sin_family == AF_INET) + krb_warning("Sending message to %s...", + inet_ntoa(_to->sin_addr)); + else + krb_warning("Sending message..."); + } + if(stream){ + unsigned char tmp[4]; + krb_put_int(pkt->length, tmp, 4); + if((numsent = send(f, tmp, 4, 0)) != 4){ + if (krb_debug) + krb_warning("sent only %d/%d\n", numsent, 4); + return 0; + } + } + if ((numsent = send(f, pkt->dat, pkt->length, 0)) != pkt->length) { + if (krb_debug) + krb_warning("sent only %d/%d\n",numsent, pkt->length); + return 0; + } + if (krb_debug) + krb_warning("Sent\nWaiting for reply..."); + FD_ZERO(&readfds); + FD_SET(f, &readfds); + /* select - either recv is ready, or timeout */ + /* see if timeout or error or wrong descriptor */ + if (select(f + 1, &readfds, 0, 0, &timeout) < 1 + || !FD_ISSET(f, &readfds)) { + if (krb_debug) + krb_warning("select failed: errno = %d", errno); + return 0; + } + if(stream){ + if(krb_net_read(f, rpkt->dat, sizeof(rpkt->dat)) <= 0) + return 0; + }else{ + if (recv (f, rpkt->dat, sizeof(rpkt->dat), 0) < 0) { + if (krb_debug) + krb_warning("recvfrom: errno = %d\n", errno); + return 0; + } + } + return 1; +} + +static int +send_recv(KTEXT pkt, KTEXT rpkt, int proto, struct sockaddr_in *_to, + struct host *addrs, int n_hosts) +{ + int f; + int ret = 0; + if(proto == IPPROTO_UDP) + f = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); + else if(proto == IPPROTO_TCP) + f = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); + else{ + krb_warning("Unknown protocol `%d'.\n", proto); + return 0; + } + + if(connect(f, (struct sockaddr*)_to, sizeof(*_to)) < 0) + krb_warning("Connecting socket: errno = %d\n", errno); + else + ret = send_recv_it(pkt, rpkt, proto == IPPROTO_TCP, f, + _to, addrs, n_hosts); + + close(f); + return ret; +} + diff --git a/crypto/kerberosIV/lib/krb/sendauth.c b/crypto/kerberosIV/lib/krb/sendauth.c new file mode 100644 index 0000000..4240bcf --- /dev/null +++ b/crypto/kerberosIV/lib/krb/sendauth.c @@ -0,0 +1,163 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: sendauth.c,v 1.15 1997/04/18 14:11:36 joda Exp $"); + +/* + * krb_sendauth() transmits a ticket over a file descriptor for a + * desired service, instance, and realm, doing mutual authentication + * with the server if desired. + */ + +/* + * The first argument to krb_sendauth() contains a bitfield of + * options (the options are defined in "krb.h"): + * + * KOPT_DONT_CANON Don't canonicalize instance as a hostname. + * (If this option is not chosen, krb_get_phost() + * is called to canonicalize it.) + * + * KOPT_DONT_MK_REQ Don't request server ticket from Kerberos. + * A ticket must be supplied in the "ticket" + * argument. + * (If this option is not chosen, and there + * is no ticket for the given server in the + * ticket cache, one will be fetched using + * krb_mk_req() and returned in "ticket".) + * + * KOPT_DO_MUTUAL Do mutual authentication, requiring that the + * receiving server return the checksum+1 encrypted + * in the session key. The mutual authentication + * is done using krb_mk_priv() on the other side + * (see "recvauth.c") and krb_rd_priv() on this + * side. + * + * The "fd" argument is a file descriptor to write to the remote + * server on. The "ticket" argument is used to store the new ticket + * from the krb_mk_req() call. If the KOPT_DONT_MK_REQ options is + * chosen, the ticket must be supplied in the "ticket" argument. + * The "service", "inst", and "realm" arguments identify the ticket. + * If "realm" is null, the local realm is used. + * + * The following arguments are only needed if the KOPT_DO_MUTUAL option + * is chosen: + * + * The "checksum" argument is a number that the server will add 1 to + * to authenticate itself back to the client; the "msg_data" argument + * holds the returned mutual-authentication message from the server + * (i.e., the checksum+1); the "cred" structure is used to hold the + * session key of the server, extracted from the ticket file, for use + * in decrypting the mutual authentication message from the server; + * and "schedule" holds the key schedule for that decryption. The + * the local and server addresses are given in "laddr" and "faddr". + * + * The application protocol version number (of up to KRB_SENDAUTH_VLEN + * characters) is passed in "version". + * + * If all goes well, KSUCCESS is returned, otherwise some error code. + * + * The format of the message sent to the server is: + * + * Size Variable Field + * ---- -------- ----- + * + * KRB_SENDAUTH_VLEN KRB_SENDAUTH_VER sendauth protocol + * bytes version number + * + * KRB_SENDAUTH_VLEN version application protocol + * bytes version number + * + * 4 bytes ticket->length length of ticket + * + * ticket->length ticket->dat ticket itself + */ + +int +krb_sendauth(int32_t options, /* bit-pattern of options */ + int fd, /* file descriptor to write onto */ + KTEXT ticket, /* where to put ticket (return); or + * supplied in case of KOPT_DONT_MK_REQ */ + char *service, /* service name, instance, realm */ + char *instance, + char *realm, + u_int32_t checksum, /* checksum to include in request */ + MSG_DAT *msg_data, /* mutual auth MSG_DAT (return) */ + CREDENTIALS *cred, /* credentials (return) */ + struct des_ks_struct *schedule, /* key schedule (return) */ + struct sockaddr_in *laddr, /* local address */ + struct sockaddr_in *faddr, /* address of foreign host on fd */ + char *version) /* version string */ +{ + int ret; + KTEXT_ST buf; + char realrealm[REALM_SZ]; + + if (realm == NULL) { + ret = krb_get_lrealm (realrealm, 1); + if (ret != KSUCCESS) + return ret; + realm = realrealm; + } + ret = krb_mk_auth (options, ticket, service, instance, realm, checksum, + version, &buf); + if (ret != KSUCCESS) + return ret; + ret = krb_net_write(fd, buf.dat, buf.length); + if(ret < 0) + return -1; + + if (options & KOPT_DO_MUTUAL) { + char tmp[4]; + u_int32_t len; + char inst[INST_SZ]; + + ret = krb_net_read (fd, tmp, 4); + if (ret < 0) + return -1; + + krb_get_int (tmp, &len, 4, 0); + if (len == 0xFFFFFFFF || len > sizeof(buf.dat)) + return KFAILURE; + buf.length = len; + ret = krb_net_read (fd, buf.dat, len); + if (ret < 0) + return -1; + + if (options & KOPT_DONT_CANON) + strncpy (inst, instance, sizeof(inst)); + else + strncpy (inst, krb_get_phost(instance), sizeof(inst)); + + ret = krb_get_cred (service, inst, realm, cred); + if (ret != KSUCCESS) + return ret; + + des_key_sched(&cred->session, schedule); + + ret = krb_check_auth (&buf, checksum, msg_data, &cred->session, + schedule, laddr, faddr); + if (ret != KSUCCESS) + return ret; + } + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/sizetest.c b/crypto/kerberosIV/lib/krb/sizetest.c new file mode 100644 index 0000000..d64bbeb --- /dev/null +++ b/crypto/kerberosIV/lib/krb/sizetest.c @@ -0,0 +1,41 @@ +#include "krb_locl.h" + +RCSID("$Id: sizetest.c,v 1.5 1996/11/15 18:39:19 bg Exp $"); + +static +void +err(const char *msg) +{ + fputs(msg, stderr); + exit(1); +} + +int +main() +{ + if (sizeof(u_int8_t) < 1) + err("sizeof(u_int8_t) is smaller than 1 byte\n"); + if (sizeof(u_int16_t) < 2) + err("sizeof(u_int16_t) is smaller than 2 bytes\n"); + if (sizeof(u_int32_t) < 4) + err("sizeof(u_int32_t) is smaller than 4 bytes\n"); + + if (sizeof(u_int8_t) > 1) + fputs("warning: sizeof(u_int8_t) is larger than 1 byte, " + "some stuff may not work properly!\n", stderr); + + { + u_int8_t u = 1; + int i; + for (i = 0; u != 0 && i < 100; i++) + u <<= 1; + + if (i < 8) + err("u_int8_t is smaller than 8 bits\n"); + else if (i > 8) + fputs("warning: u_int8_t is larger than 8 bits, " + "some stuff may not work properly!\n", stderr); + } + + exit(0); +} diff --git a/crypto/kerberosIV/lib/krb/stime.c b/crypto/kerberosIV/lib/krb/stime.c new file mode 100644 index 0000000..ec57d8f --- /dev/null +++ b/crypto/kerberosIV/lib/krb/stime.c @@ -0,0 +1,35 @@ +/* + * $Id: stime.c,v 1.6 1997/05/02 14:29:20 assar Exp $ + * + * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute + * of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + */ + +#include "krb_locl.h" + +RCSID("$Id: stime.c,v 1.6 1997/05/02 14:29:20 assar Exp $"); + +/* + * Given a pointer to a long containing the number of seconds + * since the beginning of time (midnight 1 Jan 1970 GMT), return + * a string containing the local time in the form: + * + * "25-Jan-1988 10:17:56" + */ + +const char * +krb_stime(time_t *t) +{ + static char st[40]; + struct tm *tm; + + tm = localtime(t); + snprintf(st, sizeof(st), + "%2d-%s-%04d %02d:%02d:%02d",tm->tm_mday, + month_sname(tm->tm_mon + 1),tm->tm_year + 1900, + tm->tm_hour, tm->tm_min, tm->tm_sec); + return st; +} diff --git a/crypto/kerberosIV/lib/krb/str2key.c b/crypto/kerberosIV/lib/krb/str2key.c new file mode 100644 index 0000000..2b00fc1 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/str2key.c @@ -0,0 +1,103 @@ +/* This defines the Andrew string_to_key function. It accepts a password + * string as input and converts its via a one-way encryption algorithm to a DES + * encryption key. It is compatible with the original Andrew authentication + * service password database. + */ + +#include "krb_locl.h" + +RCSID("$Id: str2key.c,v 1.10 1997/03/23 03:53:19 joda Exp $"); + +static void +mklower(char *s) +{ + for (; *s; s++) + if ('A' <= *s && *s <= 'Z') + *s = *s - 'A' + 'a'; +} + +/* + * Short passwords, i.e 8 characters or less. + */ +static void +afs_cmu_StringToKey (char *str, char *cell, des_cblock *key) +{ + char password[8+1]; /* crypt is limited to 8 chars anyway */ + int i; + int passlen; + + memset (key, 0, sizeof(key)); + memset(password, 0, sizeof(password)); + + strncpy (password, cell, 8); + passlen = strlen (str); + if (passlen > 8) passlen = 8; + + for (i=0; i<passlen; i++) + password[i] = str[i] ^ cell[i]; /* make sure cell is zero padded */ + + for (i=0; i<8; i++) + if (password[i] == '\0') password[i] = 'X'; + + /* crypt only considers the first 8 characters of password but for some + reason returns eleven characters of result (plus the two salt chars). */ + strncpy((char *)key, (char *)crypt(password, "#~") + 2, sizeof(des_cblock)); + + /* parity is inserted into the LSB so leftshift each byte up one bit. This + allows ascii characters with a zero MSB to retain as much significance + as possible. */ + { char *keybytes = (char *)key; + unsigned int temp; + + for (i = 0; i < 8; i++) { + temp = (unsigned int) keybytes[i]; + keybytes[i] = (unsigned char) (temp << 1); + } + } + des_fixup_key_parity (key); +} + +/* + * Long passwords, i.e 9 characters or more. + */ +static void +afs_transarc_StringToKey (char *str, char *cell, des_cblock *key) +{ + des_key_schedule schedule; + des_cblock temp_key; + des_cblock ivec; + char password[512]; + int passlen; + + strncpy (password, str, sizeof(password)); + if ((passlen = strlen (password)) < sizeof(password)-1) + strncat (password, cell, sizeof(password)-passlen); + if ((passlen = strlen(password)) > sizeof(password)) passlen = sizeof(password); + + memcpy(&ivec, "kerberos", 8); + memcpy(&temp_key, "kerberos", 8); + des_fixup_key_parity (&temp_key); + des_key_sched (&temp_key, schedule); + des_cbc_cksum ((des_cblock *)password, &ivec, passlen, schedule, &ivec); + + memcpy(&temp_key, &ivec, 8); + des_fixup_key_parity (&temp_key); + des_key_sched (&temp_key, schedule); + des_cbc_cksum ((des_cblock *)password, key, passlen, schedule, &ivec); + + des_fixup_key_parity (key); +} + +void +afs_string_to_key(char *str, char *cell, des_cblock *key) +{ + char realm[REALM_SZ+1]; + strncpy(realm, cell, REALM_SZ); + realm[REALM_SZ] = 0; + mklower(realm); + + if (strlen(str) > 8) + afs_transarc_StringToKey (str, realm, key); + else + afs_cmu_StringToKey (str, realm, key); +} diff --git a/crypto/kerberosIV/lib/krb/swab.c b/crypto/kerberosIV/lib/krb/swab.c new file mode 100644 index 0000000..d68ce3d --- /dev/null +++ b/crypto/kerberosIV/lib/krb/swab.c @@ -0,0 +1,56 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: swab.c,v 1.4 1997/04/01 08:18:45 joda Exp $"); +#endif + +#ifndef HAVE_SWAB +void +swab (char *from, char *to, int nbytes) +{ + while(nbytes >= 2) { + *(to + 1) = *from; + *to = *(from + 1); + to += 2; + from += 2; + nbytes -= 2; + } +} +#endif diff --git a/crypto/kerberosIV/lib/krb/tf_util.c b/crypto/kerberosIV/lib/krb/tf_util.c new file mode 100644 index 0000000..a196448 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/tf_util.c @@ -0,0 +1,645 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: tf_util.c,v 1.24 1997/04/20 06:24:32 assar Exp $"); + + +#define TOO_BIG -1 +#define TF_LCK_RETRY ((unsigned)2) /* seconds to sleep before + * retry if ticket file is + * locked */ +#define TF_LCK_RETRY_COUNT (50) /* number of retries */ + +#ifndef O_BINARY +#define O_BINARY 0 +#endif + +/* + * fd must be initialized to something that won't ever occur as a real + * file descriptor. Since open(2) returns only non-negative numbers as + * valid file descriptors, and tf_init always stuffs the return value + * from open in here even if it is an error flag, we must + * a. Initialize fd to a negative number, to indicate that it is + * not initially valid. + * b. When checking for a valid fd, assume that negative values + * are invalid (ie. when deciding whether tf_init has been + * called.) + * c. In tf_close, be sure it gets reinitialized to a negative + * number. + */ +static int fd = -1; +static int curpos; /* Position in tfbfr */ +static int lastpos; /* End of tfbfr */ +static char tfbfr[BUFSIZ]; /* Buffer for ticket data */ + +static int tf_gets(char *s, int n); +static int tf_read(void *s, int n); + +/* + * This file contains routines for manipulating the ticket cache file. + * + * The ticket file is in the following format: + * + * principal's name (null-terminated string) + * principal's instance (null-terminated string) + * CREDENTIAL_1 + * CREDENTIAL_2 + * ... + * CREDENTIAL_n + * EOF + * + * Where "CREDENTIAL_x" consists of the following fixed-length + * fields from the CREDENTIALS structure (see "krb.h"): + * + * char service[ANAME_SZ] + * char instance[INST_SZ] + * char realm[REALM_SZ] + * C_Block session + * int lifetime + * int kvno + * KTEXT_ST ticket_st + * u_int32_t issue_date + * + * Short description of routines: + * + * tf_init() opens the ticket file and locks it. + * + * tf_get_pname() returns the principal's name. + * + * tf_put_pname() writes the principal's name to the ticket file. + * + * tf_get_pinst() returns the principal's instance (may be null). + * + * tf_put_pinst() writes the instance. + * + * tf_get_cred() returns the next CREDENTIALS record. + * + * tf_save_cred() appends a new CREDENTIAL record to the ticket file. + * + * tf_close() closes the ticket file and releases the lock. + * + * tf_gets() returns the next null-terminated string. It's an internal + * routine used by tf_get_pname(), tf_get_pinst(), and tf_get_cred(). + * + * tf_read() reads a given number of bytes. It's an internal routine + * used by tf_get_cred(). + */ + +/* + * tf_init() should be called before the other ticket file routines. + * It takes the name of the ticket file to use, "tf_name", and a + * read/write flag "rw" as arguments. + * + * It tries to open the ticket file, checks the mode, and if everything + * is okay, locks the file. If it's opened for reading, the lock is + * shared. If it's opened for writing, the lock is exclusive. + * + * Returns KSUCCESS if all went well, otherwise one of the following: + * + * NO_TKT_FIL - file wasn't there + * TKT_FIL_ACC - file was in wrong mode, etc. + * TKT_FIL_LCK - couldn't lock the file, even after a retry + */ + +int +tf_init(char *tf_name, int rw) +{ + /* Unix implementation */ + int wflag; + struct stat stat_buf; + int i_retry; + + switch (rw) { + case R_TKT_FIL: + wflag = 0; + break; + case W_TKT_FIL: + wflag = 1; + break; + default: + if (krb_debug) + krb_warning("tf_init: illegal parameter\n"); + return TKT_FIL_ACC; + } + if (lstat(tf_name, &stat_buf) < 0) + switch (errno) { + case ENOENT: + return NO_TKT_FIL; + default: + return TKT_FIL_ACC; + } + /* The old code tried to guess when the calling program was + * running set-uid, this is now removed - the kerberos library + * does not (or shouldn't) know anything about user-ids. + + * All library functions now assume that the right userids are set + * upon entry, therefore there is no need to test permissions like + * before. If the file is openable, just open it. + */ + + if(!S_ISREG(stat_buf.st_mode)) + return TKT_FIL_ACC; + + + /* + * If "wflag" is set, open the ticket file in append-writeonly mode + * and lock the ticket file in exclusive mode. If unable to lock + * the file, sleep and try again. If we fail again, return with the + * proper error message. + */ + + curpos = sizeof(tfbfr); + + + if (wflag) { + fd = open(tf_name, O_RDWR | O_BINARY, 0600); + if (fd < 0) { + return TKT_FIL_ACC; + } + for (i_retry = 0; i_retry < TF_LCK_RETRY_COUNT; i_retry++) { + if (k_flock(fd, K_LOCK_EX | K_LOCK_NB) < 0) { + if (krb_debug) + krb_warning("tf_init: retry %d of write lock of `%s'.\n", + i_retry, tf_name); + sleep (TF_LCK_RETRY); + } else { + return KSUCCESS; /* all done */ + } + } + close (fd); + fd = -1; + return TKT_FIL_LCK; + } + /* + * Otherwise "wflag" is not set and the ticket file should be opened + * for read-only operations and locked for shared access. + */ + + fd = open(tf_name, O_RDONLY | O_BINARY, 0600); + if (fd < 0) { + return TKT_FIL_ACC; + } + + for (i_retry = 0; i_retry < TF_LCK_RETRY_COUNT; i_retry++) { + if (k_flock(fd, K_LOCK_SH | K_LOCK_NB) < 0) { + if (krb_debug) + krb_warning("tf_init: retry %d of read lock of `%s'.\n", + i_retry, tf_name); + sleep (TF_LCK_RETRY); + } else { + return KSUCCESS; /* all done */ + } + } + /* failure */ + close(fd); + fd = -1; + return TKT_FIL_LCK; +} + +/* + * tf_create() should be called when creating a new ticket file. + * The only argument is the name of the ticket file. + * After calling this, it should be possible to use other tf_* functions. + * + * New algoritm for creating ticket file: + * 1. try to erase contents of existing file. + * 2. try to remove old file. + * 3. try to open with O_CREAT and O_EXCL + * 4. if this fails, someone has created a file in between 1 and 2 and + * we should fail. Otherwise, all is wonderful. + */ + +int +tf_create(char *tf_name) +{ + struct stat statbuf; + char garbage[BUFSIZ]; + + fd = open(tf_name, O_RDWR | O_BINARY, 0); + if (fd >= 0) { + if (fstat (fd, &statbuf) == 0) { + int i; + + for (i = 0; i < statbuf.st_size; i += sizeof(garbage)) + write (fd, garbage, sizeof(garbage)); + } + close (fd); + } + + if (unlink (tf_name) && errno != ENOENT) + return TKT_FIL_ACC; + + fd = open(tf_name, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600); + if (fd < 0) + return TKT_FIL_ACC; + if (k_flock(fd, K_LOCK_EX | K_LOCK_NB) < 0) { + sleep(TF_LCK_RETRY); + if (k_flock(fd, K_LOCK_EX | K_LOCK_NB) < 0) { + close(fd); + fd = -1; + return TKT_FIL_LCK; + } + } + return KSUCCESS; +} + +/* + * tf_get_pname() reads the principal's name from the ticket file. It + * should only be called after tf_init() has been called. The + * principal's name is filled into the "p" parameter. If all goes well, + * KSUCCESS is returned. If tf_init() wasn't called, TKT_FIL_INI is + * returned. If the name was null, or EOF was encountered, or the name + * was longer than ANAME_SZ, TKT_FIL_FMT is returned. + */ + +int +tf_get_pname(char *p) +{ + if (fd < 0) { + if (krb_debug) + krb_warning("tf_get_pname called before tf_init.\n"); + return TKT_FIL_INI; + } + if (tf_gets(p, ANAME_SZ) < 2) /* can't be just a null */ + { + if (krb_debug) + krb_warning ("tf_get_pname: pname < 2.\n"); + return TKT_FIL_FMT; + } + return KSUCCESS; +} + +/* + * tf_put_pname() sets the principal's name in the ticket file. Call + * after tf_create(). + */ + +int +tf_put_pname(char *p) +{ + unsigned count; + + if (fd < 0) { + if (krb_debug) + krb_warning("tf_put_pname called before tf_create.\n"); + return TKT_FIL_INI; + } + count = strlen(p)+1; + if (write(fd,p,count) != count) + return(KFAILURE); + return KSUCCESS; +} + +/* + * tf_get_pinst() reads the principal's instance from a ticket file. + * It should only be called after tf_init() and tf_get_pname() have been + * called. The instance is filled into the "inst" parameter. If all + * goes well, KSUCCESS is returned. If tf_init() wasn't called, + * TKT_FIL_INI is returned. If EOF was encountered, or the instance + * was longer than ANAME_SZ, TKT_FIL_FMT is returned. Note that the + * instance may be null. + */ + +int +tf_get_pinst(char *inst) +{ + if (fd < 0) { + if (krb_debug) + krb_warning("tf_get_pinst called before tf_init.\n"); + return TKT_FIL_INI; + } + if (tf_gets(inst, INST_SZ) < 1) + { + if (krb_debug) + krb_warning("tf_get_pinst: inst_sz < 1.\n"); + return TKT_FIL_FMT; + } + return KSUCCESS; +} + +/* + * tf_put_pinst writes the principal's instance to the ticket file. + * Call after tf_create. + */ + +int +tf_put_pinst(char *inst) +{ + unsigned count; + + if (fd < 0) { + if (krb_debug) + krb_warning("tf_put_pinst called before tf_create.\n"); + return TKT_FIL_INI; + } + count = strlen(inst)+1; + if (write(fd,inst,count) != count) + return(KFAILURE); + return KSUCCESS; +} + +/* + * tf_get_cred() reads a CREDENTIALS record from a ticket file and fills + * in the given structure "c". It should only be called after tf_init(), + * tf_get_pname(), and tf_get_pinst() have been called. If all goes well, + * KSUCCESS is returned. Possible error codes are: + * + * TKT_FIL_INI - tf_init wasn't called first + * TKT_FIL_FMT - bad format + * EOF - end of file encountered + */ + +int +tf_get_cred(CREDENTIALS *c) +{ + KTEXT ticket = &c->ticket_st; /* pointer to ticket */ + int k_errno; + + if (fd < 0) { + if (krb_debug) + krb_warning ("tf_get_cred called before tf_init.\n"); + return TKT_FIL_INI; + } + if ((k_errno = tf_gets(c->service, SNAME_SZ)) < 2) + switch (k_errno) { + case TOO_BIG: + if (krb_debug) + krb_warning("tf_get_cred: too big service cred.\n"); + case 1: /* can't be just a null */ + tf_close(); + if (krb_debug) + krb_warning("tf_get_cred: null service cred.\n"); + return TKT_FIL_FMT; + case 0: + return EOF; + } + if ((k_errno = tf_gets(c->instance, INST_SZ)) < 1) + switch (k_errno) { + case TOO_BIG: + if (krb_debug) + krb_warning ("tf_get_cred: too big instance cred.\n"); + return TKT_FIL_FMT; + case 0: + return EOF; + } + if ((k_errno = tf_gets(c->realm, REALM_SZ)) < 2) + switch (k_errno) { + case TOO_BIG: + if (krb_debug) + krb_warning ("tf_get_cred: too big realm cred.\n"); + case 1: /* can't be just a null */ + tf_close(); + if (krb_debug) + krb_warning ("tf_get_cred: null realm cred.\n"); + return TKT_FIL_FMT; + case 0: + return EOF; + } + if ( + tf_read((c->session), DES_KEY_SZ) < 1 || + tf_read(&(c->lifetime), sizeof(c->lifetime)) < 1 || + tf_read(&(c->kvno), sizeof(c->kvno)) < 1 || + tf_read(&(ticket->length), sizeof(ticket->length)) + < 1 || + /* don't try to read a silly amount into ticket->dat */ + ticket->length > MAX_KTXT_LEN || + tf_read((ticket->dat), ticket->length) < 1 || + tf_read(&(c->issue_date), sizeof(c->issue_date)) < 1 + ) { + tf_close(); + if (krb_debug) + krb_warning ("tf_get_cred: failed tf_read.\n"); + return TKT_FIL_FMT; + } + return KSUCCESS; +} + +/* + * tf_close() closes the ticket file and sets "fd" to -1. If "fd" is + * not a valid file descriptor, it just returns. It also clears the + * buffer used to read tickets. + * + * The return value is not defined. + */ + +void +tf_close(void) +{ + if (!(fd < 0)) { + k_flock(fd, K_LOCK_UN); + close(fd); + fd = -1; /* see declaration of fd above */ + } + memset(tfbfr, 0, sizeof(tfbfr)); +} + +/* + * tf_gets() is an internal routine. It takes a string "s" and a count + * "n", and reads from the file until either it has read "n" characters, + * or until it reads a null byte. When finished, what has been read exists + * in "s". If it encounters EOF or an error, it closes the ticket file. + * + * Possible return values are: + * + * n the number of bytes read (including null terminator) + * when all goes well + * + * 0 end of file or read error + * + * TOO_BIG if "count" characters are read and no null is + * encountered. This is an indication that the ticket + * file is seriously ill. + */ + +static int +tf_gets(char *s, int n) +{ + int count; + + if (fd < 0) { + if (krb_debug) + krb_warning ("tf_gets called before tf_init.\n"); + return TKT_FIL_INI; + } + for (count = n - 1; count > 0; --count) { + if (curpos >= sizeof(tfbfr)) { + lastpos = read(fd, tfbfr, sizeof(tfbfr)); + curpos = 0; + } + if (curpos == lastpos) { + tf_close(); + return 0; + } + *s = tfbfr[curpos++]; + if (*s++ == '\0') + return (n - count); + } + tf_close(); + return TOO_BIG; +} + +/* + * tf_read() is an internal routine. It takes a string "s" and a count + * "n", and reads from the file until "n" bytes have been read. When + * finished, what has been read exists in "s". If it encounters EOF or + * an error, it closes the ticket file. + * + * Possible return values are: + * + * n the number of bytes read when all goes well + * + * 0 on end of file or read error + */ + +static int +tf_read(void *v, int n) +{ + char *s = (char *)v; + int count; + + for (count = n; count > 0; --count) { + if (curpos >= sizeof(tfbfr)) { + lastpos = read(fd, tfbfr, sizeof(tfbfr)); + curpos = 0; + } + if (curpos == lastpos) { + tf_close(); + return 0; + } + *s++ = tfbfr[curpos++]; + } + return n; +} + +/* + * tf_save_cred() appends an incoming ticket to the end of the ticket + * file. You must call tf_init() before calling tf_save_cred(). + * + * The "service", "instance", and "realm" arguments specify the + * server's name; "session" contains the session key to be used with + * the ticket; "kvno" is the server key version number in which the + * ticket is encrypted, "ticket" contains the actual ticket, and + * "issue_date" is the time the ticket was requested (local host's time). + * + * Returns KSUCCESS if all goes well, TKT_FIL_INI if tf_init() wasn't + * called previously, and KFAILURE for anything else that went wrong. + */ + +int +tf_save_cred(char *service, /* Service name */ + char *instance, /* Instance */ + char *realm, /* Auth domain */ + unsigned char *session, /* Session key */ + int lifetime, /* Lifetime */ + int kvno, /* Key version number */ + KTEXT ticket, /* The ticket itself */ + u_int32_t issue_date) /* The issue time */ +{ + int count; /* count for write */ + + if (fd < 0) { /* fd is ticket file as set by tf_init */ + if (krb_debug) + krb_warning ("tf_save_cred called before tf_init.\n"); + return TKT_FIL_INI; + } + /* Find the end of the ticket file */ + lseek(fd, 0L, SEEK_END); + + /* Write the ticket and associated data */ + /* Service */ + count = strlen(service) + 1; + if (write(fd, service, count) != count) + goto bad; + /* Instance */ + count = strlen(instance) + 1; + if (write(fd, instance, count) != count) + goto bad; + /* Realm */ + count = strlen(realm) + 1; + if (write(fd, realm, count) != count) + goto bad; + /* Session key */ + if (write(fd, session, 8) != 8) + goto bad; + /* Lifetime */ + if (write(fd, &lifetime, sizeof(int)) != sizeof(int)) + goto bad; + /* Key vno */ + if (write(fd, &kvno, sizeof(int)) != sizeof(int)) + goto bad; + /* Tkt length */ + if (write(fd, &(ticket->length), sizeof(int)) != + sizeof(int)) + goto bad; + /* Ticket */ + count = ticket->length; + if (write(fd, ticket->dat, count) != count) + goto bad; + /* Issue date */ + if (write(fd, &issue_date, sizeof(issue_date)) != sizeof(issue_date)) + goto bad; + + return (KSUCCESS); +bad: + return (KFAILURE); +} + +int +tf_setup(CREDENTIALS *cred, char *pname, char *pinst) +{ + int ret; + ret = tf_create(tkt_string()); + if (ret != KSUCCESS) + return ret; + + if (tf_put_pname(pname) != KSUCCESS || + tf_put_pinst(pinst) != KSUCCESS) { + tf_close(); + return INTK_ERR; + } + + ret = tf_save_cred(cred->service, cred->instance, cred->realm, + cred->session, cred->lifetime, cred->kvno, + &cred->ticket_st, cred->issue_date); + tf_close(); + return ret; +} + +int +in_tkt(char *pname, char *pinst) +{ + int ret; + + ret = tf_create (tkt_string()); + if (ret != KSUCCESS) + return ret; + + if (tf_put_pname(pname) != KSUCCESS || + tf_put_pinst(pinst) != KSUCCESS) { + tf_close(); + return INTK_ERR; + } + + tf_close(); + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/ticket_memory.c b/crypto/kerberosIV/lib/krb/ticket_memory.c new file mode 100644 index 0000000..04e20b6 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/ticket_memory.c @@ -0,0 +1,438 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* ticket_memory.c - Storage for tickets in memory + * Author: d93-jka@nada.kth.se - June 1996 + */ + +#define WIN32_LEAN_AND_MEAN +#include <Windows.h> +#include "krb_locl.h" +#include "ticket_memory.h" + +RCSID("$Id: ticket_memory.c,v 1.9 1997/04/20 18:07:36 assar Exp $"); + +void msg(char *text, int error); + +/* Global variables for memory mapping. */ +HANDLE SharedMemoryHandle; +tktmem *SharedMemory; + +static int CredIndex = -1; + +int +newTktMem(const char *tf_name) +{ + if(!SharedMemory) + { + unsigned int MemorySize = sizeof(tktmem); + unsigned int MemorySizeHi = sizeof(tktmem)>>16; + unsigned int MemorySizeLo = MemorySize&0xFFFF; + SharedMemoryHandle = CreateFileMapping((HANDLE)(int)-1, 0, + PAGE_READWRITE, + MemorySizeHi, MemorySizeLo, + "krb_memory"); + + if(!SharedMemoryHandle) + { + msg("Could not create shared memory.", GetLastError()); + return KFAILURE; + } + + SharedMemory = MapViewOfFile(SharedMemoryHandle, + FILE_MAP_WRITE, 0, 0, 0); + if(!SharedMemory) + { + msg("Unable to alloc shared memory.", GetLastError()); + return KFAILURE; + } + if(GetLastError() != ERROR_ALREADY_EXISTS) + { + if(tf_name) + strcpy(SharedMemory->tmname, tf_name); + SharedMemory->last_cred_no = 0; + } + } + + CredIndex = 0; + return KSUCCESS; +} + +int +freeTktMem(const char *tf_name) +{ + if(SharedMemory) + { + UnmapViewOfFile(SharedMemory); + CloseHandle(SharedMemoryHandle); + } + return KSUCCESS; +} + + + +tktmem * +getTktMem(const char *tf_name) +{ + return SharedMemory; +} + +void +firstCred(void) +{ + if(getTktMem(0)->last_cred_no > 0) + CredIndex = 0; + else + CredIndex = -1; +} + +int +nextCredIndex(void) +{ + const tktmem *mem; + int last; + mem = getTktMem(0); + last = mem->last_cred_no; + if(CredIndex >= 0 && CredIndex < last ) + return CredIndex++; + else + return CredIndex = -1; +} + +int +currCredIndex(void) +{ + const tktmem *mem; + int last; + mem = getTktMem(0); + last = mem->last_cred_no; + if(CredIndex >= 0 && CredIndex < last) + return CredIndex; + else + return CredIndex = -1; +} + +int +nextFreeIndex(void) +{ + tktmem *mem = getTktMem(0); + if(mem->last_cred_no > CRED_VEC_SZ) + return -1; + else + return mem->last_cred_no++; +} + +/* + * in_tkt() is used to initialize the ticket store. It creates the + * file to contain the tickets and writes the given user's name "pname" + * and instance "pinst" in the file. in_tkt() returns KSUCCESS on + * success, or KFAILURE if something goes wrong. + */ + +int +in_tkt(char *pname, char *pinst) +{ + /* Here goes code to initialize shared memory, to store tickets in. */ + /* Implemented somewhere else. */ + return KFAILURE; +} + +/* + * dest_tkt() is used to destroy the ticket store upon logout. + * If the ticket file does not exist, dest_tkt() returns RET_TKFIL. + * Otherwise the function returns RET_OK on success, KFAILURE on + * failure. + * + * The ticket file (TKT_FILE) is defined in "krb.h". + */ + +int +dest_tkt(void) +{ + /* Here goes code to destroy tickets in shared memory. */ + /* Not implemented yet. */ + return KFAILURE; +} + +/* Short description of routines: + * + * tf_init() opens the ticket file and locks it. + * + * tf_get_pname() returns the principal's name. + * + * tf_put_pname() writes the principal's name to the ticket file. + * + * tf_get_pinst() returns the principal's instance (may be null). + * + * tf_put_pinst() writes the instance. + * + * tf_get_cred() returns the next CREDENTIALS record. + * + * tf_save_cred() appends a new CREDENTIAL record to the ticket file. + * + * tf_close() closes the ticket file and releases the lock. + * + * tf_gets() returns the next null-terminated string. It's an internal + * routine used by tf_get_pname(), tf_get_pinst(), and tf_get_cred(). + * + * tf_read() reads a given number of bytes. It's an internal routine + * used by tf_get_cred(). + */ + +/* + * tf_init() should be called before the other ticket file routines. + * It takes the name of the ticket file to use, "tf_name", and a + * read/write flag "rw" as arguments. + * + * Returns KSUCCESS if all went well, otherwise one of the following: + * + * NO_TKT_FIL - file wasn't there + * TKT_FIL_ACC - file was in wrong mode, etc. + * TKT_FIL_LCK - couldn't lock the file, even after a retry + */ + +int +tf_init(char *tf_name, int rw) +{ + if(!getTktMem(tf_name)) + return NO_TKT_FIL; + firstCred(); + return KSUCCESS; +} + +/* + * tf_create() should be called when creating a new ticket file. + * The only argument is the name of the ticket file. + * After calling this, it should be possible to use other tf_* functions. + */ + +int +tf_create(char *tf_name) +{ + if(newTktMem(tf_name) != KSUCCESS) + return NO_TKT_FIL; + return KSUCCESS; +} + +/* + * tf_get_pname() reads the principal's name from the ticket file. It + * should only be called after tf_init() has been called. The + * principal's name is filled into the "p" parameter. If all goes well, + * KSUCCESS is returned. If tf_init() wasn't called, TKT_FIL_INI is + * returned. If the name was null, or EOF was encountered, or the name + * was longer than ANAME_SZ, TKT_FIL_FMT is returned. + */ + +int +tf_get_pname(char *p) +{ + tktmem *TktStore; + + if(!(TktStore = getTktMem(0))) + return KFAILURE; + if(!TktStore->pname) + return KFAILURE; + strcpy(p, TktStore->pname); + return KSUCCESS; +} + +/* + * tf_put_pname() sets the principal's name in the ticket file. Call + * after tf_create(). + */ + +int +tf_put_pname(char *p) +{ + tktmem *TktStore; + + if(!(TktStore = getTktMem(0))) + return KFAILURE; + if(!TktStore->pname) + return KFAILURE; + strcpy(TktStore->pname, p); + return KSUCCESS; +} + +/* + * tf_get_pinst() reads the principal's instance from a ticket file. + * It should only be called after tf_init() and tf_get_pname() have been + * called. The instance is filled into the "inst" parameter. If all + * goes well, KSUCCESS is returned. If tf_init() wasn't called, + * TKT_FIL_INI is returned. If EOF was encountered, or the instance + * was longer than ANAME_SZ, TKT_FIL_FMT is returned. Note that the + * instance may be null. + */ + +int +tf_get_pinst(char *inst) +{ + tktmem *TktStore; + + if(!(TktStore = getTktMem(0))) + return KFAILURE; + if(!TktStore->pinst) + return KFAILURE; + strcpy(inst, TktStore->pinst); + return KSUCCESS; +} + +/* + * tf_put_pinst writes the principal's instance to the ticket file. + * Call after tf_create. + */ + +int +tf_put_pinst(char *inst) +{ + tktmem *TktStore; + + if(!(TktStore = getTktMem(0))) + return KFAILURE; + if(!TktStore->pinst) + return KFAILURE; + strcpy(TktStore->pinst, inst); + return KSUCCESS; +} + +/* + * tf_get_cred() reads a CREDENTIALS record from a ticket file and fills + * in the given structure "c". It should only be called after tf_init(), + * tf_get_pname(), and tf_get_pinst() have been called. If all goes well, + * KSUCCESS is returned. Possible error codes are: + * + * TKT_FIL_INI - tf_init wasn't called first + * TKT_FIL_FMT - bad format + * EOF - end of file encountered + */ + +int +tf_get_cred(CREDENTIALS *c) +{ + int index; + CREDENTIALS *cred; + tktmem *TktStore; + + if(!(TktStore = getTktMem(0))) + return KFAILURE; + if((index = nextCredIndex()) == -1) + return EOF; + if(!(cred = TktStore->cred_vec+index)) + return KFAILURE; + if(!c) + return KFAILURE; + memcpy(c, cred, sizeof(*c)); + return KSUCCESS; +} + +/* + * tf_close() closes the ticket file and sets "fd" to -1. If "fd" is + * not a valid file descriptor, it just returns. It also clears the + * buffer used to read tickets. + */ + +void +tf_close(void) +{ +} + +/* + * tf_save_cred() appends an incoming ticket to the end of the ticket + * file. You must call tf_init() before calling tf_save_cred(). + * + * The "service", "instance", and "realm" arguments specify the + * server's name; "session" contains the session key to be used with + * the ticket; "kvno" is the server key version number in which the + * ticket is encrypted, "ticket" contains the actual ticket, and + * "issue_date" is the time the ticket was requested (local host's time). + * + * Returns KSUCCESS if all goes well, TKT_FIL_INI if tf_init() wasn't + * called previously, and KFAILURE for anything else that went wrong. + */ + +int +tf_save_cred(char *service, /* Service name */ + char *instance, /* Instance */ + char *realm, /* Auth domain */ + unsigned char *session, /* Session key */ + int lifetime, /* Lifetime */ + int kvno, /* Key version number */ + KTEXT ticket, /* The ticket itself */ + u_int32_t issue_date) /* The issue time */ +{ + CREDENTIALS *cred; + tktmem *mem = getTktMem(0); + int last = nextFreeIndex(); + + if(last == -1) + return KFAILURE; + cred = mem->cred_vec+last; + strcpy(cred->service, service); + strcpy(cred->instance, instance); + strcpy(cred->realm, realm); + strcpy(cred->session, session); + cred->lifetime = lifetime; + cred->kvno = kvno; + memcpy(&(cred->ticket_st), ticket, sizeof(*ticket)); + cred->issue_date = issue_date; + strcpy(cred->pname, mem->pname); + strcpy(cred->pinst, mem->pinst); + return KSUCCESS; +} + + +int +tf_setup(CREDENTIALS *cred, char *pname, char *pinst) +{ + int ret; + ret = tf_create(tkt_string()); + if (ret != KSUCCESS) + return ret; + + if (tf_put_pname(pname) != KSUCCESS || + tf_put_pinst(pinst) != KSUCCESS) { + tf_close(); + return INTK_ERR; + } + + ret = tf_save_cred(cred->service, cred->instance, cred->realm, + cred->session, cred->lifetime, cred->kvno, + &cred->ticket_st, cred->issue_date); + tf_close(); + return ret; +} diff --git a/crypto/kerberosIV/lib/krb/ticket_memory.h b/crypto/kerberosIV/lib/krb/ticket_memory.h new file mode 100644 index 0000000..e85e1a4 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/ticket_memory.h @@ -0,0 +1,69 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* ticket_memory.h - Storage for tickets in memory + * Author: d93-jka@nada.kth.se - June 1996 + */ + +/* $Id: ticket_memory.h,v 1.6 1997/04/20 06:25:12 assar Exp $ */ + +#ifndef TICKET_MEMORY_H +#define TICKET_MEMORY_H + +#include "krb_locl.h" + +#define CRED_VEC_SZ 20 + +typedef struct _tktmem +{ + char tmname[64]; + char pname[ANAME_SZ]; /* Principal's name */ + char pinst[INST_SZ]; /* Principal's instance */ + int last_cred_no; + CREDENTIALS cred_vec[CRED_VEC_SZ]; +} tktmem; + +int newTktMem(const char *tf_name); +int freeTktMem(const char *tf_name); +tktmem *getTktMem(const char *tf_name); +void firstCred(void); +int nextCredIndex(void); +int currCredIndex(void); +int nextFreeIndex(void); + +#endif /* TICKET_MEMORY_H */ diff --git a/crypto/kerberosIV/lib/krb/tkt_string.c b/crypto/kerberosIV/lib/krb/tkt_string.c new file mode 100644 index 0000000..2914abb --- /dev/null +++ b/crypto/kerberosIV/lib/krb/tkt_string.c @@ -0,0 +1,85 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: tkt_string.c,v 1.10 1997/05/02 14:54:26 assar Exp $"); + +/* + * This routine is used to generate the name of the file that holds + * the user's cache of server tickets and associated session keys. + * + * If it is set, krb_ticket_string contains the ticket file name. + * Otherwise, the filename is constructed as follows: + * + * If it is set, the environment variable "KRBTKFILE" will be used as + * the ticket file name. Otherwise TKT_ROOT (defined in "krb.h") and + * the user's uid are concatenated to produce the ticket file name + * (e.g., "/tmp/tkt123"). A pointer to the string containing the ticket + * file name is returned. + */ + +static char krb_ticket_string[MaxPathLen] = ""; + +#ifndef HAVE_GETUID +int getuid(void) +{ + return 27; +} +#endif + +char *tkt_string(void) +{ + char *env; + + if (!*krb_ticket_string) { + if ((env = getenv("KRBTKFILE"))) { + strncpy(krb_ticket_string, env, + sizeof(krb_ticket_string)-1); + krb_ticket_string[sizeof(krb_ticket_string)-1] = '\0'; + } else { + snprintf(krb_ticket_string, sizeof(krb_ticket_string), + "%s%u",TKT_ROOT,(unsigned)getuid()); + } + } + return krb_ticket_string; +} + +/* + * This routine is used to set the name of the file that holds the user's + * cache of server tickets and associated session keys. + * + * The value passed in is copied into local storage. + * + * NOTE: This routine should be called during initialization, before other + * Kerberos routines are called; otherwise tkt_string() above may be called + * and return an undesired ticket file name until this routine is called. + */ + +void +krb_set_tkt_string(char *val) +{ + + strncpy(krb_ticket_string, val, sizeof(krb_ticket_string)-1); + krb_ticket_string[sizeof(krb_ticket_string)-1] = '\0'; + + return; +} diff --git a/crypto/kerberosIV/lib/krb/unparse_name.c b/crypto/kerberosIV/lib/krb/unparse_name.c new file mode 100644 index 0000000..ddb938f --- /dev/null +++ b/crypto/kerberosIV/lib/krb/unparse_name.c @@ -0,0 +1,105 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: unparse_name.c,v 1.7 1997/04/01 08:18:46 joda Exp $"); + +static void +quote_string(char *quote, char *from, char *to) +{ + while(*from){ + if(strchr(quote, *from)) + *to++ = '\\'; + *to++ = *from++; + } + *to = 0; +} + +/* To be compatible with old functions, we quote differently in each + part of the principal*/ + +char * +krb_unparse_name_r(krb_principal *pr, char *fullname) +{ + quote_string("'@\\", pr->name, fullname); + if(pr->instance[0]){ + strcat(fullname, "."); + quote_string("@\\", pr->instance, fullname + strlen(fullname)); + } + if(pr->realm[0]){ + strcat(fullname, "@"); + quote_string("\\", pr->realm, fullname + strlen(fullname)); + } + return fullname; +} + +char * +krb_unparse_name_long_r(char *name, char *instance, char *realm, + char *fullname) +{ + krb_principal pr; + memset(&pr, 0, sizeof(pr)); + strcpy(pr.name, name); + if(instance) + strcpy(pr.instance, instance); + if(realm) + strcpy(pr.realm, realm); + return krb_unparse_name_r(&pr, fullname); +} + +char * +krb_unparse_name(krb_principal *pr) +{ + static char principal[MAX_K_NAME_SZ]; + krb_unparse_name_r(pr, principal); + return principal; +} + +char * +krb_unparse_name_long(char *name, char *instance, char *realm) +{ + krb_principal pr; + memset(&pr, 0, sizeof(pr)); + strcpy(pr.name, name); + if(instance) + strcpy(pr.instance, instance); + if(realm) + strcpy(pr.realm, realm); + return krb_unparse_name(&pr); +} diff --git a/crypto/kerberosIV/lib/krb/util.c b/crypto/kerberosIV/lib/krb/util.c new file mode 100644 index 0000000..7b77bb8 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/util.c @@ -0,0 +1,64 @@ +/* + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * Miscellaneous debug printing utilities + */ + +#include "krb_locl.h" + +RCSID("$Id: util.c,v 1.6 1996/10/05 00:18:34 joda Exp $"); + +/* + * Print some of the contents of the given authenticator structure + * (AUTH_DAT defined in "krb.h"). Fields printed are: + * + * pname, pinst, prealm, netaddr, flags, cksum, timestamp, session + */ + +void +ad_print(AUTH_DAT *x) +{ + /* + * Print the contents of an auth_dat struct. + */ + struct in_addr address; + address.s_addr = x->address; + printf("\n%s %s %s %s flags %u cksum 0x%X\n\ttkt_tm 0x%X sess_key", + x->pname, x->pinst, x->prealm, + inet_ntoa(address), x->k_flags, + x->checksum, x->time_sec); + printf("[8] ="); +#ifdef NOENCRYPTION + placebo_cblock_print(x->session); +#else + des_cblock_print_file(&x->session,stdout); +#endif + /* skip reply for now */ +} + +/* + * Print in hex the 8 bytes of the given session key. + * + * Printed format is: " 0x { x, x, x, x, x, x, x, x }" + */ + +#ifdef NOENCRYPTION +placebo_cblock_print(x) + des_cblock x; +{ + unsigned char *y = (unsigned char *) x; + int i = 0; + + printf(" 0x { "); + + while (i++ <8) { + printf("%x",*y++); + if (i<8) printf(", "); + } + printf(" }"); +} +#endif diff --git a/crypto/kerberosIV/lib/krb/verify_user.c b/crypto/kerberosIV/lib/krb/verify_user.c new file mode 100644 index 0000000..ce22b59 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/verify_user.c @@ -0,0 +1,111 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: verify_user.c,v 1.8 1997/04/01 08:18:46 joda Exp $"); + +/* Verify user with password. If secure, also verify against local + * service key, this can (usually) only be done by root. + * + * As a side effect, fresh tickets are obtained. + * + * Returns zero if ok, a positive kerberos error or -1 for system + * errors. + */ + +int +krb_verify_user(char *name, char *instance, char *realm, char *password, + int secure, char *linstance) +{ + int ret; + ret = krb_get_pw_in_tkt(name, instance, realm, + KRB_TICKET_GRANTING_TICKET, + realm, + DEFAULT_TKT_LIFE, password); + if(ret != KSUCCESS) + return ret; + + if(secure){ + struct hostent *hp; + int32_t addr; + + KTEXT_ST ticket; + AUTH_DAT auth; + + char lrealm[REALM_SZ]; + char hostname[MaxHostNameLen]; + char *phost; + + if (k_gethostname(hostname, sizeof(hostname)) == -1) { + dest_tkt(); + return -1; + } + + hp = gethostbyname(hostname); + if(hp == NULL){ + dest_tkt(); + return -1; + } + memcpy(&addr, hp->h_addr, sizeof(addr)); + + ret = krb_get_lrealm(lrealm, 1); + if(ret != KSUCCESS){ + dest_tkt(); + return ret; + } + phost = krb_get_phost(hostname); + + if (linstance == NULL) + linstance = "rcmd"; + + ret = krb_mk_req(&ticket, linstance, phost, lrealm, 33); + if(ret != KSUCCESS){ + dest_tkt(); + return ret; + } + + ret = krb_rd_req(&ticket, linstance, phost, addr, &auth, ""); + if(ret != KSUCCESS){ + dest_tkt(); + return ret; + } + } + return 0; +} + diff --git a/crypto/kerberosIV/lib/roken/Makefile.in b/crypto/kerberosIV/lib/roken/Makefile.in new file mode 100644 index 0000000..26f3142 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/Makefile.in @@ -0,0 +1,94 @@ +# +# $Id: Makefile.in,v 1.34 1997/05/28 05:23:39 assar Exp $ +# + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +CC = @CC@ +CPP = @CPP@ +AR = ar +RANLIB = @RANLIB@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ + +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ + +PICFLAGS = # @PICFLAGS@ + +LIBNAME = $(LIBPREFIX)roken +#LIBEXT = @LIBEXT@ Always build archive library and don't install! +LIBEXT = a +LIBPREFIX = @LIBPREFIX@ +SHLIBEXT = @SHLIBEXT@ +LDSHARED = @LDSHARED@ +LIB = $(LIBNAME).$(LIBEXT) + +SOURCES = \ + chown.c daemon.c err.c errx.c fchown.c get_window_size.c \ + getcwd.c getdtablesize.c getopt.c getusershell.c \ + hstrerror.c inaddr2str.c inet_aton.c \ + initgroups.c k_getpwnam.c k_getpwuid.c lstat.c \ + memmove.c mini_inetd.c mkstemp.c putenv.c rcmd.c setegid.c \ + setenv.c seteuid.c signal.c snprintf.c \ + strcasecmp.c strdup.c strerror.c strftime.c \ + strlwr.c strnlen.c strtok_r.c strupr.c tm2time.c \ + unsetenv.c verify.c verr.c verrx.c vwarn.c \ + vwarnx.c warn.c warnerr.c warnx.c + +OBJECTS = k_getpwuid.o k_getpwnam.o signal.o tm2time.o \ + verify.o inaddr2str.o mini_inetd.o get_window_size.o \ + warnerr.o snprintf.o @LIBOBJS@ + +all: $(LIB) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $< + +install: all + +uninstall: + +TAGS: $(SOURCES) + etags $(SOURCES) + +check: + +clean: + rm -f $(LIB) *.o *.a + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +$(LIBNAME).a: $(OBJECTS) + rm -f $@ + $(AR) cr $@ $(OBJECTS) + -$(RANLIB) $@ + +$(LIBNAME).$(SHLIBEXT): $(OBJECTS) + rm -f $@ + $(LDSHARED) -o $@ $(OBJECTS) + +$(OBJECTS): ../../include/config.h diff --git a/crypto/kerberosIV/lib/roken/chown.c b/crypto/kerberosIV/lib/roken/chown.c new file mode 100644 index 0000000..28550d9 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/chown.c @@ -0,0 +1,50 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: chown.c,v 1.2 1997/04/01 08:18:58 joda Exp $"); +#endif + +#include "roken.h" + +int +chown(const char *path, uid_t owner, gid_t group) +{ + return 0; +} diff --git a/crypto/kerberosIV/lib/roken/daemon.c b/crypto/kerberosIV/lib/roken/daemon.c new file mode 100644 index 0000000..ffab298 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/daemon.c @@ -0,0 +1,89 @@ +/*- + * Copyright (c) 1990, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#if defined(LIBC_SCCS) && !defined(lint) +static char sccsid[] = "@(#)daemon.c 8.1 (Berkeley) 6/4/93"; +#endif /* LIBC_SCCS and not lint */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +RCSID("$Id: daemon.c,v 1.2 1997/05/28 05:38:09 assar Exp $"); + +#ifndef HAVE_DAEMON + +#ifdef HAVE_FCNTL_H +#include <fcntl.h> +#endif +#ifdef HAVE_PATHS_H +#include <paths.h> +#endif +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif + +#include "roken.h" + +int +daemon(nochdir, noclose) + int nochdir, noclose; +{ + int fd; + + switch (fork()) { + case -1: + return (-1); + case 0: + break; + default: + _exit(0); + } + + if (setsid() == -1) + return (-1); + + if (!nochdir) + (void)chdir("/"); + + if (!noclose && (fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) { + (void)dup2(fd, STDIN_FILENO); + (void)dup2(fd, STDOUT_FILENO); + (void)dup2(fd, STDERR_FILENO); + if (fd > 2) + (void)close (fd); + } + return (0); +} + +#endif /* HAVE_DAEMON */ diff --git a/crypto/kerberosIV/lib/roken/err.c b/crypto/kerberosIV/lib/roken/err.c new file mode 100644 index 0000000..029faa9 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/err.c @@ -0,0 +1,53 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: err.c,v 1.5 1997/03/30 08:05:37 joda Exp $"); +#endif + +#include "err.h" + +void +err(int eval, const char *fmt, ...) +{ + va_list ap; + va_start(ap, fmt); + verr(eval, fmt, ap); + va_end(ap); +} diff --git a/crypto/kerberosIV/lib/roken/err.h b/crypto/kerberosIV/lib/roken/err.h new file mode 100644 index 0000000..6f25435 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/err.h @@ -0,0 +1,76 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: err.h,v 1.13 1997/05/02 14:29:30 assar Exp $ */ + +#ifndef __ERR_H__ +#define __ERR_H__ + +#include <errno.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <stdarg.h> + +extern const char *__progname; + +#if !defined(__GNUC__) && !defined(__attribute__) +#define __attribute__(x) +#endif + +void warnerr(int doexit, int eval, int doerrno, const char *fmt, va_list ap) + __attribute__ ((format (printf, 4, 0))); + +void verr(int eval, const char *fmt, va_list ap) + __attribute__ ((noreturn, format (printf, 2, 0))); +void err(int eval, const char *fmt, ...) + __attribute__ ((noreturn, format (printf, 2, 3))); +void verrx(int eval, const char *fmt, va_list ap) + __attribute__ ((noreturn, format (printf, 2, 0))); +void errx(int eval, const char *fmt, ...) + __attribute__ ((noreturn, format (printf, 2, 3))); +void vwarn(const char *fmt, va_list ap) + __attribute__ ((format (printf, 1, 0))); +void warn(const char *fmt, ...) + __attribute__ ((format (printf, 1, 2))); +void vwarnx(const char *fmt, va_list ap) + __attribute__ ((format (printf, 1, 0))); +void warnx(const char *fmt, ...) + __attribute__ ((format (printf, 1, 2))); + +#endif /* __ERR_H__ */ diff --git a/crypto/kerberosIV/lib/roken/errx.c b/crypto/kerberosIV/lib/roken/errx.c new file mode 100644 index 0000000..18969d5 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/errx.c @@ -0,0 +1,53 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: errx.c,v 1.5 1997/03/30 08:05:38 joda Exp $"); +#endif + +#include "err.h" + +void +errx(int eval, const char *fmt, ...) +{ + va_list ap; + va_start(ap, fmt); + verrx(eval, fmt, ap); + va_end(ap); +} diff --git a/crypto/kerberosIV/lib/roken/fchown.c b/crypto/kerberosIV/lib/roken/fchown.c new file mode 100644 index 0000000..2a94e3a --- /dev/null +++ b/crypto/kerberosIV/lib/roken/fchown.c @@ -0,0 +1,50 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: fchown.c,v 1.2 1997/04/01 08:18:58 joda Exp $"); +#endif + +#include "roken.h" + +int +fchown(int fd, uid_t owner, gid_t group) +{ + return 0; +} diff --git a/crypto/kerberosIV/lib/roken/get_window_size.c b/crypto/kerberosIV/lib/roken/get_window_size.c new file mode 100644 index 0000000..d31d18d --- /dev/null +++ b/crypto/kerberosIV/lib/roken/get_window_size.c @@ -0,0 +1,96 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: get_window_size.c,v 1.4 1997/04/01 08:18:59 joda Exp $"); +#endif + +#include <stdlib.h> +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif + +#if 0 /* Where were those needed? /confused */ +#ifdef HAVE_SYS_PROC_H +#include <sys/proc.h> +#endif + +#ifdef HAVE_SYS_TTY_H +#include <sys/tty.h> +#endif +#endif + +#ifdef HAVE_TERMIOS_H +#include <termios.h> +#endif + +#include <roken.h> + +int +get_window_size(int fd, struct winsize *wp) +{ +#if defined(TIOCGWINSZ) + return ioctl(fd, TIOCGWINSZ, wp); +#elif defined(TIOCGSIZE) + struct ttysize ts; + int error; + + if ((error = ioctl(0, TIOCGSIZE, &ts)) != 0) + return (error); + wp->ws_row = ts.ts_lines; + wp->ws_col = ts.ts_cols; + wp->ws_xpixel = 0; + wp->ws_ypixel = 0; + return 0; +#elif defined(HAVE__SCRSIZE) + int dst[2]; + + _scrsize(dst); + wp->ws_row = dst[1]; + wp->ws_col = dst[0]; + wp->ws_xpixel = 0; + wp->ws_ypixel = 0; + return 0; +#else + return -1; +#endif +} diff --git a/crypto/kerberosIV/lib/roken/getcwd.c b/crypto/kerberosIV/lib/roken/getcwd.c new file mode 100644 index 0000000..a27451f --- /dev/null +++ b/crypto/kerberosIV/lib/roken/getcwd.c @@ -0,0 +1,59 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: getcwd.c,v 1.7 1997/04/01 08:19:00 joda Exp $"); +#endif + +#include <unistd.h> +#include <sys/param.h> + +#include "protos.h" +#include "roken.h" + +char* +getcwd(char *path, size_t size) +{ + char xxx[MaxPathLen]; + char *ret; + ret = getwd(xxx); + if(ret) + strncpy(path, xxx, size); + return ret; +} diff --git a/crypto/kerberosIV/lib/roken/getdtablesize.c b/crypto/kerberosIV/lib/roken/getdtablesize.c new file mode 100644 index 0000000..afd47d2b --- /dev/null +++ b/crypto/kerberosIV/lib/roken/getdtablesize.c @@ -0,0 +1,102 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: getdtablesize.c,v 1.8 1997/04/20 05:51:06 assar Exp $"); +#endif + +#include "roken.h" + +#include <sys/types.h> +#ifdef TIME_WITH_SYS_TIME +#include <sys/time.h> +#include <time.h> +#elif defined(HAVE_SYS_TIME_H) +#include <sys/time.h> +#else +#include <time.h> +#endif +#ifdef HAVE_SYS_PARAM_H +#include <sys/param.h> +#endif +#include <unistd.h> + +#ifdef HAVE_SYS_RESOURCE_H +#include <sys/resource.h> +#endif + +#ifdef HAVE_SYS_SYSCTL_H +#include <sys/sysctl.h> +#endif + +int getdtablesize(void) +{ + int files = -1; +#if defined(HAVE_SYSCONF) && defined(_SC_OPEN_MAX) + files = sysconf(_SC_OPEN_MAX); +#else /* !defined(HAVE_SYSCONF) */ +#if defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE) + struct rlimit res; + if (getrlimit(RLIMIT_NOFILE, &res) == 0) + files = res.rlim_cur; +#else /* !definded(HAVE_GETRLIMIT) */ +#if defined(HAVE_SYSCTL) && defined(CTL_KERN) && defined(KERN_MAXFILES) + int mib[2]; + size_t len; + + mib[0] = CTL_KERN; + mib[1] = KERN_MAXFILES; + len = sizeof(files); + sysctl(&mib, 2, &files, sizeof(nfil), NULL, 0); +#endif /* defined(HAVE_SYSCTL) */ +#endif /* !definded(HAVE_GETRLIMIT) */ +#endif /* !defined(HAVE_SYSCONF) */ + +#ifdef OPEN_MAX + if (files < 0) + files = OPEN_MAX; +#endif + +#ifdef NOFILE + if (files < 0) + files = NOFILE; +#endif + + return files; +} diff --git a/crypto/kerberosIV/lib/roken/getopt.c b/crypto/kerberosIV/lib/roken/getopt.c new file mode 100644 index 0000000..fea4635 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/getopt.c @@ -0,0 +1,128 @@ +/* + * Copyright (c) 1987, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#if defined(LIBC_SCCS) && !defined(lint) +static char sccsid[] = "@(#)getopt.c 8.1 (Berkeley) 6/4/93"; +#endif /* LIBC_SCCS and not lint */ + +#ifndef __STDC__ +#define const +#endif +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +/* + * get option letter from argument vector + */ +int opterr = 1, /* if error message should be printed */ + optind = 1, /* index into parent argv vector */ + optopt, /* character checked for validity */ + optreset; /* reset getopt */ +char *optarg; /* argument associated with option */ + +#define BADCH (int)'?' +#define BADARG (int)':' +#define EMSG "" + +int +getopt(nargc, nargv, ostr) + int nargc; + char * const *nargv; + const char *ostr; +{ + static char *place = EMSG; /* option letter processing */ + char *oli; /* option letter list index */ + char *p; + + if (optreset || !*place) { /* update scanning pointer */ + optreset = 0; + if (optind >= nargc || *(place = nargv[optind]) != '-') { + place = EMSG; + return(EOF); + } + if (place[1] && *++place == '-') { /* found "--" */ + ++optind; + place = EMSG; + return(EOF); + } + } /* option letter okay? */ + if ((optopt = (int)*place++) == (int)':' || + !(oli = strchr(ostr, optopt))) { + /* + * if the user didn't specify '-' as an option, + * assume it means EOF. + */ + if (optopt == (int)'-') + return(EOF); + if (!*place) + ++optind; + if (opterr && *ostr != ':') { + if (!(p = strrchr(*nargv, '/'))) + p = *nargv; + else + ++p; + fprintf(stderr, "%s: illegal option -- %c\n", + p, optopt); + } + return(BADCH); + } + if (*++oli != ':') { /* don't need argument */ + optarg = NULL; + if (!*place) + ++optind; + } + else { /* need an argument */ + if (*place) /* no white space */ + optarg = place; + else if (nargc <= ++optind) { /* no arg */ + place = EMSG; + if (!(p = strrchr(*nargv, '/'))) + p = *nargv; + else + ++p; + if (*ostr == ':') + return(BADARG); + if (opterr) + fprintf(stderr, + "%s: option requires an argument -- %c\n", + p, optopt); + return(BADCH); + } + else /* white space */ + optarg = nargv[optind]; + place = EMSG; + ++optind; + } + return(optopt); /* dump back option letter */ +} diff --git a/crypto/kerberosIV/lib/roken/getusershell.c b/crypto/kerberosIV/lib/roken/getusershell.c new file mode 100644 index 0000000..87a48ec --- /dev/null +++ b/crypto/kerberosIV/lib/roken/getusershell.c @@ -0,0 +1,160 @@ +/* + * Copyright (c) 1985, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +RCSID("$Id: getusershell.c,v 1.8 1997/04/20 06:18:03 assar Exp $"); + +#ifndef HAVE_GETUSERSHELL + +#include <stdio.h> +#include <stdlib.h> +#ifdef HAVE_PATHS_H +#include <paths.h> +#endif +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif +#ifdef HAVE_SYS_PARAM_H +#include <sys/param.h> +#endif + +#ifndef _PATH_SHELLS +#define _PATH_SHELLS "/etc/shells" +#endif + +#ifndef _PATH_BSHELL +#define _PATH_BSHELL "/bin/sh" +#endif + +#ifndef _PATH_CSHELL +#define _PATH_CSHELL "/bin/csh" +#endif + +/* + * Local shells should NOT be added here. They should be added in + * /etc/shells. + */ + +static char *okshells[] = { _PATH_BSHELL, _PATH_CSHELL, NULL }; +static char **curshell, **shells, *strings; +static char **initshells (void); + +/* + * Get a list of shells from _PATH_SHELLS, if it exists. + */ +char * +getusershell() +{ + char *ret; + + if (curshell == NULL) + curshell = initshells(); + ret = *curshell; + if (ret != NULL) + curshell++; + return (ret); +} + +void +endusershell() +{ + + if (shells != NULL) + free(shells); + shells = NULL; + if (strings != NULL) + free(strings); + strings = NULL; + curshell = NULL; +} + +void +setusershell() +{ + + curshell = initshells(); +} + +static char ** +initshells() +{ + char **sp, *cp; + FILE *fp; + struct stat statb; + + if (shells != NULL) + free(shells); + shells = NULL; + if (strings != NULL) + free(strings); + strings = NULL; + if ((fp = fopen(_PATH_SHELLS, "r")) == NULL) + return (okshells); + if (fstat(fileno(fp), &statb) == -1) { + fclose(fp); + return (okshells); + } + if ((strings = malloc((u_int)statb.st_size)) == NULL) { + fclose(fp); + return (okshells); + } + shells = calloc((unsigned)statb.st_size / 3, sizeof (char *)); + if (shells == NULL) { + fclose(fp); + free(strings); + strings = NULL; + return (okshells); + } + sp = shells; + cp = strings; + while (fgets(cp, MaxPathLen + 1, fp) != NULL) { + while (*cp != '#' && *cp != '/' && *cp != '\0') + cp++; + if (*cp == '#' || *cp == '\0') + continue; + *sp++ = cp; + while (!isspace(*cp) && *cp != '#' && *cp != '\0') + cp++; + *cp++ = '\0'; + } + *sp = NULL; + fclose(fp); + return (shells); +} +#endif /* HAVE_GETUSERSHELL */ diff --git a/crypto/kerberosIV/lib/roken/hstrerror.c b/crypto/kerberosIV/lib/roken/hstrerror.c new file mode 100644 index 0000000..9e47cb5 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/hstrerror.c @@ -0,0 +1,87 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: hstrerror.c,v 1.17 1997/06/01 03:37:25 assar Exp $"); +#endif + +#include "roken.h" + +#ifndef HAVE_HSTRERROR + +#include <stdio.h> +#include <netdb.h> + +#ifndef HAVE_H_ERRNO +int h_errno = -17; /* Some magic number */ +#endif + +#if !(defined(HAVE_H_ERRLIST) && defined(HAVE_H_NERR)) +static const char *const h_errlist[] = { + "Resolver Error 0 (no error)", + "Unknown host", /* 1 HOST_NOT_FOUND */ + "Host name lookup failure", /* 2 TRY_AGAIN */ + "Unknown server error", /* 3 NO_RECOVERY */ + "No address associated with name", /* 4 NO_ADDRESS */ +}; + +static +const +int h_nerr = { sizeof h_errlist / sizeof h_errlist[0] }; +#else + +#ifndef HAVE_H_ERRLIST_DECLARATION +extern const char *h_errlist[]; +extern int h_nerr; +#endif + +#endif + +char * +hstrerror(int herr) +{ + if (0 <= herr && herr < h_nerr) + return (char *) h_errlist[herr]; + else if(herr == -17) + return "unknown error"; + else + return "Error number out of range (hstrerror)"; +} + +#endif diff --git a/crypto/kerberosIV/lib/roken/inaddr2str.c b/crypto/kerberosIV/lib/roken/inaddr2str.c new file mode 100644 index 0000000..af158aa --- /dev/null +++ b/crypto/kerberosIV/lib/roken/inaddr2str.c @@ -0,0 +1,88 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: inaddr2str.c,v 1.6 1997/04/01 08:19:02 joda Exp $"); +#endif + +#include <stdlib.h> +#include <string.h> +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif +#ifdef HAVE_ARPA_INET_H +#include <arpa/inet.h> +#endif +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif +#include "roken.h" + +/* + * Get a verified name for `addr'. + * If unable to find it in the DNS, return x.y.z.a + */ + +void +inaddr2str(struct in_addr addr, char *s, size_t len) +{ + struct hostent *h; + char *p; + + h = gethostbyaddr ((const char *)&addr, sizeof(addr), AF_INET); + if (h) { + h = gethostbyname (h->h_name); + if(h) + while ((p = *(h->h_addr_list)++)) + if (memcmp (p, &addr, sizeof(addr)) == 0) { + strncpy (s, h->h_name, len); + s[len - 1] = '\0'; + return; + } + } + strncpy (s, inet_ntoa (addr), len); + s[len - 1] = '\0'; + return; +} diff --git a/crypto/kerberosIV/lib/roken/inet_aton.c b/crypto/kerberosIV/lib/roken/inet_aton.c new file mode 100644 index 0000000..c97ef74 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/inet_aton.c @@ -0,0 +1,68 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: inet_aton.c,v 1.10 1997/05/20 19:57:03 bg Exp $"); +#endif + +#include "roken.h" + +#include <stdio.h> +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif +#ifdef HAVE_ARPA_INET_H +#include <arpa/inet.h> +#endif + +/* Minimal implementation of inet_aton. + * Cannot distinguish between failure and a local broadcast address. */ + +int +inet_aton(const char *cp, struct in_addr *addr) +{ + addr->s_addr = inet_addr(cp); + return (addr->s_addr == INADDR_NONE) ? 0 : 1; +} diff --git a/crypto/kerberosIV/lib/roken/initgroups.c b/crypto/kerberosIV/lib/roken/initgroups.c new file mode 100644 index 0000000..a68aa63 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/initgroups.c @@ -0,0 +1,50 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: initgroups.c,v 1.2 1997/04/01 08:19:03 joda Exp $"); +#endif + +#include "roken.h" + +int +initgroups(const char *name, gid_t basegid) +{ + return 0; +} diff --git a/crypto/kerberosIV/lib/roken/k_getpwnam.c b/crypto/kerberosIV/lib/roken/k_getpwnam.c new file mode 100644 index 0000000..580b1a2 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/k_getpwnam.c @@ -0,0 +1,69 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: k_getpwnam.c,v 1.6 1997/04/01 08:19:03 joda Exp $"); +#endif /* HAVE_CONFIG_H */ + +#include "roken.h" +#ifdef HAVE_SHADOW_H +#include <shadow.h> +#endif + +struct passwd * +k_getpwnam (char *user) +{ + struct passwd *p; + + p = getpwnam (user); +#ifdef HAVE_GETSPNAM + if(p) + { + struct spwd *spwd; + + spwd = getspnam (user); + if (spwd) + p->pw_passwd = spwd->sp_pwdp; + endspent (); + } +#else + endpwent (); +#endif + return p; +} diff --git a/crypto/kerberosIV/lib/roken/k_getpwuid.c b/crypto/kerberosIV/lib/roken/k_getpwuid.c new file mode 100644 index 0000000..a3a8f04 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/k_getpwuid.c @@ -0,0 +1,69 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: k_getpwuid.c,v 1.6 1997/04/01 08:19:04 joda Exp $"); +#endif /* HAVE_CONFIG_H */ + +#include "roken.h" +#ifdef HAVE_SHADOW_H +#include <shadow.h> +#endif + +struct passwd * +k_getpwuid (uid_t uid) +{ + struct passwd *p; + + p = getpwuid (uid); +#ifdef HAVE_GETSPUID + if (p) + { + struct spwd *spwd; + + spwd = getspuid (uid); + if (spwd) + p->pw_passwd = spwd->sp_pwdp; + endspent (); + } +#else + endpwent (); +#endif + return p; +} diff --git a/crypto/kerberosIV/lib/roken/lstat.c b/crypto/kerberosIV/lib/roken/lstat.c new file mode 100644 index 0000000..881ad9a --- /dev/null +++ b/crypto/kerberosIV/lib/roken/lstat.c @@ -0,0 +1,50 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: lstat.c,v 1.3 1997/04/01 08:19:04 joda Exp $"); +#endif + +#include "roken.h" + +int +lstat(const char *path, struct stat *buf) +{ + return stat(path, buf); +} diff --git a/crypto/kerberosIV/lib/roken/memmove.c b/crypto/kerberosIV/lib/roken/memmove.c new file mode 100644 index 0000000..315ff05 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/memmove.c @@ -0,0 +1,67 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: memmove.c,v 1.5 1997/04/01 08:19:05 joda Exp $"); +#endif + +/* + * memmove for systems that doesn't have it + */ + +#include <sys/types.h> + +void* memmove(void *s1, const void *s2, size_t n) +{ + char *s=(char*)s2, *d=(char*)s1; + + if(d > s){ + s+=n-1; + d+=n-1; + while(n){ + *d--=*s--; + n--; + } + }else if(d < s) + while(n){ + *d++=*s++; + n--; + } + return s1; +} diff --git a/crypto/kerberosIV/lib/roken/mini_inetd.c b/crypto/kerberosIV/lib/roken/mini_inetd.c new file mode 100644 index 0000000..ccfcfe7 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/mini_inetd.c @@ -0,0 +1,99 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: mini_inetd.c,v 1.10 1997/05/02 14:30:07 assar Exp $"); +#endif + +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif + +#include <roken.h> + +void +mini_inetd (int port) +{ + struct sockaddr_in sa; + int s = socket(AF_INET, SOCK_STREAM, 0); + int s2; + int one = 1; + if(s < 0){ + perror("socket"); + exit(1); + } +#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT) + if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&one, + sizeof(one)) < 0){ + perror("setsockopt"); + exit(1); + } +#endif + memset(&sa, 0, sizeof(sa)); + sa.sin_family = AF_INET; + sa.sin_port = port; + sa.sin_addr.s_addr = INADDR_ANY; + if(bind(s, (struct sockaddr*)&sa, sizeof(sa)) < 0){ + perror("bind"); + exit(1); + } + if(listen(s, SOMAXCONN) < 0){ + perror("listen"); + exit(1); + } + s2 = accept(s, NULL, 0); + if(s2 < 0){ + perror("accept"); + exit(1); + } + close(s); + dup2(s2, STDIN_FILENO); + dup2(s2, STDOUT_FILENO); + /* dup2(s2, STDERR_FILENO); */ + close(s2); +} diff --git a/crypto/kerberosIV/lib/roken/mkstemp.c b/crypto/kerberosIV/lib/roken/mkstemp.c new file mode 100644 index 0000000..e55398a --- /dev/null +++ b/crypto/kerberosIV/lib/roken/mkstemp.c @@ -0,0 +1,89 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <string.h> +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_FCNTL_H +#include <fcntl.h> +#endif +#include <errno.h> + +RCSID("$Id: mkstemp.c,v 1.2 1997/05/25 02:36:43 joda Exp $"); + +#ifndef HAVE_MKSTEMP + +int +mkstemp(char *template) +{ + int start, i; + pid_t val; + val = getpid(); + start = strlen(template) - 1; + while(template[start] == 'X') { + template[start] = '0' + val % 10; + val /= 10; + start--; + } + + do{ + int fd; + fd = open(template, O_RDWR | O_CREAT | O_EXCL, 0600); + if(fd >= 0 || errno != EEXIST) + return fd; + i = start + 1; + do{ + if(template[i] == 0) + return -1; + template[i]++; + if(template[i] == '9' + 1) + template[i] = 'a'; + if(template[i] <= 'z') + break; + template[i] = 'a'; + i++; + }while(1); + }while(1); +} + +#endif diff --git a/crypto/kerberosIV/lib/roken/putenv.c b/crypto/kerberosIV/lib/roken/putenv.c new file mode 100644 index 0000000..20d5a10 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/putenv.c @@ -0,0 +1,81 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: putenv.c,v 1.5 1997/04/01 08:19:06 joda Exp $"); +#endif + +#include <stdlib.h> + +extern char **environ; + +/* + * putenv -- + * String points to a string of the form name=value. + * + * Makes the value of the environment variable name equal to + * value by altering an existing variable or creating a new one. + */ +int putenv(const char *string) +{ + int i; + int len; + + len = string - strchr(string, '=') + 1; + + if(environ == NULL){ + environ = malloc(sizeof(char*)); + if(environ == NULL) + return 1; + environ[0] = NULL; + } + + for(i = 0; environ[i]; i++) + if(strncmp(string, environ[i], len)){ + environ[len] = string; + return 0; + } + environ = realloc(environ, sizeof(char*) * (i + 1)); + if(environ == NULL) + return 1; + environ[i] = string; + environ[i+1] = NULL; + return 0; +} + diff --git a/crypto/kerberosIV/lib/roken/rcmd.c b/crypto/kerberosIV/lib/roken/rcmd.c new file mode 100644 index 0000000..6064d50 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/rcmd.c @@ -0,0 +1,57 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: rcmd.c,v 1.2 1997/04/01 08:19:06 joda Exp $"); +#endif + +#include "roken.h" +#include <stdio.h> + +int +rcmd(char **ahost, + unsigned short inport, + const char *locuser, + const char *remuser, + const char *cmd, + int *fd2p) +{ + fprintf(stderr, "Only kerberized services are implemented\n"); + return -1; +} diff --git a/crypto/kerberosIV/lib/roken/roken.def b/crypto/kerberosIV/lib/roken/roken.def new file mode 100644 index 0000000..13e3572 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/roken.def @@ -0,0 +1,4 @@ +LIBRARY roken +EXPORTS + gettimeofday + strcasecmp diff --git a/crypto/kerberosIV/lib/roken/roken.h b/crypto/kerberosIV/lib/roken/roken.h new file mode 100644 index 0000000..1204e3e --- /dev/null +++ b/crypto/kerberosIV/lib/roken/roken.h @@ -0,0 +1,338 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: roken.h,v 1.63 1997/05/28 05:38:09 assar Exp $ */ + +#ifndef __ROKEN_H__ +#define __ROKEN_H__ + +#include <stdlib.h> +#include <stdarg.h> +#include <string.h> +#include <signal.h> +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_GRP_H +#include <grp.h> +#endif +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif + +#ifdef HAVE_TERMIOS_H +#include <termios.h> +#endif + +#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4 +#include <sys/ioctl.h> +#endif + +#include "protos.h" + +#if !defined(HAVE_SETSID) && defined(HAVE__SETSID) +#define setsid _setsid +#endif + +#ifndef HAVE_PUTENV +int putenv(const char *string); +#endif + +#ifndef HAVE_SETENV +int setenv(const char *var, const char *val, int rewrite); +#endif + +#ifndef HAVE_UNSETENV +void unsetenv(const char *name); +#endif + +#ifndef HAVE_GETUSERSHELL +char *getusershell(void); +#endif + +#if !defined(__GNUC__) && !defined(__attribute__) +#define __attribute__(x) +#endif + +#ifndef HAVE_SNPRINTF +int snprintf (char *str, size_t sz, const char *format, ...) + __attribute__ ((format (printf, 3, 4))); +#endif + +#ifndef HAVE_VSNPRINTF +int vsnprintf (char *str, size_t sz, const char *format, va_list ap) + __attribute__((format (printf, 3, 0))); +#endif + +#ifndef HAVE_ASPRINTF +int asprintf (char **ret, const char *format, ...) + __attribute__ ((format (printf, 2, 3))); +#endif + +#ifndef HAVE_VASPRINTF +int vasprintf (char **ret, const char *format, va_list ap) + __attribute__((format (printf, 2, 0))); +#endif + +#ifndef HAVE_ASNPRINTF +int asnprintf (char **ret, size_t max_sz, const char *format, ...) + __attribute__ ((format (printf, 3, 4))); +#endif + +#ifndef HAVE_VASNPRINTF +int vasnprintf (char **ret, size_t max_sz, const char *format, va_list ap) + __attribute__((format (printf, 3, 0))); +#endif + +#ifndef HAVE_STRDUP +char * strdup(const char *old); +#endif + +#ifndef HAVE_STRLWR +char * strlwr(char *); +#endif + +#ifndef HAVE_STRNLEN +int strnlen(char*, int); +#endif + +#ifndef HAVE_STRTOK_R +char *strtok_r(char *s1, const char *s2, char **lasts); +#endif + +#ifndef HAVE_STRUPR +char * strupr(char *); +#endif + +#ifndef HAVE_GETDTABLESIZE +int getdtablesize(void); +#endif + +#if IRIX != 4 /* fix for compiler bug */ +#ifdef RETSIGTYPE +typedef RETSIGTYPE (*SigAction)(/* int??? */); +SigAction signal(int iSig, SigAction pAction); /* BSD compatible */ +#endif +#endif + +#ifndef SIG_ERR +#define SIG_ERR ((RETSIGTYPE (*)())-1) +#endif + +#if !defined(HAVE_STRERROR) && !defined(strerror) +char *strerror(int eno); +#endif + +#ifndef HAVE_HSTRERROR +char *hstrerror(int herr); +#endif + +#ifndef HAVE_H_ERRNO_DECLARATION +extern int h_errno; +#endif + +#ifndef HAVE_INET_ATON +/* Minimal implementation of inet_aton. Doesn't handle hex numbers. */ +int inet_aton(const char *cp, struct in_addr *adr); +#endif + +#if !defined(HAVE_GETCWD) +char* getcwd(char *path, size_t size); +#endif + +#ifndef HAVE_GETENT +int getent(char *cp, char *name); +#endif + +#ifdef HAVE_PWD_H +#include <pwd.h> +struct passwd *k_getpwnam (char *user); +struct passwd *k_getpwuid (uid_t uid); +#endif + +#ifndef HAVE_SETEUID +int seteuid(int euid); +#endif + +#ifndef HAVE_SETEGID +int setegid(int egid); +#endif + +#ifndef HAVE_LSTAT +int lstat(const char *path, struct stat *buf); +#endif + +#ifndef HAVE_MKSTEMP +int mkstemp(char *); +#endif + +#ifndef HAVE_INITGROUPS +int initgroups(const char *name, gid_t basegid); +#endif + +#ifndef HAVE_FCHOWN +int fchown(int fd, uid_t owner, gid_t group); +#endif + +#ifndef HAVE_CHOWN +int chown(const char *path, uid_t owner, gid_t group); +#endif + +#ifndef HAVE_RCMD +int rcmd(char **ahost, unsigned short inport, const char *locuser, + const char *remuser, const char *cmd, int *fd2p); +#endif + +#ifdef TIME_WITH_SYS_TIME +#include <sys/time.h> +#include <time.h> +#elif defined(HAVE_SYS_TIME_H) +#include <sys/time.h> +#else +#include <time.h> +#endif + +time_t tm2time (struct tm tm, int local); + +int unix_verify_user(char *user, char *password); + +void inaddr2str(struct in_addr addr, char *s, size_t len); + +void mini_inetd (int port); + +#ifndef HAVE_STRUCT_WINSIZE +struct winsize { + unsigned short ws_row, ws_col; + unsigned short ws_xpixel, ws_ypixel; +}; +#endif + +int get_window_size(int fd, struct winsize *); + +#ifndef INADDR_NONE +#define INADDR_NONE 0xffffffff +#endif + +#ifndef SOMAXCONN +#define SOMAXCONN 5 +#endif + +#ifndef STDIN_FILENO +#define STDIN_FILENO 0 +#endif + +#ifndef STDOUT_FILENO +#define STDOUT_FILENO 1 +#endif + +#ifndef STDERR_FILENO +#define STDERR_FILENO 2 +#endif + +#ifndef max +#define max(a,b) (((a)>(b))?(a):(b)) +#endif + +#ifndef min +#define min(a,b) (((a)<(b))?(a):(b)) +#endif + +#ifndef TRUE +#define TRUE 1 +#endif + +#ifndef FALSE +#define FALSE 0 +#endif + +#ifdef HAVE_SYSLOG_H +#include <syslog.h> +/* Misc definitions for old syslogs */ + +#ifndef LOG_DAEMON +#define openlog(id,option,facility) openlog((id),(option)) +#define LOG_DAEMON 0 +#endif +#ifndef LOG_ODELAY +#define LOG_ODELAY 0 +#endif +#ifndef LOG_NDELAY +#define LOG_NDELAY 0x08 +#endif +#ifndef LOG_CONS +#define LOG_CONS 0 +#endif +#ifndef LOG_AUTH +#define LOG_AUTH 0 +#endif +#ifndef LOG_AUTHPRIV +#define LOG_AUTHPRIV LOG_AUTH +#endif +#endif + +#ifndef HAVE_OPTARG_DECLARATION +extern char *optarg; +#endif +#ifndef HAVE_OPTIND_DECLARATION +extern int optind; +#endif +#ifndef HAVE_OPTERR_DECLARATION +extern int opterr; +#endif + +#ifndef HAVE___PROGNAME_DECLARATION +extern const char *__progname; +#endif + +void set_progname(char *argv0); + +#ifdef HAVE_PATHS_H +#include <paths.h> +#endif + +#ifndef _PATH_DEVNULL +#define _PATH_DEVNULL "/dev/null" +#endif + +#endif /* __ROKEN_H__ */ diff --git a/crypto/kerberosIV/lib/roken/roken.mak b/crypto/kerberosIV/lib/roken/roken.mak new file mode 100644 index 0000000..d0c4a6f --- /dev/null +++ b/crypto/kerberosIV/lib/roken/roken.mak @@ -0,0 +1,278 @@ +# Microsoft Developer Studio Generated NMAKE File, Format Version 4.10 +# ** DO NOT EDIT ** + +# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102 + +!IF "$(CFG)" == "" +CFG=roken - Win32 Debug +!MESSAGE No configuration specified. Defaulting to roken - Win32 Debug. +!ENDIF + +!IF "$(CFG)" != "roken - Win32 Release" && "$(CFG)" != "roken - Win32 Debug" +!MESSAGE Invalid configuration "$(CFG)" specified. +!MESSAGE You can specify a configuration when running NMAKE on this makefile +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "roken.mak" CFG="roken - Win32 Debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "roken - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE "roken - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE +!ERROR An invalid configuration is specified. +!ENDIF + +!IF "$(OS)" == "Windows_NT" +NULL= +!ELSE +NULL=nul +!ENDIF +################################################################################ +# Begin Project +# PROP Target_Last_Scanned "roken - Win32 Debug" +RSC=rc.exe +MTL=mktyplib.exe +CPP=cl.exe + +!IF "$(CFG)" == "roken - Win32 Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "Release" +# PROP BASE Intermediate_Dir "Release" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "Release" +# PROP Intermediate_Dir "Release" +# PROP Target_Dir "" +OUTDIR=.\Release +INTDIR=.\Release + +ALL : ".\Release\roken.dll" + +CLEAN : + -@erase ".\Release\gettimeofday.obj" + -@erase ".\Release\roken.dll" + -@erase ".\Release\roken.exp" + -@erase ".\Release\roken.lib" + -@erase ".\Release\strcasecmp.obj" + +"$(OUTDIR)" : + if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)" + +# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /YX /c +# ADD CPP /nologo /MT /W3 /GX /O2 /I "..\krb" /I "..\des" /I "..\..\include" /I "..\..\include\win32" /I "." /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /c +CPP_PROJ=/nologo /MT /W3 /GX /O2 /I "..\krb" /I "..\des" /I "..\..\include" /I\ + "..\..\include\win32" /I "." /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D\ + "HAVE_CONFIG_H" /Fp"$(INTDIR)/roken.pch" /YX /Fo"$(INTDIR)/" /c +CPP_OBJS=.\Release/ +CPP_SBRS=.\. +# ADD BASE MTL /nologo /D "NDEBUG" /win32 +# ADD MTL /nologo /D "NDEBUG" /win32 +MTL_PROJ=/nologo /D "NDEBUG" /win32 +# ADD BASE RSC /l 0x409 /d "NDEBUG" +# ADD RSC /l 0x409 /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +BSC32_FLAGS=/nologo /o"$(OUTDIR)/roken.bsc" +BSC32_SBRS= \ + +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /machine:I386 +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /machine:I386 +LINK32_FLAGS=kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib\ + advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib\ + odbccp32.lib /nologo /subsystem:windows /dll /incremental:no\ + /pdb:"$(OUTDIR)/roken.pdb" /machine:I386 /def:".\roken.def"\ + /out:"$(OUTDIR)/roken.dll" /implib:"$(OUTDIR)/roken.lib" +DEF_FILE= \ + ".\roken.def" +LINK32_OBJS= \ + ".\Release\gettimeofday.obj" \ + ".\Release\strcasecmp.obj" + +".\Release\roken.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS) + $(LINK32) @<< + $(LINK32_FLAGS) $(LINK32_OBJS) +<< + +!ELSEIF "$(CFG)" == "roken - Win32 Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "Debug" +# PROP BASE Intermediate_Dir "Debug" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "Debug" +# PROP Intermediate_Dir "Debug" +# PROP Target_Dir "" +OUTDIR=.\Debug +INTDIR=.\Debug + +ALL : ".\Debug\roken.dll" + +CLEAN : + -@erase ".\Debug\gettimeofday.obj" + -@erase ".\Debug\roken.dll" + -@erase ".\Debug\roken.exp" + -@erase ".\Debug\roken.ilk" + -@erase ".\Debug\roken.lib" + -@erase ".\Debug\roken.pdb" + -@erase ".\Debug\strcasecmp.obj" + -@erase ".\Debug\vc40.idb" + -@erase ".\Debug\vc40.pdb" + +"$(OUTDIR)" : + if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)" + +# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /YX /c +# ADD CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /I "..\krb" /I "..\des" /I "..\..\include" /I "..\..\include\win32" /I "." /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /c +CPP_PROJ=/nologo /MTd /W3 /Gm /GX /Zi /Od /I "..\krb" /I "..\des" /I\ + "..\..\include" /I "..\..\include\win32" /I "." /D "_DEBUG" /D "WIN32" /D\ + "_WINDOWS" /D "HAVE_CONFIG_H" /Fp"$(INTDIR)/roken.pch" /YX /Fo"$(INTDIR)/"\ + /Fd"$(INTDIR)/" /c +CPP_OBJS=.\Debug/ +CPP_SBRS=.\. +# ADD BASE MTL /nologo /D "_DEBUG" /win32 +# ADD MTL /nologo /D "_DEBUG" /win32 +MTL_PROJ=/nologo /D "_DEBUG" /win32 +# ADD BASE RSC /l 0x409 /d "_DEBUG" +# ADD RSC /l 0x409 /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +BSC32_FLAGS=/nologo /o"$(OUTDIR)/roken.bsc" +BSC32_SBRS= \ + +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /debug /machine:I386 +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /debug /machine:I386 +LINK32_FLAGS=kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib\ + advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib\ + odbccp32.lib /nologo /subsystem:windows /dll /incremental:yes\ + /pdb:"$(OUTDIR)/roken.pdb" /debug /machine:I386 /def:".\roken.def"\ + /out:"$(OUTDIR)/roken.dll" /implib:"$(OUTDIR)/roken.lib" +DEF_FILE= \ + ".\roken.def" +LINK32_OBJS= \ + ".\Debug\gettimeofday.obj" \ + ".\Debug\strcasecmp.obj" + +".\Debug\roken.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS) + $(LINK32) @<< + $(LINK32_FLAGS) $(LINK32_OBJS) +<< + +!ENDIF + +.c{$(CPP_OBJS)}.obj: + $(CPP) $(CPP_PROJ) $< + +.cpp{$(CPP_OBJS)}.obj: + $(CPP) $(CPP_PROJ) $< + +.cxx{$(CPP_OBJS)}.obj: + $(CPP) $(CPP_PROJ) $< + +.c{$(CPP_SBRS)}.sbr: + $(CPP) $(CPP_PROJ) $< + +.cpp{$(CPP_SBRS)}.sbr: + $(CPP) $(CPP_PROJ) $< + +.cxx{$(CPP_SBRS)}.sbr: + $(CPP) $(CPP_PROJ) $< + +################################################################################ +# Begin Target + +# Name "roken - Win32 Release" +# Name "roken - Win32 Debug" + +!IF "$(CFG)" == "roken - Win32 Release" + +!ELSEIF "$(CFG)" == "roken - Win32 Debug" + +!ENDIF + +################################################################################ +# Begin Source File + +SOURCE=\TEMP\jimpa3\lib\krb\gettimeofday.c +DEP_CPP_GETTI=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\krb\krb.h"\ + "..\krb\krb_locl.h"\ + "..\krb\prot.h"\ + "..\krb\resolve.h"\ + ".\roken.h"\ + {$(INCLUDE)}"\sys\stat.h"\ + {$(INCLUDE)}"\sys\types.h"\ + + +!IF "$(CFG)" == "roken - Win32 Release" + + +".\Release\gettimeofday.obj" : $(SOURCE) $(DEP_CPP_GETTI) "$(INTDIR)" + $(CPP) $(CPP_PROJ) $(SOURCE) + + +!ELSEIF "$(CFG)" == "roken - Win32 Debug" + + +".\Debug\gettimeofday.obj" : $(SOURCE) $(DEP_CPP_GETTI) "$(INTDIR)" + $(CPP) $(CPP_PROJ) $(SOURCE) + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\roken.def + +!IF "$(CFG)" == "roken - Win32 Release" + +!ELSEIF "$(CFG)" == "roken - Win32 Debug" + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\strcasecmp.c +DEP_CPP_STRCA=\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + {$(INCLUDE)}"\sys\types.h"\ + + +!IF "$(CFG)" == "roken - Win32 Release" + + +".\Release\strcasecmp.obj" : $(SOURCE) $(DEP_CPP_STRCA) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "roken - Win32 Debug" + + +".\Debug\strcasecmp.obj" : $(SOURCE) $(DEP_CPP_STRCA) "$(INTDIR)" + + +!ENDIF + +# End Source File +# End Target +# End Project +################################################################################ diff --git a/crypto/kerberosIV/lib/roken/setegid.c b/crypto/kerberosIV/lib/roken/setegid.c new file mode 100644 index 0000000..b79bdd5 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/setegid.c @@ -0,0 +1,60 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: setegid.c,v 1.7 1997/04/01 08:19:07 joda Exp $"); +#endif + +#include <unistd.h> + +#include "roken.h" + +int +setegid(int egid) +{ +#ifdef HAVE_SETREGID + return setregid(-1, egid); +#endif + +#ifdef HAVE_SETRESGID + return setresgid(-1, egid, -1); +#endif + + return -1; +} diff --git a/crypto/kerberosIV/lib/roken/setenv.c b/crypto/kerberosIV/lib/roken/setenv.c new file mode 100644 index 0000000..c83591f --- /dev/null +++ b/crypto/kerberosIV/lib/roken/setenv.c @@ -0,0 +1,71 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: setenv.c,v 1.8 1997/05/02 14:29:32 assar Exp $"); +#endif + +#include "roken.h" + +#include <stdlib.h> +#include <string.h> + +/* + * This is the easy way out, use putenv to implement setenv. We might + * leak some memory but that is ok since we are usally about to exec + * anyway. + */ + +int +setenv(const char *var, const char *val, int rewrite) +{ + char *t; + + if (!rewrite && getenv(var) != 0) + return 0; + + asprintf (&t, "%s=%s", var, val); + if (t == NULL) + return -1; + + if (putenv(t) == 0) + return 0; + else + return -1; +} diff --git a/crypto/kerberosIV/lib/roken/seteuid.c b/crypto/kerberosIV/lib/roken/seteuid.c new file mode 100644 index 0000000..b831318 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/seteuid.c @@ -0,0 +1,60 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: seteuid.c,v 1.7 1997/04/01 08:19:08 joda Exp $"); +#endif + +#include <unistd.h> + +#include "roken.h" + +int +seteuid(int euid) +{ +#ifdef HAVE_SETREUID + return setreuid(-1, euid); +#endif + +#ifdef HAVE_SETRESUID + return setresuid(-1, euid, -1); +#endif + + return -1; +} diff --git a/crypto/kerberosIV/lib/roken/signal.c b/crypto/kerberosIV/lib/roken/signal.c new file mode 100644 index 0000000..a39a194 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/signal.c @@ -0,0 +1,86 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: signal.c,v 1.8 1997/04/01 08:19:09 joda Exp $"); +#endif + +#include <signal.h> + +/* + * We would like to always use this signal but there is a link error + * on NEXTSTEP + */ +#ifndef NeXT +/* + * Bugs: + * + * Do we need any extra hacks for SIGCLD and/or SIGCHLD? + */ + +typedef RETSIGTYPE (*SigAction)(/* int??? */); + +SigAction +signal(int iSig, SigAction pAction) +{ + struct sigaction saNew, saOld; + + saNew.sa_handler = pAction; + sigemptyset(&saNew.sa_mask); + saNew.sa_flags = 0; + + if (iSig == SIGALRM) + { +#ifdef SA_INTERRUPT + saNew.sa_flags |= SA_INTERRUPT; +#endif + } + else + { +#ifdef SA_RESTART + saNew.sa_flags |= SA_RESTART; +#endif + } + + if (sigaction(iSig, &saNew, &saOld) < 0) + return(SIG_ERR); + + return(saOld.sa_handler); +} +#endif diff --git a/crypto/kerberosIV/lib/roken/snprintf.c b/crypto/kerberosIV/lib/roken/snprintf.c new file mode 100644 index 0000000..b0757e5 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/snprintf.c @@ -0,0 +1,520 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: snprintf.c,v 1.13 1997/05/25 02:00:31 assar Exp $"); +#endif +#include <stdio.h> +#include <stdarg.h> +#include <stdlib.h> +#include <string.h> +#include <ctype.h> +#include <roken.h> + +/* + * Common state + */ + +struct state { + char *str; + char *s; + char *theend; + size_t sz; + size_t max_sz; + int (*append_char)(struct state *, char); + int (*reserve)(struct state *, size_t); + /* XXX - methods */ +}; + +static int +sn_reserve (struct state *state, size_t n) +{ + return state->s + n > state->theend; +} + +static int +sn_append_char (struct state *state, char c) +{ + if (sn_reserve (state, 1)) { + *state->s++ = '\0'; + return 1; + } else { + *state->s++ = c; + return 0; + } +} + +static int +as_reserve (struct state *state, size_t n) +{ + while (state->s + n > state->theend) { + int off = state->s - state->str; + char *tmp; + + if (state->max_sz && state->sz >= state->max_sz) + return 1; + + if (state->max_sz) + state->sz = min(state->max_sz, state->sz*2); + else + state->sz *= 2; + tmp = realloc (state->str, state->sz); + if (tmp == NULL) + return 1; + state->str = tmp; + state->s = state->str + off; + state->theend = state->str + state->sz - 1; + } + return 0; +} + +static int +as_append_char (struct state *state, char c) +{ + if(as_reserve (state, 1)) + return 1; + else { + *state->s++ = c; + return 0; + } +} + +static int +append_number (struct state *state, + unsigned long num, unsigned base, char *rep, + int width, int zerop, int minusp) +{ + int i, len; + + len = 0; + if (num == 0) { + ++len; + if((*state->append_char) (state, '0')) + return 1; + } + while (num > 0) { + ++len; + if ((*state->append_char) (state, rep[num % base])) + return 1; + num /= base; + } + if (minusp) { + ++len; + if ((*state->append_char) (state, '-')) + return 1; + } + + for (i = 0; i < len / 2; ++i) { + char c; + + c = state->s[-i-1]; + state->s[-i-1] = state->s[-len+i]; + state->s[-len+i] = c; + } + + if (width > len) { + if ((*state->reserve) (state, width - len)) + return 1; + +#ifdef HAVE_MEMMOVE + memmove (state->s + width - 2 * len, state->s - len, len); +#else + bcopy (state->s - len, state->s + width - 2 * len, len); +#endif + for (i = 0; i < width - len; ++i) + state->s[-len+i] = (zerop ? '0' : ' '); + state->s += width - len; + + } + return 0; +} + +static int +append_string (struct state *state, + char *arg, + int prec) +{ + if (prec) { + while (*arg && prec--) + if ((*state->append_char) (state, *arg++)) + return 1; + } else { + while (*arg) + if ((*state->append_char) (state, *arg++)) + return 1; + } + return 0; +} + +/* + * This can't be made into a function... + */ + +#define PARSE_INT_FORMAT(res, arg, unsig) \ +if (long_flag) \ + res = va_arg(arg, unsig long); \ +else if (short_flag) \ + res = va_arg(arg, unsig short); \ +else \ + res = va_arg(arg, unsig int) + +/* + * zyxprintf - return 0 or -1 + */ + +static int +xyzprintf (struct state *state, const char *format, va_list ap) +{ + char c; + + while((c = *format++)) { + if (c == '%') { + int zerop = 0; + int width = 0; + int prec = 0; + int long_flag = 0; + int short_flag = 0; + + c = *format++; + + /* flags */ + if (c == '0') { + zerop = 1; + c = *format++; + } + + /* width */ + if (isdigit(c)) + do { + width = width * 10 + c - '0'; + c = *format++; + } while(isdigit(c)); + else if(c == '*') { + width = va_arg(ap, int); + c = *format++; + } + + /* precision */ + if (c == '.') { + c = *format++; + if (isdigit(c)) + do { + prec = prec * 10 + c - '0'; + c = *format++; + } while(isdigit(c)); + else if (c == '*') { + prec = va_arg(ap, int); + c = *format++; + } + } + + /* size */ + + if (c == 'h') { + short_flag = 1; + c = *format++; + } else if (c == 'l') { + long_flag = 1; + c = *format++; + } + + switch (c) { + case 'c' : + if ((*state->append_char)(state, (unsigned char)va_arg(ap, int))) + return -1; + break; + case 's' : + if (append_string(state, + va_arg(ap, char*), + prec)) + return -1; + break; + case 'd' : + case 'i' : { + long arg; + unsigned long num; + int minusp = 0; + + PARSE_INT_FORMAT(arg, ap, ); + + if (arg < 0) { + minusp = 1; + num = -arg; + } else + num = arg; + + if (append_number (state, num, 10, "0123456789", + width, zerop, minusp)) + return -1; + break; + } + case 'u' : { + unsigned long arg; + + PARSE_INT_FORMAT(arg, ap, unsigned); + + if (append_number (state, arg, 10, "0123456789", + width, zerop, 0)) + return -1; + break; + } + case 'o' : { + unsigned long arg; + + PARSE_INT_FORMAT(arg, ap, unsigned); + + if (append_number (state, arg, 010, "01234567", + width, zerop, 0)) + return -1; + break; + } + case 'x' : { + unsigned long arg; + + PARSE_INT_FORMAT(arg, ap, unsigned); + + if (append_number (state, arg, 0x10, "0123456789abcdef", + width, zerop, 0)) + return -1; + break; + } + case 'X' :{ + unsigned long arg; + + PARSE_INT_FORMAT(arg, ap, unsigned); + + if (append_number (state, arg, 0x10, "0123456789ABCDEF", + width, zerop, 0)) + return -1; + break; + } + case 'p' : { + unsigned long arg = (unsigned long)va_arg(ap, void*); + + if (append_number (state, arg, 0x10, "0123456789ABCDEF", + width, zerop, 0)) + return -1; + break; + } + case '%' : + if ((*state->append_char)(state, c)) + return -1; + break; + default : + if ( (*state->append_char)(state, '%') + || (*state->append_char)(state, c)) + return -1; + break; + } + } else + if ((*state->append_char) (state, c)) + return -1; + } + return 0; +} + +#ifndef HAVE_SNPRINTF +int +snprintf (char *str, size_t sz, const char *format, ...) +{ + va_list args; + int ret; + + va_start(args, format); + ret = vsnprintf (str, sz, format, args); + +#ifdef PARANOIA + { + int ret2; + char *tmp; + + tmp = malloc (sz); + if (tmp == NULL) + abort (); + + ret2 = vsprintf (tmp, format, args); + if (ret != ret2 || strcmp(str, tmp)) + abort (); + free (tmp); + } +#endif + + va_end(args); + return ret; +} +#endif + +#ifndef HAVE_ASPRINTF +int +asprintf (char **ret, const char *format, ...) +{ + va_list args; + int val; + + va_start(args, format); + val = vasprintf (ret, format, args); + +#ifdef PARANOIA + { + int ret2; + char *tmp; + tmp = malloc (val + 1); + if (tmp == NULL) + abort (); + + ret2 = vsprintf (tmp, format, args); + if (val != ret2 || strcmp(*ret, tmp)) + abort (); + free (tmp); + } +#endif + + va_end(args); + return val; +} +#endif + +#ifndef HAVE_ASNPRINTF +int +asnprintf (char **ret, size_t max_sz, const char *format, ...) +{ + va_list args; + int val; + + va_start(args, format); + val = vasnprintf (ret, max_sz, format, args); + +#ifdef PARANOIA + { + int ret2; + char *tmp; + tmp = malloc (val + 1); + if (tmp == NULL) + abort (); + + ret2 = vsprintf (tmp, format, args); + if (val != ret2 || strcmp(*ret, tmp)) + abort (); + free (tmp); + } +#endif + + va_end(args); + return val; +} +#endif + +#ifndef HAVE_VASPRINTF +int +vasprintf (char **ret, const char *format, va_list args) +{ + return vasnprintf (ret, 0, format, args); +} +#endif + + +#ifndef HAVE_VASNPRINTF +int +vasnprintf (char **ret, size_t max_sz, const char *format, va_list args) +{ + int st; + size_t len; + struct state state; + + state.max_sz = max_sz; + if (max_sz) + state.sz = min(1, max_sz); + else + state.sz = 1; + state.str = malloc(state.sz); + if (state.str == NULL) { + *ret = NULL; + return -1; + } + state.s = state.str; + state.theend = state.s + state.sz - 1; + state.append_char = as_append_char; + state.reserve = as_reserve; + + st = xyzprintf (&state, format, args); + if (st) { + free (state.str); + *ret = NULL; + return -1; + } else { + char *tmp; + + *state.s = '\0'; + len = state.s - state.str; + tmp = realloc (state.str, len+1); + if (state.str == NULL) { + free (state.str); + *ret = NULL; + return -1; + } + *ret = tmp; + return len; + } +} +#endif + +#ifndef HAVE_VSNPRINTF +int +vsnprintf (char *str, size_t sz, const char *format, va_list args) +{ + struct state state; + int ret; + + state.max_sz = 0; + state.sz = sz; + state.str = str; + state.s = str; + state.theend = str + sz - 1; + state.append_char = sn_append_char; + state.reserve = sn_reserve; + + ret = xyzprintf (&state, format, args); + *state.s = '\0'; + if (ret) + return sz; + else + return state.s - state.str; +} +#endif + diff --git a/crypto/kerberosIV/lib/roken/strcasecmp.c b/crypto/kerberosIV/lib/roken/strcasecmp.c new file mode 100644 index 0000000..a268c29 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/strcasecmp.c @@ -0,0 +1,118 @@ +/* + * Copyright (c) 1987, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: strcasecmp.c,v 1.3 1997/04/20 18:04:23 assar Exp $"); +#endif + +#include <string.h> +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#include <sys/cdefs.h> + +#if defined(LIBC_SCCS) && !defined(lint) +static char sccsid[] = "@(#)strcasecmp.c 8.1 (Berkeley) 6/4/93"; +#endif /* LIBC_SCCS and not lint */ + +/* + * This array is designed for mapping upper and lower case letter + * together for a case independent comparison. The mappings are + * based upon ascii character sequences. + */ +static const unsigned char charmap[] = { + '\000', '\001', '\002', '\003', '\004', '\005', '\006', '\007', + '\010', '\011', '\012', '\013', '\014', '\015', '\016', '\017', + '\020', '\021', '\022', '\023', '\024', '\025', '\026', '\027', + '\030', '\031', '\032', '\033', '\034', '\035', '\036', '\037', + '\040', '\041', '\042', '\043', '\044', '\045', '\046', '\047', + '\050', '\051', '\052', '\053', '\054', '\055', '\056', '\057', + '\060', '\061', '\062', '\063', '\064', '\065', '\066', '\067', + '\070', '\071', '\072', '\073', '\074', '\075', '\076', '\077', + '\100', '\141', '\142', '\143', '\144', '\145', '\146', '\147', + '\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157', + '\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167', + '\170', '\171', '\172', '\133', '\134', '\135', '\136', '\137', + '\140', '\141', '\142', '\143', '\144', '\145', '\146', '\147', + '\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157', + '\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167', + '\170', '\171', '\172', '\173', '\174', '\175', '\176', '\177', + '\200', '\201', '\202', '\203', '\204', '\205', '\206', '\207', + '\210', '\211', '\212', '\213', '\214', '\215', '\216', '\217', + '\220', '\221', '\222', '\223', '\224', '\225', '\226', '\227', + '\230', '\231', '\232', '\233', '\234', '\235', '\236', '\237', + '\240', '\241', '\242', '\243', '\244', '\245', '\246', '\247', + '\250', '\251', '\252', '\253', '\254', '\255', '\256', '\257', + '\260', '\261', '\262', '\263', '\264', '\265', '\266', '\267', + '\270', '\271', '\272', '\273', '\274', '\275', '\276', '\277', + '\300', '\301', '\302', '\303', '\304', '\305', '\306', '\307', + '\310', '\311', '\312', '\313', '\314', '\315', '\316', '\317', + '\320', '\321', '\322', '\323', '\324', '\325', '\326', '\327', + '\330', '\331', '\332', '\333', '\334', '\335', '\336', '\337', + '\340', '\341', '\342', '\343', '\344', '\345', '\346', '\347', + '\350', '\351', '\352', '\353', '\354', '\355', '\356', '\357', + '\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367', + '\370', '\371', '\372', '\373', '\374', '\375', '\376', '\377', +}; + +int +strcasecmp(const char *s1, const char *s2) +{ + const unsigned char *cm = charmap, + *us1 = (const unsigned char *)s1, + *us2 = (const unsigned char *)s2; + + while (cm[*us1] == cm[*us2++]) + if (*us1++ == '\0') + return (0); + return (cm[*us1] - cm[*--us2]); +} + +int +strncasecmp(const char *s1, const char *s2, size_t n) +{ + if (n != 0) { + const unsigned char *cm = charmap, + *us1 = (const unsigned char *)s1, + *us2 = (const unsigned char *)s2; + + do { + if (cm[*us1] != cm[*us2++]) + return (cm[*us1] - cm[*--us2]); + if (*us1++ == '\0') + break; + } while (--n != 0); + } + return (0); +} diff --git a/crypto/kerberosIV/lib/roken/strdup.c b/crypto/kerberosIV/lib/roken/strdup.c new file mode 100644 index 0000000..b16992f --- /dev/null +++ b/crypto/kerberosIV/lib/roken/strdup.c @@ -0,0 +1,55 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: strdup.c,v 1.9 1997/04/01 08:19:10 joda Exp $"); +#endif +#include <stdlib.h> +#include <string.h> + +#ifndef HAVE_STRDUP +char * +strdup(const char *old) +{ + char *t = malloc(strlen(old)+1); + if (t != 0) + strcpy(t, old); + return t; +} +#endif diff --git a/crypto/kerberosIV/lib/roken/strerror.c b/crypto/kerberosIV/lib/roken/strerror.c new file mode 100644 index 0000000..3d7b45c --- /dev/null +++ b/crypto/kerberosIV/lib/roken/strerror.c @@ -0,0 +1,62 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: strerror.c,v 1.8 1997/05/02 14:29:33 assar Exp $"); +#endif + +#include <stdio.h> +#include <string.h> +#include <errno.h> + +extern int sys_nerr; +extern char *sys_errlist[]; + +char* +strerror(int eno) +{ + static char emsg[1024]; + + if(eno < 0 || eno >= sys_nerr) + snprintf(emsg, sizeof(emsg), "Error %d occurred.", eno); + else + strcpy(emsg, sys_errlist[eno]); + + return emsg; +} diff --git a/crypto/kerberosIV/lib/roken/strftime.c b/crypto/kerberosIV/lib/roken/strftime.c new file mode 100644 index 0000000..3473778 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/strftime.c @@ -0,0 +1,299 @@ +/* + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif +#include <sys/types.h> +#ifdef TIME_WITH_SYS_TIME +#include <sys/time.h> +#include <time.h> +#elif defined(HAVE_SYS_TIME_H) +#include <sys/time.h> +#else +#include <time.h> +#endif +#define TM_YEAR_BASE 1900 /* from <tzfile.h> */ +#include <string.h> + +static char *afmt[] = { + "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", +}; +static char *Afmt[] = { + "Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", + "Saturday", +}; +static char *bfmt[] = { + "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", + "Oct", "Nov", "Dec", +}; +static char *Bfmt[] = { + "January", "February", "March", "April", "May", "June", "July", + "August", "September", "October", "November", "December", +}; + +static size_t gsize; +static char *pt; + +static int _add (char *); +static int _conv (int, int, int); +#ifdef HAVE_MKTIME +static int _secs (const struct tm *); +#endif /* HAVE_MKTIME */ +static size_t _fmt (const char *, const struct tm *); + +size_t +strftime(char *s, size_t maxsize, const char *format, const struct tm *t) +{ + + pt = s; + if ((gsize = maxsize) < 1) + return(0); + if (_fmt(format, t)) { + *pt = '\0'; + return(maxsize - gsize); + } + return(0); +} + +static size_t +_fmt(const char *format, const struct tm *t) +{ + for (; *format; ++format) { + if (*format == '%') + switch(*++format) { + case '\0': + --format; + break; + case 'A': + if (t->tm_wday < 0 || t->tm_wday > 6) + return(0); + if (!_add(Afmt[t->tm_wday])) + return(0); + continue; + case 'a': + if (t->tm_wday < 0 || t->tm_wday > 6) + return(0); + if (!_add(afmt[t->tm_wday])) + return(0); + continue; + case 'B': + if (t->tm_mon < 0 || t->tm_mon > 11) + return(0); + if (!_add(Bfmt[t->tm_mon])) + return(0); + continue; + case 'b': + case 'h': + if (t->tm_mon < 0 || t->tm_mon > 11) + return(0); + if (!_add(bfmt[t->tm_mon])) + return(0); + continue; + case 'C': + if (!_fmt("%a %b %e %H:%M:%S %Y", t)) + return(0); + continue; + case 'c': + if (!_fmt("%m/%d/%y %H:%M:%S", t)) + return(0); + continue; + case 'D': + if (!_fmt("%m/%d/%y", t)) + return(0); + continue; + case 'd': + if (!_conv(t->tm_mday, 2, '0')) + return(0); + continue; + case 'e': + if (!_conv(t->tm_mday, 2, ' ')) + return(0); + continue; + case 'H': + if (!_conv(t->tm_hour, 2, '0')) + return(0); + continue; + case 'I': + if (!_conv(t->tm_hour % 12 ? + t->tm_hour % 12 : 12, 2, '0')) + return(0); + continue; + case 'j': + if (!_conv(t->tm_yday + 1, 3, '0')) + return(0); + continue; + case 'k': + if (!_conv(t->tm_hour, 2, ' ')) + return(0); + continue; + case 'l': + if (!_conv(t->tm_hour % 12 ? + t->tm_hour % 12 : 12, 2, ' ')) + return(0); + continue; + case 'M': + if (!_conv(t->tm_min, 2, '0')) + return(0); + continue; + case 'm': + if (!_conv(t->tm_mon + 1, 2, '0')) + return(0); + continue; + case 'n': + if (!_add("\n")) + return(0); + continue; + case 'p': + if (!_add(t->tm_hour >= 12 ? "PM" : "AM")) + return(0); + continue; + case 'R': + if (!_fmt("%H:%M", t)) + return(0); + continue; + case 'r': + if (!_fmt("%I:%M:%S %p", t)) + return(0); + continue; + case 'S': + if (!_conv(t->tm_sec, 2, '0')) + return(0); + continue; +#ifdef HAVE_MKTIME + case 's': + if (!_secs(t)) + return(0); + continue; +#endif /* HAVE_MKTIME */ + case 'T': + case 'X': + if (!_fmt("%H:%M:%S", t)) + return(0); + continue; + case 't': + if (!_add("\t")) + return(0); + continue; + case 'U': + if (!_conv((t->tm_yday + 7 - t->tm_wday) / 7, + 2, '0')) + return(0); + continue; + case 'W': + if (!_conv((t->tm_yday + 7 - + (t->tm_wday ? (t->tm_wday - 1) : 6)) + / 7, 2, '0')) + return(0); + continue; + case 'w': + if (!_conv(t->tm_wday, 1, '0')) + return(0); + continue; + case 'x': + if (!_fmt("%m/%d/%y", t)) + return(0); + continue; + case 'y': + if (!_conv((t->tm_year + TM_YEAR_BASE) + % 100, 2, '0')) + return(0); + continue; + case 'Y': + if (!_conv(t->tm_year + TM_YEAR_BASE, 4, '0')) + return(0); + continue; +#ifdef notdef + case 'Z': + if (!t->tm_zone || !_add(t->tm_zone)) + return(0); + continue; +#endif + case '%': + /* + * X311J/88-090 (4.12.3.5): if conversion char is + * undefined, behavior is undefined. Print out the + * character itself as printf(3) does. + */ + default: + break; + } + if (!gsize--) + return(0); + *pt++ = *format; + } + return(gsize); +} + +#ifdef HAVE_MKTIME +static int +_secs(const struct tm *t) +{ + static char buf[15]; + time_t s; + char *p; + struct tm tmp; + + /* Make a copy, mktime(3) modifies the tm struct. */ + tmp = *t; + s = mktime(&tmp); + for (p = buf + sizeof(buf) - 2; s > 0 && p > buf; s /= 10) + *p-- = s % 10 + '0'; + return(_add(++p)); +} +#endif /* HAVE_MKTIME */ + +static int +_conv(int n, int digits, int pad) +{ + static char buf[10]; + char *p; + + for (p = buf + sizeof(buf) - 2; n > 0 && p > buf; n /= 10, --digits) + *p-- = n % 10 + '0'; + while (p > buf && digits-- > 0) + *p-- = pad; + return(_add(++p)); +} + +static int +_add(str) + char *str; +{ + for (;; ++pt, --gsize) { + if (!gsize) + return(0); + if (!(*pt = *str++)) + return(1); + } +} diff --git a/crypto/kerberosIV/lib/roken/strlwr.c b/crypto/kerberosIV/lib/roken/strlwr.c new file mode 100644 index 0000000..0222d8c --- /dev/null +++ b/crypto/kerberosIV/lib/roken/strlwr.c @@ -0,0 +1,58 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: strlwr.c,v 1.3 1997/04/01 08:19:11 joda Exp $"); +#endif +#include <string.h> +#include <ctype.h> + +#include <roken.h> + +#ifndef HAVE_STRLWR +char * +strlwr(char *str) +{ + char *s; + + for(s = str; *s; s++) + *s = tolower(*s); + return str; +} +#endif diff --git a/crypto/kerberosIV/lib/roken/strnlen.c b/crypto/kerberosIV/lib/roken/strnlen.c new file mode 100644 index 0000000..51588f6 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/strnlen.c @@ -0,0 +1,53 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: strnlen.c,v 1.5 1997/04/01 08:19:11 joda Exp $"); +#endif + +#include "roken.h" + +int +strnlen(char *s, int len) +{ + int i; + for(i = 0; i < len && s[i]; i++) + ; + return i; +} diff --git a/crypto/kerberosIV/lib/roken/strtok_r.c b/crypto/kerberosIV/lib/roken/strtok_r.c new file mode 100644 index 0000000..49164d9 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/strtok_r.c @@ -0,0 +1,70 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: strtok_r.c,v 1.4 1997/05/19 03:05:47 assar Exp $"); +#endif + +#include <string.h> + +#include "roken.h" + +#ifndef HAVE_STRTOK_R + +char * +strtok_r(char *s1, const char *s2, char **lasts) +{ + char *ret; + + if (s1 == NULL) + s1 = *lasts; + while(*s1 && strchr(s2, *s1)) + ++s1; + if(*s1 == '\0') + return NULL; + ret = s1; + while(*s1 && !strchr(s2, *s1)) + ++s1; + if(*s1) + *s1++ = '\0'; + *lasts = s1; + return ret; +} + +#endif /* HAVE_STRTOK_R */ diff --git a/crypto/kerberosIV/lib/roken/strupr.c b/crypto/kerberosIV/lib/roken/strupr.c new file mode 100644 index 0000000..c5674f7 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/strupr.c @@ -0,0 +1,58 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: strupr.c,v 1.3 1997/04/01 08:19:13 joda Exp $"); +#endif +#include <string.h> +#include <ctype.h> + +#include <roken.h> + +#ifndef HAVE_STRUPR +char * +strupr(char *str) +{ + char *s; + + for(s = str; *s; s++) + *s = toupper(*s); + return str; +} +#endif diff --git a/crypto/kerberosIV/lib/roken/tm2time.c b/crypto/kerberosIV/lib/roken/tm2time.c new file mode 100644 index 0000000..f4423ff --- /dev/null +++ b/crypto/kerberosIV/lib/roken/tm2time.c @@ -0,0 +1,66 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: tm2time.c,v 1.6 1997/04/20 05:51:30 assar Exp $"); +#endif + +#ifdef TIME_WITH_SYS_TIME +#include <sys/time.h> +#include <time.h> +#elif defined(HAVE_SYS_TIME_H) +#include <sys/time.h> +#else +#include <time.h> +#endif +#include "roken.h" + +time_t +tm2time (struct tm tm, int local) +{ + time_t t; + + tm.tm_isdst = -1; + + t = mktime (&tm); + + if (!local) + t += t - mktime (gmtime (&t)); + return t; +} diff --git a/crypto/kerberosIV/lib/roken/unsetenv.c b/crypto/kerberosIV/lib/roken/unsetenv.c new file mode 100644 index 0000000..67fb750 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/unsetenv.c @@ -0,0 +1,75 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: unsetenv.c,v 1.6 1997/04/01 08:19:14 joda Exp $"); +#endif + +#include <stdlib.h> +#include <string.h> + +#include "roken.h" + +extern char **environ; + +/* + * unsetenv -- + */ +void +unsetenv(const char *name) +{ + int len; + const char *np; + char **p; + + if (name == 0 || environ == 0) + return; + + for (np = name; *np && *np != '='; np++) + /* nop */; + len = np - name; + + for (p = environ; *p != 0; p++) + if (strncmp(*p, name, len) == 0 && (*p)[len] == '=') + break; + + for (; *p != 0; p++) + *p = *(p + 1); +} + diff --git a/crypto/kerberosIV/lib/roken/verify.c b/crypto/kerberosIV/lib/roken/verify.c new file mode 100644 index 0000000..65eafcc --- /dev/null +++ b/crypto/kerberosIV/lib/roken/verify.c @@ -0,0 +1,67 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: verify.c,v 1.12 1997/04/01 08:19:15 joda Exp $"); +#endif + +#include <stdio.h> +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_CRYPT_H +#include <crypt.h> +#endif +#include "roken.h" + +int +unix_verify_user(char *user, char *password) +{ + struct passwd *pw; + + pw = k_getpwnam(user); + if(pw == NULL) + return -1; + if(strlen(pw->pw_passwd) == 0 && strlen(password) == 0) + return 0; + if(strcmp(crypt(password, pw->pw_passwd), pw->pw_passwd) == 0) + return 0; + return -1; +} + diff --git a/crypto/kerberosIV/lib/roken/verr.c b/crypto/kerberosIV/lib/roken/verr.c new file mode 100644 index 0000000..f5d8f25 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/verr.c @@ -0,0 +1,50 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: verr.c,v 1.6 1997/03/30 08:05:38 joda Exp $"); +#endif + +#include "err.h" + +void +verr(int eval, const char *fmt, va_list ap) +{ + warnerr(1, eval, 1, fmt, ap); +} diff --git a/crypto/kerberosIV/lib/roken/verrx.c b/crypto/kerberosIV/lib/roken/verrx.c new file mode 100644 index 0000000..bc25aa0 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/verrx.c @@ -0,0 +1,50 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: verrx.c,v 1.6 1997/03/30 08:05:39 joda Exp $"); +#endif + +#include "err.h" + +void +verrx(int eval, const char *fmt, va_list ap) +{ + warnerr(1, eval, 0, fmt, ap); +} diff --git a/crypto/kerberosIV/lib/roken/vwarn.c b/crypto/kerberosIV/lib/roken/vwarn.c new file mode 100644 index 0000000..144dd08 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/vwarn.c @@ -0,0 +1,50 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: vwarn.c,v 1.6 1997/03/30 08:05:39 joda Exp $"); +#endif + +#include "err.h" + +void +vwarn(const char *fmt, va_list ap) +{ + warnerr(0, 0, 1, fmt, ap); +} diff --git a/crypto/kerberosIV/lib/roken/vwarnx.c b/crypto/kerberosIV/lib/roken/vwarnx.c new file mode 100644 index 0000000..540c2a6 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/vwarnx.c @@ -0,0 +1,51 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: vwarnx.c,v 1.6 1997/03/30 08:05:40 joda Exp $"); +#endif + +#include "err.h" + +void +vwarnx(const char *fmt, va_list ap) +{ + warnerr(0, 0, 0, fmt, ap); +} + diff --git a/crypto/kerberosIV/lib/roken/warn.c b/crypto/kerberosIV/lib/roken/warn.c new file mode 100644 index 0000000..5af5d8d --- /dev/null +++ b/crypto/kerberosIV/lib/roken/warn.c @@ -0,0 +1,53 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: warn.c,v 1.5 1997/03/30 08:05:40 joda Exp $"); +#endif + +#include "err.h" + +void +warn(const char *fmt, ...) +{ + va_list ap; + va_start(ap, fmt); + vwarn(fmt, ap); + va_end(ap); +} diff --git a/crypto/kerberosIV/lib/roken/warnerr.c b/crypto/kerberosIV/lib/roken/warnerr.c new file mode 100644 index 0000000..61fa26a --- /dev/null +++ b/crypto/kerberosIV/lib/roken/warnerr.c @@ -0,0 +1,86 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: warnerr.c,v 1.6 1997/04/02 14:59:54 bg Exp $"); +#endif + +#include "roken.h" +#include "err.h" + +#ifndef HAVE___PROGNAME +const char *__progname; +#endif + +void +set_progname(char *argv0) +{ +#ifndef HAVE___PROGNAME + char *p; + if(argv0 == NULL) + return; + p = strrchr(argv0, '/'); + if(p == NULL) + p = argv0; + else + p++; + __progname = p; +#endif +} + +void +warnerr(int doexit, int eval, int doerrno, const char *fmt, va_list ap) +{ + int sverrno = errno; + if(__progname != NULL){ + fprintf(stderr, "%s", __progname); + if(fmt != NULL || doerrno) + fprintf(stderr, ": "); + } + if (fmt != NULL){ + vfprintf(stderr, fmt, ap); + if(doerrno) + fprintf(stderr, ": "); + } + if(doerrno) + fprintf(stderr, "%s", strerror(sverrno)); + fprintf(stderr, "\n"); + if(doexit) + exit(eval); +} diff --git a/crypto/kerberosIV/lib/roken/warnx.c b/crypto/kerberosIV/lib/roken/warnx.c new file mode 100644 index 0000000..bf7b076 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/warnx.c @@ -0,0 +1,53 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: warnx.c,v 1.5 1997/03/30 08:05:41 joda Exp $"); +#endif + +#include "err.h" + +void +warnx(const char *fmt, ...) +{ + va_list ap; + va_start(ap, fmt); + vwarnx(fmt, ap); + va_end(ap); +} diff --git a/crypto/kerberosIV/lib/roken/xdbm.h b/crypto/kerberosIV/lib/roken/xdbm.h new file mode 100644 index 0000000..c3e4781 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/xdbm.h @@ -0,0 +1,75 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: xdbm.h,v 1.2 1997/04/01 08:19:16 joda Exp $ */ + +/* Generic *dbm include file */ + +#ifndef __XDBM_H__ +#define __XDBM_H__ + +#ifdef HAVE_NDBM_H +#include <ndbm.h> +#elif defined(HAVE_DBM_H) +#include <dbm.h> +#elif defined(HAVE_RPCSVC_DBM_H) +#include <rpcsvc/dbm.h> +#endif + +/* Macros to convert ndbm names to dbm names. + * Note that dbm_nextkey() cannot be simply converted using a macro, since + * it is invoked giving the database, and nextkey() needs the previous key. + * + * Instead, all routines call "dbm_next" instead. + */ + +#ifndef NDBM +typedef char DBM; + +#define dbm_open(file, flags, mode) ((dbminit(file) == 0)?"":((char *)0)) +#define dbm_fetch(db, key) fetch(key) +#define dbm_store(db, key, content, flag) store(key, content) +#define dbm_delete(db, key) delete(key) +#define dbm_firstkey(db) firstkey() +#define dbm_next(db,key) nextkey(key) +#define dbm_close(db) dbmclose() +#else +#define dbm_next(db,key) dbm_nextkey(db) +#endif + +#endif /* __XDBM_H__ */ diff --git a/crypto/kerberosIV/lib/sl/Makefile.in b/crypto/kerberosIV/lib/sl/Makefile.in new file mode 100644 index 0000000..b89799b --- /dev/null +++ b/crypto/kerberosIV/lib/sl/Makefile.in @@ -0,0 +1,84 @@ +# +# $Id: Makefile.in,v 1.8 1997/05/06 03:47:56 assar Exp $ +# + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ + +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ + +PICFLAGS = @PICFLAGS@ + +LIBNAME = $(LIBPREFIX)sl +LIBEXT = @LIBEXT@ +SHLIBEXT = @SHLIBEXT@ +LIBPREFIX = @LIBPREFIX@ +LDSHARED = @LDSHARED@ +LIB = $(LIBNAME).$(LIBEXT) +PROGS = + +LIB_SOURCES = sl.c + +SOURCES = $(LIB_SOURCES) + +LIB_OBJECTS = sl.o + +OBJECTS = $(LIB_OBJECTS) + +all: $(LIB) $(PROGS) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) -I$(srcdir)/../des $(CFLAGS) $(PICFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(libdir) + $(INSTALL_DATA) -m 0555 $(LIB) $(libdir) + +uninstall: + rm -f $(libdir)/$(LIB) + +TAGS: $(SOURCES) + etags $(SOURCES) + +check: + +clean: + rm -f $(LIB) $(PROGS) *.o *.a + +mostlyclean: clean + +distclean: clean + rm -f Makefile *~ + +realclean: distclean + rm -f TAGS + +$(LIBNAME).a: $(LIB_OBJECTS) + rm -f $@ + $(AR) cr $@ $(LIB_OBJECTS) + -$(RANLIB) $@ + +$(LIBNAME).$(SHLIBEXT): $(LIB_OBJECTS) + rm -f $@ + $(LDSHARED) -o $@ $(LIB_OBJECTS) + +$(OBJECTS): ../../include/config.h + +.PHONY: all install uninstall check clean mostlyclean distclean realclean diff --git a/crypto/kerberosIV/lib/sl/sl.c b/crypto/kerberosIV/lib/sl/sl.c new file mode 100644 index 0000000..adf71f5 --- /dev/null +++ b/crypto/kerberosIV/lib/sl/sl.c @@ -0,0 +1,190 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: sl.c,v 1.12 1997/06/01 03:15:07 assar Exp $"); +#endif + +#include "sl_locl.h" + +static SL_cmd * +sl_match (SL_cmd *cmds, char *cmd, int exactp) +{ + SL_cmd *c, *current = NULL, *partial_cmd = NULL; + int partial_match = 0; + + for (c = cmds; c->name; ++c) { + if (c->func) + current = c; + if (strcmp (cmd, c->name) == 0) + return current; + else if (strncmp (cmd, c->name, strlen(cmd)) == 0 && + partial_cmd != current) { + ++partial_match; + partial_cmd = current; + } + } + if (partial_match == 1 && !exactp) + return partial_cmd; + else + return NULL; +} + +void +sl_help (SL_cmd *cmds, int argc, char **argv) +{ + SL_cmd *c, *prev_c; + + if (argc == 1) { + prev_c = NULL; + for (c = cmds; c->name; ++c) { + if (c->func) { + if(prev_c) + printf ("\n\t%s%s", prev_c->usage ? prev_c->usage : "", + prev_c->usage ? "\n" : ""); + prev_c = c; + printf ("%s", c->name); + } else + printf (", %s", c->name); + } + if(prev_c) + printf ("\n\t%s%s", prev_c->usage ? prev_c->usage : "", + prev_c->usage ? "\n" : ""); + } else { + c = sl_match (cmds, argv[1], 0); + if (c == NULL) + printf ("No such command: %s. Try \"help\" for a list of all commands\n", + argv[1]); + else { + printf ("%s\t%s", c->name, c->usage); + if((++c)->name && c->func == NULL) { + printf ("\nSynonyms:"); + while (c->name && c->func == NULL) + printf ("\t%s", (c++)->name); + } + printf ("\n"); + } + } +} + +#ifdef HAVE_READLINE + +char *readline(char *prompt); +void add_history(char *p); + +#else + +static char * +readline(char *prompt) +{ + char buf[BUFSIZ]; + printf ("%s", prompt); + fflush (stdout); + if(fgets(buf, sizeof(buf), stdin) == NULL) + return NULL; + if (buf[strlen(buf) - 1] == '\n') + buf[strlen(buf) - 1] = '\0'; + return strdup(buf); +} + +static void +add_history(char *p) +{ +} + +#endif + +int +sl_loop (SL_cmd *cmds, char *prompt) +{ + unsigned max_count; + char **ptr; + + max_count = 17; + ptr = malloc(max_count * sizeof(*ptr)); + if (ptr == NULL) { + printf ("sl_loop: failed to allocate %u bytes of memory\n", + (int) max_count * sizeof(*ptr)); + return -1; + } + + for (;;) { + char *buf; + unsigned count; + SL_cmd *c; + + buf = readline(prompt); + if(buf == NULL) + break; + + if(*buf) + add_history(buf); + count = 0; + { + char *foo = NULL; + char *p; + + for(p = strtok_r (buf, " \t", &foo); + p; + p = strtok_r (NULL, " \t", &foo)) { + if(count == max_count) { + max_count *= 2; + ptr = realloc (ptr, max_count * sizeof(*ptr)); + if (ptr == NULL) { + printf ("sl_loop: failed to allocate %u " + "bytes of memory\n", + (unsigned) max_count * sizeof(*ptr)); + return -1; + } + } + ptr[count++] = p; + } + } + if (count > 0) { + c = sl_match (cmds, ptr[0], 0); + if (c) + (*c->func)(count, ptr); + else + printf ("Unrecognized command: %s\n", ptr[0]); + } + free(buf); + } + free (ptr); + return 0; +} diff --git a/crypto/kerberosIV/lib/sl/sl.h b/crypto/kerberosIV/lib/sl/sl.h new file mode 100644 index 0000000..158e590 --- /dev/null +++ b/crypto/kerberosIV/lib/sl/sl.h @@ -0,0 +1,58 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: sl.h,v 1.2 1997/04/01 08:19:18 joda Exp $ */ + +#ifndef _SL_H +#define _SL_H + +typedef void (*cmd_func)(int, char **); + +struct sl_cmd { + char *name; + cmd_func func; + char *usage; + char *help; +}; + +typedef struct sl_cmd SL_cmd; + +void sl_help (SL_cmd *, int argc, char **argv); +int sl_loop (SL_cmd *, char *prompt); + +#endif /* _SL_H */ diff --git a/crypto/kerberosIV/lib/sl/sl_locl.h b/crypto/kerberosIV/lib/sl/sl_locl.h new file mode 100644 index 0000000..ddf25bb --- /dev/null +++ b/crypto/kerberosIV/lib/sl/sl_locl.h @@ -0,0 +1,48 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: sl_locl.h,v 1.3 1997/04/01 08:19:18 joda Exp $ */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include <roken.h> +#include <protos.h> + +#include <sl.h> |
