summaryrefslogtreecommitdiffstats
path: root/eBones/lib
diff options
context:
space:
mode:
authormarkm <markm@FreeBSD.org>1997-10-03 09:49:50 +0000
committermarkm <markm@FreeBSD.org>1997-10-03 09:49:50 +0000
commit15be8862e67c696a6f1810713399e2a40d8721fb (patch)
tree4177a0bb006b8fb78866b63d3e34f555321d451d /eBones/lib
parent6a495d7ea05780e468fe03fc7ae9cafc6b416e81 (diff)
downloadFreeBSD-src-15be8862e67c696a6f1810713399e2a40d8721fb.zip
FreeBSD-src-15be8862e67c696a6f1810713399e2a40d8721fb.tar.gz
*GULP* Punt this into the attic. It is no longer used.
Diffstat (limited to 'eBones/lib')
-rw-r--r--eBones/lib/Makefile6
-rw-r--r--eBones/lib/Makefile.inc4
-rw-r--r--eBones/lib/libacl/Makefile12
-rw-r--r--eBones/lib/libacl/acl_check.3183
-rw-r--r--eBones/lib/libacl/acl_files.c555
-rw-r--r--eBones/lib/libacl/acl_files.doc107
-rw-r--r--eBones/lib/libkadm/EXPORTABLE4
-rw-r--r--eBones/lib/libkadm/Makefile18
-rw-r--r--eBones/lib/libkadm/kadm.h164
-rw-r--r--eBones/lib/libkadm/kadm_cli_wrap.c514
-rw-r--r--eBones/lib/libkadm/kadm_err.et53
-rw-r--r--eBones/lib/libkadm/kadm_stream.c286
-rw-r--r--eBones/lib/libkadm/kadm_supp.c118
-rw-r--r--eBones/lib/libkdb/Makefile8
-rw-r--r--eBones/lib/libkdb/krb_cache.c181
-rw-r--r--eBones/lib/libkdb/krb_dbl.c1
-rw-r--r--eBones/lib/libkdb/krb_dbm.c789
-rw-r--r--eBones/lib/libkdb/krb_kdb_utils.c148
-rw-r--r--eBones/lib/libkdb/krb_lib.c242
-rw-r--r--eBones/lib/libkdb/print_princ.c51
-rw-r--r--eBones/lib/libkrb/Makefile52
-rw-r--r--eBones/lib/libkrb/add_ticket.c91
-rw-r--r--eBones/lib/libkrb/create_auth_reply.c118
-rw-r--r--eBones/lib/libkrb/create_ciph.c112
-rw-r--r--eBones/lib/libkrb/create_death_packet.c65
-rw-r--r--eBones/lib/libkrb/create_ticket.c132
-rw-r--r--eBones/lib/libkrb/debug_decl.c20
-rw-r--r--eBones/lib/libkrb/decomp_ticket.c126
-rw-r--r--eBones/lib/libkrb/des_rw.c258
-rw-r--r--eBones/lib/libkrb/dest_tkt.c92
-rw-r--r--eBones/lib/libkrb/extract_ticket.c61
-rw-r--r--eBones/lib/libkrb/fgetst.c42
-rw-r--r--eBones/lib/libkrb/get_ad_tkt.c237
-rw-r--r--eBones/lib/libkrb/get_admhst.c82
-rw-r--r--eBones/lib/libkrb/get_cred.c63
-rw-r--r--eBones/lib/libkrb/get_in_tkt.c286
-rw-r--r--eBones/lib/libkrb/get_krbhst.c87
-rw-r--r--eBones/lib/libkrb/get_krbrlm.c62
-rw-r--r--eBones/lib/libkrb/get_phost.c55
-rw-r--r--eBones/lib/libkrb/get_pw_tkt.c75
-rw-r--r--eBones/lib/libkrb/get_request.c55
-rw-r--r--eBones/lib/libkrb/get_svc_in_tkt.c77
-rw-r--r--eBones/lib/libkrb/get_tf_fullname.c69
-rw-r--r--eBones/lib/libkrb/get_tf_realm.c37
-rw-r--r--eBones/lib/libkrb/getrealm.c106
-rw-r--r--eBones/lib/libkrb/getst.c41
-rw-r--r--eBones/lib/libkrb/in_tkt.c146
-rw-r--r--eBones/lib/libkrb/k_gethostname.c71
-rw-r--r--eBones/lib/libkrb/klog.c110
-rw-r--r--eBones/lib/libkrb/kname_parse.c239
-rw-r--r--eBones/lib/libkrb/kntoln.c63
-rw-r--r--eBones/lib/libkrb/kparse.c776
-rw-r--r--eBones/lib/libkrb/krb.3508
-rw-r--r--eBones/lib/libkrb/krb_err.et269
-rw-r--r--eBones/lib/libkrb/krb_err_txt.c280
-rw-r--r--eBones/lib/libkrb/krb_get_in_tkt.c301
-rw-r--r--eBones/lib/libkrb/krb_realmofhost.3161
-rw-r--r--eBones/lib/libkrb/krb_sendauth.3356
-rw-r--r--eBones/lib/libkrb/krb_set_tkt_string.343
-rw-r--r--eBones/lib/libkrb/krbglue.c258
-rw-r--r--eBones/lib/libkrb/kuserok.363
-rw-r--r--eBones/lib/libkrb/kuserok.c199
-rw-r--r--eBones/lib/libkrb/log.c125
-rw-r--r--eBones/lib/libkrb/mk_err.c65
-rw-r--r--eBones/lib/libkrb/mk_priv.c207
-rw-r--r--eBones/lib/libkrb/mk_req.c198
-rw-r--r--eBones/lib/libkrb/mk_safe.c171
-rw-r--r--eBones/lib/libkrb/month_sname.c33
-rw-r--r--eBones/lib/libkrb/netread.c50
-rw-r--r--eBones/lib/libkrb/netwrite.c46
-rw-r--r--eBones/lib/libkrb/one.c22
-rw-r--r--eBones/lib/libkrb/pkt_cipher.c40
-rw-r--r--eBones/lib/libkrb/pkt_clen.c58
-rw-r--r--eBones/lib/libkrb/rd_err.c82
-rw-r--r--eBones/lib/libkrb/rd_priv.c207
-rw-r--r--eBones/lib/libkrb/rd_req.c331
-rw-r--r--eBones/lib/libkrb/rd_safe.c183
-rw-r--r--eBones/lib/libkrb/read_service_key.c124
-rw-r--r--eBones/lib/libkrb/recvauth.c290
-rw-r--r--eBones/lib/libkrb/save_credentials.c56
-rw-r--r--eBones/lib/libkrb/send_to_kdc.c527
-rw-r--r--eBones/lib/libkrb/sendauth.c259
-rw-r--r--eBones/lib/libkrb/stime.c43
-rw-r--r--eBones/lib/libkrb/tf_shm.c176
-rw-r--r--eBones/lib/libkrb/tf_util.3151
-rw-r--r--eBones/lib/libkrb/tf_util.c581
-rw-r--r--eBones/lib/libkrb/tkt_string.c80
-rw-r--r--eBones/lib/libkrb/util.c75
-rw-r--r--eBones/lib/librkinit/Makefile17
-rw-r--r--eBones/lib/librkinit/rk_krb.c316
-rw-r--r--eBones/lib/librkinit/rk_lib.c100
-rw-r--r--eBones/lib/librkinit/rk_rpc.c390
-rw-r--r--eBones/lib/librkinit/rk_util.c214
-rw-r--r--eBones/lib/librkinit/rkinit.3167
-rw-r--r--eBones/lib/librkinit/rkinit_err.et32
-rw-r--r--eBones/lib/libtelnet/Makefile23
-rw-r--r--eBones/lib/libtelnet/auth-proto.h100
-rw-r--r--eBones/lib/libtelnet/auth.c674
-rw-r--r--eBones/lib/libtelnet/auth.h87
-rw-r--r--eBones/lib/libtelnet/enc-proto.h126
-rw-r--r--eBones/lib/libtelnet/enc_des.c720
-rw-r--r--eBones/lib/libtelnet/encrypt.c1016
-rw-r--r--eBones/lib/libtelnet/encrypt.h108
-rw-r--r--eBones/lib/libtelnet/genget.c104
-rw-r--r--eBones/lib/libtelnet/getent.c68
-rw-r--r--eBones/lib/libtelnet/kerberos.c550
-rw-r--r--eBones/lib/libtelnet/kerberos5.c764
-rw-r--r--eBones/lib/libtelnet/key-proto.h71
-rw-r--r--eBones/lib/libtelnet/krb4encpwd.c445
-rw-r--r--eBones/lib/libtelnet/misc-proto.h79
-rw-r--r--eBones/lib/libtelnet/misc.c98
-rw-r--r--eBones/lib/libtelnet/misc.h42
-rw-r--r--eBones/lib/libtelnet/read_password.c145
-rw-r--r--eBones/lib/libtelnet/rsaencpwd.c492
-rw-r--r--eBones/lib/libtelnet/spx.c587
115 files changed, 0 insertions, 21503 deletions
diff --git a/eBones/lib/Makefile b/eBones/lib/Makefile
deleted file mode 100644
index 206bcaa..0000000
--- a/eBones/lib/Makefile
+++ /dev/null
@@ -1,6 +0,0 @@
-# From: @(#)Makefile 5.1 (Berkeley) 6/25/90
-# $Id$
-
-SUBDIR= libacl libkdb libkrb libkadm librkinit
-
-.include <bsd.subdir.mk>
diff --git a/eBones/lib/Makefile.inc b/eBones/lib/Makefile.inc
deleted file mode 100644
index b0b4ed2..0000000
--- a/eBones/lib/Makefile.inc
+++ /dev/null
@@ -1,4 +0,0 @@
-SHLIB_MAJOR?= 2
-SHLIB_MINOR?= 0
-
-.include "../Makefile.inc"
diff --git a/eBones/lib/libacl/Makefile b/eBones/lib/libacl/Makefile
deleted file mode 100644
index 927db02..0000000
--- a/eBones/lib/libacl/Makefile
+++ /dev/null
@@ -1,12 +0,0 @@
-# From: @(#)Makefile 5.1 (Berkeley) 6/25/90
-# $Id$
-
-LIB= acl
-CFLAGS+=-DDEBUG -DKERBEROS
-SRCS= acl_files.c
-MAN3= acl_check.3
-MLINKS= acl_check.3 acl_canonicalize_principal.3 \
- acl_check.3 acl_exact_match.3 acl_check.3 acl_add.3 \
- acl_check.3 acl_delete.3 acl_check.3 acl_initialize.3
-
-.include <bsd.lib.mk>
diff --git a/eBones/lib/libacl/acl_check.3 b/eBones/lib/libacl/acl_check.3
deleted file mode 100644
index 6cb2eee..0000000
--- a/eBones/lib/libacl/acl_check.3
+++ /dev/null
@@ -1,183 +0,0 @@
-.\" from: acl_check.3,v 4.1 89/01/23 11:06:54 jtkohl Exp $
-.\" $Id$
-.\" Copyright 1989 by the Massachusetts Institute of Technology.
-.\"
-.\" For copying and distribution information,
-.\" please see the file <Copyright.MIT>.
-.\"
-.TH ACL_CHECK 3 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-acl_canonicalize_principal, acl_check, acl_exact_match, acl_add,
-acl_delete, acl_initialize \- Access control list routines
-.SH SYNOPSIS
-.nf
-.nj
-.ft B
-cc <files> \-lacl \-lkrb
-.PP
-.ft B
-#include <kerberosIV/krb.h>
-.PP
-.ft B
-acl_canonicalize_principal(principal, buf)
-char *principal;
-char *buf;
-.PP
-.ft B
-acl_check(acl, principal)
-char *acl;
-char *principal;
-.PP
-.ft B
-acl_exact_match(acl, principal)
-char *acl;
-char *principal;
-.PP
-.ft B
-acl_add(acl, principal)
-char *acl;
-char *principal;
-.PP
-.ft B
-acl_delete(acl, principal)
-char *acl;
-char *principal;
-.PP
-.ft B
-acl_initialize(acl_file, mode)
-char *acl_file;
-int mode;
-.fi
-.ft R
-.SH DESCRIPTION
-.SS Introduction
-.PP
-An access control list (ACL) is a list of principals, where each
-principal is represented by a text string which cannot contain
-whitespace. The library allows application programs to refer to named
-access control lists to test membership and to atomically add and
-delete principals using a natural and intuitive interface. At
-present, the names of access control lists are required to be Unix
-filenames, and refer to human-readable Unix files; in the future, when
-a networked ACL server is implemented, the names may refer to a
-different namespace specific to the ACL service.
-.PP
-.SS Principal Names
-.PP
-Principal names have the form
-.nf
-.in +5n
-<name>[.<instance>][@<realm>]
-.in -5n
-e.g.:
-.in +5n
-asp
-asp.root
-asp@ATHENA.MIT.EDU
-asp.@ATHENA.MIT.EDU
-asp.root@ATHENA.MIT.EDU
-.in -5n
-.fi
-It is possible for principals to be underspecified. If an instance is
-missing, it is assumed to be "". If realm is missing, it is assumed
-to be the local realm as determined by
-.IR krb_get_lrealm (3).
-The canonical form contains all of name, instance,
-and realm; the acl_add and acl_delete routines will always
-leave the file in that form. Note that the canonical form of
-asp@ATHENA.MIT.EDU is actually asp.@ATHENA.MIT.EDU.
-.SS Routines
-.PP
-.I acl_canonicalize_principal
-stores the canonical form of
-.I principal
-in
-.IR buf .
-.I Buf
-must contain enough
-space to store a principal, given the limits on the sizes of name,
-instance, and realm specified as ANAME_SZ, INST_SZ, and REALM_SZ,
-respectively, in
-.IR /usr/include/kerberosIV/krb.h .
-.PP
-.I acl_check
-returns nonzero if
-.I principal
-appears in
-.IR acl .
-Returns 0 if principal
-does not appear in acl, or if an error occurs. Canonicalizes
-principal before checking, and allows the ACL to contain wildcards. The
-only supported wildcards are entries of the form
-name.*@realm, *.*@realm, and *.*@*. An asterisk matches any value for the
-its component field. For example, "jtkohl.*@*" would match principal
-jtkohl, with any instance and any realm.
-.PP
-.I acl_exact_match
-performs like
-.IR acl_check ,
-but does no canonicalization or wildcard matching.
-.PP
-.I acl_add
-atomically adds
-.I principal
-to
-.IR acl .
-Returns 0 if successful, nonzero otherwise. It is considered a failure
-if
-.I principal
-is already in
-.IR acl .
-This routine will canonicalize
-.IR principal ,
-but will treat wildcards literally.
-.PP
-.I acl_delete
-atomically deletes
-.I principal
-from
-.IR acl .
-Returns 0 if successful,
-nonzero otherwise. It is considered a failure if
-.I principal
-is not
-already in
-.IR acl .
-This routine will canonicalize
-.IR principal ,
-but will treat wildcards literally.
-.PP
-.I acl_initialize
-initializes
-.IR acl_file .
-If the file
-.I acl_file
-does not exist,
-.I acl_initialize
-creates it with mode
-.IR mode .
-If the file
-.I acl_file
-exists,
-.I acl_initialize
-removes all members. Returns 0 if successful,
-nonzero otherwise. WARNING: Mode argument is likely to change with
-the eventual introduction of an ACL service.
-.SH NOTES
-In the presence of concurrency, there is a very small chance that
-.I acl_add
-or
-.I acl_delete
-could report success even though it would have
-had no effect. This is a necessary side effect of using lock files
-for concurrency control rather than flock(2), which is not supported
-by NFS.
-.PP
-The current implementation caches ACLs in memory in a hash-table
-format for increased efficiency in checking membership; one effect of
-the caching scheme is that one file descriptor will be kept open for
-each ACL cached, up to a maximum of 8.
-.SH SEE ALSO
-kerberos(3), krb_get_lrealm(3)
-.SH AUTHOR
-James Aspnes (MIT Project Athena)
diff --git a/eBones/lib/libacl/acl_files.c b/eBones/lib/libacl/acl_files.c
deleted file mode 100644
index c5fe861..0000000
--- a/eBones/lib/libacl/acl_files.c
+++ /dev/null
@@ -1,555 +0,0 @@
-/*
- *
- * Copyright 1987,1989 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- * from: acl_files.c,v 4.4 89/12/19 13:30:53 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif lint
-#endif
-
-
-/*** Routines for manipulating access control list files ***/
-
-#include <unistd.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <strings.h>
-#include <sys/file.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/errno.h>
-#include <ctype.h>
-#include "krb.h"
-
-__BEGIN_DECLS
-static int acl_abort __P((char *, FILE *));
-__END_DECLS
-
-#ifndef KRB_REALM
-#define KRB_REALM "ATHENA.MIT.EDU"
-#endif
-
-/* "aname.inst@realm" */
-#define MAX_PRINCIPAL_SIZE (ANAME_SZ + INST_SZ + REALM_SZ + 3)
-#define INST_SEP '.'
-#define REALM_SEP '@'
-
-#define LINESIZE 2048 /* Maximum line length in an acl file */
-
-#define NEW_FILE "%s.~NEWACL~" /* Format for name of altered acl file */
-#define WAIT_TIME 300 /* Maximum time allowed write acl file */
-
-#define CACHED_ACLS 8 /* How many acls to cache */
- /* Each acl costs 1 open file descriptor */
-#define ACL_LEN 16 /* Twice a reasonable acl length */
-
-#define MAX(a,b) (((a)>(b))?(a):(b))
-#define MIN(a,b) (((a)<(b))?(a):(b))
-
-#define COR(a,b) ((a!=NULL)?(a):(b))
-
-/* Canonicalize a principal name */
-/* If instance is missing, it becomes "" */
-/* If realm is missing, it becomes the local realm */
-/* Canonicalized form is put in canon, which must be big enough to hold
- MAX_PRINCIPAL_SIZE characters */
-void
-acl_canonicalize_principal(principal, canon)
-char *principal;
-char *canon;
-{
- char *dot, *atsign, *end;
- int len;
-
- dot = index(principal, INST_SEP);
- atsign = index(principal, REALM_SEP);
-
- /* Maybe we're done already */
- if(dot != NULL && atsign != NULL) {
- if(dot < atsign) {
- /* It's for real */
- /* Copy into canon */
- strncpy(canon, principal, MAX_PRINCIPAL_SIZE);
- canon[MAX_PRINCIPAL_SIZE-1] = '\0';
- return;
- } else {
- /* Nope, it's part of the realm */
- dot = NULL;
- }
- }
-
- /* No such luck */
- end = principal + strlen(principal);
-
- /* Get the principal name */
- len = MIN(ANAME_SZ, COR(dot, COR(atsign, end)) - principal);
- strncpy(canon, principal, len);
- canon += len;
-
- /* Add INST_SEP */
- *canon++ = INST_SEP;
-
- /* Get the instance, if it exists */
- if(dot != NULL) {
- ++dot;
- len = MIN(INST_SZ, COR(atsign, end) - dot);
- strncpy(canon, dot, len);
- canon += len;
- }
-
- /* Add REALM_SEP */
- *canon++ = REALM_SEP;
-
- /* Get the realm, if it exists */
- /* Otherwise, default to local realm */
- if(atsign != NULL) {
- ++atsign;
- len = MIN(REALM_SZ, end - atsign);
- strncpy(canon, atsign, len);
- canon += len;
- *canon++ = '\0';
- } else if(krb_get_lrealm(canon, 1) != KSUCCESS) {
- strcpy(canon, KRB_REALM);
- }
-}
-
-/* Get a lock to modify acl_file */
-/* Return new FILE pointer */
-/* or NULL if file cannot be modified */
-/* REQUIRES WRITE PERMISSION TO CONTAINING DIRECTORY */
-static FILE *
-acl_lock_file(acl_file)
-char *acl_file;
-{
- struct stat s;
- char new[LINESIZE];
- int nfd;
- FILE *nf;
- int mode;
-
- if(stat(acl_file, &s) < 0) return(NULL);
- mode = s.st_mode;
- sprintf(new, NEW_FILE, acl_file);
- for(;;) {
- /* Open the new file */
- if((nfd = open(new, O_WRONLY|O_CREAT|O_EXCL, mode)) < 0) {
- if(errno == EEXIST) {
- /* Maybe somebody got here already, maybe it's just old */
- if(stat(new, &s) < 0) return(NULL);
- if(time(0) - s.st_ctime > WAIT_TIME) {
- /* File is stale, kill it */
- unlink(new);
- continue;
- } else {
- /* Wait and try again */
- sleep(1);
- continue;
- }
- } else {
- /* Some other error, we lose */
- return(NULL);
- }
- }
-
- /* If we got to here, the lock file is ours and ok */
- /* Reopen it under stdio */
- if((nf = fdopen(nfd, "w")) == NULL) {
- /* Oops, clean up */
- unlink(new);
- }
- return(nf);
- }
-}
-
-/* Commit changes to acl_file written onto FILE *f */
-/* Returns zero if successful */
-/* Returns > 0 if lock was broken */
-/* Returns < 0 if some other error occurs */
-/* Closes f */
-static int
-acl_commit(acl_file, f)
-char *acl_file;
-FILE *f;
-{
- char new[LINESIZE];
- int ret;
- struct stat s;
-
- sprintf(new, NEW_FILE, acl_file);
- if(fflush(f) < 0
- || fstat(fileno(f), &s) < 0
- || s.st_nlink == 0) {
- acl_abort(acl_file, f);
- return(-1);
- }
-
- ret = rename(new, acl_file);
- fclose(f);
- return(ret);
-}
-
-/*
- * Abort changes to acl_file written onto FILE *f
- * Returns 0 if successful, < 0 otherwise
- * Closes f
- */
-static int
-acl_abort(acl_file, f)
-char *acl_file;
-FILE *f;
-{
- char new[LINESIZE];
- int ret;
- struct stat s;
-
- /* make sure we aren't nuking someone else's file */
- if(fstat(fileno(f), &s) < 0 || s.st_nlink == 0) {
- fclose(f);
- return(-1);
- } else {
- sprintf(new, NEW_FILE, acl_file);
- ret = unlink(new);
- fclose(f);
- return(ret);
- }
-}
-
-/* Initialize an acl_file */
-/* Creates the file with permissions perm if it does not exist */
-/* Erases it if it does */
-/* Returns return value of acl_commit */
-int
-acl_initialize(acl_file, perm)
-char *acl_file;
-int perm;
-{
- FILE *new;
- int fd;
-
- /* Check if the file exists already */
- if((new = acl_lock_file(acl_file)) != NULL) {
- return(acl_commit(acl_file, new));
- } else {
- /* File must be readable and writable by owner */
- if((fd = open(acl_file, O_CREAT|O_EXCL, perm|0600)) < 0) {
- return(-1);
- } else {
- close(fd);
- return(0);
- }
- }
-}
-
-/* Eliminate all whitespace character in buf */
-/* Modifies its argument */
-static void
-nuke_whitespace(buf)
-char *buf;
-{
- register char *pin, *pout;
-
- for(pin = pout = buf; *pin != '\0'; pin++)
- if(!isspace(*pin)) *pout++ = *pin;
- *pout = '\0'; /* Terminate the string */
-}
-
-/* Hash table stuff */
-
-struct hashtbl {
- int size; /* Max number of entries */
- int entries; /* Actual number of entries */
- char **tbl; /* Pointer to start of table */
-};
-
-/* Make an empty hash table of size s */
-static struct hashtbl *
-make_hash(size)
-int size;
-{
- struct hashtbl *h;
-
- if(size < 1) size = 1;
- h = (struct hashtbl *) malloc(sizeof(struct hashtbl));
- h->size = size;
- h->entries = 0;
- h->tbl = (char **) calloc(size, sizeof(char *));
- return(h);
-}
-
-/* Destroy a hash table */
-static void
-destroy_hash(h)
-struct hashtbl *h;
-{
- int i;
-
- for(i = 0; i < h->size; i++) {
- if(h->tbl[i] != NULL) free(h->tbl[i]);
- }
- free(h->tbl);
- free(h);
-}
-
-/* Compute hash value for a string */
-static unsigned
-hashval(s)
-register char *s;
-{
- register unsigned hv;
-
- for(hv = 0; *s != '\0'; s++) {
- hv ^= ((hv << 3) ^ *s);
- }
- return(hv);
-}
-
-/* Add an element to a hash table */
-static void
-add_hash(h, el)
-struct hashtbl *h;
-char *el;
-{
- unsigned hv;
- char *s;
- char **old;
- int i;
-
- /* Make space if it isn't there already */
- if(h->entries + 1 > (h->size >> 1)) {
- old = h->tbl;
- h->tbl = (char **) calloc(h->size << 1, sizeof(char *));
- for(i = 0; i < h->size; i++) {
- if(old[i] != NULL) {
- hv = hashval(old[i]) % (h->size << 1);
- while(h->tbl[hv] != NULL) hv = (hv+1) % (h->size << 1);
- h->tbl[hv] = old[i];
- }
- }
- h->size = h->size << 1;
- free(old);
- }
-
- hv = hashval(el) % h->size;
- while(h->tbl[hv] != NULL && strcmp(h->tbl[hv], el)) hv = (hv+1) % h->size;
- s = malloc(strlen(el)+1);
- strcpy(s, el);
- h->tbl[hv] = s;
- h->entries++;
-}
-
-/* Returns nonzero if el is in h */
-static int
-check_hash(h, el)
-struct hashtbl *h;
-char *el;
-{
- unsigned hv;
-
- for(hv = hashval(el) % h->size;
- h->tbl[hv] != NULL;
- hv = (hv + 1) % h->size) {
- if(!strcmp(h->tbl[hv], el)) return(1);
- }
- return(0);
-}
-
-struct acl {
- char filename[LINESIZE]; /* Name of acl file */
- int fd; /* File descriptor for acl file */
- struct stat status; /* File status at last read */
- struct hashtbl *acl; /* Acl entries */
-};
-
-static struct acl acl_cache[CACHED_ACLS];
-
-static int acl_cache_count = 0;
-static int acl_cache_next = 0;
-
-/* Returns < 0 if unsuccessful in loading acl */
-/* Returns index into acl_cache otherwise */
-/* Note that if acl is already loaded, this is just a lookup */
-static int
-acl_load(name)
-char *name;
-{
- int i;
- FILE *f;
- struct stat s;
- char buf[MAX_PRINCIPAL_SIZE];
- char canon[MAX_PRINCIPAL_SIZE];
-
- /* See if it's there already */
- for(i = 0; i < acl_cache_count; i++) {
- if(!strcmp(acl_cache[i].filename, name)
- && acl_cache[i].fd >= 0) goto got_it;
- }
-
- /* It isn't, load it in */
- /* maybe there's still room */
- if(acl_cache_count < CACHED_ACLS) {
- i = acl_cache_count++;
- } else {
- /* No room, clean one out */
- i = acl_cache_next;
- acl_cache_next = (acl_cache_next + 1) % CACHED_ACLS;
- close(acl_cache[i].fd);
- if(acl_cache[i].acl) {
- destroy_hash(acl_cache[i].acl);
- acl_cache[i].acl = (struct hashtbl *) 0;
- }
- }
-
- /* Set up the acl */
- strcpy(acl_cache[i].filename, name);
- if((acl_cache[i].fd = open(name, O_RDONLY, 0)) < 0) return(-1);
- /* Force reload */
- acl_cache[i].acl = (struct hashtbl *) 0;
-
- got_it:
- /*
- * See if the stat matches
- *
- * Use stat(), not fstat(), as the file may have been re-created by
- * acl_add or acl_delete. If this happens, the old inode will have
- * no changes in the mod-time and the following test will fail.
- */
- if(stat(acl_cache[i].filename, &s) < 0) return(-1);
- if(acl_cache[i].acl == (struct hashtbl *) 0
- || s.st_nlink != acl_cache[i].status.st_nlink
- || s.st_mtime != acl_cache[i].status.st_mtime
- || s.st_ctime != acl_cache[i].status.st_ctime) {
- /* Gotta reload */
- if(acl_cache[i].fd >= 0) close(acl_cache[i].fd);
- if((acl_cache[i].fd = open(name, O_RDONLY, 0)) < 0) return(-1);
- if((f = fdopen(acl_cache[i].fd, "r")) == NULL) return(-1);
- if(acl_cache[i].acl) destroy_hash(acl_cache[i].acl);
- acl_cache[i].acl = make_hash(ACL_LEN);
- while(fgets(buf, sizeof(buf), f) != NULL) {
- nuke_whitespace(buf);
- acl_canonicalize_principal(buf, canon);
- add_hash(acl_cache[i].acl, canon);
- }
- fclose(f);
- acl_cache[i].status = s;
- }
- return(i);
-}
-
-/* Returns nonzero if it can be determined that acl contains principal */
-/* Principal is not canonicalized, and no wildcarding is done */
-int
-acl_exact_match(acl, principal)
-char *acl;
-char *principal;
-{
- int idx;
-
- return((idx = acl_load(acl)) >= 0
- && check_hash(acl_cache[idx].acl, principal));
-}
-
-/* Returns nonzero if it can be determined that acl contains principal */
-/* Recognizes wildcards in acl of the form
- name.*@realm, *.*@realm, and *.*@* */
-int
-acl_check(acl, principal)
-char *acl;
-char *principal;
-{
- char buf[MAX_PRINCIPAL_SIZE];
- char canon[MAX_PRINCIPAL_SIZE];
- char *realm;
-
- acl_canonicalize_principal(principal, canon);
-
- /* Is it there? */
- if(acl_exact_match(acl, canon)) return(1);
-
- /* Try the wildcards */
- realm = index(canon, REALM_SEP);
- *index(canon, INST_SEP) = '\0'; /* Chuck the instance */
-
- sprintf(buf, "%s.*%s", canon, realm);
- if(acl_exact_match(acl, buf)) return(1);
-
- sprintf(buf, "*.*%s", realm);
- if(acl_exact_match(acl, buf) || acl_exact_match(acl, "*.*@*")) return(1);
-
- return(0);
-}
-
-/* Adds principal to acl */
-/* Wildcards are interpreted literally */
-int
-acl_add(acl, principal)
-char *acl;
-char *principal;
-{
- int idx;
- int i;
- FILE *new;
- char canon[MAX_PRINCIPAL_SIZE];
-
- acl_canonicalize_principal(principal, canon);
-
- if((new = acl_lock_file(acl)) == NULL) return(-1);
- if((acl_exact_match(acl, canon))
- || (idx = acl_load(acl)) < 0) {
- acl_abort(acl, new);
- return(-1);
- }
- /* It isn't there yet, copy the file and put it in */
- for(i = 0; i < acl_cache[idx].acl->size; i++) {
- if(acl_cache[idx].acl->tbl[i] != NULL) {
- if(fputs(acl_cache[idx].acl->tbl[i], new) == NULL
- || putc('\n', new) != '\n') {
- acl_abort(acl, new);
- return(-1);
- }
- }
- }
- fputs(canon, new);
- putc('\n', new);
- return(acl_commit(acl, new));
-}
-
-/* Removes principal from acl */
-/* Wildcards are interpreted literally */
-int
-acl_delete(acl, principal)
-char *acl;
-char *principal;
-{
- int idx;
- int i;
- FILE *new;
- char canon[MAX_PRINCIPAL_SIZE];
-
- acl_canonicalize_principal(principal, canon);
-
- if((new = acl_lock_file(acl)) == NULL) return(-1);
- if((!acl_exact_match(acl, canon))
- || (idx = acl_load(acl)) < 0) {
- acl_abort(acl, new);
- return(-1);
- }
- /* It isn't there yet, copy the file and put it in */
- for(i = 0; i < acl_cache[idx].acl->size; i++) {
- if(acl_cache[idx].acl->tbl[i] != NULL
- && strcmp(acl_cache[idx].acl->tbl[i], canon)) {
- fputs(acl_cache[idx].acl->tbl[i], new);
- putc('\n', new);
- }
- }
- return(acl_commit(acl, new));
-}
-
diff --git a/eBones/lib/libacl/acl_files.doc b/eBones/lib/libacl/acl_files.doc
deleted file mode 100644
index 4096f9b..0000000
--- a/eBones/lib/libacl/acl_files.doc
+++ /dev/null
@@ -1,107 +0,0 @@
-PROTOTYPE ACL LIBRARY
-
-Introduction
-
-An access control list (ACL) is a list of principals, where each
-principal is is represented by a text string which cannot contain
-whitespace. The library allows application programs to refer to named
-access control lists to test membership and to atomically add and
-delete principals using a natural and intuitive interface. At
-present, the names of access control lists are required to be Unix
-filenames, and refer to human-readable Unix files; in the future, when
-a networked ACL server is implemented, the names may refer to a
-different namespace specific to the ACL service.
-
-
-Usage
-
-cc <files> -lacl -lkrb.
-
-
-
-Principal Names
-
-Principal names have the form
-
-<name>[.<instance>][@<realm>]
-
-e.g.
-
-asp
-asp.root
-asp@ATHENA.MIT.EDU
-asp.@ATHENA.MIT.EDU
-asp.root@ATHENA.MIT.EDU
-
-It is possible for principals to be underspecified. If instance is
-missing, it is assumed to be "". If realm is missing, it is assumed
-to be local_realm. The canonical form contains all of name, instance,
-and realm; the acl_add and acl_delete routines will always
-leave the file in that form. Note that the canonical form of
-asp@ATHENA.MIT.EDU is actually asp.@ATHENA.MIT.EDU.
-
-
-Routines
-
-acl_canonicalize_principal(principal, buf)
-char *principal;
-char *buf; /*RETVAL*/
-
-Store the canonical form of principal in buf. Buf must contain enough
-space to store a principal, given the limits on the sizes of name,
-instance, and realm specified in /usr/include/krb.h.
-
-acl_check(acl, principal)
-char *acl;
-char *principal;
-
-Returns nonzero if principal appears in acl. Returns 0 if principal
-does not appear in acl, or if an error occurs. Canonicalizes
-principal before checking, and allows the ACL to contain wildcards.
-
-acl_exact_match(acl, principal)
-char *acl;
-char *principal;
-
-Like acl_check, but does no canonicalization or wildcarding.
-
-acl_add(acl, principal)
-char *acl;
-char *principal;
-
-Atomically adds principal to acl. Returns 0 if successful, nonzero
-otherwise. It is considered a failure if principal is already in acl.
-This routine will canonicalize principal, but will treat wildcards
-literally.
-
-acl_delete(acl, principal)
-char *acl;
-char *principal;
-
-Atomically deletes principal from acl. Returns 0 if successful,
-nonzero otherwise. It is consider a failure if principal is not
-already in acl. This routine will canonicalize principal, but will
-treat wildcards literally.
-
-acl_initialize(acl, mode)
-char *acl;
-int mode;
-
-Initialize acl. If acl file does not exist, creates it with mode
-mode. If acl exists, removes all members. Returns 0 if successful,
-nonzero otherwise. WARNING: Mode argument is likely to change with
-the eventual introduction of an ACL service.
-
-
-Known problems
-
-In the presence of concurrency, there is a very small chance that
-acl_add or acl_delete could report success even though it would have
-had no effect. This is a necessary side effect of using lock files
-for concurrency control rather than flock(2), which is not supported
-by NFS.
-
-The current implementation caches ACLs in memory in a hash-table
-format for increased efficiency in checking membership; one effect of
-the caching scheme is that one file descriptor will be kept open for
-each ACL cached, up to a maximum of 8.
diff --git a/eBones/lib/libkadm/EXPORTABLE b/eBones/lib/libkadm/EXPORTABLE
deleted file mode 100644
index e478483..0000000
--- a/eBones/lib/libkadm/EXPORTABLE
+++ /dev/null
@@ -1,4 +0,0 @@
-The files in this directory are believed to be exportable.
-
--GAWollman
-
diff --git a/eBones/lib/libkadm/Makefile b/eBones/lib/libkadm/Makefile
deleted file mode 100644
index 63db354..0000000
--- a/eBones/lib/libkadm/Makefile
+++ /dev/null
@@ -1,18 +0,0 @@
-# From: @(#)Makefile 5.1 (Berkeley) 6/25/90
-# $Id$
-
-LIB= kadm
-
-SRCS= kadm_err.c kadm_stream.c kadm_supp.c kadm_cli_wrap.c
-CFLAGS+= -I. -I${.CURDIR} -I${KRBOBJDIR} -DPOSIX -DKERBEROS
-
-beforeinstall: kadm_err.c
- ${INSTALL} -C -o ${BINOWN} -g ${BINGRP} -m 444 ${.CURDIR}/kadm.h \
- ${DESTDIR}/usr/include/kerberosIV
- ${INSTALL} -C -o ${BINOWN} -g ${BINGRP} -m 444 kadm_err.h \
- ${DESTDIR}/usr/include/kerberosIV
-
-.include <bsd.lib.mk>
-
-kadm_err.c: ${KADMOBJDIR}/kadm_err.h
-kadm_cli_wrap.o: ${KRBOBJDIR}/krb_err.h
diff --git a/eBones/lib/libkadm/kadm.h b/eBones/lib/libkadm/kadm.h
deleted file mode 100644
index 21a23bb..0000000
--- a/eBones/lib/libkadm/kadm.h
+++ /dev/null
@@ -1,164 +0,0 @@
-/*
- * $Source: /usr/cvs/src/eBones/libkadm/kadm.h,v $
- * $Author: mark $
- * Header: /afs/athena.mit.edu/astaff/project/kerberos/src/include/RCS/kadm.h,v 4.2 89/09/26 09:15:20 jtkohl Exp
- *
- * Copyright 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * Copyright.MIT.
- *
- * Definitions for Kerberos administration server & client
- */
-
-#ifndef KADM_DEFS
-#define KADM_DEFS
-
-/*
- * kadm.h
- * Header file for the fourth attempt at an admin server
- * Doug Church, December 28, 1989, MIT Project Athena
- */
-
-/* for those broken Unixes without this defined... should be in sys/param.h */
-#ifndef MAXHOSTNAMELEN
-#define MAXHOSTNAMELEN 64
-#endif
-
-#include <stdlib.h>
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <krb.h>
-#include <krb_db.h>
-#include <des.h>
-
-/* The global structures for the client and server */
-typedef struct {
- struct sockaddr_in admin_addr;
- struct sockaddr_in my_addr;
- int my_addr_len;
- int admin_fd; /* file descriptor for link to admin server */
- char sname[ANAME_SZ]; /* the service name */
- char sinst[INST_SZ]; /* the services instance */
- char krbrlm[REALM_SZ];
-} Kadm_Client;
-
-typedef struct { /* status of the server, i.e the parameters */
- int inter; /* Space for command line flags */
- char *sysfile; /* filename of server */
-} admin_params; /* Well... it's the admin's parameters */
-
-/* Largest password length to be supported */
-#define MAX_KPW_LEN 128
-
-/* Largest packet the admin server will ever allow itself to return */
-#define KADM_RET_MAX 2048
-
-/* That's right, versions are 8 byte strings */
-#define KADM_VERSTR "KADM0.0A"
-#define KADM_ULOSE "KYOULOSE" /* sent back when server can't
- decrypt client's msg */
-#define KADM_VERSIZE strlen(KADM_VERSTR)
-
-/* the lookups for the server instances */
-#define PWSERV_NAME "changepw"
-#define KADM_SNAME "kerberos_master"
-#define KADM_SINST "kerberos"
-
-/* Attributes fields constants and macros */
-#define ALLOC 2
-#define RESERVED 3
-#define DEALLOC 4
-#define DEACTIVATED 5
-#define ACTIVE 6
-
-/* Kadm_vals structure for passing db fields into the server routines */
-#define FLDSZ 4
-
-typedef struct {
- u_char fields[FLDSZ]; /* The active fields in this struct */
- char name[ANAME_SZ];
- char instance[INST_SZ];
- unsigned long key_low;
- unsigned long key_high;
- unsigned long exp_date;
- unsigned short attributes;
- unsigned char max_life;
-} Kadm_vals; /* The basic values structure in Kadm */
-
-/* Kadm_vals structure for passing db fields into the server routines */
-#define FLDSZ 4
-
-/* Need to define fields types here */
-#define KADM_NAME 31
-#define KADM_INST 30
-#define KADM_EXPDATE 29
-#define KADM_ATTR 28
-#define KADM_MAXLIFE 27
-#define KADM_DESKEY 26
-
-/* To set a field entry f in a fields structure d */
-#define SET_FIELD(f,d) (d[3-(f/8)]|=(1<<(f%8)))
-
-/* To set a field entry f in a fields structure d */
-#define CLEAR_FIELD(f,d) (d[3-(f/8)]&=(~(1<<(f%8))))
-
-/* Is field f in fields structure d */
-#define IS_FIELD(f,d) (d[3-(f/8)]&(1<<(f%8)))
-
-/* Various return codes */
-#define KADM_SUCCESS 0
-
-#define WILDCARD_STR "*"
-
-enum acl_types {
-ADDACL,
-GETACL,
-MODACL
-};
-
-/* Various opcodes for the admin server's functions */
-#define CHANGE_PW 2
-#define ADD_ENT 3
-#define MOD_ENT 4
-#define GET_ENT 5
-
-/* XXX This doesn't belong here!!! */
-#ifdef POSIX
-typedef void sigtype;
-#else
-typedef int sigtype;
-#endif
-
-int vals_to_stream(Kadm_vals *dt_in, u_char **dt_out);
-int stream_to_vals(u_char *dt_in, Kadm_vals *dt_out, int maxlen);
-
-int build_field_header(u_char *cont, u_char **st);
-int check_field_header(u_char *st, u_char *cont, int maxlen);
-
-int stv_string(u_char *st, char *dat, int loc, int stlen, int maxlen);
-int stv_short(u_char *st, u_short *dat, int loc, int maxlen);
-int stv_long(u_char *st, u_long *dat, int loc, int maxlen);
-int stv_char(u_char *st, u_char *dat, int loc, int maxlen);
-
-int vts_string(char *dat, u_char **st, int loc);
-int vts_short(u_short dat, u_char **st, int loc);
-int vts_long(u_long dat, u_char **st, int loc);
-int vts_char(u_char dat, u_char **st, int loc);
-
-int kadm_cli_conn(void);
-void kadm_cli_disconn(void);
-int kadm_cli_send(u_char *st_dat, int st_siz, u_char **ret_dat, int *ret_siz);
-int kadm_cli_out(u_char *dat, int dat_len, u_char **ret_dat, int *ret_siz);
-int kadm_cli_keyd(des_cblock s_k, des_key_schedule s_s);
-
-int kadm_get(Kadm_vals *vals, u_char fl[4]);
-int kadm_mod(Kadm_vals *vals1, Kadm_vals *vals2);
-int kadm_add(Kadm_vals *vals);
-int kadm_change_pw(des_cblock newkey);
-int kadm_init_link(char n[], char i[], char r[]);
-void prin_vals(Kadm_vals *vals);
-void kadm_vals_to_prin(u_char fields[FLDSZ], Principal *new, Kadm_vals *old);
-void kadm_prin_to_vals(u_char fields[FLDSZ], Kadm_vals *new, Principal *old);
-
-#endif KADM_DEFS
diff --git a/eBones/lib/libkadm/kadm_cli_wrap.c b/eBones/lib/libkadm/kadm_cli_wrap.c
deleted file mode 100644
index 9ca0bdf..0000000
--- a/eBones/lib/libkadm/kadm_cli_wrap.c
+++ /dev/null
@@ -1,514 +0,0 @@
-/*
- * Copyright 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * Copyright.MIT.
- *
- * Kerberos administration server client-side routines
- */
-
-#if 0
-#ifndef lint
-static char rcsid_kadm_cli_wrap_c[] =
-"from: Id: kadm_cli_wrap.c,v 4.6 89/12/30 20:09:45 qjb Exp";
-static const char rcsid[] =
- "$Id$";
-#endif lint
-#endif
-
-/*
- * kadm_cli_wrap.c the client side wrapping of the calls to the admin server
- */
-
-#include <unistd.h>
-#include <string.h>
-#include <sys/types.h>
-#include <errno.h>
-#include <signal.h>
-#include <netdb.h>
-#include <sys/socket.h>
-#include <kadm.h>
-#include <kadm_err.h>
-#include <krb_err.h>
-
-#ifndef NULL
-#define NULL 0
-#endif
-
-static Kadm_Client client_parm;
-
-/* Macros for use in returning data... used in kadm_cli_send */
-#define RET_N_FREE(r) {clear_secrets(); free((char *)act_st); free((char *)priv_pak); return r;}
-
-/* Keys for use in the transactions */
-static des_cblock sess_key; /* to be filled in by kadm_cli_keyd */
-static Key_schedule sess_sched;
-
-static void
-clear_secrets()
-{
- bzero((char *)sess_key, sizeof(sess_key));
- bzero((char *)sess_sched, sizeof(sess_sched));
-}
-
-/*
- * kadm_init_link
- * receives : name, inst, realm
- *
- * initializes client parm, the Kadm_Client structure which holds the
- * data about the connection between the server and client, the services
- * used, the locations and other fun things
- */
-int
-kadm_init_link(n, i, r)
-char n[];
-char i[];
-char r[];
-{
- struct servent *sep; /* service we will talk to */
- struct hostent *hop; /* host we will talk to */
- char adm_hostname[MAXHOSTNAMELEN];
-
- (void) init_kadm_err_tbl();
- (void) init_krb_err_tbl();
- (void) strcpy(client_parm.sname, n);
- (void) strcpy(client_parm.sinst, i);
- (void) strcpy(client_parm.krbrlm, r);
- client_parm.admin_fd = -1;
-
- /* set up the admin_addr - fetch name of admin host */
- if (krb_get_admhst(adm_hostname, client_parm.krbrlm, 1) != KSUCCESS)
- return KADM_NO_HOST;
- if ((hop = gethostbyname(adm_hostname)) == NULL)
- return KADM_UNK_HOST; /* couldnt find the admin servers
- * address */
- if ((sep = getservbyname(KADM_SNAME, "tcp")) == NULL)
- return KADM_NO_SERV; /* couldnt find the admin service */
- bzero((char *) &client_parm.admin_addr,
- sizeof(client_parm.admin_addr));
- client_parm.admin_addr.sin_family = hop->h_addrtype;
- bcopy((char *) hop->h_addr, (char *) &client_parm.admin_addr.sin_addr,
- hop->h_length);
- client_parm.admin_addr.sin_port = sep->s_port;
-
- return KADM_SUCCESS;
-} /* procedure kadm_init_link */
-
-/*
- * kadm_change_pw
- * recieves : key
- *
- * Replaces the password (i.e. des key) of the caller with that specified in
- * key. Returns no actual data from the master server, since this is called
- * by a user
- */
-int
-kadm_change_pw(newkey)
-des_cblock newkey; /* The DES form of the users key */
-{
- int stsize, retc; /* stream size and return code */
- u_char *send_st; /* send stream */
- u_char *ret_st;
- int ret_sz;
- u_long keytmp;
-
- if ((retc = kadm_cli_conn()) != KADM_SUCCESS)
- return(retc);
- /* possible problem with vts_long on a non-multiple of four boundary */
-
- stsize = 0; /* start of our output packet */
- send_st = (u_char *) malloc(1);/* to make it reallocable */
- send_st[stsize++] = (u_char) CHANGE_PW;
-
- /* change key to stream */
-
- bcopy((char *) (((long *) newkey) + 1), (char *) &keytmp, 4);
- keytmp = htonl(keytmp);
- stsize += vts_long(keytmp, &send_st, stsize);
-
- bcopy((char *) newkey, (char *) &keytmp, 4);
- keytmp = htonl(keytmp);
- stsize += vts_long(keytmp, &send_st, stsize);
-
- retc = kadm_cli_send(send_st, stsize, &ret_st, &ret_sz);
- free((char *)send_st);
- if (retc == KADM_SUCCESS) {
- free((char *)ret_st);
- }
- kadm_cli_disconn();
- return(retc);
-}
-
-/*
- * kadm_add
- * receives : vals
- * returns : vals
- *
- * Adds and entry containing values to the database returns the values of the
- * entry, so if you leave certain fields blank you will be able to determine
- * the default values they are set to
- */
-int
-kadm_add(vals)
-Kadm_vals *vals;
-{
- u_char *st, *st2; /* st will hold the stream of values */
- int st_len; /* st2 the final stream with opcode */
- int retc; /* return code from call */
- u_char *ret_st;
- int ret_sz;
-
- if ((retc = kadm_cli_conn()) != KADM_SUCCESS)
- return(retc);
- st_len = vals_to_stream(vals, &st);
- st2 = (u_char *) malloc((unsigned)(1 + st_len));
- *st2 = (u_char) ADD_ENT; /* here's the opcode */
- bcopy((char *) st, (char *) st2 + 1, st_len); /* append st on */
- retc = kadm_cli_send(st2, st_len + 1, &ret_st, &ret_sz);
- free((char *)st);
- free((char *)st2);
- if (retc == KADM_SUCCESS) {
- /* ret_st has vals */
- if (stream_to_vals(ret_st, vals, ret_sz) < 0)
- retc = KADM_LENGTH_ERROR;
- free((char *)ret_st);
- }
- kadm_cli_disconn();
- return(retc);
-}
-
-/*
- * kadm_mod
- * receives : KTEXT, {values, values}
- * returns : CKSUM, RETCODE, {values}
- * acl : su, sms (as register or dealloc)
- *
- * Modifies all entries corresponding to the first values so they match the
- * second values. returns the values for the changed entries in vals2
- */
-int
-kadm_mod(vals1, vals2)
-Kadm_vals *vals1;
-Kadm_vals *vals2;
-{
- u_char *st, *st2; /* st will hold the stream of values */
- int st_len, nlen; /* st2 the final stream with opcode */
- u_char *ret_st;
- int ret_sz;
-
- /* nlen is the length of second vals */
- int retc; /* return code from call */
-
- if ((retc = kadm_cli_conn()) != KADM_SUCCESS)
- return(retc);
-
- st_len = vals_to_stream(vals1, &st);
- st2 = (u_char *) malloc((unsigned)(1 + st_len));
- *st2 = (u_char) MOD_ENT; /* here's the opcode */
- bcopy((char *) st, (char *) st2 + 1, st_len++); /* append st on */
- free((char *)st);
- nlen = vals_to_stream(vals2, &st);
- st2 = (u_char *) realloc((char *) st2, (unsigned)(st_len + nlen));
- bcopy((char *) st, (char *) st2 + st_len, nlen); /* append st on */
- retc = kadm_cli_send(st2, st_len + nlen, &ret_st, &ret_sz);
- free((char *)st);
- free((char *)st2);
- if (retc == KADM_SUCCESS) {
- /* ret_st has vals */
- if (stream_to_vals(ret_st, vals2, ret_sz) < 0)
- retc = KADM_LENGTH_ERROR;
- free((char *)ret_st);
- }
- kadm_cli_disconn();
- return(retc);
-}
-
-/*
- * kadm_get
- * receives : KTEXT, {values, flags}
- * returns : CKSUM, RETCODE, {count, values, values, values}
- * acl : su
- *
- * gets the fields requested by flags from all entries matching values returns
- * this data for each matching recipient, after a count of how many such
- * matches there were
- */
-int
-kadm_get(vals, fl)
-Kadm_vals *vals;
-u_char fl[4];
-
-{
- int loop; /* for copying the fields data */
- u_char *st, *st2; /* st will hold the stream of values */
- int st_len; /* st2 the final stream with opcode */
- int retc; /* return code from call */
- u_char *ret_st;
- int ret_sz;
-
- if ((retc = kadm_cli_conn()) != KADM_SUCCESS)
- return(retc);
- st_len = vals_to_stream(vals, &st);
- st2 = (u_char *) malloc((unsigned)(1 + st_len + FLDSZ));
- *st2 = (u_char) GET_ENT; /* here's the opcode */
- bcopy((char *) st, (char *) st2 + 1, st_len); /* append st on */
- for (loop = FLDSZ - 1; loop >= 0; loop--)
- *(st2 + st_len + FLDSZ - loop) = fl[loop]; /* append the flags */
- retc = kadm_cli_send(st2, st_len + 1 + FLDSZ, &ret_st, &ret_sz);
- free((char *)st);
- free((char *)st2);
- if (retc == KADM_SUCCESS) {
- /* ret_st has vals */
- if (stream_to_vals(ret_st, vals, ret_sz) < 0)
- retc = KADM_LENGTH_ERROR;
- free((char *)ret_st);
- }
- kadm_cli_disconn();
- return(retc);
-}
-
-/*
- * kadm_cli_send
- * recieves : opcode, packet, packet length, serv_name, serv_inst
- * returns : return code from the packet build, the server, or
- * something else
- *
- * It assembles a packet as follows:
- * 8 bytes : VERSION STRING
- * 4 bytes : LENGTH OF MESSAGE DATA and OPCODE
- * : KTEXT
- * : OPCODE \
- * : DATA > Encrypted (with make priv)
- * : ...... /
- *
- * If it builds the packet and it is small enough, then it attempts to open the
- * connection to the admin server. If the connection is succesfully open
- * then it sends the data and waits for a reply.
- */
-int
-kadm_cli_send(st_dat, st_siz, ret_dat, ret_siz)
-u_char *st_dat; /* the actual data */
-int st_siz; /* length of said data */
-u_char **ret_dat; /* to give return info */
-int *ret_siz; /* length of returned info */
-{
- int act_len, retdat; /* current offset into packet, return
- * data */
- KTEXT_ST authent; /* the authenticator we will build */
- u_char *act_st; /* the pointer to the complete packet */
- u_char *priv_pak; /* private version of the packet */
- int priv_len; /* length of private packet */
- u_long cksum; /* checksum of the packet */
- MSG_DAT mdat;
- u_char *return_dat;
-
- act_st = (u_char *) malloc(KADM_VERSIZE); /* verstr stored first */
- (void) strncpy((char *)act_st, KADM_VERSTR, KADM_VERSIZE);
- act_len = KADM_VERSIZE;
-
- if ((retdat = kadm_cli_keyd(sess_key, sess_sched)) != KADM_SUCCESS) {
- free((char *)act_st);
- return retdat; /* couldnt get key working */
- }
- priv_pak = (u_char *) malloc((unsigned)(st_siz + 200));
- /* 200 bytes for extra info case */
- if ((priv_len = krb_mk_priv(st_dat, priv_pak, (u_long)st_siz,
- sess_sched, sess_key, &client_parm.my_addr,
- &client_parm.admin_addr)) < 0)
- RET_N_FREE(KADM_NO_ENCRYPT); /* whoops... we got a lose
- * here */
- /* here is the length of priv data. receiver calcs
- size of authenticator by subtracting vno size, priv size, and
- sizeof(u_long) (for the size indication) from total size */
-
- act_len += vts_long((u_long) priv_len, &act_st, act_len);
-#ifdef NOENCRYPTION
- cksum = 0;
-#else
- cksum = quad_cksum((des_cblock *)priv_pak, (des_cblock *)0,
- (long)priv_len, 0, (des_cblock *)sess_key);
-#endif
- if ((retdat = krb_mk_req(&authent, client_parm.sname, client_parm.sinst,
- client_parm.krbrlm, (long)cksum))) {
- /* authenticator? */
- RET_N_FREE(retdat + krb_err_base);
- }
-
- act_st = (u_char *) realloc((char *) act_st,
- (unsigned) (act_len + authent.length
- + priv_len));
- if (!act_st) {
- clear_secrets();
- free((char *)priv_pak);
- return(KADM_NOMEM);
- }
- bcopy((char *) authent.dat, (char *) act_st + act_len, authent.length);
- bcopy((char *) priv_pak, (char *) act_st + act_len + authent.length,
- priv_len);
- free((char *)priv_pak);
- if ((retdat = kadm_cli_out(act_st,
- act_len + authent.length + priv_len,
- ret_dat, ret_siz)) != KADM_SUCCESS)
- RET_N_FREE(retdat);
- free((char *)act_st);
-#define RET_N_FREE2(r) {free((char *)*ret_dat); clear_secrets(); return(r);}
-
- /* first see if it's a YOULOUSE */
- if ((*ret_siz >= KADM_VERSIZE) &&
- !strncmp(KADM_ULOSE, (char *)*ret_dat, KADM_VERSIZE)) {
- u_long errcode;
- /* it's a youlose packet */
- if (*ret_siz < KADM_VERSIZE + sizeof(u_long))
- RET_N_FREE2(KADM_BAD_VER);
- bcopy((char *)(*ret_dat) + KADM_VERSIZE, (char *)&errcode,
- sizeof(u_long));
- retdat = (int) ntohl(errcode);
- RET_N_FREE2(retdat);
- }
- /* need to decode the ret_dat */
- if ((retdat = krb_rd_priv(*ret_dat, (u_long)*ret_siz, sess_sched,
- sess_key, &client_parm.admin_addr,
- &client_parm.my_addr, &mdat)))
- RET_N_FREE2(retdat+krb_err_base);
- if (mdat.app_length < KADM_VERSIZE + 4)
- /* too short! */
- RET_N_FREE2(KADM_BAD_VER);
- if (strncmp((char *)mdat.app_data, KADM_VERSTR, KADM_VERSIZE))
- /* bad version */
- RET_N_FREE2(KADM_BAD_VER);
- bcopy((char *)mdat.app_data+KADM_VERSIZE,
- (char *)&retdat, sizeof(u_long));
- retdat = ntohl((u_long)retdat);
- if (!(return_dat = (u_char *)malloc((unsigned)(mdat.app_length -
- KADM_VERSIZE - sizeof(u_long)))))
- RET_N_FREE2(KADM_NOMEM);
- bcopy((char *) mdat.app_data + KADM_VERSIZE + sizeof(u_long),
- (char *)return_dat,
- (int)mdat.app_length - KADM_VERSIZE - sizeof(u_long));
- free((char *)*ret_dat);
- clear_secrets();
- *ret_dat = return_dat;
- *ret_siz = mdat.app_length - KADM_VERSIZE - sizeof(u_long);
- return retdat;
-}
-
-/* takes in the sess_key and key_schedule and sets them appropriately */
-int
-kadm_cli_keyd(s_k, s_s)
-des_cblock s_k; /* session key */
-des_key_schedule s_s; /* session key schedule */
-{
- CREDENTIALS cred; /* to get key data */
- int stat;
-
- /* want .sname and .sinst here.... */
- if ((stat = krb_get_cred(client_parm.sname, client_parm.sinst,
- client_parm.krbrlm, &cred)))
- return stat + krb_err_base;
- bcopy((char *) cred.session, (char *) s_k, sizeof(des_cblock));
- bzero((char *) cred.session, sizeof(des_cblock));
-#ifdef NOENCRYPTION
- bzero(s_s, sizeof(des_key_schedule));
-#else
- if ((stat = key_sched((des_cblock *)s_k,s_s)))
- return(stat+krb_err_base);
-#endif
- return KADM_SUCCESS;
-} /* This code "works" */
-
-static sigtype (*opipe)();
-
-int
-kadm_cli_conn()
-{ /* this connects and sets my_addr */
- int on = 1;
- int kerror;
-
- if ((client_parm.admin_fd =
- socket(client_parm.admin_addr.sin_family, SOCK_STREAM,0)) < 0)
- return KADM_NO_SOCK; /* couldnt create the socket */
- client_parm.my_addr_len = sizeof(client_parm.my_addr);
- if ((kerror = krb_get_local_addr(&client_parm.my_addr)) != KSUCCESS) {
- (void) close(client_parm.admin_fd);
- client_parm.admin_fd = -1;
- return KADM_NO_HERE;
- }
- if (bind(client_parm.admin_fd,
- (struct sockaddr *) & client_parm.my_addr,
- sizeof(client_parm.my_addr))) {
- (void) close(client_parm.admin_fd);
- client_parm.admin_fd = -1;
- return KADM_NO_HERE;
- }
- if (connect(client_parm.admin_fd,
- (struct sockaddr *) & client_parm.admin_addr,
- sizeof(client_parm.admin_addr))) {
- (void) close(client_parm.admin_fd);
- client_parm.admin_fd = -1;
- return KADM_NO_CONN; /* couldnt get the connect */
- }
- opipe = signal(SIGPIPE, SIG_IGN);
- if (setsockopt(client_parm.admin_fd, SOL_SOCKET, SO_KEEPALIVE, &on,
- sizeof(on)) < 0) {
- (void) close(client_parm.admin_fd);
- client_parm.admin_fd = -1;
- (void) signal(SIGPIPE, opipe);
- return KADM_NO_CONN; /* XXX */
- }
- return KADM_SUCCESS;
-}
-
-void
-kadm_cli_disconn()
-{
- (void) close(client_parm.admin_fd);
- (void) signal(SIGPIPE, opipe);
-}
-
-int
-kadm_cli_out(dat, dat_len, ret_dat, ret_siz)
-u_char *dat;
-int dat_len;
-u_char **ret_dat;
-int *ret_siz;
-{
- extern int errno;
- u_short dlen;
- int retval;
-
- dlen = (u_short) dat_len;
-
- if (dat_len != (int)dlen)
- return (KADM_NO_ROOM);
-
- dlen = htons(dlen);
- if (krb_net_write(client_parm.admin_fd, (char *) &dlen,
- sizeof(u_short)) < 0)
- return (errno); /* XXX */
-
- if (krb_net_write(client_parm.admin_fd, (char *) dat, dat_len) < 0)
- return (errno); /* XXX */
-
- if ((retval = krb_net_read(client_parm.admin_fd, (char *) &dlen,
- sizeof(u_short)) != sizeof(u_short))) {
- if (retval < 0)
- return(errno); /* XXX */
- else
- return(EPIPE); /* short read ! */
- }
-
- dlen = ntohs(dlen);
- *ret_dat = (u_char *)malloc((unsigned)dlen);
- if (!*ret_dat)
- return(KADM_NOMEM);
-
- if ((retval = krb_net_read(client_parm.admin_fd, (char *) *ret_dat,
- (int) dlen) != dlen)) {
- if (retval < 0)
- return(errno); /* XXX */
- else
- return(EPIPE); /* short read ! */
- }
- *ret_siz = (int) dlen;
- return KADM_SUCCESS;
-}
diff --git a/eBones/lib/libkadm/kadm_err.et b/eBones/lib/libkadm/kadm_err.et
deleted file mode 100644
index e45a9c2..0000000
--- a/eBones/lib/libkadm/kadm_err.et
+++ /dev/null
@@ -1,53 +0,0 @@
-# $Source: /usr/cvs/src/eBones/libkadm/kadm_err.et,v $
-# $Author: mark $
-# $Header: /usr/cvs/src/eBones/libkadm/kadm_err.et,v 1.1 1995/07/18 16:40:25 mark Exp $
-# Copyright 1988 by the Massachusetts Institute of Technology.
-#
-# For copying and distribution information, please see the file
-# <mit-copyright.h>.
-#
-# Kerberos administration server error table
-#
- et kadm
-
-# KADM_SUCCESS, as all success codes should be, is zero
-
-ec KADM_RCSID, "$Header: /usr/cvs/src/eBones/libkadm/kadm_err.et,v 1.1 1995/07/18 16:40:25 mark Exp $"
-# /* Building and unbuilding the packet errors */
-ec KADM_NO_REALM, "Cannot fetch local realm"
-ec KADM_NO_CRED, "Unable to fetch credentials"
-ec KADM_BAD_KEY, "Bad key supplied"
-ec KADM_NO_ENCRYPT, "Can't encrypt data"
-ec KADM_NO_AUTH, "Cannot encode/decode authentication info"
-ec KADM_WRONG_REALM, "Principal attemping change is in wrong realm"
-ec KADM_NO_ROOM, "Packet is too large"
-ec KADM_BAD_VER, "Version number is incorrect"
-ec KADM_BAD_CHK, "Checksum does not match"
-ec KADM_NO_READ, "Unsealing private data failed"
-ec KADM_NO_OPCODE, "Unsupported operation"
-ec KADM_NO_HOST, "Could not find administrating host"
-ec KADM_UNK_HOST, "Administrating host name is unknown"
-ec KADM_NO_SERV, "Could not find service name in services database"
-ec KADM_NO_SOCK, "Could not create socket"
-ec KADM_NO_CONN, "Could not connect to server"
-ec KADM_NO_HERE, "Could not fetch local socket address"
-ec KADM_NO_MAST, "Could not fetch master key"
-ec KADM_NO_VERI, "Could not verify master key"
-
-# /* From the server side routines */
-ec KADM_INUSE, "Entry already exists in database"
-ec KADM_UK_SERROR, "Database store error"
-ec KADM_UK_RERROR, "Database read error"
-ec KADM_UNAUTH, "Insufficient access to perform requested operation"
-# KADM_DATA isn't really an error, but...
-ec KADM_DATA, "Data is available for return to client"
-ec KADM_NOENTRY, "No such entry in the database"
-
-ec KADM_NOMEM, "Memory exhausted"
-ec KADM_NO_HOSTNAME, "Could not fetch system hostname"
-ec KADM_NO_BIND, "Could not bind port"
-ec KADM_LENGTH_ERROR, "Length mismatch problem"
-ec KADM_ILL_WILDCARD, "Illegal use of wildcard"
-
-ec KADM_DB_INUSE, "Database is locked or in use--try again later"
-end
diff --git a/eBones/lib/libkadm/kadm_stream.c b/eBones/lib/libkadm/kadm_stream.c
deleted file mode 100644
index 8bec7d7..0000000
--- a/eBones/lib/libkadm/kadm_stream.c
+++ /dev/null
@@ -1,286 +0,0 @@
-/*
- * Copyright 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * Copyright.MIT.
- *
- * Stream conversion functions for Kerberos administration server
- */
-
-#if 0
-#ifndef lint
-static char rcsid_kadm_stream_c[] =
-"Header: /afs/athena.mit.edu/astaff/project/kerberos/src/lib/kadm/RCS/kadm_stream.c,v 4.2 89/09/26 09:20:48 jtkohl Exp ";
-static const char rcsid[] =
- "$Id$";
-#endif lint
-#endif
-
-/*
- kadm_stream.c
- this holds the stream support routines for the kerberos administration server
-
- vals_to_stream: converts a vals struct to a stream for transmission
- internals build_field_header, vts_[string, char, long, short]
- stream_to_vals: converts a stream to a vals struct
- internals check_field_header, stv_[string, char, long, short]
- error: prints out a kadm error message, returns
- fatal: prints out a kadm fatal error message, exits
-*/
-
-#include <string.h>
-#include <kadm.h>
-
-#define min(a,b) (((a) < (b)) ? (a) : (b))
-
-/*
-vals_to_stream
- recieves : kadm_vals *, u_char *
- returns : a realloced and filled in u_char *
-
-this function creates a byte-stream representation of the kadm_vals structure
-*/
-
-int
-vals_to_stream(dt_in, dt_out)
-Kadm_vals *dt_in;
-u_char **dt_out;
-{
- int vsloop, stsize; /* loop counter, stream size */
-
- stsize = build_field_header(dt_in->fields, dt_out);
- for (vsloop=31; vsloop>=0; vsloop--)
- if (IS_FIELD(vsloop,dt_in->fields)) {
- switch (vsloop) {
- case KADM_NAME:
- stsize+=vts_string(dt_in->name, dt_out, stsize);
- break;
- case KADM_INST:
- stsize+=vts_string(dt_in->instance, dt_out, stsize);
- break;
- case KADM_EXPDATE:
- stsize+=vts_long(dt_in->exp_date, dt_out, stsize);
- break;
- case KADM_ATTR:
- stsize+=vts_short(dt_in->attributes, dt_out, stsize);
- break;
- case KADM_MAXLIFE:
- stsize+=vts_char(dt_in->max_life, dt_out, stsize);
- break;
- case KADM_DESKEY:
- stsize+=vts_long(dt_in->key_high, dt_out, stsize);
- stsize+=vts_long(dt_in->key_low, dt_out, stsize);
- break;
- default:
- break;
- }
-}
- return(stsize);
-}
-
-int
-build_field_header(cont, st)
-u_char *cont; /* container for fields data */
-u_char **st; /* stream */
-{
- *st = (u_char *) malloc (4);
- bcopy((char *) cont, (char *) *st, 4);
- return 4; /* return pointer to current stream location */
-}
-
-int
-vts_string(dat, st, loc)
-char *dat; /* a string to put on the stream */
-u_char **st; /* base pointer to the stream */
-int loc; /* offset into the stream for current data */
-{
- *st = (u_char *) realloc ((char *)*st, (unsigned) (loc + strlen(dat) + 1));
- bcopy(dat, (char *)(*st + loc), strlen(dat)+1);
- return strlen(dat)+1;
-}
-
-int
-vts_short(dat, st, loc)
-u_short dat; /* the attributes field */
-u_char **st; /* a base pointer to the stream */
-int loc; /* offset into the stream for current data */
-{
- u_short temp; /* to hold the net order short */
-
- temp = htons(dat); /* convert to network order */
- *st = (u_char *) realloc ((char *)*st, (unsigned)(loc + sizeof(u_short)));
- bcopy((char *) &temp, (char *)(*st + loc), sizeof(u_short));
- return sizeof(u_short);
-}
-
-int
-vts_long(dat, st, loc)
-u_long dat; /* the attributes field */
-u_char **st; /* a base pointer to the stream */
-int loc; /* offset into the stream for current data */
-{
- u_long temp; /* to hold the net order short */
-
- temp = htonl(dat); /* convert to network order */
- *st = (u_char *) realloc ((char *)*st, (unsigned)(loc + sizeof(u_long)));
- bcopy((char *) &temp, (char *)(*st + loc), sizeof(u_long));
- return sizeof(u_long);
-}
-
-int
-vts_char(dat, st, loc)
-u_char dat; /* the attributes field */
-u_char **st; /* a base pointer to the stream */
-int loc; /* offset into the stream for current data */
-{
- *st = (u_char *) realloc ((char *)*st, (unsigned)(loc + sizeof(u_char)));
- (*st)[loc] = (u_char) dat;
- return 1;
-}
-
-/*
-stream_to_vals
- recieves : u_char *, kadm_vals *
- returns : a kadm_vals filled in according to u_char *
-
-this decodes a byte stream represntation of a vals struct into kadm_vals
-*/
-int
-stream_to_vals(dt_in, dt_out, maxlen)
-u_char *dt_in;
-Kadm_vals *dt_out;
-int maxlen; /* max length to use */
-{
- register int vsloop, stsize; /* loop counter, stream size */
- register int status;
-
- bzero((char *) dt_out, sizeof(*dt_out));
-
- stsize = check_field_header(dt_in, dt_out->fields, maxlen);
- if (stsize < 0)
- return(-1);
- for (vsloop=31; vsloop>=0; vsloop--)
- if (IS_FIELD(vsloop,dt_out->fields))
- switch (vsloop) {
- case KADM_NAME:
- if ((status = stv_string(dt_in, dt_out->name, stsize,
- sizeof(dt_out->name), maxlen)) < 0)
- return(-1);
- stsize += status;
- break;
- case KADM_INST:
- if ((status = stv_string(dt_in, dt_out->instance, stsize,
- sizeof(dt_out->instance), maxlen)) < 0)
- return(-1);
- stsize += status;
- break;
- case KADM_EXPDATE:
- if ((status = stv_long(dt_in, &dt_out->exp_date, stsize,
- maxlen)) < 0)
- return(-1);
- stsize += status;
- break;
- case KADM_ATTR:
- if ((status = stv_short(dt_in, &dt_out->attributes, stsize,
- maxlen)) < 0)
- return(-1);
- stsize += status;
- break;
- case KADM_MAXLIFE:
- if ((status = stv_char(dt_in, &dt_out->max_life, stsize,
- maxlen)) < 0)
- return(-1);
- stsize += status;
- break;
- case KADM_DESKEY:
- if ((status = stv_long(dt_in, &dt_out->key_high, stsize,
- maxlen)) < 0)
- return(-1);
- stsize += status;
- if ((status = stv_long(dt_in, &dt_out->key_low, stsize,
- maxlen)) < 0)
- return(-1);
- stsize += status;
- break;
- default:
- break;
- }
- return stsize;
-}
-
-int
-check_field_header(st, cont, maxlen)
-u_char *st; /* stream */
-u_char *cont; /* container for fields data */
-int maxlen;
-{
- if (4 > maxlen)
- return(-1);
- bcopy((char *) st, (char *) cont, 4);
- return 4; /* return pointer to current stream location */
-}
-
-int
-stv_string(st, dat, loc, stlen, maxlen)
-register u_char *st; /* base pointer to the stream */
-char *dat; /* a string to read from the stream */
-register int loc; /* offset into the stream for current data */
-int stlen; /* max length of string to copy in */
-int maxlen; /* max length of input stream */
-{
- int maxcount; /* max count of chars to copy */
-
- maxcount = min(maxlen - loc, stlen);
-
- (void) strncpy(dat, (char *)st + loc, maxcount);
-
- if (dat[maxcount-1]) /* not null-term --> not enuf room */
- return(-1);
- return strlen(dat)+1;
-}
-
-int
-stv_short(st, dat, loc, maxlen)
-u_char *st; /* a base pointer to the stream */
-u_short *dat; /* the attributes field */
-int loc; /* offset into the stream for current data */
-int maxlen;
-{
- u_short temp; /* to hold the net order short */
-
- if (loc + sizeof(u_short) > maxlen)
- return(-1);
- bcopy((char *)((u_long)st+(u_long)loc), (char *) &temp, sizeof(u_short));
- *dat = ntohs(temp); /* convert to network order */
- return sizeof(u_short);
-}
-
-int
-stv_long(st, dat, loc, maxlen)
-u_char *st; /* a base pointer to the stream */
-u_long *dat; /* the attributes field */
-int loc; /* offset into the stream for current data */
-int maxlen; /* maximum length of st */
-{
- u_long temp; /* to hold the net order short */
-
- if (loc + sizeof(u_long) > maxlen)
- return(-1);
- bcopy((char *)((u_long)st+(u_long)loc), (char *) &temp, sizeof(u_long));
- *dat = ntohl(temp); /* convert to network order */
- return sizeof(u_long);
-}
-
-int
-stv_char(st, dat, loc, maxlen)
-u_char *st; /* a base pointer to the stream */
-u_char *dat; /* the attributes field */
-int loc; /* offset into the stream for current data */
-int maxlen;
-{
- if (loc + 1 > maxlen)
- return(-1);
- *dat = *(st + loc);
- return 1;
-}
-
diff --git a/eBones/lib/libkadm/kadm_supp.c b/eBones/lib/libkadm/kadm_supp.c
deleted file mode 100644
index cf8bba5..0000000
--- a/eBones/lib/libkadm/kadm_supp.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
- * Copyright 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * Copyright.MIT.
- *
- * Support functions for Kerberos administration server & clients
- */
-
-#if 0
-#ifndef lint
-static char rcsid_kadm_supp_c[] =
-"Header: /afs/athena.mit.edu/astaff/project/kerberos/src/lib/kadm/RCS/kadm_supp.c,v 4.1 89/09/26 09:21:07 jtkohl Exp ";
-static const char rcsid[] =
- "$Id$";
-#endif lint
-#endif
-
-/*
- kadm_supp.c
- this holds the support routines for the kerberos administration server
-
- error: prints out a kadm error message, returns
- fatal: prints out a kadm fatal error message, exits
- prin_vals: prints out data associated with a Principal in the vals
- structure
-*/
-
-#include <string.h>
-#include <time.h>
-#include <kadm.h>
-#include <krb_db.h>
-
-/*
-prin_vals:
- recieves : a vals structure
-*/
-void
-prin_vals(vals)
-Kadm_vals *vals;
-{
- printf("Info in Database for %s.%s:\n", vals->name, vals->instance);
- printf(" Max Life: %d Exp Date: %s\n",vals->max_life,
- asctime(localtime((long *)&vals->exp_date)));
- printf(" Attribs: %.2x key: %lu %lu\n",vals->attributes,
- vals->key_low, vals->key_high);
-}
-
-#ifdef notdef
-nierror(s)
-int s;
-{
- printf("Kerberos admin server loses..... %s\n",error_message(s));
- return(s);
-}
-#endif
-
-/* kadm_prin_to_vals takes a fields arguments, a Kadm_vals and a Principal,
- it copies the fields in Principal specified by fields into Kadm_vals,
- i.e from old to new */
-
-void
-kadm_prin_to_vals(fields, new, old)
-u_char fields[FLDSZ];
-Kadm_vals *new;
-Principal *old;
-{
- bzero((char *)new, sizeof(*new));
- if (IS_FIELD(KADM_NAME,fields)) {
- (void) strncpy(new->name, old->name, ANAME_SZ);
- SET_FIELD(KADM_NAME, new->fields);
- }
- if (IS_FIELD(KADM_INST,fields)) {
- (void) strncpy(new->instance, old->instance, INST_SZ);
- SET_FIELD(KADM_INST, new->fields);
- }
- if (IS_FIELD(KADM_EXPDATE,fields)) {
- new->exp_date = old->exp_date;
- SET_FIELD(KADM_EXPDATE, new->fields);
- }
- if (IS_FIELD(KADM_ATTR,fields)) {
- new->attributes = old->attributes;
- SET_FIELD(KADM_MAXLIFE, new->fields);
- }
- if (IS_FIELD(KADM_MAXLIFE,fields)) {
- new->max_life = old->max_life;
- SET_FIELD(KADM_MAXLIFE, new->fields);
- }
- if (IS_FIELD(KADM_DESKEY,fields)) {
- new->key_low = old->key_low;
- new->key_high = old->key_high;
- SET_FIELD(KADM_DESKEY, new->fields);
- }
-}
-
-void
-kadm_vals_to_prin(fields, new, old)
-u_char fields[FLDSZ];
-Principal *new;
-Kadm_vals *old;
-{
-
- bzero((char *)new, sizeof(*new));
- if (IS_FIELD(KADM_NAME,fields))
- (void) strncpy(new->name, old->name, ANAME_SZ);
- if (IS_FIELD(KADM_INST,fields))
- (void) strncpy(new->instance, old->instance, INST_SZ);
- if (IS_FIELD(KADM_EXPDATE,fields))
- new->exp_date = old->exp_date;
- if (IS_FIELD(KADM_ATTR,fields))
- new->attributes = old->attributes;
- if (IS_FIELD(KADM_MAXLIFE,fields))
- new->max_life = old->max_life;
- if (IS_FIELD(KADM_DESKEY,fields)) {
- new->key_low = old->key_low;
- new->key_high = old->key_high;
- }
-}
diff --git a/eBones/lib/libkdb/Makefile b/eBones/lib/libkdb/Makefile
deleted file mode 100644
index 88041cc..0000000
--- a/eBones/lib/libkdb/Makefile
+++ /dev/null
@@ -1,8 +0,0 @@
-# From: @(#)Makefile 5.1 (Berkeley) 6/25/90
-# $Id$
-
-LIB= kdb
-CFLAGS+=-DKERBEROS -DDEBUG
-SRCS= krb_cache.c krb_dbm.c krb_kdb_utils.c krb_lib.c print_princ.c
-
-.include <bsd.lib.mk>
diff --git a/eBones/lib/libkdb/krb_cache.c b/eBones/lib/libkdb/krb_cache.c
deleted file mode 100644
index 2e8ad11..0000000
--- a/eBones/lib/libkdb/krb_cache.c
+++ /dev/null
@@ -1,181 +0,0 @@
-/*
- * Copyright 1988 by the Massachusetts Institute of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * This is where a cache would be implemented, if it were necessary.
- *
- * from: krb_cache.c,v 4.5 89/01/24 18:12:34 jon Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif lint
-#endif
-
-#include <stdio.h>
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <sys/uio.h>
-#include <sys/time.h>
-#include <sys/resource.h>
-#include <strings.h>
-#include <des.h>
-#include <krb.h>
-#include <krb_db.h>
-
-#ifdef DEBUG
-extern int debug;
-extern long kerb_debug;
-#endif
-static init = 0;
-
-/*
- * initialization routine for cache
- */
-
-int
-kerb_cache_init()
-{
- init = 1;
- return (0);
-}
-
-/*
- * look up a principal in the cache returns number of principals found
- */
-
-int
-kerb_cache_get_principal(serv, inst, principal, max)
- char *serv; /* could have wild card */
- char *inst; /* could have wild card */
- Principal *principal;
- unsigned int max; /* max number of name structs to return */
-
-{
- int found = 0;
-
- if (!init)
- kerb_cache_init();
-#ifdef DEBUG
- if (kerb_debug & 2) {
- fprintf(stderr, "cache_get_principal for %s %s max = %d\n",
- serv, inst, max);
- if (found) {
- fprintf(stderr, "cache get %s %s found %s %s\n",
- serv, inst, principal->name, principal->instance);
- } else {
- fprintf(stderr, "cache %s %s not found\n", serv,
- inst);
- }
- }
-#endif
- return (found);
-}
-
-/*
- * insert/replace a principal in the cache returns number of principals
- * inserted
- */
-
-int
-kerb_cache_put_principal(principal, max)
- Principal *principal;
- unsigned int max; /* max number of principal structs to
- * insert */
-
-{
- u_long i;
- int count = 0;
-
- if (!init)
- kerb_cache_init();
-
-#ifdef DEBUG
- if (kerb_debug & 2) {
- fprintf(stderr, "kerb_cache_put_principal max = %d",
- max);
- }
-#endif
-
- for (i = 0; i < max; i++) {
-#ifdef DEBUG
- if (kerb_debug & 2)
- fprintf(stderr, "\n %s %s",
- principal->name, principal->instance);
-#endif
- /* DO IT */
- count++;
- principal++;
- }
- return count;
-}
-
-/*
- * look up a dba in the cache returns number of dbas found
- */
-
-int
-kerb_cache_get_dba(serv, inst, dba, max)
- char *serv; /* could have wild card */
- char *inst; /* could have wild card */
- Dba *dba;
- unsigned int max; /* max number of name structs to return */
-
-{
- int found = 0;
-
- if (!init)
- kerb_cache_init();
-
-#ifdef DEBUG
- if (kerb_debug & 2) {
- fprintf(stderr, "cache_get_dba for %s %s max = %d\n",
- serv, inst, max);
- if (found) {
- fprintf(stderr, "cache get %s %s found %s %s\n",
- serv, inst, dba->name, dba->instance);
- } else {
- fprintf(stderr, "cache %s %s not found\n", serv, inst);
- }
- }
-#endif
- return (found);
-}
-
-/*
- * insert/replace a dba in the cache returns number of dbas inserted
- */
-
-int
-kerb_cache_put_dba(dba, max)
- Dba *dba;
- unsigned int max; /* max number of dba structs to insert */
-
-{
- u_long i;
- int count = 0;
-
- if (!init)
- kerb_cache_init();
-#ifdef DEBUG
- if (kerb_debug & 2) {
- fprintf(stderr, "kerb_cache_put_dba max = %d", max);
- }
-#endif
- for (i = 0; i < max; i++) {
-#ifdef DEBUG
- if (kerb_debug & 2)
- fprintf(stderr, "\n %s %s",
- dba->name, dba->instance);
-#endif
- /* DO IT */
- count++;
- dba++;
- }
- return count;
-}
-
diff --git a/eBones/lib/libkdb/krb_dbl.c b/eBones/lib/libkdb/krb_dbl.c
deleted file mode 100644
index 7776298..0000000
--- a/eBones/lib/libkdb/krb_dbl.c
+++ /dev/null
@@ -1 +0,0 @@
-This file is now obsolete.
diff --git a/eBones/lib/libkdb/krb_dbm.c b/eBones/lib/libkdb/krb_dbm.c
deleted file mode 100644
index 9b100c5..0000000
--- a/eBones/lib/libkdb/krb_dbm.c
+++ /dev/null
@@ -1,789 +0,0 @@
-/*
- * Copyright 1988 by the Massachusetts Institute of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: krb_dbm.c,v 4.9 89/04/18 16:15:13 wesommer Exp $
- * $Id$
-*/
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif lint
-#endif
-
-#if defined(__FreeBSD__) || defined(__NetBSD__)
-#define _NDBM_
-#endif
-
-#if defined(__FreeBSD__) || defined(__NetBSD__)
-#define _DBM_
-#endif
-
-#include <unistd.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <sys/uio.h>
-#include <sys/time.h>
-#include <sys/stat.h>
-#include <sys/resource.h>
-#include <sys/errno.h>
-#include <strings.h>
-#include <des.h>
-#include <sys/file.h>
-#ifdef _NDBM_
-#include <ndbm.h>
-#else /*_NDBM_*/
-#include <dbm.h>
-#endif /*_NDBM_*/
-/* before krb_db.h */
-#include <krb.h>
-#include <krb_db.h>
-
-#ifdef dbm_pagfno
-#define DB
-#endif
-
-#define KERB_DB_MAX_RETRY 5
-
-#ifdef DEBUG
-extern int debug;
-extern long kerb_debug;
-extern char *progname;
-#endif
-
-static init = 0;
-static char default_db_name[] = DBM_FILE;
-static char *current_db_name = default_db_name;
-static void encode_princ_key(datum *key, char *name, char *instance);
-static void decode_princ_key(datum *key, char *name, char *instance);
-static void encode_princ_contents(datum *contents, Principal *principal);
-static void decode_princ_contents(datum *contents, Principal *principal);
-static void kerb_dbl_fini(void);
-static int kerb_dbl_lock(int mode);
-static void kerb_dbl_unlock(void);
-static long kerb_start_update(char *db_name);
-static long kerb_end_update(char *db_name, long age);
-
-static struct timeval timestamp;/* current time of request */
-static int non_blocking = 0;
-
-/*
- * This module contains all of the code which directly interfaces to
- * the underlying representation of the Kerberos database; this
- * implementation uses a DBM or NDBM indexed "file" (actually
- * implemented as two separate files) to store the relations, plus a
- * third file as a semaphore to allow the database to be replaced out
- * from underneath the KDC server.
- */
-
-/*
- * Locking:
- *
- * There are two distinct locking protocols used. One is designed to
- * lock against processes (the admin_server, for one) which make
- * incremental changes to the database; the other is designed to lock
- * against utilities (kdb_util, kpropd) which replace the entire
- * database in one fell swoop.
- *
- * The first locking protocol is implemented using flock() in the
- * krb_dbl_lock() and krb_dbl_unlock routines.
- *
- * The second locking protocol is necessary because DBM "files" are
- * actually implemented as two separate files, and it is impossible to
- * atomically rename two files simultaneously. It assumes that the
- * database is replaced only very infrequently in comparison to the time
- * needed to do a database read operation.
- *
- * A third file is used as a "version" semaphore; the modification
- * time of this file is the "version number" of the database.
- * At the start of a read operation, the reader checks the version
- * number; at the end of the read operation, it checks again. If the
- * version number changed, or if the semaphore was nonexistant at
- * either time, the reader sleeps for a second to let things
- * stabilize, and then tries again; if it does not succeed after
- * KERB_DB_MAX_RETRY attempts, it gives up.
- *
- * On update, the semaphore file is deleted (if it exists) before any
- * update takes place; at the end of the update, it is replaced, with
- * a version number strictly greater than the version number which
- * existed at the start of the update.
- *
- * If the system crashes in the middle of an update, the semaphore
- * file is not automatically created on reboot; this is a feature, not
- * a bug, since the database may be inconsistant. Note that the
- * absence of a semaphore file does not prevent another _update_ from
- * taking place later. Database replacements take place automatically
- * only on slave servers; a crash in the middle of an update will be
- * fixed by the next slave propagation. A crash in the middle of an
- * update on the master would be somewhat more serious, but this would
- * likely be noticed by an administrator, who could fix the problem and
- * retry the operation.
- */
-
-/* Macros to convert ndbm names to dbm names.
- * Note that dbm_nextkey() cannot be simply converted using a macro, since
- * it is invoked giving the database, and nextkey() needs the previous key.
- *
- * Instead, all routines call "dbm_next" instead.
- */
-
-#ifndef _NDBM_
-typedef char DBM;
-
-#define dbm_open(file, flags, mode) ((dbminit(file) == 0)?"":((char *)0))
-#define dbm_fetch(db, key) fetch(key)
-#define dbm_store(db, key, content, flag) store(key, content)
-#define dbm_firstkey(db) firstkey()
-#define dbm_next(db,key) nextkey(key)
-#define dbm_close(db) dbmclose()
-#else
-#define dbm_next(db,key) dbm_nextkey(db)
-#endif
-
-/*
- * Utility routine: generate name of database file.
- */
-
-static char *gen_dbsuffix(db_name, sfx)
- char *db_name;
- char *sfx;
-{
- char *dbsuffix;
-
- if (sfx == NULL)
- sfx = ".ok";
-
- dbsuffix = malloc (strlen(db_name) + strlen(sfx) + 1);
- strcpy(dbsuffix, db_name);
- strcat(dbsuffix, sfx);
- return dbsuffix;
-}
-
-/*
- * initialization for data base routines.
- */
-
-int
-kerb_db_init()
-{
- init = 1;
- return (0);
-}
-
-/*
- * gracefully shut down database--must be called by ANY program that does
- * a kerb_db_init
- */
-
-void
-kerb_db_fini()
-{
-}
-
-/*
- * Set the "name" of the current database to some alternate value.
- *
- * Passing a null pointer as "name" will set back to the default.
- * If the alternate database doesn't exist, nothing is changed.
- */
-
-int
-kerb_db_set_name(name)
- char *name;
-{
- DBM *db;
-
- if (name == NULL)
- name = default_db_name;
- db = dbm_open(name, 0, 0);
- if (db == NULL)
- return errno;
- dbm_close(db);
- kerb_dbl_fini();
- current_db_name = name;
- return 0;
-}
-
-/*
- * Return the last modification time of the database.
- */
-
-long
-kerb_get_db_age()
-{
- struct stat st;
- char *okname;
- long age;
-
- okname = gen_dbsuffix(current_db_name, ".ok");
-
- if (stat (okname, &st) < 0)
- age = 0;
- else
- age = st.st_mtime;
-
- free (okname);
- return age;
-}
-
-/*
- * Remove the semaphore file; indicates that database is currently
- * under renovation.
- *
- * This is only for use when moving the database out from underneath
- * the server (for example, during slave updates).
- */
-
-static long
-kerb_start_update(db_name)
- char *db_name;
-{
- char *okname = gen_dbsuffix(db_name, ".ok");
- long age = kerb_get_db_age();
-
- if (unlink(okname) < 0
- && errno != ENOENT) {
- age = -1;
- }
- free (okname);
- return age;
-}
-
-static long
-kerb_end_update(db_name, age)
- char *db_name;
- long age;
-{
- int fd;
- int retval = 0;
- char *new_okname = gen_dbsuffix(db_name, ".ok#");
- char *okname = gen_dbsuffix(db_name, ".ok");
-
- fd = open (new_okname, O_CREAT|O_RDWR|O_TRUNC, 0600);
- if (fd < 0)
- retval = errno;
- else {
- struct stat st;
- struct timeval tv[2];
- /* make sure that semaphore is "after" previous value. */
- if (fstat (fd, &st) == 0
- && st.st_mtime <= age) {
- tv[0].tv_sec = st.st_atime;
- tv[0].tv_usec = 0;
- tv[1].tv_sec = age;
- tv[1].tv_usec = 0;
- /* set times.. */
- utimes (new_okname, tv);
- fsync(fd);
- }
- close(fd);
- if (rename (new_okname, okname) < 0)
- retval = errno;
- }
-
- free (new_okname);
- free (okname);
-
- return retval;
-}
-
-static long
-kerb_start_read()
-{
- return kerb_get_db_age();
-}
-
-static long
-kerb_end_read(age)
- u_long age;
-{
- if (kerb_get_db_age() != age || age == -1) {
- return -1;
- }
- return 0;
-}
-
-/*
- * Create the database, assuming it's not there.
- */
-
-int
-kerb_db_create(db_name)
- char *db_name;
-{
- char *okname = gen_dbsuffix(db_name, ".ok");
- int fd;
- register int ret = 0;
-#ifdef _NDBM_
- DBM *db;
-
- db = dbm_open(db_name, O_RDWR|O_CREAT|O_EXCL, 0600);
- if (db == NULL)
- ret = errno;
- else
- dbm_close(db);
-#else
- char *dirname = gen_dbsuffix(db_name, ".dir");
- char *pagname = gen_dbsuffix(db_name, ".pag");
-
- fd = open(dirname, O_RDWR|O_CREAT|O_EXCL, 0600);
- if (fd < 0)
- ret = errno;
- else {
- close(fd);
- fd = open (pagname, O_RDWR|O_CREAT|O_EXCL, 0600);
- if (fd < 0)
- ret = errno;
- else
- close(fd);
- }
- if (dbminit(db_name) < 0)
- ret = errno;
-#endif
- if (ret == 0) {
- fd = open (okname, O_CREAT|O_RDWR|O_TRUNC, 0600);
- if (fd < 0)
- ret = errno;
- close(fd);
- }
- return ret;
-}
-
-/*
- * "Atomically" rename the database in a way that locks out read
- * access in the middle of the rename.
- *
- * Not perfect; if we crash in the middle of an update, we don't
- * necessarily know to complete the transaction the rename, but...
- */
-
-int
-kerb_db_rename(from, to)
- char *from;
- char *to;
-{
-#ifdef _DBM_
- char *fromdb = gen_dbsuffix (from, ".db");
- char *todb = gen_dbsuffix (to, ".db");
-#else
- char *fromdir = gen_dbsuffix (from, ".dir");
- char *todir = gen_dbsuffix (to, ".dir");
- char *frompag = gen_dbsuffix (from , ".pag");
- char *topag = gen_dbsuffix (to, ".pag");
-#endif
- char *fromok = gen_dbsuffix(from, ".ok");
- long trans = kerb_start_update(to);
- int ok = 0;
-
-#ifdef _DBM_
- if (rename (fromdb, todb) == 0) {
-#else
- if ((rename (fromdir, todir) == 0)
- && (rename (frompag, topag) == 0)) {
-#endif
- (void) unlink (fromok);
- ok = 1;
- }
-
- free (fromok);
-#ifdef _DBM_
- free (fromdb);
- free (todb);
-#else
- free (fromdir);
- free (todir);
- free (frompag);
- free (topag);
-#endif
- if (ok)
- return kerb_end_update(to, trans);
- else
- return -1;
-}
-
-/*
- * look up a principal in the data base returns number of principals
- * found , and whether there were more than requested.
- */
-
-int
-kerb_db_get_principal(name, inst, principal, max, more)
- char *name; /* could have wild card */
- char *inst; /* could have wild card */
- Principal *principal;
- unsigned int max; /* max number of name structs to return */
- int *more; /* where there more than 'max' tuples? */
-
-{
- int found = 0, code;
- extern int errorproc();
- int wildp, wildi;
- datum key, contents;
- char testname[ANAME_SZ], testinst[INST_SZ];
- u_long trans;
- int try;
- DBM *db;
-
- if (!init)
- kerb_db_init(); /* initialize database routines */
-
- for (try = 0; try < KERB_DB_MAX_RETRY; try++) {
- trans = kerb_start_read();
-
- if ((code = kerb_dbl_lock(KERB_DBL_SHARED)) != 0)
- return -1;
-
- db = dbm_open(current_db_name, O_RDONLY, 0600);
-
- *more = 0;
-
-#ifdef DEBUG
- if (kerb_debug & 2)
- fprintf(stderr,
- "%s: db_get_principal for %s %s max = %d",
- progname, name, inst, max);
-#endif
-
- wildp = !strcmp(name, "*");
- wildi = !strcmp(inst, "*");
-
- if (!wildi && !wildp) { /* nothing's wild */
- encode_princ_key(&key, name, inst);
- contents = dbm_fetch(db, key);
- if (contents.dptr == NULL) {
- found = 0;
- goto done;
- }
- decode_princ_contents(&contents, principal);
-#ifdef DEBUG
- if (kerb_debug & 1) {
- fprintf(stderr, "\t found %s %s p_n length %d t_n length %d\n",
- principal->name, principal->instance,
- strlen(principal->name),
- strlen(principal->instance));
- }
-#endif
- found = 1;
- goto done;
- }
- /* process wild cards by looping through entire database */
-
- for (key = dbm_firstkey(db); key.dptr != NULL;
- key = dbm_next(db, key)) {
- decode_princ_key(&key, testname, testinst);
- if ((wildp || !strcmp(testname, name)) &&
- (wildi || !strcmp(testinst, inst))) { /* have a match */
- if (found >= max) {
- *more = 1;
- goto done;
- } else {
- found++;
- contents = dbm_fetch(db, key);
- decode_princ_contents(&contents, principal);
-#ifdef DEBUG
- if (kerb_debug & 1) {
- fprintf(stderr,
- "\tfound %s %s p_n length %d t_n length %d\n",
- principal->name, principal->instance,
- strlen(principal->name),
- strlen(principal->instance));
- }
-#endif
- principal++; /* point to next */
- }
- }
- }
-
- done:
- kerb_dbl_unlock(); /* unlock read lock */
- dbm_close(db);
- if (kerb_end_read(trans) == 0)
- break;
- found = -1;
- if (!non_blocking)
- sleep(1);
- }
- return (found);
-}
-
-/*
- * Update a name in the data base. Returns number of names
- * successfully updated.
- */
-
-int
-kerb_db_put_principal(principal, max)
- Principal *principal;
- unsigned int max; /* number of principal structs to
- * update */
-
-{
- int found = 0, code;
- u_long i;
- extern int errorproc();
- datum key, contents;
- DBM *db;
-
- gettimeofday(&timestamp, NULL);
-
- if (!init)
- kerb_db_init();
-
- if ((code = kerb_dbl_lock(KERB_DBL_EXCLUSIVE)) != 0)
- return -1;
-
- db = dbm_open(current_db_name, O_RDWR, 0600);
-
-#ifdef DEBUG
- if (kerb_debug & 2)
- fprintf(stderr, "%s: kerb_db_put_principal max = %d",
- progname, max);
-#endif
-
- /* for each one, stuff temps, and do replace/append */
- for (i = 0; i < max; i++) {
- encode_princ_contents(&contents, principal);
- encode_princ_key(&key, principal->name, principal->instance);
- dbm_store(db, key, contents, DBM_REPLACE);
-#ifdef DEBUG
- if (kerb_debug & 1) {
- fprintf(stderr, "\n put %s %s\n",
- principal->name, principal->instance);
- }
-#endif
- found++;
- principal++; /* bump to next struct */
- }
-
- dbm_close(db);
- kerb_dbl_unlock(); /* unlock database */
- return (found);
-}
-
-static void
-encode_princ_key(key, name, instance)
- datum *key;
- char *name, *instance;
-{
- static char keystring[ANAME_SZ + INST_SZ];
-
- bzero(keystring, ANAME_SZ + INST_SZ);
- strncpy(keystring, name, ANAME_SZ);
- strncpy(&keystring[ANAME_SZ], instance, INST_SZ);
- key->dptr = keystring;
- key->dsize = ANAME_SZ + INST_SZ;
-}
-
-static void
-decode_princ_key(key, name, instance)
- datum *key;
- char *name, *instance;
-{
- strncpy(name, key->dptr, ANAME_SZ);
- strncpy(instance, key->dptr + ANAME_SZ, INST_SZ);
- name[ANAME_SZ - 1] = '\0';
- instance[INST_SZ - 1] = '\0';
-}
-
-static void
-encode_princ_contents(contents, principal)
- datum *contents;
- Principal *principal;
-{
- contents->dsize = sizeof(*principal);
- contents->dptr = (char *) principal;
-}
-
-static void
-decode_princ_contents(contents, principal)
- datum *contents;
- Principal *principal;
-{
- bcopy(contents->dptr, (char *) principal, sizeof(*principal));
-}
-
-void
-kerb_db_get_stat(s)
- DB_stat *s;
-{
- gettimeofday(&timestamp, NULL);
-
-
- s->cpu = 0;
- s->elapsed = 0;
- s->dio = 0;
- s->pfault = 0;
- s->t_stamp = timestamp.tv_sec;
- s->n_retrieve = 0;
- s->n_replace = 0;
- s->n_append = 0;
- s->n_get_stat = 0;
- s->n_put_stat = 0;
- /* update local copy too */
-}
-
-void
-kerb_db_put_stat(s)
- DB_stat *s;
-{
-}
-
-void
-delta_stat(a, b, c)
- DB_stat *a, *b, *c;
-{
- /* c = a - b then b = a for the next time */
-
- c->cpu = a->cpu - b->cpu;
- c->elapsed = a->elapsed - b->elapsed;
- c->dio = a->dio - b->dio;
- c->pfault = a->pfault - b->pfault;
- c->t_stamp = a->t_stamp - b->t_stamp;
- c->n_retrieve = a->n_retrieve - b->n_retrieve;
- c->n_replace = a->n_replace - b->n_replace;
- c->n_append = a->n_append - b->n_append;
- c->n_get_stat = a->n_get_stat - b->n_get_stat;
- c->n_put_stat = a->n_put_stat - b->n_put_stat;
-
- bcopy(a, b, sizeof(DB_stat));
-}
-
-/*
- * look up a dba in the data base returns number of dbas found , and
- * whether there were more than requested.
- */
-
-int
-kerb_db_get_dba(dba_name, dba_inst, dba, max, more)
- char *dba_name; /* could have wild card */
- char *dba_inst; /* could have wild card */
- Dba *dba;
- unsigned int max; /* max number of name structs to return */
- int *more; /* where there more than 'max' tuples? */
-
-{
- *more = 0;
- return (0);
-}
-
-int
-kerb_db_iterate (func, arg)
- int (*func)();
- char *arg; /* void *, really */
-{
- datum key, contents;
- Principal *principal;
- int code;
- DBM *db;
-
- kerb_db_init(); /* initialize and open the database */
- if ((code = kerb_dbl_lock(KERB_DBL_SHARED)) != 0)
- return code;
-
- db = dbm_open(current_db_name, O_RDONLY, 0600);
-
- for (key = dbm_firstkey (db); key.dptr != NULL; key = dbm_next(db, key)) {
- contents = dbm_fetch (db, key);
- /* XXX may not be properly aligned */
- principal = (Principal *) contents.dptr;
- if ((code = (*func)(arg, principal)) != 0)
- return code;
- }
- dbm_close(db);
- kerb_dbl_unlock();
- return 0;
-}
-
-static int dblfd = -1;
-static int mylock = 0;
-static int inited = 0;
-
-static void
-kerb_dbl_init()
-{
- if (!inited) {
- char *filename = gen_dbsuffix (current_db_name, ".ok");
- if ((dblfd = open(filename, 0)) < 0) {
- fprintf(stderr, "kerb_dbl_init: couldn't open %s\n", filename);
- fflush(stderr);
- perror("open");
- exit(1);
- }
- free(filename);
- inited++;
- }
-}
-
-static void
-kerb_dbl_fini()
-{
- close(dblfd);
- dblfd = -1;
- inited = 0;
- mylock = 0;
-}
-
-static int
-kerb_dbl_lock(mode)
- int mode;
-{
- int flock_mode;
-
- if (!inited)
- kerb_dbl_init();
- if (mylock) { /* Detect lock call when lock already
- * locked */
- fprintf(stderr, "Kerberos locking error (mylock)\n");
- fflush(stderr);
- exit(1);
- }
- switch (mode) {
- case KERB_DBL_EXCLUSIVE:
- flock_mode = LOCK_EX;
- break;
- case KERB_DBL_SHARED:
- flock_mode = LOCK_SH;
- break;
- default:
- fprintf(stderr, "invalid lock mode %d\n", mode);
- abort();
- }
- if (non_blocking)
- flock_mode |= LOCK_NB;
-
- if (flock(dblfd, flock_mode) < 0)
- return errno;
- mylock++;
- return 0;
-}
-
-static void
-kerb_dbl_unlock()
-{
- if (!mylock) { /* lock already unlocked */
- fprintf(stderr, "Kerberos database lock not locked when unlocking.\n");
- fflush(stderr);
- exit(1);
- }
- if (flock(dblfd, LOCK_UN) < 0) {
- fprintf(stderr, "Kerberos database lock error. (unlocking)\n");
- fflush(stderr);
- perror("flock");
- exit(1);
- }
- mylock = 0;
-}
-
-int
-kerb_db_set_lockmode(mode)
- int mode;
-{
- int old = non_blocking;
- non_blocking = mode;
- return old;
-}
diff --git a/eBones/lib/libkdb/krb_kdb_utils.c b/eBones/lib/libkdb/krb_kdb_utils.c
deleted file mode 100644
index abec479..0000000
--- a/eBones/lib/libkdb/krb_kdb_utils.c
+++ /dev/null
@@ -1,148 +0,0 @@
-/*
- * Copyright 1988 by the Massachusetts Institute of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * Utility routines for Kerberos programs which directly access
- * the database. This code was duplicated in too many places
- * before I gathered it here.
- *
- * Jon Rochlis, MIT Telecom, March 1988
- *
- * from: krb_kdb_utils.c,v 4.1 89/07/26 11:01:12 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif lint
-#endif
-
-#include <des.h>
-#include <krb.h>
-#include <krb_db.h>
-#include <kdc.h>
-#include <stdio.h>
-#include <unistd.h>
-#include <string.h>
-#include <sys/file.h>
-
-long
-kdb_get_master_key(prompt, master_key, master_key_sched)
- int prompt;
- C_Block master_key;
- Key_schedule master_key_sched;
-{
- int kfile;
-
- if (prompt) {
-#ifdef NOENCRYPTION
- placebo_read_password(master_key,
- "\nEnter Kerberos master key: ", 0);
-#else
- des_read_password((des_cblock *)master_key,
- "\nEnter Kerberos master key: ", 0);
-#endif
- printf ("\n");
- }
- else {
- kfile = open(MKEYFILE, O_RDONLY, 0600);
- if (kfile < 0) {
- /* oh, for com_err_ */
- return (-1);
- }
- if (read(kfile, (char *) master_key, 8) != 8) {
- return (-1);
- }
- close(kfile);
- }
-
-#ifndef NOENCRYPTION
- key_sched((des_cblock *)master_key,master_key_sched);
-#endif
- return (0);
-}
-
-/* The caller is reasponsible for cleaning up the master key and sched,
- even if we can't verify the master key */
-
-/* Returns master key version if successful, otherwise -1 */
-
-long
-kdb_verify_master_key (master_key, master_key_sched, out)
- C_Block master_key;
- Key_schedule master_key_sched;
- FILE *out; /* setting this to non-null be do output */
-{
- C_Block key_from_db;
- Principal principal_data[1];
- int n, more = 0;
- long master_key_version;
-
- /* lookup the master key version */
- n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data,
- 1 /* only one please */, &more);
- if ((n != 1) || more) {
- if (out != (FILE *) NULL)
- fprintf(out,
- "verify_master_key: %s, %d found.\n",
- "Kerberos error on master key version lookup",
- n);
- return (-1);
- }
-
- master_key_version = (long) principal_data[0].key_version;
-
- /* set up the master key */
- if (out != (FILE *) NULL) /* should we punt this? */
- fprintf(out, "Current Kerberos master key version is %d.\n",
- principal_data[0].kdc_key_ver);
-
- /*
- * now use the master key to decrypt the key in the db, had better
- * be the same!
- */
- bcopy(&principal_data[0].key_low, key_from_db, 4);
- bcopy(&principal_data[0].key_high, ((long *) key_from_db) + 1, 4);
- kdb_encrypt_key (key_from_db, key_from_db,
- master_key, master_key_sched, DECRYPT);
-
- /* the decrypted database key had better equal the master key */
- n = bcmp((char *) master_key, (char *) key_from_db,
- sizeof(master_key));
- /* this used to zero the master key here! */
- bzero(key_from_db, sizeof(key_from_db));
- bzero(principal_data, sizeof (principal_data));
-
- if (n && (out != (FILE *) NULL)) {
- fprintf(out, "\n\07\07verify_master_key: Invalid master key; ");
- fprintf(out, "does not match database.\n");
- return (-1);
- }
- if (out != (FILE *) NULL) {
- fprintf(out, "\nMaster key entered. BEWARE!\07\07\n");
- fflush(out);
- }
-
- return (master_key_version);
-}
-
-/* The old algorithm used the key schedule as the initial vector which
- was byte order depedent ... */
-
-void
-kdb_encrypt_key (in, out, master_key, master_key_sched, e_d_flag)
- C_Block in, out, master_key;
- Key_schedule master_key_sched;
- int e_d_flag;
-{
-
-#ifdef NOENCRYPTION
- bcopy(in, out, sizeof(C_Block));
-#else
- pcbc_encrypt((des_cblock*)in,(des_cblock*)out,(long)sizeof(C_Block),
- master_key_sched,(des_cblock*)master_key,e_d_flag);
-#endif
-}
diff --git a/eBones/lib/libkdb/krb_lib.c b/eBones/lib/libkdb/krb_lib.c
deleted file mode 100644
index 235c050..0000000
--- a/eBones/lib/libkdb/krb_lib.c
+++ /dev/null
@@ -1,242 +0,0 @@
-/*
- * $Source: /home/ncvs/src/eBones/lib/libkdb/krb_lib.c,v $
- * $Author: jkh $
- *
- * Copyright 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif lint
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <sys/uio.h>
-#include <sys/time.h>
-#include <sys/resource.h>
-#include <strings.h>
-#include <des.h>
-#include <krb.h>
-#include <krb_db.h>
-
-#ifdef DEBUG
-extern int debug;
-extern char *progname;
-long kerb_debug;
-#endif
-
-static init = 0;
-
-/*
- * initialization routine for data base
- */
-
-int
-kerb_init()
-{
-#ifdef DEBUG
- if (!init) {
- char *dbg = getenv("KERB_DBG");
- if (dbg)
- sscanf(dbg, "%ld", &kerb_debug);
- init = 1;
- }
-#endif
- kerb_db_init();
-
-#ifdef CACHE
- kerb_cache_init();
-#endif
-
- /* successful init, return 0, else errcode */
- return (0);
-}
-
-/*
- * finalization routine for database -- NOTE: MUST be called by any
- * program using kerb_init. ALSO will have to be modified to finalize
- * caches, if they're ever really implemented.
- */
-
-void
-kerb_fini()
-{
- kerb_db_fini();
-}
-
-/*
- * look up a principal in the cache or data base returns number of
- * principals found
- */
-
-int
-kerb_get_principal(name, inst, principal, max, more)
- char *name; /* could have wild card */
- char *inst; /* could have wild card */
- Principal *principal;
- unsigned int max; /* max number of name structs to return */
- int *more; /* more tuples than room for */
-
-{
- int found = 0;
-#ifdef CACHE
- static int wild = 0;
-#endif
- if (!init)
- kerb_init();
-
-#ifdef DEBUG
- if (kerb_debug & 1)
- fprintf(stderr, "\n%s: kerb_get_principal for %s %s max = %d\n",
- progname, name, inst, max);
-#endif
-
- /*
- * if this is a request including a wild card, have to go to db
- * since the cache may not be exhaustive.
- */
-
- /* clear the principal area */
- bzero((char *) principal, max * sizeof(Principal));
-
-#ifdef CACHE
- /*
- * so check to see if the name contains a wildcard "*" or "?", not
- * preceeded by a backslash.
- */
- wild = 0;
- if (index(name, '*') || index(name, '?') ||
- index(inst, '*') || index(inst, '?'))
- wild = 1;
-
- if (!wild) {
- /* try the cache first */
- found = kerb_cache_get_principal(name, inst, principal, max, more);
- if (found)
- return (found);
- }
-#endif
- /* If we didn't try cache, or it wasn't there, try db */
- found = kerb_db_get_principal(name, inst, principal, max, more);
- /* try to insert principal(s) into cache if it was found */
-#ifdef CACHE
- if (found) {
- kerb_cache_put_principal(principal, found);
- }
-#endif
- return (found);
-}
-
-/* principals */
-int
-kerb_put_principal(principal, n)
- Principal *principal;
- unsigned int n; /* number of principal structs to write */
-{
- long time();
- struct tm *tp, *localtime();
-
- /* set mod date */
- principal->mod_date = time((long *)0);
- /* and mod date string */
-
- tp = localtime(&principal->mod_date);
- (void) sprintf(principal->mod_date_txt, "%4d-%2d-%2d",
- tp->tm_year > 1900 ? tp->tm_year : tp->tm_year + 1900,
- tp->tm_mon + 1, tp->tm_mday); /* January is 0, not 1 */
-#ifdef DEBUG
- if (kerb_debug & 1) {
- int i;
- fprintf(stderr, "\nkerb_put_principal...");
- for (i = 0; i < n; i++) {
- krb_print_principal(&principal[i]);
- }
- }
-#endif
- /* write database */
- if (kerb_db_put_principal(principal, n) < 0) {
-#ifdef DEBUG
- if (kerb_debug & 1)
- fprintf(stderr, "\n%s: kerb_db_put_principal err", progname);
- /* watch out for cache */
-#endif
- return -1;
- }
-#ifdef CACHE
- /* write cache */
- if (!kerb_cache_put_principal(principal, n)) {
-#ifdef DEBUG
- if (kerb_debug & 1)
- fprintf(stderr, "\n%s: kerb_cache_put_principal err", progname);
-#endif
- return -1;
- }
-#endif
- return 0;
-}
-
-int
-kerb_get_dba(name, inst, dba, max, more)
- char *name; /* could have wild card */
- char *inst; /* could have wild card */
- Dba *dba;
- unsigned int max; /* max number of name structs to return */
- int *more; /* more tuples than room for */
-
-{
- int found = 0;
-#ifdef CACHE
- static int wild = 0;
-#endif
- if (!init)
- kerb_init();
-
-#ifdef DEBUG
- if (kerb_debug & 1)
- fprintf(stderr, "\n%s: kerb_get_dba for %s %s max = %d\n",
- progname, name, inst, max);
-#endif
- /*
- * if this is a request including a wild card, have to go to db
- * since the cache may not be exhaustive.
- */
-
- /* clear the dba area */
- bzero((char *) dba, max * sizeof(Dba));
-
-#ifdef CACHE
- /*
- * so check to see if the name contains a wildcard "*" or "?", not
- * preceeded by a backslash.
- */
-
- wild = 0;
- if (index(name, '*') || index(name, '?') ||
- index(inst, '*') || index(inst, '?'))
- wild = 1;
-
- if (!wild) {
- /* try the cache first */
- found = kerb_cache_get_dba(name, inst, dba, max, more);
- if (found)
- return (found);
- }
-#endif
- /* If we didn't try cache, or it wasn't there, try db */
- found = kerb_db_get_dba(name, inst, dba, max, more);
-#ifdef CACHE
- /* try to insert dba(s) into cache if it was found */
- if (found) {
- kerb_cache_put_dba(dba, found);
- }
-#endif
- return (found);
-}
diff --git a/eBones/lib/libkdb/print_princ.c b/eBones/lib/libkdb/print_princ.c
deleted file mode 100644
index 396a66a..0000000
--- a/eBones/lib/libkdb/print_princ.c
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Copyright 1988 by the Massachusetts Institute of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: $Header: /home/ncvs/src/eBones/lib/libkdb/print_princ.c,v 1.5 1997/01/14 05:40:32 jkh Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif lint
-#endif
-
-#include <stdio.h>
-#include <time.h>
-#include <sys/types.h>
-#include <sys/time.h>
-#include <strings.h>
-#include <krb.h>
-#include <krb_db.h>
-
-extern int debug;
-
-long kerb_debug;
-static struct tm *time_p;
-
-void
-krb_print_principal(a_n)
- Principal *a_n;
-{
- /* run-time database does not contain string versions */
- time_p = localtime(&(a_n->exp_date));
-
- fprintf(stderr,
- "\n%s %s expires %4d-%2d-%2d %2d:%2d, max_life %d*5 = %d min attr 0x%02x",
- a_n->name, a_n->instance,
- time_p->tm_year > 1900 ? time_p->tm_year : time_p->tm_year + 1900,
- time_p->tm_mon + 1, time_p->tm_mday,
- time_p->tm_hour, time_p->tm_min,
- a_n->max_life, 5 * a_n->max_life, a_n->attributes);
-
- fprintf(stderr,
- "\n\tkey_ver %d k_low 0x%08lx k_high 0x%08lx akv %d exists %d\n",
- a_n->key_version, a_n->key_low, a_n->key_high,
- a_n->kdc_key_ver, (int)a_n->old);
-
- fflush(stderr);
-}
diff --git a/eBones/lib/libkrb/Makefile b/eBones/lib/libkrb/Makefile
deleted file mode 100644
index 4bd9eee..0000000
--- a/eBones/lib/libkrb/Makefile
+++ /dev/null
@@ -1,52 +0,0 @@
-# From: @(#)Makefile 5.1 (Berkeley) 6/25/90
-# $Id$
-
-LIB= krb
-SHLIB_MINOR= 1
-CFLAGS+=-DKERBEROS -DCRYPT -DDEBUG -DBSD42
-SRCS= krb_err.c create_auth_reply.c create_ciph.c \
- create_death_packet.c create_ticket.c debug_decl.c decomp_ticket.c \
- des_rw.c dest_tkt.c extract_ticket.c fgetst.c get_ad_tkt.c \
- get_admhst.c get_cred.c get_in_tkt.c get_krbhst.c get_krbrlm.c \
- get_phost.c get_pw_tkt.c get_request.c get_svc_in_tkt.c \
- get_tf_fullname.c get_tf_realm.c getrealm.c getst.c in_tkt.c \
- k_gethostname.c klog.c kname_parse.c kntoln.c kparse.c \
- krb_err_txt.c krb_get_in_tkt.c kuserok.c log.c mk_err.c \
- mk_priv.c mk_req.c mk_safe.c month_sname.c \
- netread.c netwrite.c one.c pkt_cipher.c pkt_clen.c rd_err.c \
- rd_priv.c rd_req.c rd_safe.c read_service_key.c recvauth.c \
- save_credentials.c send_to_kdc.c sendauth.c stime.c tf_util.c \
- tkt_string.c util.c
-
-LDADD+= -lcom_err
-
-beforeinstall: krb_err.c
- ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 444 krb_err.h \
- ${DESTDIR}/usr/include/kerberosIV
-
-MAN3= krb.3 krb_realmofhost.3 krb_sendauth.3 krb_set_tkt_string.3 \
- kuserok.3 tf_util.3
-
-MLINKS= krb.3 krb_mk_req.3 krb.3 krb_rd_req.3 krb.3 krb_kntoln.3 \
- krb.3 krb_set_key.3 krb.3 krb_get_cred.3 krb.3 krb_mk_priv.3 \
- krb.3 krb_rd_priv.3 krb.3 krb_mk_safe.3 krb.3 krb_rd_safe.3 \
- krb.3 krb_mk_err.3 krb.3 krb_rd_err.3 krb.3 krb_ck_repl.3 \
- krb.3 krb_get_local_addr.3 krb.3 krb_bind_local_addr.3
-
-MLINKS+=krb_realmofhost.3 krb_get_phost.3 krb_realmofhost.3 krb_get_krbhst.3 \
- krb_realmofhost.3 krb_get_admhst.3 krb_realmofhost.3 krb_get_lrealm.3
-
-MLINKS+=krb_realmofhost.3 realm.3
-
-MLINKS+=krb_sendauth.3 krb_recvauth.3 krb_sendauth.3 krb_net_write.3 \
- krb_sendauth.3 krb_net_read.3
-
-MLINKS+=krb_sendauth.3 ksend.3
-
-MLINKS+=tf_util.3 tf_init.3 tf_util.3 tf_get_pname.3 \
- tf_util.3 tf_get_pinst.3 tf_util.3 tf_get_cred.3 \
- tf_util.3 tf_close.3
-
-.include <bsd.lib.mk>
-
-krb_err.c: ${KRBOBJDIR}/krb_err.h
diff --git a/eBones/lib/libkrb/add_ticket.c b/eBones/lib/libkrb/add_ticket.c
deleted file mode 100644
index e9840b6..0000000
--- a/eBones/lib/libkrb/add_ticket.c
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: add_ticket.c,v 4.7 88/10/07 06:06:26 shanzer Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <krb.h>
-#include <prot.h>
-#include <strings.h>
-
-/*
- * This routine is now obsolete. It used to be possible to request
- * more than one ticket at a time from the authentication server, and
- * it looks like this routine was used by the server to package the
- * tickets to be returned to the client.
- */
-
-/*
- * This routine adds a new ticket to the ciphertext to be returned to
- * the client. The routine takes the ciphertext (which doesn't get
- * encrypted till later), the number of the ticket (i.e. 1st, 2nd,
- * etc) the session key which goes in the ticket and is sent back to
- * the user, the lifetime for the ticket, the service name, the
- * instance, the realm, the key version number, and the ticket itself.
- *
- * This routine returns 0 (KSUCCESS) on success, and 1 (KFAILURE) on
- * failure. On failure, which occurs when there isn't enough room
- * for the ticket, a 0 length ticket is added.
- *
- * Notes: This routine must be called with successive values of n.
- * i.e. the ticket must be added in order. The corresponding routine
- * on the client side is extract ticket.
- */
-
-/* XXX they aren't all used; to avoid incompatible changes we will
- * fool lint for the moment */
-/*ARGSUSED */
-int
-add_ticket(cipher,n,session,lifetime,sname,instance,realm,kvno,ticket)
- KTEXT cipher; /* Ciphertext info for ticket */
- char *sname; /* Service name */
- char *instance; /* Instance */
- int n; /* Relative position of this ticket */
- char *session; /* Session key for this tkt */
- int lifetime; /* Lifetime of this ticket */
- char *realm; /* Realm in which ticket is valid */
- int kvno; /* Key version number of service key */
- KTEXT ticket; /* The ticket itself */
-{
-
- /* Note, the 42 is a temporary hack; it will have to be changed. */
-
- /* Begin check of ticket length */
- if ((cipher->length + ticket->length + 4 + 42 +
- (*(cipher->dat)+1-n)*(11+strlen(realm))) >
- MAX_KTXT_LEN) {
- bcopy(session,(char *)(cipher->dat+cipher->length),8);
- *(cipher->dat+cipher->length+8) = (char) lifetime;
- *(cipher->dat+cipher->length+9) = (char) kvno;
- (void) strcpy((char *)(cipher->dat+cipher->length+10),realm);
- cipher->length += 11 + strlen(realm);
- *(cipher->dat+n) = 0;
- return(KFAILURE);
- }
- /* End check of ticket length */
-
- /* Add the session key, lifetime, kvno, ticket to the ciphertext */
- bcopy(session,(char *)(cipher->dat+cipher->length),8);
- *(cipher->dat+cipher->length+8) = (char) lifetime;
- *(cipher->dat+cipher->length+9) = (char) kvno;
- (void) strcpy((char *)(cipher->dat+cipher->length+10),realm);
- cipher->length += 11 + strlen(realm);
- bcopy((char *)(ticket->dat),(char *)(cipher->dat+cipher->length),
- ticket->length);
- cipher->length += ticket->length;
-
- /* Set the ticket length at beginning of ciphertext */
- *(cipher->dat+n) = ticket->length;
- return(KSUCCESS);
-}
diff --git a/eBones/lib/libkrb/create_auth_reply.c b/eBones/lib/libkrb/create_auth_reply.c
deleted file mode 100644
index e7f669b..0000000
--- a/eBones/lib/libkrb/create_auth_reply.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: create_auth_reply.c,v 4.10 89/01/13 17:47:38 steiner Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char *rcsid =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <krb.h>
-#include <prot.h>
-#include <strings.h>
-
-/*
- * This routine is called by the Kerberos authentication server
- * to create a reply to an authentication request. The routine
- * takes the user's name, instance, and realm, the client's
- * timestamp, the number of tickets, the user's key version
- * number and the ciphertext containing the tickets themselves.
- * It constructs a packet and returns a pointer to it.
- *
- * Notes: The packet returned by this routine is static. Thus, if you
- * intend to keep the result beyond the next call to this routine, you
- * must copy it elsewhere.
- *
- * The packet is built in the following format:
- *
- * variable
- * type or constant data
- * ---- ----------- ----
- *
- * unsigned char KRB_PROT_VERSION protocol version number
- *
- * unsigned char AUTH_MSG_KDC_REPLY protocol message type
- *
- * [least significant HOST_BYTE_ORDER sender's (server's) byte
- * bit of above field] order
- *
- * string pname principal's name
- *
- * string pinst principal's instance
- *
- * string prealm principal's realm
- *
- * unsigned long time_ws client's timestamp
- *
- * unsigned char n number of tickets
- *
- * unsigned long x_date expiration date
- *
- * unsigned char kvno master key version
- *
- * short w_1 cipher length
- *
- * --- cipher->dat cipher data
- */
-
-KTEXT
-create_auth_reply(pname,pinst,prealm,time_ws,n,x_date,kvno,cipher)
- char *pname; /* Principal's name */
- char *pinst; /* Principal's instance */
- char *prealm; /* Principal's authentication domain */
- long time_ws; /* Workstation time */
- int n; /* Number of tickets */
- unsigned long x_date; /* Principal's expiration date */
- int kvno; /* Principal's key version number */
- KTEXT cipher; /* Cipher text with tickets and
- * session keys */
-{
- static KTEXT_ST pkt_st;
- KTEXT pkt = &pkt_st;
- unsigned char *v = pkt->dat; /* Prot vers number */
- unsigned char *t = (pkt->dat+1); /* Prot message type */
- short w_l; /* Cipher length */
-
- /* Create fixed part of packet */
- *v = (unsigned char) KRB_PROT_VERSION;
- *t = (unsigned char) AUTH_MSG_KDC_REPLY;
- *t |= HOST_BYTE_ORDER;
-
- if (n != 0)
- *v = 3;
-
- /* Add the basic info */
- (void) strcpy((char *) (pkt->dat+2), pname);
- pkt->length = 3 + strlen(pname);
- (void) strcpy((char *) (pkt->dat+pkt->length),pinst);
- pkt->length += 1 + strlen(pinst);
- (void) strcpy((char *) (pkt->dat+pkt->length),prealm);
- pkt->length += 1 + strlen(prealm);
- /* Workstation timestamp */
- bcopy((char *) &time_ws, (char *) (pkt->dat+pkt->length), 4);
- pkt->length += 4;
- *(pkt->dat+(pkt->length)++) = (unsigned char) n;
- /* Expiration date */
- bcopy((char *) &x_date, (char *) (pkt->dat+pkt->length),4);
- pkt->length += 4;
-
- /* Now send the ciphertext and info to help decode it */
- *(pkt->dat+(pkt->length)++) = (unsigned char) kvno;
- w_l = (short) cipher->length;
- bcopy((char *) &w_l,(char *) (pkt->dat+pkt->length),2);
- pkt->length += 2;
- bcopy((char *) (cipher->dat), (char *) (pkt->dat+pkt->length),
- cipher->length);
- pkt->length += cipher->length;
-
- /* And return the packet */
- return pkt;
-}
diff --git a/eBones/lib/libkrb/create_ciph.c b/eBones/lib/libkrb/create_ciph.c
deleted file mode 100644
index c0e5656..0000000
--- a/eBones/lib/libkrb/create_ciph.c
+++ /dev/null
@@ -1,112 +0,0 @@
-/*
- * Copyright 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: create_ciph.c,v 4.8 89/05/18 21:24:26 jis Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char *rcsid =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <krb.h>
-#include <des.h>
-#include <strings.h>
-
-/*
- * This routine is used by the authentication server to create
- * a packet for its client, containing a ticket for the requested
- * service (given in "tkt"), and some information about the ticket,
- *
- * Returns KSUCCESS no matter what.
- *
- * The length of the cipher is stored in c->length; the format of
- * c->dat is as follows:
- *
- * variable
- * type or constant data
- * ---- ----------- ----
- *
- *
- * 8 bytes session session key for client, service
- *
- * string service service name
- *
- * string instance service instance
- *
- * string realm KDC realm
- *
- * unsigned char life ticket lifetime
- *
- * unsigned char kvno service key version number
- *
- * unsigned char tkt->length length of following ticket
- *
- * data tkt->dat ticket for service
- *
- * 4 bytes kdc_time KDC's timestamp
- *
- * <=7 bytes null null pad to 8 byte multiple
- *
- */
-
-int
-create_ciph(c, session, service, instance, realm, life, kvno, tkt,
- kdc_time, key)
- KTEXT c; /* Text block to hold ciphertext */
- C_Block session; /* Session key to send to user */
- char *service; /* Service name on ticket */
- char *instance; /* Instance name on ticket */
- char *realm; /* Realm of this KDC */
- unsigned long life; /* Lifetime of the ticket */
- int kvno; /* Key version number for service */
- KTEXT tkt; /* The ticket for the service */
- unsigned long kdc_time; /* KDC time */
- C_Block key; /* Key to encrypt ciphertext with */
-{
- char *ptr;
- Key_schedule key_s;
-
- ptr = (char *) c->dat;
-
- bcopy((char *) session, ptr, 8);
- ptr += 8;
-
- (void) strcpy(ptr,service);
- ptr += strlen(service) + 1;
-
- (void) strcpy(ptr,instance);
- ptr += strlen(instance) + 1;
-
- (void) strcpy(ptr,realm);
- ptr += strlen(realm) + 1;
-
- *(ptr++) = (unsigned char) life;
- *(ptr++) = (unsigned char) kvno;
- *(ptr++) = (unsigned char) tkt->length;
-
- bcopy((char *)(tkt->dat),ptr,tkt->length);
- ptr += tkt->length;
-
- bcopy((char *) &kdc_time,ptr,4);
- ptr += 4;
-
- /* guarantee null padded encrypted data to multiple of 8 bytes */
- bzero(ptr, 7);
-
- c->length = (((ptr - (char *) c->dat) + 7) / 8) * 8;
-
-#ifndef NOENCRYPTION
- key_sched((C_Block *)key,key_s);
- pcbc_encrypt((C_Block *)c->dat,(C_Block *)c->dat,(long) c->length,key_s,
- (C_Block *)key,ENCRYPT);
-#endif /* NOENCRYPTION */
-
- return(KSUCCESS);
-}
diff --git a/eBones/lib/libkrb/create_death_packet.c b/eBones/lib/libkrb/create_death_packet.c
deleted file mode 100644
index 46decc1..0000000
--- a/eBones/lib/libkrb/create_death_packet.c
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: create_death_packet.c,v 4.9 89/01/17 16:05:59 rfrench Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char *rcsid =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <krb.h>
-#include <prot.h>
-#include <strings.h>
-
-/*
- * This routine creates a packet to type AUTH_MSG_DIE which is sent to
- * the Kerberos server to make it shut down. It is used only in the
- * development environment.
- *
- * It takes a string "a_name" which is sent in the packet. A pointer
- * to the packet is returned.
- *
- * The format of the killer packet is:
- *
- * type variable data
- * or constant
- * ---- ----------- ----
- *
- * unsigned char KRB_PROT_VERSION protocol version number
- *
- * unsigned char AUTH_MSG_DIE message type
- *
- * [least significant HOST_BYTE_ORDER byte order of sender
- * bit of above field]
- *
- * string a_name presumably, name of
- * principal sending killer
- * packet
- */
-
-#ifdef DEBUG
-KTEXT
-krb_create_death_packet(a_name)
- char *a_name;
-{
- static KTEXT_ST pkt_st;
- KTEXT pkt = &pkt_st;
-
- unsigned char *v = pkt->dat;
- unsigned char *t = (pkt->dat+1);
- *v = (unsigned char) KRB_PROT_VERSION;
- *t = (unsigned char) AUTH_MSG_DIE;
- *t |= HOST_BYTE_ORDER;
- (void) strcpy((char *) (pkt->dat+2),a_name);
- pkt->length = 3 + strlen(a_name);
- return pkt;
-}
-#endif /* DEBUG */
diff --git a/eBones/lib/libkrb/create_ticket.c b/eBones/lib/libkrb/create_ticket.c
deleted file mode 100644
index ff9a09b..0000000
--- a/eBones/lib/libkrb/create_ticket.c
+++ /dev/null
@@ -1,132 +0,0 @@
-/*
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: create_ticket.c,v 4.11 89/03/22 14:43:23 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <stdio.h>
-#include <des.h>
-#include <krb.h>
-#include <prot.h>
-#include <strings.h>
-
-/*
- * Create ticket takes as arguments information that should be in a
- * ticket, and the KTEXT object in which the ticket should be
- * constructed. It then constructs a ticket and returns, leaving the
- * newly created ticket in tkt.
- * The length of the ticket is a multiple of
- * eight bytes and is in tkt->length.
- *
- * If the ticket is too long, the ticket will contain nulls.
- * The return value of the routine is undefined.
- *
- * The corresponding routine to extract information from a ticket it
- * decomp_ticket. When changes are made to this routine, the
- * corresponding changes should also be made to that file.
- *
- * The packet is built in the following format:
- *
- * variable
- * type or constant data
- * ---- ----------- ----
- *
- * tkt->length length of ticket (multiple of 8 bytes)
- *
- * tkt->dat:
- *
- * unsigned char flags namely, HOST_BYTE_ORDER
- *
- * string pname client's name
- *
- * string pinstance client's instance
- *
- * string prealm client's realm
- *
- * 4 bytes paddress client's address
- *
- * 8 bytes session session key
- *
- * 1 byte life ticket lifetime
- *
- * 4 bytes time_sec KDC timestamp
- *
- * string sname service's name
- *
- * string sinstance service's instance
- *
- * <=7 bytes null null pad to 8 byte multiple
- *
- */
-
-int krb_create_ticket(tkt, flags, pname, pinstance, prealm, paddress,
- session, life, time_sec, sname, sinstance, key)
- KTEXT tkt; /* Gets filled in by the ticket */
- unsigned char flags; /* Various Kerberos flags */
- char *pname; /* Principal's name */
- char *pinstance; /* Principal's instance */
- char *prealm; /* Principal's authentication domain */
- long paddress; /* Net address of requesting entity */
- char *session; /* Session key inserted in ticket */
- short life; /* Lifetime of the ticket */
- long time_sec; /* Issue time and date */
- char *sname; /* Service Name */
- char *sinstance; /* Instance Name */
- C_Block key; /* Service's secret key */
-{
- Key_schedule key_s;
- register char *data; /* running index into ticket */
-
- tkt->length = 0; /* Clear previous data */
- flags |= HOST_BYTE_ORDER; /* ticket byte order */
- bcopy((char *) &flags,(char *) (tkt->dat),sizeof(flags));
- data = ((char *)tkt->dat) + sizeof(flags);
- (void) strcpy(data, pname);
- data += 1 + strlen(pname);
- (void) strcpy(data, pinstance);
- data += 1 + strlen(pinstance);
- (void) strcpy(data, prealm);
- data += 1 + strlen(prealm);
- bcopy((char *) &paddress, data, 4);
- data += 4;
-
- bcopy((char *) session, data, 8);
- data += 8;
- *(data++) = (char) life;
- /* issue time */
- bcopy((char *) &time_sec, data, 4);
- data += 4;
- (void) strcpy(data, sname);
- data += 1 + strlen(sname);
- (void) strcpy(data, sinstance);
- data += 1 + strlen(sinstance);
-
- /* guarantee null padded ticket to multiple of 8 bytes */
- bzero(data, 7);
- tkt->length = ((data - ((char *)tkt->dat) + 7)/8)*8;
-
- /* Check length of ticket */
- if (tkt->length > (sizeof(KTEXT_ST) - 7)) {
- bzero(tkt->dat, tkt->length);
- tkt->length = 0;
- return KFAILURE /* XXX */;
- }
-
-#ifndef NOENCRYPTION
- key_sched((C_Block *)key,key_s);
- pcbc_encrypt((C_Block *)tkt->dat,(C_Block *)tkt->dat,(long)tkt->length,
- key_s,(C_Block *)key,ENCRYPT);
-#endif
- return 0;
-}
diff --git a/eBones/lib/libkrb/debug_decl.c b/eBones/lib/libkrb/debug_decl.c
deleted file mode 100644
index f39aa61..0000000
--- a/eBones/lib/libkrb/debug_decl.c
+++ /dev/null
@@ -1,20 +0,0 @@
-/*
- * Copyright 1988 by the Massachusetts Institute of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: debug_decl.c,v 4.5 88/10/07 06:07:49 shanzer Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif lint
-#endif
-
-/* Declare global debugging variables. */
-
-int krb_ap_req_debug = 0;
-int krb_debug = 0;
diff --git a/eBones/lib/libkrb/decomp_ticket.c b/eBones/lib/libkrb/decomp_ticket.c
deleted file mode 100644
index cb304df..0000000
--- a/eBones/lib/libkrb/decomp_ticket.c
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: decomp_ticket.c,v 4.12 89/05/16 18:44:46 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char *rcsid =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <stdio.h>
-#include <des.h>
-#include <krb.h>
-#include <prot.h>
-#include <strings.h>
-
-/*
- * This routine takes a ticket and pointers to the variables that
- * should be filled in based on the information in the ticket. It
- * fills in values for its arguments.
- *
- * Note: if the client realm field in the ticket is the null string,
- * then the "prealm" variable is filled in with the local realm (as
- * defined by KRB_REALM).
- *
- * If the ticket byte order is different than the host's byte order
- * (as indicated by the byte order bit of the "flags" field), then
- * the KDC timestamp "time_sec" is byte-swapped. The other fields
- * potentially affected by byte order, "paddress" and "session" are
- * not byte-swapped.
- *
- * The routine returns KFAILURE if any of the "pname", "pinstance",
- * or "prealm" fields is too big, otherwise it returns KSUCCESS.
- *
- * The corresponding routine to generate tickets is create_ticket.
- * When changes are made to this routine, the corresponding changes
- * should also be made to that file.
- *
- * See create_ticket.c for the format of the ticket packet.
- */
-
-int
-decomp_ticket(tkt, flags, pname, pinstance, prealm, paddress, session,
- life, time_sec, sname, sinstance, key, key_s)
- KTEXT tkt; /* The ticket to be decoded */
- unsigned char *flags; /* Kerberos ticket flags */
- char *pname; /* Authentication name */
- char *pinstance; /* Principal's instance */
- char *prealm; /* Principal's authentication domain */
- unsigned long *paddress; /* Net address of entity
- * requesting ticket */
- C_Block session; /* Session key inserted in ticket */
- int *life; /* Lifetime of the ticket */
- unsigned long *time_sec; /* Issue time and date */
- char *sname; /* Service name */
- char *sinstance; /* Service instance */
- C_Block key; /* Service's secret key
- * (to decrypt the ticket) */
- Key_schedule key_s; /* The precomputed key schedule */
-{
- static int tkt_swap_bytes;
- unsigned char *uptr;
- char *ptr = (char *)tkt->dat;
-
-#ifndef NOENCRYPTION
- pcbc_encrypt((C_Block *)tkt->dat,(C_Block *)tkt->dat,(long)tkt->length,
- key_s,(C_Block *)key,DECRYPT);
-#endif /* ! NOENCRYPTION */
-
- *flags = *ptr; /* get flags byte */
- ptr += sizeof(*flags);
- tkt_swap_bytes = 0;
- if (HOST_BYTE_ORDER != ((*flags >> K_FLAG_ORDER)& 1))
- tkt_swap_bytes++;
-
- if (strlen(ptr) > ANAME_SZ)
- return(KFAILURE);
- (void) strcpy(pname,ptr); /* pname */
- ptr += strlen(pname) + 1;
-
- if (strlen(ptr) > INST_SZ)
- return(KFAILURE);
- (void) strcpy(pinstance,ptr); /* instance */
- ptr += strlen(pinstance) + 1;
-
- if (strlen(ptr) > REALM_SZ)
- return(KFAILURE);
- (void) strcpy(prealm,ptr); /* realm */
- ptr += strlen(prealm) + 1;
- /* temporary hack until realms are dealt with properly */
- if (*prealm == 0)
- (void) strcpy(prealm,KRB_REALM);
-
- bcopy(ptr,(char *)paddress,4); /* net address */
- ptr += 4;
-
- bcopy(ptr,(char *)session,8); /* session key */
- ptr+= 8;
-#ifdef notdef /* DONT SWAP SESSION KEY spm 10/22/86 */
- if (tkt_swap_bytes)
- swap_C_Block(session);
-#endif
-
- /* get lifetime, being certain we don't get negative lifetimes */
- uptr = (unsigned char *) ptr++;
- *life = (int) *uptr;
-
- bcopy(ptr,(char *) time_sec,4); /* issue time */
- ptr += 4;
- if (tkt_swap_bytes)
- swap_u_long(*time_sec);
-
- (void) strcpy(sname,ptr); /* service name */
- ptr += 1 + strlen(sname);
-
- (void) strcpy(sinstance,ptr); /* instance */
- ptr += 1 + strlen(sinstance);
- return(KSUCCESS);
-}
diff --git a/eBones/lib/libkrb/des_rw.c b/eBones/lib/libkrb/des_rw.c
deleted file mode 100644
index 6f2719d..0000000
--- a/eBones/lib/libkrb/des_rw.c
+++ /dev/null
@@ -1,258 +0,0 @@
-/*
- * Copyright (c) 1994 Geoffrey M. Rehmet, Rhodes University
- * All rights reserved.
- *
- * This code is derived from a specification based on software
- * which forms part of the 4.4BSD-Lite distribution, which was developed
- * by the University of California and its contributors.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the entire comment,
- * including the above copyright notice, this list of conditions
- * and the following disclaimer, verbatim, at the beginning of
- * the source file.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by Geoffrey M. Rehmet
- * 4. Neither the name of Geoffrey M. Rehmet nor that of Rhodes University
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL GEOFFREY M. REHMET OR RHODES UNIVERSITY BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $Id: des_rw.c,v 1.9 1997/06/14 02:29:19 ache Exp $
- */
-
-/*
- *
- * NB: THESE ROUTINES WILL FAIL IF NON-BLOCKING I/O IS USED.
- *
- */
-
-/*
- * Routines for reading and writing DES encrypted messages onto sockets.
- * (These routines will fail if non-blocking I/O is used.)
- *
- * When a message is written, its length is first transmitted as an int,
- * in network byte order. The encrypted message is then transmitted,
- * to a multiple of 8 bytes. Messages shorter than 8 bytes are right
- * justified into a buffer of length 8 bytes, and the remainder of the
- * buffer is filled with random garbage (before encryption):
- *
- * DDD -------->--+--------+
- * | |
- * +--+--+--+--+--+--+--+--+
- * |x |x |x |x |x |D |D |D |
- * +--+--+--+--+--+--+--+--+
- * | garbage | data |
- * | |
- * +-----------------------+----> des_pcbc_encrypt() -->
- *
- * (Note that the length field sent before the actual message specifies
- * the number of data bytes, not the length of the entire padded message.
- *
- * When data is read, if the message received is longer than the number
- * of bytes requested, then the remaining bytes are stored until the
- * following call to des_read(). If the number of bytes received is
- * less then the number of bytes received, then only the number of bytes
- * actually received is returned.
- *
- * This interface corresponds with the original des_rw.c, except for the
- * bugs in des_read() in the original 4.4BSD version. (One bug is
- * normally not visible, due to undocumented behaviour of
- * des_pcbc_encrypt() in the original MIT libdes.)
- *
- * XXX Todo:
- * 1) Give better error returns on writes
- * 2) Improve error checking on reads
- * 3) Get rid of need for extern decl. of krb_net_read()
- * 4) Tidy garbage generation a bit
- * 5) Make the above comment more readable
- */
-
-#ifdef CRYPT
-#ifdef KERBEROS
-
-#ifndef BUFFER_LEN
-#define BUFFER_LEN 10240
-#endif
-
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include <unistd.h>
-
-#include <sys/param.h>
-#include <sys/types.h>
-
-#include <des.h>
-#include <krb.h>
-
-static des_cblock des_key;
-static des_key_schedule key_schedule;
-
-/*
- * Buffer for storing extra data when more data is received, then was
- * actually requested in des_read().
- */
-static u_char des_buff[BUFFER_LEN];
-static u_char buffer[BUFFER_LEN];
-static unsigned stored = 0;
-static u_char *buff_ptr = buffer;
-
-/*
- * Set the encryption key for des_read() and des_write().
- * inkey is the initial vector for the DES encryption, while insched is
- * the DES key, in unwrapped form.
- */
-
-int
-des_set_key_krb(inkey, insched)
- des_cblock *inkey;
- des_key_schedule insched;
-{
- bcopy(inkey, des_key, sizeof(des_cblock));
- bcopy(insched, &key_schedule, sizeof(des_key_schedule));
- return 0;
-}
-
-/*
- * Clear the key schedule, and initial vector, which were previously
- * stored in static vars by des_set_key().
- */
-void
-des_clear_key_krb()
-{
- bzero(&des_key, sizeof(des_cblock));
- bzero(&key_schedule, sizeof(des_key_schedule));
-}
-
-int
-des_read(fd, buf, len)
- int fd;
- register char * buf;
- int len;
-{
- int msg_length; /* length of actual message data */
- int pad_length; /* length of padded message */
- int nread; /* number of bytes actually read */
- int nreturned = 0;
-
- if(stored >= len) {
- bcopy(buff_ptr, buf, len);
- stored -= len;
- buff_ptr += len;
- return(len);
- } else {
- if (stored) {
- bcopy(buff_ptr, buf, stored);
- nreturned = stored;
- len -= stored;
- stored = 0;
- buff_ptr = buffer;
- } else {
- nreturned = 0;
- buff_ptr = buffer;
- }
- }
-
- nread = krb_net_read(fd, (char *)&msg_length, sizeof(msg_length));
- if(nread != (int)(sizeof(msg_length)))
- return(0);
-
- msg_length = ntohl(msg_length);
- pad_length = roundup(msg_length, 8);
-
- nread = krb_net_read(fd, des_buff, pad_length);
- if(nread != pad_length)
- return(0);
-
- des_pcbc_encrypt((des_cblock*) des_buff, (des_cblock*) buff_ptr,
- (msg_length < 8 ? 8 : msg_length),
- key_schedule, (des_cblock*) &des_key, DES_DECRYPT);
-
-
- if(msg_length < 8)
- buff_ptr += (8 - msg_length);
- stored = msg_length;
-
- if(stored >= len) {
- bcopy(buff_ptr, buf, len);
- stored -= len;
- buff_ptr += len;
- nreturned += len;
- } else {
- bcopy(buff_ptr, buf, stored);
- nreturned += stored;
- stored = 0;
- }
-
- return(nreturned);
-}
-
-
-/*
- * Write a message onto a file descriptor (generally a socket), using
- * DES to encrypt the message.
- */
-int
-des_write(fd, buf, len)
- int fd;
- char * buf;
- int len;
-{
- char garbage[8];
- long rnd;
- int pad_len;
- int write_len;
- int i;
- char *data;
-
- if(len < 8) {
- /*
- * Right justify the message in 8 bytes of random garbage.
- */
-
- for(i = 0 ; i < 8 ; i+= sizeof(long)) {
- rnd = arc4random();
- bcopy(&rnd, garbage+i,
- (i <= (8 - sizeof(long)))?sizeof(long):(8-i));
- }
- bcopy(buf, garbage + 8 - len, len);
- data = garbage;
- pad_len = 8;
- } else {
- data = buf;
- pad_len = roundup(len, 8);
- }
-
- des_pcbc_encrypt((des_cblock*) data, (des_cblock*) des_buff,
- (len < 8)?8:len, key_schedule, (des_cblock*) &des_key, DES_ENCRYPT);
-
-
- write_len = htonl(len);
- if(write(fd, &write_len, sizeof(write_len)) != sizeof(write_len))
- return(-1);
- if(write(fd, des_buff, pad_len) != pad_len)
- return(-1);
-
- return(len);
-}
-
-#endif /* KERBEROS */
-#endif /* CRYPT */
diff --git a/eBones/lib/libkrb/dest_tkt.c b/eBones/lib/libkrb/dest_tkt.c
deleted file mode 100644
index c91d881..0000000
--- a/eBones/lib/libkrb/dest_tkt.c
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: dest_tkt.c,v 4.9 89/10/02 16:23:07 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char *rcsid =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <unistd.h>
-#include <stdio.h>
-#include <string.h>
-#include <krb.h>
-#include <sys/file.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#ifdef TKT_SHMEM
-#include <sys/param.h>
-#endif
-#include <errno.h>
-
-/*
- * dest_tkt() is used to destroy the ticket store upon logout.
- * If the ticket file does not exist, dest_tkt() returns RET_TKFIL.
- * Otherwise the function returns RET_OK on success, KFAILURE on
- * failure.
- *
- * The ticket file (TKT_FILE) is defined in "krb.h".
- */
-
-int
-dest_tkt()
-{
- char *file = TKT_FILE;
- int i,fd;
- extern int errno;
- struct stat statb;
- char buf[BUFSIZ];
-#ifdef TKT_SHMEM
- char shmidname[MAXPATHLEN];
-#endif /* TKT_SHMEM */
-
- errno = 0;
- if (lstat(file,&statb) < 0)
- goto out;
-
- if (!(statb.st_mode & S_IFREG)
-#ifdef notdef
- || statb.st_mode & 077
-#endif
- )
- goto out;
-
- if ((fd = open(file, O_RDWR, 0)) < 0)
- goto out;
-
- bzero(buf, BUFSIZ);
-
- for (i = 0; i < statb.st_size; i += BUFSIZ)
- if (write(fd, buf, BUFSIZ) != BUFSIZ) {
- (void) fsync(fd);
- (void) close(fd);
- goto out;
- }
-
- (void) fsync(fd);
- (void) close(fd);
-
- (void) unlink(file);
-
-out:
- if (errno == ENOENT) return RET_TKFIL;
- else if (errno != 0) return KFAILURE;
-#ifdef TKT_SHMEM
- /*
- * handle the shared memory case
- */
- (void) strcpy(shmidname, file);
- (void) strcat(shmidname, ".shm");
- if ((i = krb_shm_dest(shmidname)) != KSUCCESS)
- return(i);
-#endif /* TKT_SHMEM */
- return(KSUCCESS);
-}
diff --git a/eBones/lib/libkrb/extract_ticket.c b/eBones/lib/libkrb/extract_ticket.c
deleted file mode 100644
index eb9e3b0..0000000
--- a/eBones/lib/libkrb/extract_ticket.c
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: extract_ticket.c,v 4.6 88/10/07 06:08:15 shanzer Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char *rcsid =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <krb.h>
-#include <prot.h>
-#include <strings.h>
-
-/*
- * This routine is obsolete.
- *
- * This routine accepts the ciphertext returned by kerberos and
- * extracts the nth ticket. It also fills in the variables passed as
- * session, liftime and kvno.
- */
-
-void
-extract_ticket(cipher,n,session,lifetime,kvno,realm,ticket)
- KTEXT cipher; /* The ciphertext */
- int n; /* Which ticket */
- char *session; /* The session key for this tkt */
- int *lifetime; /* The life of this ticket */
- int *kvno; /* The kvno for the service */
- char *realm; /* Realm in which tkt issued */
- KTEXT ticket; /* The ticket itself */
-{
- char *ptr;
- int i;
-
- /* Start after the ticket lengths */
- ptr = (char *) cipher->dat;
- ptr = ptr + 1 + (int) *(cipher->dat);
-
- /* Step through earlier tickets */
- for (i = 1; i < n; i++)
- ptr = ptr + 11 + strlen(ptr+10) + (int) *(cipher->dat+i);
- bcopy(ptr, (char *) session, 8); /* Save the session key */
- ptr += 8;
- *lifetime = *(ptr++); /* Save the life of the ticket */
- *kvno = *(ptr++); /* Save the kvno */
- (void) strcpy(realm,ptr); /* instance */
- ptr += strlen(realm) + 1;
-
- /* Save the ticket if its length is non zero */
- ticket->length = *(cipher->dat+n);
- if (ticket->length)
- bcopy(ptr, (char *) (ticket->dat), ticket->length);
-}
diff --git a/eBones/lib/libkrb/fgetst.c b/eBones/lib/libkrb/fgetst.c
deleted file mode 100644
index 459b5f4..0000000
--- a/eBones/lib/libkrb/fgetst.c
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: fgetst.c,v 4.0 89/01/23 10:08:31 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <stdio.h>
-
-/*
- * fgetst takes a file descriptor, a character pointer, and a count.
- * It reads from the file it has either read "count" characters, or
- * until it reads a null byte. When finished, what has been read exists
- * in "s". If "count" characters were actually read, the last is changed
- * to a null, so the returned string is always null-terminated. fgetst
- * returns the number of characters read, including the null terminator.
- */
-
-int
-fgetst(f, s, n)
- FILE *f;
- register char *s;
- int n;
-{
- register int count = n;
- int ch; /* NOT char; otherwise you don't see EOF */
-
- while ((ch = getc(f)) != EOF && ch && --count) {
- *s++ = ch;
- }
- *s = '\0';
- return (n - count);
-}
diff --git a/eBones/lib/libkrb/get_ad_tkt.c b/eBones/lib/libkrb/get_ad_tkt.c
deleted file mode 100644
index 4ab5e67..0000000
--- a/eBones/lib/libkrb/get_ad_tkt.c
+++ /dev/null
@@ -1,237 +0,0 @@
-/*
- * Copyright 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: get_ad_tkt.c,v 4.15 89/07/07 15:18:51 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <krb.h>
-#include <des.h>
-#include <prot.h>
-#include <strings.h>
-
-#include <stdio.h>
-#include <errno.h>
-
-/* use the bsd time.h struct defs for PC too! */
-#include <sys/time.h>
-#include <sys/types.h>
-
-extern int krb_debug;
-
-struct timeval tt_local = { 0, 0 };
-
-int swap_bytes;
-unsigned long rep_err_code;
-
-/*
- * get_ad_tkt obtains a new service ticket from Kerberos, using
- * the ticket-granting ticket which must be in the ticket file.
- * It is typically called by krb_mk_req() when the client side
- * of an application is creating authentication information to be
- * sent to the server side.
- *
- * get_ad_tkt takes four arguments: three pointers to strings which
- * contain the name, instance, and realm of the service for which the
- * ticket is to be obtained; and an integer indicating the desired
- * lifetime of the ticket.
- *
- * It returns an error status if the ticket couldn't be obtained,
- * or AD_OK if all went well. The ticket is stored in the ticket
- * cache.
- *
- * The request sent to the Kerberos ticket-granting service looks
- * like this:
- *
- * pkt->dat
- *
- * TEXT original contents of authenticator+ticket
- * pkt->dat built in krb_mk_req call
- *
- * 4 bytes time_ws always 0 (?)
- * char lifetime lifetime argument passed
- * string service service name argument
- * string sinstance service instance arg.
- *
- * See "prot.h" for the reply packet layout and definitions of the
- * extraction macros like pkt_version(), pkt_msg_type(), etc.
- */
-
-int
-get_ad_tkt(service,sinstance,realm,lifetime)
- char *service;
- char *sinstance;
- char *realm;
- int lifetime;
-{
- static KTEXT_ST pkt_st;
- KTEXT pkt = & pkt_st; /* Packet to KDC */
- static KTEXT_ST rpkt_st;
- KTEXT rpkt = &rpkt_st; /* Returned packet */
- static KTEXT_ST cip_st;
- KTEXT cip = &cip_st; /* Returned Ciphertext */
- static KTEXT_ST tkt_st;
- KTEXT tkt = &tkt_st; /* Current ticket */
- C_Block ses; /* Session key for tkt */
- CREDENTIALS cr;
- int kvno; /* Kvno for session key */
- char lrealm[REALM_SZ];
- C_Block key; /* Key for decrypting cipher */
- Key_schedule key_s;
- long time_ws = 0;
-
- char s_name[SNAME_SZ];
- char s_instance[INST_SZ];
- int msg_byte_order;
- int kerror;
- char rlm[REALM_SZ];
- char *ptr;
-
- unsigned long kdc_time; /* KDC time */
-
- if ((kerror = krb_get_tf_realm(TKT_FILE, lrealm)) != KSUCCESS)
- return(kerror);
-
- /* Create skeleton of packet to be sent */
- (void) gettimeofday(&tt_local,(struct timezone *) 0);
-
- pkt->length = 0;
-
- /*
- * Look for the session key (and other stuff we don't need)
- * in the ticket file for krbtgt.realm@lrealm where "realm"
- * is the service's realm (passed in "realm" argument) and
- * lrealm is the realm of our initial ticket. If we don't
- * have this, we will try to get it.
- */
-
- if ((kerror = krb_get_cred("krbtgt",realm,lrealm,&cr)) != KSUCCESS) {
- /*
- * If realm == lrealm, we have no hope, so let's not even try.
- */
- if ((strncmp(realm, lrealm, REALM_SZ)) == 0)
- return(AD_NOTGT);
- else{
- if ((kerror =
- get_ad_tkt("krbtgt",realm,lrealm,lifetime)) != KSUCCESS)
- return(kerror);
- if ((kerror = krb_get_cred("krbtgt",realm,lrealm,&cr)) != KSUCCESS)
- return(kerror);
- }
- }
-
- /*
- * Make up a request packet to the "krbtgt.realm@lrealm".
- * Start by calling krb_mk_req() which puts ticket+authenticator
- * into "pkt". Then tack other stuff on the end.
- */
-
- kerror = krb_mk_req(pkt,"krbtgt",realm,lrealm,0L);
-
- if (kerror)
- return(AD_NOTGT);
-
- /* timestamp */
- bcopy((char *) &time_ws,(char *) (pkt->dat+pkt->length),4);
- pkt->length += 4;
- *(pkt->dat+(pkt->length)++) = (char) lifetime;
- (void) strcpy((char *) (pkt->dat+pkt->length),service);
- pkt->length += 1 + strlen(service);
- (void) strcpy((char *)(pkt->dat+pkt->length),sinstance);
- pkt->length += 1 + strlen(sinstance);
-
- rpkt->length = 0;
-
- /* Send the request to the local ticket-granting server */
- if ((kerror = send_to_kdc(pkt, rpkt, realm))) return(kerror);
-
- /* check packet version of the returned packet */
- if (pkt_version(rpkt) != KRB_PROT_VERSION )
- return(INTK_PROT);
-
- /* Check byte order */
- msg_byte_order = pkt_msg_type(rpkt) & 1;
- swap_bytes = 0;
- if (msg_byte_order != HOST_BYTE_ORDER)
- swap_bytes++;
-
- switch (pkt_msg_type(rpkt) & ~1) {
- case AUTH_MSG_KDC_REPLY:
- break;
- case AUTH_MSG_ERR_REPLY:
- bcopy(pkt_err_code(rpkt), (char *) &rep_err_code, 4);
- if (swap_bytes)
- swap_u_long(rep_err_code);
- return(rep_err_code);
-
- default:
- return(INTK_PROT);
- }
-
- /* Extract the ciphertext */
- cip->length = pkt_clen(rpkt); /* let clen do the swap */
-
- bcopy((char *) pkt_cipher(rpkt),(char *) (cip->dat),cip->length);
-
-#ifndef NOENCRYPTION
- key_sched((C_Block *)cr.session,key_s);
- pcbc_encrypt((C_Block *)cip->dat,(C_Block *)cip->dat,(long)cip->length,
- key_s,(C_Block *)cr.session,DECRYPT);
-#endif
- /* Get rid of all traces of key */
- bzero((char *) cr.session, sizeof(key));
- bzero((char *) key_s, sizeof(key_s));
-
- ptr = (char *) cip->dat;
-
- bcopy(ptr,(char *)ses,8);
- ptr += 8;
-
- (void) strcpy(s_name,ptr);
- ptr += strlen(s_name) + 1;
-
- (void) strcpy(s_instance,ptr);
- ptr += strlen(s_instance) + 1;
-
- (void) strcpy(rlm,ptr);
- ptr += strlen(rlm) + 1;
-
- lifetime = (unsigned long) ptr[0];
- kvno = (unsigned long) ptr[1];
- tkt->length = (int) ptr[2];
- ptr += 3;
- bcopy(ptr,(char *)(tkt->dat),tkt->length);
- ptr += tkt->length;
-
- if (strcmp(s_name, service) || strcmp(s_instance, sinstance) ||
- strcmp(rlm, realm)) /* not what we asked for */
- return(INTK_ERR); /* we need a better code here XXX */
-
- /* check KDC time stamp */
- bcopy(ptr,(char *)&kdc_time,4); /* Time (coarse) */
- if (swap_bytes) swap_u_long(kdc_time);
-
- ptr += 4;
-
- (void) gettimeofday(&tt_local,(struct timezone *) 0);
- if (abs((int)(tt_local.tv_sec - kdc_time)) > CLOCK_SKEW) {
- return(RD_AP_TIME); /* XXX should probably be better
- code */
- }
-
- if ((kerror = save_credentials(s_name,s_instance,rlm,ses,lifetime,
- kvno,tkt,tt_local.tv_sec)))
- return(kerror);
-
- return(AD_OK);
-}
diff --git a/eBones/lib/libkrb/get_admhst.c b/eBones/lib/libkrb/get_admhst.c
deleted file mode 100644
index 2f84f3c..0000000
--- a/eBones/lib/libkrb/get_admhst.c
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: get_admhst.c,v 4.0 89/01/23 10:08:55 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char *rcsid =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <stdio.h>
-#include <krb.h>
-#include <string.h>
-
-/*
- * Given a Kerberos realm, find a host on which the Kerberos database
- * administration server can be found.
- *
- * krb_get_admhst takes a pointer to be filled in, a pointer to the name
- * of the realm for which a server is desired, and an integer n, and
- * returns (in h) the nth administrative host entry from the configuration
- * file (KRB_CONF, defined in "krb.h") associated with the specified realm.
- *
- * On error, get_admhst returns KFAILURE. If all goes well, the routine
- * returns KSUCCESS.
- *
- * For the format of the KRB_CONF file, see comments describing the routine
- * krb_get_krbhst().
- *
- * This is a temporary hack to allow us to find the nearest system running
- * a Kerberos admin server. In the long run, this functionality will be
- * provided by a nameserver.
- */
-
-int
-krb_get_admhst(h, r, n)
- char *h;
- char *r;
- int n;
-{
- FILE *cnffile;
- char tr[REALM_SZ];
- char linebuf[BUFSIZ];
- char scratch[64];
- register int i;
-
- if ((cnffile = fopen(KRB_CONF,"r")) == NULL) {
- return(KFAILURE);
- }
- if (fgets(linebuf, BUFSIZ, cnffile) == NULL) {
- /* error reading */
- (void) fclose(cnffile);
- return(KFAILURE);
- }
- if (!index(linebuf, '\n')) {
- /* didn't all fit into buffer, punt */
- (void) fclose(cnffile);
- return(KFAILURE);
- }
- for (i = 0; i < n; ) {
- /* run through the file, looking for admin host */
- if (fgets(linebuf, BUFSIZ, cnffile) == NULL) {
- (void) fclose(cnffile);
- return(KFAILURE);
- }
- /* need to scan for a token after 'admin' to make sure that
- admin matched correctly */
- if (sscanf(linebuf, "%s %s admin %s", tr, h, scratch) != 3)
- continue;
- if (!strcmp(tr,r))
- i++;
- }
- (void) fclose(cnffile);
- return(KSUCCESS);
-}
diff --git a/eBones/lib/libkrb/get_cred.c b/eBones/lib/libkrb/get_cred.c
deleted file mode 100644
index ef0bf74..0000000
--- a/eBones/lib/libkrb/get_cred.c
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: get_cred.c,v 4.10 89/05/31 17:46:22 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char *rcsid =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <stdio.h>
-#include <krb.h>
-
-/*
- * krb_get_cred takes a service name, instance, and realm, and a
- * structure of type CREDENTIALS to be filled in with ticket
- * information. It then searches the ticket file for the appropriate
- * ticket and fills in the structure with the corresponding
- * information from the file. If successful, it returns KSUCCESS.
- * On failure it returns a Kerberos error code.
- */
-
-int
-krb_get_cred(service,instance,realm,c)
- char *service; /* Service name */
- char *instance; /* Instance */
- char *realm; /* Auth domain */
- CREDENTIALS *c; /* Credentials struct */
-{
- int tf_status; /* return value of tf function calls */
-
- /* Open ticket file and lock it for shared reading */
- if ((tf_status = tf_init(TKT_FILE, R_TKT_FIL)) != KSUCCESS)
- return(tf_status);
-
- /* Copy principal's name and instance into the CREDENTIALS struc c */
-
- if ( (tf_status = tf_get_pname(c->pname)) != KSUCCESS ||
- (tf_status = tf_get_pinst(c->pinst)) != KSUCCESS )
- return (tf_status);
-
- /* Search for requested service credentials and copy into c */
-
- while ((tf_status = tf_get_cred(c)) == KSUCCESS) {
- /* Is this the right ticket? */
- if ((strcmp(c->service,service) == 0) &&
- (strcmp(c->instance,instance) == 0) &&
- (strcmp(c->realm,realm) == 0))
- break;
- }
- (void) tf_close();
-
- if (tf_status == EOF)
- return (GC_NOTKT);
- return(tf_status);
-}
diff --git a/eBones/lib/libkrb/get_in_tkt.c b/eBones/lib/libkrb/get_in_tkt.c
deleted file mode 100644
index 9cc5779..0000000
--- a/eBones/lib/libkrb/get_in_tkt.c
+++ /dev/null
@@ -1,286 +0,0 @@
-/*
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: get_in_tkt.c,v 4.12 89/07/18 16:32:56 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <krb.h>
-#include <prot.h>
-
-#ifndef NULL
-#define NULL 0
-#endif
-
-/*
- * This file contains two routines: passwd_to_key() converts
- * a password into a DES key (prompting for the password if
- * not supplied), and krb_get_pw_in_tkt() gets an initial ticket for
- * a user.
- */
-
-/*
- * passwd_to_key(): given a password, return a DES key.
- * There are extra arguments here which (used to be?)
- * used by srvtab_to_key().
- *
- * If the "passwd" argument is not null, generate a DES
- * key from it, using string_to_key().
- *
- * If the "passwd" argument is null, call des_read_password()
- * to prompt for a password and then convert it into a DES key.
- *
- * In either case, the resulting key is put in the "key" argument,
- * and 0 is returned.
- */
-
-/*ARGSUSED */
-static int passwd_to_key(user,instance,realm,passwd,key)
- char *user, *instance, *realm, *passwd;
- C_Block *key;
-{
-#ifdef NOENCRYPTION
- if (!passwd)
- placebo_read_password(key, "Password: ", 0);
-#else
- if (passwd)
- string_to_key(passwd,key);
- else
- des_read_password(key,"Password: ",0);
-#endif
- return (0);
-}
-
-/*
- * krb_get_pw_in_tkt() takes the name of the server for which the initial
- * ticket is to be obtained, the name of the principal the ticket is
- * for, the desired lifetime of the ticket, and the user's password.
- * It passes its arguments on to krb_get_in_tkt(), which contacts
- * Kerberos to get the ticket, decrypts it using the password provided,
- * and stores it away for future use.
- *
- * krb_get_pw_in_tkt() passes two additional arguments to krb_get_in_tkt():
- * the name of a routine (passwd_to_key()) to be used to get the
- * password in case the "password" argument is null and NULL for the
- * decryption procedure indicating that krb_get_in_tkt should use the
- * default method of decrypting the response from the KDC.
- *
- * The result of the call to krb_get_in_tkt() is returned.
- */
-
-int
-krb_get_pw_in_tkt(user,instance,realm,service,sinstance,life,password)
- char *user, *instance, *realm, *service, *sinstance;
- int life;
- char *password;
-{
- return(krb_get_in_tkt(user,instance,realm,service,sinstance,life,
- passwd_to_key, NULL, password));
-}
-
-#ifdef NOENCRYPTION
-/*
- * $Source: /home/ncvs/src/eBones/lib/libkrb/get_in_tkt.c,v $
- * $Author: jkh $
- *
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- * This routine prints the supplied string to standard
- * output as a prompt, and reads a password string without
- * echoing.
- */
-
-#include <des.h>
-#include "conf.h"
-
-#include <stdio.h>
-#ifdef BSDUNIX
-#include <strings.h>
-#include <sys/ioctl.h>
-#include <signal.h>
-#include <setjmp.h>
-#else
-/* char *strcpy();
-int strcmp(); */
-#endif
-
-#ifdef BSDUNIX
-static jmp_buf env;
-#endif
-
-#ifdef BSDUNIX
-static void sig_restore();
-static push_signals(), pop_signals();
-int placebo_read_pw_string();
-#endif
-
-/*** Routines ****************************************************** */
-int
-placebo_read_password(k,prompt,verify)
- des_cblock *k;
- char *prompt;
- int verify;
-{
- int ok;
- char key_string[BUFSIZ];
-
-#ifdef BSDUNIX
- if (setjmp(env)) {
- ok = -1;
- goto lose;
- }
-#endif
-
- ok = placebo_read_pw_string(key_string, BUFSIZ, prompt, verify);
- if (ok == 0)
- bzero(k, sizeof(C_Block));
-
-lose:
- bzero(key_string, sizeof (key_string));
- return ok;
-}
-
-/*
- * This version just returns the string, doesn't map to key.
- *
- * Returns 0 on success, non-zero on failure.
- */
-
-int
-placebo_read_pw_string(s,max,prompt,verify)
- char *s;
- int max;
- char *prompt;
- int verify;
-{
- int ok = 0;
- char *ptr;
-
-#ifdef BSDUNIX
- jmp_buf old_env;
- struct sgttyb tty_state;
-#endif
- char key_string[BUFSIZ];
-
- if (max > BUFSIZ) {
- return -1;
- }
-
-#ifdef BSDUNIX
- bcopy(old_env, env, sizeof(env));
- if (setjmp(env))
- goto lose;
-
- /* save terminal state*/
- if (ioctl(0,TIOCGETP,&tty_state) == -1)
- return -1;
-
- push_signals();
- /* Turn off echo */
- tty_state.sg_flags &= ~ECHO;
- if (ioctl(0,TIOCSETP,&tty_state) == -1)
- return -1;
-#endif
- while (!ok) {
- printf(prompt);
- fflush(stdout);
-#ifdef CROSSMSDOS
- h19line(s,sizeof(s),0);
- if (!strlen(s))
- continue;
-#else
- if (!fgets(s, max, stdin)) {
- clearerr(stdin);
- continue;
- }
- if ((ptr = index(s, '\n')))
- *ptr = '\0';
-#endif
- if (verify) {
- printf("\nVerifying, please re-enter %s",prompt);
- fflush(stdout);
-#ifdef CROSSMSDOS
- h19line(key_string,sizeof(key_string),0);
- if (!strlen(key_string))
- continue;
-#else
- if (!fgets(key_string, sizeof(key_string), stdin)) {
- clearerr(stdin);
- continue;
- }
- if ((ptr = index(key_string, '\n')))
- *ptr = '\0';
-#endif
- if (strcmp(s,key_string)) {
- printf("\n\07\07Mismatch - try again\n");
- fflush(stdout);
- continue;
- }
- }
- ok = 1;
- }
-
-#ifdef BSDUNIX
-lose:
- if (!ok)
- bzero(s, max);
- printf("\n");
- /* turn echo back on */
- tty_state.sg_flags |= ECHO;
- if (ioctl(0,TIOCSETP,&tty_state))
- ok = 0;
- pop_signals();
- bcopy(env, old_env, sizeof(env));
-#endif
- if (verify)
- bzero(key_string, sizeof (key_string));
- s[max-1] = 0; /* force termination */
- return !ok; /* return nonzero if not okay */
-}
-
-#ifdef BSDUNIX
-/*
- * this can be static since we should never have more than
- * one set saved....
- */
-#ifdef POSIX
-static void (*old_sigfunc[NSIG])();
-#else
-static int (*old_sigfunc[NSIG])();
-#endif POSIX
-
-static push_signals()
-{
- register i;
- for (i = 0; i < NSIG; i++)
- old_sigfunc[i] = signal(i,sig_restore);
-}
-
-static pop_signals()
-{
- register i;
- for (i = 0; i < NSIG; i++)
- signal(i,old_sigfunc[i]);
-}
-
-static void sig_restore(sig,code,scp)
- int sig,code;
- struct sigcontext *scp;
-{
- longjmp(env,1);
-}
-#endif
-#endif /* NOENCRYPTION */
diff --git a/eBones/lib/libkrb/get_krbhst.c b/eBones/lib/libkrb/get_krbhst.c
deleted file mode 100644
index 30ecdbf..0000000
--- a/eBones/lib/libkrb/get_krbhst.c
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: get_krbhst.c,v 4.8 89/01/22 20:00:29 rfrench Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char *rcsid =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <stdio.h>
-#include <krb.h>
-#include <strings.h>
-
-/*
- * Given a Kerberos realm, find a host on which the Kerberos authenti-
- * cation server can be found.
- *
- * krb_get_krbhst takes a pointer to be filled in, a pointer to the name
- * of the realm for which a server is desired, and an integer, n, and
- * returns (in h) the nth entry from the configuration file (KRB_CONF,
- * defined in "krb.h") associated with the specified realm.
- *
- * On end-of-file, krb_get_krbhst returns KFAILURE. If n=1 and the
- * configuration file does not exist, krb_get_krbhst will return KRB_HOST
- * (also defined in "krb.h"). If all goes well, the routine returnes
- * KSUCCESS.
- *
- * The KRB_CONF file contains the name of the local realm in the first
- * line (not used by this routine), followed by lines indicating realm/host
- * entries. The words "admin server" following the hostname indicate that
- * the host provides an administrative database server.
- *
- * For example:
- *
- * ATHENA.MIT.EDU
- * ATHENA.MIT.EDU kerberos-1.mit.edu admin server
- * ATHENA.MIT.EDU kerberos-2.mit.edu
- * LCS.MIT.EDU kerberos.lcs.mit.edu admin server
- *
- * This is a temporary hack to allow us to find the nearest system running
- * kerberos. In the long run, this functionality will be provided by a
- * nameserver.
- */
-
-int
-krb_get_krbhst(h,r,n)
- char *h;
- char *r;
- int n;
-{
- FILE *cnffile;
- char tr[REALM_SZ];
- char linebuf[BUFSIZ];
- register int i;
-
- if ((cnffile = fopen(KRB_CONF,"r")) == NULL) {
- if (n==1) {
- (void) strcpy(h,KRB_HOST);
- return(KSUCCESS);
- }
- else
- return(KFAILURE);
- }
- if (fscanf(cnffile,"%s",tr) == EOF)
- return(KFAILURE);
- /* run through the file, looking for the nth server for this realm */
- for (i = 1; i <= n;) {
- if (fgets(linebuf, BUFSIZ, cnffile) == NULL) {
- (void) fclose(cnffile);
- return(KFAILURE);
- }
- if (sscanf(linebuf, "%s %s", tr, h) != 2)
- continue;
- if (!strcmp(tr,r))
- i++;
- }
- (void) fclose(cnffile);
- return(KSUCCESS);
-}
diff --git a/eBones/lib/libkrb/get_krbrlm.c b/eBones/lib/libkrb/get_krbrlm.c
deleted file mode 100644
index dceb49a..0000000
--- a/eBones/lib/libkrb/get_krbrlm.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: get_krbrlm.c,v 4.8 89/01/22 20:02:54 rfrench Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char *rcsid =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <stdio.h>
-#include <krb.h>
-#include <strings.h>
-
-/*
- * krb_get_lrealm takes a pointer to a string, and a number, n. It fills
- * in the string, r, with the name of the nth realm specified on the
- * first line of the kerberos config file (KRB_CONF, defined in "krb.h").
- * It returns 0 (KSUCCESS) on success, and KFAILURE on failure. If the
- * config file does not exist, and if n=1, a successful return will occur
- * with r = KRB_REALM (also defined in "krb.h").
- *
- * NOTE: for archaic & compatibility reasons, this routine will only return
- * valid results when n = 1.
- *
- * For the format of the KRB_CONF file, see comments describing the routine
- * krb_get_krbhst().
- */
-
-int
-krb_get_lrealm(r,n)
- char *r;
- int n;
-{
- FILE *cnffile, *fopen();
-
- if (n > 1)
- return(KFAILURE); /* Temporary restriction */
-
- if ((cnffile = fopen(KRB_CONF, "r")) == NULL) {
- if (n == 1) {
- (void) strcpy(r, KRB_REALM);
- return(KSUCCESS);
- }
- else
- return(KFAILURE);
- }
-
- if (fscanf(cnffile,"%s",r) != 1) {
- (void) fclose(cnffile);
- return(KFAILURE);
- }
- (void) fclose(cnffile);
- return(KSUCCESS);
-}
diff --git a/eBones/lib/libkrb/get_phost.c b/eBones/lib/libkrb/get_phost.c
deleted file mode 100644
index 8d3ee48..0000000
--- a/eBones/lib/libkrb/get_phost.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright 1988 by the Massachusetts Institute of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: get_phost.c,v 4.6 89/01/23 09:25:40 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <stdio.h>
-#include <ctype.h>
-#include <netdb.h>
-
-char *index();
-
-/*
- * This routine takes an alias for a host name and returns the first
- * field, lower case, of its domain name. For example, if "menel" is
- * an alias for host officially named "menelaus" (in /etc/hosts), for
- * the host whose official name is "MENELAUS.MIT.EDU", the name "menelaus"
- * is returned.
- *
- * This is done for historical Athena reasons: the Kerberos name of
- * rcmd servers (rlogin, rsh, rcp) is of the form "rcmd.host@realm"
- * where "host"is the lowercase for of the host name ("menelaus").
- * This should go away: the instance should be the domain name
- * (MENELAUS.MIT.EDU). But for now we need this routine...
- *
- * A pointer to the name is returned, if found, otherwise a pointer
- * to the original "alias" argument is returned.
- */
-
-char * krb_get_phost(alias)
- char *alias;
-{
- struct hostent *h;
- char *phost = alias;
- if ((h=gethostbyname(alias)) != (struct hostent *)NULL ) {
- char *p = index( h->h_name, '.' );
- if (p)
- *p = NULL;
- p = phost = h->h_name;
- do {
- if (isupper(*p)) *p=tolower(*p);
- } while (*p++);
- }
- return(phost);
-}
diff --git a/eBones/lib/libkrb/get_pw_tkt.c b/eBones/lib/libkrb/get_pw_tkt.c
deleted file mode 100644
index 66661d1..0000000
--- a/eBones/lib/libkrb/get_pw_tkt.c
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: get_pw_tkt.c,v 4.6 89/01/13 18:19:11 steiner Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char *rcsid =
-"$Id$";
-#endif /* lint */
-#endif
-
-
-#include <krb.h>
-
-/*
- * Get a ticket for the password-changing server ("changepw.KRB_MASTER").
- *
- * Given the name, instance, realm, and current password of the
- * principal for which the user wants a password-changing-ticket,
- * return either:
- *
- * GT_PW_BADPW if current password was wrong,
- * GT_PW_NULL if principal had a NULL password,
- * or the result of the krb_get_pw_in_tkt() call.
- *
- * First, try to get a ticket for "user.instance@realm" to use the
- * "changepw.KRB_MASTER" server (KRB_MASTER is defined in "krb.h").
- * The requested lifetime for the ticket is "1", and the current
- * password is the "cpw" argument given.
- *
- * If the password was bad, give up.
- *
- * If the principal had a NULL password in the Kerberos database
- * (indicating that the principal is known to Kerberos, but hasn't
- * got a password yet), try instead to get a ticket for the principal
- * "default.changepw@realm" to use the "changepw.KRB_MASTER" server.
- * Use the password "changepwkrb" instead of "cpw". Return GT_PW_NULL
- * if all goes well, otherwise the error.
- *
- * If this routine succeeds, a ticket and session key for either the
- * principal "user.instance@realm" or "default.changepw@realm" to use
- * the password-changing server will be in the user's ticket file.
- */
-
-int
-get_pw_tkt(user,instance,realm,cpw)
- char *user;
- char *instance;
- char *realm;
- char *cpw;
-{
- int kerror;
-
- kerror = krb_get_pw_in_tkt(user, instance, realm, "changepw",
- KRB_MASTER, 1, cpw);
-
- if (kerror == INTK_BADPW)
- return(GT_PW_BADPW);
-
- if (kerror == KDC_NULL_KEY) {
- kerror = krb_get_pw_in_tkt("default","changepw",realm,"changepw",
- KRB_MASTER,1,"changepwkrb");
- if (kerror)
- return(kerror);
- return(GT_PW_NULL);
- }
-
- return(kerror);
-}
diff --git a/eBones/lib/libkrb/get_request.c b/eBones/lib/libkrb/get_request.c
deleted file mode 100644
index c9d32b2..0000000
--- a/eBones/lib/libkrb/get_request.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: get_request.c,v 4.7 88/12/01 14:00:11 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char *rcsid =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <krb.h>
-#include <prot.h>
-
-/*
- * This procedure is obsolete. It is used in the kerberos_slave
- * code for Version 3 tickets.
- *
- * This procedure sets s_name, and instance to point to
- * the corresponding fields from tne nth request in the packet.
- * it returns the lifetime requested. Garbage will be returned
- * if there are less than n requests in the packet.
- */
-
-int
-get_request(pkt, n, s_name, instance)
- KTEXT pkt; /* The packet itself */
- int n; /* Which request do we want */
- char **s_name; /* Service name to be filled in */
- char **instance; /* Instance name to be filled in */
-{
- /* Go to the beginning of the request list */
- char *ptr = (char *) pkt_a_realm(pkt) + 6 +
- strlen((char *)pkt_a_realm(pkt));
-
- /* Read requests until we hit the right one */
- while (n-- > 1) {
- ptr++;
- ptr += 1 + strlen(ptr);
- ptr += 1 + strlen(ptr);
- }
-
- /* Set the arguments to point to the right place */
- *s_name = 1 + ptr;
- *instance = 2 + ptr + strlen(*s_name);
-
- /* Return the requested lifetime */
- return((int) *ptr);
-}
diff --git a/eBones/lib/libkrb/get_svc_in_tkt.c b/eBones/lib/libkrb/get_svc_in_tkt.c
deleted file mode 100644
index fdc50ca..0000000
--- a/eBones/lib/libkrb/get_svc_in_tkt.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: get_svc_in_tkt.c,v 4.9 89/07/18 16:33:34 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <krb.h>
-#include <prot.h>
-
-#ifndef NULL
-#define NULL 0
-#endif
-
-/*
- * This file contains two routines: srvtab_to_key(), which gets
- * a server's key from a srvtab file, and krb_get_svc_in_tkt() which
- * gets an initial ticket for a server.
- */
-
-/*
- * srvtab_to_key(): given a "srvtab" file (where the keys for the
- * service on a host are stored), return the private key of the
- * given service (user.instance@realm).
- *
- * srvtab_to_key() passes its arguments on to read_service_key(),
- * plus one additional argument, the key version number.
- * (Currently, the key version number is always 0; this value
- * is treated as a wildcard by read_service_key().)
- *
- * If the "srvtab" argument is null, KEYFILE (defined in "krb.h")
- * is passed in its place.
- *
- * It returns the return value of the read_service_key() call.
- * The service key is placed in "key".
- */
-
-static int
-srvtab_to_key(user, instance, realm, srvtab, key)
- char *user, *instance, *realm, *srvtab;
- C_Block key;
-{
- if (!srvtab)
- srvtab = KEYFILE;
-
- return(read_service_key(user, instance, realm, 0, srvtab,
- (char *)key));
-}
-
-/*
- * krb_get_svc_in_tkt() passes its arguments on to krb_get_in_tkt(),
- * plus two additional arguments: a pointer to the srvtab_to_key()
- * function to be used to get the key from the key file and a NULL
- * for the decryption procedure indicating that krb_get_in_tkt should
- * use the default method of decrypting the response from the KDC.
- *
- * It returns the return value of the krb_get_in_tkt() call.
- */
-
-int
-krb_get_svc_in_tkt(user, instance, realm, service, sinstance, life, srvtab)
- char *user, *instance, *realm, *service, *sinstance;
- int life;
- char *srvtab;
-{
- return(krb_get_in_tkt(user, instance, realm, service, sinstance,
- life, srvtab_to_key, NULL, srvtab));
-}
diff --git a/eBones/lib/libkrb/get_tf_fullname.c b/eBones/lib/libkrb/get_tf_fullname.c
deleted file mode 100644
index 6db4ae2..0000000
--- a/eBones/lib/libkrb/get_tf_fullname.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: get_tf_fullname.c,v 4.3 90/03/10 22:40:20 jon Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <krb.h>
-#include <strings.h>
-#include <stdio.h>
-
-/*
- * This file contains a routine to extract the fullname of a user
- * from the ticket file.
- */
-
-/*
- * krb_get_tf_fullname() takes four arguments: the name of the
- * ticket file, and variables for name, instance, and realm to be
- * returned in. Since the realm of a ticket file is not really fully
- * supported, the realm used will be that of the the first ticket in
- * the file as this is the one that was obtained with a password by
- * krb_get_in_tkt().
- */
-
-int
-krb_get_tf_fullname(ticket_file, name, instance, realm)
- char *ticket_file;
- char *name;
- char *instance;
- char *realm;
-{
- int tf_status;
- CREDENTIALS c;
-
- if ((tf_status = tf_init(ticket_file, R_TKT_FIL)) != KSUCCESS)
- return(tf_status);
-
- if (((tf_status = tf_get_pname(c.pname)) != KSUCCESS) ||
- ((tf_status = tf_get_pinst(c.pinst)) != KSUCCESS))
- return (tf_status);
-
- if (name)
- strcpy(name, c.pname);
- if (instance)
- strcpy(instance, c.pinst);
- if ((tf_status = tf_get_cred(&c)) == KSUCCESS) {
- if (realm)
- strcpy(realm, c.realm);
- }
- else {
- if (tf_status == EOF)
- return(KFAILURE);
- else
- return(tf_status);
- }
- (void) tf_close();
-
- return(tf_status);
-}
diff --git a/eBones/lib/libkrb/get_tf_realm.c b/eBones/lib/libkrb/get_tf_realm.c
deleted file mode 100644
index 35c0607..0000000
--- a/eBones/lib/libkrb/get_tf_realm.c
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: get_tf_realm.c,v 4.2 90/01/02 13:40:19 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <krb.h>
-#include <strings.h>
-
-/*
- * This file contains a routine to extract the realm of a kerberos
- * ticket file.
- */
-
-/*
- * krb_get_tf_realm() takes two arguments: the name of a ticket
- * and a variable to store the name of the realm in.
- *
- */
-
-int
-krb_get_tf_realm(ticket_file, realm)
- char *ticket_file;
- char *realm;
-{
- return(krb_get_tf_fullname(ticket_file, 0, 0, realm));
-}
diff --git a/eBones/lib/libkrb/getrealm.c b/eBones/lib/libkrb/getrealm.c
deleted file mode 100644
index 945ddfd..0000000
--- a/eBones/lib/libkrb/getrealm.c
+++ /dev/null
@@ -1,106 +0,0 @@
-/*
- * Copyright 1988 by the Massachusetts Institute of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * routine to convert hostname into realm name.
- *
- * from: getrealm.c,v 4.6 90/01/02 13:35:56 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif lint
-#endif
-
-#include <strings.h>
-#include <stdio.h>
-#include <ctype.h>
-#include <krb.h>
-#include <sys/param.h>
-
-/* for Ultrix and friends ... */
-#ifndef MAXHOSTNAMELEN
-#define MAXHOSTNAMELEN 64
-#endif
-
-/*
- * krb_realmofhost.
- * Given a fully-qualified domain-style primary host name,
- * return the name of the Kerberos realm for the host.
- * If the hostname contains no discernable domain, or an error occurs,
- * return the local realm name, as supplied by get_krbrlm().
- * If the hostname contains a domain, but no translation is found,
- * the hostname's domain is converted to upper-case and returned.
- *
- * The format of each line of the translation file is:
- * domain_name kerberos_realm
- * -or-
- * host_name kerberos_realm
- *
- * domain_name should be of the form .XXX.YYY (e.g. .LCS.MIT.EDU)
- * host names should be in the usual form (e.g. FOO.BAR.BAZ)
- */
-
-static char ret_realm[REALM_SZ+1];
-
-char *
-krb_realmofhost(host)
-char *host;
-{
- char *domain;
- FILE *trans_file;
- char trans_host[MAXHOSTNAMELEN+1];
- char trans_realm[REALM_SZ+1];
- int retval;
-
- domain = index(host, '.');
-
- /* prepare default */
- if (domain) {
- char *cp;
-
- strncpy(ret_realm, &domain[1], REALM_SZ);
- ret_realm[REALM_SZ] = '\0';
- /* Upper-case realm */
- for (cp = ret_realm; *cp; cp++)
- if (islower(*cp))
- *cp = toupper(*cp);
- } else {
- krb_get_lrealm(ret_realm, 1);
- }
-
- if ((trans_file = fopen(KRB_RLM_TRANS, "r")) == (FILE *) 0) {
- /* krb_errno = KRB_NO_TRANS */
- return(ret_realm);
- }
- while (1) {
- if ((retval = fscanf(trans_file, "%s %s",
- trans_host, trans_realm)) != 2) {
- if (retval == EOF) {
- fclose(trans_file);
- return(ret_realm);
- }
- continue; /* ignore broken lines */
- }
- trans_host[MAXHOSTNAMELEN] = '\0';
- trans_realm[REALM_SZ] = '\0';
- if (!strcasecmp(trans_host, host)) {
- /* exact match of hostname, so return the realm */
- (void) strcpy(ret_realm, trans_realm);
- fclose(trans_file);
- return(ret_realm);
- }
- if ((trans_host[0] == '.') && domain) {
- /* this is a domain match */
- if (!strcasecmp(trans_host, domain)) {
- /* domain match, save for later */
- (void) strcpy(ret_realm, trans_realm);
- continue;
- }
- }
- }
-}
diff --git a/eBones/lib/libkrb/getst.c b/eBones/lib/libkrb/getst.c
deleted file mode 100644
index e046257..0000000
--- a/eBones/lib/libkrb/getst.c
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * form: getst.c,v 4.5 88/11/15 16:31:39 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <unistd.h>
-
-/*
- * getst() takes a file descriptor, a string and a count. It reads
- * from the file until either it has read "count" characters, or until
- * it reads a null byte. When finished, what has been read exists in
- * the given string "s". If "count" characters were actually read, the
- * last is changed to a null, so the returned string is always null-
- * terminated. getst() returns the number of characters read, including
- * the null terminator.
- */
-
-int
-getst(fd, s, n)
- int fd;
- register char *s;
- int n;
-{
- register count = n;
- while (read(fd, s, 1) > 0 && --count)
- if (*s++ == '\0')
- return (n - count);
- *s = '\0';
- return (n - count);
-}
diff --git a/eBones/lib/libkrb/in_tkt.c b/eBones/lib/libkrb/in_tkt.c
deleted file mode 100644
index faa9703..0000000
--- a/eBones/lib/libkrb/in_tkt.c
+++ /dev/null
@@ -1,146 +0,0 @@
-/*
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: kt.c,v 4.9 89/10/25 19:03:35 qjb Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <unistd.h>
-#include <string.h>
-#include <stdio.h>
-#include <krb.h>
-#include <sys/file.h>
-#include <sys/fcntl.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#ifdef TKT_SHMEM
-#include <sys/param.h>
-#endif
-
-extern int krb_debug;
-
-/*
- * in_tkt() is used to initialize the ticket store. It creates the
- * file to contain the tickets and writes the given user's name "pname"
- * and instance "pinst" in the file. in_tkt() returns KSUCCESS on
- * success, or KFAILURE if something goes wrong.
- */
-
-int
-in_tkt(pname,pinst)
- char *pname;
- char *pinst;
-{
- int tktfile;
- uid_t me, metoo;
- struct stat buf;
- int count;
- char *file = TKT_FILE;
- int fd;
- register int i;
- char charbuf[BUFSIZ];
-#ifdef TKT_SHMEM
- char shmidname[MAXPATHLEN];
-#endif /* TKT_SHMEM */
-
- me = getuid ();
- metoo = geteuid();
- if (lstat(file,&buf) == 0) {
- if (buf.st_uid != me && me == 0) {
- unlink(file);
- } else {
- if (buf.st_uid != me || !(buf.st_mode & S_IFREG) ||
- buf.st_mode & 077) {
- if (krb_debug)
- fprintf(stderr,"Error initializing %s",file);
- return(KFAILURE);
- }
- /* file already exists, and permissions appear ok, so nuke it */
- if ((fd = open(file, O_RDWR, 0)) < 0)
- goto out; /* can't zero it, but we can still try truncating it */
-
- bzero(charbuf, sizeof(charbuf));
-
- for (i = 0; i < buf.st_size; i += sizeof(charbuf))
- if (write(fd, charbuf, sizeof(charbuf)) != sizeof(charbuf)) {
- (void) fsync(fd);
- (void) close(fd);
- goto out;
- }
-
- (void) fsync(fd);
- (void) close(fd);
- }
- }
- out:
- /* arrange so the file is owned by the ruid
- (swap real & effective uid if necessary).
- This isn't a security problem, since the ticket file, if it already
- exists, has the right uid (== ruid) and mode. */
- if (me != metoo) {
- if (setreuid(metoo, me) < 0) {
- /* can't switch??? barf! */
- if (krb_debug)
- perror("in_tkt: setreuid");
- return(KFAILURE);
- } else
- if (krb_debug)
- printf("swapped UID's %d and %d\n",metoo,me);
- }
- if ((tktfile = open(file,O_CREAT | O_TRUNC | O_WRONLY,0600)) < 0) {
- if (krb_debug)
- fprintf(stderr,"Error initializing %s",TKT_FILE);
- return(KFAILURE);
- }
- if (me != metoo) {
- if (setreuid(me, metoo) < 0) {
- /* can't switch??? barf! */
- if (krb_debug)
- perror("in_tkt: setreuid2");
- return(KFAILURE);
- } else
- if (krb_debug)
- printf("swapped UID's %d and %d\n",me,metoo);
- }
- if (lstat(file,&buf) < 0) {
- if (krb_debug)
- fprintf(stderr,"Error initializing %s",TKT_FILE);
- return(KFAILURE);
- }
-
- if (buf.st_uid != me || !(buf.st_mode & S_IFREG) ||
- buf.st_mode & 077) {
- if (krb_debug)
- fprintf(stderr,"Error initializing %s",TKT_FILE);
- return(KFAILURE);
- }
-
- count = strlen(pname)+1;
- if (write(tktfile,pname,count) != count) {
- (void) close(tktfile);
- return(KFAILURE);
- }
- count = strlen(pinst)+1;
- if (write(tktfile,pinst,count) != count) {
- (void) close(tktfile);
- return(KFAILURE);
- }
- (void) close(tktfile);
-#ifdef TKT_SHMEM
- (void) strcpy(shmidname, file);
- (void) strcat(shmidname, ".shm");
- return(krb_shm_create(shmidname));
-#else /* !TKT_SHMEM */
- return(KSUCCESS);
-#endif /* TKT_SHMEM */
-}
diff --git a/eBones/lib/libkrb/k_gethostname.c b/eBones/lib/libkrb/k_gethostname.c
deleted file mode 100644
index f1df2cf..0000000
--- a/eBones/lib/libkrb/k_gethostname.c
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: k_gethostname.c,v 4.1 88/12/01 14:04:42 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <unistd.h>
-
-#ifndef PC
-#ifndef BSD42
-/* teach me how to k_gethostname for your system here */
-#endif
-#endif
-
-#ifdef PC
-#include <stdio.h>
-typedef long in_name;
-#include "custom.h" /* where is this file? */
-extern get_custom();
-#define LEN 64 /* just a guess */
-#endif /* PC */
-
-/*
- * Return the local host's name in "name", up to "namelen" characters.
- * "name" will be null-terminated if "namelen" is big enough.
- * The return code is 0 on success, -1 on failure. (The calling
- * interface is identical to gethostname(2).)
- *
- * Currently defined for BSD 4.2 and PC. The BSD version just calls
- * gethostname(); the PC code was taken from "kinit.c", and may or may
- * not work.
- */
-
-int
-k_gethostname(name, namelen)
- char *name;
- int namelen;
-{
-#ifdef BSD42
- return gethostname(name, namelen);
-#endif
-
-#ifdef PC
- char buf[LEN];
- char b1, b2, b3, b4;
- register char *ptr;
-
- get_custom(); /* should check for errors,
- * return -1 on failure */
- ptr = (char *) &(custom.c_me);
- b1 = *ptr++;
- b2 = *ptr++;
- b3 = *ptr++;
- b4 = *ptr;
- (void) sprintf(buf,"PC address %d.%d.%d.%d",b1,b2,b3,b4);
- if (strlen(buf) > namelen)
- fprintf(stderr, "gethostname: namelen too small; truncating");
- strnpcy(name, buf, namelen);
- return 0;
-#endif
-}
diff --git a/eBones/lib/libkrb/klog.c b/eBones/lib/libkrb/klog.c
deleted file mode 100644
index 3f9f3e0..0000000
--- a/eBones/lib/libkrb/klog.c
+++ /dev/null
@@ -1,110 +0,0 @@
-/*
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: klog.c,v 4.6 88/12/01 14:06:05 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char *rcsid =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <sys/time.h>
-#include <stdio.h>
-
-#include <krb.h>
-#include <klog.h>
-
-static char *log_name = KRBLOG;
-static int is_open;
-static char logtxt[1000];
-
-/*
- * This file contains two logging routines: kset_logfile()
- * to determine the file to which log entries should be written;
- * and klog() to write log entries to the file.
- */
-
-/*
- * klog() is used to add entries to the logfile (see kset_logfile()
- * below). Note that it is probably not portable since it makes
- * assumptions about what the compiler will do when it is called
- * with less than the correct number of arguments which is the
- * way it is usually called.
- *
- * The log entry consists of a timestamp and the given arguments
- * printed according to the given "format" string.
- *
- * The log file is opened and closed for each log entry.
- *
- * If the given log type "type" is unknown, or if the log file
- * cannot be opened, no entry is made to the log file.
- *
- * The return value is always a pointer to the formatted log
- * text string "logtxt".
- */
-
-char * klog(type,format,a1,a2,a3,a4,a5,a6,a7,a8,a9,a0)
- int type;
- char *format;
- int a1,a2,a3,a4,a5,a6,a7,a8,a9,a0;
-{
- FILE *logfile;
- long now;
- struct tm *tm;
- static int logtype_array[NLOGTYPE] = {0,0};
- static int array_initialized;
-
- if (!(array_initialized++)) {
- logtype_array[L_NET_ERR] = 1;
- logtype_array[L_KRB_PERR] = 1;
- logtype_array[L_KRB_PWARN] = 1;
- logtype_array[L_APPL_REQ] = 1;
- logtype_array[L_INI_REQ] = 1;
- logtype_array[L_DEATH_REQ] = 1;
- logtype_array[L_NTGT_INTK] = 1;
- logtype_array[L_ERR_SEXP] = 1;
- logtype_array[L_ERR_MKV] = 1;
- logtype_array[L_ERR_NKY] = 1;
- logtype_array[L_ERR_NUN] = 1;
- logtype_array[L_ERR_UNK] = 1;
- }
-
- (void) sprintf(logtxt,format,a1,a2,a3,a4,a5,a6,a7,a8,a9,a0);
-
- if (!logtype_array[type])
- return(logtxt);
-
- if ((logfile = fopen(log_name,"a")) == NULL)
- return(logtxt);
-
- (void) time(&now);
- tm = localtime(&now);
-
- fprintf(logfile,"%2d-%s-%02d %02d:%02d:%02d ",tm->tm_mday,
- month_sname(tm->tm_mon + 1),tm->tm_year,
- tm->tm_hour, tm->tm_min, tm->tm_sec);
- fprintf(logfile,"%s\n",logtxt);
- (void) fclose(logfile);
- return(logtxt);
-}
-
-/*
- * kset_logfile() changes the name of the file to which
- * messages are logged. If kset_logfile() is not called,
- * the logfile defaults to KRBLOG, defined in "krb.h".
- */
-
-void
-kset_logfile(filename)
- char *filename;
-{
- log_name = filename;
- is_open = 0;
-}
diff --git a/eBones/lib/libkrb/kname_parse.c b/eBones/lib/libkrb/kname_parse.c
deleted file mode 100644
index 3eb65ba..0000000
--- a/eBones/lib/libkrb/kname_parse.c
+++ /dev/null
@@ -1,239 +0,0 @@
-/*
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: kname_parse.c,v 4.4 88/12/01 14:07:29 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <stdio.h>
-#include <krb.h>
-#include <strings.h>
-
-/* max size of full name */
-#define FULL_SZ (ANAME_SZ + INST_SZ + REALM_SZ)
-
-#define NAME 0 /* which field are we in? */
-#define INST 1
-#define REALM 2
-
-extern char *krb_err_txt[];
-
-/*
- * This file contains four routines for handling Kerberos names.
- *
- * kname_parse() breaks a Kerberos name into its name, instance,
- * and realm components.
- *
- * k_isname(), k_isinst(), and k_isrealm() check a given string to see if
- * it's a syntactically legitimate respective part of a Kerberos name,
- * returning 1 if it is, 0 if it isn't.
- *
- * Definition of "syntactically legitimate" names is according to
- * the Project Athena Technical Plan Section E.2.1, page 7 "Specifying
- * names", version dated 21 Dec 1987.
- */
-
-/*
- * kname_parse() takes a Kerberos name "fullname" of the form:
- *
- * username[.instance][@realm]
- *
- * and returns the three components ("name", "instance", and "realm"
- * in the example above) in the given arguments "np", "ip", and "rp".
- *
- * If successful, it returns KSUCCESS. If there was an error,
- * KNAME_FMT is returned.
- */
-
-int
-kname_parse(np, ip, rp, fullname)
- char *np, *ip, *rp, *fullname;
-{
- static char buf[FULL_SZ];
- char *rnext, *wnext; /* next char to read, write */
- register char c;
- int backslash;
- int field;
-
- backslash = 0;
- rnext = buf;
- wnext = np;
- field = NAME;
-
- if (strlen(fullname) > FULL_SZ)
- return KNAME_FMT;
- (void) strcpy(buf, fullname);
-
- while ((c = *rnext++)) {
- if (backslash) {
- *wnext++ = c;
- backslash = 0;
- continue;
- }
- switch (c) {
- case '\\':
- backslash++;
- break;
- case '.':
- switch (field) {
- case NAME:
- if (wnext == np)
- return KNAME_FMT;
- *wnext = '\0';
- field = INST;
- wnext = ip;
- break;
- case INST:
- return KNAME_FMT;
- /* break; */
- case REALM:
- *wnext++ = c;
- break;
- default:
- fprintf(stderr, "unknown field value\n");
- exit(1);
- }
- break;
- case '@':
- switch (field) {
- case NAME:
- if (wnext == np)
- return KNAME_FMT;
- *ip = '\0';
- /* fall through */
- case INST:
- *wnext = '\0';
- field = REALM;
- wnext = rp;
- break;
- case REALM:
- return KNAME_FMT;
- default:
- fprintf(stderr, "unknown field value\n");
- exit(1);
- }
- break;
- default:
- *wnext++ = c;
- }
- }
- *wnext = '\0';
- if ((strlen(np) > ANAME_SZ - 1) ||
- (strlen(ip) > INST_SZ - 1) ||
- (strlen(rp) > REALM_SZ - 1))
- return KNAME_FMT;
- return KSUCCESS;
-}
-
-/*
- * k_isname() returns 1 if the given name is a syntactically legitimate
- * Kerberos name; returns 0 if it's not.
- */
-
-int
-k_isname(s)
- char *s;
-{
- register char c;
- int backslash = 0;
-
- if (!*s)
- return 0;
- if (strlen(s) > ANAME_SZ - 1)
- return 0;
- while((c = *s++)) {
- if (backslash) {
- backslash = 0;
- continue;
- }
- switch(c) {
- case '\\':
- backslash = 1;
- break;
- case '.':
- return 0;
- /* break; */
- case '@':
- return 0;
- /* break; */
- }
- }
- return 1;
-}
-
-
-/*
- * k_isinst() returns 1 if the given name is a syntactically legitimate
- * Kerberos instance; returns 0 if it's not.
- */
-
-int
-k_isinst(s)
- char *s;
-{
- register char c;
- int backslash = 0;
-
- if (strlen(s) > INST_SZ - 1)
- return 0;
- while((c = *s++)) {
- if (backslash) {
- backslash = 0;
- continue;
- }
- switch(c) {
- case '\\':
- backslash = 1;
- break;
- case '.':
- return 0;
- /* break; */
- case '@':
- return 0;
- /* break; */
- }
- }
- return 1;
-}
-
-/*
- * k_isrealm() returns 1 if the given name is a syntactically legitimate
- * Kerberos realm; returns 0 if it's not.
- */
-
-int
-k_isrealm(s)
- char *s;
-{
- register char c;
- int backslash = 0;
-
- if (!*s)
- return 0;
- if (strlen(s) > REALM_SZ - 1)
- return 0;
- while((c = *s++)) {
- if (backslash) {
- backslash = 0;
- continue;
- }
- switch(c) {
- case '\\':
- backslash = 1;
- break;
- case '@':
- return 0;
- /* break; */
- }
- }
- return 1;
-}
diff --git a/eBones/lib/libkrb/kntoln.c b/eBones/lib/libkrb/kntoln.c
deleted file mode 100644
index d397cd9..0000000
--- a/eBones/lib/libkrb/kntoln.c
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: kntoln.c,v 4.7 89/01/23 09:25:15 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char *rcsid =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <krb.h>
-#include <strings.h>
-
-/*
- * krb_kntoln converts an auth name into a local name by looking up
- * the auth name in the /etc/aname file. The format of the aname
- * file is:
- *
- * +-----+-----+-----+-----+------+----------+-------+-------+
- * | anl | inl | rll | lnl | name | instance | realm | lname |
- * +-----+-----+-----+-----+------+----------+-------+-------+
- * | 1by | 1by | 1by | 1by | name | instance | realm | lname |
- * +-----+-----+-----+-----+------+----------+-------+-------+
- *
- * If the /etc/aname file can not be opened it will set the
- * local name to the auth name. Thus, in this case it performs as
- * the identity function.
- *
- * The name instance and realm are passed to krb_kntoln through
- * the AUTH_DAT structure (ad).
- *
- * Now here's what it *really* does:
- *
- * Given a Kerberos name in an AUTH_DAT structure, check that the
- * instance is null, and that the realm is the same as the local
- * realm, and return the principal's name in "lname". Return
- * KSUCCESS if all goes well, otherwise KFAILURE.
- */
-
-int
-krb_kntoln(ad,lname)
- AUTH_DAT *ad;
- char *lname;
-{
- static char lrealm[REALM_SZ] = "";
-
- if (!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE))
- return(KFAILURE);
-
- if (strcmp(ad->pinst,""))
- return(KFAILURE);
- if (strcmp(ad->prealm,lrealm))
- return(KFAILURE);
- (void) strcpy(lname,ad->pname);
- return(KSUCCESS);
-}
diff --git a/eBones/lib/libkrb/kparse.c b/eBones/lib/libkrb/kparse.c
deleted file mode 100644
index 720bc89..0000000
--- a/eBones/lib/libkrb/kparse.c
+++ /dev/null
@@ -1,776 +0,0 @@
-/*
- * Copyright 1988 by the Massachusetts Institute of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * Purpose:
- * This module was developed to parse the "~/.klogin" files for
- * Kerberos-authenticated rlogin/rcp/rsh services. However, it is
- * general purpose and can be used to parse any such parameter file.
- *
- * The parameter file should consist of one or more entries, with each
- * entry on a separate line and consisting of zero or more
- * "keyword=value" combinations. The keyword is case insensitive, but
- * the value is not. Any string may be enclosed in quotes, and
- * c-style "\" literals are supported. A comma may be used to
- * separate the k/v combinations, and multiple commas are ignored.
- * Whitespace (blank or tab) may be used freely and is ignored.
- *
- * Full error processing is available. When PS_BAD_KEYWORD or
- * PS_SYNTAX is returned from fGetParameterSet(), the string ErrorMsg
- * contains a meaningful error message.
- *
- * Keywords and their default values are programmed by an external
- * table.
- *
- * Routines:
- * fGetParameterSet() parse one line of the parameter file
- * fGetKeywordValue() parse one "keyword=value" combo
- * fGetToken() parse one token
- *
- *
- * from: kparse.c,v 4.5 89/01/21 17:20:39 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif lint
-#endif
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <ctype.h>
-#include <kparse.h>
-
-#ifndef FALSE
-#define FALSE 0
-#define TRUE 1
-#endif
-
-#define MAXKEY 80
-#define MAXVALUE 80
-
-int fUngetChar(int ch, FILE *fp);
-int fGetChar(FILE *fp);
-int fGetLiteral(FILE *fp);
-
-int LineNbr=1; /* current line nbr in parameter file */
-char ErrorMsg[80]; /* meaningful only when KV_SYNTAX, PS_SYNTAX,
- * or PS_BAD_KEYWORD is returned by
- * fGetKeywordValue or fGetParameterSet */
-
-int
-fGetParameterSet( fp,parm,parmcount )
- FILE *fp;
- parmtable parm[];
- int parmcount;
-{
- int rc,i;
- char keyword[MAXKEY];
- char value[MAXVALUE];
-
- while (TRUE) {
- rc=fGetKeywordValue(fp,keyword,MAXKEY,value,MAXVALUE);
-
- switch (rc) {
-
- case KV_EOF:
- return(PS_EOF);
-
- case KV_EOL:
- return(PS_OKAY);
-
- case KV_SYNTAX:
- return(PS_SYNTAX);
-
- case KV_OKAY:
- /*
- * got a reasonable keyword/value pair. Search the
- * parameter table to see if we recognize the keyword; if
- * not, return an error. If we DO recognize it, make sure
- * it has not already been given. If not already given,
- * save the value.
- */
- for (i=0; i<parmcount; i++) {
- if (strcmp(strutol(keyword),parm[i].keyword)==0) {
- if (parm[i].value) {
- sprintf(ErrorMsg,"duplicate keyword \"%s\" found",
- keyword);
- return(PS_BAD_KEYWORD);
- }
- parm[i].value = strsave( value );
- break;
- }
- }
- if (i >= parmcount) {
- sprintf(ErrorMsg, "unrecognized keyword \"%s\" found",
- keyword);
- return(PS_BAD_KEYWORD);
- }
- break;
-
- default:
- sprintf(ErrorMsg,
- "panic: bad return (%d) from fGetToken()",rc);
- break;
- }
- }
-}
-
-/*
- * Routine: ParmCompare
- *
- * Purpose:
- * ParmCompare checks a specified value for a particular keyword.
- * fails if keyword not found or keyword found but the value was
- * different. Like strcmp, ParmCompare returns 0 for a match found, -1
- * otherwise
- */
-int
-ParmCompare( parm, parmcount, keyword, value )
- parmtable parm[];
- int parmcount;
- char *keyword;
- char *value;
-{
- int i;
-
- for (i=0; i<parmcount; i++) {
- if (strcmp(parm[i].keyword,keyword)==0) {
- if (parm[i].value) {
- return(strcmp(parm[i].value,value));
- } else {
- return(strcmp(parm[i].defvalue,value));
- }
- }
- }
- return(-1);
-}
-
-void
-FreeParameterSet(parm,parmcount)
- parmtable parm[];
- int parmcount;
-{
- int i;
-
- for (i=0; i<parmcount; i++) {
- if (parm[i].value) {
- free(parm[i].value);
- parm[i].value = (char *)NULL;
- }
- }
-}
-
-int
-fGetKeywordValue( fp, keyword, klen, value, vlen )
- FILE *fp;
- char *keyword;
- int klen;
- char *value;
- int vlen;
-{
- int rc;
- int gotit;
-
- *keyword = *value = '\0'; /* preset strings to NULL */
-
- /*
- * Looking for a keyword.
- * return an exception for EOF or BAD_QSTRING
- * ignore leading WHITEspace
- * ignore any number of leading commas
- * newline means we have all the parms for this
- * statement; give an indication that there is
- * nothing more on this line.
- * stop looking if we find QSTRING, STRING, or NUMBER
- * return syntax error for any other PUNKtuation
- */
- gotit = FALSE;
- do {
- rc = fGetToken(fp,keyword,klen);
-
- switch (rc) {
-
- case GTOK_WHITE:
- break;
-
- case GTOK_EOF:
- return(KV_EOF);
-
- case GTOK_BAD_QSTRING:
- sprintf(ErrorMsg,"unterminated string \"%s found",keyword);
- return(KV_SYNTAX);
-
- case GTOK_PUNK:
- if (strcmp("\n",keyword)==0) {
- return(KV_EOL);
- } else if (strcmp(",",keyword)!=0) {
- sprintf(ErrorMsg,"expecting rvalue, found \'%s\'",keyword);
- }
- break;
-
- case GTOK_STRING:
- case GTOK_QSTRING:
- case GTOK_NUMBER:
- gotit = TRUE;
- break;
-
- default:
- sprintf(ErrorMsg,"panic: bad return (%d) from fGetToken()",rc);
- return(KV_SYNTAX);
- }
-
- } while (!gotit);
-
- /*
- * now we expect an equal sign.
- * skip any whitespace
- * stop looking if we find an equal sign
- * anything else causes a syntax error
- */
- gotit = FALSE;
- do {
- rc = fGetToken(fp,value,vlen);
-
- switch (rc) {
-
- case GTOK_WHITE:
- break;
-
- case GTOK_BAD_QSTRING:
- sprintf(ErrorMsg,
- "expecting \'=\', found unterminated string \"%s",
- value);
- return(KV_SYNTAX);
-
- case GTOK_PUNK:
- if (strcmp("=",value)==0) {
- gotit = TRUE;
- } else {
- if (strcmp("\n",value)==0) {
- sprintf(ErrorMsg,"expecting \"=\", found newline");
- fUngetChar('\n',fp);
- } else {
- sprintf(ErrorMsg,
- "expecting rvalue, found \'%s\'",keyword);
- }
- return(KV_SYNTAX);
- }
- break;
-
- case GTOK_STRING:
- case GTOK_QSTRING:
- case GTOK_NUMBER:
- sprintf(ErrorMsg,"expecting \'=\', found \"%s\"",value);
- return(KV_SYNTAX);
-
- case GTOK_EOF:
- sprintf(ErrorMsg,"expecting \'=\', found EOF");
- return(KV_SYNTAX);
-
- default:
- sprintf(ErrorMsg,
- "panic: bad return (%d) from fGetToken()",rc);
- return(KV_SYNTAX);
- }
-
- } while ( !gotit );
-
- /*
- * got the keyword and equal sign, now get a value.
- * ignore any whitespace
- * any punctuation is a syntax error
- */
- gotit = FALSE;
- do {
- rc = fGetToken(fp,value,vlen);
-
- switch (rc) {
-
- case GTOK_WHITE:
- break;
-
- case GTOK_EOF:
- sprintf(ErrorMsg,"expecting rvalue, found EOF");
- return(KV_SYNTAX);
-
- case GTOK_BAD_QSTRING:
- sprintf(ErrorMsg,"unterminated quoted string \"%s",value);
- return(KV_SYNTAX);
-
- case GTOK_PUNK:
- if (strcmp("\n",value)==0) {
- sprintf(ErrorMsg,"expecting rvalue, found newline");
- fUngetChar('\n',fp);
- } else {
- sprintf(ErrorMsg,
- "expecting rvalue, found \'%s\'",value);
- }
- return(KV_SYNTAX);
- break;
-
- case GTOK_STRING:
- case GTOK_QSTRING:
- case GTOK_NUMBER:
- gotit = TRUE;
- return(KV_OKAY);
-
- default:
- sprintf(ErrorMsg,
- "panic: bad return (%d) from fGetToken()",rc);
- return(KV_SYNTAX);
- }
-
- } while ( !gotit );
- /*NOTREACHED*/
- return(0); /*just to shut up -Wall MRVM*/
-}
-
-/*
- * Routine Name: fGetToken
- *
- * Function: read the next token from the specified file.
- * A token is defined as a group of characters
- * terminated by a white space char (SPACE, CR,
- * LF, FF, TAB). The token returned is stripped of
- * both leading and trailing white space, and is
- * terminated by a NULL terminator. An alternate
- * definition of a token is a string enclosed in
- * single or double quotes.
- *
- * Explicit Parameters:
- * fp pointer to the input FILE
- * dest pointer to destination buffer
- * maxlen length of the destination buffer. The buffer
- * length INCLUDES the NULL terminator.
- *
- * Implicit Parameters: stderr where the "token too long" message goes
- *
- * External Procedures: fgetc
- *
- * Side Effects: None
- *
- * Return Value: A token classification value, as
- * defined in kparse.h. Note that the
- * classification for end of file is
- * always zero.
- */
-int
-fGetToken(fp, dest, maxlen)
- FILE *fp;
- char *dest;
- int maxlen;
-{
- int ch='\0';
- int len=0;
- char *p = dest;
- int digits;
-
- ch=fGetChar(fp);
-
- /*
- * check for a quoted string. If found, take all characters
- * that fit until a closing quote is found. Note that this
- * algorithm will not behave well for a string which is too long.
- */
- if (ISQUOTE(ch)) {
- int done = FALSE;
- do {
- ch = fGetChar(fp);
- done = ((maxlen<++len)||ISLINEFEED(ch)||(ch==EOF)
- ||ISQUOTE(ch));
- if (ch=='\\')
- ch = fGetLiteral(fp);
- if (!done)
- *p++ = ch;
- else if ((ch!=EOF) && !ISQUOTE(ch))
- fUngetChar(ch,fp);
- } while (!done);
- *p = '\0';
- if (ISLINEFEED(ch)) return(GTOK_BAD_QSTRING);
- return(GTOK_QSTRING);
- }
-
- /*
- * Not a quoted string. If its a token character (rules are
- * defined via the ISTOKENCHAR macro, in kparse.h) take it and all
- * token chars following it until we run out of space.
- */
- digits=TRUE;
- if (ISTOKENCHAR(ch)) {
- while ( (ISTOKENCHAR(ch)) && len<maxlen-1 ) {
- if (!isdigit(ch)) digits=FALSE;
- *p++ = ch;
- len++;
- ch = fGetChar(fp);
- };
- *p = '\0';
-
- if (ch!=EOF) {
- fUngetChar(ch,fp);
- }
- if (digits) {
- return(GTOK_NUMBER);
- } else {
- return(GTOK_STRING);
- }
- }
-
- /*
- * Neither a quoted string nor a token character. Return a string
- * with just that one character in it.
- */
- if (ch==EOF) {
- return(GTOK_EOF);
- }
- if (!ISWHITESPACE(ch)) {
- *p++ = ch;
- *p='\0';
- } else {
- *p++ = ' '; /* white space is always the
- * blank character */
- *p='\0';
- /*
- * The character is a white space. Flush all additional white
- * space.
- */
- while (ISWHITESPACE(ch) && ((ch=fGetChar(fp)) != EOF))
- ;
- if (ch!=EOF) {
- fUngetChar(ch,fp);
- }
- return(GTOK_WHITE);
- }
- return(GTOK_PUNK);
-}
-
-/*
- * fGetLiteral is called after we find a '\' in the input stream. A
- * string of numbers following the backslash are converted to the
- * appropriate value; hex (0xn), octal (0n), and decimal (otherwise)
- * are all supported. If the char after the \ is not a number, we
- * special case certain values (\n, \f, \r, \b) or return a literal
- * otherwise (useful for \", for example).
- */
-int
-fGetLiteral(fp)
- FILE *fp;
-{
- int ch;
- int n=0;
- int base;
-
- ch = fGetChar(fp);
-
- if (!isdigit(ch)) {
- switch (ch) {
- case 'n': return('\n');
- case 'f': return('\f');
- case 'r': return('\r');
- case 'b': return('\b');
- default: return(ch);
- }
- }
-
- /*
- * got a number. might be decimal (no prefix), octal (prefix 0),
- * or hexadecimal (prefix 0x). Set the base appropriately.
- */
- if (ch!='0') {
- base=10; /* its a decimal number */
- } else {
- /*
- * found a zero, its either hex or octal
- */
- ch = fGetChar(fp);
- if ((ch!='x') && (ch!='X')) {
- base=010;
- } else {
- ch = fGetChar(fp);
- base=0x10;
- }
- }
-
- switch (base) {
-
- case 010: /* octal */
- while (ISOCTAL(ch)) {
- n = (n*base) + ch - '0';
- ch = fGetChar(fp);
- }
- break;
-
- case 10: /* decimal */
- while (isdigit(ch)) {
- n = (n*base) + ch - '0';
- ch = fGetChar(fp);
- }
- break;
- case 0x10: /* hexadecimal */
- while (isxdigit(ch)) {
- if (isdigit(ch)) {
- n = (n*base) + ch - '0';
- } else {
- n = (n*base) + toupper(ch) - 'A' + 0xA ;
- }
- ch = fGetChar(fp);
- }
- break;
- default:
- fprintf(stderr,"fGetLiteral() died real bad. Fix gettoken.c.");
- exit(1);
- break;
- }
- fUngetChar(ch,fp);
- return(n);
-}
-
-/*
- * exactly the same as ungetc(3) except that the line number of the
- * input file is maintained.
- */
-int
-fUngetChar(ch,fp)
- int ch;
- FILE *fp;
-{
- if (ch=='\n') LineNbr--;
- return(ungetc(ch,fp));
-}
-
-
-/*
- * exactly the same as fgetc(3) except that the line number of the
- * input file is maintained.
- */
-int
-fGetChar(fp)
- FILE *fp;
-{
- int ch = fgetc(fp);
- if (ch=='\n') LineNbr++;
- return(ch);
-}
-
-
-/*
- * Routine Name: strsave
- *
- * Function: return a pointer to a saved copy of the
- * input string. the copy will be allocated
- * as large as necessary.
- *
- * Explicit Parameters: pointer to string to save
- *
- * Implicit Parameters: None
- *
- * External Procedures: malloc,strcpy,strlen
- *
- * Side Effects: None
- *
- * Return Value: pointer to copied string
- *
- */
-char *
-strsave(p)
- char *p;
-{
- return(strcpy(malloc(strlen(p)+1),p));
-}
-
-
-/*
- * strutol changes all characters in a string to lower case, in place.
- * the pointer to the beginning of the string is returned.
- */
-
-char *
-strutol( start )
- char *start;
-{
- char *q;
- for (q=start; *q; q++)
- if (isupper(*q))
- *q=tolower(*q);
- return(start);
-}
-
-#ifdef GTOK_TEST /* mainline test routine for fGetToken() */
-
-#define MAXTOKEN 100
-
-char *pgm = "gettoken";
-
-main(argc,argv)
- int argc;
- char **argv;
-{
- char *p;
- int type;
- FILE *fp;
-
- if (--argc) {
- fp = fopen(*++argv,"ra");
- if (fp == (FILE *)NULL) {
- fprintf(stderr,"can\'t open \"%s\"\n",*argv);
- }
- } else
- fp = stdin;
-
- p = malloc(MAXTOKEN);
- while (type = fGetToken(fp,p,MAXTOKEN)) {
- switch(type) {
- case GTOK_BAD_QSTRING:
- printf("BAD QSTRING!\t");
- break;
- case GTOK_EOF:
- printf("EOF!\t");
- break;
- case GTOK_QSTRING:
- printf("QSTRING\t");
- break;
- case GTOK_STRING:
- printf("STRING\t");
- break;
- case GTOK_NUMBER:
- printf("NUMBER\t");
- break;
- case GTOK_PUNK:
- printf("PUNK\t");
- break;
- case GTOK_WHITE:
- printf("WHITE\t");
- break;
- default:
- printf("HUH?\t");
- break;
- }
- if (*p=='\n')
- printf("\\n\n");
- else
- printf("%s\n",p);
- }
- exit(0);
-}
-#endif
-
-#ifdef KVTEST
-
-main(argc,argv)
- int argc;
- char **argv;
-{
- int rc,ch;
- FILE *fp;
- char key[MAXKEY],valu[MAXVALUE];
- char *filename;
-
- if (argc != 2) {
- fprintf(stderr,"usage: test <filename>\n");
- exit(1);
- }
-
- if (!(fp=fopen(*++argv,"r"))) {
- fprintf(stderr,"can\'t open input file \"%s\"\n",filename);
- exit(1);
- }
- filename = *argv;
-
- while ((rc=fGetKeywordValue(fp,key,MAXKEY,valu,MAXVALUE))!=KV_EOF){
-
- switch (rc) {
-
- case KV_EOL:
- printf("%s, line %d: nada mas.\n",filename,LineNbr-1);
- break;
-
- case KV_SYNTAX:
- printf("%s, line %d: syntax error: %s\n",
- filename,LineNbr,ErrorMsg);
- while ( ((ch=fGetChar(fp))!=EOF) && (ch!='\n') );
- break;
-
- case KV_OKAY:
- printf("%s, line %d: okay, %s=\"%s\"\n",
- filename,LineNbr,key,valu);
- break;
-
- default:
- printf("panic: bad return (%d) from fGetKeywordValue\n",rc);
- break;
- }
- }
- printf("EOF");
- fclose(fp);
- exit(0);
-}
-#endif
-
-#ifdef PSTEST
-
-parmtable kparm[] = {
- /* keyword, default, found value */
- { "user", "", (char *)NULL },
- { "realm", "Athena", (char *)NULL },
- { "instance", "", (char *)NULL }
-};
-
-main(argc,argv)
- int argc;
- char **argv;
-{
- int rc,i,ch;
- FILE *fp;
- char *filename;
-
- if (argc != 2) {
- fprintf(stderr,"usage: test <filename>\n");
- exit(1);
- }
-
- if (!(fp=fopen(*++argv,"r"))) {
- fprintf(stderr,"can\'t open input file \"%s\"\n",filename);
- exit(1);
- }
- filename = *argv;
-
- while ((rc=fGetParameterSet(fp,kparm,PARMCOUNT(kparm))) != PS_EOF) {
-
- switch (rc) {
-
- case PS_BAD_KEYWORD:
- printf("%s, line %d: %s\n",filename,LineNbr,ErrorMsg);
- while ( ((ch=fGetChar(fp))!=EOF) && (ch!='\n') );
- break;
-
- case PS_SYNTAX:
- printf("%s, line %d: syntax error: %s\n",
- filename,LineNbr,ErrorMsg);
- while ( ((ch=fGetChar(fp))!=EOF) && (ch!='\n') );
- break;
-
- case PS_OKAY:
- printf("%s, line %d: valid parameter set found:\n",
- filename,LineNbr-1);
- for (i=0; i<PARMCOUNT(kparm); i++) {
- printf("\t%s = \"%s\"\n",kparm[i].keyword,
- (kparm[i].value ? kparm[i].value
- : kparm[i].defvalue));
- }
- break;
-
- default:
- printf("panic: bad return (%d) from fGetParameterSet\n",rc);
- break;
- }
- FreeParameterSet(kparm,PARMCOUNT(kparm));
- }
- printf("EOF");
- fclose(fp);
- exit(0);
-}
-#endif
diff --git a/eBones/lib/libkrb/krb.3 b/eBones/lib/libkrb/krb.3
deleted file mode 100644
index f2061cd..0000000
--- a/eBones/lib/libkrb/krb.3
+++ /dev/null
@@ -1,508 +0,0 @@
-.\" $Source: /home/ncvs/src/eBones/lib/libkrb/krb.3,v $
-.\" $Author: markm $
-.\" $Header: /home/ncvs/src/eBones/lib/libkrb/krb.3,v 1.3 1995/09/13 17:23:55 markm Exp $
-.\" Copyright 1989 by the Massachusetts Institute of Technology.
-.\"
-.\" For copying and distribution information,
-.\" please see the file <mit-copyright.h>.
-.\"
-.TH KERBEROS 3 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-Kerberos authentication library
-.PP
-krb_mk_req, krb_rd_req, krb_kntoln, krb_set_key,
-krb_get_cred, krb_mk_priv, krb_rd_priv, krb_mk_safe,
-krb_rd_safe, krb_mk_err, krb_rd_err, krb_ck_repl
-krb_get_local_addr, krb_bind_local_addr
-.SH SYNOPSIS
-.nf
-.nj
-.ft B
-#include <des.h>
-#include <kerberosIV/krb.h>
-.PP
-.ft B
-extern char *krb_err_txt[];
-.PP
-.ft B
-int krb_mk_req(authent,service,instance,realm,checksum)
-KTEXT authent;
-char *service;
-char *instance;
-char *realm;
-u_long checksum;
-.PP
-.ft B
-int krb_rd_req(authent,service,instance,from_addr,ad,fn)
-KTEXT authent;
-char *service;
-char *instance;
-u_long from_addr;
-AUTH_DAT *ad;
-char *fn;
-.PP
-.ft B
-int krb_kntoln(ad,lname)
-AUTH_DAT *ad;
-char *lname;
-.PP
-.ft B
-int krb_set_key(key,cvt)
-char *key;
-int cvt;
-.PP
-.ft B
-int krb_get_cred(service,instance,realm,c)
-char *service;
-char *instance;
-char *realm;
-CREDENTIALS *c;
-.PP
-.ft B
-long krb_mk_priv(in,out,in_length,schedule,key,sender,receiver)
-u_char *in;
-u_char *out;
-u_long in_length;
-des_cblock key;
-des_key_schedule schedule;
-struct sockaddr_in *sender;
-struct sockaddr_in *receiver;
-.PP
-.ft B
-long krb_rd_priv(in,in_length,schedule,key,sender,receiver,msg_data)
-u_char *in;
-u_long in_length;
-Key_schedule schedule;
-des_cblock key;
-struct sockaddr_in *sender;
-struct sockaddr_in *receiver;
-MSG_DAT *msg_data;
-.PP
-.ft B
-long krb_mk_safe(in,out,in_length,key,sender,receiver)
-u_char *in;
-u_char *out;
-u_long in_length;
-des_cblock key;
-struct sockaddr_in *sender;
-struct sockaddr_in *receiver;
-.PP
-.ft B
-long krb_rd_safe(in,length,key,sender,receiver,msg_data)
-u_char *in;
-u_long length;
-des_cblock key;
-struct sockaddr_in *sender;
-struct sockaddr_in *receiver;
-MSG_DAT *msg_data;
-.PP
-.ft B
-long krb_mk_err(out,code,string)
-u_char *out;
-long code;
-char *string;
-.PP
-.ft B
-long krb_rd_err(in,length,code,msg_data)
-u_char *in;
-u_long length;
-long code;
-MSG_DAT *msg_data;
-.PP
-.ft B
-int krb_get_local_addr(address)
-struct sockaddr_in *address;
-.PP
-.ft B
-int krb_bind_local_addr(socket)
-int socket;
-.fi
-.ft R
-.SH DESCRIPTION
-This library supports network authentication and various related
-operations. The library contains many routines beyond those described
-in this man page, but they are not intended to be used directly.
-Instead, they are called by the routines that are described, the
-authentication server and the login program.
-.PP
-The original MIT implementation of the krb library could fail when used on
-multi-homed client machines. Two functions,
-.I krb_get_local_addr
-and
-.I krb_bind_local_addr,
-are provided to overcome this limitation. Any
-application expected to function in a multi-homed environment (clients
-with more than one network interface) that opens sockets to perform
-authenticated or encrypted transactions must use one of these functions
-to bind its sockets to the local address used and authenticated by Kerberos.
-.PP
-.I krb_err_txt[]
-contains text string descriptions of various Kerberos error codes returned
-by some of the routines below.
-.PP
-.I krb_mk_req
-takes a pointer to a text structure in which an authenticator is to be
-built. It also takes the name, instance, and realm of the service to be
-used and an optional checksum. It is up to the application to decide
-how to generate the checksum.
-.I krb_mk_req
-then retrieves a ticket for the desired service and creates an
-authenticator. The authenticator is built in
-.I authent
-and is accessible
-to the calling procedure.
-.PP
-It is up to the application to get the authenticator to the service
-where it will be read by
-.I krb_rd_req.
-Unless an attacker posesses the session key contained in the ticket, it
-will be unable to modify the authenticator. Thus, the checksum can be
-used to verify the authenticity of the other data that will pass through
-a connection.
-.PP
-.I krb_rd_req
-takes an authenticator of type
-.B KTEXT,
-a service name, an instance, the address of the
-host originating the request, and a pointer to a structure of type
-.B AUTH_DAT
-which is filled in with information obtained from the authenticator.
-It also optionally takes the name of the file in which it will find the
-secret key(s) for the service.
-If the supplied
-.I instance
-contains "*", then the first service key with the same service name
-found in the service key file will be used, and the
-.I instance
-argument will be filled in with the chosen instance. This means that
-the caller must provide space for such an instance name.
-.PP
-It is used to find out information about the principal when a request
-has been made to a service. It is up to the application protocol to get
-the authenticator from the client to the service. The authenticator is
-then passed to
-.I krb_rd_req
-to extract the desired information.
-.PP
-.I krb_rd_req
-returns zero (RD_AP_OK) upon successful authentication. If a packet was
-forged, modified, or replayed, authentication will fail. If the
-authentication fails, a non-zero value is returned indicating the
-particular problem encountered. See
-.I krb.h
-for the list of error codes.
-.PP
-If the last argument is the null string (""), krb_rd_req will use the
-file /etc/kerberosIV/srvtab to find its keys. If the last argument is
-NULL, it will assume that the key has been set by
-.I krb_set_key
-and will not bother looking further.
-.PP
-.I krb_kntoln
-converts a Kerberos name to a local name. It takes a structure
-of type AUTH_DAT and uses the name and instance to look in the database
-/etc/kerberosIV/aname to find the corresponding local name. The local name is
-returned and can be used by an application to change uids, directories,
-or other parameters. It is not an integral part of Kerberos, but is
-instead provided to support the use of Kerberos in existing utilities.
-.PP
-.I krb_set_key
-takes as an argument a des key. It then creates
-a key schedule from it and saves the original key to be used as an
-initialization vector.
-It is used to set the server's key which
-must be used to decrypt tickets.
-.PP
-If called with a non-zero second argument,
-.I krb_set_key
-will first convert the input from a string of arbitrary length to a DES
-key by encrypting it with a one-way function.
-.PP
-In most cases it should not be necessary to call
-.I krb_set_key.
-The necessary keys will usually be obtained and set inside
-.I krb_rd_req. krb_set_key
-is provided for those applications that do not wish to place the
-application keys on disk.
-.PP
-.I krb_get_cred
-searches the caller's ticket file for a ticket for the given service, instance,
-and realm; and, if a ticket is found, fills in the given CREDENTIALS structure
-with the ticket information.
-.PP
-If the ticket was found,
-.I krb_get_cred
-returns GC_OK.
-If the ticket file can't be found, can't be read, doesn't belong to
-the user (other than root), isn't a regular file, or is in the wrong
-mode, the error GC_TKFIL is returned.
-.PP
-.I krb_mk_priv
-creates an encrypted, authenticated
-message from any arbitrary application data, pointed to by
-.I in
-and
-.I in_length
-bytes long.
-The private session key, pointed to by
-.I key
-and the key schedule,
-.I schedule,
-are used to encrypt the data and some header information using
-.I pcbc_encrypt.
-.I sender
-and
-.I receiver
-point to the Internet address of the two parties.
-In addition to providing privacy, this protocol message protects
-against modifications, insertions or replays. The encapsulated message and
-header are placed in the area pointed to by
-.I out
-and the routine returns the length of the output, or -1 indicating
-an error.
-.PP
-.I krb_rd_priv
-decrypts and authenticates a received
-.I krb_mk_priv
-message.
-.I in
-points to the beginning of the received message, whose length
-is specified in
-.I in_length.
-The private session key, pointed to by
-.I key,
-and the key schedule,
-.I schedule,
-are used to decrypt and verify the received message.
-.I msg_data
-is a pointer to a
-.I MSG_DAT
-struct, defined in
-.I krb.h.
-The routine fills in the
-.I app_data
-field with a pointer to the decrypted application data,
-.I app_length
-with the length of the
-.I app_data
-field,
-.I time_sec
-and
-.I time_5ms
-with the timestamps in the message, and
-.I swap
-with a 1 if the byte order of the receiver is different than that of
-the sender. (The application must still determine if it is appropriate
-to byte-swap application data; the Kerberos protocol fields are already taken
-care of). The
-.I hash
-field returns a value useful as input to the
-.I krb_ck_repl
-routine.
-
-The routine returns zero if ok, or a Kerberos error code. Modified messages
-and old messages cause errors, but it is up to the caller to
-check the time sequence of messages, and to check against recently replayed
-messages using
-.I krb_ck_repl
-if so desired.
-.PP
-.I krb_mk_safe
-creates an authenticated, but unencrypted message from any arbitrary
-application data,
-pointed to by
-.I in
-and
-.I in_length
-bytes long.
-The private session key, pointed to by
-.I key,
-is used to seed the
-.I quad_cksum()
-checksum algorithm used as part of the authentication.
-.I sender
-and
-.I receiver
-point to the Internet address of the two parties.
-This message does not provide privacy, but does protect (via detection)
-against modifications, insertions or replays. The encapsulated message and
-header are placed in the area pointed to by
-.I out
-and the routine returns the length of the output, or -1 indicating
-an error.
-The authentication provided by this routine is not as strong as that
-provided by
-.I krb_mk_priv
-or by computing the checksum using
-.I cbc_cksum
-instead, both of which authenticate via DES.
-.PP
-
-.I krb_rd_safe
-authenticates a received
-.I krb_mk_safe
-message.
-.I in
-points to the beginning of the received message, whose length
-is specified in
-.I in_length.
-The private session key, pointed to by
-.I key,
-is used to seed the quad_cksum() routine as part of the authentication.
-.I msg_data
-is a pointer to a
-.I MSG_DAT
-struct, defined in
-.I krb.h .
-The routine fills in these
-.I MSG_DAT
-fields:
-the
-.I app_data
-field with a pointer to the application data,
-.I app_length
-with the length of the
-.I app_data
-field,
-.I time_sec
-and
-.I time_5ms
-with the timestamps in the message, and
-.I swap
-with a 1 if the byte order of the receiver is different than that of
-the sender.
-(The application must still determine if it is appropriate
-to byte-swap application data; the Kerberos protocol fields are already taken
-care of). The
-.I hash
-field returns a value useful as input to the
-.I krb_ck_repl
-routine.
-
-The routine returns zero if ok, or a Kerberos error code. Modified messages
-and old messages cause errors, but it is up to the caller to
-check the time sequence of messages, and to check against recently replayed
-messages using
-.I krb_ck_repl
-if so desired.
-.PP
-.I krb_mk_err
-constructs an application level error message that may be used along
-with
-.I krb_mk_priv
-or
-.I krb_mk_safe.
-.I out
-is a pointer to the output buffer,
-.I code
-is an application specific error code, and
-.I string
-is an application specific error string.
-
-.PP
-.I krb_rd_err
-unpacks a received
-.I krb_mk_err
-message.
-.I in
-points to the beginning of the received message, whose length
-is specified in
-.I in_length.
-.I code
-is a pointer to a value to be filled in with the error
-value provided by the application.
-.I msg_data
-is a pointer to a
-.I MSG_DAT
-struct, defined in
-.I krb.h .
-The routine fills in these
-.I MSG_DAT
-fields: the
-.I app_data
-field with a pointer to the application error text,
-.I app_length
-with the length of the
-.I app_data
-field, and
-.I swap
-with a 1 if the byte order of the receiver is different than that of
-the sender. (The application must still determine if it is appropriate
-to byte-swap application data; the Kerberos protocol fields are already taken
-care of).
-
-The routine returns zero if the error message has been successfully received,
-or a Kerberos error code.
-.PP
-.I krb_get_local_addr
-retrieves the address of the local interface used for
-all kerberos transactions and copies it to the sockaddr_in pointed to
-by
-.I address.
-This information is usually used to bind additional sockets in client
-programs to the kerberos authenticated local address so transactions
-to kerberos services on remote machines succeed. This routine may be called
-at any time and the address returned will not change during the lifetime of
-the program.
-
-The routine returns zero on success or a Kerberos error code.
-.PP
-.I krb_bind_local_addr
-binds
-.I socket
-to the address of the local interface used for all kerberos
-transactions. The bind allows the system to assign a port for the socket,
-so programs wishing to specify an explicit port should use
-.I krb_get_local_addr
-and perform the bind manually.
-
-The routine returns zero on success or a Kerberos error code.
-.PP
-The
-.I KTEXT
-structure is used to pass around text of varying lengths. It consists
-of a buffer for the data, and a length. krb_rd_req takes an argument of this
-type containing the authenticator, and krb_mk_req returns the
-authenticator in a structure of this type. KTEXT itself is really a
-pointer to the structure. The actual structure is of type KTEXT_ST.
-.PP
-The
-.I AUTH_DAT
-structure is filled in by krb_rd_req. It must be allocated before
-calling krb_rd_req, and a pointer to it is passed. The structure is
-filled in with data obtained from Kerberos.
-.I MSG_DAT
-structure is filled in by either krb_rd_priv, krb_rd_safe, or
-krb_rd_err. It must be allocated before the call and a pointer to it
-is passed. The structure is
-filled in with data obtained from Kerberos.
-.PP
-.SH FILES
-/usr/include/kerberosIV/krb.h
-.br
-/usr/lib/libkrb.a
-.br
-/usr/include/des.h
-.br
-/usr/lib/libdes.a
-.br
-/etc/kerberosIV/aname
-.br
-/etc/kerberosIV/srvtab
-.br
-/tmp/tkt[uid]
-.SH "SEE ALSO"
-kerberos(1), des_crypt(3)
-.SH DIAGNOSTICS
-.SH BUGS
-The caller of
-.I krb_rd_req, krb_rd_priv, and krb_rd_safe
-must check time order and for replay attempts.
-.I krb_ck_repl
-is not implemented yet.
-.SH AUTHORS
-Clifford Neuman, MIT Project Athena
-.br
-Steve Miller, MIT Project Athena/Digital Equipment Corporation
-.SH RESTRICTIONS
-COPYRIGHT 1985,1986,1989 Massachusetts Institute of Technology
diff --git a/eBones/lib/libkrb/krb_err.et b/eBones/lib/libkrb/krb_err.et
deleted file mode 100644
index 8fedf9f..0000000
--- a/eBones/lib/libkrb/krb_err.et
+++ /dev/null
@@ -1,269 +0,0 @@
-# Copyright 1987,1988 Massachusetts Institute of Technology
-# For copying and distribution information, see the file
-# "Copyright.MIT".
-#
-# from: krb_err.et,v 4.1 89/09/26 09:24:20 jtkohl Exp $
-# $Id$
-#
- error_table krb
-
- ec KRBET_KSUCCESS,
- "Kerberos successful"
-
- ec KRBET_KDC_NAME_EXP,
- "Kerberos principal expired"
-
- ec KRBET_KDC_SERVICE_EXP,
- "Kerberos service expired"
-
- ec KRBET_KDC_AUTH_EXP,
- "Kerberos auth expired"
-
- ec KRBET_KDC_PKT_VER,
- "Incorrect kerberos master key version"
-
- ec KRBET_KDC_P_MKEY_VER,
- "Incorrect kerberos master key version"
-
- ec KRBET_KDC_S_MKEY_VER,
- "Incorrect kerberos master key version"
-
- ec KRBET_KDC_BYTE_ORDER,
- "Kerberos error: byte order unknown"
-
- ec KRBET_KDC_PR_UNKNOWN,
- "Kerberos principal unknown"
-
- ec KRBET_KDC_PR_N_UNIQUE,
- "Kerberos principal not unique"
-
- ec KRBET_KDC_NULL_KEY,
- "Kerberos principal has null key"
-
- ec KRBET_KRB_RES11,
- "Reserved 11"
-
- ec KRBET_KRB_RES12,
- "Reserved 12"
-
- ec KRBET_KRB_RES13,
- "Reserved 13"
-
- ec KRBET_KRB_RES14,
- "Reserved 14"
-
- ec KRBET_KRB_RES15,
- "Reserved 15"
-
- ec KRBET_KRB_RES16,
- "Reserved 16"
-
- ec KRBET_KRB_RES17,
- "Reserved 17"
-
- ec KRBET_KRB_RES18,
- "Reserved 18"
-
- ec KRBET_KRB_RES19,
- "Reserved 19"
-
- ec KRBET_KDC_GEN_ERR,
- "Generic error from Kerberos KDC"
-
- ec KRBET_GC_TKFIL,
- "Can't read Kerberos ticket file"
-
- ec KRBET_GC_NOTKT,
- "Can't find Kerberos ticket or TGT"
-
- ec KRBET_KRB_RES23,
- "Reserved 23"
-
- ec KRBET_KRB_RES24,
- "Reserved 24"
-
- ec KRBET_KRB_RES25,
- "Reserved 25"
-
- ec KRBET_MK_AP_TGTEXP,
- "Kerberos TGT Expired"
-
- ec KRBET_KRB_RES27,
- "Reserved 27"
-
- ec KRBET_KRB_RES28,
- "Reserved 28"
-
- ec KRBET_KRB_RES29,
- "Reserved 29"
-
- ec KRBET_KRB_RES30,
- "Reserved 30"
-
- ec KRBET_RD_AP_UNDEC,
- "Kerberos error: Can't decode authenticator"
-
- ec KRBET_RD_AP_EXP,
- "Kerberos ticket expired"
-
- ec KRBET_RD_AP_NYV,
- "Kerberos ticket not yet valid"
-
- ec KRBET_RD_AP_REPEAT,
- "Kerberos error: Repeated request"
-
- ec KRBET_RD_AP_NOT_US,
- "The kerberos ticket isn't for us"
-
- ec KRBET_RD_AP_INCON,
- "Kerberos request inconsistent"
-
- ec KRBET_RD_AP_TIME,
- "Kerberos error: delta_t too big"
-
- ec KRBET_RD_AP_BADD,
- "Kerberos error: incorrect net address"
-
- ec KRBET_RD_AP_VERSION,
- "Kerberos protocol version mismatch"
-
- ec KRBET_RD_AP_MSG_TYPE,
- "Kerberos error: invalid msg type"
-
- ec KRBET_RD_AP_MODIFIED,
- "Kerberos error: message stream modified"
-
- ec KRBET_RD_AP_ORDER,
- "Kerberos error: message out of order"
-
- ec KRBET_RD_AP_UNAUTHOR,
- "Kerberos error: unauthorized request"
-
- ec KRBET_KRB_RES44,
- "Reserved 44"
-
- ec KRBET_KRB_RES45,
- "Reserved 45"
-
- ec KRBET_KRB_RES46,
- "Reserved 46"
-
- ec KRBET_KRB_RES47,
- "Reserved 47"
-
- ec KRBET_KRB_RES48,
- "Reserved 48"
-
- ec KRBET_KRB_RES49,
- "Reserved 49"
-
- ec KRBET_KRB_RES50,
- "Reserved 50"
-
- ec KRBET_GT_PW_NULL,
- "Kerberos error: current PW is null"
-
- ec KRBET_GT_PW_BADPW,
- "Kerberos error: Incorrect current password"
-
- ec KRBET_GT_PW_PROT,
- "Kerberos protocol error"
-
- ec KRBET_GT_PW_KDCERR,
- "Error returned by Kerberos KDC"
-
- ec KRBET_GT_PW_NULLTKT,
- "Null Kerberos ticket returned by KDC"
-
- ec KRBET_SKDC_RETRY,
- "Kerberos error: Retry count exceeded"
-
- ec KRBET_SKDC_CANT,
- "Kerberos error: Can't send request"
-
- ec KRBET_KRB_RES58,
- "Reserved 58"
-
- ec KRBET_KRB_RES59,
- "Reserved 59"
-
- ec KRBET_KRB_RES60,
- "Reserved 60"
-
- ec KRBET_INTK_W_NOTALL,
- "Kerberos error: not all tickets returned"
-
- ec KRBET_INTK_BADPW,
- "Kerberos error: incorrect password"
-
- ec KRBET_INTK_PROT,
- "Kerberos error: Protocol Error"
-
- ec KRBET_KRB_RES64,
- "Reserved 64"
-
- ec KRBET_KRB_RES65,
- "Reserved 65"
-
- ec KRBET_KRB_RES66,
- "Reserved 66"
-
- ec KRBET_KRB_RES67,
- "Reserved 67"
-
- ec KRBET_KRB_RES68,
- "Reserved 68"
-
- ec KRBET_KRB_RES69,
- "Reserved 69"
-
- ec KRBET_INTK_ERR,
- "Other error"
-
- ec KRBET_AD_NOTGT,
- "Don't have Kerberos ticket-granting ticket"
-
- ec KRBET_KRB_RES72,
- "Reserved 72"
-
- ec KRBET_KRB_RES73,
- "Reserved 73"
-
- ec KRBET_KRB_RES74,
- "Reserved 74"
-
- ec KRBET_KRB_RES75,
- "Reserved 75"
-
- ec KRBET_NO_TKT_FIL,
- "No ticket file found"
-
- ec KRBET_TKT_FIL_ACC,
- "Couldn't access ticket file"
-
- ec KRBET_TKT_FIL_LCK,
- "Couldn't lock ticket file"
-
- ec KRBET_TKT_FIL_FMT,
- "Bad ticket file format"
-
- ec KRBET_TKT_FIL_INI,
- "tf_init not called first"
-
- ec KRBET_KNAME_FMT,
- "Bad Kerberos name format"
-
- ec KRBET_GT_LADDR_NOSOCK,
- "Can't open socket"
-
- ec KRBET_GT_LADDR_IFLIST,
- "Can't retrieve local interface list"
-
- ec KRBET_GT_LADDR_NVI,
- "No valid local interface found"
-
- ec KRBET_BND_LADDR_BIND,
- "Can't bind local address"
-
- end
-
diff --git a/eBones/lib/libkrb/krb_err_txt.c b/eBones/lib/libkrb/krb_err_txt.c
deleted file mode 100644
index ebe6fa4..0000000
--- a/eBones/lib/libkrb/krb_err_txt.c
+++ /dev/null
@@ -1,280 +0,0 @@
-/*
- * Copyright 1988 by the Massachusetts Institute of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: krb_err_txt.c,v 4.7 88/12/01 14:10:14 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif lint
-#endif
-
-/*
- * This file contains an array of error text strings.
- * The associated error codes (which are defined in "krb.h")
- * follow the string in the comments at the end of each line.
- */
-
-char *krb_err_txt[256] = {
- "OK", /* 000 */
- "Principal expired (kerberos)", /* 001 */
- "Service expired (kerberos)", /* 002 */
- "Authentication expired (kerberos)", /* 003 */
- "Unknown protocol version number (kerberos)", /* 004 */
- "Principal: Incorrect master key version (kerberos)", /* 005 */
- "Service: Incorrect master key version (kerberos)", /* 006 */
- "Bad byte order (kerberos)", /* 007 */
- "Principal unknown (kerberos)", /* 008 */
- "Principal not unique (kerberos)", /* 009 */
- "Principal has null key (kerberos)", /* 010 */
- "Reserved error message 11 (kerberos)", /* 011 */
- "Reserved error message 12 (kerberos)", /* 012 */
- "Reserved error message 13 (kerberos)", /* 013 */
- "Reserved error message 14 (kerberos)", /* 014 */
- "Reserved error message 15 (kerberos)", /* 015 */
- "Reserved error message 16 (kerberos)", /* 016 */
- "Reserved error message 17 (kerberos)", /* 017 */
- "Reserved error message 18 (kerberos)", /* 018 */
- "Reserved error message 19 (kerberos)", /* 019 */
- "Permission Denied (kerberos)", /* 020 */
- "Can't read ticket file (krb_get_cred)", /* 021 */
- "Can't find ticket (krb_get_cred)", /* 022 */
- "Reserved error message 23 (krb_get_cred)", /* 023 */
- "Reserved error message 24 (krb_get_cred)", /* 024 */
- "Reserved error message 25 (krb_get_cred)", /* 025 */
- "Ticket granting ticket expired (krb_mk_req)", /* 026 */
- "Reserved error message 27 (krb_mk_req)", /* 027 */
- "Reserved error message 28 (krb_mk_req)", /* 028 */
- "Reserved error message 29 (krb_mk_req)", /* 029 */
- "Reserved error message 30 (krb_mk_req)", /* 030 */
- "Can't decode authenticator (krb_rd_req)", /* 031 */
- "Ticket expired (krb_rd_req)", /* 032 */
- "Ticket issue date too far in the future (krb_rd_req)",/* 033 */
- "Repeat request (krb_rd_req)", /* 034 */
- "Ticket for wrong server (krb_rd_req)", /* 035 */
- "Request inconsistent (krb_rd_req)", /* 036 */
- "Time is out of bounds (krb_rd_req)", /* 037 */
- "Incorrect network address (krb_rd_req)", /* 038 */
- "Protocol version mismatch (krb_rd_req)", /* 039 */
- "Illegal message type (krb_rd_req)", /* 040 */
- "Message integrity error (krb_rd_req)", /* 041 */
- "Message duplicate or out of order (krb_rd_req)", /* 042 */
- "Unauthorized request (krb_rd_req)", /* 043 */
- "Reserved error message 44 (krb_rd_req)", /* 044 */
- "Reserved error message 45 (krb_rd_req)", /* 045 */
- "Reserved error message 46 (krb_rd_req)", /* 046 */
- "Reserved error message 47 (krb_rd_req)", /* 047 */
- "Reserved error message 48 (krb_rd_req)", /* 048 */
- "Reserved error message 49 (krb_rd_req)", /* 049 */
- "Reserved error message 50 (krb_rd_req)", /* 050 */
- "Current password is NULL (get_pw_tkt)", /* 051 */
- "Current password incorrect (get_pw_tkt)", /* 052 */
- "Protocol error (gt_pw_tkt)", /* 053 */
- "Error returned by KDC (gt_pw_tkt)", /* 054 */
- "Null ticket returned by KDC (gt_pw_tkt)", /* 055 */
- "Retry count exceeded (send_to_kdc)", /* 056 */
- "Can't send request (send_to_kdc)", /* 057 */
- "Reserved error message 58 (send_to_kdc)", /* 058 */
- "Reserved error message 59 (send_to_kdc)", /* 059 */
- "Reserved error message 60 (send_to_kdc)", /* 060 */
- "Warning: Not ALL tickets returned", /* 061 */
- "Password incorrect", /* 062 */
- "Protocol error (get_intkt)", /* 063 */
- "Reserved error message 64 (get_in_tkt)", /* 064 */
- "Reserved error message 65 (get_in_tkt)", /* 065 */
- "Reserved error message 66 (get_in_tkt)", /* 066 */
- "Reserved error message 67 (get_in_tkt)", /* 067 */
- "Reserved error message 68 (get_in_tkt)", /* 068 */
- "Reserved error message 69 (get_in_tkt)", /* 069 */
- "Generic error (get_intkt)", /* 070 */
- "Don't have ticket granting ticket (get_ad_tkt)", /* 071 */
- "Reserved error message 72 (get_ad_tkt)", /* 072 */
- "Reserved error message 73 (get_ad_tkt)", /* 073 */
- "Reserved error message 74 (get_ad_tkt)", /* 074 */
- "Reserved error message 75 (get_ad_tkt)", /* 075 */
- "No ticket file (tf_util)", /* 076 */
- "Can't access ticket file (tf_util)", /* 077 */
- "Can't lock ticket file; try later (tf_util)", /* 078 */
- "Bad ticket file format (tf_util)", /* 079 */
- "Read ticket file before tf_init (tf_util)", /* 080 */
- "Bad Kerberos name format (kname_parse)", /* 081 */
- "Can't open socket", /* 082 */
- "Can't retrieve local interface list", /* 083 */
- "No valid local interface found", /* 084 */
- "Can't bind local address", /* 085 */
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "Generic kerberos error (kfailure)", /* 255 */
-};
diff --git a/eBones/lib/libkrb/krb_get_in_tkt.c b/eBones/lib/libkrb/krb_get_in_tkt.c
deleted file mode 100644
index 016f35b..0000000
--- a/eBones/lib/libkrb/krb_get_in_tkt.c
+++ /dev/null
@@ -1,301 +0,0 @@
-/*
- * Copyright 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: der: krb_get_in_tkt.c,v 4.19 89/07/18 16:31:31 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char *rcsid =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <krb.h>
-#include <des.h>
-#include <prot.h>
-
-#include <stdio.h>
-#include <strings.h>
-#include <errno.h>
-
-/* use the bsd time.h struct defs for PC too! */
-#include <sys/time.h>
-#include <sys/types.h>
-
-int swap_bytes;
-
-/*
- * decrypt_tkt(): Given user, instance, realm, passwd, key_proc
- * and the cipher text sent from the KDC, decrypt the cipher text
- * using the key returned by key_proc.
- */
-
-static int
-decrypt_tkt(user, instance, realm, arg, key_proc, cipp)
- char *user;
- char *instance;
- char *realm;
- char *arg;
- int (*key_proc)();
- KTEXT *cipp;
-{
- KTEXT cip = *cipp;
- C_Block key; /* Key for decrypting cipher */
- Key_schedule key_s;
-
-#ifndef NOENCRYPTION
- /* Attempt to decrypt it */
-#endif
-
- /* generate a key */
-
- {
- register int rc;
- rc = (*key_proc)(user,instance,realm,arg,key);
- if (rc)
- return(rc);
- }
-
-#ifndef NOENCRYPTION
- key_sched(&key,key_s);
- pcbc_encrypt((C_Block *)cip->dat,(C_Block *)cip->dat,
- (long) cip->length,key_s,(C_Block *)key,DES_DECRYPT);
-#endif /* !NOENCRYPTION */
- /* Get rid of all traces of key */
- bzero((char *)key,sizeof(key));
- bzero((char *)key_s,sizeof(key_s));
-
- return(0);
-}
-
-/*
- * krb_get_in_tkt() gets a ticket for a given principal to use a given
- * service and stores the returned ticket and session key for future
- * use.
- *
- * The "user", "instance", and "realm" arguments give the identity of
- * the client who will use the ticket. The "service" and "sinstance"
- * arguments give the identity of the server that the client wishes
- * to use. (The realm of the server is the same as the Kerberos server
- * to whom the request is sent.) The "life" argument indicates the
- * desired lifetime of the ticket; the "key_proc" argument is a pointer
- * to the routine used for getting the client's private key to decrypt
- * the reply from Kerberos. The "decrypt_proc" argument is a pointer
- * to the routine used to decrypt the reply from Kerberos; and "arg"
- * is an argument to be passed on to the "key_proc" routine.
- *
- * If all goes well, krb_get_in_tkt() returns INTK_OK, otherwise it
- * returns an error code: If an AUTH_MSG_ERR_REPLY packet is returned
- * by Kerberos, then the error code it contains is returned. Other
- * error codes returned by this routine include INTK_PROT to indicate
- * wrong protocol version, INTK_BADPW to indicate bad password (if
- * decrypted ticket didn't make sense), INTK_ERR if the ticket was for
- * the wrong server or the ticket store couldn't be initialized.
- *
- * The format of the message sent to Kerberos is as follows:
- *
- * Size Variable Field
- * ---- -------- -----
- *
- * 1 byte KRB_PROT_VERSION protocol version number
- * 1 byte AUTH_MSG_KDC_REQUEST | message type
- * HOST_BYTE_ORDER local byte order in lsb
- * string user client's name
- * string instance client's instance
- * string realm client's realm
- * 4 bytes tlocal.tv_sec timestamp in seconds
- * 1 byte life desired lifetime
- * string service service's name
- * string sinstance service's instance
- */
-
-int
-krb_get_in_tkt(user, instance, realm, service, sinstance, life,
- key_proc, decrypt_proc, arg)
- char *user;
- char *instance;
- char *realm;
- char *service;
- char *sinstance;
- int life;
- int (*key_proc)();
- int (*decrypt_proc)();
- char *arg;
-{
- KTEXT_ST pkt_st;
- KTEXT pkt = &pkt_st; /* Packet to KDC */
- KTEXT_ST rpkt_st;
- KTEXT rpkt = &rpkt_st; /* Returned packet */
- KTEXT_ST cip_st;
- KTEXT cip = &cip_st; /* Returned Ciphertext */
- KTEXT_ST tkt_st;
- KTEXT tkt = &tkt_st; /* Current ticket */
- C_Block ses; /* Session key for tkt */
- int kvno; /* Kvno for session key */
- unsigned char *v = pkt->dat; /* Prot vers no */
- unsigned char *t = (pkt->dat+1); /* Prot msg type */
-
- char s_name[SNAME_SZ];
- char s_instance[INST_SZ];
- char rlm[REALM_SZ];
- int lifetime;
- int msg_byte_order;
- int kerror;
- unsigned long exp_date;
- char *ptr;
-
- struct timeval t_local;
-
- unsigned long rep_err_code;
-
- unsigned long kdc_time; /* KDC time */
-
- /* BUILD REQUEST PACKET */
-
- /* Set up the fixed part of the packet */
- *v = (unsigned char) KRB_PROT_VERSION;
- *t = (unsigned char) AUTH_MSG_KDC_REQUEST;
- *t |= HOST_BYTE_ORDER;
-
- /* Now for the variable info */
- (void) strcpy((char *)(pkt->dat+2),user); /* aname */
- pkt->length = 3 + strlen(user);
- (void) strcpy((char *)(pkt->dat+pkt->length),
- instance); /* instance */
- pkt->length += 1 + strlen(instance);
- (void) strcpy((char *)(pkt->dat+pkt->length),realm); /* realm */
- pkt->length += 1 + strlen(realm);
-
- (void) gettimeofday(&t_local,(struct timezone *) 0);
- /* timestamp */
- bcopy((char *)&(t_local.tv_sec),(char *)(pkt->dat+pkt->length), 4);
- pkt->length += 4;
-
- *(pkt->dat+(pkt->length)++) = (char) life;
- (void) strcpy((char *)(pkt->dat+pkt->length),service);
- pkt->length += 1 + strlen(service);
- (void) strcpy((char *)(pkt->dat+pkt->length),sinstance);
- pkt->length += 1 + strlen(sinstance);
-
- rpkt->length = 0;
-
- /* SEND THE REQUEST AND RECEIVE THE RETURN PACKET */
-
- if ((kerror = send_to_kdc(pkt, rpkt, realm))) return(kerror);
-
- /* check packet version of the returned packet */
- if (pkt_version(rpkt) != KRB_PROT_VERSION)
- return(INTK_PROT);
-
- /* Check byte order */
- msg_byte_order = pkt_msg_type(rpkt) & 1;
- swap_bytes = 0;
- if (msg_byte_order != HOST_BYTE_ORDER) {
- swap_bytes++;
- }
-
- switch (pkt_msg_type(rpkt) & ~1) {
- case AUTH_MSG_KDC_REPLY:
- break;
- case AUTH_MSG_ERR_REPLY:
- bcopy(pkt_err_code(rpkt),(char *) &rep_err_code,4);
- if (swap_bytes) swap_u_long(rep_err_code);
- return((int)rep_err_code);
- default:
- return(INTK_PROT);
- }
-
- /* EXTRACT INFORMATION FROM RETURN PACKET */
-
- /* get the principal's expiration date */
- bcopy(pkt_x_date(rpkt),(char *) &exp_date,sizeof(exp_date));
- if (swap_bytes) swap_u_long(exp_date);
-
- /* Extract the ciphertext */
- cip->length = pkt_clen(rpkt); /* let clen do the swap */
-
- if ((cip->length < 0) || (cip->length > sizeof(cip->dat)))
- return(INTK_ERR); /* no appropriate error code
- currently defined for INTK_ */
- /* copy information from return packet into "cip" */
- bcopy((char *) pkt_cipher(rpkt),(char *)(cip->dat),cip->length);
-
- /* Attempt to decrypt the reply. */
- if (decrypt_proc == NULL)
- decrypt_proc = decrypt_tkt;
- (*decrypt_proc)(user, instance, realm, arg, key_proc, &cip);
-
- ptr = (char *) cip->dat;
-
- /* extract session key */
- bcopy(ptr,(char *)ses,8);
- ptr += 8;
-
- if ((strlen(ptr) + (ptr - (char *) cip->dat)) > cip->length)
- return(INTK_BADPW);
-
- /* extract server's name */
- (void) strcpy(s_name,ptr);
- ptr += strlen(s_name) + 1;
-
- if ((strlen(ptr) + (ptr - (char *) cip->dat)) > cip->length)
- return(INTK_BADPW);
-
- /* extract server's instance */
- (void) strcpy(s_instance,ptr);
- ptr += strlen(s_instance) + 1;
-
- if ((strlen(ptr) + (ptr - (char *) cip->dat)) > cip->length)
- return(INTK_BADPW);
-
- /* extract server's realm */
- (void) strcpy(rlm,ptr);
- ptr += strlen(rlm) + 1;
-
- /* extract ticket lifetime, server key version, ticket length */
- /* be sure to avoid sign extension on lifetime! */
- lifetime = (unsigned char) ptr[0];
- kvno = (unsigned char) ptr[1];
- tkt->length = (unsigned char) ptr[2];
- ptr += 3;
-
- if ((tkt->length < 0) ||
- ((tkt->length + (ptr - (char *) cip->dat)) > cip->length))
- return(INTK_BADPW);
-
- /* extract ticket itself */
- bcopy(ptr,(char *)(tkt->dat),tkt->length);
- ptr += tkt->length;
-
- if (strcmp(s_name, service) || strcmp(s_instance, sinstance) ||
- strcmp(rlm, realm)) /* not what we asked for */
- return(INTK_ERR); /* we need a better code here XXX */
-
- /* check KDC time stamp */
- bcopy(ptr,(char *)&kdc_time,4); /* Time (coarse) */
- if (swap_bytes) swap_u_long(kdc_time);
-
- ptr += 4;
-
- (void) gettimeofday(&t_local,(struct timezone *) 0);
- if (abs((int)(t_local.tv_sec - kdc_time)) > CLOCK_SKEW) {
- return(RD_AP_TIME); /* XXX should probably be better
- code */
- }
-
- /* initialize ticket cache */
- if (in_tkt(user,instance) != KSUCCESS)
- return(INTK_ERR);
-
- /* stash ticket, session key, etc. for future use */
- if ((kerror = save_credentials(s_name, s_instance, rlm, ses,
- lifetime, kvno, tkt, t_local.tv_sec)))
- return(kerror);
-
- return(INTK_OK);
-}
diff --git a/eBones/lib/libkrb/krb_realmofhost.3 b/eBones/lib/libkrb/krb_realmofhost.3
deleted file mode 100644
index f710bbf..0000000
--- a/eBones/lib/libkrb/krb_realmofhost.3
+++ /dev/null
@@ -1,161 +0,0 @@
-.\" from: krb_realmofhost.3,v 4.1 89/01/23 11:10:47 jtkohl Exp $
-.\" $Id$
-.\" Copyright 1989 by the Massachusetts Institute of Technology.
-.\"
-.\" For copying and distribution information,
-.\" please see the file <Copyright.MIT>.
-.\"
-.TH KRB_REALMOFHOST 3 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-krb_realmofhost, krb_get_phost, krb_get_krbhst, krb_get_admhst,
-krb_get_lrealm \- additional Kerberos utility routines
-.SH SYNOPSIS
-.nf
-.nj
-.ft B
-#include <kerberosIV/krb.h>
-#include <des.h>
-#include <netinet/in.h>
-.PP
-.ft B
-char *krb_realmofhost(host)
-char *host;
-.PP
-.ft B
-char *krb_get_phost(alias)
-char *alias;
-.PP
-.ft B
-krb_get_krbhst(host,realm,n)
-char *host;
-char *realm;
-int n;
-.PP
-.ft B
-krb_get_admhst(host,realm,n)
-char *host;
-char *realm;
-int n;
-.PP
-.ft B
-krb_get_lrealm(realm,n)
-char *realm;
-int n;
-.fi
-.ft R
-.SH DESCRIPTION
-.I krb_realmofhost
-returns the Kerberos realm of the host
-.IR host ,
-as determined by the translation table
-.IR /etc/kerberosIV/krb.realms .
-.I host
-should be the fully-qualified domain-style primary host name of the host
-in question. In order to prevent certain security attacks, this routine
-must either have
-.I a priori
-knowledge of a host's realm, or obtain such information securely.
-.PP
-The format of the translation file is described by
-.IR krb.realms (5).
-If
-.I host
-exactly matches a host_name line, the corresponding realm
-is returned.
-Otherwise, if the domain portion of
-.I host
-matches a domain_name line, the corresponding realm
-is returned.
-If
-.I host
-contains a domain, but no translation is found,
-.IR host 's
-domain is converted to upper-case and returned.
-If
-.I host
-contains no discernable domain, or an error occurs,
-the local realm name, as supplied by
-.IR krb_get_lrealm (3),
-is returned.
-.PP
-.I krb_get_phost
-converts the hostname
-.I alias
-(which can be either an official name or an alias) into the instance
-name to be used in obtaining Kerberos tickets for most services,
-including the Berkeley rcmd suite (rlogin, rcp, rsh).
-.br
-The current convention is to return the first segment of the official
-domain-style name after conversion to lower case.
-.PP
-.I krb_get_krbhst
-fills in
-.I host
-with the hostname of the
-.IR n th
-host running a Kerberos key distribution center (KDC)
-for realm
-.IR realm ,
-as specified in the configuration file (\fI/etc/kerberosIV/krb.conf\fR).
-The configuration file is described by
-.IR krb.conf (5).
-If the host is successfully filled in, the routine
-returns KSUCCESS.
-If the file cannot be opened, and
-.I n
-equals 1, then the value of KRB_HOST as defined in
-.I <krb.h>
-is filled in, and KSUCCESS is returned. If there are fewer than
-.I n
-hosts running a Kerberos KDC for the requested realm, or the
-configuration file is malformed, the routine
-returns KFAILURE.
-.PP
-.I krb_get_admhst
-fills in
-.I host
-with the hostname of the
-.IR n th
-host running a Kerberos KDC database administration server
-for realm
-.IR realm ,
-as specified in the configuration file (\fI/etc/kerberosIV/krb.conf\fR).
-If the file cannot be opened or is malformed, or there are fewer than
-.I n
-hosts running a Kerberos KDC database administration server,
-the routine returns KFAILURE.
-.PP
-The character arrays used as return values for
-.IR krb_get_krbhst ,
-.IR krb_get_admhst ,
-should be large enough to
-hold any hostname (MAXHOSTNAMELEN from <sys/param.h>).
-.PP
-.I krb_get_lrealm
-fills in
-.I realm
-with the
-.IR n th
-realm of the local host, as specified in the configuration file.
-.I realm
-should be at least REALM_SZ (from
-.IR <krb.h>) characters long.
-.PP
-.SH SEE ALSO
-kerberos(3), krb.conf(5), krb.realms(5)
-.SH FILES
-.TP 20n
-/etc/kerberosIV/krb.realms
-translation file for host-to-realm mapping.
-.TP
-/etc/kerberosIV/krb.conf
-local realm-name and realm/server configuration file.
-.SH BUGS
-The current convention for instance names is too limited; the full
-domain name should be used.
-.PP
-.I krb_get_lrealm
-currently only supports
-.I n
-= 1. It should really consult the user's ticket cache to determine the
-user's current realm, rather than consulting a file on the host.
diff --git a/eBones/lib/libkrb/krb_sendauth.3 b/eBones/lib/libkrb/krb_sendauth.3
deleted file mode 100644
index d014d2c..0000000
--- a/eBones/lib/libkrb/krb_sendauth.3
+++ /dev/null
@@ -1,356 +0,0 @@
-.\" from: krb_sendauth.3,v 4.1 89/01/23 11:10:58 jtkohl Exp $
-.\" $Id$
-.\" Copyright 1988 by the Massachusetts Institute of Technology.
-.\"
-.\" For copying and distribution information,
-.\" please see the file <Copyright.MIT>.
-.\"
-.TH KRB_SENDAUTH 3 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-krb_sendauth, krb_recvauth, krb_net_write, krb_net_read \-
-Kerberos routines for sending authentication via network stream sockets
-.SH SYNOPSIS
-.nf
-.nj
-.ft B
-#include <kerberosIV/krb.h>
-#include <des.h>
-#include <netinet/in.h>
-.PP
-.fi
-.HP 1i
-.ft B
-int krb_sendauth(options, fd, ktext, service, inst, realm, checksum,
-msg_data, cred, schedule, laddr, faddr, version)
-.nf
-.RS 0
-.ft B
-long options;
-int fd;
-KTEXT ktext;
-char *service, *inst, *realm;
-u_long checksum;
-MSG_DAT *msg_data;
-CREDENTIALS *cred;
-Key_schedule schedule;
-struct sockaddr_in *laddr, *faddr;
-char *version;
-.PP
-.fi
-.HP 1i
-.ft B
-int krb_recvauth(options, fd, ktext, service, inst, faddr, laddr,
-auth_data, filename, schedule, version)
-.nf
-.RS 0
-.ft B
-long options;
-int fd;
-KTEXT ktext;
-char *service, *inst;
-struct sockaddr_in *faddr, *laddr;
-AUTH_DAT *auth_data;
-char *filename;
-Key_schedule schedule;
-char *version;
-.PP
-.ft B
-int krb_net_write(fd, buf, len)
-int fd;
-char *buf;
-int len;
-.PP
-.ft B
-int krb_net_read(fd, buf, len)
-int fd;
-char *buf;
-int len;
-.fi
-.SH DESCRIPTION
-.PP
-These functions,
-which are built on top of the core Kerberos library,
-provide a convenient means for client and server
-programs to send authentication messages
-to one another through network connections.
-The
-.I krb_sendauth
-function sends an authenticated ticket from the client program to
-the server program by writing the ticket to a network socket.
-The
-.I krb_recvauth
-function receives the ticket from the client by
-reading from a network socket.
-
-To ensure proper behavior on multi-homed systems (machines with more
-than one network interface) all sockets used with these routines should
-be bound to the same address as that used by the Kerberos library via
-.I krb_get_local_addr
-or
-.I krb_bind_local_addr.
-
-.SH KRB_SENDAUTH
-.PP
-This function writes the ticket to
-the network socket specified by the
-file descriptor
-.IR fd,
-returning KSUCCESS if the write proceeds successfully,
-and an error code if it does not.
-
-The
-.I ktext
-argument should point to an allocated KTEXT_ST structure.
-The
-.IR service,
-.IR inst,
-and
-.IR realm
-arguments specify the server program's Kerberos principal name,
-instance, and realm.
-If you are writing a client that uses the local realm exclusively,
-you can set the
-.I realm
-argument to NULL.
-
-The
-.I version
-argument allows the client program to pass an application-specific
-version string that the server program can then match against
-its own version string.
-The
-.I version
-string can be up to KSEND_VNO_LEN (see
-.IR <krb.h> )
-characters in length.
-
-The
-.I checksum
-argument can be used to pass checksum information to the
-server program.
-The client program is responsible for specifying this information.
-This checksum information is difficult to corrupt because
-.I krb_sendauth
-passes it over the network in encrypted form.
-The
-.I checksum
-argument is passed as the checksum argument to
-.IR krb_mk_req .
-
-You can set
-.IR krb_sendauth's
-other arguments to NULL unless you want the
-client and server programs to mutually authenticate
-themselves.
-In the case of mutual authentication,
-the client authenticates itself to the server program,
-and demands that the server in turn authenticate itself to
-the client.
-
-.SH KRB_SENDAUTH AND MUTUAL AUTHENTICATION
-.PP
-If you want mutual authentication,
-make sure that you read all pending data from the local socket
-before calling
-.IR krb_sendauth.
-Set
-.IR krb_sendauth's
-.I options
-argument to
-.BR KOPT_DO_MUTUAL
-(this macro is defined in the
-.IR krb.h
-file);
-make sure that the
-.I laddr
-argument points to
-the address of the local socket,
-and that
-.I faddr
-points to the foreign socket's network address.
-
-.I Krb_sendauth
-fills in the other arguments--
-.IR msg_data ,
-.IR cred ,
-and
-.IR schedule --before
-sending the ticket to the server program.
-You must, however, allocate space for these arguments
-before calling the function.
-
-.I Krb_sendauth
-supports two other options:
-.BR KOPT_DONT_MK_REQ,
-and
-.BR KOPT_DONT_CANON.
-If called with
-.I options
-set as KOPT_DONT_MK_REQ,
-.I krb_sendauth
-will not use the
-.I krb_mk_req
-function to retrieve the ticket from the Kerberos server.
-The
-.I ktext
-argument must point to an existing ticket and authenticator (such as
-would be created by
-.IR krb_mk_req ),
-and the
-.IR service,
-.IR inst,
-and
-.IR realm
-arguments can be set to NULL.
-
-If called with
-.I options
-set as KOPT_DONT_CANON,
-.I krb_sendauth
-will not convert the service's instance to canonical form using
-.IR krb_get_phost (3).
-
-If you want to call
-.I krb_sendauth
-with a multiple
-.I options
-specification,
-construct
-.I options
-as a bitwise-OR of the options you want to specify.
-
-.SH KRB_RECVAUTH
-.PP
-The
-.I krb_recvauth
-function
-reads a ticket/authenticator pair from the socket pointed to by the
-.I fd
-argument.
-Set the
-.I options
-argument
-as a bitwise-OR of the options desired.
-Currently only KOPT_DO_MUTUAL is useful to the receiver.
-
-The
-.I ktext
-argument
-should point to an allocated KTEXT_ST structure.
-.I Krb_recvauth
-fills
-.I ktext
-with the
-ticket/authenticator pair read from
-.IR fd ,
-then passes it to
-.IR krb_rd_req .
-
-The
-.I service
-and
-.I inst
-arguments
-specify the expected service and instance for which the ticket was
-generated. They are also passed to
-.IR krb_rd_req.
-The
-.I inst
-argument may be set to "*" if the caller wishes
-.I krb_mk_req
-to fill in the instance used (note that there must be space in the
-.I inst
-argument to hold a full instance name, see
-.IR krb_mk_req (3)).
-
-The
-.I faddr
-argument
-should point to the address of the peer which is presenting the ticket.
-It is also passed to
-.IR krb_rd_req .
-
-If the client and server plan to mutually authenticate
-one another,
-the
-.I laddr
-argument
-should point to the local address of the file descriptor.
-Otherwise you can set this argument to NULL.
-
-The
-.I auth_data
-argument
-should point to an allocated AUTH_DAT area.
-It is passed to and filled in by
-.IR krb_rd_req .
-The checksum passed to the corresponding
-.I krb_sendauth
-is available as part of the filled-in AUTH_DAT area.
-
-The
-.I filename
-argument
-specifies the filename
-which the service program should use to obtain its service key.
-.I Krb_recvauth
-passes
-.I filename
-to the
-.I krb_rd_req
-function.
-If you set this argument to "",
-.I krb_rd_req
-looks for the service key in the file
-.IR /etc/kerberosIV/srvtab.
-
-If the client and server are performing mutual authenication,
-the
-.I schedule
-argument
-should point to an allocated Key_schedule.
-Otherwise it is ignored and may be NULL.
-
-The
-.I version
-argument should point to a character array of at least KSEND_VNO_LEN
-characters. It is filled in with the version string passed by the client to
-.IR krb_sendauth.
-.PP
-.SH KRB_NET_WRITE AND KRB_NET_READ
-.PP
-The
-.I krb_net_write
-function
-emulates the write(2) system call, but guarantees that all data
-specified is written to
-.I fd
-before returning, unless an error condition occurs.
-.PP
-The
-.I krb_net_read
-function
-emulates the read(2) system call, but guarantees that the requested
-amount of data is read from
-.I fd
-before returning, unless an error condition occurs.
-.PP
-.SH BUGS
-.IR krb_sendauth,
-.IR krb_recvauth,
-.IR krb_net_write,
-and
-.IR krb_net_read
-will not work properly on sockets set to non-blocking I/O mode.
-
-.SH SEE ALSO
-
-krb_mk_req(3), krb_rd_req(3), krb_get_phost(3), krb_get_local_addr(3),
-krb_bind_local_addr(3)
-
-.SH AUTHOR
-John T. Kohl, MIT Project Athena
-.SH RESTRICTIONS
-Copyright 1988, Massachusetts Instititute of Technology.
-For copying and distribution information,
-please see the file <Copyright.h>.
diff --git a/eBones/lib/libkrb/krb_set_tkt_string.3 b/eBones/lib/libkrb/krb_set_tkt_string.3
deleted file mode 100644
index 4adf847..0000000
--- a/eBones/lib/libkrb/krb_set_tkt_string.3
+++ /dev/null
@@ -1,43 +0,0 @@
-.\" from: krb_set_tkt_string.3,v 4.1 89/01/23 11:11:09 jtkohl Exp $
-.\" $Id$
-.\" Copyright 1989 by the Massachusetts Institute of Technology.
-.\"
-.\" For copying and distribution information,
-.\" please see the file <Copyright.MIT>.
-.\"
-.TH KRB_SET_TKT_STRING 3 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-krb_set_tkt_string \- set Kerberos ticket cache file name
-.SH SYNOPSIS
-.nf
-.nj
-.ft B
-#include <kerberosIV/krb.h>
-.PP
-.ft B
-void krb_set_tkt_string(filename)
-char *filename;
-.fi
-.ft R
-.SH DESCRIPTION
-.I krb_set_tkt_string
-sets the name of the file that holds the user's
-cache of Kerberos server tickets and associated session keys.
-.PP
-The string
-.I filename
-passed in is copied into local storage.
-Only MAXPATHLEN-1 (see <sys/param.h>) characters of the filename are
-copied in for use as the cache file name.
-.PP
-This routine should be called during initialization, before other
-Kerberos routines are called; otherwise the routines which fetch the
-ticket cache file name may be called and return an undesired ticket file
-name until this routine is called.
-.SH FILES
-.TP 20n
-/tmp/tkt[uid]
-default ticket file name, unless the environment variable KRBTKFILE is set.
-[uid] denotes the user's uid, in decimal.
-.SH SEE ALSO
-kerberos(3), setenv(3)
diff --git a/eBones/lib/libkrb/krbglue.c b/eBones/lib/libkrb/krbglue.c
deleted file mode 100644
index 80edeba..0000000
--- a/eBones/lib/libkrb/krbglue.c
+++ /dev/null
@@ -1,258 +0,0 @@
-/*
- * Copyright 1988 by the Massachusetts Institute of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: krbglue.c,v 4.1 89/01/23 15:51:50 wesommer Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-$Id$";
-#endif lint
-#endif
-
-#ifndef NCOMPAT
-/*
- * glue together new libraries and old clients
- */
-
-#include <stdio.h>
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <des.h>
-#include "krb.h"
-
-/* These definitions should be in krb.h, no? */
-/*
-#if defined(__HIGHC__)
-#undef __STDC__
-#endif
-#ifdef __STDC__
-extern int krb_mk_req (KTEXT, char *, char *, char *, long);
-extern int krb_rd_req (KTEXT, char *, char *, long, AUTH_DAT *, char *);
-extern int krb_kntoln (AUTH_DAT *, char *);
-extern int krb_set_key (char *, int);
-extern int krb_get_cred (char *, char *, char *, CREDENTIALS *);
-extern long krb_mk_priv (u_char *, u_char *, u_long, Key_schedule,
- C_Block, struct sockaddr_in *,
- struct sockaddr_in *);
-extern long krb_rd_priv (u_char *, u_long, Key_schedule,
- C_Block, struct sockaddr_in *,
- struct sockaddr_in *, MSG_DAT *);
-extern long krb_mk_safe (u_char *, u_char *, u_long, C_Block *,
- struct sockaddr_in *, struct sockaddr_in *);
-extern long krb_rd_safe (u_char *, u_long, C_Block *,
- struct sockaddr_in *, struct sockaddr_in *,
- MSG_DAT *);
-extern long krb_mk_err (u_char *, long, char *);
-extern int krb_rd_err (u_char *, u_long, long *, MSG_DAT *);
-extern int krb_get_pw_in_tkt (char *, char *, char *, char *, char *, int,
- char *);
-extern int krb_get_svc_in_tkt (char *, char *, char *, char *, char *, int,
- char *);
-extern int krb_get_pw_tkt (char *, char *, char *, char *);
-extern int krb_get_lrealm (char *, char *);
-extern int krb_realmofhost (char *);
-extern char *krb_get_phost (char *);
-extern int krb_get_krbhst (char *, char *, int);
-#ifdef DEBUG
-extern KTEXT krb_create_death_packet (char *);
-#endif
-#else
-extern int krb_mk_req ();
-extern int krb_rd_req ();
-extern int krb_kntoln ();
-extern int krb_set_key ();
-extern int krb_get_cred ();
-extern long krb_mk_priv ();
-extern long krb_rd_priv ();
-extern long krb_mk_safe ();
-extern long krb_rd_safe ();
-extern long krb_mk_err ();
-extern int krb_rd_err ();
-extern int krb_get_pw_in_tkt ();
-extern int krb_get_svc_in_tkt ();
-extern int krb_get_pw_tkt ();
-extern int krb_get_lrealm ();
-extern int krb_realmofhost ();
-extern char *krb_get_phost ();
-extern int krb_get_krbhst ();
-#ifdef DEBUG
-extern KTEXT krb_create_death_packet ();
-#endif
-#endif
-*/
-
-
-int mk_ap_req(authent, service, instance, realm, checksum)
- KTEXT authent;
- char *service, *instance, *realm;
- u_long checksum;
-{
- return krb_mk_req(authent,service,instance,realm,checksum);
-}
-
-int rd_ap_req(authent, service, instance, from_addr, ad, fn)
- KTEXT authent;
- char *service, *instance;
- u_long from_addr;
- AUTH_DAT *ad;
- char *fn;
-{
- return krb_rd_req(authent,service,instance,from_addr,ad,fn);
-}
-
-int an_to_ln(ad, lname)
- AUTH_DAT *ad;
- char *lname;
-{
- return krb_kntoln (ad,lname);
-}
-
-int set_serv_key (key, cvt)
- char *key;
- int cvt;
-{
- return krb_set_key(key,cvt);
-}
-
-int get_credentials (svc,inst,rlm,cred)
- char *svc, *inst, *rlm;
- CREDENTIALS *cred;
-{
- return krb_get_cred (svc, inst, rlm, cred);
-}
-
-long mk_private_msg (in,out,in_length,schedule,key,sender,receiver)
- u_char *in, *out;
- u_long in_length;
- Key_schedule schedule;
- C_Block key;
- struct sockaddr_in *sender, *receiver;
-{
- return krb_mk_priv (in,out,in_length,schedule,key,sender,receiver);
-}
-
-long rd_private_msg (in,in_length,schedule,key,sender,receiver,msg_data)
- u_char *in;
- u_long in_length;
- Key_schedule schedule;
- C_Block key;
- struct sockaddr_in *sender, *receiver;
- MSG_DAT *msg_data;
-{
- return krb_rd_priv (in,in_length,schedule,key,sender,receiver,msg_data);
-}
-
-long mk_safe_msg (in,out,in_length,key,sender,receiver)
- u_char *in, *out;
- u_long in_length;
- C_Block *key;
- struct sockaddr_in *sender, *receiver;
-{
- return krb_mk_safe (in,out,in_length,key,sender,receiver);
-}
-
-long rd_safe_msg (in,length,key,sender,receiver,msg_data)
- u_char *in;
- u_long length;
- C_Block *key;
- struct sockaddr_in *sender, *receiver;
- MSG_DAT *msg_data;
-{
- return krb_rd_safe (in,length,key,sender,receiver,msg_data);
-}
-
-long mk_appl_err_msg (out,code,string)
- u_char *out;
- long code;
- char *string;
-{
- return krb_mk_err (out,code,string);
-}
-
-long rd_appl_err_msg (in,length,code,msg_data)
- u_char *in;
- u_long length;
- long *code;
- MSG_DAT *msg_data;
-{
- return krb_rd_err (in,length,code,msg_data);
-}
-
-int get_in_tkt(user,instance,realm,service,sinstance,life,password)
- char *user, *instance, *realm, *service, *sinstance;
- int life;
- char *password;
-{
- return krb_get_pw_in_tkt(user,instance,realm,service,sinstance,
- life,password);
-}
-
-int get_svc_in_tkt(user, instance, realm, service, sinstance, life, srvtab)
- char *user, *instance, *realm, *service, *sinstance;
- int life;
- char *srvtab;
-{
- return krb_get_svc_in_tkt(user, instance, realm, service, sinstance,
- life, srvtab);
-}
-
-int get_pw_tkt(user,instance,realm,cpw)
- char *user;
- char *instance;
- char *realm;
- char *cpw;
-{
- return krb_get_pw_tkt(user,instance,realm,cpw);
-}
-
-int
-get_krbrlm (r, n)
-char *r;
-int n;
-{
- return krb_get_lream(r,n);
-}
-
-int
-krb_getrealm (host)
-{
- return krb_realmofhost(host);
-}
-
-char *
-get_phost (host)
-char *host
-{
- return krb_get_phost(host);
-}
-
-int
-get_krbhst (h, r, n)
-char *h;
-char *r;
-int n;
-{
- return krb_get_krbhst(h,r,n);
-}
-#ifdef DEBUG
-struct ktext *create_death_packet(a_name)
- char *a_name;
-{
- return krb_create_death_packet(a_name);
-}
-#endif /* DEBUG */
-
-#if 0
-extern int krb_ck_repl ();
-
-int check_replay ()
-{
- return krb_ck_repl ();
-}
-#endif
-#endif /* NCOMPAT */
diff --git a/eBones/lib/libkrb/kuserok.3 b/eBones/lib/libkrb/kuserok.3
deleted file mode 100644
index 4108bc5..0000000
--- a/eBones/lib/libkrb/kuserok.3
+++ /dev/null
@@ -1,63 +0,0 @@
-.\" from: kuserok.3,v 4.1 89/01/23 11:11:49 jtkohl Exp $
-.\" $Id$
-.\" Copyright 1989 by the Massachusetts Institute of Technology.
-.\"
-.\" For copying and distribution information,
-.\" please see the file <Copyright.MIT>.
-.\"
-.TH KUSEROK 3 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-kuserok \- Kerberos version of ruserok
-.SH SYNOPSIS
-.nf
-.nj
-.ft B
-#include <kerberosIV/krb.h>
-.PP
-.ft B
-kuserok(kdata, localuser)
-AUTH_DAT *auth_data;
-char *localuser;
-.fi
-.ft R
-.SH DESCRIPTION
-.I kuserok
-determines whether a Kerberos principal described by the structure
-.I auth_data
-is authorized to login as user
-.I localuser
-according to the authorization file
-("~\fIlocaluser\fR/.klogin" by default). It returns 0 (zero) if authorized,
-1 (one) if not authorized.
-.PP
-If there is no account for
-.I localuser
-on the local machine, authorization is not granted.
-If there is no authorization file, and the Kerberos principal described
-by
-.I auth_data
-translates to
-.I localuser
-(using
-.IR krb_kntoln (3)),
-authorization is granted.
-If the authorization file
-can't be accessed, or the file is not owned by
-.IR localuser,
-authorization is denied. Otherwise, the file is searched for
-a matching principal name, instance, and realm. If a match is found,
-authorization is granted, else authorization is denied.
-.PP
-The file entries are in the format:
-.nf
-.in +5n
- name.instance@realm
-.in -5n
-.fi
-with one entry per line.
-.SH SEE ALSO
-kerberos(3), ruserok(3), krb_kntoln(3)
-.SH FILES
-.TP 20n
-~\fIlocaluser\fR/.klogin
-authorization list
diff --git a/eBones/lib/libkrb/kuserok.c b/eBones/lib/libkrb/kuserok.c
deleted file mode 100644
index c02598b..0000000
--- a/eBones/lib/libkrb/kuserok.c
+++ /dev/null
@@ -1,199 +0,0 @@
-/*
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * kuserok: check if a kerberos principal has
- * access to a local account
- *
- * from: kuserok.c,v 4.5 89/01/23 09:25:21 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif lint
-#endif
-
-#include <krb.h>
-#include <stdio.h>
-#include <unistd.h>
-#include <pwd.h>
-#include <sys/param.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <sys/file.h>
-#include <strings.h>
-
-#define OK 0
-#define NOTOK 1
-#define MAX_USERNAME 10
-
-/*
- * Given a Kerberos principal "kdata", and a local username "luser",
- * determine whether user is authorized to login according to the
- * authorization file ("~luser/.klogin" by default). Returns OK
- * if authorized, NOTOK if not authorized.
- *
- * If there is no account for "luser" on the local machine, returns
- * NOTOK. If there is no authorization file, and the given Kerberos
- * name "kdata" translates to the same name as "luser" (using
- * krb_kntoln()), returns OK. Otherwise, if the authorization file
- * can't be accessed, returns NOTOK. Otherwise, the file is read for
- * a matching principal name, instance, and realm. If one is found,
- * returns OK, if none is found, returns NOTOK.
- *
- * The file entries are in the format:
- *
- * name.instance@realm
- *
- * one entry per line.
- *
- * The ATHENA_COMPAT code supports old-style Athena ~luser/.klogin
- * file entries. See the file "kparse.c".
- */
-
-#ifdef ATHENA_COMPAT
-
-#include <kparse.h>
-
-/*
- * The parmtable defines the keywords we will recognize with their
- * default values, and keeps a pointer to the found value. The found
- * value should be filled in with strsave(), since FreeParameterSet()
- * will release memory for all non-NULL found strings.
- *
-*** NOTE WELL! ***
- *
- * The table below is very nice, but we cannot hard-code a default for the
- * realm: we have to get the realm via krb_get_lrealm(). Even though the
- * default shows as "from krb_get_lrealm, below", it gets changed in
- * kuserok to whatever krb_get_lrealm() tells us. That code assumes that
- * the realm will be the entry number in the table below, so if you
- * change the order of the entries below, you have to change the
- * #definition of REALM_SCRIPT to reflect it.
- */
-#define REALM_SUBSCRIPT 1
-parmtable kparm[] = {
-
-/* keyword default found value */
-{"user", "", (char *) NULL},
-{"realm", "see krb_get_lrealm, below", (char *) NULL},
-{"instance", "", (char *) NULL},
-};
-#define KPARMS kparm,PARMCOUNT(kparm)
-#endif ATHENA_COMPAT
-
-int
-kuserok(kdata, luser)
- AUTH_DAT *kdata;
- char *luser;
-{
- struct stat sbuf;
- struct passwd *pwd;
- char pbuf[MAXPATHLEN];
- int isok = NOTOK, rc;
- FILE *fp;
- char kuser[MAX_USERNAME];
- char principal[ANAME_SZ], inst[INST_SZ], realm[REALM_SZ];
- char linebuf[BUFSIZ];
- char *newline;
- int gobble;
-#ifdef ATHENA_COMPAT
- char local_realm[REALM_SZ];
-#endif ATHENA_COMPAT
-
- /* no account => no access */
- if ((pwd = getpwnam(luser)) == NULL) {
- return(NOTOK);
- }
- (void) strcpy(pbuf, pwd->pw_dir);
- (void) strcat(pbuf, "/.klogin");
-
- if (access(pbuf, F_OK)) { /* not accessible */
- /*
- * if he's trying to log in as himself, and there is no .klogin file,
- * let him. To find out, call
- * krb_kntoln to convert the triple in kdata to a name which we can
- * string compare.
- */
- if (!krb_kntoln(kdata, kuser) && (strcmp(kuser, luser) == 0)) {
- return(OK);
- }
- }
- /* open ~/.klogin */
- if ((fp = fopen(pbuf, "r")) == NULL) {
- return(NOTOK);
- }
- /*
- * security: if the user does not own his own .klogin file,
- * do not grant access
- */
- if (fstat(fileno(fp), &sbuf)) {
- fclose(fp);
- return(NOTOK);
- }
- if (sbuf.st_uid != pwd->pw_uid) {
- fclose(fp);
- return(NOTOK);
- }
-
-#ifdef ATHENA_COMPAT
- /* Accept old-style .klogin files */
-
- /*
- * change the default realm from the hard-coded value to the
- * accepted realm that Kerberos specifies.
- */
- rc = krb_get_lrealm(local_realm, 1);
- if (rc == KSUCCESS)
- kparm[REALM_SUBSCRIPT].defvalue = local_realm;
- else
- return (rc);
-
- /* check each line */
- while ((isok != OK) && (rc = fGetParameterSet(fp, KPARMS)) != PS_EOF) {
- switch (rc) {
- case PS_BAD_KEYWORD:
- case PS_SYNTAX:
- while (((gobble = fGetChar(fp)) != EOF) && (gobble != '\n'));
- break;
-
- case PS_OKAY:
- isok = (ParmCompare(KPARMS, "user", kdata->pname) ||
- ParmCompare(KPARMS, "instance", kdata->pinst) ||
- ParmCompare(KPARMS, "realm", kdata->prealm));
- break;
-
- default:
- break;
- }
- FreeParameterSet(kparm, PARMCOUNT(kparm));
- }
- /* reset the stream for parsing new-style names, if necessary */
- rewind(fp);
-#endif ATHENA_COMPAT
-
- /* check each line */
- while ((isok != OK) && (fgets(linebuf, BUFSIZ, fp) != NULL)) {
- /* null-terminate the input string */
- linebuf[BUFSIZ-1] = '\0';
- newline = NULL;
- /* nuke the newline if it exists */
- if ((newline = index(linebuf, '\n')))
- *newline = '\0';
- rc = kname_parse(principal, inst, realm, linebuf);
- if (rc == KSUCCESS) {
- isok = (strncmp(kdata->pname, principal, ANAME_SZ) ||
- strncmp(kdata->pinst, inst, INST_SZ) ||
- strncmp(kdata->prealm, realm, REALM_SZ));
- }
- /* clean up the rest of the line if necessary */
- if (!newline)
- while (((gobble = getc(fp)) != EOF) && gobble != '\n');
- }
- fclose(fp);
- return(isok);
-}
diff --git a/eBones/lib/libkrb/log.c b/eBones/lib/libkrb/log.c
deleted file mode 100644
index 207fe64..0000000
--- a/eBones/lib/libkrb/log.c
+++ /dev/null
@@ -1,125 +0,0 @@
-/*
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: log.c,v 4.7 88/12/01 14:15:14 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char *rcsid =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <sys/time.h>
-#include <stdio.h>
-#include <krb.h>
-#include <klog.h>
-
-static char *log_name = KRBLOG;
-static is_open;
-
-/*
- * This file contains three logging routines: set_logfile()
- * to determine the file that log entries should be written to;
- * and log() and new_log() to write log entries to the file.
- */
-
-/*
- * log() is used to add entries to the logfile (see set_logfile()
- * below). Note that it is probably not portable since it makes
- * assumptions about what the compiler will do when it is called
- * with less than the correct number of arguments which is the
- * way it is usually called.
- *
- * The log entry consists of a timestamp and the given arguments
- * printed according to the given "format".
- *
- * The log file is opened and closed for each log entry.
- *
- * The return value is undefined.
- */
-
-__BEGIN_DECLS
-char *month_sname __P((int));
-__END_DECLS
-
-
-/*VARARGS1 */
-void log(format,a1,a2,a3,a4,a5,a6,a7,a8,a9,a0)
- char *format;
- int a1,a2,a3,a4,a5,a6,a7,a8,a9,a0;
-{
- FILE *logfile, *fopen();
- long time(),now;
- struct tm *tm;
-
- if ((logfile = fopen(log_name,"a")) == NULL)
- return;
-
- (void) time(&now);
- tm = localtime(&now);
-
- fprintf(logfile,"%2d-%s-%02d %02d:%02d:%02d ",tm->tm_mday,
- month_sname(tm->tm_mon + 1),tm->tm_year,
- tm->tm_hour, tm->tm_min, tm->tm_sec);
- fprintf(logfile,format,a1,a2,a3,a4,a5,a6,a7,a8,a9,a0);
- fprintf(logfile,"\n");
- (void) fclose(logfile);
- return;
-}
-
-/*
- * set_logfile() changes the name of the file to which
- * messages are logged. If set_logfile() is not called,
- * the logfile defaults to KRBLOG, defined in "krb.h".
- */
-
-void
-set_logfile(filename)
- char *filename;
-{
- log_name = filename;
- is_open = 0;
-}
-
-/*
- * new_log() appends a log entry containing the give time "t" and the
- * string "string" to the logfile (see set_logfile() above). The file
- * is opened once and left open. The routine returns 1 on failure, 0
- * on success.
- */
-
-int
-new_log(t,string)
- long t;
- char *string;
-{
- static FILE *logfile;
-
- long time();
- struct tm *tm;
-
- if (!is_open) {
- if ((logfile = fopen(log_name,"a")) == NULL) return(1);
- is_open = 1;
- }
-
- if (t) {
- tm = localtime(&t);
-
- fprintf(logfile,"\n%2d-%s-%02d %02d:%02d:%02d %s",tm->tm_mday,
- month_sname(tm->tm_mon + 1),tm->tm_year,
- tm->tm_hour, tm->tm_min, tm->tm_sec, string);
- }
- else {
- fprintf(logfile,"\n%20s%s","",string);
- }
-
- (void) fflush(logfile);
- return(0);
-}
diff --git a/eBones/lib/libkrb/mk_err.c b/eBones/lib/libkrb/mk_err.c
deleted file mode 100644
index 2142b1a..0000000
--- a/eBones/lib/libkrb/mk_err.c
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: mk_err.c,v 4.4 88/11/15 16:33:36 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char *rcsid =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <sys/types.h>
-#include <krb.h>
-#include <prot.h>
-#include <strings.h>
-
-/*
- * This routine creates a general purpose error reply message. It
- * doesn't use KTEXT because application protocol may have long
- * messages, and may want this part of buffer contiguous to other
- * stuff.
- *
- * The error reply is built in "p", using the error code "e" and
- * error text "e_string" given. The length of the error reply is
- * returned.
- *
- * The error reply is in the following format:
- *
- * unsigned char KRB_PROT_VERSION protocol version no.
- * unsigned char AUTH_MSG_APPL_ERR message type
- * (least significant
- * bit of above) HOST_BYTE_ORDER local byte order
- * 4 bytes e given error code
- * string e_string given error text
- */
-
-long krb_mk_err(p,e,e_string)
- u_char *p; /* Where to build error packet */
- long e; /* Error code */
- char *e_string; /* Text of error */
-{
- u_char *start;
-
- start = p;
-
- /* Create fixed part of packet */
- *p++ = (unsigned char) KRB_PROT_VERSION;
- *p = (unsigned char) AUTH_MSG_APPL_ERR;
- *p++ |= HOST_BYTE_ORDER;
-
- /* Add the basic info */
- bcopy((char *)&e,(char *)p,4); /* err code */
- p += sizeof(e);
- (void) strcpy((char *)p,e_string); /* err text */
- p += strlen(e_string);
-
- /* And return the length */
- return p-start;
-}
diff --git a/eBones/lib/libkrb/mk_priv.c b/eBones/lib/libkrb/mk_priv.c
deleted file mode 100644
index ecdb540..0000000
--- a/eBones/lib/libkrb/mk_priv.c
+++ /dev/null
@@ -1,207 +0,0 @@
-/*
- * Copyright 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * This routine constructs a Kerberos 'private msg', i.e.
- * cryptographically sealed with a private session key.
- *
- * Note-- bcopy is used to avoid alignment problems on IBM RT.
- *
- * Note-- It's too bad that it did a long int compare on the RT before.
- *
- * Returns either < 0 ===> error, or resulting size of message
- *
- * Steve Miller Project Athena MIT/DEC
- *
- * from: mk_priv.c,v 4.13 89/03/22 14:48:59 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif /* lint */
-#endif
-
-/* system include files */
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <sys/time.h>
-
-/* application include files */
-#include <des.h>
-#include <krb.h>
-#include <prot.h>
-#include "lsb_addr_comp.h"
-
-extern char *errmsg();
-extern int errno;
-extern int krb_debug;
-
-/* static storage */
-
-
-static u_long c_length;
-static struct timeval msg_time;
-static u_char msg_time_5ms;
-static long msg_time_sec;
-
-/*
- * krb_mk_priv() constructs an AUTH_MSG_PRIVATE message. It takes
- * some user data "in" of "length" bytes and creates a packet in "out"
- * consisting of the user data, a timestamp, and the sender's network
- * address.
-#ifndef NOENCRYTION
- * The packet is encrypted by pcbc_encrypt(), using the given
- * "key" and "schedule".
-#endif
- * The length of the resulting packet "out" is
- * returned.
- *
- * It is similar to krb_mk_safe() except for the additional key
- * schedule argument "schedule" and the fact that the data is encrypted
- * rather than appended with a checksum. Also, the protocol version
- * number is "private_msg_ver", defined in krb_rd_priv.c, rather than
- * KRB_PROT_VERSION, defined in "krb.h".
- *
- * The "out" packet consists of:
- *
- * Size Variable Field
- * ---- -------- -----
- *
- * 1 byte private_msg_ver protocol version number
- * 1 byte AUTH_MSG_PRIVATE | message type plus local
- * HOST_BYTE_ORDER byte order in low bit
- *
- * 4 bytes c_length length of data
-#ifndef NOENCRYPT
- * we encrypt from here with pcbc_encrypt
-#endif
- *
- * 4 bytes length length of user data
- * length in user data
- * 1 byte msg_time_5ms timestamp milliseconds
- * 4 bytes sender->sin.addr.s_addr sender's IP address
- *
- * 4 bytes msg_time_sec or timestamp seconds with
- * -msg_time_sec direction in sign bit
- *
- * 0<=n<=7 bytes pad to 8 byte multiple zeroes
- */
-
-long krb_mk_priv(in,out,length,schedule,key,sender,receiver)
- u_char *in; /* application data */
- u_char *out; /* put msg here, leave room for
- * header! breaks if in and out
- * (header stuff) overlap */
- u_long length; /* of in data */
- Key_schedule schedule; /* precomputed key schedule */
- C_Block key; /* encryption key for seed and ivec */
- struct sockaddr_in *sender; /* sender address */
- struct sockaddr_in *receiver; /* receiver address */
-{
- register u_char *p,*q;
- static u_char *c_length_ptr;
- extern int private_msg_ver; /* in krb_rd_priv.c */
-
- /*
- * get the current time to use instead of a sequence #, since
- * process lifetime may be shorter than the lifetime of a session
- * key.
- */
- if (gettimeofday(&msg_time,(struct timezone *)0)) {
- return -1;
- }
- msg_time_sec = (long) msg_time.tv_sec;
- msg_time_5ms = msg_time.tv_usec/5000; /* 5ms quanta */
-
- p = out;
-
- *p++ = private_msg_ver;
- *p++ = AUTH_MSG_PRIVATE | HOST_BYTE_ORDER;
-
- /* calculate cipher length */
- c_length_ptr = p;
- p += sizeof(c_length);
-
- q = p;
-
- /* stuff input length */
- bcopy((char *)&length,(char *)p,sizeof(length));
- p += sizeof(length);
-
-#ifdef NOENCRYPTION
- /* make all the stuff contiguous for checksum */
-#else
- /* make all the stuff contiguous for checksum and encryption */
-#endif
- bcopy((char *)in,(char *)p,(int) length);
- p += length;
-
- /* stuff time 5ms */
- bcopy((char *)&msg_time_5ms,(char *)p,sizeof(msg_time_5ms));
- p += sizeof(msg_time_5ms);
-
- /* stuff source address */
- bcopy((char *)&sender->sin_addr.s_addr,(char *)p,
- sizeof(sender->sin_addr.s_addr));
- p += sizeof(sender->sin_addr.s_addr);
-
- /*
- * direction bit is the sign bit of the timestamp. Ok
- * until 2038??
- */
- /* For compatibility with broken old code, compares are done in VAX
- byte order (LSBFIRST) */
- if (lsb_net_ulong_less(sender->sin_addr.s_addr, /* src < recv */
- receiver->sin_addr.s_addr)==-1)
- msg_time_sec = -msg_time_sec;
- else if (lsb_net_ulong_less(sender->sin_addr.s_addr,
- receiver->sin_addr.s_addr)==0)
- if (lsb_net_ushort_less(sender->sin_port,receiver->sin_port) == -1)
- msg_time_sec = -msg_time_sec;
- /* stuff time sec */
- bcopy((char *)&msg_time_sec,(char *)p,sizeof(msg_time_sec));
- p += sizeof(msg_time_sec);
-
- /*
- * All that for one tiny bit! Heaven help those that talk to
- * themselves.
- */
-
-#ifdef notdef
- /*
- * calculate the checksum of the length, address, sequence, and
- * inp data
- */
- cksum = quad_cksum(q,NULL,p-q,0,key);
- if (krb_debug)
- printf("\ncksum = %u",cksum);
- /* stuff checksum */
- bcopy((char *) &cksum,(char *) p,sizeof(cksum));
- p += sizeof(cksum);
-#endif
-
- /*
- * All the data have been assembled, compute length
- */
-
- c_length = p - q;
- c_length = ((c_length + sizeof(C_Block) -1)/sizeof(C_Block)) *
- sizeof(C_Block);
- /* stuff the length */
- bcopy((char *) &c_length,(char *)c_length_ptr,sizeof(c_length));
-
-#ifndef NOENCRYPTION
- pcbc_encrypt((C_Block *)q,(C_Block *)q,(long)(p-q),schedule,(C_Block *)key,
- ENCRYPT);
-#endif /* NOENCRYPTION */
-
- return (q - out + c_length); /* resulting size */
-}
diff --git a/eBones/lib/libkrb/mk_req.c b/eBones/lib/libkrb/mk_req.c
deleted file mode 100644
index ca19b2d..0000000
--- a/eBones/lib/libkrb/mk_req.c
+++ /dev/null
@@ -1,198 +0,0 @@
-/*
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: der: mk_req.c,v 4.17 89/07/07 15:20:35 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char *rcsid =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <krb.h>
-#include <prot.h>
-#include <des.h>
-#include <sys/time.h>
-#include <strings.h>
-
-extern int krb_ap_req_debug;
-static struct timeval tv_local = { 0, 0 };
-static int lifetime = DEFAULT_TKT_LIFE;
-
-/*
- * krb_mk_req takes a text structure in which an authenticator is to
- * be built, the name of a service, an instance, a realm,
- * and a checksum. It then retrieves a ticket for
- * the desired service and creates an authenticator in the text
- * structure passed as the first argument. krb_mk_req returns
- * KSUCCESS on success and a Kerberos error code on failure.
- *
- * The peer procedure on the other end is krb_rd_req. When making
- * any changes to this routine it is important to make corresponding
- * changes to krb_rd_req.
- *
- * The authenticator consists of the following:
- *
- * authent->dat
- *
- * unsigned char KRB_PROT_VERSION protocol version no.
- * unsigned char AUTH_MSG_APPL_REQUEST message type
- * (least significant
- * bit of above) HOST_BYTE_ORDER local byte ordering
- * unsigned char kvno from ticket server's key version
- * string realm server's realm
- * unsigned char tl ticket length
- * unsigned char idl request id length
- * text ticket->dat ticket for server
- * text req_id->dat request id
- *
- * The ticket information is retrieved from the ticket cache or
- * fetched from Kerberos. The request id (called the "authenticator"
- * in the papers on Kerberos) contains the following:
- *
- * req_id->dat
- *
- * string cr.pname {name, instance, and
- * string cr.pinst realm of principal
- * string myrealm making this request}
- * 4 bytes checksum checksum argument given
- * unsigned char tv_local.tf_usec time (milliseconds)
- * 4 bytes tv_local.tv_sec time (seconds)
- *
- * req_id->length = 3 strings + 3 terminating nulls + 5 bytes for time,
- * all rounded up to multiple of 8.
- */
-
-int
-krb_mk_req(authent,service,instance,realm,checksum)
- register KTEXT authent; /* Place to build the authenticator */
- char *service; /* Name of the service */
- char *instance; /* Service instance */
- char *realm; /* Authentication domain of service */
- long checksum; /* Checksum of data (optional) */
-{
- static KTEXT_ST req_st; /* Temp storage for req id */
- register KTEXT req_id = &req_st;
- unsigned char *v = authent->dat; /* Prot version number */
- unsigned char *t = (authent->dat+1); /* Message type */
- unsigned char *kv = (authent->dat+2); /* Key version no */
- unsigned char *tl = (authent->dat+4+strlen(realm)); /* Tkt len */
- unsigned char *idl = (authent->dat+5+strlen(realm)); /* Reqid len */
- CREDENTIALS cr; /* Credentials used by retr */
- register KTEXT ticket = &(cr.ticket_st); /* Pointer to tkt_st */
- int retval; /* Returned by krb_get_cred */
- static Key_schedule key_s;
- char myrealm[REALM_SZ];
-
- /* The fixed parts of the authenticator */
- *v = (unsigned char) KRB_PROT_VERSION;
- *t = (unsigned char) AUTH_MSG_APPL_REQUEST;
- *t |= HOST_BYTE_ORDER;
-
- /* Get the ticket and move it into the authenticator */
- if (krb_ap_req_debug)
- printf("Realm: %s\n",realm);
- /*
- * Determine realm of these tickets. We will send this to the
- * KDC from which we are requesting tickets so it knows what to
- * with our session key.
- */
- if ((retval = krb_get_tf_realm(TKT_FILE, myrealm)) != KSUCCESS)
- return(retval);
-
- retval = krb_get_cred(service,instance,realm,&cr);
-
- if (retval == RET_NOTKT) {
- if ((retval = get_ad_tkt(service,instance,realm,lifetime)))
- return(retval);
- if ((retval = krb_get_cred(service,instance,realm,&cr)))
- return(retval);
- }
-
- if (retval != KSUCCESS) return (retval);
-
- if (krb_ap_req_debug)
- printf("%s %s %s %s %s\n", service, instance, realm,
- cr.pname, cr.pinst);
- *kv = (unsigned char) cr.kvno;
- (void) strcpy((char *)(authent->dat+3),realm);
- *tl = (unsigned char) ticket->length;
- bcopy((char *)(ticket->dat),(char *)(authent->dat+6+strlen(realm)),
- ticket->length);
- authent->length = 6 + strlen(realm) + ticket->length;
- if (krb_ap_req_debug)
- printf("Ticket->length = %d\n",ticket->length);
- if (krb_ap_req_debug)
- printf("Issue date: %ld\n",cr.issue_date);
-
- /* Build request id */
- (void) strcpy((char *)(req_id->dat),cr.pname); /* Auth name */
- req_id->length = strlen(cr.pname)+1;
- /* Principal's instance */
- (void) strcpy((char *)(req_id->dat+req_id->length),cr.pinst);
- req_id->length += strlen(cr.pinst)+1;
- /* Authentication domain */
- (void) strcpy((char *)(req_id->dat+req_id->length),myrealm);
- req_id->length += strlen(myrealm)+1;
- /* Checksum */
- bcopy((char *)&checksum,(char *)(req_id->dat+req_id->length),4);
- req_id->length += 4;
-
- /* Fill in the times on the request id */
- (void) gettimeofday(&tv_local,(struct timezone *) 0);
- *(req_id->dat+(req_id->length)++) =
- (unsigned char) tv_local.tv_usec;
- /* Time (coarse) */
- bcopy((char *)&(tv_local.tv_sec),
- (char *)(req_id->dat+req_id->length), 4);
- req_id->length += 4;
-
- /* Fill to a multiple of 8 bytes for DES */
- req_id->length = ((req_id->length+7)/8)*8;
-
-#ifndef NOENCRYPTION
- key_sched((C_Block *)cr.session,key_s);
- pcbc_encrypt((C_Block *)req_id->dat,(C_Block *)req_id->dat,
- (long)req_id->length,key_s,(C_Block *)cr.session,ENCRYPT);
- bzero((char *) key_s, sizeof(key_s));
-#endif /* NOENCRYPTION */
-
- /* Copy it into the authenticator */
- bcopy((char *)(req_id->dat),(char *)(authent->dat+authent->length),
- req_id->length);
- authent->length += req_id->length;
- /* And set the id length */
- *idl = (unsigned char) req_id->length;
- /* clean up */
- bzero((char *)req_id, sizeof(*req_id));
-
- if (krb_ap_req_debug)
- printf("Authent->length = %d\n",authent->length);
- if (krb_ap_req_debug)
- printf("idl = %d, tl = %d\n",(int) *idl, (int) *tl);
-
- return(KSUCCESS);
-}
-
-/*
- * krb_set_lifetime sets the default lifetime for additional tickets
- * obtained via krb_mk_req().
- *
- * It returns the previous value of the default lifetime.
- */
-
-int
-krb_set_lifetime(newval)
-int newval;
-{
- int olife = lifetime;
-
- lifetime = newval;
- return(olife);
-}
diff --git a/eBones/lib/libkrb/mk_safe.c b/eBones/lib/libkrb/mk_safe.c
deleted file mode 100644
index 4e29dc2..0000000
--- a/eBones/lib/libkrb/mk_safe.c
+++ /dev/null
@@ -1,171 +0,0 @@
-/*
- * Copyright 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * This routine constructs a Kerberos 'safe msg', i.e. authenticated
- * using a private session key to seed a checksum. Msg is NOT
- * encrypted.
- *
- * Note-- bcopy is used to avoid alignment problems on IBM RT
- *
- * Returns either <0 ===> error, or resulting size of message
- *
- * Steve Miller Project Athena MIT/DEC
- *
- * from: mk_safe.c,v 4.12 89/03/22 14:50:49 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif /* lint */
-#endif
-
-/* system include files */
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <sys/time.h>
-
-/* application include files */
-#include <des.h>
-#include <krb.h>
-#include <prot.h>
-#include "lsb_addr_comp.h"
-
-extern char *errmsg();
-extern int errno;
-extern int krb_debug;
-
-/* static storage */
-
-static u_long cksum;
-static C_Block big_cksum[2];
-static struct timeval msg_time;
-static u_char msg_time_5ms;
-static long msg_time_sec;
-
-/*
- * krb_mk_safe() constructs an AUTH_MSG_SAFE message. It takes some
- * user data "in" of "length" bytes and creates a packet in "out"
- * consisting of the user data, a timestamp, and the sender's network
- * address, followed by a checksum computed on the above, using the
- * given "key". The length of the resulting packet is returned.
- *
- * The "out" packet consists of:
- *
- * Size Variable Field
- * ---- -------- -----
- *
- * 1 byte KRB_PROT_VERSION protocol version number
- * 1 byte AUTH_MSG_SAFE | message type plus local
- * HOST_BYTE_ORDER byte order in low bit
- *
- * ===================== begin checksum ================================
- *
- * 4 bytes length length of user data
- * length in user data
- * 1 byte msg_time_5ms timestamp milliseconds
- * 4 bytes sender->sin.addr.s_addr sender's IP address
- *
- * 4 bytes msg_time_sec or timestamp seconds with
- * -msg_time_sec direction in sign bit
- *
- * ======================= end checksum ================================
- *
- * 16 bytes big_cksum quadratic checksum of
- * above using "key"
- */
-
-long krb_mk_safe(in,out,length,key,sender,receiver)
- u_char *in; /* application data */
- u_char *out; /*
- * put msg here, leave room for header!
- * breaks if in and out (header stuff)
- * overlap
- */
- u_long length; /* of in data */
- C_Block *key; /* encryption key for seed and ivec */
- struct sockaddr_in *sender; /* sender address */
- struct sockaddr_in *receiver; /* receiver address */
-{
- register u_char *p,*q;
-
- /*
- * get the current time to use instead of a sequence #, since
- * process lifetime may be shorter than the lifetime of a session
- * key.
- */
- if (gettimeofday(&msg_time,(struct timezone *)0)) {
- return -1;
- }
- msg_time_sec = (long) msg_time.tv_sec;
- msg_time_5ms = msg_time.tv_usec/5000; /* 5ms quanta */
-
- p = out;
-
- *p++ = KRB_PROT_VERSION;
- *p++ = AUTH_MSG_SAFE | HOST_BYTE_ORDER;
-
- q = p; /* start for checksum stuff */
- /* stuff input length */
- bcopy((char *)&length,(char *)p,sizeof(length));
- p += sizeof(length);
-
- /* make all the stuff contiguous for checksum */
- bcopy((char *)in,(char *)p,(int) length);
- p += length;
-
- /* stuff time 5ms */
- bcopy((char *)&msg_time_5ms,(char *)p,sizeof(msg_time_5ms));
- p += sizeof(msg_time_5ms);
-
- /* stuff source address */
- bcopy((char *) &sender->sin_addr.s_addr,(char *)p,
- sizeof(sender->sin_addr.s_addr));
- p += sizeof(sender->sin_addr.s_addr);
-
- /*
- * direction bit is the sign bit of the timestamp. Ok until
- * 2038??
- */
- /* For compatibility with broken old code, compares are done in VAX
- byte order (LSBFIRST) */
- if (lsb_net_ulong_less(sender->sin_addr.s_addr, /* src < recv */
- receiver->sin_addr.s_addr)==-1)
- msg_time_sec = -msg_time_sec;
- else if (lsb_net_ulong_less(sender->sin_addr.s_addr,
- receiver->sin_addr.s_addr)==0)
- if (lsb_net_ushort_less(sender->sin_port,receiver->sin_port) == -1)
- msg_time_sec = -msg_time_sec;
- /*
- * all that for one tiny bit! Heaven help those that talk to
- * themselves.
- */
-
- /* stuff time sec */
- bcopy((char *)&msg_time_sec,(char *)p,sizeof(msg_time_sec));
- p += sizeof(msg_time_sec);
-
-#ifdef NOENCRYPTION
- cksum = 0;
- bzero(big_cksum, sizeof(big_cksum));
-#else
- cksum=quad_cksum((C_Block *)q,big_cksum,p-q,2,key);
-#endif
- if (krb_debug)
- printf("\ncksum = %lu",cksum);
-
- /* stuff checksum */
- bcopy((char *)big_cksum,(char *)p,sizeof(big_cksum));
- p += sizeof(big_cksum);
-
- return ((long)(p - out)); /* resulting size */
-
-}
diff --git a/eBones/lib/libkrb/month_sname.c b/eBones/lib/libkrb/month_sname.c
deleted file mode 100644
index 79d3ec1..0000000
--- a/eBones/lib/libkrb/month_sname.c
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: month_sname.c,v 4.4 88/11/15 16:39:32 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char *rcsid =
-"$Id$";
-#endif /* lint */
-#endif
-
-
-/*
- * Given an integer 1-12, month_sname() returns a string
- * containing the first three letters of the corresponding
- * month. Returns 0 if the argument is out of range.
- */
-
-char *month_sname(n)
- int n;
-{
- static char *name[] = {
- "Jan","Feb","Mar","Apr","May","Jun",
- "Jul","Aug","Sep","Oct","Nov","Dec"
- };
- return((n < 1 || n > 12) ? 0 : name [n-1]);
-}
diff --git a/eBones/lib/libkrb/netread.c b/eBones/lib/libkrb/netread.c
deleted file mode 100644
index e0d3ae6..0000000
--- a/eBones/lib/libkrb/netread.c
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: netread.c,v 4.1 88/11/15 16:47:21 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif lint
-#endif
-
-#include <unistd.h>
-
-/*
- * krb_net_read() reads from the file descriptor "fd" to the buffer
- * "buf", until either 1) "len" bytes have been read or 2) cannot
- * read anymore from "fd". It returns the number of bytes read
- * or a read() error. (The calling interface is identical to
- * read(2).)
- *
- * XXX must not use non-blocking I/O
- */
-
-int
-krb_net_read(fd, buf, len)
-int fd;
-register char *buf;
-register int len;
-{
- int cc, len2 = 0;
-
- do {
- cc = read(fd, buf, len);
- if (cc < 0)
- return(cc); /* errno is already set */
- else if (cc == 0) {
- return(len2);
- } else {
- buf += cc;
- len2 += cc;
- len -= cc;
- }
- } while (len > 0);
- return(len2);
-}
diff --git a/eBones/lib/libkrb/netwrite.c b/eBones/lib/libkrb/netwrite.c
deleted file mode 100644
index 51b3820..0000000
--- a/eBones/lib/libkrb/netwrite.c
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: netwrite.c,v 4.1 88/11/15 16:48:58 jtkohl Exp $";
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif lint
-#endif
-
-#include <unistd.h>
-
-/*
- * krb_net_write() writes "len" bytes from "buf" to the file
- * descriptor "fd". It returns the number of bytes written or
- * a write() error. (The calling interface is identical to
- * write(2).)
- *
- * XXX must not use non-blocking I/O
- */
-
-int
-krb_net_write(fd, buf, len)
-int fd;
-register char *buf;
-int len;
-{
- int cc;
- register int wrlen = len;
- do {
- cc = write(fd, buf, wrlen);
- if (cc < 0)
- return(cc);
- else {
- buf += cc;
- wrlen -= cc;
- }
- } while (wrlen > 0);
- return(len);
-}
diff --git a/eBones/lib/libkrb/one.c b/eBones/lib/libkrb/one.c
deleted file mode 100644
index a986b37..0000000
--- a/eBones/lib/libkrb/one.c
+++ /dev/null
@@ -1,22 +0,0 @@
-/*
- * Copyright 1988 by the Massachusetts Institute of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * form: one.c,v 4.1 88/11/15 16:51:41 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif lint
-#endif
-
-/*
- * definition of variable set to 1.
- * used in krb_conf.h to determine host byte order.
- */
-
-int krbONE = 1;
diff --git a/eBones/lib/libkrb/pkt_cipher.c b/eBones/lib/libkrb/pkt_cipher.c
deleted file mode 100644
index bcadcf9..0000000
--- a/eBones/lib/libkrb/pkt_cipher.c
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: pkt_cipher.c,v 4.8 89/01/13 17:46:14 steiner Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char *rcsid =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <krb.h>
-#include <prot.h>
-
-
-/*
- * This routine takes a reply packet from the Kerberos ticket-granting
- * service and returns a pointer to the beginning of the ciphertext in it.
- *
- * See "prot.h" for packet format.
- */
-
-KTEXT
-pkt_cipher(packet)
- KTEXT packet;
-{
- unsigned char *ptr = pkt_a_realm(packet) + 6
- + strlen((char *)pkt_a_realm(packet));
- /* Skip a few more fields */
- ptr += 3 + 4; /* add 4 for exp_date */
-
- /* And return the pointer */
- return((KTEXT) ptr);
-}
diff --git a/eBones/lib/libkrb/pkt_clen.c b/eBones/lib/libkrb/pkt_clen.c
deleted file mode 100644
index 913eb8c..0000000
--- a/eBones/lib/libkrb/pkt_clen.c
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: pkt_clen.c,v 4.7 88/11/15 16:56:36 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char *rcsid =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <string.h>
-
-#include <krb.h>
-#include <prot.h>
-
-extern int krb_debug;
-extern int swap_bytes;
-
-/*
- * Given a pointer to an AUTH_MSG_KDC_REPLY packet, return the length of
- * its ciphertext portion. The external variable "swap_bytes" is assumed
- * to have been set to indicate whether or not the packet is in local
- * byte order. pkt_clen() takes this into account when reading the
- * ciphertext length out of the packet.
- */
-
-int
-pkt_clen(pkt)
- KTEXT pkt;
-{
- static unsigned short temp,temp2;
- int clen = 0;
-
- /* Start of ticket list */
- unsigned char *ptr = pkt_a_realm(pkt) + 10
- + strlen((char *)pkt_a_realm(pkt));
-
- /* Finally the length */
- bcopy((char *)(++ptr),(char *)&temp,2); /* alignment */
- if (swap_bytes) {
- /* assume a short is 2 bytes?? */
- swab((char *)&temp,(char *)&temp2,2);
- temp = temp2;
- }
-
- clen = (int) temp;
-
- if (krb_debug)
- printf("Clen is %d\n",clen);
- return(clen);
-}
diff --git a/eBones/lib/libkrb/rd_err.c b/eBones/lib/libkrb/rd_err.c
deleted file mode 100644
index 7d2f6ed..0000000
--- a/eBones/lib/libkrb/rd_err.c
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- * Copyright 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * This routine dissects a a Kerberos 'safe msg',
- * checking its integrity, and returning a pointer to the application
- * data contained and its length.
- *
- * Returns 0 (RD_AP_OK) for success or an error code (RD_AP_...)
- *
- * Steve Miller Project Athena MIT/DEC
- *
- * from: rd_err.c,v 4.5 89/01/13 17:26:38 steiner Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif /* lint */
-#endif
-
-/* system include files */
-#include <string.h>
-#include <stdio.h>
-#include <errno.h>
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <sys/time.h>
-
-/* application include files */
-#include <krb.h>
-#include <prot.h>
-
-/*
- * Given an AUTH_MSG_APPL_ERR message, "in" and its length "in_length",
- * return the error code from the message in "code" and the text in
- * "m_data" as follows:
- *
- * m_data->app_data points to the error text
- * m_data->app_length points to the length of the error text
- *
- * If all goes well, return RD_AP_OK. If the version number
- * is wrong, return RD_AP_VERSION, and if it's not an AUTH_MSG_APPL_ERR
- * type message, return RD_AP_MSG_TYPE.
- *
- * The AUTH_MSG_APPL_ERR message format can be found in mk_err.c
- */
-
-int
-krb_rd_err(in,in_length,code,m_data)
- u_char *in; /* pointer to the msg received */
- u_long in_length; /* of in msg */
- long *code; /* received error code */
- MSG_DAT *m_data;
-{
- register u_char *p;
- int swap_bytes = 0;
- p = in; /* beginning of message */
-
- if (*p++ != KRB_PROT_VERSION)
- return(RD_AP_VERSION);
- if (((*p) & ~1) != AUTH_MSG_APPL_ERR)
- return(RD_AP_MSG_TYPE);
- if ((*p++ & 1) != HOST_BYTE_ORDER)
- swap_bytes++;
-
- /* safely get code */
- bcopy((char *)p,(char *)code,sizeof(*code));
- if (swap_bytes)
- swap_u_long(*code);
- p += sizeof(*code); /* skip over */
-
- m_data->app_data = p; /* we're now at the error text
- * message */
- m_data->app_length = in_length;
-
- return(RD_AP_OK); /* OK == 0 */
-}
diff --git a/eBones/lib/libkrb/rd_priv.c b/eBones/lib/libkrb/rd_priv.c
deleted file mode 100644
index b3a1479..0000000
--- a/eBones/lib/libkrb/rd_priv.c
+++ /dev/null
@@ -1,207 +0,0 @@
-/*
- * Copyright 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * This routine dissects a a Kerberos 'private msg', decrypting it,
- * checking its integrity, and returning a pointer to the application
- * data contained and its length.
- *
- * Returns 0 (RD_AP_OK) for success or an error code (RD_AP_...). If
- * the return value is RD_AP_TIME, then either the times are too far
- * out of synch, OR the packet was modified.
- *
- * Steve Miller Project Athena MIT/DEC
- *
- * from: rd_priv.c,v 4.14 89/04/28 11:59:42 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[]=
-"$Id$";
-#endif /* lint */
-#endif
-
-/* system include files */
-#include <string.h>
-#include <stdio.h>
-#include <errno.h>
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <sys/time.h>
-
-/* application include files */
-#include <des.h>
-#include <krb.h>
-#include <prot.h>
-#include "lsb_addr_comp.h"
-
-extern int krb_debug;
-
-/* static storage */
-
-static u_long c_length;
-static int swap_bytes;
-static struct timeval local_time;
-static long delta_t;
-int private_msg_ver = KRB_PROT_VERSION;
-
-/*
-#ifdef NOENCRPYTION
- * krb_rd_priv() checks the integrity of an
-#else
- * krb_rd_priv() decrypts and checks the integrity of an
-#endif
- * AUTH_MSG_PRIVATE message. Given the message received, "in",
- * the length of that message, "in_length", the key "schedule"
- * and "key", and the network addresses of the
- * "sender" and "receiver" of the message, krb_rd_safe() returns
- * RD_AP_OK if the message is okay, otherwise some error code.
- *
- * The message data retrieved from "in" are returned in the structure
- * "m_data". The pointer to the application data
- * (m_data->app_data) refers back to the appropriate place in "in".
- *
- * See the file "mk_priv.c" for the format of the AUTH_MSG_PRIVATE
- * message. The structure containing the extracted message
- * information, MSG_DAT, is defined in "krb.h".
- */
-
-long
-krb_rd_priv(in,in_length,schedule,key,sender,receiver,m_data)
- u_char *in; /* pointer to the msg received */
- u_long in_length; /* length of "in" msg */
- Key_schedule schedule; /* precomputed key schedule */
- C_Block key; /* encryption key for seed and ivec */
- struct sockaddr_in *sender;
- struct sockaddr_in *receiver;
- MSG_DAT *m_data; /*various input/output data from msg */
-{
- register u_char *p,*q;
- static u_long src_addr; /* Can't send structs since no
- * guarantees on size */
-
- if (gettimeofday(&local_time,(struct timezone *)0))
- return -1;
-
- p = in; /* beginning of message */
- swap_bytes = 0;
-
- if (*p++ != KRB_PROT_VERSION && *(p-1) != 3)
- return RD_AP_VERSION;
- private_msg_ver = *(p-1);
- if (((*p) & ~1) != AUTH_MSG_PRIVATE)
- return RD_AP_MSG_TYPE;
- if ((*p++ & 1) != HOST_BYTE_ORDER)
- swap_bytes++;
-
- /* get cipher length */
- bcopy((char *)p,(char *)&c_length,sizeof(c_length));
- if (swap_bytes)
- swap_u_long(c_length);
- p += sizeof(c_length);
- /* check for rational length so we don't go comatose */
- if (VERSION_SZ + MSG_TYPE_SZ + c_length > in_length)
- return RD_AP_MODIFIED;
-
-
- q = p; /* mark start of encrypted stuff */
-
-#ifndef NOENCRYPTION
- pcbc_encrypt((C_Block *)q,(C_Block *)q,(long)c_length,schedule,
- (C_Block *)key,DECRYPT);
-#endif
-
- /* safely get application data length */
- bcopy((char *) p,(char *)&(m_data->app_length),
- sizeof(m_data->app_length));
- if (swap_bytes)
- swap_u_long(m_data->app_length);
- p += sizeof(m_data->app_length); /* skip over */
-
- if (m_data->app_length + sizeof(c_length) + sizeof(in_length) +
- sizeof(m_data->time_sec) + sizeof(m_data->time_5ms) +
- sizeof(src_addr) + VERSION_SZ + MSG_TYPE_SZ
- > in_length)
- return RD_AP_MODIFIED;
-
-#ifndef NOENCRYPTION
- /* we're now at the decrypted application data */
-#endif
- m_data->app_data = p;
-
- p += m_data->app_length;
-
- /* safely get time_5ms */
- bcopy((char *) p, (char *)&(m_data->time_5ms),
- sizeof(m_data->time_5ms));
- /* don't need to swap-- one byte for now */
- p += sizeof(m_data->time_5ms);
-
- /* safely get src address */
- bcopy((char *) p,(char *)&src_addr,sizeof(src_addr));
- /* don't swap, net order always */
- p += sizeof(src_addr);
-
- if (src_addr != (u_long) sender->sin_addr.s_addr)
- return RD_AP_MODIFIED;
-
- /* safely get time_sec */
- bcopy((char *) p, (char *)&(m_data->time_sec),
- sizeof(m_data->time_sec));
- if (swap_bytes) swap_u_long(m_data->time_sec);
-
- p += sizeof(m_data->time_sec);
-
- /* check direction bit is the sign bit */
- /* For compatibility with broken old code, compares are done in VAX
- byte order (LSBFIRST) */
- if (lsb_net_ulong_less(sender->sin_addr.s_addr,
- receiver->sin_addr.s_addr)==-1)
- /* src < recv */
- m_data->time_sec = - m_data->time_sec;
- else if (lsb_net_ulong_less(sender->sin_addr.s_addr,
- receiver->sin_addr.s_addr)==0)
- if (lsb_net_ushort_less(sender->sin_port,receiver->sin_port)==-1)
- /* src < recv */
- m_data->time_sec = - m_data->time_sec;
- /*
- * all that for one tiny bit!
- * Heaven help those that talk to themselves.
- */
-
- /* check the time integrity of the msg */
- delta_t = abs((int)((long) local_time.tv_sec
- - m_data->time_sec));
- if (delta_t > CLOCK_SKEW)
- return RD_AP_TIME;
- if (krb_debug)
- printf("\ndelta_t = %ld",delta_t);
-
- /*
- * caller must check timestamps for proper order and
- * replays, since server might have multiple clients
- * each with its own timestamps and we don't assume
- * tightly synchronized clocks.
- */
-
-#ifdef notdef
- bcopy((char *) p,(char *)&cksum,sizeof(cksum));
- if (swap_bytes) swap_u_long(cksum)
- /*
- * calculate the checksum of the length, sequence,
- * and input data, on the sending byte order!!
- */
- calc_cksum = quad_cksum(q,NULL,p-q,0,key);
-
- if (krb_debug)
- printf("\ncalc_cksum = %u, received cksum = %u",
- calc_cksum, cksum);
- if (cksum != calc_cksum)
- return RD_AP_MODIFIED;
-#endif
- return RD_AP_OK; /* OK == 0 */
-}
diff --git a/eBones/lib/libkrb/rd_req.c b/eBones/lib/libkrb/rd_req.c
deleted file mode 100644
index 422aca9..0000000
--- a/eBones/lib/libkrb/rd_req.c
+++ /dev/null
@@ -1,331 +0,0 @@
-/*
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: der: rd_req.c,v 4.16 89/03/22 14:52:06 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char *rcsid =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <des.h>
-#include <krb.h>
-#include <prot.h>
-#include <sys/time.h>
-#include <strings.h>
-
-extern int krb_ap_req_debug;
-
-static struct timeval t_local = { 0, 0 };
-
-/*
- * Keep the following information around for subsequent calls
- * to this routine by the same server using the same key.
- */
-
-static Key_schedule serv_key; /* Key sched to decrypt ticket */
-static C_Block ky; /* Initialization vector */
-static int st_kvno; /* version number for this key */
-static char st_rlm[REALM_SZ]; /* server's realm */
-static char st_nam[ANAME_SZ]; /* service name */
-static char st_inst[INST_SZ]; /* server's instance */
-
-/*
- * This file contains two functions. krb_set_key() takes a DES
- * key or password string and returns a DES key (either the original
- * key, or the password converted into a DES key) and a key schedule
- * for it.
- *
- * krb_rd_req() reads an authentication request and returns information
- * about the identity of the requestor, or an indication that the
- * identity information was not authentic.
- */
-
-/*
- * krb_set_key() takes as its first argument either a DES key or a
- * password string. The "cvt" argument indicates how the first
- * argument "key" is to be interpreted: if "cvt" is null, "key" is
- * taken to be a DES key; if "cvt" is non-null, "key" is taken to
- * be a password string, and is converted into a DES key using
- * string_to_key(). In either case, the resulting key is returned
- * in the external static variable "ky". A key schedule is
- * generated for "ky" and returned in the external static variable
- * "serv_key".
- *
- * This routine returns the return value of des_key_sched.
- *
- * krb_set_key() needs to be in the same .o file as krb_rd_req() so that
- * the key set by krb_set_key() is available in private storage for
- * krb_rd_req().
- */
-
-int
-krb_set_key(key,cvt)
- char *key;
- int cvt;
-{
-#ifdef NOENCRYPTION
- bzero(ky, sizeof(ky));
- return KSUCCESS;
-#else
- if (cvt)
- string_to_key(key,(C_Block *)ky);
- else
- bcopy(key,(char *)ky,8);
- return(des_key_sched((C_Block *)ky,serv_key));
-#endif
-}
-
-
-/*
- * krb_rd_req() takes an AUTH_MSG_APPL_REQUEST or
- * AUTH_MSG_APPL_REQUEST_MUTUAL message created by krb_mk_req(),
- * checks its integrity and returns a judgement as to the requestor's
- * identity.
- *
- * The "authent" argument is a pointer to the received message.
- * The "service" and "instance" arguments name the receiving server,
- * and are used to get the service's ticket to decrypt the ticket
- * in the message, and to compare against the server name inside the
- * ticket. "from_addr" is the network address of the host from which
- * the message was received; this is checked against the network
- * address in the ticket. If "from_addr" is zero, the check is not
- * performed. "ad" is an AUTH_DAT structure which is
- * filled in with information about the sender's identity according
- * to the authenticator and ticket sent in the message. Finally,
- * "fn" contains the name of the file containing the server's key.
- * (If "fn" is NULL, the server's key is assumed to have been set
- * by krb_set_key(). If "fn" is the null string ("") the default
- * file KEYFILE, defined in "krb.h", is used.)
- *
- * krb_rd_req() returns RD_AP_OK if the authentication information
- * was genuine, or one of the following error codes (defined in
- * "krb.h"):
- *
- * RD_AP_VERSION - wrong protocol version number
- * RD_AP_MSG_TYPE - wrong message type
- * RD_AP_UNDEC - couldn't decipher the message
- * RD_AP_INCON - inconsistencies found
- * RD_AP_BADD - wrong network address
- * RD_AP_TIME - client time (in authenticator)
- * too far off server time
- * RD_AP_NYV - Kerberos time (in ticket) too
- * far off server time
- * RD_AP_EXP - ticket expired
- *
- * For the message format, see krb_mk_req().
- *
- * Mutual authentication is not implemented.
- */
-
-int
-krb_rd_req(authent,service,instance,from_addr,ad,fn)
- register KTEXT authent; /* The received message */
- char *service; /* Service name */
- char *instance; /* Service instance */
- long from_addr; /* Net address of originating host */
- AUTH_DAT *ad; /* Structure to be filled in */
- char *fn; /* Filename to get keys from */
-{
- static KTEXT_ST ticket; /* Temp storage for ticket */
- static KTEXT tkt = &ticket;
- static KTEXT_ST req_id_st; /* Temp storage for authenticator */
- register KTEXT req_id = &req_id_st;
-
- char realm[REALM_SZ]; /* Realm of issuing kerberos */
- static Key_schedule seskey_sched; /* Key sched for session key */
- unsigned char skey[KKEY_SZ]; /* Session key from ticket */
- char sname[SNAME_SZ]; /* Service name from ticket */
- char iname[INST_SZ]; /* Instance name from ticket */
- char r_aname[ANAME_SZ]; /* Client name from authenticator */
- char r_inst[INST_SZ]; /* Client instance from authenticator */
- char r_realm[REALM_SZ]; /* Client realm from authenticator */
- unsigned int r_time_ms; /* Fine time from authenticator */
- unsigned long r_time_sec; /* Coarse time from authenticator */
- register char *ptr; /* For stepping through */
- unsigned long delta_t; /* Time in authenticator - local time */
- long tkt_age; /* Age of ticket */
- static int swap_bytes; /* Need to swap bytes? */
- static int mutual; /* Mutual authentication requested? */
- static unsigned char s_kvno;/* Version number of the server's key
- * Kerberos used to encrypt ticket */
- int status;
-
- if (authent->length <= 0)
- return(RD_AP_MODIFIED);
-
- ptr = (char *) authent->dat;
-
- /* get msg version, type and byte order, and server key version */
-
- /* check version */
- if (KRB_PROT_VERSION != (unsigned int) *ptr++)
- return(RD_AP_VERSION);
-
- /* byte order */
- swap_bytes = 0;
- if ((*ptr & 1) != HOST_BYTE_ORDER)
- swap_bytes++;
-
- /* check msg type */
- mutual = 0;
- switch (*ptr++ & ~1) {
- case AUTH_MSG_APPL_REQUEST:
- break;
- case AUTH_MSG_APPL_REQUEST_MUTUAL:
- mutual++;
- break;
- default:
- return(RD_AP_MSG_TYPE);
- }
-
-#ifdef lint
- /* XXX mutual is set but not used; why??? */
- /* this is a crock to get lint to shut up */
- if (mutual)
- mutual = 0;
-#endif /* lint */
- s_kvno = *ptr++; /* get server key version */
- (void) strcpy(realm,ptr); /* And the realm of the issuing KDC */
- ptr += strlen(ptr) + 1; /* skip the realm "hint" */
-
- /*
- * If "fn" is NULL, key info should already be set; don't
- * bother with ticket file. Otherwise, check to see if we
- * already have key info for the given server and key version
- * (saved in the static st_* variables). If not, go get it
- * from the ticket file. If "fn" is the null string, use the
- * default ticket file.
- */
- if (fn && (strcmp(st_nam,service) || strcmp(st_inst,instance) ||
- strcmp(st_rlm,realm) || (st_kvno != s_kvno))) {
- if (*fn == 0) fn = KEYFILE;
- st_kvno = s_kvno;
-#ifndef NOENCRYPTION
- if (read_service_key(service,instance,realm,s_kvno,fn,(char *)skey))
- return(RD_AP_UNDEC);
- if ((status=krb_set_key((char *)skey,0))) return(status);
-#endif
- (void) strcpy(st_rlm,realm);
- (void) strcpy(st_nam,service);
- (void) strcpy(st_inst,instance);
- }
-
- /* Get ticket from authenticator */
- tkt->length = (int) *ptr++;
- if ((tkt->length + (ptr+1 - (char *) authent->dat)) > authent->length)
- return(RD_AP_MODIFIED);
- bcopy(ptr+1,(char *)(tkt->dat),tkt->length);
-
- if (krb_ap_req_debug)
- log("ticket->length: %d",tkt->length);
-
-#ifndef NOENCRYPTION
- /* Decrypt and take apart ticket */
-#endif
-
- if (decomp_ticket(tkt,&ad->k_flags,ad->pname,ad->pinst,ad->prealm,
- &(ad->address),ad->session, &(ad->life),
- &(ad->time_sec),sname,iname,ky,serv_key))
- return(RD_AP_UNDEC);
-
- if (krb_ap_req_debug) {
- log("Ticket Contents.");
- log(" Aname: %s.%s",ad->pname,
- ((int)*(ad->prealm) ? ad->prealm : "Athena"));
- log(" Service: %s%s%s",sname,((int)*iname ? "." : ""),iname);
- }
-
- /* Extract the authenticator */
- req_id->length = (int) *(ptr++);
- if ((req_id->length + (ptr + tkt->length - (char *) authent->dat)) >
- authent->length)
- return(RD_AP_MODIFIED);
- bcopy(ptr + tkt->length, (char *)(req_id->dat),req_id->length);
-
-#ifndef NOENCRYPTION
- key_sched((C_Block *)ad->session,seskey_sched);
- pcbc_encrypt((C_Block *)req_id->dat,(C_Block *)req_id->dat,
- (long)req_id->length,seskey_sched,(C_Block *)ad->session,DES_DECRYPT);
-#endif /* NOENCRYPTION */
-
-#define check_ptr() if ((ptr - (char *) req_id->dat) > req_id->length) return(RD_AP_MODIFIED);
-
- ptr = (char *) req_id->dat;
- (void) strcpy(r_aname,ptr); /* Authentication name */
- ptr += strlen(r_aname)+1;
- check_ptr();
- (void) strcpy(r_inst,ptr); /* Authentication instance */
- ptr += strlen(r_inst)+1;
- check_ptr();
- (void) strcpy(r_realm,ptr); /* Authentication name */
- ptr += strlen(r_realm)+1;
- check_ptr();
- bcopy(ptr,(char *)&ad->checksum,4); /* Checksum */
- ptr += 4;
- check_ptr();
- if (swap_bytes) swap_u_long(ad->checksum);
- r_time_ms = *(ptr++); /* Time (fine) */
-#ifdef lint
- /* XXX r_time_ms is set but not used. why??? */
- /* this is a crock to get lint to shut up */
- if (r_time_ms)
- r_time_ms = 0;
-#endif /* lint */
- check_ptr();
- /* assume sizeof(r_time_sec) == 4 ?? */
- bcopy(ptr,(char *)&r_time_sec,4); /* Time (coarse) */
- if (swap_bytes) swap_u_long(r_time_sec);
-
- /* Check for authenticity of the request */
- if (krb_ap_req_debug)
- log("Pname: %s %s",ad->pname,r_aname);
- if (strcmp(ad->pname,r_aname) != 0)
- return(RD_AP_INCON);
- if (strcmp(ad->pinst,r_inst) != 0)
- return(RD_AP_INCON);
- if (krb_ap_req_debug)
- log("Realm: %s %s",ad->prealm,r_realm);
- if ((strcmp(ad->prealm,r_realm) != 0))
- return(RD_AP_INCON);
-
- if (krb_ap_req_debug)
- log("Address: %d %d",ad->address,from_addr);
- if (from_addr && (ad->address != from_addr))
- return(RD_AP_BADD);
-
- (void) gettimeofday(&t_local,(struct timezone *) 0);
- delta_t = abs((int)(t_local.tv_sec - r_time_sec));
- if (delta_t > CLOCK_SKEW) {
- if (krb_ap_req_debug)
- log("Time out of range: %d - %d = %d",
- t_local.tv_sec,r_time_sec,delta_t);
- return(RD_AP_TIME);
- }
-
- /* Now check for expiration of ticket */
-
- tkt_age = t_local.tv_sec - ad->time_sec;
- if (krb_ap_req_debug)
- log("Time: %d Issue Date: %d Diff: %d Life %x",
- t_local.tv_sec,ad->time_sec,tkt_age,ad->life);
-
- if (t_local.tv_sec < ad->time_sec) {
- if ((ad->time_sec - t_local.tv_sec) > CLOCK_SKEW)
- return(RD_AP_NYV);
- }
- else if ((t_local.tv_sec - ad->time_sec) > 5 * 60 * ad->life)
- return(RD_AP_EXP);
-
- /* All seems OK */
- ad->reply.length = 0;
-
- return(RD_AP_OK);
-}
diff --git a/eBones/lib/libkrb/rd_safe.c b/eBones/lib/libkrb/rd_safe.c
deleted file mode 100644
index 5c5c1fe..0000000
--- a/eBones/lib/libkrb/rd_safe.c
+++ /dev/null
@@ -1,183 +0,0 @@
-/*
- * Copyright 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * This routine dissects a a Kerberos 'safe msg', checking its
- * integrity, and returning a pointer to the application data
- * contained and its length.
- *
- * Returns 0 (RD_AP_OK) for success or an error code (RD_AP_...)
- *
- * Steve Miller Project Athena MIT/DEC
- *
- * from: rd_safe.c,v 4.12 89/01/23 15:16:16 steiner Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif /* lint */
-#endif
-
-/* system include files */
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <sys/time.h>
-
-/* application include files */
-#include <des.h>
-#include <krb.h>
-#include <prot.h>
-#include "lsb_addr_comp.h"
-
-extern char *errmsg();
-extern int errno;
-extern int krb_debug;
-
-/* static storage */
-
-static C_Block calc_cksum[2];
-static C_Block big_cksum[2];
-static int swap_bytes;
-static struct timeval local_time;
-static u_long delta_t;
-
-/*
- * krb_rd_safe() checks the integrity of an AUTH_MSG_SAFE message.
- * Given the message received, "in", the length of that message,
- * "in_length", the "key" to compute the checksum with, and the
- * network addresses of the "sender" and "receiver" of the message,
- * krb_rd_safe() returns RD_AP_OK if message is okay, otherwise
- * some error code.
- *
- * The message data retrieved from "in" is returned in the structure
- * "m_data". The pointer to the application data (m_data->app_data)
- * refers back to the appropriate place in "in".
- *
- * See the file "mk_safe.c" for the format of the AUTH_MSG_SAFE
- * message. The structure containing the extracted message
- * information, MSG_DAT, is defined in "krb.h".
- */
-
-long krb_rd_safe(in,in_length,key,sender,receiver,m_data)
- u_char *in; /* pointer to the msg received */
- u_long in_length; /* length of "in" msg */
- C_Block *key; /* encryption key for seed and ivec */
- struct sockaddr_in *sender; /* sender's address */
- struct sockaddr_in *receiver; /* receiver's address -- me */
- MSG_DAT *m_data; /* where to put message information */
-{
- register u_char *p,*q;
- static u_long src_addr; /* Can't send structs since no
- * guarantees on size */
- /* Be very conservative */
- if (sizeof(u_long) != sizeof(struct in_addr)) {
- fprintf(stderr,"\n\
-krb_rd_safe protocol err sizeof(u_long) != sizeof(struct in_addr)");
- exit(-1);
- }
-
- if (gettimeofday(&local_time,(struct timezone *)0))
- return -1;
-
- p = in; /* beginning of message */
- swap_bytes = 0;
-
- if (*p++ != KRB_PROT_VERSION) return RD_AP_VERSION;
- if (((*p) & ~1) != AUTH_MSG_SAFE) return RD_AP_MSG_TYPE;
- if ((*p++ & 1) != HOST_BYTE_ORDER) swap_bytes++;
-
- q = p; /* mark start of cksum stuff */
-
- /* safely get length */
- bcopy((char *)p,(char *)&(m_data->app_length),
- sizeof(m_data->app_length));
- if (swap_bytes) swap_u_long(m_data->app_length);
- p += sizeof(m_data->app_length); /* skip over */
-
- if (m_data->app_length + sizeof(in_length)
- + sizeof(m_data->time_sec) + sizeof(m_data->time_5ms)
- + sizeof(big_cksum) + sizeof(src_addr)
- + VERSION_SZ + MSG_TYPE_SZ > in_length)
- return(RD_AP_MODIFIED);
-
- m_data->app_data = p; /* we're now at the application data */
-
- /* skip app data */
- p += m_data->app_length;
-
- /* safely get time_5ms */
- bcopy((char *)p, (char *)&(m_data->time_5ms),
- sizeof(m_data->time_5ms));
-
- /* don't need to swap-- one byte for now */
- p += sizeof(m_data->time_5ms);
-
- /* safely get src address */
- bcopy((char *)p,(char *)&src_addr,sizeof(src_addr));
-
- /* don't swap, net order always */
- p += sizeof(src_addr);
-
- if (src_addr != (u_long) sender->sin_addr.s_addr)
- return RD_AP_MODIFIED;
-
- /* safely get time_sec */
- bcopy((char *)p, (char *)&(m_data->time_sec),
- sizeof(m_data->time_sec));
- if (swap_bytes)
- swap_u_long(m_data->time_sec);
- p += sizeof(m_data->time_sec);
-
- /* check direction bit is the sign bit */
- /* For compatibility with broken old code, compares are done in VAX
- byte order (LSBFIRST) */
- if (lsb_net_ulong_less(sender->sin_addr.s_addr,
- receiver->sin_addr.s_addr)==-1)
- /* src < recv */
- m_data->time_sec = - m_data->time_sec;
- else if (lsb_net_ulong_less(sender->sin_addr.s_addr,
- receiver->sin_addr.s_addr)==0)
- if (lsb_net_ushort_less(sender->sin_port,receiver->sin_port)==-1)
- /* src < recv */
- m_data->time_sec = - m_data->time_sec;
-
- /*
- * All that for one tiny bit! Heaven help those that talk to
- * themselves.
- */
-
- /* check the time integrity of the msg */
- delta_t = abs((int)((long) local_time.tv_sec - m_data->time_sec));
- if (delta_t > CLOCK_SKEW) return RD_AP_TIME;
-
- /*
- * caller must check timestamps for proper order and replays, since
- * server might have multiple clients each with its own timestamps
- * and we don't assume tightly synchronized clocks.
- */
-
- bcopy((char *)p,(char *)big_cksum,sizeof(big_cksum));
- if (swap_bytes) swap_u_16(big_cksum);
-
-#ifdef NOENCRYPTION
- bzero(calc_cksum, sizeof(calc_cksum));
-#else
- quad_cksum((C_Block *)q,calc_cksum,p-q,2,key);
-#endif
-
- if (krb_debug)
- printf("\ncalc_cksum = %lu, received cksum = %lu",
- (long) calc_cksum[0], (long) big_cksum[0]);
- if (bcmp((char *)big_cksum,(char *)calc_cksum,sizeof(big_cksum)))
- return(RD_AP_MODIFIED);
-
- return(RD_AP_OK); /* OK == 0 */
-}
diff --git a/eBones/lib/libkrb/read_service_key.c b/eBones/lib/libkrb/read_service_key.c
deleted file mode 100644
index dd486c1..0000000
--- a/eBones/lib/libkrb/read_service_key.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: _service_key.c,v 4.10 90/03/10 19:06:56 jon Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char *rcsid =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <krb.h>
-#include <stdio.h>
-#include <unistd.h>
-#include <strings.h>
-
-/*
- * The private keys for servers on a given host are stored in a
- * "srvtab" file (typically "/etc/srvtab"). This routine extracts
- * a given server's key from the file.
- *
- * read_service_key() takes the server's name ("service"), "instance",
- * and "realm" and a key version number "kvno", and looks in the given
- * "file" for the corresponding entry, and if found, returns the entry's
- * key field in "key".
- *
- * If "instance" contains the string "*", then it will match
- * any instance, and the chosen instance will be copied to that
- * string. For this reason it is important that the there is enough
- * space beyond the "*" to receive the entry.
- *
- * If "kvno" is 0, it is treated as a wild card and the first
- * matching entry regardless of the "vno" field is returned.
- *
- * This routine returns KSUCCESS on success, otherwise KFAILURE.
- *
- * The format of each "srvtab" entry is as follows:
- *
- * Size Variable Field in file
- * ---- -------- -------------
- * string serv server name
- * string inst server instance
- * string realm server realm
- * 1 byte vno server key version #
- * 8 bytes key server's key
- * ... ... ...
- */
-
-
-/*ARGSUSED */
-int
-read_service_key(service,instance,realm,kvno,file,key)
- char *service; /* Service Name */
- char *instance; /* Instance name or "*" */
- char *realm; /* Realm */
- int kvno; /* Key version number */
- char *file; /* Filename */
- char *key; /* Pointer to key to be filled in */
-{
- char serv[SNAME_SZ];
- char inst[INST_SZ];
- char rlm[REALM_SZ];
- unsigned char vno; /* Key version number */
- int wcard;
-
- int stab, open();
-
- if ((stab = open(file, 0, 0)) < NULL)
- return(KFAILURE);
-
- wcard = (instance[0] == '*') && (instance[1] == '\0');
-
- while(getst(stab,serv,SNAME_SZ) > 0) { /* Read sname */
- (void) getst(stab,inst,INST_SZ); /* Instance */
- (void) getst(stab,rlm,REALM_SZ); /* Realm */
- /* Vers number */
- if (read(stab,(char *)&vno,1) != 1) {
- close(stab);
- return(KFAILURE);
- }
- /* Key */
- if (read(stab,key,8) != 8) {
- close(stab);
- return(KFAILURE);
- }
- /* Is this the right service */
- if (strcmp(serv,service))
- continue;
- /* How about instance */
- if (!wcard && strcmp(inst,instance))
- continue;
- if (wcard)
- (void) strncpy(instance,inst,INST_SZ);
- /* Is this the right realm */
-#ifdef ATHENA_COMPAT
- /* XXX For backward compatibility: if keyfile says "Athena"
- and caller wants "ATHENA.MIT.EDU", call it a match */
- if (strcmp(rlm,realm) &&
- (strcmp(rlm,"Athena") ||
- strcmp(realm,"ATHENA.MIT.EDU")))
- continue;
-#else /* ! ATHENA_COMPAT */
- if (strcmp(rlm,realm))
- continue;
-#endif /* ATHENA_COMPAT */
-
- /* How about the key version number */
- if (kvno && kvno != (int) vno)
- continue;
-
- (void) close(stab);
- return(KSUCCESS);
- }
-
- /* Can't find the requested service */
- (void) close(stab);
- return(KFAILURE);
-}
diff --git a/eBones/lib/libkrb/recvauth.c b/eBones/lib/libkrb/recvauth.c
deleted file mode 100644
index 1438e65..0000000
--- a/eBones/lib/libkrb/recvauth.c
+++ /dev/null
@@ -1,290 +0,0 @@
-/*
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: recvauth.c,v 4.4 90/03/10 19:03:08 jon Exp $";
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif lint
-#endif
-
-#include <krb.h>
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <syslog.h>
-#include <errno.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <strings.h>
-
-
-#define KRB_SENDAUTH_VERS "AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN
- chars */
-
-/*
- * If the protocol changes, you will need to change the version string
- * and make appropriate changes in krb_sendauth.c
- * be sure to support old versions of krb_sendauth!
- */
-
-extern int errno;
-
-/*
- * krb_recvauth() reads (and optionally responds to) a message sent
- * using krb_sendauth(). The "options" argument is a bit-field of
- * selected options (see "sendauth.c" for options description).
- * The only option relevant to krb_recvauth() is KOPT_DO_MUTUAL
- * (mutual authentication requested). The "fd" argument supplies
- * a file descriptor to read from (and write to, if mutual authenti-
- * cation is requested).
- *
- * Part of the received message will be a Kerberos ticket sent by the
- * client; this is read into the "ticket" argument. The "service" and
- * "instance" arguments supply the server's Kerberos name. If the
- * "instance" argument is the string "*", it is treated as a wild card
- * and filled in during the krb_rd_req() call (see read_service_key()).
- *
- * The "faddr" and "laddr" give the sending (client) and receiving
- * (local server) network addresses. ("laddr" may be left NULL unless
- * mutual authentication is requested, in which case it must be set.)
- *
- * The authentication information extracted from the message is returned
- * in "kdata". The "filename" argument indicates the file where the
- * server's key can be found. (It is passed on to krb_rd_req().) If
- * left null, the default "/etc/srvtab" will be used.
- *
- * If mutual authentication is requested, the session key schedule must
- * be computed in order to reply; this schedule is returned in the
- * "schedule" argument. A string containing the application version
- * number from the received message is returned in "version", which
- * should be large enough to hold a KRB_SENDAUTH_VLEN-character string.
- *
- * See krb_sendauth() for the format of the received client message.
- *
- * This routine supports another client format, for backward
- * compatibility, consisting of:
- *
- * Size Variable Field
- * ---- -------- -----
- *
- * string tmp_buf, tkt_len length of ticket, in
- * ascii
- *
- * char ' ' (space char) separator
- *
- * tkt_len ticket->dat the ticket
- *
- * This old-style version does not support mutual authentication.
- *
- * krb_recvauth() first reads the protocol version string from the
- * given file descriptor. If it doesn't match the current protocol
- * version (KRB_SENDAUTH_VERS), the old-style format is assumed. In
- * that case, the string of characters up to the first space is read
- * and interpreted as the ticket length, then the ticket is read.
- *
- * If the first string did match KRB_SENDAUTH_VERS, krb_recvauth()
- * next reads the application protocol version string. Then the
- * ticket length and ticket itself are read.
- *
- * The ticket is decrypted and checked by the call to krb_rd_req().
- * If no mutual authentication is required, the result of the
- * krb_rd_req() call is retured by this routine. If mutual authenti-
- * cation is required, a message in the following format is returned
- * on "fd":
- *
- * Size Variable Field
- * ---- -------- -----
- *
- * 4 bytes tkt_len length of ticket or -1
- * if error occurred
- *
- * priv_len tmp_buf "private" message created
- * by krb_mk_priv() which
- * contains the incremented
- * checksum sent by the client
- * encrypted in the session
- * key. (This field is not
- * present in case of error.)
- *
- * If all goes well, KSUCCESS is returned; otherwise KFAILURE or some
- * other error code is returned.
- */
-
-#ifndef max
-#define max(a,b) (((a) > (b)) ? (a) : (b))
-#endif /* max */
-
-int
-krb_recvauth(options, fd, ticket, service, instance, faddr, laddr, kdata,
- filename, schedule, version)
-long options; /* bit-pattern of options */
-int fd; /* file descr. to read from */
-KTEXT ticket; /* storage for client's ticket */
-char *service; /* service expected */
-char *instance; /* inst expected (may be filled in) */
-struct sockaddr_in *faddr; /* address of foreign host on fd */
-struct sockaddr_in *laddr; /* local address */
-AUTH_DAT *kdata; /* kerberos data (returned) */
-char *filename; /* name of file with service keys */
-Key_schedule schedule; /* key schedule (return) */
-char *version; /* version string (filled in) */
-{
-
- int i, cc, old_vers = 0;
- char krb_vers[KRB_SENDAUTH_VLEN + 1]; /* + 1 for the null terminator */
- char *cp;
- int rem;
- long tkt_len, priv_len;
- u_long cksum;
- u_char tmp_buf[MAX_KTXT_LEN+max(KRB_SENDAUTH_VLEN+1,21)];
-
- /* read the protocol version number */
- if (krb_net_read(fd, krb_vers, KRB_SENDAUTH_VLEN) !=
- KRB_SENDAUTH_VLEN)
- return(errno);
- krb_vers[KRB_SENDAUTH_VLEN] = '\0';
-
- /* check version string */
- if (strcmp(krb_vers,KRB_SENDAUTH_VERS)) {
- /* Assume the old version of sendkerberosdata: send ascii
- length, ' ', and ticket. */
- if (options & KOPT_DO_MUTUAL)
- return(KFAILURE); /* XXX can't do old style with mutual auth */
- old_vers = 1;
-
- /* copy what we have read into tmp_buf */
- (void) bcopy(krb_vers, (char *) tmp_buf, KRB_SENDAUTH_VLEN);
-
- /* search for space, and make it a null */
- for (i = 0; i < KRB_SENDAUTH_VLEN; i++)
- if (tmp_buf[i]== ' ') {
- tmp_buf[i] = '\0';
- /* point cp to the beginning of the real ticket */
- cp = (char *) &tmp_buf[i+1];
- break;
- }
-
- if (i == KRB_SENDAUTH_VLEN)
- /* didn't find the space, keep reading to find it */
- for (; i<20; i++) {
- if (read(fd, (char *)&tmp_buf[i], 1) != 1) {
- return(KFAILURE);
- }
- if (tmp_buf[i] == ' ') {
- tmp_buf[i] = '\0';
- /* point cp to the beginning of the real ticket */
- cp = (char *) &tmp_buf[i+1];
- break;
- }
- }
-
- tkt_len = (long) atoi((char *) tmp_buf);
-
- /* sanity check the length */
- if ((i==20)||(tkt_len<=0)||(tkt_len>MAX_KTXT_LEN))
- return(KFAILURE);
-
- if (i < KRB_SENDAUTH_VLEN) {
- /* since we already got the space, and part of the ticket,
- we read fewer bytes to get the rest of the ticket */
- if (krb_net_read(fd, (char *)(tmp_buf+KRB_SENDAUTH_VLEN),
- (int) (tkt_len - KRB_SENDAUTH_VLEN + 1 + i))
- != (int)(tkt_len - KRB_SENDAUTH_VLEN + 1 + i))
- return(errno);
- } else {
- if (krb_net_read(fd, (char *)(tmp_buf+i), (int)tkt_len) !=
- (int) tkt_len)
- return(errno);
- }
- ticket->length = tkt_len;
- /* copy the ticket into the struct */
- (void) bcopy(cp, (char *) ticket->dat, ticket->length);
-
- } else {
- /* read the application version string */
- if (krb_net_read(fd, version, KRB_SENDAUTH_VLEN) !=
- KRB_SENDAUTH_VLEN)
- return(errno);
- version[KRB_SENDAUTH_VLEN] = '\0';
-
- /* get the length of the ticket */
- if (krb_net_read(fd, (char *)&tkt_len, sizeof(tkt_len)) !=
- sizeof(tkt_len))
- return(errno);
-
- /* sanity check */
- ticket->length = ntohl((unsigned long)tkt_len);
- if ((ticket->length <= 0) || (ticket->length > MAX_KTXT_LEN)) {
- if (options & KOPT_DO_MUTUAL) {
- rem = KFAILURE;
- goto mutual_fail;
- } else
- return(KFAILURE); /* XXX there may still be junk on the fd? */
- }
-
- /* read the ticket */
- if (krb_net_read(fd, (char *) ticket->dat, ticket->length)
- != ticket->length)
- return(errno);
- }
- /*
- * now have the ticket. decrypt it to get the authenticated
- * data.
- */
- rem = krb_rd_req(ticket,service,instance,faddr->sin_addr.s_addr,
- kdata,filename);
-
- if (old_vers) return(rem); /* XXX can't do mutual with old client */
-
- /* if we are doing mutual auth, compose a response */
- if (options & KOPT_DO_MUTUAL) {
- if (rem != KSUCCESS)
- /* the krb_rd_req failed */
- goto mutual_fail;
-
- /* add one to the (formerly) sealed checksum, and re-seal it
- for return to the client */
- cksum = kdata->checksum + 1;
- cksum = htonl(cksum);
-#ifndef NOENCRYPTION
- key_sched((C_Block *)kdata->session,schedule);
-#endif
- priv_len = krb_mk_priv((unsigned char *)&cksum,
- tmp_buf,
- (unsigned long) sizeof(cksum),
- schedule,
- kdata->session,
- laddr,
- faddr);
- if (priv_len < 0) {
- /* re-sealing failed; notify the client */
- rem = KFAILURE; /* XXX */
-mutual_fail:
- priv_len = -1;
- tkt_len = htonl((unsigned long) priv_len);
- /* a length of -1 is interpreted as an authentication
- failure by the client */
- if ((cc = krb_net_write(fd, (char *)&tkt_len, sizeof(tkt_len)))
- != sizeof(tkt_len))
- return(cc);
- return(rem);
- } else {
- /* re-sealing succeeded, send the private message */
- tkt_len = htonl((unsigned long)priv_len);
- if ((cc = krb_net_write(fd, (char *)&tkt_len, sizeof(tkt_len)))
- != sizeof(tkt_len))
- return(cc);
- if ((cc = krb_net_write(fd, (char *)tmp_buf, (int) priv_len))
- != (int) priv_len)
- return(cc);
- }
- }
- return(rem);
-}
diff --git a/eBones/lib/libkrb/save_credentials.c b/eBones/lib/libkrb/save_credentials.c
deleted file mode 100644
index cf9e31b..0000000
--- a/eBones/lib/libkrb/save_credentials.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: save_credentials.c,v 4.9 89/05/31 17:45:43 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char *rcsid =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <stdio.h>
-#include <krb.h>
-
-/*
- * This routine takes a ticket and associated info and calls
- * tf_save_cred() to store them in the ticket cache. The peer
- * routine for extracting a ticket and associated info from the
- * ticket cache is krb_get_cred(). When changes are made to
- * this routine, the corresponding changes should be made
- * in krb_get_cred() as well.
- *
- * Returns KSUCCESS if all goes well, otherwise an error returned
- * by the tf_init() or tf_save_cred() routines.
- */
-
-int
-save_credentials(service, instance, realm, session, lifetime, kvno,
- ticket, issue_date)
- char *service; /* Service name */
- char *instance; /* Instance */
- char *realm; /* Auth domain */
- C_Block session; /* Session key */
- int lifetime; /* Lifetime */
- int kvno; /* Key version number */
- KTEXT ticket; /* The ticket itself */
- long issue_date; /* The issue time */
-{
- int tf_status; /* return values of the tf_util calls */
-
- /* Open and lock the ticket file for writing */
- if ((tf_status = tf_init(TKT_FILE, W_TKT_FIL)) != KSUCCESS)
- return(tf_status);
-
- /* Save credentials by appending to the ticket file */
- tf_status = tf_save_cred(service, instance, realm, session,
- lifetime, kvno, ticket, issue_date);
- (void) tf_close();
- return (tf_status);
-}
diff --git a/eBones/lib/libkrb/send_to_kdc.c b/eBones/lib/libkrb/send_to_kdc.c
deleted file mode 100644
index c1c94cf..0000000
--- a/eBones/lib/libkrb/send_to_kdc.c
+++ /dev/null
@@ -1,527 +0,0 @@
-/*
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: send_to_kdc.c,v 4.20 90/01/02 13:40:37 jtkohl Exp $
- * $Id: send_to_kdc.c,v 1.12 1997/02/22 14:37:36 peter Exp $
- */
-
-#if 0
-#ifndef lint
-static char rcsid_send_to_kdc_c[] =
-"$Id: send_to_kdc.c,v 1.1 1994/03/21 17:35:39 piero Exp ";
-#endif /* lint */
-#endif
-
-#include <krb.h>
-#include <prot.h>
-
-#include <unistd.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <errno.h>
-#include <sys/time.h>
-#include <sys/param.h>
-#include <sys/types.h>
-#ifdef lint
-#include <sys/uio.h> /* struct iovec to make lint happy */
-#endif /* lint */
-#include <sys/sysctl.h>
-#include <sys/socket.h>
-#include <net/if.h>
-#include <net/route.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <netdb.h>
-#include <strings.h>
-
-#define S_AD_SZ sizeof(struct sockaddr_in)
-
-/* Used for extracting addresses from routing messages */
-#define ROUNDUP(a) \
- ((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long))
-#define ADVANCE(x, n) (x += ROUNDUP((n)->sin_len))
-
-extern int errno;
-extern int krb_debug;
-
-int krb_udp_port = 0;
-
-static struct sockaddr_in local_addr = { S_AD_SZ,
- AF_INET
- };
-
-/* CLIENT_KRB_TIMEOUT indicates the time to wait before
- * retrying a server. It's defined in "krb.h".
- */
-static struct timeval timeout = { CLIENT_KRB_TIMEOUT, 0};
-static char *prog = "send_to_kdc";
-static send_recv();
-
-/*
- * This file contains two routines, send_to_kdc() and send_recv().
- * send_recv() is a static routine used by send_to_kdc().
- */
-
-/*
- * send_to_kdc() sends a message to the Kerberos authentication
- * server(s) in the given realm and returns the reply message.
- * The "pkt" argument points to the message to be sent to Kerberos;
- * the "rpkt" argument will be filled in with Kerberos' reply.
- * The "realm" argument indicates the realm of the Kerberos server(s)
- * to transact with. If the realm is null, the local realm is used.
- *
- * If more than one Kerberos server is known for a given realm,
- * different servers will be queried until one of them replies.
- * Several attempts (retries) are made for each server before
- * giving up entirely.
- *
- * If an answer was received from a Kerberos host, KSUCCESS is
- * returned. The following errors can be returned:
- *
- * SKDC_CANT - can't get local realm
- * - can't find "kerberos" in /etc/services database
- * - can't open socket
- * - can't bind socket
- * - all ports in use
- * - couldn't find any Kerberos host
- *
- * SKDC_RETRY - couldn't get an answer from any Kerberos server,
- * after several retries
- */
-
-int
-send_to_kdc(pkt,rpkt,realm)
- KTEXT pkt;
- KTEXT rpkt;
- char *realm;
-{
- int i, f;
- int no_host; /* was a kerberos host found? */
- int retry;
- int n_hosts;
- int retval;
- int addr_count;
- struct sockaddr_in to;
- struct hostent *host, *hostlist;
- char krbhst[MAX_HSTNM];
- char lrealm[REALM_SZ];
-
- /*
- * If "realm" is non-null, use that, otherwise get the
- * local realm.
- */
- if (realm)
- (void) strcpy(lrealm, realm);
- else
- if (krb_get_lrealm(lrealm,1)) {
- if (krb_debug)
- fprintf(stderr, "%s: can't get local realm\n", prog);
- return(SKDC_CANT);
- }
- if (krb_debug)
- printf("lrealm is %s\n", lrealm);
- if (krb_udp_port == 0) {
- register struct servent *sp;
- if ((sp = getservbyname("kerberos","udp")) == 0) {
- if (krb_debug)
- fprintf(stderr, "%s: Can't get kerberos/udp service\n",
- prog);
- return(SKDC_CANT);
- }
- krb_udp_port = sp->s_port;
- if (krb_debug)
- printf("krb_udp_port is %d\n", krb_udp_port);
- }
- bzero((char *)&to, S_AD_SZ);
- hostlist = (struct hostent *) malloc(sizeof(struct hostent));
- if (!hostlist)
- return (/*errno */SKDC_CANT);
- if ((f = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
- if (krb_debug)
- fprintf(stderr,"%s: Can't open socket\n", prog);
- return(SKDC_CANT);
- }
- /* from now on, exit through rtn label for cleanup */
-
- no_host = 1;
- /* get an initial allocation */
- n_hosts = 0;
- for (i = 1; krb_get_krbhst(krbhst, lrealm, i) == KSUCCESS; ++i) {
- if (krb_debug) {
- printf("Getting host entry for %s...",krbhst);
- (void) fflush(stdout);
- }
- host = gethostbyname(krbhst);
- if (krb_debug) {
- printf("%s.\n",
- host ? "Got it" : "Didn't get it");
- (void) fflush(stdout);
- }
- if (!host)
- continue;
- no_host = 0; /* found at least one */
- n_hosts++;
- /*
- * Preserve host network addresses to check against later
- */
- hostlist = (struct hostent *)
- realloc((char *)hostlist,
- (unsigned)
- sizeof(struct hostent)*(n_hosts+1));
- if (!hostlist) {
- fprintf(stderr, "Could not grow hostlist\n");
- return /*errno */SKDC_CANT;
- }
- bcopy((char *)host, (char *)&hostlist[n_hosts-1],
- sizeof(struct hostent));
- host = &hostlist[n_hosts-1];
-/* At least Sun OS version 3.2 (or worse) and Ultrix version 2.2
- (or worse) only return one address ... */
-#if (defined(ULTRIX022) || (defined(SunOS) && SunOS < 40))
- {
- char *cp = malloc((unsigned)host->h_length);
- if (!cp) {
- retval = /*errno */SKDC_CANT;
- goto rtn;
- }
- bcopy((char *)host->h_addr, cp, host->h_length);
- host->h_addr = cp;
- }
-#else /* !(ULTRIX022 || (SunOS < 40)) */
- /*
- * Make a copy of the entire h_addr_list.
- */
- {
- char *addr;
- char **old_addr_list;
- addr_count = 0;
- old_addr_list = host->h_addr_list;
- while(old_addr_list[addr_count++])
- ;
- host->h_addr_list = (char **)malloc(addr_count+1 * sizeof(char *));
- if (host->h_addr_list == NULL) {
- fprintf(stderr, "Could not allocate host->h_addr_list\n");
- retval = SKDC_CANT;
- goto rtn;
- }
- if (krb_debug) {
- printf("h_length = %d\n", host->h_length);
- printf("Number of addresses = %d\n", addr_count);
- }
- for (addr_count = 0; old_addr_list[addr_count]; addr_count++) {
- if (krb_debug)
- printf ("addr[%d] = %s\n", addr_count,
- inet_ntoa(*(struct in_addr *)old_addr_list[addr_count]));
- addr = (char *)malloc(host->h_length);
- if (addr == NULL) {
- fprintf(stderr, "Could not allocate address\n");
- retval = SKDC_CANT;
- goto rtn;
- }
- bcopy(old_addr_list[addr_count], addr, host->h_length);
- host->h_addr_list[addr_count] = addr;
- }
- host->h_addr_list[addr_count] = NULL;
- }
-#endif /* !(ULTRIX022 || (SunOS < 40)) */
-
- bzero((char *)&hostlist[n_hosts],
- sizeof(struct hostent));
- to.sin_family = host->h_addrtype;
- bcopy(host->h_addr, (char *)&to.sin_addr,
- host->h_length);
- to.sin_port = krb_udp_port;
- if ((retval = krb_bind_local_addr(f)) != KSUCCESS) {
- fprintf(stderr, "krb_bind_local_addr: %s", krb_err_txt[retval]);
- retval = SKDC_CANT;
- goto rtn;
- }
- if (send_recv(pkt, rpkt, f, &to, hostlist)) {
- retval = KSUCCESS;
- goto rtn;
- }
- if (krb_debug) {
- printf("Timeout, error, or wrong descriptor\n");
- (void) fflush(stdout);
- }
- }
- if (no_host) {
- if (krb_debug)
- fprintf(stderr, "%s: can't find any Kerberos host.\n", prog);
- retval = SKDC_CANT;
- goto rtn;
- }
- /*
- * retry each host in sequence. Some addresses may be unreachable
- * from where we are, so loop through them as well.
- */
- for (retry = 0; retry < CLIENT_KRB_RETRY; ++retry) {
- for (host = hostlist; host->h_name != (char *)NULL; host++) {
-#if (defined(ULTRIX022) || (defined(SunOS) && SunOS < 40))
- to.sin_family = host->h_addrtype;
- bcopy(host->h_addr_list[addr_count], (char *)&to.sin_addr,
- host->h_length);
- if (send_recv(pkt, rpkt, f, &to, hostlist)) {
- retval = KSUCCESS;
- goto rtn;
- }
-#else /* !(ULTRIX022 || (SunOS < 40)) */
- for (addr_count = 0; host->h_addr_list[addr_count]; addr_count++) {
- to.sin_family = host->h_addrtype;
- bcopy(host->h_addr_list[addr_count], (char *)&to.sin_addr,
- host->h_length);
- if (send_recv(pkt, rpkt, f, &to, hostlist)) {
- retval = KSUCCESS;
- goto rtn;
- }
- }
-#endif /* !(ULTRIX022 || (SunOS < 40)) */
- }
- }
- retval = SKDC_RETRY;
-rtn:
- (void) close(f);
- if (hostlist) {
- if(!no_host) {
- register struct hostent *hp;
- for (hp = hostlist; hp->h_name; hp++)
-#if !(defined(ULTRIX022) || (defined(SunOS) && SunOS < 40))
- if (hp->h_addr_list) {
-#endif /* ULTRIX022 || SunOS */
- if (hp->h_addr)
- free(hp->h_addr);
-#if !(defined(ULTRIX022) || (defined(SunOS) && SunOS < 40))
- free((char *)hp->h_addr_list);
- }
-#endif /* ULTRIX022 || SunOS */
- }
- free((char *)hostlist);
- }
- return(retval);
-}
-
-/*
- * try to send out and receive message.
- * return 1 on success, 0 on failure
- */
-
-static int
-send_recv(pkt,rpkt,f,_to,addrs)
- KTEXT pkt;
- KTEXT rpkt;
- int f;
- struct sockaddr_in *_to;
- struct hostent *addrs;
-{
- fd_set readfds;
- register struct hostent *hp;
- struct sockaddr_in from;
- int sin_size;
- int numsent;
- int addr_count;
-
- if (krb_debug) {
- if (_to->sin_family == AF_INET)
- printf("Sending message to %s...",
- inet_ntoa(_to->sin_addr));
- else
- printf("Sending message...");
- (void) fflush(stdout);
- }
- if ((numsent = sendto(f,(char *)(pkt->dat), pkt->length, 0,
- (struct sockaddr *)_to,
- S_AD_SZ)) != pkt->length) {
- if (krb_debug)
- printf("sent only %d/%d\n",numsent, pkt->length);
- return 0;
- }
- if (krb_debug) {
- printf("Sent\nWaiting for reply...");
- (void) fflush(stdout);
- }
- FD_ZERO(&readfds);
- FD_SET(f, &readfds);
- errno = 0;
- /* select - either recv is ready, or timeout */
- /* see if timeout or error or wrong descriptor */
- if (select(f + 1, &readfds, (fd_set *)0, (fd_set *)0, &timeout) < 1
- || !FD_ISSET(f, &readfds)) {
- if (krb_debug) {
- fprintf(stderr, "select failed: readfds=%x",
- readfds);
- perror("");
- }
- return 0;
- }
- sin_size = sizeof(from);
- if (recvfrom(f, (char *)(rpkt->dat), sizeof(rpkt->dat), 0,
- (struct sockaddr *)&from, &sin_size)
- < 0) {
- if (krb_debug)
- perror("recvfrom");
- return 0;
- }
- if (krb_debug) {
- printf("received packet from %s\n", inet_ntoa(from.sin_addr));
- fflush(stdout);
- }
-/* At least Sun OS version 3.2 (or worse) and Ultrix version 2.2
- (or worse) only return one address ... */
-#if (defined(ULTRIX022) || (defined(SunOS) && SunOS < 40))
- for (hp = addrs; hp->h_name != (char *)NULL; hp++) {
- if (!bcmp(hp->h_addr, (char *)&from.sin_addr.s_addr,
- hp->h_length)) {
- if (krb_debug) {
- printf("Received it\n");
- (void) fflush(stdout);
- }
- return 1;
- }
- if (krb_debug)
- fprintf(stderr, "packet not from %s\n",
- inet_ntoa(*(struct in_addr *)hp->h_addr));
- }
-#else /* !(ULTRIX022 || (SunOS < 40)) */
- for (hp = addrs; hp->h_name != (char *)NULL; hp++) {
- for (addr_count = 0; hp->h_addr_list[addr_count]; addr_count++) {
- if (!bcmp(hp->h_addr_list[addr_count],
- (char *)&from.sin_addr.s_addr, hp->h_length)) {
- if (krb_debug) {
- printf("Received it\n");
- (void) fflush(stdout);
- }
- return 1;
- }
- if (krb_debug)
- fprintf(stderr, "packet not from %s\n",
- inet_ntoa(*(struct in_addr *)hp->h_addr_list[addr_count]));
- }
- }
-#endif /* !(ULTRIX022 || (SunOS < 40)) */
- if (krb_debug)
- fprintf(stderr, "%s: received packet from wrong host! (%s)\n",
- "send_to_kdc(send_rcv)", inet_ntoa(from.sin_addr));
- return 0;
-}
-
-
-static int
-setfixedaddr(s)
- int s;
-{
- struct ifa_msghdr *ifa, *ifa0, *ifa_end;
- struct sockaddr_in *cur_addr;
- int tries;
- int i;
- u_long loopback;
- int mib[6] = { CTL_NET, PF_ROUTE, 0, AF_INET, NET_RT_IFLIST, 0 };
- size_t len;
-
- /* Get information about our interfaces */
-#define NUMTRIES 10
- tries = 0;
-
-retry:
- len = 0;
- if (sysctl(mib, 6, NULL, &len, NULL, 0) < 0) {
- perror("setfixedaddr: Can't get size of interface table: sysctl");
- return GT_LADDR_IFLIST;
- }
- ifa = (struct ifa_msghdr *)malloc(len);
- if (!ifa) {
- fprintf(stderr, "setfixedaddr: Cannot malloc\n");
- return (KFAILURE);
- }
- if (sysctl(mib, 6, ifa, &len, NULL, 0) < 0) {
- free(ifa);
- if (errno == ENOMEM && tries < NUMTRIES) {
- /* Table grew between calls */
- tries++;
- goto retry;
- }
- else {
- perror("setfixedaddr: Can't get interface table: sysctl");
- return GT_LADDR_IFLIST;
- }
- }
- loopback = inet_addr("127.0.0.1");
-
- ifa0 = ifa;
- for(ifa_end = (struct ifa_msghdr *)((caddr_t)ifa + len);
- ifa < ifa_end;
- (caddr_t)ifa += ifa->ifam_msglen) {
- /* Ignore interface name messages and ensure we have an address */
- if (ifa->ifam_type == RTM_IFINFO || !(ifa->ifam_addrs & RTAX_IFA))
- continue;
- cur_addr = (struct sockaddr_in *)(ifa + 1);
- for (i = 0; i < RTAX_IFA; i++) {
- if (ifa->ifam_addrs & (1 << i))
- ADVANCE((caddr_t)cur_addr, cur_addr);
- }
- if (cur_addr->sin_addr.s_addr != loopback) {
- local_addr.sin_addr.s_addr = cur_addr->sin_addr.s_addr;
- break;
- }
- }
- free(ifa0);
- if (ifa >= ifa_end) {
- return GT_LADDR_NVI;
- }
- if (krb_debug) {
- fprintf(stderr, "setfixedaddr: using local address %s\n",
- inet_ntoa(local_addr.sin_addr));
- }
- return (KSUCCESS);
-}
-
-int
-krb_bind_local_addr(s)
- int s;
-{
- int retval;
- if (local_addr.sin_addr.s_addr == INADDR_ANY) {
- /*
- * We haven't determined the local interface to use
- * for kerberos server interactions. Do so now.
- */
- if ((retval = setfixedaddr(s)) != KSUCCESS)
- return (retval);
- }
- if (bind(s, (struct sockaddr *)&local_addr, sizeof(local_addr)) < 0) {
- perror("krb_bind_local_addr: bind");
- return BND_LADDR_BIND;
- }
- if (krb_debug)
- printf("local_addr = %s\n", inet_ntoa(local_addr.sin_addr));
- return(KSUCCESS);
-}
-
-int
-krb_get_local_addr(returned_addr)
- struct sockaddr_in *returned_addr;
-{
- int retval;
- if (local_addr.sin_addr.s_addr == INADDR_ANY) {
- /*
- * We haven't determined the local interface to use
- * for kerberos server interactions. Do so now.
- */
- int s;
- if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
- return GT_LADDR_NOSOCK;
- }
- if ((retval = setfixedaddr(s)) != KSUCCESS) {
- close(s);
- return (retval);
- }
- close(s);
- }
- if (!returned_addr)
- return(KFAILURE);
- *returned_addr = local_addr;
- if (krb_debug)
- printf("local_addr = %s\n", inet_ntoa(local_addr.sin_addr));
- return (KSUCCESS);
-}
diff --git a/eBones/lib/libkrb/sendauth.c b/eBones/lib/libkrb/sendauth.c
deleted file mode 100644
index 7289d07..0000000
--- a/eBones/lib/libkrb/sendauth.c
+++ /dev/null
@@ -1,259 +0,0 @@
-/*
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: sendauth.c,v 4.6 90/03/10 23:18:28 jon Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif lint
-#endif
-
-#include <krb.h>
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <syslog.h>
-#include <errno.h>
-#include <stdio.h>
-#include <strings.h>
-
-#define KRB_SENDAUTH_VERS "AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN chars */
-/*
- * If the protocol changes, you will need to change the version string
- * and make appropriate changes in krb_recvauth.c
- */
-
-extern int errno;
-
-extern char *krb_get_phost();
-
-/*
- * This file contains two routines: krb_sendauth() and krb_sendsrv().
- *
- * krb_sendauth() transmits a ticket over a file descriptor for a
- * desired service, instance, and realm, doing mutual authentication
- * with the server if desired.
- *
- * krb_sendsvc() sends a service name to a remote knetd server.
- */
-
-/*
- * The first argument to krb_sendauth() contains a bitfield of
- * options (the options are defined in "krb.h"):
- *
- * KOPT_DONT_CANON Don't canonicalize instance as a hostname.
- * (If this option is not chosen, krb_get_phost()
- * is called to canonicalize it.)
- *
- * KOPT_DONT_MK_REQ Don't request server ticket from Kerberos.
- * A ticket must be supplied in the "ticket"
- * argument.
- * (If this option is not chosen, and there
- * is no ticket for the given server in the
- * ticket cache, one will be fetched using
- * krb_mk_req() and returned in "ticket".)
- *
- * KOPT_DO_MUTUAL Do mutual authentication, requiring that the
- * receiving server return the checksum+1 encrypted
- * in the session key. The mutual authentication
- * is done using krb_mk_priv() on the other side
- * (see "recvauth.c") and krb_rd_priv() on this
- * side.
- *
- * The "fd" argument is a file descriptor to write to the remote
- * server on. The "ticket" argument is used to store the new ticket
- * from the krb_mk_req() call. If the KOPT_DONT_MK_REQ options is
- * chosen, the ticket must be supplied in the "ticket" argument.
- * The "service", "inst", and "realm" arguments identify the ticket.
- * If "realm" is null, the local realm is used.
- *
- * The following arguments are only needed if the KOPT_DO_MUTUAL option
- * is chosen:
- *
- * The "checksum" argument is a number that the server will add 1 to
- * to authenticate itself back to the client; the "msg_data" argument
- * holds the returned mutual-authentication message from the server
- * (i.e., the checksum+1); the "cred" structure is used to hold the
- * session key of the server, extracted from the ticket file, for use
- * in decrypting the mutual authentication message from the server;
- * and "schedule" holds the key schedule for that decryption. The
- * the local and server addresses are given in "laddr" and "faddr".
- *
- * The application protocol version number (of up to KRB_SENDAUTH_VLEN
- * characters) is passed in "version".
- *
- * If all goes well, KSUCCESS is returned, otherwise some error code.
- *
- * The format of the message sent to the server is:
- *
- * Size Variable Field
- * ---- -------- -----
- *
- * KRB_SENDAUTH_VLEN KRB_SENDAUTH_VER sendauth protocol
- * bytes version number
- *
- * KRB_SENDAUTH_VLEN version application protocol
- * bytes version number
- *
- * 4 bytes ticket->length length of ticket
- *
- * ticket->length ticket->dat ticket itself
- */
-
-/*
- * XXX: Note that krb_rd_priv() is coded in such a way that
- * "msg_data->app_data" will be pointing into "priv_buf", which
- * will disappear when krb_sendauth() returns.
- */
-
-int
-krb_sendauth(options, fd, ticket, service, inst, realm, checksum,
- msg_data, cred, schedule, laddr, faddr, version)
-long options; /* bit-pattern of options */
-int fd; /* file descriptor to write onto */
-KTEXT ticket; /* where to put ticket (return); or
- * supplied in case of KOPT_DONT_MK_REQ */
-char *service, *inst, *realm; /* service name, instance, realm */
-u_long checksum; /* checksum to include in request */
-MSG_DAT *msg_data; /* mutual auth MSG_DAT (return) */
-CREDENTIALS *cred; /* credentials (return) */
-Key_schedule schedule; /* key schedule (return) */
-struct sockaddr_in *laddr; /* local address */
-struct sockaddr_in *faddr; /* address of foreign host on fd */
-char *version; /* version string */
-{
- int rem, i, cc;
- char srv_inst[INST_SZ];
- char krb_realm[REALM_SZ];
- char buf[BUFSIZ];
- long tkt_len;
- u_char priv_buf[1024];
- u_long cksum;
-
- rem=KSUCCESS;
-
- /* get current realm if not passed in */
- if (!realm) {
- rem = krb_get_lrealm(krb_realm,1);
- if (rem != KSUCCESS)
- return(rem);
- realm = krb_realm;
- }
-
- /* copy instance into local storage, canonicalizing if desired */
- if (options & KOPT_DONT_CANON)
- (void) strncpy(srv_inst, inst, INST_SZ);
- else
- (void) strncpy(srv_inst, krb_get_phost(inst), INST_SZ);
-
- /* get the ticket if desired */
- if (!(options & KOPT_DONT_MK_REQ)) {
- rem = krb_mk_req(ticket, service, srv_inst, realm, checksum);
- if (rem != KSUCCESS)
- return(rem);
- }
-
-#ifdef ATHENA_COMPAT
- /* this is only for compatibility with old servers */
- if (options & KOPT_DO_OLDSTYLE) {
- (void) sprintf(buf,"%d ",ticket->length);
- (void) write(fd, buf, strlen(buf));
- (void) write(fd, (char *) ticket->dat, ticket->length);
- return(rem);
- }
-#endif ATHENA_COMPAT
- /* if mutual auth, get credentials so we have service session
- keys for decryption below */
- if (options & KOPT_DO_MUTUAL)
- if ((cc = krb_get_cred(service, srv_inst, realm, cred)))
- return(cc);
-
- /* zero the buffer */
- (void) bzero(buf, BUFSIZ);
-
- /* insert version strings */
- (void) strncpy(buf, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN);
- (void) strncpy(buf+KRB_SENDAUTH_VLEN, version, KRB_SENDAUTH_VLEN);
-
- /* increment past vers strings */
- i = 2*KRB_SENDAUTH_VLEN;
-
- /* put ticket length into buffer */
- tkt_len = htonl((unsigned long) ticket->length);
- (void) bcopy((char *) &tkt_len, buf+i, sizeof(tkt_len));
- i += sizeof(tkt_len);
-
- /* put ticket into buffer */
- (void) bcopy((char *) ticket->dat, buf+i, ticket->length);
- i += ticket->length;
-
- /* write the request to the server */
- if ((cc = krb_net_write(fd, buf, i)) != i)
- return(cc);
-
- /* mutual authentication, if desired */
- if (options & KOPT_DO_MUTUAL) {
- /* get the length of the reply */
- if (krb_net_read(fd, (char *) &tkt_len, sizeof(tkt_len)) !=
- sizeof(tkt_len))
- return(errno);
- tkt_len = ntohl((unsigned long)tkt_len);
-
- /* if the length is negative, the server failed to recognize us. */
- if ((tkt_len < 0) || (tkt_len > sizeof(priv_buf)))
- return(KFAILURE); /* XXX */
- /* read the reply... */
- if (krb_net_read(fd, (char *)priv_buf, (int) tkt_len) != (int) tkt_len)
- return(errno);
-
- /* ...and decrypt it */
-#ifndef NOENCRYPTION
- key_sched((C_Block *)cred->session,schedule);
-#endif
- if ((cc = krb_rd_priv(priv_buf,(unsigned long) tkt_len, schedule,
- cred->session, faddr, laddr, msg_data)))
- return(cc);
-
- /* fetch the (modified) checksum */
- (void) bcopy((char *)msg_data->app_data, (char *)&cksum,
- sizeof(cksum));
- cksum = ntohl(cksum);
-
- /* if it doesn't match, fail */
- if (cksum != checksum + 1)
- return(KFAILURE); /* XXX */
- }
- return(KSUCCESS);
-}
-
-#ifdef ATHENA_COMPAT
-/*
- * krb_sendsvc
- */
-
-int
-krb_sendsvc(fd, service)
-int fd;
-char *service;
-{
- /* write the service name length and then the service name to
- the fd */
- long serv_length;
- int cc;
-
- serv_length = htonl((unsigned long)strlen(service));
- if ((cc = krb_net_write(fd, (char *) &serv_length,
- sizeof(serv_length)))
- != sizeof(serv_length))
- return(cc);
- if ((cc = krb_net_write(fd, service, strlen(service)))
- != strlen(service))
- return(cc);
- return(KSUCCESS);
-}
-#endif ATHENA_COMPAT
diff --git a/eBones/lib/libkrb/stime.c b/eBones/lib/libkrb/stime.c
deleted file mode 100644
index 5b5cd75..0000000
--- a/eBones/lib/libkrb/stime.c
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: stime.c,v 4.5 88/11/15 16:58:05 jtkohl Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char *rcsid =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <sys/time.h>
-#include <stdio.h> /* for sprintf() */
-
-/*
- * Given a pointer to a long containing the number of seconds
- * since the beginning of time (midnight 1 Jan 1970 GMT), return
- * a string containing the local time in the form:
- *
- * "25-Jan-88 10:17:56"
- */
-
-char *
-stime(t)
- long *t;
-{
- static char st_data[40];
- static char *st = st_data;
- struct tm *tm;
- char *month_sname();
-
- tm = localtime(t);
- (void) sprintf(st,"%2d-%s-%02d %02d:%02d:%02d",tm->tm_mday,
- month_sname(tm->tm_mon + 1),tm->tm_year,
- tm->tm_hour, tm->tm_min, tm->tm_sec);
- return st;
-}
diff --git a/eBones/lib/libkrb/tf_shm.c b/eBones/lib/libkrb/tf_shm.c
deleted file mode 100644
index 857dfc3..0000000
--- a/eBones/lib/libkrb/tf_shm.c
+++ /dev/null
@@ -1,176 +0,0 @@
-/*
- * Copyright 1988 by the Massachusetts Institute of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * Shared memory segment functions for session keys. Derived from code
- * contributed by Dan Kolkowitz (kolk@jessica.stanford.edu).
- *
- * from: tf_shm.c,v 4.2 89/10/25 23:26:46 qjb Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif lint
-#endif
-
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/ipc.h>
-#include <sys/shm.h>
-#include <krb.h>
-#include <des.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-
-#define MAX_BUFF sizeof(des_cblock)*1000 /* room for 1k keys */
-
-extern int errno;
-extern int krb_debug;
-
-/*
- * krb_create_shmtkt:
- *
- * create a shared memory segment for session keys, leaving its id
- * in the specified filename.
- */
-
-int
-krb_shm_create(file_name)
-char *file_name;
-{
- int retval;
- int shmid;
- struct shmid_ds shm_buf;
- FILE *sfile;
- uid_t me, metoo, getuid(), geteuid();
-
- (void) krb_shm_dest(file_name); /* nuke it if it exists...
- this cleans up to make sure we
- don't slowly lose memory. */
-
- shmid = shmget((long)IPC_PRIVATE,MAX_BUFF, IPC_CREAT);
- if (shmid == -1) {
- if (krb_debug)
- perror("krb_shm_create shmget");
- return(KFAILURE); /* XXX */
- }
- me = getuid();
- metoo = geteuid();
- /*
- * now set up the buffer so that we can modify it
- */
- shm_buf.shm_perm.uid = me;
- shm_buf.shm_perm.gid = getgid();
- shm_buf.shm_perm.mode = 0600;
- if (shmctl(shmid,IPC_SET,&shm_buf) < 0) { /*can now map it */
- if (krb_debug)
- perror("krb_shm_create shmctl");
- (void) shmctl(shmid, IPC_RMID, 0);
- return(KFAILURE); /* XXX */
- }
- (void) shmctl(shmid, SHM_LOCK, 0); /* attempt to lock-in-core */
- /* arrange so the file is owned by the ruid
- (swap real & effective uid if necessary). */
- if (me != metoo) {
- if (setreuid(metoo, me) < 0) {
- /* can't switch??? barf! */
- if (krb_debug)
- perror("krb_shm_create: setreuid");
- (void) shmctl(shmid, IPC_RMID, 0);
- return(KFAILURE);
- } else
- if (krb_debug)
- printf("swapped UID's %d and %d\n",metoo,me);
- }
- if ((sfile = fopen(file_name,"w")) == 0) {
- if (krb_debug)
- perror("krb_shm_create file");
- (void) shmctl(shmid, IPC_RMID, 0);
- return(KFAILURE); /* XXX */
- }
- if (fchmod(fileno(sfile),0600) < 0) {
- if (krb_debug)
- perror("krb_shm_create fchmod");
- (void) shmctl(shmid, IPC_RMID, 0);
- return(KFAILURE); /* XXX */
- }
- if (me != metoo) {
- if (setreuid(me, metoo) < 0) {
- /* can't switch??? barf! */
- if (krb_debug)
- perror("krb_shm_create: setreuid2");
- (void) shmctl(shmid, IPC_RMID, 0);
- return(KFAILURE);
- } else
- if (krb_debug)
- printf("swapped UID's %d and %d\n",me,metoo);
- }
-
- (void) fprintf(sfile,"%d",shmid);
- (void) fflush(sfile);
- (void) fclose(sfile);
- return(KSUCCESS);
-}
-
-
-/*
- * krb_is_diskless:
- *
- * check / to see if file .diskless exists. If so it is diskless.
- * Do it this way now to avoid dependencies on a particular routine.
- * Choose root file system since that will be private to the client.
- */
-
-int krb_is_diskless()
-{
- struct stat buf;
- if (stat("/.diskless",&buf) < 0)
- return(0);
- else return(1);
-}
-
-/*
- * krb_shm_dest: destroy shared memory segment with session keys, and remove
- * file pointing to it.
- */
-
-int krb_shm_dest(file)
-char *file;
-{
- int shmid;
- FILE *sfile;
- struct stat st_buf;
-
- if (stat(file,&st_buf) == 0) {
- /* successful stat */
- if ((sfile = fopen(file,"r")) == 0) {
- if (krb_debug)
- perror("cannot open shared memory file");
- return(KFAILURE); /* XXX */
- }
- if (fscanf(sfile,"%d",&shmid) == 1) {
- if (shmctl(shmid,IPC_RMID,0) != 0) {
- if (krb_debug)
- perror("krb_shm_dest: cannot delete shm segment");
- (void) fclose(sfile);
- return(KFAILURE); /* XXX */
- }
- } else {
- if (krb_debug)
- fprintf(stderr, "bad format in shmid file\n");
- (void) fclose(sfile);
- return(KFAILURE); /* XXX */
- }
- (void) fclose(sfile);
- (void) unlink(file);
- return(KSUCCESS);
- } else
- return(RET_TKFIL); /* XXX */
-}
-
-
-
diff --git a/eBones/lib/libkrb/tf_util.3 b/eBones/lib/libkrb/tf_util.3
deleted file mode 100644
index 39ed1c0..0000000
--- a/eBones/lib/libkrb/tf_util.3
+++ /dev/null
@@ -1,151 +0,0 @@
-.\" from: tf_util.3,v 4.2 89/04/25 17:17:11 jtkohl Exp $
-.\" $Id$
-.\" Copyright 1989 by the Massachusetts Institute of Technology.
-.\"
-.\" For copying and distribution information,
-.\" please see the file <Copyright.MIT>.
-.\"
-.TH TF_UTIL 3 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-tf_init, tf_get_pname, tf_get_pinst, tf_get_cred, tf_close \
-\- Routines for manipulating a Kerberos ticket file
-.SH SYNOPSIS
-.nf
-.nj
-.ft B
-#include <kerberosIV/krb.h>
-.PP
-.ft B
-extern char *krb_err_txt[];
-.PP
-.ft B
-tf_init(tf_name, rw)
-char *tf_name;
-int rw;
-.PP
-.ft B
-tf_get_pname(pname)
-char *pname;
-.PP
-.ft B
-tf_get_pinst(pinst)
-char *pinst;
-.PP
-.ft B
-tf_get_cred(c)
-CREDENTIALS *c;
-.PP
-.ft B
-tf_close()
-.PP
-.fi
-.SH DESCRIPTION
-This group of routines are provided to manipulate the Kerberos tickets
-file. A ticket file has the following format:
-.nf
-.in +4
-.sp
-principal's name (null-terminated string)
-principal's instance (null-terminated string)
-CREDENTIAL_1
-CREDENTIAL_2
- ...
-CREDENTIAL_n
-EOF
-.sp
-.in -4
-.LP
-Where "CREDENTIAL_x" consists of the following fixed-length
-fields from the CREDENTIALS structure (defined in <krb.h>):
-.nf
-.sp
-.in +4
- char service[ANAME_SZ]
- char instance[INST_SZ]
- char realm[REALM_SZ]
- des_cblock session
- int lifetime
- int kvno
- KTEXT_ST ticket_st
- long issue_date
-.in -4
-.sp
-.fi
-.PP
-.I tf_init
-must be called before the other ticket file
-routines.
-It takes the name of the ticket file to use,
-and a read/write flag as arguments.
-It tries to open the ticket file, checks the mode and if
-everything is okay, locks the file. If it's opened for
-reading, the lock is shared. If it's opened for writing,
-the lock is exclusive.
-KSUCCESS is returned if all went well, otherwise one of the
-following:
-.nf
-.sp
-NO_TKT_FIL - file wasn't there
-TKT_FIL_ACC - file was in wrong mode, etc.
-TKT_FIL_LCK - couldn't lock the file, even after a retry
-.sp
-.fi
-.PP
-The
-.I tf_get_pname
-reads the principal's name from a ticket file.
-It should only be called after tf_init has been called. The
-principal's name is filled into the
-.I pname
-parameter. If all goes
-well, KSUCCESS is returned.
-If tf_init wasn't called, TKT_FIL_INI
-is returned.
-If the principal's name was null, or EOF was encountered, or the
-name was longer than ANAME_SZ, TKT_FIL_FMT is returned.
-.PP
-The
-.I tf_get_pinst
-reads the principal's instance from a ticket file.
-It should only be called after tf_init and tf_get_pname
-have been called.
-The principal's instance is filled into the
-.I pinst
-parameter.
-If all goes
-well, KSUCCESS is returned.
-If tf_init wasn't called, TKT_FIL_INI
-is returned.
-If EOF was encountered, or the
-name was longer than INST_SZ, TKT_FIL_FMT is returned.
-Note that, unlike the principal name, the instance name may be null.
-.PP
-The
-.I tf_get_cred
-routine reads a CREDENTIALS record from a ticket file and
-fills in the given structure.
-It should only be called after
-tf_init, tf_get_pname, and tf_get_pinst have been called.
-If all goes well, KSUCCESS is returned. Possible error codes
-are:
-.nf
-.sp
-TKT_FIL_INI - tf_init wasn't called first
-TKT_FIL_FMT - bad format
-EOF - end of file encountered
-.sp
-.fi
-.PP
-.I tf_close
-closes the ticket file and releases the lock on it.
-.SH "SEE ALSO"
-krb(3)
-.SH DIAGNOSTICS
-.SH BUGS
-The ticket file routines have to be called in a certain order.
-.SH AUTHORS
-Jennifer Steiner, MIT Project Athena
-.br
-Bill Bryant, MIT Project Athena
-.SH RESTRICTIONS
-Copyright 1987 Massachusetts Institute of Technology
diff --git a/eBones/lib/libkrb/tf_util.c b/eBones/lib/libkrb/tf_util.c
deleted file mode 100644
index fab8ed4..0000000
--- a/eBones/lib/libkrb/tf_util.c
+++ /dev/null
@@ -1,581 +0,0 @@
-/*
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: tf_util.c,v 4.9 90/03/10 19:19:45 jon Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <unistd.h>
-#include <string.h>
-#include <stdio.h>
-#include <errno.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/file.h>
-#include <krb.h>
-
-#ifdef TKT_SHMEM
-#include <sys/param.h>
-#include <sys/ipc.h>
-#include <sys/shm.h>
-#endif /* TKT_SHMEM */
-
-#define TOO_BIG -1
-#define TF_LCK_RETRY ((unsigned)2) /* seconds to sleep before
- * retry if ticket file is
- * locked */
-extern int krb_debug;
-
-#ifdef TKT_SHMEM
-char *krb_shm_addr = 0;
-static char *tmp_shm_addr = 0;
-static char krb_dummy_skey[8] = {0,0,0,0,0,0,0,0};
-
-#endif /* TKT_SHMEM */
-
-/*
- * fd must be initialized to something that won't ever occur as a real
- * file descriptor. Since open(2) returns only non-negative numbers as
- * valid file descriptors, and tf_init always stuffs the return value
- * from open in here even if it is an error flag, we must
- * a. Initialize fd to a negative number, to indicate that it is
- * not initially valid.
- * b. When checking for a valid fd, assume that negative values
- * are invalid (ie. when deciding whether tf_init has been
- * called.)
- * c. In tf_close, be sure it gets reinitialized to a negative
- * number.
- */
-static fd = -1;
-static curpos; /* Position in tfbfr */
-static lastpos; /* End of tfbfr */
-static char tfbfr[BUFSIZ]; /* Buffer for ticket data */
-
-static int tf_read(char *s, int n);
-static int tf_gets(char *s, int n);
-
-/*
- * This file contains routines for manipulating the ticket cache file.
- *
- * The ticket file is in the following format:
- *
- * principal's name (null-terminated string)
- * principal's instance (null-terminated string)
- * CREDENTIAL_1
- * CREDENTIAL_2
- * ...
- * CREDENTIAL_n
- * EOF
- *
- * Where "CREDENTIAL_x" consists of the following fixed-length
- * fields from the CREDENTIALS structure (see "krb.h"):
- *
- * char service[ANAME_SZ]
- * char instance[INST_SZ]
- * char realm[REALM_SZ]
- * C_Block session
- * int lifetime
- * int kvno
- * KTEXT_ST ticket_st
- * long issue_date
- *
- * Short description of routines:
- *
- * tf_init() opens the ticket file and locks it.
- *
- * tf_get_pname() returns the principal's name.
- *
- * tf_get_pinst() returns the principal's instance (may be null).
- *
- * tf_get_cred() returns the next CREDENTIALS record.
- *
- * tf_save_cred() appends a new CREDENTIAL record to the ticket file.
- *
- * tf_close() closes the ticket file and releases the lock.
- *
- * tf_gets() returns the next null-terminated string. It's an internal
- * routine used by tf_get_pname(), tf_get_pinst(), and tf_get_cred().
- *
- * tf_read() reads a given number of bytes. It's an internal routine
- * used by tf_get_cred().
- */
-
-/*
- * tf_init() should be called before the other ticket file routines.
- * It takes the name of the ticket file to use, "tf_name", and a
- * read/write flag "rw" as arguments.
- *
- * It tries to open the ticket file, checks the mode, and if everything
- * is okay, locks the file. If it's opened for reading, the lock is
- * shared. If it's opened for writing, the lock is exclusive.
- *
- * Returns KSUCCESS if all went well, otherwise one of the following:
- *
- * NO_TKT_FIL - file wasn't there
- * TKT_FIL_ACC - file was in wrong mode, etc.
- * TKT_FIL_LCK - couldn't lock the file, even after a retry
- */
-
-int
-tf_init(tf_name, rw)
- char *tf_name;
- int rw;
-{
- int wflag;
- uid_t me, getuid();
- struct stat stat_buf;
-#ifdef TKT_SHMEM
- char shmidname[MAXPATHLEN];
- FILE *sfp;
- int shmid;
-#endif
-
- switch (rw) {
- case R_TKT_FIL:
- wflag = 0;
- break;
- case W_TKT_FIL:
- wflag = 1;
- break;
- default:
- if (krb_debug) fprintf(stderr, "tf_init: illegal parameter\n");
- return TKT_FIL_ACC;
- }
- if (lstat(tf_name, &stat_buf) < 0)
- switch (errno) {
- case ENOENT:
- return NO_TKT_FIL;
- default:
- return TKT_FIL_ACC;
- }
- me = getuid();
- if ((stat_buf.st_uid != me && me != 0) ||
- ((stat_buf.st_mode & S_IFMT) != S_IFREG))
- return TKT_FIL_ACC;
-#ifdef TKT_SHMEM
- (void) strcpy(shmidname, tf_name);
- (void) strcat(shmidname, ".shm");
- if (stat(shmidname,&stat_buf) < 0)
- return(TKT_FIL_ACC);
- if ((stat_buf.st_uid != me && me != 0) ||
- ((stat_buf.st_mode & S_IFMT) != S_IFREG))
- return TKT_FIL_ACC;
-#endif /* TKT_SHMEM */
-
- /*
- * If "wflag" is set, open the ticket file in append-writeonly mode
- * and lock the ticket file in exclusive mode. If unable to lock
- * the file, sleep and try again. If we fail again, return with the
- * proper error message.
- */
-
- curpos = sizeof(tfbfr);
-
-#ifdef TKT_SHMEM
- sfp = fopen(shmidname, "r"); /* only need read/write on the
- actual tickets */
- if (sfp == 0)
- return TKT_FIL_ACC;
- shmid = -1;
- {
- char buf[BUFSIZ];
- int val; /* useful for debugging fscanf */
- /* We provide our own buffer here since some STDIO libraries
- barf on unbuffered input with fscanf() */
-
- setbuf(sfp, buf);
- if ((val = fscanf(sfp,"%d",&shmid)) != 1) {
- (void) fclose(sfp);
- return TKT_FIL_ACC;
- }
- if (shmid < 0) {
- (void) fclose(sfp);
- return TKT_FIL_ACC;
- }
- (void) fclose(sfp);
- }
- /*
- * global krb_shm_addr is initialized to 0. Ultrix bombs when you try and
- * attach the same segment twice so we need this check.
- */
- if (!krb_shm_addr) {
- if ((krb_shm_addr = shmat(shmid,0,0)) == -1){
- if (krb_debug)
- fprintf(stderr,
- "cannot attach shared memory for segment %d\n",
- shmid);
- krb_shm_addr = 0; /* reset so we catch further errors */
- return TKT_FIL_ACC;
- }
- }
- tmp_shm_addr = krb_shm_addr;
-#endif /* TKT_SHMEM */
-
- if (wflag) {
- fd = open(tf_name, O_RDWR, 0600);
- if (fd < 0) {
- return TKT_FIL_ACC;
- }
- if (flock(fd, LOCK_EX | LOCK_NB) < 0) {
- sleep(TF_LCK_RETRY);
- if (flock(fd, LOCK_EX | LOCK_NB) < 0) {
- (void) close(fd);
- fd = -1;
- return TKT_FIL_LCK;
- }
- }
- return KSUCCESS;
- }
- /*
- * Otherwise "wflag" is not set and the ticket file should be opened
- * for read-only operations and locked for shared access.
- */
-
- fd = open(tf_name, O_RDONLY, 0600);
- if (fd < 0) {
- return TKT_FIL_ACC;
- }
- if (flock(fd, LOCK_SH | LOCK_NB) < 0) {
- sleep(TF_LCK_RETRY);
- if (flock(fd, LOCK_SH | LOCK_NB) < 0) {
- (void) close(fd);
- fd = -1;
- return TKT_FIL_LCK;
- }
- }
- return KSUCCESS;
-}
-
-/*
- * tf_get_pname() reads the principal's name from the ticket file. It
- * should only be called after tf_init() has been called. The
- * principal's name is filled into the "p" parameter. If all goes well,
- * KSUCCESS is returned. If tf_init() wasn't called, TKT_FIL_INI is
- * returned. If the name was null, or EOF was encountered, or the name
- * was longer than ANAME_SZ, TKT_FIL_FMT is returned.
- */
-
-int
-tf_get_pname(p)
- char *p;
-{
- if (fd < 0) {
- if (krb_debug)
- fprintf(stderr, "tf_get_pname called before tf_init.\n");
- return TKT_FIL_INI;
- }
- if (tf_gets(p, ANAME_SZ) < 2) /* can't be just a null */
- return TKT_FIL_FMT;
- return KSUCCESS;
-}
-
-/*
- * tf_get_pinst() reads the principal's instance from a ticket file.
- * It should only be called after tf_init() and tf_get_pname() have been
- * called. The instance is filled into the "inst" parameter. If all
- * goes well, KSUCCESS is returned. If tf_init() wasn't called,
- * TKT_FIL_INI is returned. If EOF was encountered, or the instance
- * was longer than ANAME_SZ, TKT_FIL_FMT is returned. Note that the
- * instance may be null.
- */
-
-int
-tf_get_pinst(inst)
- char *inst;
-{
- if (fd < 0) {
- if (krb_debug)
- fprintf(stderr, "tf_get_pinst called before tf_init.\n");
- return TKT_FIL_INI;
- }
- if (tf_gets(inst, INST_SZ) < 1)
- return TKT_FIL_FMT;
- return KSUCCESS;
-}
-
-/*
- * tf_get_cred() reads a CREDENTIALS record from a ticket file and fills
- * in the given structure "c". It should only be called after tf_init(),
- * tf_get_pname(), and tf_get_pinst() have been called. If all goes well,
- * KSUCCESS is returned. Possible error codes are:
- *
- * TKT_FIL_INI - tf_init wasn't called first
- * TKT_FIL_FMT - bad format
- * EOF - end of file encountered
- */
-
-int
-tf_get_cred(c)
- CREDENTIALS *c;
-{
- KTEXT ticket = &c->ticket_st; /* pointer to ticket */
- int k_errno;
-
- if (fd < 0) {
- if (krb_debug)
- fprintf(stderr, "tf_get_cred called before tf_init.\n");
- return TKT_FIL_INI;
- }
- if ((k_errno = tf_gets(c->service, SNAME_SZ)) < 2)
- switch (k_errno) {
- case TOO_BIG:
- case 1: /* can't be just a null */
- tf_close();
- return TKT_FIL_FMT;
- case 0:
- return EOF;
- }
- if ((k_errno = tf_gets(c->instance, INST_SZ)) < 1)
- switch (k_errno) {
- case TOO_BIG:
- return TKT_FIL_FMT;
- case 0:
- return EOF;
- }
- if ((k_errno = tf_gets(c->realm, REALM_SZ)) < 2)
- switch (k_errno) {
- case TOO_BIG:
- case 1: /* can't be just a null */
- tf_close();
- return TKT_FIL_FMT;
- case 0:
- return EOF;
- }
- if (
- tf_read((char *) (c->session), KEY_SZ) < 1 ||
- tf_read((char *) &(c->lifetime), sizeof(c->lifetime)) < 1 ||
- tf_read((char *) &(c->kvno), sizeof(c->kvno)) < 1 ||
- tf_read((char *) &(ticket->length), sizeof(ticket->length))
- < 1 ||
- /* don't try to read a silly amount into ticket->dat */
- ticket->length > MAX_KTXT_LEN ||
- tf_read((char *) (ticket->dat), ticket->length) < 1 ||
- tf_read((char *) &(c->issue_date), sizeof(c->issue_date)) < 1
- ) {
- tf_close();
- return TKT_FIL_FMT;
- }
-#ifdef TKT_SHMEM
- bcopy(tmp_shm_addr,c->session,KEY_SZ);
- tmp_shm_addr += KEY_SZ;
-#endif /* TKT_SHMEM */
- return KSUCCESS;
-}
-
-/*
- * tf_close() closes the ticket file and sets "fd" to -1. If "fd" is
- * not a valid file descriptor, it just returns. It also clears the
- * buffer used to read tickets.
- *
- * The return value is not defined.
- */
-
-void
-tf_close()
-{
- if (!(fd < 0)) {
-#ifdef TKT_SHMEM
- if (shmdt(krb_shm_addr)) {
- /* what kind of error? */
- if (krb_debug)
- fprintf(stderr, "shmdt 0x%x: errno %d",krb_shm_addr, errno);
- } else {
- krb_shm_addr = 0;
- }
-#endif TKT_SHMEM
- (void) flock(fd, LOCK_UN);
- (void) close(fd);
- fd = -1; /* see declaration of fd above */
- }
- bzero(tfbfr, sizeof(tfbfr));
-}
-
-/*
- * tf_gets() is an internal routine. It takes a string "s" and a count
- * "n", and reads from the file until either it has read "n" characters,
- * or until it reads a null byte. When finished, what has been read exists
- * in "s". If it encounters EOF or an error, it closes the ticket file.
- *
- * Possible return values are:
- *
- * n the number of bytes read (including null terminator)
- * when all goes well
- *
- * 0 end of file or read error
- *
- * TOO_BIG if "count" characters are read and no null is
- * encountered. This is an indication that the ticket
- * file is seriously ill.
- */
-
-static int
-tf_gets(s, n)
- register char *s;
- int n;
-{
- register count;
-
- if (fd < 0) {
- if (krb_debug)
- fprintf(stderr, "tf_gets called before tf_init.\n");
- return TKT_FIL_INI;
- }
- for (count = n - 1; count > 0; --count) {
- if (curpos >= sizeof(tfbfr)) {
- lastpos = read(fd, tfbfr, sizeof(tfbfr));
- curpos = 0;
- }
- if (curpos == lastpos) {
- tf_close();
- return 0;
- }
- *s = tfbfr[curpos++];
- if (*s++ == '\0')
- return (n - count);
- }
- tf_close();
- return TOO_BIG;
-}
-
-/*
- * tf_read() is an internal routine. It takes a string "s" and a count
- * "n", and reads from the file until "n" bytes have been read. When
- * finished, what has been read exists in "s". If it encounters EOF or
- * an error, it closes the ticket file.
- *
- * Possible return values are:
- *
- * n the number of bytes read when all goes well
- *
- * 0 on end of file or read error
- */
-
-static int
-tf_read(s, n)
- register char *s;
- register int n;
-{
- register count;
-
- for (count = n; count > 0; --count) {
- if (curpos >= sizeof(tfbfr)) {
- lastpos = read(fd, tfbfr, sizeof(tfbfr));
- curpos = 0;
- }
- if (curpos == lastpos) {
- tf_close();
- return 0;
- }
- *s++ = tfbfr[curpos++];
- }
- return n;
-}
-
-/*
- * tf_save_cred() appends an incoming ticket to the end of the ticket
- * file. You must call tf_init() before calling tf_save_cred().
- *
- * The "service", "instance", and "realm" arguments specify the
- * server's name; "session" contains the session key to be used with
- * the ticket; "kvno" is the server key version number in which the
- * ticket is encrypted, "ticket" contains the actual ticket, and
- * "issue_date" is the time the ticket was requested (local host's time).
- *
- * Returns KSUCCESS if all goes well, TKT_FIL_INI if tf_init() wasn't
- * called previously, and KFAILURE for anything else that went wrong.
- */
-
-int
-tf_save_cred(service, instance, realm, session, lifetime, kvno,
- ticket, issue_date)
- char *service; /* Service name */
- char *instance; /* Instance */
- char *realm; /* Auth domain */
- C_Block session; /* Session key */
- int lifetime; /* Lifetime */
- int kvno; /* Key version number */
- KTEXT ticket; /* The ticket itself */
- long issue_date; /* The issue time */
-{
-
- off_t lseek();
- int count; /* count for write */
-#ifdef TKT_SHMEM
- int *skey_check;
-#endif /* TKT_SHMEM */
-
- if (fd < 0) { /* fd is ticket file as set by tf_init */
- if (krb_debug)
- fprintf(stderr, "tf_save_cred called before tf_init.\n");
- return TKT_FIL_INI;
- }
- /* Find the end of the ticket file */
- (void) lseek(fd, 0L, 2);
-#ifdef TKT_SHMEM
- /* scan to end of existing keys: pick first 'empty' slot.
- we assume that no real keys will be completely zero (it's a weak
- key under DES) */
-
- skey_check = (int *) krb_shm_addr;
-
- while (*skey_check && *(skey_check+1))
- skey_check += 2;
- tmp_shm_addr = (char *)skey_check;
-#endif /* TKT_SHMEM */
-
- /* Write the ticket and associated data */
- /* Service */
- count = strlen(service) + 1;
- if (write(fd, service, count) != count)
- goto bad;
- /* Instance */
- count = strlen(instance) + 1;
- if (write(fd, instance, count) != count)
- goto bad;
- /* Realm */
- count = strlen(realm) + 1;
- if (write(fd, realm, count) != count)
- goto bad;
- /* Session key */
-#ifdef TKT_SHMEM
- bcopy(session,tmp_shm_addr,8);
- tmp_shm_addr+=8;
- if (write(fd,krb_dummy_skey,8) != 8)
- goto bad;
-#else /* ! TKT_SHMEM */
- if (write(fd, (char *) session, 8) != 8)
- goto bad;
-#endif /* TKT_SHMEM */
- /* Lifetime */
- if (write(fd, (char *) &lifetime, sizeof(int)) != sizeof(int))
- goto bad;
- /* Key vno */
- if (write(fd, (char *) &kvno, sizeof(int)) != sizeof(int))
- goto bad;
- /* Tkt length */
- if (write(fd, (char *) &(ticket->length), sizeof(int)) !=
- sizeof(int))
- goto bad;
- /* Ticket */
- count = ticket->length;
- if (write(fd, (char *) (ticket->dat), count) != count)
- goto bad;
- /* Issue date */
- if (write(fd, (char *) &issue_date, sizeof(long))
- != sizeof(long))
- goto bad;
-
- /* Actually, we should check each write for success */
- return (KSUCCESS);
-bad:
- return (KFAILURE);
-}
diff --git a/eBones/lib/libkrb/tkt_string.c b/eBones/lib/libkrb/tkt_string.c
deleted file mode 100644
index bdfdcd6..0000000
--- a/eBones/lib/libkrb/tkt_string.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- * For copying and distribution information, please see the file
- * <Copyright.MIT>.
- *
- * from: tkt_string.c,v 4.6 89/01/05 12:31:51 raeburn Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char *rcsid =
-"$Id$";
-#endif /* lint */
-#endif
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <sys/types.h>
-#include <krb.h>
-#include <string.h>
-#include <sys/param.h>
-
-/*
- * This routine is used to generate the name of the file that holds
- * the user's cache of server tickets and associated session keys.
- *
- * If it is set, krb_ticket_string contains the ticket file name.
- * Otherwise, the filename is constructed as follows:
- *
- * If it is set, the environment variable "KRBTKFILE" will be used as
- * the ticket file name. Otherwise TKT_ROOT (defined in "krb.h") and
- * the user's uid are concatenated to produce the ticket file name
- * (e.g., "/tmp/tkt123"). A pointer to the string containing the ticket
- * file name is returned.
- */
-
-static char krb_ticket_string[MAXPATHLEN] = "";
-
-char *tkt_string()
-{
- char *env;
- uid_t getuid();
-
- if (!*krb_ticket_string) {
- if ((env = getenv("KRBTKFILE"))) {
- (void) strncpy(krb_ticket_string, env,
- sizeof(krb_ticket_string)-1);
- krb_ticket_string[sizeof(krb_ticket_string)-1] = '\0';
- } else {
- /* 32 bits of signed integer will always fit in 11 characters
- (including the sign), so no need to worry about overflow */
- (void) sprintf(krb_ticket_string, "%s%d",TKT_ROOT,getuid());
- }
- }
- return krb_ticket_string;
-}
-
-/*
- * This routine is used to set the name of the file that holds the user's
- * cache of server tickets and associated session keys.
- *
- * The value passed in is copied into local storage.
- *
- * NOTE: This routine should be called during initialization, before other
- * Kerberos routines are called; otherwise tkt_string() above may be called
- * and return an undesired ticket file name until this routine is called.
- */
-
-void
-krb_set_tkt_string(val)
-char *val;
-{
-
- (void) strncpy(krb_ticket_string, val, sizeof(krb_ticket_string)-1);
- krb_ticket_string[sizeof(krb_ticket_string)-1] = '\0';
-
- return;
-}
diff --git a/eBones/lib/libkrb/util.c b/eBones/lib/libkrb/util.c
deleted file mode 100644
index 74f68b9..0000000
--- a/eBones/lib/libkrb/util.c
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright 1988 by the Massachusetts Institute of Technology.
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- * Miscellaneous debug printing utilities
- *
- * from: util.c,v 4.8 89/01/17 22:02:08 wesommer Exp $
- * $Id$
- */
-
-#if 0
-#ifndef lint
-static char rcsid[] =
-"$Id$";
-#endif lint
-#endif
-
-#include <krb.h>
-#include <des.h>
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <stdio.h>
-
-/*
- * Print some of the contents of the given authenticator structure
- * (AUTH_DAT defined in "krb.h"). Fields printed are:
- *
- * pname, pinst, prealm, netaddr, flags, cksum, timestamp, session
- */
-
-void
-ad_print(x)
-AUTH_DAT *x;
-{
- struct in_addr in;
-
- /* Print the contents of an auth_dat struct. */
- in.s_addr = x->address;
- printf("\n%s %s %s %s flags %u cksum 0x%lX\n\ttkt_tm 0x%lX sess_key",
- x->pname, x->pinst, x->prealm, inet_ntoa(in), x->k_flags,
- x->checksum, x->time_sec);
-
- printf("[8] =");
-#ifdef NOENCRYPTION
- placebo_cblock_print(x->session);
-#else
- des_cblock_print_file((C_Block *)x->session,stdout);
-#endif
- /* skip reply for now */
-}
-
-/*
- * Print in hex the 8 bytes of the given session key.
- *
- * Printed format is: " 0x { x, x, x, x, x, x, x, x }"
- */
-
-#ifdef NOENCRYPTION
-placebo_cblock_print(x)
- des_cblock x;
-{
- unsigned char *y = (unsigned char *) x;
- register int i = 0;
-
- printf(" 0x { ");
-
- while (i++ <8) {
- printf("%x",*y++);
- if (i<8) printf(", ");
- }
- printf(" }");
-}
-#endif
diff --git a/eBones/lib/librkinit/Makefile b/eBones/lib/librkinit/Makefile
deleted file mode 100644
index 3521599..0000000
--- a/eBones/lib/librkinit/Makefile
+++ /dev/null
@@ -1,17 +0,0 @@
-# @(#)Makefile 8.1 (Berkeley) 6/4/93
-
-LIB= rkinit
-CFLAGS+=-DKERBEROS -DCRYPT -DDEBUG -I${RKINITOBJDIR}
-SRCS= rkinit_err.c rk_lib.c rk_rpc.c rk_util.c rk_krb.c
-
-LDADD+= -lcom_err
-
-beforeinstall:
- ${INSTALL} -C -o ${BINOWN} -g ${BINGRP} -m 444 rkinit_err.h \
- ${DESTDIR}/usr/include/kerberosIV
-
-MAN3= rkinit.3
-
-.include <bsd.lib.mk>
-
-rkinit_err.c: ${RKINITOBJDIR}/rkinit_err.h
diff --git a/eBones/lib/librkinit/rk_krb.c b/eBones/lib/librkinit/rk_krb.c
deleted file mode 100644
index c1779e7..0000000
--- a/eBones/lib/librkinit/rk_krb.c
+++ /dev/null
@@ -1,316 +0,0 @@
-/*
- * $Id$
- * $Source: /home/ncvs/src/eBones/lib/librkinit/rk_krb.c,v $
- * $Author: jkh $
- *
- * This file contains the kerberos parts of the rkinit library.
- * See the comment at the top of rk_lib.c for a description of the naming
- * conventions used within the rkinit library.
- */
-
-#if !defined(lint) && !defined(SABER) && !defined(LOCORE) && defined(RCS_HDRS)
-static char *rcsid = "$Id$";
-#endif /* lint || SABER || LOCORE || RCS_HDRS */
-
-#include <stdio.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/uio.h>
-#include <unistd.h>
-#include <sys/ioctl.h>
-#include <netinet/in.h>
-#include <krb.h>
-#include <des.h>
-
-#include <signal.h>
-#include <setjmp.h>
-
-#ifdef POSIX
-#include <termios.h>
-#else
-#include <sgtty.h>
-#endif
-
-#include <rkinit.h>
-#include <rkinit_err.h>
-#include <rkinit_private.h>
-
-static jmp_buf env;
-static void sig_restore();
-static void push_signals();
-static void pop_signals();
-
-/* Information to be passed around within client get_in_tkt */
-typedef struct {
- KTEXT scip; /* Server KDC packet */
- char *username;
- char *host;
-} rkinit_intkt_info;
-
-static char errbuf[BUFSIZ];
-
-/* The compiler complains if this is declared static. */
-#ifdef __STDC__
-int rki_key_proc(char *user, char *instance, char *realm, char *arg,
- des_cblock *key)
-#else
-int rki_key_proc(user, instance, realm, arg, key)
- char *user;
- char *instance;
- char *realm;
- char *arg;
- des_cblock *key;
-#endif /* __STDC__ */
-
-{
- rkinit_intkt_info *rii = (rkinit_intkt_info *)arg;
- char password[BUFSIZ];
- int ok = 0;
-#ifdef POSIX
- struct termios ttyb;
-#else
- struct sgttyb ttyb; /* For turning off echo */
-#endif
-
- SBCLEAR(ttyb);
- BCLEAR(password);
-
- /*
- * If the username does not match the aname in the ticket,
- * we will print that too. Otherwise, we won't.
- */
-
- printf("Kerberos initialization (%s)", rii->host);
- if (strcmp(rii->username, user))
- printf(": tickets will be owned by %s", rii->username);
-
- printf("\nPassword for %s%s%s@%s: ", user,
- (instance[0]) ? "." : "", instance, realm);
-
- fflush(stdout);
-
- push_signals();
- if (setjmp(env)) {
- ok = -1;
- goto lose;
- }
-
-#ifndef POSIX
- ioctl(0, TIOCGETP, &ttyb);
- ttyb.sg_flags &= ~ECHO;
- ioctl(0, TIOCSETP, &ttyb);
-#else
- (void) tcgetattr(0, &ttyb);
- ttyb.c_lflag &= ~ECHO;
- (void) tcsetattr(0, TCSAFLUSH, &ttyb);
-#endif
-
- bzero(password, sizeof(password));
- if (read(0, password, sizeof(password)) == -1) {
- perror("read");
- ok = -1;
- goto lose;
- }
-
- if (password[strlen(password)-1] == '\n')
- password[strlen(password)-1] = 0;
-
- /* Generate the key from the password and destroy the password */
-
- des_string_to_key(password, key);
-
-lose:
- BCLEAR(password);
-
-#ifndef POSIX
- ttyb.sg_flags |= ECHO;
- ioctl(0, TIOCSETP, &ttyb);
-#else
- ttyb.c_lflag |= ECHO;
- (void) tcsetattr(0, TCSAFLUSH, &ttyb);
-#endif
-
- pop_signals();
- printf("\n");
-
- return(ok);
-}
-
-#ifdef __STDC__
-static int rki_decrypt_tkt(char *user, char *instance, char *realm,
- char *arg, int (*key_proc)(), KTEXT *cipp)
-#else
-static int rki_decrypt_tkt(user, instance, realm, arg, key_proc, cipp)
- char *user;
- char *instance;
- char *realm;
- char *arg;
- int (*key_proc)();
- KTEXT *cipp;
-#endif /* __STDC__ */
-{
- KTEXT cip = *cipp;
- C_Block key; /* Key for decrypting cipher */
- Key_schedule key_s;
- KTEXT scip = 0; /* cipher from rkinit server */
-
- rkinit_intkt_info *rii = (rkinit_intkt_info *)arg;
-
- /* generate a key */
- {
- register int rc;
- rc = (*key_proc)(user, instance, realm, arg, key);
- if (rc)
- return(rc);
- }
-
- des_key_sched(&key, key_s);
-
- /* Decrypt information from KDC */
- des_pcbc_encrypt((C_Block *)cip->dat,(C_Block *)cip->dat,
- (long) cip->length, key_s, &key, 0);
-
- /* DescrYPT rkinit server's information from KDC */
- scip = rii->scip;
- des_pcbc_encrypt((C_Block *)scip->dat,(C_Block *)scip->dat,
- (long) scip->length, key_s, &key, 0);
-
- /* Get rid of all traces of key */
- bzero((char *)key, sizeof(key));
- bzero((char *)key_s, sizeof(key_s));
-
- return(0);
-}
-
-#ifdef __STDC__
-int rki_get_tickets(int version, char *host, char *r_krealm, rkinit_info *info)
-#else
-int rki_get_tickets(version, host, r_krealm, info)
- int version;
- char *host;
- char *r_krealm;
- rkinit_info *info;
-#endif /* __STDC__ */
-{
- int status = RKINIT_SUCCESS;
- KTEXT_ST auth;
- char phost[MAXHOSTNAMELEN];
- KTEXT_ST scip; /* server's KDC packet */
- des_cblock key;
- des_key_schedule sched;
- struct sockaddr_in caddr;
- struct sockaddr_in saddr;
- CREDENTIALS cred;
- MSG_DAT msg_data;
- u_char enc_data[MAX_KTXT_LEN];
-
- rkinit_intkt_info rii;
-
- SBCLEAR(auth);
- BCLEAR(phost);
- SBCLEAR(rii);
- SBCLEAR(scip);
- SBCLEAR(caddr);
- SBCLEAR(saddr);
- SBCLEAR(cred);
- SBCLEAR(msg_data);
- BCLEAR(enc_data);
-
- if ((status = rki_send_rkinit_info(version, info)) != RKINIT_SUCCESS)
- return(status);
-
- if ((status = rki_rpc_get_skdc(&scip)) != RKINIT_SUCCESS)
- return(status);
-
- rii.scip = &scip;
- rii.host = host;
- rii.username = info->username;
-
- if ((status = krb_get_in_tkt(info->aname, info->inst, info->realm,
- "krbtgt", info->realm, 1,
- rki_key_proc, rki_decrypt_tkt, (char *)&rii))) {
- strcpy(errbuf, krb_err_txt[status]);
- rkinit_errmsg(errbuf);
- return(RKINIT_KERBEROS);
- }
-
- /* Create an authenticator */
- strcpy(phost, krb_get_phost(host));
- if ((status = krb_mk_req(&auth, KEY, phost, r_krealm, 0))) {
- sprintf(errbuf, "krb_mk_req: %s", krb_err_txt[status]);
- rkinit_errmsg(errbuf);
- return(RKINIT_KERBEROS);
- }
-
- /* Re-encrypt server KDC packet in session key */
- /* Get credentials from ticket file */
- if ((status = krb_get_cred(KEY, phost, r_krealm, &cred))) {
- sprintf(errbuf, "krb_get_cred: %s", krb_err_txt[status]);
- rkinit_errmsg(errbuf);
- return(RKINIT_KERBEROS);
- }
-
- /* Exctract the session key and make the schedule */
- bcopy(cred.session, key, sizeof(key));
- if ((status = des_key_sched(&key, sched))) {
- sprintf(errbuf, "des_key_sched: %s", krb_err_txt[status]);
- rkinit_errmsg(errbuf);
- return(RKINIT_DES);
- }
-
- /* Get client and server addresses */
- if ((status = rki_get_csaddr(&caddr, &saddr)) != RKINIT_SUCCESS)
- return(status);
-
- /*
- * scip was passed to krb_get_in_tkt, where it was decrypted.
- * Now re-encrypt in the session key.
- */
-
- msg_data.app_data = enc_data;
- if ((msg_data.app_length =
- krb_mk_priv(scip.dat, msg_data.app_data, scip.length, sched, key,
- &caddr, &saddr)) == -1) {
- sprintf(errbuf, "krb_mk_priv failed.");
- rkinit_errmsg(errbuf);
- return(RKINIT_KERBEROS);
- }
-
- /* Destroy tickets, which we no longer need */
- dest_tkt();
-
- if ((status = rki_rpc_send_ckdc(&msg_data)) != RKINIT_SUCCESS)
- return(status);
-
- if ((status = rki_rpc_sendauth(&auth)) != RKINIT_SUCCESS)
- return(status);
-
- if ((status = rki_rpc_get_status()))
- return(status);
-
- return(RKINIT_SUCCESS);
-}
-
-
-static void (*old_sigfunc[NSIG])(int);
-
-static void push_signals()
-{
- register i;
- for (i = 0; i < NSIG; i++)
- old_sigfunc[i] = signal(i,sig_restore);
-}
-
-static void pop_signals()
-{
- register i;
- for (i = 0; i < NSIG; i++)
- signal(i,old_sigfunc[i]);
-}
-
-static void sig_restore(sig,code,scp)
- int sig,code;
- struct sigcontext *scp;
-{
- longjmp(env,1);
-}
diff --git a/eBones/lib/librkinit/rk_lib.c b/eBones/lib/librkinit/rk_lib.c
deleted file mode 100644
index d0b1267..0000000
--- a/eBones/lib/librkinit/rk_lib.c
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * $Id$
- * $Source: /home/ncvs/src/eBones/lib/librkinit/rk_lib.c,v $
- * $Author: jkh $
- *
- * This file contains the non-rpc top-level rkinit library routines.
- * The routines in the rkinit library that should be called from clients
- * are exactly those defined in this file.
- *
- * The naming convetions used within the rkinit library are as follows:
- * Functions intended for general client use start with rkinit_
- * Functions intended for use only inside the library or server start with
- * rki_
- * Functions that do network communcation start with rki_rpc_
- * Static functions can be named in any fashion.
- */
-
-#if !defined(lint) && !defined(SABER) && !defined(LOCORE) && defined(RCS_HDRS)
-static char *rcsid = "$Id$";
-#endif /* lint || SABER || LOCORE || RCS_HDRS */
-
-#include <stdio.h>
-#include <unistd.h>
-#include <string.h>
-#include <setjmp.h>
-#include <krb.h>
-
-#include <rkinit.h>
-#include <rkinit_private.h>
-#include <rkinit_err.h>
-
-#ifdef __STDC__
-char *rkinit_errmsg(char *string)
-#else
-char *rkinit_errmsg(string)
- char *string;
-#endif /* __STDC__ */
-{
- static char errmsg[BUFSIZ];
-
- if (string) {
- BCLEAR(errmsg);
- strncpy(errmsg, string, sizeof(errmsg) - 1);
- }
-
- return(errmsg);
-}
-
-#ifdef __STDC__
-int rkinit(char *host, char *r_krealm, rkinit_info *info, int timeout)
-#else
-int rkinit(host, r_krealm, info, timeout)
- char *host;
- char *r_krealm;
- rkinit_info *info;
- int timeout;
-#endif /* __STDC__ */
-{
- int status = RKINIT_SUCCESS;
- int version = 0;
- char phost[MAXHOSTNAMELEN];
- jmp_buf timeout_env;
- void (*old_alrm)(int) = NULL;
- char origtktfilename[MAXPATHLEN]; /* original ticket file name */
- char tktfilename[MAXPATHLEN]; /* temporary client ticket file */
-
- BCLEAR(phost);
- BCLEAR(origtktfilename);
- BCLEAR(tktfilename);
- BCLEAR(timeout_env);
-
- init_rkin_err_tbl();
-
- if ((status = rki_setup_rpc(host)))
- return(status);
-
- if (timeout)
- old_alrm = rki_setup_timer(timeout_env);
-
- /* The alarm handler longjmps us to here. */
- if ((status = setjmp(timeout_env)) == 0) {
-
- strcpy(origtktfilename, tkt_string());
- sprintf(tktfilename, "/tmp/tkt_rkinit.%d", getpid());
- krb_set_tkt_string(tktfilename);
-
- if ((status = rki_choose_version(&version)) == RKINIT_SUCCESS)
- status = rki_get_tickets(version, host, r_krealm, info);
- }
-
- if (timeout)
- rki_restore_timer(old_alrm);
-
- dest_tkt();
- krb_set_tkt_string(origtktfilename);
-
- rki_cleanup_rpc();
-
- return(status);
-}
diff --git a/eBones/lib/librkinit/rk_rpc.c b/eBones/lib/librkinit/rk_rpc.c
deleted file mode 100644
index 1fb5bf7..0000000
--- a/eBones/lib/librkinit/rk_rpc.c
+++ /dev/null
@@ -1,390 +0,0 @@
-/*
- * $Id: rk_rpc.c,v 1.4 1997/02/22 14:37:57 peter Exp $
- * $Source: /home/ncvs/src/eBones/lib/librkinit/rk_rpc.c,v $
- * $Author: peter $
- *
- * This file contains functions that are used for network communication.
- * See the comment at the top of rk_lib.c for a description of the naming
- * conventions used within the rkinit library.
- */
-
-#if !defined(lint) && !defined(SABER) && !defined(LOCORE) && defined(RCS_HDRS)
-static char *rcsid = "$Id: rk_rpc.c,v 1.4 1997/02/22 14:37:57 peter Exp $";
-#endif /* lint || SABER || LOCORE || RCS_HDRS */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/uio.h>
-#include <unistd.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <netdb.h>
-#include <errno.h>
-
-#include <rkinit.h>
-#include <rkinit_err.h>
-#include <rkinit_private.h>
-
-extern int errno;
-
-static int sock;
-struct sockaddr_in saddr;
-
-static char errbuf[BUFSIZ];
-
-#ifdef __STDC__
-int rki_send_packet(int sock, char type, u_int32_t length, const char *data)
-#else
-int rki_send_packet(sock, type, length, data)
- int sock;
- char type;
- u_int32_t length;
- const char *data;
-#endif /* __STDC__ */
-{
- int len;
- u_char *packet;
- u_int32_t pkt_len;
- u_int32_t net_pkt_len;
-
- pkt_len = length + PKT_DATA;
-
- if ((packet = (u_char *)calloc(pkt_len, sizeof(u_char))) == NULL) {
- sprintf(errbuf, "rki_send_packet: failure allocating %d bytes",
- pkt_len * sizeof(u_char));
- rkinit_errmsg(errbuf);
- return(RKINIT_MEMORY);
- }
-
- net_pkt_len = htonl(pkt_len);
-
- packet[PKT_TYPE] = type;
- bcopy((char *)&net_pkt_len, packet + PKT_LEN, sizeof(u_int32_t));
- bcopy(data, packet + PKT_DATA, length);
-
- if ((len = write(sock, packet, pkt_len)) != pkt_len) {
- if (len == -1)
- sprintf(errbuf, "write: %s", sys_errlist[errno]);
- else
- sprintf(errbuf, "write: %d bytes written; %d bytes actually sent",
- pkt_len, len);
- rkinit_errmsg(errbuf);
- free(packet);
- return(RKINIT_WRITE);
- }
-
- free(packet);
- return(RKINIT_SUCCESS);
-}
-
-#ifdef __STDC__
-int rki_get_packet(int sock, u_char type, u_int32_t *length, char *data)
-#else
-int rki_get_packet(sock, type, length, data)
- int sock;
- u_char type;
- u_int32_t *length;
- char *data;
-#endif /* __STDC__ */
-{
- int len;
- int len_sofar = 0;
- u_int32_t expected_length = 0;
- int got_full_packet = FALSE;
- int tries = 0;
- u_char *packet;
-
- u_int32_t max_pkt_len;
-
- max_pkt_len = *length + PKT_DATA;
-
- if ((packet = (u_char *)calloc(max_pkt_len, sizeof(u_char))) == NULL) {
- sprintf(errbuf, "rki_get_packet: failure allocating %d bytes",
- max_pkt_len * sizeof(u_char));
- rkinit_errmsg(errbuf);
- return(RKINIT_MEMORY);
- }
-
- /* Read the packet type and length */
- while ((len_sofar < PKT_DATA) && (tries < RETRIES)) {
- if ((len = read(sock, packet + len_sofar, PKT_DATA - len_sofar)) < 0) {
- sprintf(errbuf, "read: %s", sys_errlist[errno]);
- rkinit_errmsg(errbuf);
- return(RKINIT_READ);
- }
- len_sofar += len;
- tries++;
- }
- if (len_sofar < PKT_DATA) {
- sprintf(errbuf,
- "read: expected to receive at least %d bytes; received %d",
- PKT_DATA, len_sofar);
- rkinit_errmsg(errbuf);
- return(RKINIT_PACKET);
- }
- bcopy(packet + PKT_LEN, (char *)&expected_length, sizeof(u_int32_t));
- expected_length = ntohl(expected_length);
- if (expected_length > max_pkt_len) {
- sprintf(errbuf, "%s %d %s %d",
- "rki_get_packet: incoming message of size",
- expected_length,
- "is larger than message buffer of size",
- max_pkt_len);
- rkinit_errmsg(errbuf);
- return(RKINIT_PACKET);
- }
- tries = 0;
- while (!got_full_packet && (tries < RETRIES)) {
- if ((len = read(sock, packet + len_sofar,
- expected_length - len_sofar)) < 0) {
- sprintf(errbuf, "read: %s", sys_errlist[errno]);
- rkinit_errmsg(errbuf);
- return(RKINIT_READ);
- }
- len_sofar += len;
- if (expected_length == len_sofar)
- got_full_packet = TRUE;
- }
- if (len_sofar < expected_length) {
- sprintf(errbuf,
- "read: expected to receive at least %d bytes; received %d",
- expected_length, len_sofar);
- rkinit_errmsg(errbuf);
- return(RKINIT_PACKET);
- }
- if (packet[PKT_TYPE] == MT_DROP) {
- BCLEAR(errbuf);
- rkinit_errmsg(errbuf);
- return(RKINIT_DROPPED);
- }
-
- if (packet[PKT_TYPE] != type) {
- sprintf(errbuf, "Expected packet type of %s; got %s",
- rki_mt_to_string(type),
- rki_mt_to_string(packet[PKT_TYPE]));
- rkinit_errmsg(errbuf);
- return(RKINIT_PACKET);
- }
-
- *length = len_sofar - PKT_DATA;
- bcopy(packet + PKT_DATA, data, *length);
-
- free(packet);
-
- return(RKINIT_SUCCESS);
-}
-
-#ifdef __STDC__
-int rki_setup_rpc(char *host)
-#else
-int rki_setup_rpc(host)
- char *host;
-#endif /* __STDC__ */
-{
- struct hostent *hp;
- struct servent *sp;
- int port, retval;
-
- SBCLEAR(saddr);
- SBCLEAR(hp);
- SBCLEAR(sp);
-
- if ((hp = gethostbyname(host)) == NULL) {
- sprintf(errbuf, "%s: unknown host.", host);
- rkinit_errmsg(errbuf);
- return(RKINIT_HOST);
- }
-
- if ((sp = getservbyname(SERVENT, "tcp")))
- port = sp->s_port;
- else
- /* Fall back on known port number */
- port = htons(PORT);
-
- saddr.sin_family = hp->h_addrtype;
- bcopy(hp->h_addr, (char *)&saddr.sin_addr, hp->h_length);
- saddr.sin_port = port;
-
- if ((sock = socket(hp->h_addrtype, SOCK_STREAM, IPPROTO_IP)) < 0) {
- sprintf(errbuf, "socket: %s", sys_errlist[errno]);
- rkinit_errmsg(errbuf);
- return(RKINIT_SOCKET);
- }
- if ((retval = krb_bind_local_addr(sock)) != KSUCCESS) {
- sprintf(errbuf, "krb_bind_local_addr: %s", krb_err_txt[retval]);
- rkinit_errmsg(errbuf);
- close(sock);
- return(RKINIT_SOCKET);
- }
- if (connect(sock, (struct sockaddr *)&saddr, sizeof (saddr)) < 0) {
- sprintf(errbuf, "connect: %s", sys_errlist[errno]);
- rkinit_errmsg(errbuf);
- close(sock);
- return(RKINIT_CONNECT);
- }
-
- return(RKINIT_SUCCESS);
-}
-
-#ifdef __STDC__
-int rki_rpc_exchange_version_info(int c_lversion, int c_hversion,
- int *s_lversion, int *s_hversion)
-#else
-int rki_rpc_exchange_version_info(c_lversion, c_hversion,
- s_lversion, s_hversion)
- int c_lversion;
- int c_hversion;
- int *s_lversion;
- int *s_hversion;
-#endif /* __STDC__ */
-{
- int status = RKINIT_SUCCESS;
- u_char version_info[VERSION_INFO_SIZE];
- u_int32_t length = sizeof(version_info);
-
- version_info[0] = (u_char) c_lversion;
- version_info[1] = (u_char) c_hversion;
-
- if ((status = rki_send_packet(sock, MT_CVERSION, length,
- (char *)version_info)) != RKINIT_SUCCESS)
- return(status);
-
- if ((status = rki_get_packet(sock, MT_SVERSION, &length,
- (char *)version_info)) != RKINIT_SUCCESS)
- return(status);
-
- *s_lversion = (int) version_info[0];
- *s_hversion = (int) version_info[1];
-
- return(RKINIT_SUCCESS);
-}
-
-#ifdef __STDC__
-int rki_rpc_send_rkinit_info(rkinit_info *info)
-#else
-int rki_rpc_send_rkinit_info(info)
- rkinit_info *info;
-#endif /* __STDC__ */
-{
- rkinit_info info_copy;
-
- bcopy(info, &info_copy, sizeof(rkinit_info));
- info_copy.lifetime = htonl(info_copy.lifetime);
- return(rki_send_packet(sock, MT_RKINIT_INFO, sizeof(rkinit_info),
- (char *)&info_copy));
-}
-
-#ifdef __STDC__
-int rki_rpc_get_status(void)
-#else
-int rki_rpc_get_status()
-#endif /* __STDC__ */
-{
- char msg[BUFSIZ];
- int status = RKINIT_SUCCESS;
- u_int32_t length = sizeof(msg);
-
- if ((status = rki_get_packet(sock, MT_STATUS, &length, msg)))
- return(status);
-
- if (length == 0)
- return(RKINIT_SUCCESS);
- else {
- rkinit_errmsg(msg);
- return(RKINIT_DAEMON);
- }
-}
-
-#ifdef __STDC__
-int rki_rpc_get_ktext(int sock, KTEXT auth, u_char type)
-#else
-int rki_rpc_get_ktext(sock, auth, type)
- int sock;
- KTEXT auth;
- u_char type;
-#endif /* __STDC__ */
-{
- int status = RKINIT_SUCCESS;
- u_int32_t length = MAX_KTXT_LEN;
-
- if ((status = rki_get_packet(sock, type, &length, (char *)auth->dat)))
- return(status);
-
- auth->length = length;
-
- return(RKINIT_SUCCESS);
-}
-
-#ifdef __STDC__
-int rki_rpc_sendauth(KTEXT auth)
-#else
-int rki_rpc_sendauth(auth)
- KTEXT auth;
-#endif /* __STDC__ */
-{
- return(rki_send_packet(sock, MT_AUTH, auth->length, (char *)auth->dat));
-}
-
-
-#ifdef __STDC__
-int rki_rpc_get_skdc(KTEXT scip)
-#else
-int rki_rpc_get_skdc(scip)
- KTEXT scip;
-#endif /* __STDC__ */
-{
- return(rki_rpc_get_ktext(sock, scip, MT_SKDC));
-}
-
-#ifdef __STDC__
-int rki_rpc_send_ckdc(MSG_DAT *scip)
-#else
-int rki_rpc_send_ckdc(scip)
- MSG_DAT *scip;
-#endif /* __STDC__ */
-{
- return(rki_send_packet(sock, MT_CKDC, scip->app_length,
- (char *)scip->app_data));
-}
-
-#ifdef __STDC__
-int rki_get_csaddr(struct sockaddr_in *caddrp, struct sockaddr_in *saddrp)
-#else
-int rki_get_csaddr(caddrp, saddrp)
- struct sockaddr_in *caddrp;
- struct sockaddr_in *saddrp;
-#endif /* __STDC__ */
-{
- int addrlen = sizeof(struct sockaddr_in);
-
- bcopy((char *)&saddr, (char *)saddrp, addrlen);
-
- if (getsockname(sock, (struct sockaddr *)caddrp, &addrlen) < 0) {
- sprintf(errbuf, "getsockname: %s", sys_errlist[errno]);
- rkinit_errmsg(errbuf);
- return(RKINIT_GETSOCK);
- }
-
- return(RKINIT_SUCCESS);
-}
-
-#ifdef __STDC__
-void rki_drop_server(void)
-#else
-void rki_drop_server()
-#endif /* __STDC__ */
-{
- (void) rki_send_packet(sock, MT_DROP, 0, "");
-}
-
-#ifdef __STDC__
-void rki_cleanup_rpc(void)
-#else
-void rki_cleanup_rpc()
-#endif /* __STDC__ */
-{
- rki_drop_server();
- (void) close(sock);
-}
diff --git a/eBones/lib/librkinit/rk_util.c b/eBones/lib/librkinit/rk_util.c
deleted file mode 100644
index 2b099e7..0000000
--- a/eBones/lib/librkinit/rk_util.c
+++ /dev/null
@@ -1,214 +0,0 @@
-/*
- * $Id$
- * $Source: /home/ncvs/src/eBones/lib/librkinit/rk_util.c,v $
- * $Author: jkh $
- *
- * This file contains internal routines for general use by the rkinit
- * library and server.
- *
- * See the comment at the top of rk_lib.c for a description of the naming
- * conventions used within the rkinit library.
- */
-
-#if !defined(lint) && !defined(SABER) && !defined(LOCORE) && defined(RCS_HDRS)
-static char *rcsid = "$Id$";
-#endif /* lint || SABER || LOCORE || RCS_HDRS */
-
-#include <stdio.h>
-#include <sys/types.h>
-#include <string.h>
-#include <setjmp.h>
-#include <signal.h>
-#include <sys/time.h>
-
-#ifdef DEBUG
-#include <syslog.h>
-#endif /* DEBUG */
-
-#include <rkinit.h>
-#include <rkinit_private.h>
-#include <rkinit_err.h>
-
-#define RKINIT_TIMEOUTVAL 60
-
-static char errbuf[BUFSIZ];
-static jmp_buf timeout_env;
-
-#ifdef DEBUG
-static int _rkinit_server_ = FALSE;
-
-#ifdef __STDC__
-void rki_dmsg(char *string)
-#else
-void rki_dmsg(string)
- char *string;
-#endif /* __STDC__ */
-{
- if (_rkinit_server_)
- syslog(LOG_NOTICE, string);
- else
- printf("%s\n", string);
-}
-
-#ifdef __STDC__
-void rki_i_am_server(void)
-#else
-void rki_i_am_server()
-#endif /* __STDC__ */
-{
- _rkinit_server_ = TRUE;
-}
-#else /* DEBUG */
-#ifdef __STDC__
-void rki_dmsg(char *string)
-#else
-void rki_dmsg(string)
- char *string;
-#endif /* __STDC__ */
-{
- return;
-}
-
-#endif /* DEBUG */
-
-#ifdef __STDC__
-const char *rki_mt_to_string(int mt)
-#else
-const char *rki_mt_to_string(mt)
- int mt;
-#endif /* __STDC__ */
-{
- char *string = 0;
-
- switch(mt) {
- case MT_STATUS:
- string = "Status message";
- break;
- case MT_CVERSION:
- string = "Client version";
- break;
- case MT_SVERSION:
- string = "Server version";
- break;
- case MT_RKINIT_INFO:
- string = "Rkinit information";
- break;
- case MT_SKDC:
- string = "Server kdc packet";
- break;
- case MT_CKDC:
- string = "Client kdc packet";
- break;
- case MT_AUTH:
- string = "Authenticator";
- break;
- case MT_DROP:
- string = "Drop server";
- break;
- default:
- string = "Unknown message type";
- break;
- }
-
- return(string);
-}
-
-#ifdef __STDC__
-int rki_choose_version(int *version)
-#else
-int rki_choose_version(version)
- int *version;
-#endif /* __STDC__ */
-{
- int s_lversion; /* lowest version number server supports */
- int s_hversion; /* highest version number server supports */
- int status = RKINIT_SUCCESS;
-
- if ((status =
- rki_rpc_exchange_version_info(RKINIT_LVERSION, RKINIT_HVERSION,
- &s_lversion,
- &s_hversion)) != RKINIT_SUCCESS)
- return(status);
-
- *version = min(RKINIT_HVERSION, s_hversion);
- if (*version < max(RKINIT_LVERSION, s_lversion)) {
- sprintf(errbuf,
- "Can't run version %d client against version %d server.",
- RKINIT_HVERSION, s_hversion);
- rkinit_errmsg(errbuf);
- status = RKINIT_VERSION;
- }
-
- return(status);
-}
-
-#ifdef __STDC__
-int rki_send_rkinit_info(int version, rkinit_info *info)
-#else
-int rki_send_rkinit_info(version, info)
- int version;
- rkinit_info *info;
-#endif /* __STDC__ */
-{
- int status = 0;
-
- if ((status = rki_rpc_send_rkinit_info(info)) != RKINIT_SUCCESS)
- return(status);
-
- return(rki_rpc_get_status());
-}
-
-#ifdef __STDC__
-static void rki_timeout(int signal)
-#else
-static void rki_timeout(signal)
- int signal;
-#endif /* __STDC__ */
-{
- sprintf(errbuf, "%d seconds exceeded.", RKINIT_TIMEOUTVAL);
- rkinit_errmsg(errbuf);
- longjmp(timeout_env, RKINIT_TIMEOUT);
- return;
-}
-
-#ifdef __STDC__
-static void set_timer(int secs)
-#else
-static void set_timer(secs)
- int secs;
-#endif /* __STDC__ */
-{
- struct itimerval timer; /* Time structure for timeout */
-
- /* Set up an itimer structure to send an alarm signal after TIMEOUT
- seconds. */
- timer.it_interval.tv_sec = secs;
- timer.it_interval.tv_usec = 0;
- timer.it_value = timer.it_interval;
-
- (void) setitimer (ITIMER_REAL, &timer, (struct itimerval *)0);
-}
-
-
-#ifdef __STDC__
-void (*rki_setup_timer(jmp_buf env))(int)
-#else
-void (*rki_setup_timer(env))(int)
- jmp_buf env;
-#endif /* __STDC__ */
-{
- bcopy((char *)env, (char *)timeout_env, sizeof(jmp_buf));
- set_timer(RKINIT_TIMEOUTVAL);
- return(signal(SIGALRM, rki_timeout));
-}
-
-#ifdef __STDC__
-void rki_restore_timer(void (*old_alrm)(int))
-#else
-void rki_restore_timer(old_alrm)
- void (*old_alrm)(int);
-#endif /* __STDC__ */
-{
- set_timer(0);
- (void) signal(SIGALRM, old_alrm);
-}
diff --git a/eBones/lib/librkinit/rkinit.3 b/eBones/lib/librkinit/rkinit.3
deleted file mode 100644
index fe6bdf7..0000000
--- a/eBones/lib/librkinit/rkinit.3
+++ /dev/null
@@ -1,167 +0,0 @@
-.\"
-.\" $Header: /local/cvsfiles/kerberos/src/appl/rkinit/man/rkinit.3,v 1.1 1991/12/03 23:21:29 eichin Exp $
-.\" $Source: /local/cvsfiles/kerberos/src/appl/rkinit/man/rkinit.3,v $
-.\" $Author: eichin $
-.\"
-.\"
-.TH RKINIT 3 "November 12, 1989"
-.SH NAME
-rkinit, rkinit_errmsg
-.SH SYNOPSIS
-.nf
-.nj
-.ft B
-#include <rkinit.h>
-#include <rkinit_err.h>
-.PP
-.ft B
-int rkinit(host, r_krealm, info, timeout)
- char *host;
- char *r_krealm;
- rkinit_info *info;
- int timeout;
-.PP
-.ft B
-char *rkinit_errmsg(string)
- char *string;
-.fi
-.ft R
-.SH DESCRIPTION
-This library contains the calls necessary to interface with the
-.I rkinit
-system of remote ticket establishment. See
-.IR rkinit (1)
-for more information on
-.I rkinit
-.PP
-.I rkinit.h
-is the header file that contains information that all clients
-will need to use.
-.PP
-.I rkinit_err.h
-is the
-.I com_err
-error table header file. See
-.IR com_err (3)
-for more information about
-.I com_err.
-.PP
-.IR rkinit ()
-takes as arguments the name of the host on which you wish to
-establish tickets, the kerberos realm of the remote host, a
-fully initialized rkinit_info structure, and a boolean value
-telling
-whether or not
-.IR rkinit ()
-should time out if the transaction
-fails to complete after a certain about of time.
-This call does not know about about default values, so
-something must be filled in for everything except for the ticket
-filename in the rkinit_info structure described below.
-
-.nf
-.nj
-.ft B
-This is the rkinit_info type:
-
-typedef struct {
- char aname[ANAME_SZ + 1];
- char inst[INST_SZ + 1];
- char realm[REALM_SZ + 1];
- char sname[ANAME_SZ + 1];
- char sinst[INST_SZ + 1];
- char username[9]; /* max local name length + 1 */
- char tktfilename[MAXPATHLEN + 1];
- long lifetime;
-} rkinit_info;
-.fi
-.ft R
-
-.I aname
-is the name part of the kerberos principal for which tickets are
-being requested.
-
-.I inst
-is the instance part.
-
-.I realm
-is the realm part.
-
-.I sname
-is the service name of the key that will appear in the remote
-initial ticket (for example, "krbtgt").
-
-.I sname
-is the service instance.
-
-.I username
-is the name of the local user on the remote host who will own
-the ticket file.
-
-.I tktfilename
-is the name of the file on the remote host in which the
-tickets will be stored. This is the only field in the structure
-for which a blank value is filled in. If this value is left
-blank, the server will figure out what to call the ticket file
-by using the kerberos library default as determined by
-.I TKT_FILE
-as defined in
-.IR krb.h .
-
-.I lifetime
-is the lifetime of the tickets in the usual five minute
-intervals. It is possible with this routine, as with
-.IR krb_get_in_tkt (3)
-to request tickets with zero lifetime.
-
-.IR rkinit (),
-while it is running, opens a socket, changes the name
-of the default kerberos ticket file, and changes the signal
-handler for the ALRM signal (if timeout != 0). rkinit()
-restores all these values when it exits whether it exits with
-an error or not, so clients using the rkinit library need not
-worry about this information.
-
-.IR rkinit_errmsg ()
-takes a string as its only argument. Passing
-other than NULL to this routine should be done
-by only the rkinit library and server.
-Doing this sets the current rkinit
-error message. Calling
-.IR rkinit_errmsg ()
-with NULL as the argument returns the current rkinit error
-message.
-Although the rkinit library uses
-.IR com_err (3)
-for error handling, the error messages returned by
-.IR com_err ()
-may not be specific enough. A client could report the error
-message returned by rkinit as follows:
-
-
-.nf
-.nj
-.ft B
-if (status = rkinit(host, r_krealm, &info, timeout)) {
- com_err(argv[0], status, "while obtaining remote tickets:");
- fprintf(stderr, "%s\\n", rkinit_errmsg(0));
- exit(1);
-}
-.fi
-.ft R
-
-.SH SEE ALSO
-kerberos(1), kerberos(3), rkinit(1), rkinitd(8)
-
-.SH DIAGNOSTICS
-.IR rkinit ()
-is usually good about reporting error messages to the client.
-It will probably not handle uninitialized variables well,
-however. Make sure that things like the realm of the remote
-host and the lifetime of the tickets have been properly
-initialized before calling
-.IR rkinit ().
-
-
-.SH AUTHOR
-Emanuel Jay Berkenbilt (MIT-Project Athena)
diff --git a/eBones/lib/librkinit/rkinit_err.et b/eBones/lib/librkinit/rkinit_err.et
deleted file mode 100644
index d0ade5b..0000000
--- a/eBones/lib/librkinit/rkinit_err.et
+++ /dev/null
@@ -1,32 +0,0 @@
-#
-# $Header: /local/cvsfiles/kerberos/src/appl/rkinit/lib/rkinit_err.et,v 1.1 1991/12/03 23:20:58 eichin Exp $
-# $Source: /local/cvsfiles/kerberos/src/appl/rkinit/lib/rkinit_err.et,v $
-# $Author: eichin $
-#
-# These error messages will probably not be printed by com_err.
-# Instead, a better error message (with specific information)
-# will be obtained by a call to rkinit_errmsg().
-#
-
-et rkin
-
-ec RKINIT_RCSID, "$Header: /local/cvsfiles/kerberos/src/appl/rkinit/lib/rkinit_err.et,v 1.1 1991/12/03 23:20:58 eichin Exp $"
-ec RKINIT_VERSION, "Version mismatch"
-ec RKINIT_HOST, "Failure getting host information"
-ec RKINIT_SERV, "Failure getting service information (/etc/services)"
-ec RKINIT_SOCKET, "Failure setting up socket"
-ec RKINIT_CONNECT, "Failure connecting"
-ec RKINIT_PACKET, "Bad packet type"
-ec RKINIT_WRITE, "Failure writing"
-ec RKINIT_READ, "Failure reading"
-ec RKINIT_DAEMON, "Error reported by rkinitd"
-ec RKINIT_KERBEROS, "Kerberos error"
-ec RKINIT_DES, "Des error"
-ec RKINIT_GETPEER, "Failure in getpeername"
-ec RKINIT_GETSOCK, "Failure in getsockname"
-ec RKINIT_MEMORY, "Out of memory"
-ec RKINIT_TIMEOUT, "Timed out"
-ec RKINIT_DROPPED, "Connection dropped"
-
-ec RKINIT_LAST, "Last error message"
-end
diff --git a/eBones/lib/libtelnet/Makefile b/eBones/lib/libtelnet/Makefile
deleted file mode 100644
index 94f7549..0000000
--- a/eBones/lib/libtelnet/Makefile
+++ /dev/null
@@ -1,23 +0,0 @@
-# From: @(#)Makefile 8.2 (Berkeley) 12/15/93
-# $Id$
-
-LIB= telnet
-SRCS= encrypt.c genget.c getent.c misc.c
-
-CFLAGS+= -DHAS_CGETENT -DENCRYPTION
-
-.if exists(${DESTDIR}/usr/lib/libkrb.a) && defined(MAKE_EBONES)
-CFLAGS+= -DDES_ENCRYPTION -DAUTHENTICATION -DKRB4 -I/usr/include/kerberosIV
-SRCS+= auth.c kerberos.c enc_des.c
-LDADD+= -ldes -lkrb
-DPADD+= ${LIBDES} ${LIBKRB}
-.endif
-
-# Not Yet
-#SRCS += spx.c rsaencpwd.c read_password.c
-
-# KRB4_ENCPWD not yet defined
-# Used only in krb4encpwd.c and rsaencpwd.c, not yet active
-#LDADD+= -ldescrypt
-
-.include <bsd.lib.mk>
diff --git a/eBones/lib/libtelnet/auth-proto.h b/eBones/lib/libtelnet/auth-proto.h
deleted file mode 100644
index bdcb030..0000000
--- a/eBones/lib/libtelnet/auth-proto.h
+++ /dev/null
@@ -1,100 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * @(#)auth-proto.h 8.1 (Berkeley) 6/4/93
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#if !defined(P)
-#ifdef __STDC__
-#define P(x) x
-#else
-#define P(x) ()
-#endif
-#endif
-
-#if defined(AUTHENTICATION)
-Authenticator *findauthenticator P((int, int));
-
-void auth_init P((char *, int));
-int auth_cmd P((int, char **));
-void auth_request P((void));
-void auth_send P((unsigned char *, int));
-void auth_send_retry P((void));
-void auth_is P((unsigned char *, int));
-void auth_reply P((unsigned char *, int));
-void auth_finished P((Authenticator *, int));
-int auth_wait P((char *));
-void auth_disable_name P((char *));
-void auth_gen_printsub P((unsigned char *, int, unsigned char *, int));
-void auth_name P((unsigned char *, int));
-void auth_printsub P((unsigned char *, int, unsigned char *, int));
-int auth_sendname P((unsigned char *, int));
-void auth_encrypt_user P((char *));
-
-#ifdef KRB4
-int kerberos4_init P((Authenticator *, int));
-int kerberos4_send P((Authenticator *));
-void kerberos4_is P((Authenticator *, unsigned char *, int));
-void kerberos4_reply P((Authenticator *, unsigned char *, int));
-int kerberos4_status P((Authenticator *, char *, int));
-void kerberos4_printsub P((unsigned char *, int, unsigned char *, int));
-#endif
-
-#ifdef KRB5
-int kerberos5_init P((Authenticator *, int));
-int kerberos5_send P((Authenticator *));
-void kerberos5_is P((Authenticator *, unsigned char *, int));
-void kerberos5_reply P((Authenticator *, unsigned char *, int));
-int kerberos5_status P((Authenticator *, char *, int));
-void kerberos5_printsub P((unsigned char *, int, unsigned char *, int));
-#endif
-#endif
diff --git a/eBones/lib/libtelnet/auth.c b/eBones/lib/libtelnet/auth.c
deleted file mode 100644
index 624baa1..0000000
--- a/eBones/lib/libtelnet/auth.c
+++ /dev/null
@@ -1,674 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static const char sccsid[] = "@(#)auth.c 8.3 (Berkeley) 5/30/95";
-#endif /* not lint */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-
-#if defined(AUTHENTICATION)
-#include <stdio.h>
-#include <sys/types.h>
-#include <signal.h>
-#define AUTH_NAMES
-#include <arpa/telnet.h>
-#ifdef __STDC__
-#include <stdlib.h>
-#include <unistd.h>
-#endif
-#ifdef NO_STRING_H
-#include <strings.h>
-#else
-#include <string.h>
-#endif
-
-#include "encrypt.h"
-#include "auth.h"
-#include "misc-proto.h"
-#include "auth-proto.h"
-
-#define typemask(x) (1<<((x)-1))
-
-#ifdef KRB4_ENCPWD
-extern krb4encpwd_init();
-extern krb4encpwd_send();
-extern krb4encpwd_is();
-extern krb4encpwd_reply();
-extern krb4encpwd_status();
-extern krb4encpwd_printsub();
-#endif
-
-#ifdef RSA_ENCPWD
-extern rsaencpwd_init();
-extern rsaencpwd_send();
-extern rsaencpwd_is();
-extern rsaencpwd_reply();
-extern rsaencpwd_status();
-extern rsaencpwd_printsub();
-#endif
-
-int auth_debug_mode = 0;
-static char *Name = "Noname";
-static int Server = 0;
-static Authenticator *authenticated = 0;
-static int authenticating = 0;
-static int validuser = 0;
-static unsigned char _auth_send_data[256];
-static unsigned char *auth_send_data;
-static int auth_send_cnt = 0;
-
-int auth_onoff(char *type, int on);
-void auth_encrypt_user(char *name);
-
-/*
- * Authentication types supported. Plese note that these are stored
- * in priority order, i.e. try the first one first.
- */
-Authenticator authenticators[] = {
-#ifdef SPX
- { AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
- spx_init,
- spx_send,
- spx_is,
- spx_reply,
- spx_status,
- spx_printsub },
- { AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
- spx_init,
- spx_send,
- spx_is,
- spx_reply,
- spx_status,
- spx_printsub },
-#endif
-#ifdef KRB5
-# ifdef ENCRYPTION
- { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
- kerberos5_init,
- kerberos5_send,
- kerberos5_is,
- kerberos5_reply,
- kerberos5_status,
- kerberos5_printsub },
-# endif /* ENCRYPTION */
- { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
- kerberos5_init,
- kerberos5_send,
- kerberos5_is,
- kerberos5_reply,
- kerberos5_status,
- kerberos5_printsub },
-#endif
-#ifdef KRB4
-# ifdef ENCRYPTION
- { AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
- kerberos4_init,
- kerberos4_send,
- kerberos4_is,
- kerberos4_reply,
- kerberos4_status,
- kerberos4_printsub },
-# endif /* ENCRYPTION */
- { AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
- kerberos4_init,
- kerberos4_send,
- kerberos4_is,
- kerberos4_reply,
- kerberos4_status,
- kerberos4_printsub },
-#endif
-#ifdef KRB4_ENCPWD
- { AUTHTYPE_KRB4_ENCPWD, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
- krb4encpwd_init,
- krb4encpwd_send,
- krb4encpwd_is,
- krb4encpwd_reply,
- krb4encpwd_status,
- krb4encpwd_printsub },
-#endif
-#ifdef RSA_ENCPWD
- { AUTHTYPE_RSA_ENCPWD, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
- rsaencpwd_init,
- rsaencpwd_send,
- rsaencpwd_is,
- rsaencpwd_reply,
- rsaencpwd_status,
- rsaencpwd_printsub },
-#endif
- { 0, },
-};
-
-static Authenticator NoAuth = { 0 };
-
-static int i_support = 0;
-static int i_wont_support = 0;
-
- Authenticator *
-findauthenticator(type, way)
- int type;
- int way;
-{
- Authenticator *ap = authenticators;
-
- while (ap->type && (ap->type != type || ap->way != way))
- ++ap;
- return(ap->type ? ap : 0);
-}
-
- void
-auth_init(name, server)
- char *name;
- int server;
-{
- Authenticator *ap = authenticators;
-
- Server = server;
- Name = name;
-
- i_support = 0;
- authenticated = 0;
- authenticating = 0;
- while (ap->type) {
- if (!ap->init || (*ap->init)(ap, server)) {
- i_support |= typemask(ap->type);
- if (auth_debug_mode)
- printf(">>>%s: I support auth type %d %d\r\n",
- Name,
- ap->type, ap->way);
- }
- else if (auth_debug_mode)
- printf(">>>%s: Init failed: auth type %d %d\r\n",
- Name, ap->type, ap->way);
- ++ap;
- }
-}
-
- void
-auth_disable_name(name)
- char *name;
-{
- int x;
- for (x = 0; x < AUTHTYPE_CNT; ++x) {
- if (!strcasecmp(name, AUTHTYPE_NAME(x))) {
- i_wont_support |= typemask(x);
- break;
- }
- }
-}
-
- int
-getauthmask(type, maskp)
- char *type;
- int *maskp;
-{
- register int x;
-
- if (!strcasecmp(type, AUTHTYPE_NAME(0))) {
- *maskp = -1;
- return(1);
- }
-
- for (x = 1; x < AUTHTYPE_CNT; ++x) {
- if (!strcasecmp(type, AUTHTYPE_NAME(x))) {
- *maskp = typemask(x);
- return(1);
- }
- }
- return(0);
-}
-
- int
-auth_enable(type)
- char * type;
-{
- return(auth_onoff(type, 1));
-}
-
- int
-auth_disable(type)
- char * type;
-{
- return(auth_onoff(type, 0));
-}
-
- int
-auth_onoff(type, on)
- char *type;
- int on;
-{
- int i, mask = -1;
- Authenticator *ap;
-
- if (!strcasecmp(type, "?") || !strcasecmp(type, "help")) {
- printf("auth %s 'type'\n", on ? "enable" : "disable");
- printf("Where 'type' is one of:\n");
- printf("\t%s\n", AUTHTYPE_NAME(0));
- mask = 0;
- for (ap = authenticators; ap->type; ap++) {
- if ((mask & (i = typemask(ap->type))) != 0)
- continue;
- mask |= i;
- printf("\t%s\n", AUTHTYPE_NAME(ap->type));
- }
- return(0);
- }
-
- if (!getauthmask(type, &mask)) {
- printf("%s: invalid authentication type\n", type);
- return(0);
- }
- if (on)
- i_wont_support &= ~mask;
- else
- i_wont_support |= mask;
- return(1);
-}
-
- int
-auth_togdebug(on)
- int on;
-{
- if (on < 0)
- auth_debug_mode ^= 1;
- else
- auth_debug_mode = on;
- printf("auth debugging %s\n", auth_debug_mode ? "enabled" : "disabled");
- return(1);
-}
-
- int
-auth_status()
-{
- Authenticator *ap;
- int i, mask;
-
- if (i_wont_support == -1)
- printf("Authentication disabled\n");
- else
- printf("Authentication enabled\n");
-
- mask = 0;
- for (ap = authenticators; ap->type; ap++) {
- if ((mask & (i = typemask(ap->type))) != 0)
- continue;
- mask |= i;
- printf("%s: %s\n", AUTHTYPE_NAME(ap->type),
- (i_wont_support & typemask(ap->type)) ?
- "disabled" : "enabled");
- }
- return(1);
-}
-
-/*
- * This routine is called by the server to start authentication
- * negotiation.
- */
- void
-auth_request()
-{
- static unsigned char str_request[64] = { IAC, SB,
- TELOPT_AUTHENTICATION,
- TELQUAL_SEND, };
- Authenticator *ap = authenticators;
- unsigned char *e = str_request + 4;
-
- if (!authenticating) {
- authenticating = 1;
- while (ap->type) {
- if (i_support & ~i_wont_support & typemask(ap->type)) {
- if (auth_debug_mode) {
- printf(">>>%s: Sending type %d %d\r\n",
- Name, ap->type, ap->way);
- }
- *e++ = ap->type;
- *e++ = ap->way;
- }
- ++ap;
- }
- *e++ = IAC;
- *e++ = SE;
- net_write(str_request, e - str_request);
- printsub('>', &str_request[2], e - str_request - 2);
- }
-}
-
-/*
- * This is called when an AUTH SEND is received.
- * It should never arrive on the server side (as only the server can
- * send an AUTH SEND).
- * You should probably respond to it if you can...
- *
- * If you want to respond to the types out of order (i.e. even
- * if he sends LOGIN KERBEROS and you support both, you respond
- * with KERBEROS instead of LOGIN (which is against what the
- * protocol says)) you will have to hack this code...
- */
- void
-auth_send(data, cnt)
- unsigned char *data;
- int cnt;
-{
- Authenticator *ap;
- static unsigned char str_none[] = { IAC, SB, TELOPT_AUTHENTICATION,
- TELQUAL_IS, AUTHTYPE_NULL, 0,
- IAC, SE };
- if (Server) {
- if (auth_debug_mode) {
- printf(">>>%s: auth_send called!\r\n", Name);
- }
- return;
- }
-
- if (auth_debug_mode) {
- printf(">>>%s: auth_send got:", Name);
- printd(data, cnt); printf("\r\n");
- }
-
- /*
- * Save the data, if it is new, so that we can continue looking
- * at it if the authorization we try doesn't work
- */
- if (data < _auth_send_data ||
- data > _auth_send_data + sizeof(_auth_send_data)) {
- auth_send_cnt = cnt > sizeof(_auth_send_data)
- ? sizeof(_auth_send_data)
- : cnt;
- memmove((void *)_auth_send_data, (void *)data, auth_send_cnt);
- auth_send_data = _auth_send_data;
- } else {
- /*
- * This is probably a no-op, but we just make sure
- */
- auth_send_data = data;
- auth_send_cnt = cnt;
- }
- while ((auth_send_cnt -= 2) >= 0) {
- if (auth_debug_mode)
- printf(">>>%s: He supports %d\r\n",
- Name, *auth_send_data);
- if ((i_support & ~i_wont_support) & typemask(*auth_send_data)) {
- ap = findauthenticator(auth_send_data[0],
- auth_send_data[1]);
- if (ap && ap->send) {
- if (auth_debug_mode)
- printf(">>>%s: Trying %d %d\r\n",
- Name, auth_send_data[0],
- auth_send_data[1]);
- if ((*ap->send)(ap)) {
- /*
- * Okay, we found one we like
- * and did it.
- * we can go home now.
- */
- if (auth_debug_mode)
- printf(">>>%s: Using type %d\r\n",
- Name, *auth_send_data);
- auth_send_data += 2;
- return;
- }
- }
- /* else
- * just continue on and look for the
- * next one if we didn't do anything.
- */
- }
- auth_send_data += 2;
- }
- net_write(str_none, sizeof(str_none));
- printsub('>', &str_none[2], sizeof(str_none) - 2);
- if (auth_debug_mode)
- printf(">>>%s: Sent failure message\r\n", Name);
- auth_finished(0, AUTH_REJECT);
-#ifdef KANNAN
- /*
- * We requested strong authentication, however no mechanisms worked.
- * Therefore, exit on client end.
- */
- printf("Unable to securely authenticate user ... exit\n");
- exit(0);
-#endif /* KANNAN */
-}
-
- void
-auth_send_retry()
-{
- /*
- * if auth_send_cnt <= 0 then auth_send will end up rejecting
- * the authentication and informing the other side of this.
- */
- auth_send(auth_send_data, auth_send_cnt);
-}
-
- void
-auth_is(data, cnt)
- unsigned char *data;
- int cnt;
-{
- Authenticator *ap;
-
- if (cnt < 2)
- return;
-
- if (data[0] == AUTHTYPE_NULL) {
- auth_finished(0, AUTH_REJECT);
- return;
- }
-
- if ((ap = findauthenticator(data[0], data[1]))) {
- if (ap->is)
- (*ap->is)(ap, data+2, cnt-2);
- } else if (auth_debug_mode)
- printf(">>>%s: Invalid authentication in IS: %d\r\n",
- Name, *data);
-}
-
- void
-auth_reply(data, cnt)
- unsigned char *data;
- int cnt;
-{
- Authenticator *ap;
-
- if (cnt < 2)
- return;
-
- if ((ap = findauthenticator(data[0], data[1]))) {
- if (ap->reply)
- (*ap->reply)(ap, data+2, cnt-2);
- } else if (auth_debug_mode)
- printf(">>>%s: Invalid authentication in SEND: %d\r\n",
- Name, *data);
-}
-
- void
-auth_name(data, cnt)
- unsigned char *data;
- int cnt;
-{
- unsigned char savename[256];
-
- if (cnt < 1) {
- if (auth_debug_mode)
- printf(">>>%s: Empty name in NAME\r\n", Name);
- return;
- }
- if (cnt > sizeof(savename) - 1) {
- if (auth_debug_mode)
- printf(">>>%s: Name in NAME (%d) exceeds %d length\r\n",
- Name, cnt, sizeof(savename)-1);
- return;
- }
- memmove((void *)savename, (void *)data, cnt);
- savename[cnt] = '\0'; /* Null terminate */
- if (auth_debug_mode)
- printf(">>>%s: Got NAME [%s]\r\n", Name, savename);
- auth_encrypt_user(savename);
-}
-
- int
-auth_sendname(cp, len)
- unsigned char *cp;
- int len;
-{
- static unsigned char str_request[256+6]
- = { IAC, SB, TELOPT_AUTHENTICATION, TELQUAL_NAME, };
- register unsigned char *e = str_request + 4;
- register unsigned char *ee = &str_request[sizeof(str_request)-2];
-
- while (--len >= 0) {
- if ((*e++ = *cp++) == IAC)
- *e++ = IAC;
- if (e >= ee)
- return(0);
- }
- *e++ = IAC;
- *e++ = SE;
- net_write(str_request, e - str_request);
- printsub('>', &str_request[2], e - &str_request[2]);
- return(1);
-}
-
- void
-auth_finished(ap, result)
- Authenticator *ap;
- int result;
-{
- if (!(authenticated = ap))
- authenticated = &NoAuth;
- validuser = result;
-}
-
- /* ARGSUSED */
- static void
-auth_intr(sig)
- int sig;
-{
- auth_finished(0, AUTH_REJECT);
-}
-
- int
-auth_wait(name)
- char *name;
-{
- if (auth_debug_mode)
- printf(">>>%s: in auth_wait.\r\n", Name);
-
- if (Server && !authenticating)
- return(0);
-
- (void) signal(SIGALRM, auth_intr);
- alarm(30);
- while (!authenticated)
- if (telnet_spin())
- break;
- alarm(0);
- (void) signal(SIGALRM, SIG_DFL);
-
- /*
- * Now check to see if the user is valid or not
- */
- if (!authenticated || authenticated == &NoAuth)
- return(AUTH_REJECT);
-
- if (validuser == AUTH_VALID)
- validuser = AUTH_USER;
-
- if (authenticated->status)
- validuser = (*authenticated->status)(authenticated,
- name, validuser);
- return(validuser);
-}
-
- void
-auth_debug(mode)
- int mode;
-{
- auth_debug_mode = mode;
-}
-
- void
-auth_printsub(data, cnt, buf, buflen)
- unsigned char *data, *buf;
- int cnt, buflen;
-{
- Authenticator *ap;
-
- if ((ap = findauthenticator(data[1], data[2])) && ap->printsub)
- (*ap->printsub)(data, cnt, buf, buflen);
- else
- auth_gen_printsub(data, cnt, buf, buflen);
-}
-
- void
-auth_gen_printsub(data, cnt, buf, buflen)
- unsigned char *data, *buf;
- int cnt, buflen;
-{
- register unsigned char *cp;
- unsigned char tbuf[16];
-
- cnt -= 3;
- data += 3;
- buf[buflen-1] = '\0';
- buf[buflen-2] = '*';
- buflen -= 2;
- for (; cnt > 0; cnt--, data++) {
- sprintf((char *)tbuf, " %d", *data);
- for (cp = tbuf; *cp && buflen > 0; --buflen)
- *buf++ = *cp++;
- if (buflen <= 0)
- return;
- }
- *buf = '\0';
-}
-#endif
diff --git a/eBones/lib/libtelnet/auth.h b/eBones/lib/libtelnet/auth.h
deleted file mode 100644
index 615e8a0..0000000
--- a/eBones/lib/libtelnet/auth.h
+++ /dev/null
@@ -1,87 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * @(#)auth.h 8.1 (Berkeley) 6/4/93
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#ifndef __AUTH__
-#define __AUTH__
-
-#define AUTH_REJECT 0 /* Rejected */
-#define AUTH_UNKNOWN 1 /* We don't know who he is, but he's okay */
-#define AUTH_OTHER 2 /* We know him, but not his name */
-#define AUTH_USER 3 /* We know he name */
-#define AUTH_VALID 4 /* We know him, and he needs no password */
-
-#if !defined(P)
-#ifdef __STDC__
-#define P(x) x
-#else
-#define P(x) ()
-#endif
-#endif
-
-typedef struct XauthP {
- int type;
- int way;
- int (*init) P((struct XauthP *, int));
- int (*send) P((struct XauthP *));
- void (*is) P((struct XauthP *, unsigned char *, int));
- void (*reply) P((struct XauthP *, unsigned char *, int));
- int (*status) P((struct XauthP *, char *, int));
- void (*printsub) P((unsigned char *, int, unsigned char *, int));
-} Authenticator;
-
-#include "auth-proto.h"
-
-extern auth_debug_mode;
-#endif
diff --git a/eBones/lib/libtelnet/enc-proto.h b/eBones/lib/libtelnet/enc-proto.h
deleted file mode 100644
index 8e15ffd..0000000
--- a/eBones/lib/libtelnet/enc-proto.h
+++ /dev/null
@@ -1,126 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * @(#)enc-proto.h 8.1 (Berkeley) 6/4/93
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-#if !defined(P)
-#ifdef __STDC__
-#define P(x) x
-#else
-#define P(x) ()
-#endif
-#endif
-
-#ifdef ENCRYPTION
-void encrypt_init P((char *, int));
-Encryptions *findencryption P((int));
-void encrypt_send_supprt P((void));
-void encrypt_auto P((int));
-void decrypt_auto P((int));
-void encrypt_is P((unsigned char *, int));
-void encrypt_reply P((unsigned char *, int));
-void encrypt_start_input P((int));
-void encrypt_session_key P((Session_Key *, int));
-void encrypt_end_input P((void));
-void encrypt_start_output P((int));
-void encrypt_end_output P((void));
-void encrypt_send_request_start P((void));
-void encrypt_send_request_end P((void));
-void encrypt_send_end P((void));
-void encrypt_wait P((void));
-void encrypt_send_support P((void));
-void encrypt_send_keyid P((int, unsigned char *, int, int));
-void encrypt_start P((unsigned char *, int));
-void encrypt_end P((void));
-void encrypt_support P((unsigned char *, int));
-void encrypt_request_start P((unsigned char *, int));
-void encrypt_request_end P((void));
-void encrypt_enc_keyid P((unsigned char *, int));
-void encrypt_dec_keyid P((unsigned char *, int));
-void encrypt_printsub P((unsigned char *, int, unsigned char *, int));
-int net_write P((unsigned char *, int));
-
-#ifndef TELENTD
-int encrypt_cmd P((int, char **));
-void encrypt_display P((void));
-#endif
-
-void krbdes_encrypt P((unsigned char *, int));
-int krbdes_decrypt P((int));
-int krbdes_is P((unsigned char *, int));
-int krbdes_reply P((unsigned char *, int));
-void krbdes_init P((int));
-int krbdes_start P((int, int));
-void krbdes_session P((Session_Key *, int));
-void krbdes_printsub P((unsigned char *, int, unsigned char *, int));
-
-void cfb64_encrypt P((unsigned char *, int));
-int cfb64_decrypt P((int));
-void cfb64_init P((int));
-int cfb64_start P((int, int));
-int cfb64_is P((unsigned char *, int));
-int cfb64_reply P((unsigned char *, int));
-void cfb64_session P((Session_Key *, int));
-int cfb64_keyid P((int, unsigned char *, int *));
-void cfb64_printsub P((unsigned char *, int, unsigned char *, int));
-
-void ofb64_encrypt P((unsigned char *, int));
-int ofb64_decrypt P((int));
-void ofb64_init P((int));
-int ofb64_start P((int, int));
-int ofb64_is P((unsigned char *, int));
-int ofb64_reply P((unsigned char *, int));
-void ofb64_session P((Session_Key *, int));
-int ofb64_keyid P((int, unsigned char *, int *));
-void ofb64_printsub P((unsigned char *, int, unsigned char *, int));
-
-#endif /* ENCRYPTION */
diff --git a/eBones/lib/libtelnet/enc_des.c b/eBones/lib/libtelnet/enc_des.c
deleted file mode 100644
index 8e4b9a7..0000000
--- a/eBones/lib/libtelnet/enc_des.c
+++ /dev/null
@@ -1,720 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static const char sccsid[] = "@(#)enc_des.c 8.3 (Berkeley) 5/30/95";
-#endif /* not lint */
-
-#ifdef ENCRYPTION
-# ifdef AUTHENTICATION
-# ifdef DES_ENCRYPTION
-#include <arpa/telnet.h>
-#include <stdio.h>
-#ifdef __STDC__
-#include <stdlib.h>
-#endif
-
-#include <des.h>
-#include <string.h>
-#include "encrypt.h"
-#include "key-proto.h"
-#include "misc-proto.h"
-
-extern encrypt_debug_mode;
-
-#define CFB 0
-#define OFB 1
-
-#define NO_SEND_IV 1
-#define NO_RECV_IV 2
-#define NO_KEYID 4
-#define IN_PROGRESS (NO_SEND_IV|NO_RECV_IV|NO_KEYID)
-#define SUCCESS 0
-#define FAILED -1
-
-
-struct fb {
- Block krbdes_key;
- Schedule krbdes_sched;
- Block temp_feed;
- unsigned char fb_feed[64];
- int need_start;
- int state[2];
- int keyid[2];
- int once;
- struct stinfo {
- Block str_output;
- Block str_feed;
- Block str_iv;
- Block str_ikey;
- Schedule str_sched;
- int str_index;
- int str_flagshift;
- } streams[2];
-};
-
-static struct fb fb[2];
-
-struct keyidlist {
- char *keyid;
- int keyidlen;
- char *key;
- int keylen;
- int flags;
-} keyidlist [] = {
- { "\0", 1, 0, 0, 0 }, /* default key of zero */
- { 0, 0, 0, 0, 0 }
-};
-
-#define KEYFLAG_MASK 03
-
-#define KEYFLAG_NOINIT 00
-#define KEYFLAG_INIT 01
-#define KEYFLAG_OK 02
-#define KEYFLAG_BAD 03
-
-#define KEYFLAG_SHIFT 2
-
-#define SHIFT_VAL(a,b) (KEYFLAG_SHIFT*((a)+((b)*2)))
-
-#define FB64_IV 1
-#define FB64_IV_OK 2
-#define FB64_IV_BAD 3
-
-
-void fb64_stream_iv P((Block, struct stinfo *));
-void fb64_init P((struct fb *));
-static int fb64_start P((struct fb *, int, int));
-int fb64_is P((unsigned char *, int, struct fb *));
-int fb64_reply P((unsigned char *, int, struct fb *));
-static void fb64_session P((Session_Key *, int, struct fb *));
-void fb64_stream_key P((Block, struct stinfo *));
-int fb64_keyid P((int, unsigned char *, int *, struct fb *));
-
- void
-cfb64_init(server)
- int server;
-{
- fb64_init(&fb[CFB]);
- fb[CFB].fb_feed[4] = ENCTYPE_DES_CFB64;
- fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, CFB);
- fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, CFB);
-}
-
- void
-ofb64_init(server)
- int server;
-{
- fb64_init(&fb[OFB]);
- fb[OFB].fb_feed[4] = ENCTYPE_DES_OFB64;
- fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, OFB);
- fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, OFB);
-}
-
- void
-fb64_init(fbp)
- register struct fb *fbp;
-{
- memset((void *)fbp, 0, sizeof(*fbp));
- fbp->state[0] = fbp->state[1] = FAILED;
- fbp->fb_feed[0] = IAC;
- fbp->fb_feed[1] = SB;
- fbp->fb_feed[2] = TELOPT_ENCRYPT;
- fbp->fb_feed[3] = ENCRYPT_IS;
-}
-
-/*
- * Returns:
- * -1: some error. Negotiation is done, encryption not ready.
- * 0: Successful, initial negotiation all done.
- * 1: successful, negotiation not done yet.
- * 2: Not yet. Other things (like getting the key from
- * Kerberos) have to happen before we can continue.
- */
- int
-cfb64_start(dir, server)
- int dir;
- int server;
-{
- return(fb64_start(&fb[CFB], dir, server));
-}
- int
-ofb64_start(dir, server)
- int dir;
- int server;
-{
- return(fb64_start(&fb[OFB], dir, server));
-}
-
- static int
-fb64_start(fbp, dir, server)
- struct fb *fbp;
- int dir;
- int server;
-{
- int x;
- unsigned char *p;
- register int state;
-
- switch (dir) {
- case DIR_DECRYPT:
- /*
- * This is simply a request to have the other side
- * start output (our input). He will negotiate an
- * IV so we need not look for it.
- */
- state = fbp->state[dir-1];
- if (state == FAILED)
- state = IN_PROGRESS;
- break;
-
- case DIR_ENCRYPT:
- state = fbp->state[dir-1];
- if (state == FAILED)
- state = IN_PROGRESS;
- else if ((state & NO_SEND_IV) == 0)
- break;
-
- if (!VALIDKEY(fbp->krbdes_key)) {
- fbp->need_start = 1;
- break;
- }
- state &= ~NO_SEND_IV;
- state |= NO_RECV_IV;
- if (encrypt_debug_mode)
- printf("Creating new feed\r\n");
- /*
- * Create a random feed and send it over.
- */
- des_new_random_key((Block *)fbp->temp_feed);
- des_ecb_encrypt((Block *)fbp->temp_feed, (Block *)fbp->temp_feed,
- fbp->krbdes_sched, 1);
- p = fbp->fb_feed + 3;
- *p++ = ENCRYPT_IS;
- p++;
- *p++ = FB64_IV;
- for (x = 0; x < sizeof(Block); ++x) {
- if ((*p++ = fbp->temp_feed[x]) == IAC)
- *p++ = IAC;
- }
- *p++ = IAC;
- *p++ = SE;
- printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
- net_write(fbp->fb_feed, p - fbp->fb_feed);
- break;
- default:
- return(FAILED);
- }
- return(fbp->state[dir-1] = state);
-}
-
-/*
- * Returns:
- * -1: some error. Negotiation is done, encryption not ready.
- * 0: Successful, initial negotiation all done.
- * 1: successful, negotiation not done yet.
- */
- int
-cfb64_is(data, cnt)
- unsigned char *data;
- int cnt;
-{
- return(fb64_is(data, cnt, &fb[CFB]));
-}
- int
-ofb64_is(data, cnt)
- unsigned char *data;
- int cnt;
-{
- return(fb64_is(data, cnt, &fb[OFB]));
-}
-
- int
-fb64_is(data, cnt, fbp)
- unsigned char *data;
- int cnt;
- struct fb *fbp;
-{
- unsigned char *p;
- register int state = fbp->state[DIR_DECRYPT-1];
-
- if (cnt-- < 1)
- goto failure;
-
- switch (*data++) {
- case FB64_IV:
- if (cnt != sizeof(Block)) {
- if (encrypt_debug_mode)
- printf("CFB64: initial vector failed on size\r\n");
- state = FAILED;
- goto failure;
- }
-
- if (encrypt_debug_mode)
- printf("CFB64: initial vector received\r\n");
-
- if (encrypt_debug_mode)
- printf("Initializing Decrypt stream\r\n");
-
- fb64_stream_iv((void *)data, &fbp->streams[DIR_DECRYPT-1]);
-
- p = fbp->fb_feed + 3;
- *p++ = ENCRYPT_REPLY;
- p++;
- *p++ = FB64_IV_OK;
- *p++ = IAC;
- *p++ = SE;
- printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
- net_write(fbp->fb_feed, p - fbp->fb_feed);
-
- state = fbp->state[DIR_DECRYPT-1] = IN_PROGRESS;
- break;
-
- default:
- if (encrypt_debug_mode) {
- printf("Unknown option type: %d\r\n", *(data-1));
- printd(data, cnt);
- printf("\r\n");
- }
- /* FALL THROUGH */
- failure:
- /*
- * We failed. Send an FB64_IV_BAD option
- * to the other side so it will know that
- * things failed.
- */
- p = fbp->fb_feed + 3;
- *p++ = ENCRYPT_REPLY;
- p++;
- *p++ = FB64_IV_BAD;
- *p++ = IAC;
- *p++ = SE;
- printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
- net_write(fbp->fb_feed, p - fbp->fb_feed);
-
- break;
- }
- return(fbp->state[DIR_DECRYPT-1] = state);
-}
-
-/*
- * Returns:
- * -1: some error. Negotiation is done, encryption not ready.
- * 0: Successful, initial negotiation all done.
- * 1: successful, negotiation not done yet.
- */
- int
-cfb64_reply(data, cnt)
- unsigned char *data;
- int cnt;
-{
- return(fb64_reply(data, cnt, &fb[CFB]));
-}
- int
-ofb64_reply(data, cnt)
- unsigned char *data;
- int cnt;
-{
- return(fb64_reply(data, cnt, &fb[OFB]));
-}
-
-
- int
-fb64_reply(data, cnt, fbp)
- unsigned char *data;
- int cnt;
- struct fb *fbp;
-{
- register int state = fbp->state[DIR_ENCRYPT-1];
-
- if (cnt-- < 1)
- goto failure;
-
- switch (*data++) {
- case FB64_IV_OK:
- fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]);
- if (state == FAILED)
- state = IN_PROGRESS;
- state &= ~NO_RECV_IV;
- encrypt_send_keyid(DIR_ENCRYPT, (unsigned char *)"\0", 1, 1);
- break;
-
- case FB64_IV_BAD:
- memset(fbp->temp_feed, 0, sizeof(Block));
- fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]);
- state = FAILED;
- break;
-
- default:
- if (encrypt_debug_mode) {
- printf("Unknown option type: %d\r\n", data[-1]);
- printd(data, cnt);
- printf("\r\n");
- }
- /* FALL THROUGH */
- failure:
- state = FAILED;
- break;
- }
- return(fbp->state[DIR_ENCRYPT-1] = state);
-}
-
- void
-cfb64_session(key, server)
- Session_Key *key;
- int server;
-{
- fb64_session(key, server, &fb[CFB]);
-}
-
- void
-ofb64_session(key, server)
- Session_Key *key;
- int server;
-{
- fb64_session(key, server, &fb[OFB]);
-}
-
- static void
-fb64_session(key, server, fbp)
- Session_Key *key;
- int server;
- struct fb *fbp;
-{
-
- if (!key || key->type != SK_DES) {
- if (encrypt_debug_mode)
- printf("Can't set krbdes's session key (%d != %d)\r\n",
- key ? key->type : -1, SK_DES);
- return;
- }
- memmove((void *)fbp->krbdes_key, (void *)key->data, sizeof(Block));
-
- fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_ENCRYPT-1]);
- fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]);
-
- if (fbp->once == 0) {
- des_set_random_generator_seed((Block *)fbp->krbdes_key);
- fbp->once = 1;
- }
- des_key_sched((Block *)fbp->krbdes_key, fbp->krbdes_sched);
- /*
- * Now look to see if krbdes_start() was was waiting for
- * the key to show up. If so, go ahead an call it now
- * that we have the key.
- */
- if (fbp->need_start) {
- fbp->need_start = 0;
- fb64_start(fbp, DIR_ENCRYPT, server);
- }
-}
-
-/*
- * We only accept a keyid of 0. If we get a keyid of
- * 0, then mark the state as SUCCESS.
- */
- int
-cfb64_keyid(dir, kp, lenp)
- int dir, *lenp;
- unsigned char *kp;
-{
- return(fb64_keyid(dir, kp, lenp, &fb[CFB]));
-}
-
- int
-ofb64_keyid(dir, kp, lenp)
- int dir, *lenp;
- unsigned char *kp;
-{
- return(fb64_keyid(dir, kp, lenp, &fb[OFB]));
-}
-
- int
-fb64_keyid(dir, kp, lenp, fbp)
- int dir, *lenp;
- unsigned char *kp;
- struct fb *fbp;
-{
- register int state = fbp->state[dir-1];
-
- if (*lenp != 1 || (*kp != '\0')) {
- *lenp = 0;
- return(state);
- }
-
- if (state == FAILED)
- state = IN_PROGRESS;
-
- state &= ~NO_KEYID;
-
- return(fbp->state[dir-1] = state);
-}
-
- void
-fb64_printsub(data, cnt, buf, buflen, type)
- unsigned char *data, *buf, *type;
- int cnt, buflen;
-{
- char lbuf[32];
- register int i;
- char *cp;
-
- buf[buflen-1] = '\0'; /* make sure it's NULL terminated */
- buflen -= 1;
-
- switch(data[2]) {
- case FB64_IV:
- sprintf(lbuf, "%s_IV", type);
- cp = lbuf;
- goto common;
-
- case FB64_IV_OK:
- sprintf(lbuf, "%s_IV_OK", type);
- cp = lbuf;
- goto common;
-
- case FB64_IV_BAD:
- sprintf(lbuf, "%s_IV_BAD", type);
- cp = lbuf;
- goto common;
-
- default:
- sprintf(lbuf, " %d (unknown)", data[2]);
- cp = lbuf;
- common:
- for (; (buflen > 0) && (*buf = *cp++); buf++)
- buflen--;
- for (i = 3; i < cnt; i++) {
- sprintf(lbuf, " %d", data[i]);
- for (cp = lbuf; (buflen > 0) && (*buf = *cp++); buf++)
- buflen--;
- }
- break;
- }
-}
-
- void
-cfb64_printsub(data, cnt, buf, buflen)
- unsigned char *data, *buf;
- int cnt, buflen;
-{
- fb64_printsub(data, cnt, buf, buflen, "CFB64");
-}
-
- void
-ofb64_printsub(data, cnt, buf, buflen)
- unsigned char *data, *buf;
- int cnt, buflen;
-{
- fb64_printsub(data, cnt, buf, buflen, "OFB64");
-}
-
- void
-fb64_stream_iv(seed, stp)
- Block seed;
- register struct stinfo *stp;
-{
-
- memmove((void *)stp->str_iv, (void *)seed, sizeof(Block));
- memmove((void *)stp->str_output, (void *)seed, sizeof(Block));
-
- des_key_sched((Block *)stp->str_ikey, stp->str_sched);
-
- stp->str_index = sizeof(Block);
-}
-
- void
-fb64_stream_key(key, stp)
- Block key;
- register struct stinfo *stp;
-{
- memmove((void *)stp->str_ikey, (void *)key, sizeof(Block));
- des_key_sched((Block *)key, stp->str_sched);
-
- memmove((void *)stp->str_output, (void *)stp->str_iv, sizeof(Block));
-
- stp->str_index = sizeof(Block);
-}
-
-/*
- * DES 64 bit Cipher Feedback
- *
- * key --->+-----+
- * +->| DES |--+
- * | +-----+ |
- * | v
- * INPUT --(--------->(+)+---> DATA
- * | |
- * +-------------+
- *
- *
- * Given:
- * iV: Initial vector, 64 bits (8 bytes) long.
- * Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt).
- * On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output.
- *
- * V0 = DES(iV, key)
- * On = Dn ^ Vn
- * V(n+1) = DES(On, key)
- */
-
- void
-cfb64_encrypt(s, c)
- register unsigned char *s;
- int c;
-{
- register struct stinfo *stp = &fb[CFB].streams[DIR_ENCRYPT-1];
- register int index;
-
- index = stp->str_index;
- while (c-- > 0) {
- if (index == sizeof(Block)) {
- Block b;
- des_ecb_encrypt((Block *)stp->str_output, (Block *)b, stp->str_sched, 1);
- memmove((void *)stp->str_feed, (void *)b, sizeof(Block));
- index = 0;
- }
-
- /* On encryption, we store (feed ^ data) which is cypher */
- *s = stp->str_output[index] = (stp->str_feed[index] ^ *s);
- s++;
- index++;
- }
- stp->str_index = index;
-}
-
- int
-cfb64_decrypt(data)
- int data;
-{
- register struct stinfo *stp = &fb[CFB].streams[DIR_DECRYPT-1];
- int index;
-
- if (data == -1) {
- /*
- * Back up one byte. It is assumed that we will
- * never back up more than one byte. If we do, this
- * may or may not work.
- */
- if (stp->str_index)
- --stp->str_index;
- return(0);
- }
-
- index = stp->str_index++;
- if (index == sizeof(Block)) {
- Block b;
- des_ecb_encrypt((Block *)stp->str_output, (Block *)b, stp->str_sched, 1);
- memmove((void *)stp->str_feed, (void *)b, sizeof(Block));
- stp->str_index = 1; /* Next time will be 1 */
- index = 0; /* But now use 0 */
- }
-
- /* On decryption we store (data) which is cypher. */
- stp->str_output[index] = data;
- return(data ^ stp->str_feed[index]);
-}
-
-/*
- * DES 64 bit Output Feedback
- *
- * key --->+-----+
- * +->| DES |--+
- * | +-----+ |
- * +-----------+
- * v
- * INPUT -------->(+) ----> DATA
- *
- * Given:
- * iV: Initial vector, 64 bits (8 bytes) long.
- * Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt).
- * On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output.
- *
- * V0 = DES(iV, key)
- * V(n+1) = DES(Vn, key)
- * On = Dn ^ Vn
- */
- void
-ofb64_encrypt(s, c)
- register unsigned char *s;
- int c;
-{
- register struct stinfo *stp = &fb[OFB].streams[DIR_ENCRYPT-1];
- register int index;
-
- index = stp->str_index;
- while (c-- > 0) {
- if (index == sizeof(Block)) {
- Block b;
- des_ecb_encrypt((Block *)stp->str_feed, (Block *)b, stp->str_sched, 1);
- memmove((void *)stp->str_feed, (void *)b, sizeof(Block));
- index = 0;
- }
- *s++ ^= stp->str_feed[index];
- index++;
- }
- stp->str_index = index;
-}
-
- int
-ofb64_decrypt(data)
- int data;
-{
- register struct stinfo *stp = &fb[OFB].streams[DIR_DECRYPT-1];
- int index;
-
- if (data == -1) {
- /*
- * Back up one byte. It is assumed that we will
- * never back up more than one byte. If we do, this
- * may or may not work.
- */
- if (stp->str_index)
- --stp->str_index;
- return(0);
- }
-
- index = stp->str_index++;
- if (index == sizeof(Block)) {
- Block b;
- des_ecb_encrypt((Block *)stp->str_feed, (Block *)b, stp->str_sched, 1);
- memmove((void *)stp->str_feed, (void *)b, sizeof(Block));
- stp->str_index = 1; /* Next time will be 1 */
- index = 0; /* But now use 0 */
- }
-
- return(data ^ stp->str_feed[index]);
-}
-# endif /* DES_ENCRYPTION */
-# endif /* AUTHENTICATION */
-#endif /* ENCRYPTION */
diff --git a/eBones/lib/libtelnet/encrypt.c b/eBones/lib/libtelnet/encrypt.c
deleted file mode 100644
index 41dd5cc..0000000
--- a/eBones/lib/libtelnet/encrypt.c
+++ /dev/null
@@ -1,1016 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static const char sccsid[] = "@(#)encrypt.c 8.2 (Berkeley) 5/30/95";
-#endif /* not lint */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#ifdef ENCRYPTION
-
-#define ENCRYPT_NAMES
-#include <stdio.h>
-#include <arpa/telnet.h>
-
-#include "encrypt.h"
-#include "misc.h"
-
-#ifdef __STDC__
-#include <stdlib.h>
-#endif
-#ifdef NO_STRING_H
-#include <strings.h>
-#else
-#include <string.h>
-#endif
-
-/*
- * These functions pointers point to the current routines
- * for encrypting and decrypting data.
- */
-void (*encrypt_output) P((unsigned char *, int));
-int (*decrypt_input) P((int));
-
-int EncryptType(char *type, char *mode);
-int EncryptStart(char *mode);
-int EncryptStop(char *mode);
-int EncryptStartInput(void);
-int EncryptStartOutput(void);
-int EncryptStopInput(void);
-int EncryptStopOutput(void);
-
-int Ambiguous(char **s);
-int isprefix(char *s1, char *s2);
-char **genget(char *name, char **table, int stlen);
-
-int encrypt_debug_mode = 0;
-static int decrypt_mode = 0;
-static int encrypt_mode = 0;
-static int encrypt_verbose = 0;
-static int autoencrypt = 0;
-static int autodecrypt = 0;
-static int havesessionkey = 0;
-static int Server = 0;
-static char *Name = "Noname";
-
-#define typemask(x) ((x) > 0 ? 1 << ((x)-1) : 0)
-
-static long i_support_encrypt = typemask(ENCTYPE_DES_CFB64)
- | typemask(ENCTYPE_DES_OFB64);
-static long i_support_decrypt = typemask(ENCTYPE_DES_CFB64)
- | typemask(ENCTYPE_DES_OFB64);
-static long i_wont_support_encrypt = 0;
-static long i_wont_support_decrypt = 0;
-#define I_SUPPORT_ENCRYPT (i_support_encrypt & ~i_wont_support_encrypt)
-#define I_SUPPORT_DECRYPT (i_support_decrypt & ~i_wont_support_decrypt)
-
-static long remote_supports_encrypt = 0;
-static long remote_supports_decrypt = 0;
-
-static Encryptions encryptions[] = {
-#ifdef DES_ENCRYPTION
- { "DES_CFB64", ENCTYPE_DES_CFB64,
- cfb64_encrypt,
- cfb64_decrypt,
- cfb64_init,
- cfb64_start,
- cfb64_is,
- cfb64_reply,
- cfb64_session,
- cfb64_keyid,
- cfb64_printsub },
- { "DES_OFB64", ENCTYPE_DES_OFB64,
- ofb64_encrypt,
- ofb64_decrypt,
- ofb64_init,
- ofb64_start,
- ofb64_is,
- ofb64_reply,
- ofb64_session,
- ofb64_keyid,
- ofb64_printsub },
-#endif /* DES_ENCRYPTION */
- { 0, },
-};
-
-static unsigned char str_send[64] = { IAC, SB, TELOPT_ENCRYPT,
- ENCRYPT_SUPPORT };
-static unsigned char str_suplen = 0;
-static unsigned char str_start[72] = { IAC, SB, TELOPT_ENCRYPT };
-static unsigned char str_end[] = { IAC, SB, TELOPT_ENCRYPT, 0, IAC, SE };
-
- Encryptions *
-findencryption(type)
- int type;
-{
- Encryptions *ep = encryptions;
-
- if (!(I_SUPPORT_ENCRYPT & remote_supports_decrypt & typemask(type)))
- return(0);
- while (ep->type && ep->type != type)
- ++ep;
- return(ep->type ? ep : 0);
-}
-
- Encryptions *
-finddecryption(type)
- int type;
-{
- Encryptions *ep = encryptions;
-
- if (!(I_SUPPORT_DECRYPT & remote_supports_encrypt & typemask(type)))
- return(0);
- while (ep->type && ep->type != type)
- ++ep;
- return(ep->type ? ep : 0);
-}
-
-#define MAXKEYLEN 64
-
-static struct key_info {
- unsigned char keyid[MAXKEYLEN];
- int keylen;
- int dir;
- int *modep;
- Encryptions *(*getcrypt)();
-} ki[2] = {
- { { 0 }, 0, DIR_ENCRYPT, &encrypt_mode, findencryption },
- { { 0 }, 0, DIR_DECRYPT, &decrypt_mode, finddecryption },
-};
-
-static void encrypt_keyid(struct key_info *kp, unsigned char *keyid, int len);
-
- void
-encrypt_init(name, server)
- char *name;
- int server;
-{
- Encryptions *ep = encryptions;
-
- Name = name;
- Server = server;
- i_support_encrypt = i_support_decrypt = 0;
- remote_supports_encrypt = remote_supports_decrypt = 0;
- encrypt_mode = 0;
- decrypt_mode = 0;
- encrypt_output = 0;
- decrypt_input = 0;
-#ifdef notdef
- encrypt_verbose = !server;
-#endif
-
- str_suplen = 4;
-
- while (ep->type) {
- if (encrypt_debug_mode)
- printf(">>>%s: I will support %s\r\n",
- Name, ENCTYPE_NAME(ep->type));
- i_support_encrypt |= typemask(ep->type);
- i_support_decrypt |= typemask(ep->type);
- if ((i_wont_support_decrypt & typemask(ep->type)) == 0)
- if ((str_send[str_suplen++] = ep->type) == IAC)
- str_send[str_suplen++] = IAC;
- if (ep->init)
- (*ep->init)(Server);
- ++ep;
- }
- str_send[str_suplen++] = IAC;
- str_send[str_suplen++] = SE;
-}
-
- void
-encrypt_list_types()
-{
- Encryptions *ep = encryptions;
-
- printf("Valid encryption types:\n");
- while (ep->type) {
- printf("\t%s (%d)\r\n", ENCTYPE_NAME(ep->type), ep->type);
- ++ep;
- }
-}
-
- int
-EncryptEnable(type, mode)
- char *type, *mode;
-{
- if (isprefix(type, "help") || isprefix(type, "?")) {
- printf("Usage: encrypt enable <type> [input|output]\n");
- encrypt_list_types();
- return(0);
- }
- if (EncryptType(type, mode))
- return(EncryptStart(mode));
- return(0);
-}
-
- int
-EncryptDisable(type, mode)
- char *type, *mode;
-{
- register Encryptions *ep;
- int ret = 0;
-
- if (isprefix(type, "help") || isprefix(type, "?")) {
- printf("Usage: encrypt disable <type> [input|output]\n");
- encrypt_list_types();
- } else if ((ep = (Encryptions *)genget(type, (char **)encryptions,
- sizeof(Encryptions))) == 0) {
- printf("%s: invalid encryption type\n", type);
- } else if (Ambiguous((char **)ep)) {
- printf("Ambiguous type '%s'\n", type);
- } else {
- if ((mode == 0) || (isprefix(mode, "input") ? 1 : 0)) {
- if (decrypt_mode == ep->type)
- EncryptStopInput();
- i_wont_support_decrypt |= typemask(ep->type);
- ret = 1;
- }
- if ((mode == 0) || (isprefix(mode, "output"))) {
- if (encrypt_mode == ep->type)
- EncryptStopOutput();
- i_wont_support_encrypt |= typemask(ep->type);
- ret = 1;
- }
- if (ret == 0)
- printf("%s: invalid encryption mode\n", mode);
- }
- return(ret);
-}
-
- int
-EncryptType(type, mode)
- char *type;
- char *mode;
-{
- register Encryptions *ep;
- int ret = 0;
-
- if (isprefix(type, "help") || isprefix(type, "?")) {
- printf("Usage: encrypt type <type> [input|output]\n");
- encrypt_list_types();
- } else if ((ep = (Encryptions *)genget(type, (char **)encryptions,
- sizeof(Encryptions))) == 0) {
- printf("%s: invalid encryption type\n", type);
- } else if (Ambiguous((char **)ep)) {
- printf("Ambiguous type '%s'\n", type);
- } else {
- if ((mode == 0) || isprefix(mode, "input")) {
- decrypt_mode = ep->type;
- i_wont_support_decrypt &= ~typemask(ep->type);
- ret = 1;
- }
- if ((mode == 0) || isprefix(mode, "output")) {
- encrypt_mode = ep->type;
- i_wont_support_encrypt &= ~typemask(ep->type);
- ret = 1;
- }
- if (ret == 0)
- printf("%s: invalid encryption mode\n", mode);
- }
- return(ret);
-}
-
- int
-EncryptStart(mode)
- char *mode;
-{
- register int ret = 0;
- if (mode) {
- if (isprefix(mode, "input"))
- return(EncryptStartInput());
- if (isprefix(mode, "output"))
- return(EncryptStartOutput());
- if (isprefix(mode, "help") || isprefix(mode, "?")) {
- printf("Usage: encrypt start [input|output]\n");
- return(0);
- }
- printf("%s: invalid encryption mode 'encrypt start ?' for help\n", mode);
- return(0);
- }
- ret += EncryptStartInput();
- ret += EncryptStartOutput();
- return(ret);
-}
-
- int
-EncryptStartInput()
-{
- if (decrypt_mode) {
- encrypt_send_request_start();
- return(1);
- }
- printf("No previous decryption mode, decryption not enabled\r\n");
- return(0);
-}
-
- int
-EncryptStartOutput()
-{
- if (encrypt_mode) {
- encrypt_start_output(encrypt_mode);
- return(1);
- }
- printf("No previous encryption mode, encryption not enabled\r\n");
- return(0);
-}
-
- int
-EncryptStop(mode)
- char *mode;
-{
- int ret = 0;
- if (mode) {
- if (isprefix(mode, "input"))
- return(EncryptStopInput());
- if (isprefix(mode, "output"))
- return(EncryptStopOutput());
- if (isprefix(mode, "help") || isprefix(mode, "?")) {
- printf("Usage: encrypt stop [input|output]\n");
- return(0);
- }
- printf("%s: invalid encryption mode 'encrypt stop ?' for help\n", mode);
- return(0);
- }
- ret += EncryptStopInput();
- ret += EncryptStopOutput();
- return(ret);
-}
-
- int
-EncryptStopInput()
-{
- encrypt_send_request_end();
- return(1);
-}
-
- int
-EncryptStopOutput()
-{
- encrypt_send_end();
- return(1);
-}
-
- void
-encrypt_display()
-{
- if (encrypt_output)
- printf("Currently encrypting output with %s\r\n",
- ENCTYPE_NAME(encrypt_mode));
- if (decrypt_input)
- printf("Currently decrypting input with %s\r\n",
- ENCTYPE_NAME(decrypt_mode));
-}
-
- int
-EncryptStatus()
-{
- if (encrypt_output)
- printf("Currently encrypting output with %s\r\n",
- ENCTYPE_NAME(encrypt_mode));
- else if (encrypt_mode) {
- printf("Currently output is clear text.\r\n");
- printf("Last encryption mode was %s\r\n",
- ENCTYPE_NAME(encrypt_mode));
- }
- if (decrypt_input) {
- printf("Currently decrypting input with %s\r\n",
- ENCTYPE_NAME(decrypt_mode));
- } else if (decrypt_mode) {
- printf("Currently input is clear text.\r\n");
- printf("Last decryption mode was %s\r\n",
- ENCTYPE_NAME(decrypt_mode));
- }
- return 1;
-}
-
- void
-encrypt_send_support()
-{
- if (str_suplen) {
- /*
- * If the user has requested that decryption start
- * immediatly, then send a "REQUEST START" before
- * we negotiate the type.
- */
- if (!Server && autodecrypt)
- encrypt_send_request_start();
- net_write(str_send, str_suplen);
- printsub('>', &str_send[2], str_suplen - 2);
- str_suplen = 0;
- }
-}
-
- int
-EncryptDebug(on)
- int on;
-{
- if (on < 0)
- encrypt_debug_mode ^= 1;
- else
- encrypt_debug_mode = on;
- printf("Encryption debugging %s\r\n",
- encrypt_debug_mode ? "enabled" : "disabled");
- return(1);
-}
-
- int
-EncryptVerbose(on)
- int on;
-{
- if (on < 0)
- encrypt_verbose ^= 1;
- else
- encrypt_verbose = on;
- printf("Encryption %s verbose\r\n",
- encrypt_verbose ? "is" : "is not");
- return(1);
-}
-
- int
-EncryptAutoEnc(on)
- int on;
-{
- encrypt_auto(on);
- printf("Automatic encryption of output is %s\r\n",
- autoencrypt ? "enabled" : "disabled");
- return(1);
-}
-
- int
-EncryptAutoDec(on)
- int on;
-{
- decrypt_auto(on);
- printf("Automatic decryption of input is %s\r\n",
- autodecrypt ? "enabled" : "disabled");
- return(1);
-}
-
-/*
- * Called when ENCRYPT SUPPORT is received.
- */
- void
-encrypt_support(typelist, cnt)
- unsigned char *typelist;
- int cnt;
-{
- register int type, use_type = 0;
- Encryptions *ep;
-
- /*
- * Forget anything the other side has previously told us.
- */
- remote_supports_decrypt = 0;
-
- while (cnt-- > 0) {
- type = *typelist++;
- if (encrypt_debug_mode)
- printf(">>>%s: He is supporting %s (%d)\r\n",
- Name,
- ENCTYPE_NAME(type), type);
- if ((type < ENCTYPE_CNT) &&
- (I_SUPPORT_ENCRYPT & typemask(type))) {
- remote_supports_decrypt |= typemask(type);
- if (use_type == 0)
- use_type = type;
- }
- }
- if (use_type) {
- ep = findencryption(use_type);
- if (!ep)
- return;
- type = ep->start ? (*ep->start)(DIR_ENCRYPT, Server) : 0;
- if (encrypt_debug_mode)
- printf(">>>%s: (*ep->start)() returned %d\r\n",
- Name, type);
- if (type < 0)
- return;
- encrypt_mode = use_type;
- if (type == 0)
- encrypt_start_output(use_type);
- }
-}
-
- void
-encrypt_is(data, cnt)
- unsigned char *data;
- int cnt;
-{
- Encryptions *ep;
- register int type, ret;
-
- if (--cnt < 0)
- return;
- type = *data++;
- if (type < ENCTYPE_CNT)
- remote_supports_encrypt |= typemask(type);
- if (!(ep = finddecryption(type))) {
- if (encrypt_debug_mode)
- printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n",
- Name,
- ENCTYPE_NAME_OK(type)
- ? ENCTYPE_NAME(type) : "(unknown)",
- type);
- return;
- }
- if (!ep->is) {
- if (encrypt_debug_mode)
- printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n",
- Name,
- ENCTYPE_NAME_OK(type)
- ? ENCTYPE_NAME(type) : "(unknown)",
- type);
- ret = 0;
- } else {
- ret = (*ep->is)(data, cnt);
- if (encrypt_debug_mode)
- printf("(*ep->is)(%p, %d) returned %s(%d)\n", data, cnt,
- (ret < 0) ? "FAIL " :
- (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret);
- }
- if (ret < 0) {
- autodecrypt = 0;
- } else {
- decrypt_mode = type;
- if (ret == 0 && autodecrypt)
- encrypt_send_request_start();
- }
-}
-
- void
-encrypt_reply(data, cnt)
- unsigned char *data;
- int cnt;
-{
- Encryptions *ep;
- register int ret, type;
-
- if (--cnt < 0)
- return;
- type = *data++;
- if (!(ep = findencryption(type))) {
- if (encrypt_debug_mode)
- printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n",
- Name,
- ENCTYPE_NAME_OK(type)
- ? ENCTYPE_NAME(type) : "(unknown)",
- type);
- return;
- }
- if (!ep->reply) {
- if (encrypt_debug_mode)
- printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n",
- Name,
- ENCTYPE_NAME_OK(type)
- ? ENCTYPE_NAME(type) : "(unknown)",
- type);
- ret = 0;
- } else {
- ret = (*ep->reply)(data, cnt);
- if (encrypt_debug_mode)
- printf("(*ep->reply)(%p, %d) returned %s(%d)\n",
- data, cnt,
- (ret < 0) ? "FAIL " :
- (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret);
- }
- if (encrypt_debug_mode)
- printf(">>>%s: encrypt_reply returned %d\n", Name, ret);
- if (ret < 0) {
- autoencrypt = 0;
- } else {
- encrypt_mode = type;
- if (ret == 0 && autoencrypt)
- encrypt_start_output(type);
- }
-}
-
-/*
- * Called when a ENCRYPT START command is received.
- */
- void
-encrypt_start(data, cnt)
- unsigned char *data;
- int cnt;
-{
- Encryptions *ep;
-
- if (!decrypt_mode) {
- /*
- * Something is wrong. We should not get a START
- * command without having already picked our
- * decryption scheme. Send a REQUEST-END to
- * attempt to clear the channel...
- */
- printf("%s: Warning, Cannot decrypt input stream!!!\r\n", Name);
- encrypt_send_request_end();
- return;
- }
-
- if ((ep = finddecryption(decrypt_mode))) {
- decrypt_input = ep->input;
- if (encrypt_verbose)
- printf("[ Input is now decrypted with type %s ]\r\n",
- ENCTYPE_NAME(decrypt_mode));
- if (encrypt_debug_mode)
- printf(">>>%s: Start to decrypt input with type %s\r\n",
- Name, ENCTYPE_NAME(decrypt_mode));
- } else {
- printf("%s: Warning, Cannot decrypt type %s (%d)!!!\r\n",
- Name,
- ENCTYPE_NAME_OK(decrypt_mode)
- ? ENCTYPE_NAME(decrypt_mode)
- : "(unknown)",
- decrypt_mode);
- encrypt_send_request_end();
- }
-}
-
- void
-encrypt_session_key(key, server)
- Session_Key *key;
- int server;
-{
- Encryptions *ep = encryptions;
-
- havesessionkey = 1;
-
- while (ep->type) {
- if (ep->session)
- (*ep->session)(key, server);
-#ifdef notdef
- if (!encrypt_output && autoencrypt && !server)
- encrypt_start_output(ep->type);
- if (!decrypt_input && autodecrypt && !server)
- encrypt_send_request_start();
-#endif
- ++ep;
- }
-}
-
-/*
- * Called when ENCRYPT END is received.
- */
- void
-encrypt_end()
-{
- decrypt_input = 0;
- if (encrypt_debug_mode)
- printf(">>>%s: Input is back to clear text\r\n", Name);
- if (encrypt_verbose)
- printf("[ Input is now clear text ]\r\n");
-}
-
-/*
- * Called when ENCRYPT REQUEST-END is received.
- */
- void
-encrypt_request_end()
-{
- encrypt_send_end();
-}
-
-/*
- * Called when ENCRYPT REQUEST-START is received. If we receive
- * this before a type is picked, then that indicates that the
- * other side wants us to start encrypting data as soon as we
- * can.
- */
- void
-encrypt_request_start(data, cnt)
- unsigned char *data;
- int cnt;
-{
- if (encrypt_mode == 0) {
- if (Server)
- autoencrypt = 1;
- return;
- }
- encrypt_start_output(encrypt_mode);
-}
-
-static unsigned char str_keyid[(MAXKEYLEN*2)+5] = { IAC, SB, TELOPT_ENCRYPT };
-
- void
-encrypt_enc_keyid(keyid, len)
- unsigned char *keyid;
- int len;
-{
- encrypt_keyid(&ki[1], keyid, len);
-}
-
- void
-encrypt_dec_keyid(keyid, len)
- unsigned char *keyid;
- int len;
-{
- encrypt_keyid(&ki[0], keyid, len);
-}
-
- void
-encrypt_keyid(kp, keyid, len)
- struct key_info *kp;
- unsigned char *keyid;
- int len;
-{
- Encryptions *ep;
- int dir = kp->dir;
- register int ret = 0;
-
- if (!(ep = (*kp->getcrypt)(*kp->modep))) {
- if (len == 0)
- return;
- kp->keylen = 0;
- } else if (len == 0) {
- /*
- * Empty option, indicates a failure.
- */
- if (kp->keylen == 0)
- return;
- kp->keylen = 0;
- if (ep->keyid)
- (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen);
-
- } else if ((len != kp->keylen) ||
- (memcmp(keyid, kp->keyid, len) != 0)) {
- /*
- * Length or contents are different
- */
- kp->keylen = len;
- memmove(kp->keyid, keyid, len);
- if (ep->keyid)
- (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen);
- } else {
- if (ep->keyid)
- ret = (*ep->keyid)(dir, kp->keyid, &kp->keylen);
- if ((ret == 0) && (dir == DIR_ENCRYPT) && autoencrypt)
- encrypt_start_output(*kp->modep);
- return;
- }
-
- encrypt_send_keyid(dir, kp->keyid, kp->keylen, 0);
-}
-
- void
-encrypt_send_keyid(dir, keyid, keylen, saveit)
- int dir;
- unsigned char *keyid;
- int keylen;
- int saveit;
-{
- unsigned char *strp;
-
- str_keyid[3] = (dir == DIR_ENCRYPT)
- ? ENCRYPT_ENC_KEYID : ENCRYPT_DEC_KEYID;
- if (saveit) {
- struct key_info *kp = &ki[(dir == DIR_ENCRYPT) ? 0 : 1];
- memmove(kp->keyid, keyid, keylen);
- kp->keylen = keylen;
- }
-
- for (strp = &str_keyid[4]; keylen > 0; --keylen) {
- if ((*strp++ = *keyid++) == IAC)
- *strp++ = IAC;
- }
- *strp++ = IAC;
- *strp++ = SE;
- net_write(str_keyid, strp - str_keyid);
- printsub('>', &str_keyid[2], strp - str_keyid - 2);
-}
-
- void
-encrypt_auto(on)
- int on;
-{
- if (on < 0)
- autoencrypt ^= 1;
- else
- autoencrypt = on ? 1 : 0;
-}
-
- void
-decrypt_auto(on)
- int on;
-{
- if (on < 0)
- autodecrypt ^= 1;
- else
- autodecrypt = on ? 1 : 0;
-}
-
- void
-encrypt_start_output(type)
- int type;
-{
- Encryptions *ep;
- register unsigned char *p;
- register int i;
-
- if (!(ep = findencryption(type))) {
- if (encrypt_debug_mode) {
- printf(">>>%s: Can't encrypt with type %s (%d)\r\n",
- Name,
- ENCTYPE_NAME_OK(type)
- ? ENCTYPE_NAME(type) : "(unknown)",
- type);
- }
- return;
- }
- if (ep->start) {
- i = (*ep->start)(DIR_ENCRYPT, Server);
- if (encrypt_debug_mode) {
- printf(">>>%s: Encrypt start: %s (%d) %s\r\n",
- Name,
- (i < 0) ? "failed" :
- "initial negotiation in progress",
- i, ENCTYPE_NAME(type));
- }
- if (i)
- return;
- }
- p = str_start + 3;
- *p++ = ENCRYPT_START;
- for (i = 0; i < ki[0].keylen; ++i) {
- if ((*p++ = ki[0].keyid[i]) == IAC)
- *p++ = IAC;
- }
- *p++ = IAC;
- *p++ = SE;
- net_write(str_start, p - str_start);
- net_encrypt();
- printsub('>', &str_start[2], p - &str_start[2]);
- /*
- * If we are already encrypting in some mode, then
- * encrypt the ring (which includes our request) in
- * the old mode, mark it all as "clear text" and then
- * switch to the new mode.
- */
- encrypt_output = ep->output;
- encrypt_mode = type;
- if (encrypt_debug_mode)
- printf(">>>%s: Started to encrypt output with type %s\r\n",
- Name, ENCTYPE_NAME(type));
- if (encrypt_verbose)
- printf("[ Output is now encrypted with type %s ]\r\n",
- ENCTYPE_NAME(type));
-}
-
- void
-encrypt_send_end()
-{
- if (!encrypt_output)
- return;
-
- str_end[3] = ENCRYPT_END;
- net_write(str_end, sizeof(str_end));
- net_encrypt();
- printsub('>', &str_end[2], sizeof(str_end) - 2);
- /*
- * Encrypt the output buffer now because it will not be done by
- * netflush...
- */
- encrypt_output = 0;
- if (encrypt_debug_mode)
- printf(">>>%s: Output is back to clear text\r\n", Name);
- if (encrypt_verbose)
- printf("[ Output is now clear text ]\r\n");
-}
-
- void
-encrypt_send_request_start()
-{
- register unsigned char *p;
- register int i;
-
- p = &str_start[3];
- *p++ = ENCRYPT_REQSTART;
- for (i = 0; i < ki[1].keylen; ++i) {
- if ((*p++ = ki[1].keyid[i]) == IAC)
- *p++ = IAC;
- }
- *p++ = IAC;
- *p++ = SE;
- net_write(str_start, p - str_start);
- printsub('>', &str_start[2], p - &str_start[2]);
- if (encrypt_debug_mode)
- printf(">>>%s: Request input to be encrypted\r\n", Name);
-}
-
- void
-encrypt_send_request_end()
-{
- str_end[3] = ENCRYPT_REQEND;
- net_write(str_end, sizeof(str_end));
- printsub('>', &str_end[2], sizeof(str_end) - 2);
-
- if (encrypt_debug_mode)
- printf(">>>%s: Request input to be clear text\r\n", Name);
-}
-
- void
-encrypt_wait()
-{
- if (encrypt_debug_mode)
- printf(">>>%s: in encrypt_wait\r\n", Name);
- if (!havesessionkey || !(I_SUPPORT_ENCRYPT & remote_supports_decrypt))
- return;
- while (autoencrypt && !encrypt_output)
- if (telnet_spin())
- return;
-}
-
- void
-encrypt_debug(mode)
- int mode;
-{
- encrypt_debug_mode = mode;
-}
-
- void
-encrypt_gen_printsub(data, cnt, buf, buflen)
- unsigned char *data, *buf;
- int cnt, buflen;
-{
- char tbuf[16], *cp;
-
- cnt -= 2;
- data += 2;
- buf[buflen-1] = '\0';
- buf[buflen-2] = '*';
- buflen -= 2;;
- for (; cnt > 0; cnt--, data++) {
- sprintf(tbuf, " %d", *data);
- for (cp = tbuf; *cp && buflen > 0; --buflen)
- *buf++ = *cp++;
- if (buflen <= 0)
- return;
- }
- *buf = '\0';
-}
-
- void
-encrypt_printsub(data, cnt, buf, buflen)
- unsigned char *data, *buf;
- int cnt, buflen;
-{
- Encryptions *ep;
- register int type = data[1];
-
- for (ep = encryptions; ep->type && ep->type != type; ep++)
- ;
-
- if (ep->printsub)
- (*ep->printsub)(data, cnt, buf, buflen);
- else
- encrypt_gen_printsub(data, cnt, buf, buflen);
-}
-#endif /* ENCRYPTION */
diff --git a/eBones/lib/libtelnet/encrypt.h b/eBones/lib/libtelnet/encrypt.h
deleted file mode 100644
index 1c942dc..0000000
--- a/eBones/lib/libtelnet/encrypt.h
+++ /dev/null
@@ -1,108 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * @(#)encrypt.h 8.1 (Berkeley) 6/4/93
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#ifdef ENCRYPTION
-# ifndef __ENCRYPTION__
-# define __ENCRYPTION__
-
-#define DIR_DECRYPT 1
-#define DIR_ENCRYPT 2
-
-typedef unsigned char Block[8];
-typedef unsigned char *BlockT;
-typedef struct { Block __; } Schedule[16];
-
-#define VALIDKEY(key) ( key[0] | key[1] | key[2] | key[3] | \
- key[4] | key[5] | key[6] | key[7])
-
-#define SAMEKEY(k1, k2) (!bcmp((void *)k1, (void *)k2, sizeof(Block)))
-
-typedef struct {
- short type;
- int length;
- unsigned char *data;
-} Session_Key;
-
-# if !defined(P)
-# ifdef __STDC__
-# define P(x) x
-# else
-# define P(x) ()
-# endif
-# endif
-
-typedef struct {
- char *name;
- int type;
- void (*output) P((unsigned char *, int));
- int (*input) P((int));
- void (*init) P((int));
- int (*start) P((int, int));
- int (*is) P((unsigned char *, int));
- int (*reply) P((unsigned char *, int));
- void (*session) P((Session_Key *, int));
- int (*keyid) P((int, unsigned char *, int *));
- void (*printsub) P((unsigned char *, int, unsigned char *, int));
-} Encryptions;
-
-#define SK_DES 1 /* Matched Kerberos v5 KEYTYPE_DES */
-
-#include "enc-proto.h"
-
-extern int encrypt_debug_mode;
-extern int (*decrypt_input) P((int));
-extern void (*encrypt_output) P((unsigned char *, int));
-# endif /* __ENCRYPTION__ */
-#endif /* ENCRYPTION */
diff --git a/eBones/lib/libtelnet/genget.c b/eBones/lib/libtelnet/genget.c
deleted file mode 100644
index de3048e..0000000
--- a/eBones/lib/libtelnet/genget.c
+++ /dev/null
@@ -1,104 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static const char sccsid[] = "@(#)genget.c 8.2 (Berkeley) 5/30/95";
-#endif /* not lint */
-
-
-#include <ctype.h>
-
-#define LOWER(x) (isupper(x) ? tolower(x) : (x))
-/*
- * The prefix function returns 0 if *s1 is not a prefix
- * of *s2. If *s1 exactly matches *s2, the negative of
- * the length is returned. If *s1 is a prefix of *s2,
- * the length of *s1 is returned.
- */
- int
-isprefix(s1, s2)
- register char *s1, *s2;
-{
- char *os1;
- register char c1, c2;
-
- if (*s1 == '\0')
- return(-1);
- os1 = s1;
- c1 = *s1;
- c2 = *s2;
- while (LOWER(c1) == LOWER(c2)) {
- if (c1 == '\0')
- break;
- c1 = *++s1;
- c2 = *++s2;
- }
- return(*s1 ? 0 : (*s2 ? (s1 - os1) : (os1 - s1)));
-}
-
-static char *ambiguous; /* special return value for command routines */
-
- char **
-genget(name, table, stlen)
- char *name; /* name to match */
- char **table; /* name entry in table */
- int stlen;
-{
- register char **c, **found;
- register int n;
-
- if (name == 0)
- return 0;
-
- found = 0;
- for (c = table; *c != 0; c = (char **)((char *)c + stlen)) {
- if ((n = isprefix(name, *c)) == 0)
- continue;
- if (n < 0) /* exact match */
- return(c);
- if (found)
- return(&ambiguous);
- found = c;
- }
- return(found);
-}
-
-/*
- * Function call version of Ambiguous()
- */
- int
-Ambiguous(s)
- char **s;
-{
- return(s == &ambiguous);
-}
diff --git a/eBones/lib/libtelnet/getent.c b/eBones/lib/libtelnet/getent.c
deleted file mode 100644
index 05626f1..0000000
--- a/eBones/lib/libtelnet/getent.c
+++ /dev/null
@@ -1,68 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)getent.c 8.2 (Berkeley) 12/15/93";
-#endif /* not lint */
-
-static char *area;
-
-/*ARGSUSED*/
-getent(cp, name)
-char *cp, *name;
-{
-#ifdef HAS_CGETENT
- char *dba[2];
-
- dba[0] = "/etc/gettytab";
- dba[1] = 0;
- return((cgetent(&area, dba, name) == 0) ? 1 : 0);
-#else
- return(0);
-#endif
-}
-
-#ifndef SOLARIS
-/*ARGSUSED*/
-char *
-getstr(id, cpp)
-char *id, **cpp;
-{
-# ifdef HAS_CGETENT
- char *answer;
- return((cgetstr(area, id, &answer) > 0) ? answer : 0);
-# else
- return(0);
-# endif
-}
-#endif
diff --git a/eBones/lib/libtelnet/kerberos.c b/eBones/lib/libtelnet/kerberos.c
deleted file mode 100644
index d876597..0000000
--- a/eBones/lib/libtelnet/kerberos.c
+++ /dev/null
@@ -1,550 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static const char sccsid[] = "@(#)kerberos.c 8.3 (Berkeley) 5/30/95";
-#endif /* not lint */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#ifdef KRB4
-#include <sys/types.h>
-#include <arpa/telnet.h>
-#include <stdio.h>
-#include <des.h> /* BSD wont include this in krb.h, so we do it here */
-#include <krb.h>
-#ifdef __STDC__
-#include <stdlib.h>
-#endif
-#ifdef NO_STRING_H
-#include <strings.h>
-#else
-#include <string.h>
-#endif
-
-#include "encrypt.h"
-#include "auth.h"
-#include "misc.h"
-
-int kerberos4_cksum P((unsigned char *, int));
-int kuserok P((AUTH_DAT *, char *));
-
-extern auth_debug_mode;
-
-static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
- AUTHTYPE_KERBEROS_V4, };
-
-#define KRB_AUTH 0 /* Authentication data follows */
-#define KRB_REJECT 1 /* Rejected (reason might follow) */
-#define KRB_ACCEPT 2 /* Accepted */
-#define KRB_CHALLENGE 3 /* Challenge for mutual auth. */
-#define KRB_RESPONSE 4 /* Response for mutual auth. */
-
-#define KRB_SERVICE_NAME "rcmd"
-
-static KTEXT_ST auth;
-static char name[ANAME_SZ];
-static AUTH_DAT adat = { 0 };
-#ifdef ENCRYPTION
-static Block session_key = { 0 };
-static des_key_schedule sched;
-static Block challenge = { 0 };
-#endif /* ENCRYPTION */
-
- static int
-Data(ap, type, d, c)
- Authenticator *ap;
- int type;
- void *d;
- int c;
-{
- unsigned char *p = str_data + 4;
- unsigned char *cd = (unsigned char *)d;
-
- if (c == -1)
- c = strlen((char *)cd);
-
- if (auth_debug_mode) {
- printf("%s:%d: [%d] (%d)",
- str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
- str_data[3],
- type, c);
- printd(d, c);
- printf("\r\n");
- }
- *p++ = ap->type;
- *p++ = ap->way;
- *p++ = type;
- while (c-- > 0) {
- if ((*p++ = *cd++) == IAC)
- *p++ = IAC;
- }
- *p++ = IAC;
- *p++ = SE;
- if (str_data[3] == TELQUAL_IS)
- printsub('>', &str_data[2], p - (&str_data[2]));
- return(net_write(str_data, p - str_data));
-}
-
- int
-kerberos4_init(ap, server)
- Authenticator *ap;
- int server;
-{
- FILE *fp;
-
- if (server) {
- str_data[3] = TELQUAL_REPLY;
- if ((fp = fopen(KEYFILE, "r")) == NULL)
- return(0);
- fclose(fp);
- } else {
- str_data[3] = TELQUAL_IS;
- }
- return(1);
-}
-
-char dst_realm_buf[REALM_SZ], *dest_realm = NULL;
-int dst_realm_sz = REALM_SZ;
-
- int
-kerberos4_send(ap)
- Authenticator *ap;
-{
- KTEXT_ST auth;
- char instance[INST_SZ];
- char *realm;
- char *krb_realmofhost();
- char *krb_get_phost();
- CREDENTIALS cred;
- int r;
-
- printf("[ Trying KERBEROS4 ... ]\n");
- if (!UserNameRequested) {
- if (auth_debug_mode) {
- printf("Kerberos V4: no user name supplied\r\n");
- }
- return(0);
- }
-
- memset(instance, 0, sizeof(instance));
-
- if ((realm = krb_get_phost(RemoteHostName)))
- strncpy(instance, realm, sizeof(instance));
-
- instance[sizeof(instance)-1] = '\0';
-
- realm = dest_realm ? dest_realm : krb_realmofhost(RemoteHostName);
-
- if (!realm) {
- printf("Kerberos V4: no realm for %s\r\n", RemoteHostName);
- return(0);
- }
- if ((r = krb_mk_req(&auth, KRB_SERVICE_NAME, instance, realm, 0L))) {
- printf("mk_req failed: %s\r\n", krb_err_txt[r]);
- return(0);
- }
- if ((r = krb_get_cred(KRB_SERVICE_NAME, instance, realm, &cred))) {
- printf("get_cred failed: %s\r\n", krb_err_txt[r]);
- return(0);
- }
- if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
- if (auth_debug_mode)
- printf("Not enough room for user name\r\n");
- return(0);
- }
- if (auth_debug_mode)
- printf("Sent %d bytes of authentication data\r\n", auth.length);
- if (!Data(ap, KRB_AUTH, (void *)auth.dat, auth.length)) {
- if (auth_debug_mode)
- printf("Not enough room for authentication data\r\n");
- return(0);
- }
-#ifdef ENCRYPTION
- /*
- * If we are doing mutual authentication, get set up to send
- * the challenge, and verify it when the response comes back.
- */
- if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
- register int i;
-
- des_key_sched(&cred.session, sched);
- des_init_random_number_generator(&cred.session);
- des_new_random_key(&session_key);
- des_ecb_encrypt(&session_key, &session_key, sched, 0);
- des_ecb_encrypt(&session_key, &challenge, sched, 0);
- /*
- * Increment the challenge by 1, and encrypt it for
- * later comparison.
- */
- for (i = 7; i >= 0; --i) {
- register int x;
- x = (unsigned int)challenge[i] + 1;
- challenge[i] = x; /* ignore overflow */
- if (x < 256) /* if no overflow, all done */
- break;
- }
- des_ecb_encrypt(&challenge, &challenge, sched, 1);
- }
-#endif /* ENCRYPTION */
-
- if (auth_debug_mode) {
- printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length));
- printd(auth.dat, auth.length);
- printf("\r\n");
- printf("Sent Kerberos V4 credentials to server\r\n");
- }
- return(1);
-}
-
- void
-kerberos4_is(ap, data, cnt)
- Authenticator *ap;
- unsigned char *data;
- int cnt;
-{
-#ifdef ENCRYPTION
- Session_Key skey;
- Block datablock;
-#endif /* ENCRYPTION */
- char realm[REALM_SZ];
- char instance[INST_SZ];
- int r;
-
- if (cnt-- < 1)
- return;
- switch (*data++) {
- case KRB_AUTH:
- if (krb_get_lrealm(realm, 1) != KSUCCESS) {
- Data(ap, KRB_REJECT, (void *)"No local V4 Realm.", -1);
- auth_finished(ap, AUTH_REJECT);
- if (auth_debug_mode)
- printf("No local realm\r\n");
- return;
- }
- memmove((void *)auth.dat, (void *)data, auth.length = cnt);
- if (auth_debug_mode) {
- printf("Got %d bytes of authentication data\r\n", cnt);
- printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length));
- printd(auth.dat, auth.length);
- printf("\r\n");
- }
- instance[0] = '*'; instance[1] = 0;
- if ((r = krb_rd_req(&auth, KRB_SERVICE_NAME,
- instance, 0, &adat, ""))) {
- if (auth_debug_mode)
- printf("Kerberos failed him as %s\r\n", name);
- Data(ap, KRB_REJECT, (void *)krb_err_txt[r], -1);
- auth_finished(ap, AUTH_REJECT);
- return;
- }
-#ifdef ENCRYPTION
- memmove((void *)session_key, (void *)adat.session, sizeof(Block));
-#endif /* ENCRYPTION */
- krb_kntoln(&adat, name);
-
- if (UserNameRequested && !kuserok(&adat, UserNameRequested))
- Data(ap, KRB_ACCEPT, (void *)0, 0);
- else
- Data(ap, KRB_REJECT,
- (void *)"user is not authorized", -1);
- auth_finished(ap, AUTH_USER);
- break;
-
- case KRB_CHALLENGE:
-#ifndef ENCRYPTION
- Data(ap, KRB_RESPONSE, (void *)0, 0);
-#else /* ENCRYPTION */
- if (!VALIDKEY(session_key)) {
- /*
- * We don't have a valid session key, so just
- * send back a response with an empty session
- * key.
- */
- Data(ap, KRB_RESPONSE, (void *)0, 0);
- break;
- }
-
- /*
- * Initialize the random number generator since it's
- * used later on by the encryption routine.
- */
- des_init_random_number_generator(&session_key);
- des_key_sched(&session_key, sched);
- memmove((void *)datablock, (void *)data, sizeof(Block));
- /*
- * Take the received encrypted challenge, and encrypt
- * it again to get a unique session_key for the
- * ENCRYPT option.
- */
- des_ecb_encrypt(&datablock, &session_key, sched, 1);
- skey.type = SK_DES;
- skey.length = 8;
- skey.data = session_key;
- encrypt_session_key(&skey, 1);
- /*
- * Now decrypt the received encrypted challenge,
- * increment by one, re-encrypt it and send it back.
- */
- des_ecb_encrypt(&datablock, &challenge, sched, 0);
- for (r = 7; r >= 0; r--) {
- register int t;
- t = (unsigned int)challenge[r] + 1;
- challenge[r] = t; /* ignore overflow */
- if (t < 256) /* if no overflow, all done */
- break;
- }
- des_ecb_encrypt(&challenge, &challenge, sched, 1);
- Data(ap, KRB_RESPONSE, (void *)challenge, sizeof(challenge));
-#endif /* ENCRYPTION */
- break;
-
- default:
- if (auth_debug_mode)
- printf("Unknown Kerberos option %d\r\n", data[-1]);
- Data(ap, KRB_REJECT, 0, 0);
- break;
- }
-}
-
- void
-kerberos4_reply(ap, data, cnt)
- Authenticator *ap;
- unsigned char *data;
- int cnt;
-{
-#ifdef ENCRYPTION
- Session_Key skey;
-#endif /* ENCRYPTION */
-
- if (cnt-- < 1)
- return;
- switch (*data++) {
- case KRB_REJECT:
- if (cnt > 0) {
- printf("[ Kerberos V4 refuses authentication because %.*s ]\r\n",
- cnt, data);
- } else
- printf("[ Kerberos V4 refuses authentication ]\r\n");
- auth_send_retry();
- return;
- case KRB_ACCEPT:
- printf("[ Kerberos V4 accepts you ]\n");
- if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
- /*
- * Send over the encrypted challenge.
- */
-#ifndef ENCRYPTION
- Data(ap, KRB_CHALLENGE, (void *)0, 0);
-#else /* ENCRYPTION */
- Data(ap, KRB_CHALLENGE, (void *)session_key,
- sizeof(session_key));
- des_ecb_encrypt(&session_key, &session_key, sched, 1);
- skey.type = SK_DES;
- skey.length = 8;
- skey.data = session_key;
- encrypt_session_key(&skey, 0);
-#endif /* ENCRYPTION */
- return;
- }
- auth_finished(ap, AUTH_USER);
- return;
- case KRB_RESPONSE:
-#ifdef ENCRYPTION
- /*
- * Verify that the response to the challenge is correct.
- */
- if ((cnt != sizeof(Block)) ||
- (0 != memcmp((void *)data, (void *)challenge,
- sizeof(challenge))))
- {
-#endif /* ENCRYPTION */
- printf("[ Kerberos V4 challenge failed!!! ]\r\n");
- auth_send_retry();
- return;
-#ifdef ENCRYPTION
- }
- printf("[ Kerberos V4 challenge successful ]\r\n");
- auth_finished(ap, AUTH_USER);
-#endif /* ENCRYPTION */
- break;
- default:
- if (auth_debug_mode)
- printf("Unknown Kerberos option %d\r\n", data[-1]);
- return;
- }
-}
-
- int
-kerberos4_status(ap, name, level)
- Authenticator *ap;
- char *name;
- int level;
-{
- if (level < AUTH_USER)
- return(level);
-
- if (UserNameRequested && !kuserok(&adat, UserNameRequested)) {
- strcpy(name, UserNameRequested);
- return(AUTH_VALID);
- } else
- return(AUTH_USER);
-}
-
-#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);}
-#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);}
-
- void
-kerberos4_printsub(data, cnt, buf, buflen)
- unsigned char *data, *buf;
- int cnt, buflen;
-{
- char lbuf[32];
- register int i;
-
- buf[buflen-1] = '\0'; /* make sure its NULL terminated */
- buflen -= 1;
-
- switch(data[3]) {
- case KRB_REJECT: /* Rejected (reason might follow) */
- strncpy((char *)buf, " REJECT ", buflen);
- goto common;
-
- case KRB_ACCEPT: /* Accepted (name might follow) */
- strncpy((char *)buf, " ACCEPT ", buflen);
- common:
- BUMP(buf, buflen);
- if (cnt <= 4)
- break;
- ADDC(buf, buflen, '"');
- for (i = 4; i < cnt; i++)
- ADDC(buf, buflen, data[i]);
- ADDC(buf, buflen, '"');
- ADDC(buf, buflen, '\0');
- break;
-
- case KRB_AUTH: /* Authentication data follows */
- strncpy((char *)buf, " AUTH", buflen);
- goto common2;
-
- case KRB_CHALLENGE:
- strncpy((char *)buf, " CHALLENGE", buflen);
- goto common2;
-
- case KRB_RESPONSE:
- strncpy((char *)buf, " RESPONSE", buflen);
- goto common2;
-
- default:
- sprintf(lbuf, " %d (unknown)", data[3]);
- strncpy((char *)buf, lbuf, buflen);
- common2:
- BUMP(buf, buflen);
- for (i = 4; i < cnt; i++) {
- sprintf(lbuf, " %d", data[i]);
- strncpy((char *)buf, lbuf, buflen);
- BUMP(buf, buflen);
- }
- break;
- }
-}
-
- int
-kerberos4_cksum(d, n)
- unsigned char *d;
- int n;
-{
- int ck = 0;
-
- /*
- * A comment is probably needed here for those not
- * well versed in the "C" language. Yes, this is
- * supposed to be a "switch" with the body of the
- * "switch" being a "while" statement. The whole
- * purpose of the switch is to allow us to jump into
- * the middle of the while() loop, and then not have
- * to do any more switch()s.
- *
- * Some compilers will spit out a warning message
- * about the loop not being entered at the top.
- */
- switch (n&03)
- while (n > 0) {
- case 0:
- ck ^= (int)*d++ << 24;
- --n;
- case 3:
- ck ^= (int)*d++ << 16;
- --n;
- case 2:
- ck ^= (int)*d++ << 8;
- --n;
- case 1:
- ck ^= (int)*d++;
- --n;
- }
- return(ck);
-}
-#endif
-
-#ifdef notdef
-
-prkey(msg, key)
- char *msg;
- unsigned char *key;
-{
- register int i;
- printf("%s:", msg);
- for (i = 0; i < 8; i++)
- printf(" %3d", key[i]);
- printf("\r\n");
-}
-#endif
diff --git a/eBones/lib/libtelnet/kerberos5.c b/eBones/lib/libtelnet/kerberos5.c
deleted file mode 100644
index 1a27515..0000000
--- a/eBones/lib/libtelnet/kerberos5.c
+++ /dev/null
@@ -1,764 +0,0 @@
-/*
- * $Source: /home/ncvs/src/eBones/lib/libtelnet/kerberos5.c,v $
- * $Author: jkh $
- * $Id$
- */
-
-#if !defined(lint) && !defined(SABER)
-static
-#ifdef __STDC__
-const
-#endif
-char rcsid_kerberos5_c[] = "$Id$";
-#endif /* lint */
-
-/*-
- * Copyright (c) 1991, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)kerberos5.c 8.3 (Berkeley) 5/30/95";
-#endif /* not lint */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-
-#ifdef KRB5
-#include <arpa/telnet.h>
-#include <stdio.h>
-#include <krb5/krb5.h>
-#include <krb5/asn1.h>
-#include <krb5/crc-32.h>
-#include <krb5/los-proto.h>
-#include <krb5/ext-proto.h>
-#include <com_err.h>
-#include <netdb.h>
-#include <ctype.h>
-
-/* kerberos 5 include files (ext-proto.h) will get an appropriate stdlib.h
- and string.h/strings.h */
-
-#include "encrypt.h"
-#include "auth.h"
-#include "misc.h"
-
-extern auth_debug_mode;
-
-#ifdef FORWARD
-int forward_flags = 0; /* Flags get set in telnet/main.c on -f and -F */
-
-/* These values need to be the same as those defined in telnet/main.c. */
-/* Either define them in both places, or put in some common header file. */
-#define OPTS_FORWARD_CREDS 0x00000002
-#define OPTS_FORWARDABLE_CREDS 0x00000001
-
-void kerberos5_forward();
-
-#endif /* FORWARD */
-
-static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
- AUTHTYPE_KERBEROS_V5, };
-/*static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
- TELQUAL_NAME, };*/
-
-#define KRB_AUTH 0 /* Authentication data follows */
-#define KRB_REJECT 1 /* Rejected (reason might follow) */
-#define KRB_ACCEPT 2 /* Accepted */
-#define KRB_RESPONSE 3 /* Response for mutual auth. */
-
-#ifdef FORWARD
-#define KRB_FORWARD 4 /* Forwarded credentials follow */
-#define KRB_FORWARD_ACCEPT 5 /* Forwarded credentials accepted */
-#define KRB_FORWARD_REJECT 6 /* Forwarded credentials rejected */
-#endif /* FORWARD */
-
-static krb5_data auth;
- /* telnetd gets session key from here */
-static krb5_tkt_authent *authdat = NULL;
-/* telnet matches the AP_REQ and AP_REP with this */
-static krb5_authenticator authenticator;
-
-/* some compilers can't hack void *, so we use the Kerberos krb5_pointer,
- which is either void * or char *, depending on the compiler. */
-
-#define Voidptr krb5_pointer
-
-Block session_key;
-
- static int
-Data(ap, type, d, c)
- Authenticator *ap;
- int type;
- Voidptr d;
- int c;
-{
- unsigned char *p = str_data + 4;
- unsigned char *cd = (unsigned char *)d;
-
- if (c == -1)
- c = strlen((char *)cd);
-
- if (auth_debug_mode) {
- printf("%s:%d: [%d] (%d)",
- str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
- str_data[3],
- type, c);
- printd(d, c);
- printf("\r\n");
- }
- *p++ = ap->type;
- *p++ = ap->way;
- *p++ = type;
- while (c-- > 0) {
- if ((*p++ = *cd++) == IAC)
- *p++ = IAC;
- }
- *p++ = IAC;
- *p++ = SE;
- if (str_data[3] == TELQUAL_IS)
- printsub('>', &str_data[2], p - &str_data[2]);
- return(net_write(str_data, p - str_data));
-}
-
- int
-kerberos5_init(ap, server)
- Authenticator *ap;
- int server;
-{
- if (server)
- str_data[3] = TELQUAL_REPLY;
- else
- str_data[3] = TELQUAL_IS;
- krb5_init_ets();
- return(1);
-}
-
- int
-kerberos5_send(ap)
- Authenticator *ap;
-{
- char **realms;
- char *name;
- char *p1, *p2;
- krb5_checksum ksum;
- krb5_octet sum[CRC32_CKSUM_LENGTH];
- krb5_principal server;
- krb5_error_code r;
- krb5_ccache ccache;
- krb5_creds creds; /* telnet gets session key from here */
- extern krb5_flags krb5_kdc_default_options;
- int ap_opts;
-
-#ifdef ENCRYPTION
- krb5_keyblock *newkey = 0;
-#endif /* ENCRYPTION */
-
- ksum.checksum_type = CKSUMTYPE_CRC32;
- ksum.contents = sum;
- ksum.length = sizeof(sum);
- memset((Voidptr )sum, 0, sizeof(sum));
-
- if (!UserNameRequested) {
- if (auth_debug_mode) {
- printf("Kerberos V5: no user name supplied\r\n");
- }
- return(0);
- }
-
- if (r = krb5_cc_default(&ccache)) {
- if (auth_debug_mode) {
- printf("Kerberos V5: could not get default ccache\r\n");
- }
- return(0);
- }
-
- if ((name = malloc(strlen(RemoteHostName)+1)) == NULL) {
- if (auth_debug_mode)
- printf("Out of memory for hostname in Kerberos V5\r\n");
- return(0);
- }
-
- if (r = krb5_get_host_realm(RemoteHostName, &realms)) {
- if (auth_debug_mode)
- printf("Kerberos V5: no realm for %s\r\n", RemoteHostName);
- free(name);
- return(0);
- }
-
- p1 = RemoteHostName;
- p2 = name;
-
- while (*p2 = *p1++) {
- if (isupper(*p2))
- *p2 |= 040;
- ++p2;
- }
-
- if (r = krb5_build_principal_ext(&server,
- strlen(realms[0]), realms[0],
- 4, "host",
- p2 - name, name,
- 0)) {
- if (auth_debug_mode) {
- printf("Kerberos V5: failure setting up principal (%s)\r\n",
- error_message(r));
- }
- free(name);
- krb5_free_host_realm(realms);
- return(0);
- }
-
-
- memset((char *)&creds, 0, sizeof(creds));
- creds.server = server;
-
- if (r = krb5_cc_get_principal(ccache, &creds.client)) {
- if (auth_debug_mode) {
- printf("Kerberos V5: failure on principal (%s)\r\n",
- error_message(r));
- }
- free(name);
- krb5_free_principal(server);
- krb5_free_host_realm(realms);
- return(0);
- }
-
- if (r = krb5_get_credentials(krb5_kdc_default_options, ccache, &creds)) {
- if (auth_debug_mode) {
- printf("Kerberos V5: failure on credentials(%d)\r\n",r);
- }
- free(name);
- krb5_free_host_realm(realms);
- krb5_free_principal(server);
- return(0);
- }
-
- if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL)
- ap_opts = AP_OPTS_MUTUAL_REQUIRED;
- else
- ap_opts = 0;
-
- r = krb5_mk_req_extended(ap_opts, &ksum, krb5_kdc_default_options, 0,
-#ifdef ENCRYPTION
- &newkey,
-#else /* ENCRYPTION */
- 0,
-#endif /* ENCRYPTION */
- ccache, &creds, &authenticator, &auth);
- /* don't let the key get freed if we clean up the authenticator */
- authenticator.subkey = 0;
-
- free(name);
- krb5_free_host_realm(realms);
- krb5_free_principal(server);
-#ifdef ENCRYPTION
- if (newkey) {
- /* keep the key in our private storage, but don't use it
- yet---see kerberos5_reply() below */
- if (newkey->keytype != KEYTYPE_DES) {
- if (creds.keyblock.keytype == KEYTYPE_DES)
- /* use the session key in credentials instead */
- memmove((char *)session_key,
- (char *)creds.keyblock.contents, sizeof(Block));
- else
- /* XXX ? */;
- } else {
- memmove((char *)session_key, (char *)newkey->contents,
- sizeof(Block));
- }
- krb5_free_keyblock(newkey);
- }
-#endif /* ENCRYPTION */
- if (r) {
- if (auth_debug_mode) {
- printf("Kerberos V5: mk_req failed (%s)\r\n",
- error_message(r));
- }
- return(0);
- }
-
- if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
- if (auth_debug_mode)
- printf("Not enough room for user name\r\n");
- return(0);
- }
- if (!Data(ap, KRB_AUTH, auth.data, auth.length)) {
- if (auth_debug_mode)
- printf("Not enough room for authentication data\r\n");
- return(0);
- }
- if (auth_debug_mode) {
- printf("Sent Kerberos V5 credentials to server\r\n");
- }
- return(1);
-}
-
- void
-kerberos5_is(ap, data, cnt)
- Authenticator *ap;
- unsigned char *data;
- int cnt;
-{
- int r;
- struct hostent *hp;
- char *p1, *p2;
- static char *realm = NULL;
- krb5_principal server;
- krb5_ap_rep_enc_part reply;
- krb5_data outbuf;
-#ifdef ENCRYPTION
- Session_Key skey;
-#endif /* ENCRYPTION */
- char *name;
- char *getenv();
- krb5_data inbuf;
-
- if (cnt-- < 1)
- return;
- switch (*data++) {
- case KRB_AUTH:
- auth.data = (char *)data;
- auth.length = cnt;
-
- if (!(hp = gethostbyname(LocalHostName))) {
- if (auth_debug_mode)
- printf("Cannot resolve local host name\r\n");
- Data(ap, KRB_REJECT, "Unknown local hostname.", -1);
- auth_finished(ap, AUTH_REJECT);
- return;
- }
-
- if (!realm && (krb5_get_default_realm(&realm))) {
- if (auth_debug_mode)
- printf("Could not get default realm\r\n");
- Data(ap, KRB_REJECT, "Could not get default realm.", -1);
- auth_finished(ap, AUTH_REJECT);
- return;
- }
-
- if ((name = malloc(strlen(hp->h_name)+1)) == NULL) {
- if (auth_debug_mode)
- printf("Out of memory for hostname in Kerberos V5\r\n");
- Data(ap, KRB_REJECT, "Out of memory.", -1);
- auth_finished(ap, AUTH_REJECT);
- return;
- }
-
- p1 = hp->h_name;
- p2 = name;
-
- while (*p2 = *p1++) {
- if (isupper(*p2))
- *p2 |= 040;
- ++p2;
- }
-
- if (authdat)
- krb5_free_tkt_authent(authdat);
-
- r = krb5_build_principal_ext(&server,
- strlen(realm), realm,
- 4, "host",
- p2 - name, name,
- 0);
- if (!r) {
- r = krb5_rd_req_simple(&auth, server, 0, &authdat);
- krb5_free_principal(server);
- }
- if (r) {
- char errbuf[128];
-
- errout:
- authdat = 0;
- (void) strcpy(errbuf, "Read req failed: ");
- (void) strcat(errbuf, error_message(r));
- Data(ap, KRB_REJECT, errbuf, -1);
- if (auth_debug_mode)
- printf("%s\r\n", errbuf);
- return;
- }
- free(name);
- if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
- /* do ap_rep stuff here */
- reply.ctime = authdat->authenticator->ctime;
- reply.cusec = authdat->authenticator->cusec;
- reply.subkey = 0; /* use the one he gave us, so don't
- need to return one here */
- reply.seq_number = 0; /* we don't do seq #'s. */
-
- if (r = krb5_mk_rep(&reply,
- authdat->authenticator->subkey ?
- authdat->authenticator->subkey :
- authdat->ticket->enc_part2->session,
- &outbuf)) {
- goto errout;
- }
- Data(ap, KRB_RESPONSE, outbuf.data, outbuf.length);
- }
- if (krb5_unparse_name(authdat->ticket->enc_part2 ->client,
- &name))
- name = 0;
- Data(ap, KRB_ACCEPT, name, name ? -1 : 0);
- if (auth_debug_mode) {
- printf("Kerberos5 identifies him as ``%s''\r\n",
- name ? name : "");
- }
- auth_finished(ap, AUTH_USER);
-
- free(name);
- if (authdat->authenticator->subkey &&
- authdat->authenticator->subkey->keytype == KEYTYPE_DES) {
- memmove((Voidptr )session_key,
- (Voidptr )authdat->authenticator->subkey->contents,
- sizeof(Block));
- } else if (authdat->ticket->enc_part2->session->keytype ==
- KEYTYPE_DES) {
- memmove((Voidptr )session_key,
- (Voidptr )authdat->ticket->enc_part2->session->contents,
- sizeof(Block));
- } else
- break;
-
-#ifdef ENCRYPTION
- skey.type = SK_DES;
- skey.length = 8;
- skey.data = session_key;
- encrypt_session_key(&skey, 1);
-#endif /* ENCRYPTION */
- break;
-#ifdef FORWARD
- case KRB_FORWARD:
- inbuf.data = (char *)data;
- inbuf.length = cnt;
- if (r = rd_and_store_for_creds(&inbuf, authdat->ticket,
- UserNameRequested)) {
- char errbuf[128];
-
- (void) strcpy(errbuf, "Read forwarded creds failed: ");
- (void) strcat(errbuf, error_message(r));
- Data(ap, KRB_FORWARD_REJECT, errbuf, -1);
- if (auth_debug_mode)
- printf("Could not read forwarded credentials\r\n");
- }
- else
- Data(ap, KRB_FORWARD_ACCEPT, 0, 0);
- if (auth_debug_mode)
- printf("Forwarded credentials obtained\r\n");
- break;
-#endif /* FORWARD */
- default:
- if (auth_debug_mode)
- printf("Unknown Kerberos option %d\r\n", data[-1]);
- Data(ap, KRB_REJECT, 0, 0);
- break;
- }
-}
-
- void
-kerberos5_reply(ap, data, cnt)
- Authenticator *ap;
- unsigned char *data;
- int cnt;
-{
- Session_Key skey;
- static int mutual_complete = 0;
-
- if (cnt-- < 1)
- return;
- switch (*data++) {
- case KRB_REJECT:
- if (cnt > 0) {
- printf("[ Kerberos V5 refuses authentication because %.*s ]\r\n",
- cnt, data);
- } else
- printf("[ Kerberos V5 refuses authentication ]\r\n");
- auth_send_retry();
- return;
- case KRB_ACCEPT:
- if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL &&
- !mutual_complete) {
- printf("[ Kerberos V5 accepted you, but didn't provide mutual authentication! ]\n");
- auth_send_retry();
- return;
- }
- if (cnt)
- printf("[ Kerberos V5 accepts you as ``%.*s'' ]\n", cnt, data);
- else
- printf("[ Kerberos V5 accepts you ]\n");
- auth_finished(ap, AUTH_USER);
-#ifdef FORWARD
- if (forward_flags & OPTS_FORWARD_CREDS)
- kerberos5_forward(ap);
-#endif /* FORWARD */
- break;
- case KRB_RESPONSE:
- if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
- /* the rest of the reply should contain a krb_ap_rep */
- krb5_ap_rep_enc_part *reply;
- krb5_data inbuf;
- krb5_error_code r;
- krb5_keyblock tmpkey;
-
- inbuf.length = cnt;
- inbuf.data = (char *)data;
-
- tmpkey.keytype = KEYTYPE_DES;
- tmpkey.contents = session_key;
- tmpkey.length = sizeof(Block);
-
- if (r = krb5_rd_rep(&inbuf, &tmpkey, &reply)) {
- printf("[ Mutual authentication failed: %s ]\n",
- error_message(r));
- auth_send_retry();
- return;
- }
- if (reply->ctime != authenticator.ctime ||
- reply->cusec != authenticator.cusec) {
- printf("[ Mutual authentication failed (mismatched KRB_AP_REP) ]\n");
- auth_send_retry();
- return;
- }
- krb5_free_ap_rep_enc_part(reply);
-#ifdef ENCRYPTION
- skey.type = SK_DES;
- skey.length = 8;
- skey.data = session_key;
- encrypt_session_key(&skey, 0);
-#endif /* ENCRYPTION */
- mutual_complete = 1;
- }
- return;
-#ifdef FORWARD
- case KRB_FORWARD_ACCEPT:
- printf("[ Kerberos V5 accepted forwarded credentials ]\n");
- return;
- case KRB_FORWARD_REJECT:
- printf("[ Kerberos V5 refuses forwarded credentials because %.*s ]\r\n",
- cnt, data);
- return;
-#endif /* FORWARD */
- default:
- if (auth_debug_mode)
- printf("Unknown Kerberos option %d\r\n", data[-1]);
- return;
- }
-}
-
- int
-kerberos5_status(ap, name, level)
- Authenticator *ap;
- char *name;
- int level;
-{
- if (level < AUTH_USER)
- return(level);
-
- if (UserNameRequested &&
- krb5_kuserok(authdat->ticket->enc_part2->client, UserNameRequested))
- {
- strcpy(name, UserNameRequested);
- return(AUTH_VALID);
- } else
- return(AUTH_USER);
-}
-
-#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);}
-#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);}
-
- void
-kerberos5_printsub(data, cnt, buf, buflen)
- unsigned char *data, *buf;
- int cnt, buflen;
-{
- char lbuf[32];
- register int i;
-
- buf[buflen-1] = '\0'; /* make sure its NULL terminated */
- buflen -= 1;
-
- switch(data[3]) {
- case KRB_REJECT: /* Rejected (reason might follow) */
- strncpy((char *)buf, " REJECT ", buflen);
- goto common;
-
- case KRB_ACCEPT: /* Accepted (name might follow) */
- strncpy((char *)buf, " ACCEPT ", buflen);
- common:
- BUMP(buf, buflen);
- if (cnt <= 4)
- break;
- ADDC(buf, buflen, '"');
- for (i = 4; i < cnt; i++)
- ADDC(buf, buflen, data[i]);
- ADDC(buf, buflen, '"');
- ADDC(buf, buflen, '\0');
- break;
-
-
- case KRB_AUTH: /* Authentication data follows */
- strncpy((char *)buf, " AUTH", buflen);
- goto common2;
-
- case KRB_RESPONSE:
- strncpy((char *)buf, " RESPONSE", buflen);
- goto common2;
-
-#ifdef FORWARD
- case KRB_FORWARD: /* Forwarded credentials follow */
- strncpy((char *)buf, " FORWARD", buflen);
- goto common2;
-
- case KRB_FORWARD_ACCEPT: /* Forwarded credentials accepted */
- strncpy((char *)buf, " FORWARD_ACCEPT", buflen);
- goto common2;
-
- case KRB_FORWARD_REJECT: /* Forwarded credentials rejected */
- /* (reason might follow) */
- strncpy((char *)buf, " FORWARD_REJECT", buflen);
- goto common2;
-#endif /* FORWARD */
-
- default:
- sprintf(lbuf, " %d (unknown)", data[3]);
- strncpy((char *)buf, lbuf, buflen);
- common2:
- BUMP(buf, buflen);
- for (i = 4; i < cnt; i++) {
- sprintf(lbuf, " %d", data[i]);
- strncpy((char *)buf, lbuf, buflen);
- BUMP(buf, buflen);
- }
- break;
- }
-}
-
-#ifdef FORWARD
- void
-kerberos5_forward(ap)
- Authenticator *ap;
-{
- struct hostent *hp;
- krb5_creds *local_creds;
- krb5_error_code r;
- krb5_data forw_creds;
- extern krb5_cksumtype krb5_kdc_req_sumtype;
- krb5_ccache ccache;
- int i;
-
- if (!(local_creds = (krb5_creds *)
- calloc(1, sizeof(*local_creds)))) {
- if (auth_debug_mode)
- printf("Kerberos V5: could not allocate memory for credentials\r\n");
- return;
- }
-
- if (r = krb5_sname_to_principal(RemoteHostName, "host", 1,
- &local_creds->server)) {
- if (auth_debug_mode)
- printf("Kerberos V5: could not build server name - %s\r\n",
- error_message(r));
- krb5_free_creds(local_creds);
- return;
- }
-
- if (r = krb5_cc_default(&ccache)) {
- if (auth_debug_mode)
- printf("Kerberos V5: could not get default ccache - %s\r\n",
- error_message(r));
- krb5_free_creds(local_creds);
- return;
- }
-
- if (r = krb5_cc_get_principal(ccache, &local_creds->client)) {
- if (auth_debug_mode)
- printf("Kerberos V5: could not get default principal - %s\r\n",
- error_message(r));
- krb5_free_creds(local_creds);
- return;
- }
-
- /* Get ticket from credentials cache */
- if (r = krb5_get_credentials(KRB5_GC_CACHED, ccache, local_creds)) {
- if (auth_debug_mode)
- printf("Kerberos V5: could not obtain credentials - %s\r\n",
- error_message(r));
- krb5_free_creds(local_creds);
- return;
- }
-
- if (r = get_for_creds(ETYPE_DES_CBC_CRC,
- krb5_kdc_req_sumtype,
- RemoteHostName,
- local_creds->client,
- &local_creds->keyblock,
- forward_flags & OPTS_FORWARDABLE_CREDS,
- &forw_creds)) {
- if (auth_debug_mode)
- printf("Kerberos V5: error getting forwarded creds - %s\r\n",
- error_message(r));
- krb5_free_creds(local_creds);
- return;
- }
-
- /* Send forwarded credentials */
- if (!Data(ap, KRB_FORWARD, forw_creds.data, forw_creds.length)) {
- if (auth_debug_mode)
- printf("Not enough room for authentication data\r\n");
- }
- else {
- if (auth_debug_mode)
- printf("Forwarded local Kerberos V5 credentials to server\r\n");
- }
-
- krb5_free_creds(local_creds);
-}
-#endif /* FORWARD */
-
-#endif /* KRB5 */
diff --git a/eBones/lib/libtelnet/key-proto.h b/eBones/lib/libtelnet/key-proto.h
deleted file mode 100644
index 9668a77..0000000
--- a/eBones/lib/libtelnet/key-proto.h
+++ /dev/null
@@ -1,71 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * @(#)key-proto.h 8.1 (Berkeley) 6/4/93
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#ifndef __KEY_PROTO__
-#define __KEY_PROTO__
-
-#if !defined(P)
-#ifdef __STDC__
-#define P(x) x
-#else
-#define P(x) ()
-#endif
-#endif
-
-int key_file_exists P((void));
-void key_lookup P((unsigned char *, Block));
-void key_stream_init P((Block, Block, int));
-unsigned char key_stream P((int, int));
-#endif
diff --git a/eBones/lib/libtelnet/krb4encpwd.c b/eBones/lib/libtelnet/krb4encpwd.c
deleted file mode 100644
index 5c484c2..0000000
--- a/eBones/lib/libtelnet/krb4encpwd.c
+++ /dev/null
@@ -1,445 +0,0 @@
-/*-
- * Copyright (c) 1992, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)krb4encpwd.c 8.3 (Berkeley) 5/30/95";
-#endif /* not lint */
-
-
-#ifdef KRB4_ENCPWD
-/*
- * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION
- * ALL RIGHTS RESERVED
- *
- * "Digital Equipment Corporation authorizes the reproduction,
- * distribution and modification of this software subject to the following
- * restrictions:
- *
- * 1. Any partial or whole copy of this software, or any modification
- * thereof, must include this copyright notice in its entirety.
- *
- * 2. This software is supplied "as is" with no warranty of any kind,
- * expressed or implied, for any purpose, including any warranty of fitness
- * or merchantibility. DIGITAL assumes no responsibility for the use or
- * reliability of this software, nor promises to provide any form of
- * support for it on any basis.
- *
- * 3. Distribution of this software is authorized only if no profit or
- * remuneration of any kind is received in exchange for such distribution.
- *
- * 4. This software produces public key authentication certificates
- * bearing an expiration date established by DIGITAL and RSA Data
- * Security, Inc. It may cease to generate certificates after the expiration
- * date. Any modification of this software that changes or defeats
- * the expiration date or its effect is unauthorized.
- *
- * 5. Software that will renew or extend the expiration date of
- * authentication certificates produced by this software may be obtained
- * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA
- * 94065, (415)595-8782, or from DIGITAL"
- *
- */
-
-#include <sys/types.h>
-#include <arpa/telnet.h>
-#include <pwd.h>
-#include <stdio.h>
-
-#include <des.h>
-#include <krb.h>
-#ifdef __STDC__
-#include <stdlib.h>
-#endif
-#ifdef NO_STRING_H
-#include <strings.h>
-#else
-#include <string.h>
-#endif
-
-#include "encrypt.h"
-#include "auth.h"
-#include "misc.h"
-
-int krb_mk_encpwd_req P((KTEXT, char *, char *, char *, char *, char *, char *));
-int krb_rd_encpwd_req P((KTEXT, char *, char *, u_long, AUTH_DAT *, char *, char *, char *, char *));
-
-extern auth_debug_mode;
-
-static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
- AUTHTYPE_KRB4_ENCPWD, };
-static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
- TELQUAL_NAME, };
-
-#define KRB4_ENCPWD_AUTH 0 /* Authentication data follows */
-#define KRB4_ENCPWD_REJECT 1 /* Rejected (reason might follow) */
-#define KRB4_ENCPWD_ACCEPT 2 /* Accepted */
-#define KRB4_ENCPWD_CHALLENGE 3 /* Challenge for mutual auth. */
-#define KRB4_ENCPWD_ACK 4 /* Acknowledge */
-
-#define KRB_SERVICE_NAME "rcmd"
-
-static KTEXT_ST auth;
-static char name[ANAME_SZ];
-static char user_passwd[ANAME_SZ];
-static AUTH_DAT adat = { 0 };
-#ifdef ENCRYPTION
-static Block session_key = { 0 };
-#endif /* ENCRYPTION */
-static char challenge[REALM_SZ];
-
- static int
-Data(ap, type, d, c)
- Authenticator *ap;
- int type;
- void *d;
- int c;
-{
- unsigned char *p = str_data + 4;
- unsigned char *cd = (unsigned char *)d;
-
- if (c == -1)
- c = strlen((char *)cd);
-
- if (0) {
- printf("%s:%d: [%d] (%d)",
- str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
- str_data[3],
- type, c);
- printd(d, c);
- printf("\r\n");
- }
- *p++ = ap->type;
- *p++ = ap->way;
- *p++ = type;
- while (c-- > 0) {
- if ((*p++ = *cd++) == IAC)
- *p++ = IAC;
- }
- *p++ = IAC;
- *p++ = SE;
- if (str_data[3] == TELQUAL_IS)
- printsub('>', &str_data[2], p - (&str_data[2]));
- return(net_write(str_data, p - str_data));
-}
-
- int
-krb4encpwd_init(ap, server)
- Authenticator *ap;
- int server;
-{
- char hostname[80], *cp, *realm;
- C_Block skey;
-
- if (server) {
- str_data[3] = TELQUAL_REPLY;
- } else {
- str_data[3] = TELQUAL_IS;
- gethostname(hostname, sizeof(hostname));
- realm = krb_realmofhost(hostname);
- cp = strchr(hostname, '.');
- if (*cp != NULL) *cp = NULL;
- if (read_service_key(KRB_SERVICE_NAME, hostname, realm, 0,
- KEYFILE, (char *)skey)) {
- return(0);
- }
- }
- return(1);
-}
-
- int
-krb4encpwd_send(ap)
- Authenticator *ap;
-{
-
- printf("[ Trying KRB4ENCPWD ... ]\n");
- if (!UserNameRequested) {
- return(0);
- }
- if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
- return(0);
- }
-
- if (!Data(ap, KRB4_ENCPWD_ACK, (void *)NULL, 0)) {
- return(0);
- }
-
- return(1);
-}
-
- void
-krb4encpwd_is(ap, data, cnt)
- Authenticator *ap;
- unsigned char *data;
- int cnt;
-{
- Session_Key skey;
- Block datablock;
- char r_passwd[ANAME_SZ], r_user[ANAME_SZ];
- char lhostname[ANAME_SZ], *cp;
- int r;
- time_t now;
-
- if (cnt-- < 1)
- return;
- switch (*data++) {
- case KRB4_ENCPWD_AUTH:
- memmove((void *)auth.dat, (void *)data, auth.length = cnt);
-
- gethostname(lhostname, sizeof(lhostname));
- if ((cp = strchr(lhostname, '.')) != 0) *cp = '\0';
-
- if (r = krb_rd_encpwd_req(&auth, KRB_SERVICE_NAME, lhostname, 0, &adat, NULL, challenge, r_user, r_passwd)) {
- Data(ap, KRB4_ENCPWD_REJECT, (void *)"Auth failed", -1);
- auth_finished(ap, AUTH_REJECT);
- return;
- }
- auth_encrypt_userpwd(r_passwd);
- if (passwdok(UserNameRequested, UserPassword) == 0) {
- /*
- * illegal username and password
- */
- Data(ap, KRB4_ENCPWD_REJECT, (void *)"Illegal password", -1);
- auth_finished(ap, AUTH_REJECT);
- return;
- }
-
- memmove((void *)session_key, (void *)adat.session, sizeof(Block));
- Data(ap, KRB4_ENCPWD_ACCEPT, (void *)0, 0);
- auth_finished(ap, AUTH_USER);
- break;
-
- case KRB4_ENCPWD_CHALLENGE:
- /*
- * Take the received random challenge text and save
- * for future authentication.
- */
- memmove((void *)challenge, (void *)data, sizeof(Block));
- break;
-
-
- case KRB4_ENCPWD_ACK:
- /*
- * Receive ack, if mutual then send random challenge
- */
-
- /*
- * If we are doing mutual authentication, get set up to send
- * the challenge, and verify it when the response comes back.
- */
-
- if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
- register int i;
-
- time(&now);
- sprintf(challenge, "%x", now);
- Data(ap, KRB4_ENCPWD_CHALLENGE, (void *)challenge, strlen(challenge));
- }
- break;
-
- default:
- Data(ap, KRB4_ENCPWD_REJECT, 0, 0);
- break;
- }
-}
-
-
- void
-krb4encpwd_reply(ap, data, cnt)
- Authenticator *ap;
- unsigned char *data;
- int cnt;
-{
- Session_Key skey;
- KTEXT_ST krb_token;
- Block enckey;
- CREDENTIALS cred;
- int r;
- char randchal[REALM_SZ], instance[ANAME_SZ], *cp;
- char hostname[80], *realm;
-
- if (cnt-- < 1)
- return;
- switch (*data++) {
- case KRB4_ENCPWD_REJECT:
- if (cnt > 0) {
- printf("[ KRB4_ENCPWD refuses authentication because %.*s ]\r\n",
- cnt, data);
- } else
- printf("[ KRB4_ENCPWD refuses authentication ]\r\n");
- auth_send_retry();
- return;
- case KRB4_ENCPWD_ACCEPT:
- printf("[ KRB4_ENCPWD accepts you ]\n");
- auth_finished(ap, AUTH_USER);
- return;
- case KRB4_ENCPWD_CHALLENGE:
- /*
- * Verify that the response to the challenge is correct.
- */
-
- gethostname(hostname, sizeof(hostname));
- realm = krb_realmofhost(hostname);
- memmove((void *)challenge, (void *)data, cnt);
- memset(user_passwd, 0, sizeof(user_passwd));
- local_des_read_pw_string(user_passwd, sizeof(user_passwd)-1, "Password: ", 0);
- UserPassword = user_passwd;
- Challenge = challenge;
- strcpy(instance, RemoteHostName);
- if ((cp = strchr(instance, '.')) != 0) *cp = '\0';
-
- if (r = krb_mk_encpwd_req(&krb_token, KRB_SERVICE_NAME, instance, realm, Challenge, UserNameRequested, user_passwd)) {
- krb_token.length = 0;
- }
-
- if (!Data(ap, KRB4_ENCPWD_AUTH, (void *)krb_token.dat, krb_token.length)) {
- return;
- }
-
- break;
-
- default:
- return;
- }
-}
-
- int
-krb4encpwd_status(ap, name, level)
- Authenticator *ap;
- char *name;
- int level;
-{
-
- if (level < AUTH_USER)
- return(level);
-
- if (UserNameRequested && passwdok(UserNameRequested, UserPassword)) {
- strcpy(name, UserNameRequested);
- return(AUTH_VALID);
- } else {
- return(AUTH_USER);
- }
-}
-
-#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);}
-#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);}
-
- void
-krb4encpwd_printsub(data, cnt, buf, buflen)
- unsigned char *data, *buf;
- int cnt, buflen;
-{
- char lbuf[32];
- register int i;
-
- buf[buflen-1] = '\0'; /* make sure its NULL terminated */
- buflen -= 1;
-
- switch(data[3]) {
- case KRB4_ENCPWD_REJECT: /* Rejected (reason might follow) */
- strncpy((char *)buf, " REJECT ", buflen);
- goto common;
-
- case KRB4_ENCPWD_ACCEPT: /* Accepted (name might follow) */
- strncpy((char *)buf, " ACCEPT ", buflen);
- common:
- BUMP(buf, buflen);
- if (cnt <= 4)
- break;
- ADDC(buf, buflen, '"');
- for (i = 4; i < cnt; i++)
- ADDC(buf, buflen, data[i]);
- ADDC(buf, buflen, '"');
- ADDC(buf, buflen, '\0');
- break;
-
- case KRB4_ENCPWD_AUTH: /* Authentication data follows */
- strncpy((char *)buf, " AUTH", buflen);
- goto common2;
-
- case KRB4_ENCPWD_CHALLENGE:
- strncpy((char *)buf, " CHALLENGE", buflen);
- goto common2;
-
- case KRB4_ENCPWD_ACK:
- strncpy((char *)buf, " ACK", buflen);
- goto common2;
-
- default:
- sprintf(lbuf, " %d (unknown)", data[3]);
- strncpy((char *)buf, lbuf, buflen);
- common2:
- BUMP(buf, buflen);
- for (i = 4; i < cnt; i++) {
- sprintf(lbuf, " %d", data[i]);
- strncpy((char *)buf, lbuf, buflen);
- BUMP(buf, buflen);
- }
- break;
- }
-}
-
-int passwdok(name, passwd)
-char *name, *passwd;
-{
- char *crypt();
- char *salt, *p;
- struct passwd *pwd;
- int passwdok_status = 0;
-
- if (pwd = getpwnam(name))
- salt = pwd->pw_passwd;
- else salt = "xx";
-
- p = crypt(passwd, salt);
-
- if (pwd && !strcmp(p, pwd->pw_passwd)) {
- passwdok_status = 1;
- } else passwdok_status = 0;
- return(passwdok_status);
-}
-
-#endif
-
-#ifdef notdef
-
-prkey(msg, key)
- char *msg;
- unsigned char *key;
-{
- register int i;
- printf("%s:", msg);
- for (i = 0; i < 8; i++)
- printf(" %3d", key[i]);
- printf("\r\n");
-}
-#endif
diff --git a/eBones/lib/libtelnet/misc-proto.h b/eBones/lib/libtelnet/misc-proto.h
deleted file mode 100644
index e5f334a..0000000
--- a/eBones/lib/libtelnet/misc-proto.h
+++ /dev/null
@@ -1,79 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * @(#)misc-proto.h 8.1 (Berkeley) 6/4/93
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#ifndef __MISC_PROTO__
-#define __MISC_PROTO__
-
-#if !defined(P)
-#ifdef __STDC__
-#define P(x) x
-#else
-#define P(x) ()
-#endif
-#endif
-
-void auth_encrypt_init P((char *, char *, char *, int));
-void auth_encrypt_connect P((int));
-void printd P((unsigned char *, int));
-
-/*
- * These functions are imported from the application
- */
-int net_write P((unsigned char *, int));
-void net_encrypt P((void));
-int telnet_spin P((void));
-char *telnet_getenv P((char *));
-char *telnet_gets P((char *, char *, int, int));
-#endif
diff --git a/eBones/lib/libtelnet/misc.c b/eBones/lib/libtelnet/misc.c
deleted file mode 100644
index 4f8f8d5..0000000
--- a/eBones/lib/libtelnet/misc.c
+++ /dev/null
@@ -1,98 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static const char sccsid[] = "@(#)misc.c 8.1 (Berkeley) 6/4/93";
-#endif /* not lint */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include "misc.h"
-#include "auth.h"
-#include "encrypt.h"
-
-char *RemoteHostName;
-char *LocalHostName;
-char *UserNameRequested = 0;
-int ConnectedCount = 0;
-
- void
-auth_encrypt_init(local, remote, name, server)
- char *local;
- char *remote;
- char *name;
- int server;
-{
- RemoteHostName = remote;
- LocalHostName = local;
-#if defined(AUTHENTICATION)
- auth_init(name, server);
-#endif
-#ifdef ENCRYPTION
- encrypt_init(name, server);
-#endif /* ENCRYPTION */
- if (UserNameRequested) {
- free(UserNameRequested);
- UserNameRequested = 0;
- }
-}
-
- void
-auth_encrypt_user(name)
- char *name;
-{
- extern char *strdup();
-
- if (UserNameRequested)
- free(UserNameRequested);
- UserNameRequested = name ? strdup(name) : 0;
-}
-
- void
-auth_encrypt_connect(cnt)
- int cnt;
-{
-}
-
- void
-printd(data, cnt)
- unsigned char *data;
- int cnt;
-{
- if (cnt > 16)
- cnt = 16;
- while (cnt-- > 0) {
- printf(" %02x", *data);
- ++data;
- }
-}
diff --git a/eBones/lib/libtelnet/misc.h b/eBones/lib/libtelnet/misc.h
deleted file mode 100644
index 41ffa7f..0000000
--- a/eBones/lib/libtelnet/misc.h
+++ /dev/null
@@ -1,42 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * @(#)misc.h 8.1 (Berkeley) 6/4/93
- */
-
-extern char *UserNameRequested;
-extern char *LocalHostName;
-extern char *RemoteHostName;
-extern int ConnectedCount;
-extern int ReservedPort;
-
-#include "misc-proto.h"
diff --git a/eBones/lib/libtelnet/read_password.c b/eBones/lib/libtelnet/read_password.c
deleted file mode 100644
index 4676ed3..0000000
--- a/eBones/lib/libtelnet/read_password.c
+++ /dev/null
@@ -1,145 +0,0 @@
-/*-
- * Copyright (c) 1992, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)read_password.c 8.3 (Berkeley) 5/30/95";
-#endif /* not lint */
-
-/*
- * $Source: /mit/kerberos/src/lib/des/RCS/read_password.c,v $
- * $Author: jon $
- *
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- * This routine prints the supplied string to standard
- * output as a prompt, and reads a password string without
- * echoing.
- */
-
-#if defined(RSA_ENCPWD) || defined(KRB4_ENCPWD)
-
-#include <stdio.h>
-#include <strings.h>
-#include <sys/ioctl.h>
-#include <signal.h>
-#include <setjmp.h>
-
-static jmp_buf env;
-
-/*** Routines ****************************************************** */
-/*
- * This version just returns the string, doesn't map to key.
- *
- * Returns 0 on success, non-zero on failure.
- */
-
-int
-local_des_read_pw_string(s,max,prompt,verify)
- char *s;
- int max;
- char *prompt;
- int verify;
-{
- int ok = 0;
- char *ptr;
-
- jmp_buf old_env;
- struct sgttyb tty_state;
- char key_string[BUFSIZ];
-
- if (max > BUFSIZ) {
- return -1;
- }
-
- /* XXX assume jmp_buf is typedef'ed to an array */
- memmove((char *)env, (char *)old_env, sizeof(env));
- if (setjmp(env))
- goto lose;
-
- /* save terminal state*/
- if (ioctl(0,TIOCGETP,(char *)&tty_state) == -1)
- return -1;
-/*
- push_signals();
-*/
- /* Turn off echo */
- tty_state.sg_flags &= ~ECHO;
- if (ioctl(0,TIOCSETP,(char *)&tty_state) == -1)
- return -1;
- while (!ok) {
- (void) printf(prompt);
- (void) fflush(stdout);
- while (!fgets(s, max, stdin));
-
- if ((ptr = strchr(s, '\n')))
- *ptr = '\0';
- if (verify) {
- printf("\nVerifying, please re-enter %s",prompt);
- (void) fflush(stdout);
- if (!fgets(key_string, sizeof(key_string), stdin)) {
- clearerr(stdin);
- continue;
- }
- if ((ptr = strchr(key_string, '\n')))
- *ptr = '\0';
- if (strcmp(s,key_string)) {
- printf("\n\07\07Mismatch - try again\n");
- (void) fflush(stdout);
- continue;
- }
- }
- ok = 1;
- }
-
-lose:
- if (!ok)
- memset(s, 0, max);
- printf("\n");
- /* turn echo back on */
- tty_state.sg_flags |= ECHO;
- if (ioctl(0,TIOCSETP,(char *)&tty_state))
- ok = 0;
-/*
- pop_signals();
-*/
- memmove((char *)old_env, (char *)env, sizeof(env));
- if (verify)
- memset(key_string, 0, sizeof (key_string));
- s[max-1] = 0; /* force termination */
- return !ok; /* return nonzero if not okay */
-}
-#endif /* defined(RSA_ENCPWD) || defined(KRB4_ENCPWD) */
diff --git a/eBones/lib/libtelnet/rsaencpwd.c b/eBones/lib/libtelnet/rsaencpwd.c
deleted file mode 100644
index 3492132..0000000
--- a/eBones/lib/libtelnet/rsaencpwd.c
+++ /dev/null
@@ -1,492 +0,0 @@
-/*-
- * Copyright (c) 1992, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)rsaencpwd.c 8.3 (Berkeley) 5/30/95";
-#endif /* not lint */
-
-
-#ifdef RSA_ENCPWD
-/*
- * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION
- * ALL RIGHTS RESERVED
- *
- * "Digital Equipment Corporation authorizes the reproduction,
- * distribution and modification of this software subject to the following
- * restrictions:
- *
- * 1. Any partial or whole copy of this software, or any modification
- * thereof, must include this copyright notice in its entirety.
- *
- * 2. This software is supplied "as is" with no warranty of any kind,
- * expressed or implied, for any purpose, including any warranty of fitness
- * or merchantibility. DIGITAL assumes no responsibility for the use or
- * reliability of this software, nor promises to provide any form of
- * support for it on any basis.
- *
- * 3. Distribution of this software is authorized only if no profit or
- * remuneration of any kind is received in exchange for such distribution.
- *
- * 4. This software produces public key authentication certificates
- * bearing an expiration date established by DIGITAL and RSA Data
- * Security, Inc. It may cease to generate certificates after the expiration
- * date. Any modification of this software that changes or defeats
- * the expiration date or its effect is unauthorized.
- *
- * 5. Software that will renew or extend the expiration date of
- * authentication certificates produced by this software may be obtained
- * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA
- * 94065, (415)595-8782, or from DIGITAL"
- *
- */
-
-#include <sys/types.h>
-#include <arpa/telnet.h>
-#include <pwd.h>
-#include <stdio.h>
-
-#ifdef __STDC__
-#include <stdlib.h>
-#endif
-#ifdef NO_STRING_H
-#include <strings.h>
-#else
-#include <string.h>
-#endif
-
-#include "encrypt.h"
-#include "auth.h"
-#include "misc.h"
-#include "cdc.h"
-
-extern auth_debug_mode;
-
-static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
- AUTHTYPE_RSA_ENCPWD, };
-static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
- TELQUAL_NAME, };
-
-#define RSA_ENCPWD_AUTH 0 /* Authentication data follows */
-#define RSA_ENCPWD_REJECT 1 /* Rejected (reason might follow) */
-#define RSA_ENCPWD_ACCEPT 2 /* Accepted */
-#define RSA_ENCPWD_CHALLENGEKEY 3 /* Challenge and public key */
-
-#define NAME_SZ 40
-#define CHAL_SZ 20
-#define PWD_SZ 40
-
-static KTEXT_ST auth;
-static char name[NAME_SZ];
-static char user_passwd[PWD_SZ];
-static char key_file[2*NAME_SZ];
-static char lhostname[NAME_SZ];
-static char challenge[CHAL_SZ];
-static int challenge_len;
-
- static int
-Data(ap, type, d, c)
- Authenticator *ap;
- int type;
- void *d;
- int c;
-{
- unsigned char *p = str_data + 4;
- unsigned char *cd = (unsigned char *)d;
-
- if (c == -1)
- c = strlen((char *)cd);
-
- if (0) {
- printf("%s:%d: [%d] (%d)",
- str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
- str_data[3],
- type, c);
- printd(d, c);
- printf("\r\n");
- }
- *p++ = ap->type;
- *p++ = ap->way;
- if (type != NULL) *p++ = type;
- while (c-- > 0) {
- if ((*p++ = *cd++) == IAC)
- *p++ = IAC;
- }
- *p++ = IAC;
- *p++ = SE;
- if (str_data[3] == TELQUAL_IS)
- printsub('>', &str_data[2], p - (&str_data[2]));
- return(net_write(str_data, p - str_data));
-}
-
- int
-rsaencpwd_init(ap, server)
- Authenticator *ap;
- int server;
-{
- char *cp;
- FILE *fp;
-
- if (server) {
- str_data[3] = TELQUAL_REPLY;
- memset(key_file, 0, sizeof(key_file));
- gethostname(lhostname, sizeof(lhostname));
- if ((cp = strchr(lhostname, '.')) != 0) *cp = '\0';
- strcpy(key_file, "/etc/.");
- strcat(key_file, lhostname);
- strcat(key_file, "_privkey");
- if ((fp=fopen(key_file, "r"))==NULL) return(0);
- fclose(fp);
- } else {
- str_data[3] = TELQUAL_IS;
- }
- return(1);
-}
-
- int
-rsaencpwd_send(ap)
- Authenticator *ap;
-{
-
- printf("[ Trying RSAENCPWD ... ]\n");
- if (!UserNameRequested) {
- return(0);
- }
- if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
- return(0);
- }
- if (!Data(ap, NULL, (void *)NULL, 0)) {
- return(0);
- }
-
-
- return(1);
-}
-
- void
-rsaencpwd_is(ap, data, cnt)
- Authenticator *ap;
- unsigned char *data;
- int cnt;
-{
- Session_Key skey;
- Block datablock;
- char r_passwd[PWD_SZ], r_user[NAME_SZ];
- char *cp, key[160];
- char chalkey[160], *ptr;
- FILE *fp;
- int r, i, j, chalkey_len, len;
- time_t now;
-
- cnt--;
- switch (*data++) {
- case RSA_ENCPWD_AUTH:
- memmove((void *)auth.dat, (void *)data, auth.length = cnt);
-
- if ((fp=fopen(key_file, "r"))==NULL) {
- Data(ap, RSA_ENCPWD_REJECT, (void *)"Auth failed", -1);
- auth_finished(ap, AUTH_REJECT);
- return;
- }
- /*
- * get privkey
- */
- fscanf(fp, "%x;", &len);
- for (i=0;i<len;i++) {
- j = getc(fp); key[i]=j;
- }
- fclose(fp);
-
- r = accept_rsa_encpwd(&auth, key, challenge,
- challenge_len, r_passwd);
- if (r < 0) {
- Data(ap, RSA_ENCPWD_REJECT, (void *)"Auth failed", -1);
- auth_finished(ap, AUTH_REJECT);
- return;
- }
- auth_encrypt_userpwd(r_passwd);
- if (rsaencpwd_passwdok(UserNameRequested, UserPassword) == 0) {
- /*
- * illegal username and password
- */
- Data(ap, RSA_ENCPWD_REJECT, (void *)"Illegal password", -1);
- auth_finished(ap, AUTH_REJECT);
- return;
- }
-
- Data(ap, RSA_ENCPWD_ACCEPT, (void *)0, 0);
- auth_finished(ap, AUTH_USER);
- break;
-
-
- case IAC:
-
- /*
- * If we are doing mutual authentication, get set up to send
- * the challenge, and verify it when the response comes back.
- */
- if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_ONE_WAY) {
- register int i;
-
-
- time(&now);
- if ((now % 2) == 0) {
- sprintf(challenge, "%x", now);
- challenge_len = strlen(challenge);
- } else {
- strcpy(challenge, "randchal");
- challenge_len = 8;
- }
-
- if ((fp=fopen(key_file, "r"))==NULL) {
- Data(ap, RSA_ENCPWD_REJECT, (void *)"Auth failed", -1);
- auth_finished(ap, AUTH_REJECT);
- return;
- }
- /*
- * skip privkey
- */
- fscanf(fp, "%x;", &len);
- for (i=0;i<len;i++) {
- j = getc(fp);
- }
- /*
- * get pubkey
- */
- fscanf(fp, "%x;", &len);
- for (i=0;i<len;i++) {
- j = getc(fp); key[i]=j;
- }
- fclose(fp);
- chalkey[0] = 0x30;
- ptr = (char *) &chalkey[1];
- chalkey_len = 1+NumEncodeLengthOctets(i)+i+1+NumEncodeLengthOctets(challenge_len)+challenge_len;
- EncodeLength(ptr, chalkey_len);
- ptr +=NumEncodeLengthOctets(chalkey_len);
- *ptr++ = 0x04; /* OCTET STRING */
- *ptr++ = challenge_len;
- memmove(ptr, challenge, challenge_len);
- ptr += challenge_len;
- *ptr++ = 0x04; /* OCTET STRING */
- EncodeLength(ptr, i);
- ptr += NumEncodeLengthOctets(i);
- memmove(ptr, key, i);
- chalkey_len = 1+NumEncodeLengthOctets(chalkey_len)+chalkey_len;
- Data(ap, RSA_ENCPWD_CHALLENGEKEY, (void *)chalkey, chalkey_len);
- }
- break;
-
- default:
- Data(ap, RSA_ENCPWD_REJECT, 0, 0);
- break;
- }
-}
-
-
- void
-rsaencpwd_reply(ap, data, cnt)
- Authenticator *ap;
- unsigned char *data;
- int cnt;
-{
- Session_Key skey;
- KTEXT_ST token;
- Block enckey;
- int r, pubkey_len;
- char randchal[CHAL_SZ], *cp;
- char chalkey[160], pubkey[128], *ptr;
-
- if (cnt-- < 1)
- return;
- switch (*data++) {
- case RSA_ENCPWD_REJECT:
- if (cnt > 0) {
- printf("[ RSA_ENCPWD refuses authentication because %.*s ]\r\n",
- cnt, data);
- } else
- printf("[ RSA_ENCPWD refuses authentication ]\r\n");
- auth_send_retry();
- return;
- case RSA_ENCPWD_ACCEPT:
- printf("[ RSA_ENCPWD accepts you ]\n");
- auth_finished(ap, AUTH_USER);
- return;
- case RSA_ENCPWD_CHALLENGEKEY:
- /*
- * Verify that the response to the challenge is correct.
- */
-
- memmove((void *)chalkey, (void *)data, cnt);
- ptr = (char *) &chalkey[0];
- ptr += DecodeHeaderLength(chalkey);
- if (*ptr != 0x04) {
- return;
- }
- *ptr++;
- challenge_len = DecodeValueLength(ptr);
- ptr += NumEncodeLengthOctets(challenge_len);
- memmove(challenge, ptr, challenge_len);
- ptr += challenge_len;
- if (*ptr != 0x04) {
- return;
- }
- *ptr++;
- pubkey_len = DecodeValueLength(ptr);
- ptr += NumEncodeLengthOctets(pubkey_len);
- memmove(pubkey, ptr, pubkey_len);
- memset(user_passwd, 0, sizeof(user_passwd));
- local_des_read_pw_string(user_passwd, sizeof(user_passwd)-1, "Password: ", 0);
- UserPassword = user_passwd;
- Challenge = challenge;
- r = init_rsa_encpwd(&token, user_passwd, challenge, challenge_len, pubkey);
- if (r < 0) {
- token.length = 1;
- }
-
- if (!Data(ap, RSA_ENCPWD_AUTH, (void *)token.dat, token.length)) {
- return;
- }
-
- break;
-
- default:
- return;
- }
-}
-
- int
-rsaencpwd_status(ap, name, level)
- Authenticator *ap;
- char *name;
- int level;
-{
-
- if (level < AUTH_USER)
- return(level);
-
- if (UserNameRequested && rsaencpwd_passwdok(UserNameRequested, UserPassword)) {
- strcpy(name, UserNameRequested);
- return(AUTH_VALID);
- } else {
- return(AUTH_USER);
- }
-}
-
-#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);}
-#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);}
-
- void
-rsaencpwd_printsub(data, cnt, buf, buflen)
- unsigned char *data, *buf;
- int cnt, buflen;
-{
- char lbuf[32];
- register int i;
-
- buf[buflen-1] = '\0'; /* make sure its NULL terminated */
- buflen -= 1;
-
- switch(data[3]) {
- case RSA_ENCPWD_REJECT: /* Rejected (reason might follow) */
- strncpy((char *)buf, " REJECT ", buflen);
- goto common;
-
- case RSA_ENCPWD_ACCEPT: /* Accepted (name might follow) */
- strncpy((char *)buf, " ACCEPT ", buflen);
- common:
- BUMP(buf, buflen);
- if (cnt <= 4)
- break;
- ADDC(buf, buflen, '"');
- for (i = 4; i < cnt; i++)
- ADDC(buf, buflen, data[i]);
- ADDC(buf, buflen, '"');
- ADDC(buf, buflen, '\0');
- break;
-
- case RSA_ENCPWD_AUTH: /* Authentication data follows */
- strncpy((char *)buf, " AUTH", buflen);
- goto common2;
-
- case RSA_ENCPWD_CHALLENGEKEY:
- strncpy((char *)buf, " CHALLENGEKEY", buflen);
- goto common2;
-
- default:
- sprintf(lbuf, " %d (unknown)", data[3]);
- strncpy((char *)buf, lbuf, buflen);
- common2:
- BUMP(buf, buflen);
- for (i = 4; i < cnt; i++) {
- sprintf(lbuf, " %d", data[i]);
- strncpy((char *)buf, lbuf, buflen);
- BUMP(buf, buflen);
- }
- break;
- }
-}
-
-int rsaencpwd_passwdok(name, passwd)
-char *name, *passwd;
-{
- char *crypt();
- char *salt, *p;
- struct passwd *pwd;
- int passwdok_status = 0;
-
- if (pwd = getpwnam(name))
- salt = pwd->pw_passwd;
- else salt = "xx";
-
- p = crypt(passwd, salt);
-
- if (pwd && !strcmp(p, pwd->pw_passwd)) {
- passwdok_status = 1;
- } else passwdok_status = 0;
- return(passwdok_status);
-}
-
-#endif
-
-#ifdef notdef
-
-prkey(msg, key)
- char *msg;
- unsigned char *key;
-{
- register int i;
- printf("%s:", msg);
- for (i = 0; i < 8; i++)
- printf(" %3d", key[i]);
- printf("\r\n");
-}
-#endif
diff --git a/eBones/lib/libtelnet/spx.c b/eBones/lib/libtelnet/spx.c
deleted file mode 100644
index 4026030..0000000
--- a/eBones/lib/libtelnet/spx.c
+++ /dev/null
@@ -1,587 +0,0 @@
-/*-
- * Copyright (c) 1992, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)spx.c 8.2 (Berkeley) 5/30/95";
-#endif /* not lint */
-
-#ifdef SPX
-/*
- * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION
- * ALL RIGHTS RESERVED
- *
- * "Digital Equipment Corporation authorizes the reproduction,
- * distribution and modification of this software subject to the following
- * restrictions:
- *
- * 1. Any partial or whole copy of this software, or any modification
- * thereof, must include this copyright notice in its entirety.
- *
- * 2. This software is supplied "as is" with no warranty of any kind,
- * expressed or implied, for any purpose, including any warranty of fitness
- * or merchantibility. DIGITAL assumes no responsibility for the use or
- * reliability of this software, nor promises to provide any form of
- * support for it on any basis.
- *
- * 3. Distribution of this software is authorized only if no profit or
- * remuneration of any kind is received in exchange for such distribution.
- *
- * 4. This software produces public key authentication certificates
- * bearing an expiration date established by DIGITAL and RSA Data
- * Security, Inc. It may cease to generate certificates after the expiration
- * date. Any modification of this software that changes or defeats
- * the expiration date or its effect is unauthorized.
- *
- * 5. Software that will renew or extend the expiration date of
- * authentication certificates produced by this software may be obtained
- * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA
- * 94065, (415)595-8782, or from DIGITAL"
- *
- */
-
-#include <sys/types.h>
-#include <arpa/telnet.h>
-#include <stdio.h>
-#include "gssapi_defs.h"
-#ifdef __STDC__
-#include <stdlib.h>
-#endif
-#ifdef NO_STRING_H
-#include <strings.h>
-#else
-#include <string.h>
-#endif
-
-#include <pwd.h>
-#include "encrypt.h"
-#include "auth.h"
-#include "misc.h"
-
-extern auth_debug_mode;
-
-static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
- AUTHTYPE_SPX, };
-static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
- TELQUAL_NAME, };
-
-#define SPX_AUTH 0 /* Authentication data follows */
-#define SPX_REJECT 1 /* Rejected (reason might follow) */
-#define SPX_ACCEPT 2 /* Accepted */
-
-#ifdef ENCRYPTION
-static Block session_key = { 0 };
-#endif /* ENCRYPTION */
-static Block challenge = { 0 };
-
-
-/*******************************************************************/
-
-gss_OID_set actual_mechs;
-gss_OID actual_mech_type, output_name_type;
-int major_status, status, msg_ctx = 0, new_status;
-int req_flags = 0, ret_flags, lifetime_rec;
-gss_cred_id_t gss_cred_handle;
-gss_ctx_id_t actual_ctxhandle, context_handle;
-gss_buffer_desc output_token, input_token, input_name_buffer;
-gss_buffer_desc status_string;
-gss_name_t desired_targname, src_name;
-gss_channel_bindings input_chan_bindings;
-char lhostname[GSS_C_MAX_PRINTABLE_NAME];
-char targ_printable[GSS_C_MAX_PRINTABLE_NAME];
-int to_addr=0, from_addr=0;
-char *address;
-gss_buffer_desc fullname_buffer;
-gss_OID fullname_type;
-gss_cred_id_t gss_delegated_cred_handle;
-
-/*******************************************************************/
-
-
-
- static int
-Data(ap, type, d, c)
- Authenticator *ap;
- int type;
- void *d;
- int c;
-{
- unsigned char *p = str_data + 4;
- unsigned char *cd = (unsigned char *)d;
-
- if (c == -1)
- c = strlen((char *)cd);
-
- if (0) {
- printf("%s:%d: [%d] (%d)",
- str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
- str_data[3],
- type, c);
- printd(d, c);
- printf("\r\n");
- }
- *p++ = ap->type;
- *p++ = ap->way;
- *p++ = type;
- while (c-- > 0) {
- if ((*p++ = *cd++) == IAC)
- *p++ = IAC;
- }
- *p++ = IAC;
- *p++ = SE;
- if (str_data[3] == TELQUAL_IS)
- printsub('>', &str_data[2], p - (&str_data[2]));
- return(net_write(str_data, p - str_data));
-}
-
- int
-spx_init(ap, server)
- Authenticator *ap;
- int server;
-{
- gss_cred_id_t tmp_cred_handle;
-
- if (server) {
- str_data[3] = TELQUAL_REPLY;
- gethostname(lhostname, sizeof(lhostname));
- strcpy(targ_printable, "SERVICE:rcmd@");
- strcat(targ_printable, lhostname);
- input_name_buffer.length = strlen(targ_printable);
- input_name_buffer.value = targ_printable;
- major_status = gss_import_name(&status,
- &input_name_buffer,
- GSS_C_NULL_OID,
- &desired_targname);
- major_status = gss_acquire_cred(&status,
- desired_targname,
- 0,
- GSS_C_NULL_OID_SET,
- GSS_C_ACCEPT,
- &tmp_cred_handle,
- &actual_mechs,
- &lifetime_rec);
- if (major_status != GSS_S_COMPLETE) return(0);
- } else {
- str_data[3] = TELQUAL_IS;
- }
- return(1);
-}
-
- int
-spx_send(ap)
- Authenticator *ap;
-{
- Block enckey;
- int r;
-
- gss_OID actual_mech_type, output_name_type;
- int msg_ctx = 0, new_status, status;
- int req_flags = 0, ret_flags, lifetime_rec, major_status;
- gss_buffer_desc output_token, input_token, input_name_buffer;
- gss_buffer_desc output_name_buffer, status_string;
- gss_name_t desired_targname;
- gss_channel_bindings input_chan_bindings;
- char targ_printable[GSS_C_MAX_PRINTABLE_NAME];
- int from_addr=0, to_addr=0, myhostlen, j;
- int deleg_flag=1, mutual_flag=0, replay_flag=0, seq_flag=0;
- char *address;
-
- printf("[ Trying SPX ... ]\n");
- strcpy(targ_printable, "SERVICE:rcmd@");
- strcat(targ_printable, RemoteHostName);
-
- input_name_buffer.length = strlen(targ_printable);
- input_name_buffer.value = targ_printable;
-
- if (!UserNameRequested) {
- return(0);
- }
-
- major_status = gss_import_name(&status,
- &input_name_buffer,
- GSS_C_NULL_OID,
- &desired_targname);
-
-
- major_status = gss_display_name(&status,
- desired_targname,
- &output_name_buffer,
- &output_name_type);
-
- printf("target is '%s'\n", output_name_buffer.value); fflush(stdout);
-
- major_status = gss_release_buffer(&status, &output_name_buffer);
-
- input_chan_bindings = (gss_channel_bindings)
- malloc(sizeof(gss_channel_bindings_desc));
-
- input_chan_bindings->initiator_addrtype = GSS_C_AF_INET;
- input_chan_bindings->initiator_address.length = 4;
- address = (char *) malloc(4);
- input_chan_bindings->initiator_address.value = (char *) address;
- address[0] = ((from_addr & 0xff000000) >> 24);
- address[1] = ((from_addr & 0xff0000) >> 16);
- address[2] = ((from_addr & 0xff00) >> 8);
- address[3] = (from_addr & 0xff);
- input_chan_bindings->acceptor_addrtype = GSS_C_AF_INET;
- input_chan_bindings->acceptor_address.length = 4;
- address = (char *) malloc(4);
- input_chan_bindings->acceptor_address.value = (char *) address;
- address[0] = ((to_addr & 0xff000000) >> 24);
- address[1] = ((to_addr & 0xff0000) >> 16);
- address[2] = ((to_addr & 0xff00) >> 8);
- address[3] = (to_addr & 0xff);
- input_chan_bindings->application_data.length = 0;
-
- req_flags = 0;
- if (deleg_flag) req_flags = req_flags | 1;
- if (mutual_flag) req_flags = req_flags | 2;
- if (replay_flag) req_flags = req_flags | 4;
- if (seq_flag) req_flags = req_flags | 8;
-
- major_status = gss_init_sec_context(&status, /* minor status */
- GSS_C_NO_CREDENTIAL, /* cred handle */
- &actual_ctxhandle, /* ctx handle */
- desired_targname, /* target name */
- GSS_C_NULL_OID, /* mech type */
- req_flags, /* req flags */
- 0, /* time req */
- input_chan_bindings, /* chan binding */
- GSS_C_NO_BUFFER, /* input token */
- &actual_mech_type, /* actual mech */
- &output_token, /* output token */
- &ret_flags, /* ret flags */
- &lifetime_rec); /* time rec */
-
- if ((major_status != GSS_S_COMPLETE) &&
- (major_status != GSS_S_CONTINUE_NEEDED)) {
- gss_display_status(&new_status,
- status,
- GSS_C_MECH_CODE,
- GSS_C_NULL_OID,
- &msg_ctx,
- &status_string);
- printf("%s\n", status_string.value);
- return(0);
- }
-
- if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
- return(0);
- }
-
- if (!Data(ap, SPX_AUTH, (void *)output_token.value, output_token.length)) {
- return(0);
- }
-
- return(1);
-}
-
- void
-spx_is(ap, data, cnt)
- Authenticator *ap;
- unsigned char *data;
- int cnt;
-{
- Session_Key skey;
- Block datablock;
- int r;
-
- if (cnt-- < 1)
- return;
- switch (*data++) {
- case SPX_AUTH:
- input_token.length = cnt;
- input_token.value = (char *) data;
-
- gethostname(lhostname, sizeof(lhostname));
-
- strcpy(targ_printable, "SERVICE:rcmd@");
- strcat(targ_printable, lhostname);
-
- input_name_buffer.length = strlen(targ_printable);
- input_name_buffer.value = targ_printable;
-
- major_status = gss_import_name(&status,
- &input_name_buffer,
- GSS_C_NULL_OID,
- &desired_targname);
-
- major_status = gss_acquire_cred(&status,
- desired_targname,
- 0,
- GSS_C_NULL_OID_SET,
- GSS_C_ACCEPT,
- &gss_cred_handle,
- &actual_mechs,
- &lifetime_rec);
-
- major_status = gss_release_name(&status, desired_targname);
-
- input_chan_bindings = (gss_channel_bindings)
- malloc(sizeof(gss_channel_bindings_desc));
-
- input_chan_bindings->initiator_addrtype = GSS_C_AF_INET;
- input_chan_bindings->initiator_address.length = 4;
- address = (char *) malloc(4);
- input_chan_bindings->initiator_address.value = (char *) address;
- address[0] = ((from_addr & 0xff000000) >> 24);
- address[1] = ((from_addr & 0xff0000) >> 16);
- address[2] = ((from_addr & 0xff00) >> 8);
- address[3] = (from_addr & 0xff);
- input_chan_bindings->acceptor_addrtype = GSS_C_AF_INET;
- input_chan_bindings->acceptor_address.length = 4;
- address = (char *) malloc(4);
- input_chan_bindings->acceptor_address.value = (char *) address;
- address[0] = ((to_addr & 0xff000000) >> 24);
- address[1] = ((to_addr & 0xff0000) >> 16);
- address[2] = ((to_addr & 0xff00) >> 8);
- address[3] = (to_addr & 0xff);
- input_chan_bindings->application_data.length = 0;
-
- major_status = gss_accept_sec_context(&status,
- &context_handle,
- gss_cred_handle,
- &input_token,
- input_chan_bindings,
- &src_name,
- &actual_mech_type,
- &output_token,
- &ret_flags,
- &lifetime_rec,
- &gss_delegated_cred_handle);
-
-
- if (major_status != GSS_S_COMPLETE) {
-
- major_status = gss_display_name(&status,
- src_name,
- &fullname_buffer,
- &fullname_type);
- Data(ap, SPX_REJECT, (void *)"auth failed", -1);
- auth_finished(ap, AUTH_REJECT);
- return;
- }
-
- major_status = gss_display_name(&status,
- src_name,
- &fullname_buffer,
- &fullname_type);
-
-
- Data(ap, SPX_ACCEPT, (void *)output_token.value, output_token.length);
- auth_finished(ap, AUTH_USER);
- break;
-
- default:
- Data(ap, SPX_REJECT, 0, 0);
- break;
- }
-}
-
-
- void
-spx_reply(ap, data, cnt)
- Authenticator *ap;
- unsigned char *data;
- int cnt;
-{
- Session_Key skey;
-
- if (cnt-- < 1)
- return;
- switch (*data++) {
- case SPX_REJECT:
- if (cnt > 0) {
- printf("[ SPX refuses authentication because %.*s ]\r\n",
- cnt, data);
- } else
- printf("[ SPX refuses authentication ]\r\n");
- auth_send_retry();
- return;
- case SPX_ACCEPT:
- printf("[ SPX accepts you ]\n");
- if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
- /*
- * Send over the encrypted challenge.
- */
- input_token.value = (char *) data;
- input_token.length = cnt;
-
- major_status = gss_init_sec_context(&status, /* minor stat */
- GSS_C_NO_CREDENTIAL, /* cred handle */
- &actual_ctxhandle, /* ctx handle */
- desired_targname, /* target name */
- GSS_C_NULL_OID, /* mech type */
- req_flags, /* req flags */
- 0, /* time req */
- input_chan_bindings, /* chan binding */
- &input_token, /* input token */
- &actual_mech_type, /* actual mech */
- &output_token, /* output token */
- &ret_flags, /* ret flags */
- &lifetime_rec); /* time rec */
-
- if (major_status != GSS_S_COMPLETE) {
- gss_display_status(&new_status,
- status,
- GSS_C_MECH_CODE,
- GSS_C_NULL_OID,
- &msg_ctx,
- &status_string);
- printf("[ SPX mutual response fails ... '%s' ]\r\n",
- status_string.value);
- auth_send_retry();
- return;
- }
- }
- auth_finished(ap, AUTH_USER);
- return;
-
- default:
- return;
- }
-}
-
- int
-spx_status(ap, name, level)
- Authenticator *ap;
- char *name;
- int level;
-{
-
- gss_buffer_desc fullname_buffer, acl_file_buffer;
- gss_OID fullname_type;
- char acl_file[160], fullname[160];
- int major_status, status = 0;
- struct passwd *pwd;
-
- /*
- * hard code fullname to
- * "SPX:/C=US/O=Digital/OU=LKG/OU=Sphinx/OU=Users/CN=Kannan Alagappan"
- * and acl_file to "~kannan/.sphinx"
- */
-
- pwd = getpwnam(UserNameRequested);
- if (pwd == NULL) {
- return(AUTH_USER); /* not authenticated */
- }
-
- strcpy(acl_file, pwd->pw_dir);
- strcat(acl_file, "/.sphinx");
- acl_file_buffer.value = acl_file;
- acl_file_buffer.length = strlen(acl_file);
-
- major_status = gss_display_name(&status,
- src_name,
- &fullname_buffer,
- &fullname_type);
-
- if (level < AUTH_USER)
- return(level);
-
- major_status = gss__check_acl(&status, &fullname_buffer,
- &acl_file_buffer);
-
- if (major_status == GSS_S_COMPLETE) {
- strcpy(name, UserNameRequested);
- return(AUTH_VALID);
- } else {
- return(AUTH_USER);
- }
-
-}
-
-#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);}
-#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);}
-
- void
-spx_printsub(data, cnt, buf, buflen)
- unsigned char *data, *buf;
- int cnt, buflen;
-{
- char lbuf[32];
- register int i;
-
- buf[buflen-1] = '\0'; /* make sure its NULL terminated */
- buflen -= 1;
-
- switch(data[3]) {
- case SPX_REJECT: /* Rejected (reason might follow) */
- strncpy((char *)buf, " REJECT ", buflen);
- goto common;
-
- case SPX_ACCEPT: /* Accepted (name might follow) */
- strncpy((char *)buf, " ACCEPT ", buflen);
- common:
- BUMP(buf, buflen);
- if (cnt <= 4)
- break;
- ADDC(buf, buflen, '"');
- for (i = 4; i < cnt; i++)
- ADDC(buf, buflen, data[i]);
- ADDC(buf, buflen, '"');
- ADDC(buf, buflen, '\0');
- break;
-
- case SPX_AUTH: /* Authentication data follows */
- strncpy((char *)buf, " AUTH", buflen);
- goto common2;
-
- default:
- sprintf(lbuf, " %d (unknown)", data[3]);
- strncpy((char *)buf, lbuf, buflen);
- common2:
- BUMP(buf, buflen);
- for (i = 4; i < cnt; i++) {
- sprintf(lbuf, " %d", data[i]);
- strncpy((char *)buf, lbuf, buflen);
- BUMP(buf, buflen);
- }
- break;
- }
-}
-
-#endif
-
-#ifdef notdef
-
-prkey(msg, key)
- char *msg;
- unsigned char *key;
-{
- register int i;
- printf("%s:", msg);
- for (i = 0; i < 8; i++)
- printf(" %3d", key[i]);
- printf("\r\n");
-}
-#endif
OpenPOWER on IntegriCloud