diff options
Diffstat (limited to 'crypto/kerberosIV/kuser')
-rw-r--r-- | crypto/kerberosIV/kuser/Makefile.in | 92 | ||||
-rw-r--r-- | crypto/kerberosIV/kuser/kdestroy.c | 72 | ||||
-rw-r--r-- | crypto/kerberosIV/kuser/kinit.c | 158 | ||||
-rw-r--r-- | crypto/kerberosIV/kuser/klist.c | 314 | ||||
-rw-r--r-- | crypto/kerberosIV/kuser/kuser_locl.h | 86 |
5 files changed, 722 insertions, 0 deletions
diff --git a/crypto/kerberosIV/kuser/Makefile.in b/crypto/kerberosIV/kuser/Makefile.in new file mode 100644 index 0000000..aff8c19 --- /dev/null +++ b/crypto/kerberosIV/kuser/Makefile.in @@ -0,0 +1,92 @@ +# $Id: Makefile.in,v 1.23 1997/03/23 13:04:08 assar Exp $ + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +topdir = .. + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ +LD_FLAGS = @LD_FLAGS@ +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +LIBS = @LIBS@ +KRB_KAFS_LIB = @KRB_KAFS_LIB@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +bindir = @bindir@ +libdir = @libdir@ +transform=@program_transform_name@ +EXECSUFFIX=@EXECSUFFIX@ + +PROGS = kinit$(EXECSUFFIX) \ + kdestroy$(EXECSUFFIX) \ + klist$(EXECSUFFIX) + +SOURCES = kinit.c kdestroy.c klist.c + +OBJECTS = kinit.o kdestroy.o klist.o + +all: $(PROGS) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(bindir) + for x in $(PROGS); do \ + $(INSTALL_PROGRAM) $$x $(bindir)/`echo $$x | sed '$(transform)'`; \ + done + +uninstall: + for x in $(PROGS); do \ + rm -f $(bindir)/`echo $$x | sed '$(transform)'`; \ + done + +TAGS: $(SOURCES) + etags $(SOURCES) + +check: + +clean: + rm -f *.a *.o $(PROGS) + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +KLIB=-L../lib/krb -lkrb -L../lib/des -ldes +LIBROKEN=-L../lib/roken -lroken + +kinit$(EXECSUFFIX): kinit.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kinit.o $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + +kdestroy$(EXECSUFFIX): kdestroy.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kdestroy.o $(KRB_KAFS_LIB) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + +klist$(EXECSUFFIX): klist.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ klist.o $(KRB_KAFS_LIB) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + +# su move to appl/bsd + +$(OBJECTS): ../include/config.h diff --git a/crypto/kerberosIV/kuser/kdestroy.c b/crypto/kerberosIV/kuser/kdestroy.c new file mode 100644 index 0000000..2fe36c3 --- /dev/null +++ b/crypto/kerberosIV/kuser/kdestroy.c @@ -0,0 +1,72 @@ +/* + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * This program causes Kerberos tickets to be destroyed. + * Options are: + * + * -q[uiet] - no bell even if tickets not destroyed + * -f[orce] - no message printed at all + * -t - do not destroy tokens + */ + +#include "kuser_locl.h" +#include <kafs.h> + +RCSID("$Id: kdestroy.c,v 1.8 1997/03/30 16:15:03 joda Exp $"); + +static void +usage(void) +{ + fprintf(stderr, "Usage: %s [-f] [-q] [-t]\n", __progname); + exit(1); +} + +int +main(int argc, char **argv) +{ + int fflag=0, tflag = 0, k_errno; + int c; + + set_progname(argv[0]); + + while((c = getopt(argc, argv, "fqt")) >= 0){ + switch(c){ + case 'f': + case 'q': + fflag++; + break; + case 't': + tflag++; + break; + default: + usage(); + } + } + if(argc - optind > 0) + usage(); + + k_errno = dest_tkt(); + + if(!tflag && k_hasafs()) + k_unlog(); + + if (fflag) { + if (k_errno != 0 && k_errno != RET_TKFIL) + exit(1); + else + exit(0); + } else { + if (k_errno == 0) + printf("Tickets destroyed.\n"); + else if (k_errno == RET_TKFIL) + printf("No tickets to destroy.\n"); + else { + printf("Tickets NOT destroyed.\n"); + exit(1); + } + } + exit(0); +} diff --git a/crypto/kerberosIV/kuser/kinit.c b/crypto/kerberosIV/kuser/kinit.c new file mode 100644 index 0000000..64910b9 --- /dev/null +++ b/crypto/kerberosIV/kuser/kinit.c @@ -0,0 +1,158 @@ +/* + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * Routine to initialize user to Kerberos. Prompts optionally for + * user, instance and realm. Authenticates user and gets a ticket + * for the Kerberos ticket-granting service for future use. + * + * Options are: + * + * -i[instance] + * -r[realm] + * -v[erbose] + * -l[ifetime] + * -p + */ + +#include "kuser_locl.h" + +RCSID("$Id: kinit.c,v 1.15 1997/03/30 18:58:46 assar Exp $"); + +#define LIFE DEFAULT_TKT_LIFE /* lifetime of ticket in 5-minute units */ +#define CHPASSLIFE 2 + +static void +get_input(char *s, int size, FILE *stream) +{ + char *p; + + if (fgets(s, size, stream) == NULL) + exit(1); + if ( (p = strchr(s, '\n')) != NULL) + *p = '\0'; +} + + +static void +usage(void) +{ + fprintf(stderr, "Usage: %s [-irvlp] [name]\n", __progname); + exit(1); +} + +int +main(int argc, char **argv) +{ + char aname[ANAME_SZ]; + char inst[INST_SZ]; + char realm[REALM_SZ]; + char buf[MaxHostNameLen]; + char name[MAX_K_NAME_SZ]; + char *username = NULL; + int iflag, rflag, vflag, lflag, pflag, lifetime, k_errno; + int i; + + set_progname (argv[0]); + + *inst = *realm = '\0'; + iflag = rflag = vflag = lflag = pflag = 0; + lifetime = LIFE; + set_progname(argv[0]); + + while (--argc) { + if ((*++argv)[0] != '-') { + if (username) + usage(); + username = *argv; + continue; + } + for (i = 1; (*argv)[i] != '\0'; i++) + switch ((*argv)[i]) { + case 'i': /* Instance */ + ++iflag; + continue; + case 'r': /* Realm */ + ++rflag; + continue; + case 'v': /* Verbose */ + ++vflag; + continue; + case 'l': + ++lflag; + continue; + case 'p': + ++pflag; /* chpass-tickets */ + lifetime = CHPASSLIFE; + break; + default: + usage(); + } + } + if (username && + (k_errno = kname_parse(aname, inst, realm, username)) != KSUCCESS) { + warnx("%s", krb_get_err_text(k_errno)); + iflag = rflag = 1; + username = NULL; + } + if (k_gethostname(buf, MaxHostNameLen)) + err(1, "k_gethostname failed"); + printf("%s (%s)\n", ORGANIZATION, buf); + if (username) { + printf("Kerberos Initialization for \"%s", aname); + if (*inst) + printf(".%s", inst); + if (*realm) + printf("@%s", realm); + printf("\"\n"); + } else { + printf("Kerberos Initialization\n"); + printf("Kerberos name: "); + get_input(name, sizeof(name), stdin); + if (!*name) + return 0; + if ((k_errno = kname_parse(aname, inst, realm, name)) != KSUCCESS ) + errx(1, "%s", krb_get_err_text(k_errno)); + } + /* optional instance */ + if (iflag) { + printf("Kerberos instance: "); + get_input(inst, sizeof(inst), stdin); + if (!k_isinst(inst)) + errx(1, "bad Kerberos instance format"); + } + if (rflag) { + printf("Kerberos realm: "); + get_input(realm, sizeof(realm), stdin); + if (!k_isrealm(realm)) + errx(1, "bad Kerberos realm format"); + } + if (lflag) { + printf("Kerberos ticket lifetime (minutes): "); + get_input(buf, sizeof(buf), stdin); + lifetime = atoi(buf); + if (lifetime < 5) + lifetime = 1; + else + lifetime = krb_time_to_life(0, lifetime*60); + /* This should be changed if the maximum ticket lifetime */ + /* changes */ + if (lifetime > 255) + lifetime = 255; + } + if (!*realm && krb_get_lrealm(realm, 1)) + errx(1, "krb_get_lrealm failed"); + k_errno = krb_get_pw_in_tkt(aname, inst, realm, + pflag ? PWSERV_NAME : + KRB_TICKET_GRANTING_TICKET, + pflag ? KADM_SINST : realm, + lifetime, 0); + if (vflag) { + printf("Kerberos realm %s:\n", realm); + printf("%s\n", krb_get_err_text(k_errno)); + } else if (k_errno) + errx(1, "%s", krb_get_err_text(k_errno)); + exit(0); +} diff --git a/crypto/kerberosIV/kuser/klist.c b/crypto/kerberosIV/kuser/klist.c new file mode 100644 index 0000000..faf7d6b --- /dev/null +++ b/crypto/kerberosIV/kuser/klist.c @@ -0,0 +1,314 @@ +/* + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * Lists your current Kerberos tickets. + * Written by Bill Sommerfeld, MIT Project Athena. + */ + +#include "kuser_locl.h" + +#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4 +#include <sys/ioctl.h> +#endif + +#ifdef HAVE_SYS_IOCCOM_H +#include <sys/ioccom.h> +#endif + +#include <kafs.h> + +RCSID("$Id: klist.c,v 1.28 1997/05/26 17:33:50 bg Exp $"); + +static int option_verbose = 0; + +static char * +short_date(int32_t dp) +{ + char *cp; + time_t t = (time_t)dp; + + if (t == (time_t)(-1L)) return "*** Never *** "; + cp = ctime(&t) + 4; + cp[15] = '\0'; + return (cp); +} + +static void +display_tktfile(char *file, int tgt_test, int long_form) +{ + krb_principal pr; + char buf1[20], buf2[20]; + int k_errno; + CREDENTIALS c; + int header = 1; + + if ((file == NULL) && ((file = getenv("KRBTKFILE")) == NULL)) + file = TKT_FILE; + + if (long_form) + printf("Ticket file: %s\n", file); + + /* + * Since krb_get_tf_realm will return a ticket_file error, + * we will call tf_init and tf_close first to filter out + * things like no ticket file. Otherwise, the error that + * the user would see would be + * klist: can't find realm of ticket file: No ticket file (tf_util) + * instead of + * klist: No ticket file (tf_util) + */ + + /* Open ticket file */ + if ((k_errno = tf_init(file, R_TKT_FIL))) { + if (!tgt_test) + warnx("%s", krb_get_err_text(k_errno)); + exit(1); + } + /* Close ticket file */ + tf_close(); + + /* + * We must find the realm of the ticket file here before calling + * tf_init because since the realm of the ticket file is not + * really stored in the principal section of the file, the + * routine we use must itself call tf_init and tf_close. + */ + if ((k_errno = krb_get_tf_realm(file, pr.realm)) != KSUCCESS) { + if (!tgt_test) + warnx("can't find realm of ticket file: %s", + krb_get_err_text(k_errno)); + exit(1); + } + + /* Open ticket file */ + if ((k_errno = tf_init(file, R_TKT_FIL))) { + if (!tgt_test) + warnx("%s", krb_get_err_text(k_errno)); + exit(1); + } + /* Get principal name and instance */ + if ((k_errno = tf_get_pname(pr.name)) || + (k_errno = tf_get_pinst(pr.instance))) { + if (!tgt_test) + warnx("%s", krb_get_err_text(k_errno)); + exit(1); + } + + /* + * You may think that this is the obvious place to get the + * realm of the ticket file, but it can't be done here as the + * routine to do this must open the ticket file. This is why + * it was done before tf_init. + */ + + if (!tgt_test && long_form) + printf("Principal:\t%s\n\n", krb_unparse_name(&pr)); + while ((k_errno = tf_get_cred(&c)) == KSUCCESS) { + if (!tgt_test && long_form && header) { + printf("%-15s %-15s %s%s\n", + " Issued", " Expires", " Principal", + option_verbose ? " (kvno)" : ""); + header = 0; + } + if (tgt_test) { + c.issue_date = krb_life_to_time(c.issue_date, c.lifetime); + if (!strcmp(c.service, KRB_TICKET_GRANTING_TICKET) && + !strcmp(c.instance, pr.realm)) { + if (time(0) < c.issue_date) + exit(0); /* tgt hasn't expired */ + else + exit(1); /* has expired */ + } + continue; /* not a tgt */ + } + if (long_form) { + strcpy(buf1, short_date(c.issue_date)); + c.issue_date = krb_life_to_time(c.issue_date, c.lifetime); + if (time(0) < (unsigned long) c.issue_date) + strcpy(buf2, short_date(c.issue_date)); + else + strcpy(buf2, ">>> Expired <<<"); + printf("%s %s ", buf1, buf2); + } + printf("%s", krb_unparse_name_long(c.service, c.instance, c.realm)); + if(long_form && option_verbose) + printf(" (%d)", c.kvno); + printf("\n"); + } + if (tgt_test) + exit(1); /* no tgt found */ + if (header && long_form && k_errno == EOF) { + printf("No tickets in file.\n"); + } +} + +/* adapted from getst() in librkb */ +/* + * ok_getst() takes a file descriptor, a string and a count. It reads + * from the file until either it has read "count" characters, or until + * it reads a null byte. When finished, what has been read exists in + * the given string "s". If "count" characters were actually read, the + * last is changed to a null, so the returned string is always null- + * terminated. ok_getst() returns the number of characters read, including + * the null terminator. + * + * If there is a read error, it returns -1 (like the read(2) system call) + */ + +static int +ok_getst(int fd, char *s, int n) +{ + int count = n; + int err; + while ((err = read(fd, s, 1)) > 0 && --count) + if (*s++ == '\0') + return (n - count); + if (err < 0) + return(-1); + *s = '\0'; + return (n - count); +} + +static void +display_tokens() +{ + u_int32_t i; + unsigned char t[128]; + struct ViceIoctl parms; + struct ClearToken ct; + int size_secret_tok, size_public_tok; + + parms.in = (void *)&i; + parms.in_size = sizeof(i); + parms.out = (void *)t; + parms.out_size = sizeof(t); + + for (i = 0; k_pioctl(NULL, VIOCGETTOK, &parms, 0) == 0; i++) { + char *cell; + memcpy(&size_secret_tok, t, 4); + memcpy(&size_public_tok, t + 4 + size_secret_tok, 4); + memcpy(&ct, t + 4 + size_secret_tok + 4, size_public_tok); + cell = t + 4 + size_secret_tok + 4 + size_public_tok + 4; + + printf("%-15s ", short_date(ct.BeginTimestamp)); + printf("%-15s ", short_date(ct.EndTimestamp)); + if ((ct.EndTimestamp - ct.BeginTimestamp) & 1) + printf("User's (AFS ID %d) tokens for %s", ct.ViceId, cell); + else + printf("Tokens for %s", cell); + if (option_verbose) + printf(" (%d)", ct.AuthHandle); + putchar('\n'); + } +} + +static void +display_srvtab(char *file) +{ + int stab; + char serv[SNAME_SZ]; + char inst[INST_SZ]; + char rlm[REALM_SZ]; + unsigned char key[8]; + unsigned char vno; + int count; + + printf("Server key file: %s\n", file); + + if ((stab = open(file, O_RDONLY, 0400)) < 0) { + perror(file); + exit(1); + } + printf("%-15s %-15s %-10s %s\n","Service","Instance","Realm", + "Key Version"); + printf("------------------------------------------------------\n"); + + /* argh. getst doesn't return error codes, it silently fails */ + while (((count = ok_getst(stab, serv, SNAME_SZ)) > 0) + && ((count = ok_getst(stab, inst, INST_SZ)) > 0) + && ((count = ok_getst(stab, rlm, REALM_SZ)) > 0)) { + if (((count = read(stab, &vno,1)) != 1) || + ((count = read(stab, key,8)) != 8)) { + if (count < 0) + err(1, "reading from key file"); + else + errx(1, "key file truncated"); + } + printf("%-15s %-15s %-15s %d\n",serv,inst,rlm,vno); + } + if (count < 0) + warn(file); + close(stab); +} + +static void +usage(void) +{ + fprintf(stderr, + "Usage: %s [ -v | -s | -t ] [ -f filename ] [-tokens] [-srvtab ]\n", + __progname); + exit(1); +} + +/* ARGSUSED */ +int +main(int argc, char **argv) +{ + int long_form = 1; + int tgt_test = 0; + int do_srvtab = 0; + int do_tokens = 0; + char *tkt_file = NULL; + + set_progname(argv[0]); + + while (*(++argv)) { + if (!strcmp(*argv, "-v")) { + option_verbose = 1; + continue; + } + if (!strcmp(*argv, "-s")) { + long_form = 0; + continue; + } + if (!strcmp(*argv, "-t")) { + tgt_test = 1; + long_form = 0; + continue; + } + if (strcmp(*argv, "-tokens") == 0 + || strcmp(*argv, "-T") == 0) { + do_tokens = k_hasafs(); + continue; + } + if (!strcmp(*argv, "-l")) { /* now default */ + continue; + } + if (!strncmp(*argv, "-f", 2)) { + if (*(++argv)) { + tkt_file = *argv; + continue; + } else + usage(); + } + if (!strcmp(*argv, "-srvtab")) { + if (tkt_file == NULL) /* if no other file spec'ed, + set file to default srvtab */ + tkt_file = KEYFILE; + do_srvtab = 1; + continue; + } + usage(); + } + + if (do_srvtab) + display_srvtab(tkt_file); + else + display_tktfile(tkt_file, tgt_test, long_form); + if (long_form && do_tokens) + display_tokens(); + exit(0); +} diff --git a/crypto/kerberosIV/kuser/kuser_locl.h b/crypto/kerberosIV/kuser/kuser_locl.h new file mode 100644 index 0000000..514a0ac --- /dev/null +++ b/crypto/kerberosIV/kuser/kuser_locl.h @@ -0,0 +1,86 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: kuser_locl.h,v 1.10 1997/05/20 18:40:43 bg Exp $ */ + +#include "config.h" +#include "protos.h" + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif +#ifdef HAVE_FCNTL_H +#include <fcntl.h> +#endif +#include <time.h> +#ifdef HAVE_SYS_FILE_H +#include <sys/file.h> +#endif +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif + +#ifdef HAVE_PWD_H +#include <pwd.h> +#endif + +#ifdef SOCKS +#include <socks.h> +#endif + +#include <roken.h> + +#include <err.h> + +#include <krb.h> +#include <krb_db.h> +#include <kadm.h> +#include <prot.h> |