diff options
Diffstat (limited to 'crypto/kerberosIV/lib/kclient/KClient.c')
-rw-r--r-- | crypto/kerberosIV/lib/kclient/KClient.c | 440 |
1 files changed, 0 insertions, 440 deletions
diff --git a/crypto/kerberosIV/lib/kclient/KClient.c b/crypto/kerberosIV/lib/kclient/KClient.c deleted file mode 100644 index 6d4ed60..0000000 --- a/crypto/kerberosIV/lib/kclient/KClient.c +++ /dev/null @@ -1,440 +0,0 @@ -/* - * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* KClient.c - KClient glue to krb4.dll - * Author: Jörgen Karlsson - d93-jka@nada.kth.se - * Date: June 1996 - */ - -#ifdef HAVE_CONFIG_H -#include <config.h> -RCSID("$Id: KClient.c,v 1.14 1999/12/02 16:58:40 joda Exp $"); -#endif - -#ifdef WIN32 /* Visual C++ 4.0 (Windows95/NT) */ -#include <Windows.h> -#endif /* WIN32 */ - -//#include <string.h> -#include <winsock.h> -#include "passwd_dlg.h" -#include "KClient.h" -#include "krb.h" - -char guser[64]; - -void -msg(char *text) -{ - HWND wnd = GetActiveWindow(); - MessageBox(wnd, text, "KClient message", MB_OK|MB_APPLMODAL); -} - -BOOL -SendTicketForService(LPSTR service, LPSTR version, int fd) -{ - KTEXT_ST ticket; - MSG_DAT mdat; - CREDENTIALS cred; - des_key_schedule schedule; - char name[SNAME_SZ], inst[INST_SZ], realm[REALM_SZ]; - int ret; - static KClientSessionInfo foo; - KClientKey key; - - kname_parse(name, inst, realm, service); - strlcpy(foo.realm, realm, sizeof(foo.realm)); - - if(KClientStatus(&foo) == KClientNotLoggedIn) - KClientLogin(&foo, &key); - - ret = krb_sendauth (0, fd, &ticket, - name, inst, realm, 17, &mdat, - &cred, &schedule, NULL, NULL, version); - if(ret) - return FALSE; - return TRUE; -} - -BOOL WINAPI -DllMain(HANDLE hInst, ULONG reason, LPVOID lpReserved) -{ - WORD wVersionRequested; - WSADATA wsaData; - int err; - - switch(reason){ - case DLL_PROCESS_ATTACH: - wVersionRequested = MAKEWORD(1, 1); - - err = WSAStartup(wVersionRequested, &wsaData); - - if (err != 0) - { - /* Tell the user that we couldn't find a useable */ - /* winsock.dll. */ - msg("Cannot find winsock.dll"); - return FALSE; - } - break; - case DLL_PROCESS_DETACH: - WSACleanup(); - } - - return TRUE; -} - -Kerr -KClientMessage(char *text, Kerr error) -{ - msg(text); - return error; -} - -/* KClientInitSession - * You need to call this routine before calling most other routines. - * It initializes a KClientSessionInfo structure. - * The local and remote addresses are for use in KClientEncrypt, - * KClientDecrypt, KClientMakeSendAuth and KClientVerifySendAuth. - * If you don't use any of these routines it's perfectly OK to do the following... - * err = KClientInitSession(session,0,0,0,0); - */ -Kerr -KClientInitSession(KClientSessionInfo *session, - unsigned long lAddr, - unsigned short lPort, - unsigned long fAddr, - unsigned short fPort) -{ - session->lAddr = lAddr; - session->lPort = lPort; - session->fAddr = fAddr; - session->fPort = fPort; - if(tf_get_pname(session->user) != KSUCCESS) - *(session->user) = '\0'; - if(tf_get_pinst(session->inst) != KSUCCESS) - *(session->inst) = '\0'; - krb_get_lrealm (session->realm, 1); - if(*(session->user)) - strlcpy(guser, session->user, sizeof(guser)); - else - *guser ='\0'; - - return 0; -} - - -/* KClientGetTicketForService - * This routine gets an authenticator to be passed to a service. - * If the user isn't already logged in the user is prompted for a password. - */ -Kerr -KClientGetTicketForService(KClientSessionInfo *session, - char *service, - void *buf, - unsigned long *buflen) -{ - CREDENTIALS c; - KClientKey k; - KTEXT_ST ticket; - char serv[255], inst[255], realm[255]; - Kerr err; - - // KClientSetUserName(session->user); - err = kname_parse(serv,inst,realm,service); - if(*realm) - strlcpy(session->realm, realm, sizeof(session->realm)); - else - strlcpy(realm, session->realm, sizeof(realm)); - if(KClientStatus(session) == KClientNotLoggedIn) - if((err = KClientLogin(session, &k)) != KSUCCESS) - return err; - - if((err = krb_mk_req(&ticket, serv, inst, realm, 0)) != KSUCCESS) - return KClientMessage(KClientErrorText(err,0),err); - if((err = krb_get_cred(serv, inst, realm, &c)) != KSUCCESS) - return KClientMessage(KClientErrorText(err,0),err); - - if(*buflen >= ticket.length) - { - *buflen = ticket.length + sizeof(unsigned long); - CopyMemory(buf, &ticket, *buflen); - CopyMemory(session->key, c.session, sizeof(session->key)); - } - else - err = -1; - return err; -} - - -/* KClientLogin - * This routine "logs in" by getting a ticket granting ticket from kerberos. - * It returns the user's private key which can be used to automate login at - * a later time with KClientKeyLogin. - */ - -Kerr -KClientLogin(KClientSessionInfo *session, - KClientKey *privateKey) -{ - CREDENTIALS c; - Kerr err; - char passwd[100]; - - if((err = pwd_dialog(guser, passwd))) - return err; - if(KClientStatus(session) == KClientNotLoggedIn) - { - - if((err = krb_get_pw_in_tkt(guser, session->inst, session->realm, - "krbtgt", session->realm, - DEFAULT_TKT_LIFE, passwd)) != KSUCCESS) - return KClientMessage(KClientErrorText(err,0),err); - } - if((err = krb_get_cred("krbtgt", session->realm, - session->realm, &c)) == KSUCCESS) - CopyMemory(privateKey, c.session, sizeof(*privateKey)); - return err; -} - - -/* KClientPasswordLogin - * This routine is similiar to KClientLogin but instead of prompting the user - * for a password it uses the password supplied to establish login. - */ -Kerr -KClientPasswordLogin(KClientSessionInfo *session, - char *password, - KClientKey *privateKey) -{ - return krb_get_pw_in_tkt(guser, session->inst, session->realm, - "krbtgt", - session->realm, - DEFAULT_TKT_LIFE, - password); -} - - -static key_proc_t -key_proc(void *arg) -{ - return arg; -} - -/* KClientKeyLogin - * This routine is similiar to KClientLogin but instead of prompting the user - * for a password it uses the private key supplied to establish login. - */ -Kerr -KClientKeyLogin(KClientSessionInfo *session, - KClientKey *privateKey) -{ - return krb_get_in_tkt(guser, session->inst, session->realm, - "krbtgt", - session->realm, - DEFAULT_TKT_LIFE, - key_proc, - 0, - privateKey); -} - -/* KClientLogout - * This routine destroys all credentials stored in the credential cache - * effectively logging the user out. - */ -Kerr -KClientLogout(void) -{ - return 0; -} - - -/* KClientStatus - * This routine returns the user's login status which can be - * KClientLoggedIn or KClientNotLoggedIn. - */ -short -KClientStatus(KClientSessionInfo *session) -{ - CREDENTIALS c; - if(krb_get_cred("krbtgt", - session->realm, - session->realm, &c) == KSUCCESS) - return KClientLoggedIn; - else - return KClientNotLoggedIn; -} - - -/* KClientGetUserName - * This routine returns the name the user supplied in the login dialog. - * No name is returned if the user is not logged in. - */ -Kerr -KClientGetUserName(char *user) -{ - strcpy(user, guser); - return 0; -} - - -/* KClientSetUserName - * This routine sets the name that will come up in the login dialog - * the next time the user is prompted for a password. - */ -Kerr -KClientSetUserName(char *user) -{ - strlcpy(guser, user, sizeof(guser)); - return 0; -} - - -/* KClientCacheInitialTicket - * This routine is used to obtain a ticket for the password changing service. - */ -Kerr -KClientCacheInitialTicket(KClientSessionInfo *session, - char *service) -{ - return 0; -} - - -/* KClientGetSessionKey - * This routine can be used to obtain the session key which is stored - * in the KClientSessionInfo record. The session key has no usefullness - * with any KClient calls but it can be used to with the MIT kerberos API. - */ -Kerr -KClientGetSessionKey(KClientSessionInfo *session, - KClientKey *sessionKey) -{ - CopyMemory(sessionKey, session->key, sizeof(*sessionKey)); - return 0; -} - - -/* KClientMakeSendAuth - * This routine is used to create an authenticator that is the same as those - * created by the kerberos routine SendAuth. - */ -Kerr -KClientMakeSendAuth(KClientSessionInfo *session, - char *service, - void *buf, - unsigned long *buflen, - long checksum, - char *applicationVersion) -{ - return 0; -} - - -/* KClientVerifySendAuth - * This routine is used to verify a response made by a server doing RecvAuth. - * The two routines KClientMakeSendAuth and KClientVerifySendAuth together - * provide the functionality of SendAuth minus the transmission of authenticators - * between client->server->client. - */ -Kerr -KClientVerifySendAuth(KClientSessionInfo *session, - void *buf, - unsigned long *buflen) -{ - return 0; -} - - -/* KClientEncrypt - * This routine encrypts a series a bytes for transmission to the remote host. - * For this to work properly you must be logged in and you must have specified - * the remote and local addresses in KClientInitSession. The unencrypted - * message pointed to by buf and of length buflen is returned encrypted - * in encryptBuf of length encryptLength. - * The encrypted buffer must be at least 26 bytes longer the buf. - */ -Kerr -KClientEncrypt(KClientSessionInfo *session, - void *buf, - unsigned long buflen, - void *encryptBuf, - unsigned long *encryptLength) -{ - int num = 64; - des_cfb64_encrypt(buf, encryptBuf, buflen, - (struct des_ks_struct*) session->key, - 0, &num, 1); - return 0; -} - - -/* KClientDecrypt - * This routine decrypts a series of bytes received from the remote host. - - * NOTE: this routine will not reverse a KClientEncrypt call. - * It can only decrypt messages sent from the remote host. - - * Instead of copying the decrypted message to an out buffer, - * the message is decrypted in place and you are returned - * an offset into the buffer where the decrypted message begins. - */ -Kerr -KClientDecrypt(KClientSessionInfo *session, - void *buf, - unsigned long buflen, - unsigned long *decryptOffset, - unsigned long *decryptLength) -{ - int num; - des_cfb64_encrypt(buf, buf, buflen, - (struct des_ks_struct*)session->key, 0, &num, 0); - *decryptOffset = 0; - *decryptLength = buflen; - return 0; -} - - -/* KClientErrorText - * This routine returns a text description of errors returned by any of - * the calls in this library. - */ -char * -KClientErrorText(Kerr err, - char *text) -{ - char *t = krb_get_err_text(err); - if(text) - strcpy(text, t); - return t; -} |